svnno****@sourc*****
svnno****@sourc*****
2011年 2月 12日 (土) 15:52:18 JST
Revision: 4301 http://sourceforge.jp/projects/ttssh2/svn/view?view=rev&revision=4301 Author: maya Date: 2011-02-12 15:52:18 +0900 (Sat, 12 Feb 2011) Log Message: ----------- æ§é ä½ãªã©ãæ´çãå¤ããè¦ãåãã¯å¤æ´ãã¦ããªã(ã¯ã) Modified Paths: -------------- trunk/ttssh2/ttxssh/ssh.c trunk/ttssh2/ttxssh/ssh.h trunk/ttssh2/ttxssh/ttxssh.c trunk/ttssh2/ttxssh/ttxssh.h -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/ssh.c =================================================================== --- trunk/ttssh2/ttxssh/ssh.c 2011-02-10 08:54:38 UTC (rev 4300) +++ trunk/ttssh2/ttxssh/ssh.c 2011-02-12 06:52:18 UTC (rev 4301) @@ -4263,43 +4263,39 @@ } } +static enum kex_algorithm choose_SSH2_kex_algorithm(char *server_proposal, char *my_proposal) +{ + enum kex_algorithm type = KEX_DH_UNKNOWN; + char str_kextype[40]; + ssh2_kex_algorithm_t *ptr = ssh2_kex_algorithms; + + choose_SSH2_proposal(server_proposal, my_proposal, str_kextype, sizeof(str_kextype)); + + while (ptr->name != NULL) { + if (strcmp(ptr->name, str_kextype) == 0) { + type = ptr->kextype; + break; + } + ptr++; + } + + return (type); +} + static SSHCipher choose_SSH2_cipher_algorithm(char *server_proposal, char *my_proposal) { SSHCipher cipher = SSH_CIPHER_NONE; char str_cipher[16]; + ssh2_cipher_t *ptr = ssh2_ciphers; choose_SSH2_proposal(server_proposal, my_proposal, str_cipher, sizeof(str_cipher)); - if (strcmp(str_cipher, "3des-cbc") == 0) { - cipher = SSH2_CIPHER_3DES_CBC; - } else if (strcmp(str_cipher, "aes128-cbc") == 0) { - cipher = SSH2_CIPHER_AES128_CBC; - } else if (strcmp(str_cipher, "aes192-cbc") == 0) { - cipher = SSH2_CIPHER_AES192_CBC; - } else if (strcmp(str_cipher, "aes256-cbc") == 0) { - cipher = SSH2_CIPHER_AES256_CBC; - } else if (strcmp(str_cipher, "blowfish-cbc") == 0) { - cipher = SSH2_CIPHER_BLOWFISH_CBC; - } else if (strcmp(str_cipher, "aes128-ctr") == 0) { - cipher = SSH2_CIPHER_AES128_CTR; - } else if (strcmp(str_cipher, "aes192-ctr") == 0) { - cipher = SSH2_CIPHER_AES192_CTR; - } else if (strcmp(str_cipher, "aes256-ctr") == 0) { - cipher = SSH2_CIPHER_AES256_CTR; - } else if (strcmp(str_cipher, "arcfour128") == 0) { - cipher = SSH2_CIPHER_ARCFOUR128; - } else if (strcmp(str_cipher, "arcfour256") == 0) { - cipher = SSH2_CIPHER_ARCFOUR256; - } else if (strcmp(str_cipher, "arcfour") == 0) { - cipher = SSH2_CIPHER_ARCFOUR; - } else if (strcmp(str_cipher, "cast128-cbc") == 0) { - cipher = SSH2_CIPHER_CAST128_CBC; - } else if (strcmp(str_cipher, "3des-ctr") == 0) { - cipher = SSH2_CIPHER_3DES_CTR; - } else if (strcmp(str_cipher, "blowfish-ctr") == 0) { - cipher = SSH2_CIPHER_BLOWFISH_CTR; - } else if (strcmp(str_cipher, "cast128-ctr") == 0) { - cipher = SSH2_CIPHER_CAST128_CTR; + while (ptr->name != NULL) { + if (strcmp(ptr->name, str_cipher) == 0) { + cipher = ptr->cipher; + break; + } + ptr++; } return (cipher); @@ -4310,13 +4306,16 @@ { enum hmac_type type = HMAC_UNKNOWN; char str_hmac[16]; + ssh2_mac_t *ptr = ssh2_macs; choose_SSH2_proposal(server_proposal, my_proposal, str_hmac, sizeof(str_hmac)); - if (strcmp(str_hmac, "hmac-sha1") == 0) { - type = HMAC_SHA1; - } else if (strcmp(str_hmac, "hmac-md5") == 0) { - type = HMAC_MD5; + while (ptr->name != NULL) { + if (strcmp(ptr->name, str_hmac) == 0) { + type = ptr->type; + break; + } + ptr++; } return (type); @@ -4327,6 +4326,7 @@ { enum compression_type type = COMP_UNKNOWN; char str_comp[20]; + ssh_comp_t *ptr = ssh_comps; // OpenSSH 4.3ÅÍxpPbg³k("zlib****@opens*****")ªVKÇÁ³êÄ¢é½ßA // }b`µÈ¢æ¤ÉC³µ½B @@ -4337,13 +4337,12 @@ choose_SSH2_proposal(server_proposal, my_proposal, str_comp, sizeof(str_comp)); - // support of "Compression delayed" (2006.6.23 maya) - if (strcmp(str_comp, "zlib****@opens*****") == 0) { - type = COMP_DELAYED; - } else if (strcmp(str_comp, "zlib") == 0) { - type = COMP_ZLIB; // packet compression enabled - } else if (strcmp(str_comp, "none") == 0) { - type = COMP_NONE; // packet compression disabled + while (ptr->name != NULL) { + if (strcmp(ptr->name, str_comp) == 0) { + type = ptr->type; + break; + } + ptr++; } return (type); @@ -4424,7 +4423,6 @@ int offset = 0; char *msg = NULL; char tmp[1024+512]; - char str_kextype[40]; char str_keytype[10]; notify_verbose_message(pvar, "SSH2_MSG_KEXINIT was received.", LOG_LEVEL_VERBOSE); @@ -4490,25 +4488,15 @@ // T[oÍANCAg©ççêÄ«½ myproposal[PROPOSAL_KEX_ALGS] ÌJ}¶ñ̤¿A // æª©ç©ªÌ myproposal[] Æärðs¢AÅÉ}b`µ½à̪KEXASYÆµÄ // Ið³êéB(2004.10.30 yutaka) - pvar->kex_type = -1; - choose_SSH2_proposal(buf, myproposal[PROPOSAL_KEX_ALGS],str_kextype, sizeof(str_kextype)); - if (strlen(str_kextype) == 0) { // not match + pvar->kex_type = choose_SSH2_kex_algorithm(buf, myproposal[PROPOSAL_KEX_ALGS]); + if (pvar->kex_type == KEX_DH_UNKNOWN) { // not match strncpy_s(tmp, sizeof(tmp), "unknown KEX algorithm: ", _TRUNCATE); strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE); msg = tmp; goto error; } - if (strcmp(str_kextype, KEX_DH14) == 0) { - pvar->kex_type = KEX_DH_GRP14_SHA1; - } else if (strcmp(str_kextype, KEX_DH1) == 0) { - pvar->kex_type = KEX_DH_GRP1_SHA1; - } else if (strcmp(str_kextype, KEX_DHGEX_SHA1) == 0) { - pvar->kex_type = KEX_DH_GEX_SHA1; - } else if (strcmp(str_kextype, KEX_DHGEX_SHA256) == 0) { - pvar->kex_type = KEX_DH_GEX_SHA256; - } - _snprintf_s(buf, sizeof(buf), _TRUNCATE, "KEX algorithm: %s", str_kextype); + _snprintf_s(buf, sizeof(buf), _TRUNCATE, "KEX algorithm: %s", ssh2_kex_algorithms[pvar->kex_type].name); notify_verbose_message(pvar, buf, LOG_LEVEL_VERBOSE); // zXgL[ASY`FbN @@ -4655,7 +4643,7 @@ _snprintf_s(buf, sizeof(buf), _TRUNCATE, "compression algorithm client to server: %s", - ssh_comp[pvar->ctos_compression]); + ssh_comps[pvar->ctos_compression].name); notify_verbose_message(pvar, buf, LOG_LEVEL_VERBOSE); size = get_payload_uint32(pvar, offset); @@ -4675,7 +4663,7 @@ _snprintf_s(buf, sizeof(buf), _TRUNCATE, "compression algorithm server to client: %s", - ssh_comp[pvar->stoc_compression]); + ssh_comps[pvar->stoc_compression].name); notify_verbose_message(pvar, buf, LOG_LEVEL_VERBOSE); // we_needÌè (2004.11.6 yutaka) @@ -5082,25 +5070,16 @@ static u_char *derive_key(int id, int need, u_char *hash, BIGNUM *shared_secret, char *session_id, int session_id_len, - enum kex_exchange kex_type) + enum kex_algorithm kex_type) { buffer_t *b; - const EVP_MD *evp_md; + const EVP_MD *evp_md = ssh2_kex_algorithms[kex_type].evp_md(); EVP_MD_CTX md; char c = id; int have; - int mdsz; - u_char *digest; + int mdsz = EVP_MD_size(evp_md); + u_char *digest = malloc(roundup(need, mdsz)); - if (kex_type == KEX_DH_GEX_SHA256) { - evp_md = EVP_sha256(); - } - else { - evp_md = EVP_sha1(); - } - mdsz = EVP_MD_size(evp_md); - digest = malloc(roundup(need, mdsz)); - if (digest == NULL) goto skip; @@ -5960,7 +5939,7 @@ BIGNUM *share_key = NULL; char *hash; char *emsg, emsg_tmp[1024]; // error message - int ret; + int ret, hashlen; Key hostkey; // hostkey notify_verbose_message(pvar, "SSH2_MSG_KEXDH_REPLY was received.", LOG_LEVEL_VERBOSE); @@ -6108,7 +6087,9 @@ pvar->kexdh->pub_key, dh_server_pub, share_key); - //debug_print(30, hash, 20); + + hashlen = EVP_MD_size(ssh2_kex_algorithms[pvar->kex_type].evp_md()); + //debug_print(30, hash, hashlen); //debug_print(31, pvar->client_version_string, strlen(pvar->client_version_string)); //debug_print(32, pvar->server_version_string, strlen(pvar->server_version_string)); //debug_print(33, buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex)); @@ -6117,7 +6098,7 @@ // session idÌÛ¶iñÚ±ÌÝj if (pvar->session_id == NULL) { - pvar->session_id_len = 20; + pvar->session_id_len = hashlen; pvar->session_id = malloc(pvar->session_id_len); if (pvar->session_id != NULL) { memcpy(pvar->session_id, hash, pvar->session_id_len); @@ -6227,13 +6208,13 @@ BIGNUM *kexgex_p, BIGNUM *kexgex_g, BIGNUM *client_dh_pub, - enum kex_exchange kex_type, + enum kex_algorithm kex_type, BIGNUM *server_dh_pub, BIGNUM *shared_secret) { buffer_t *b; static unsigned char digest[EVP_MAX_MD_SIZE]; - const EVP_MD *evp_md; + const EVP_MD *evp_md = ssh2_kex_algorithms[kex_type].evp_md(); EVP_MD_CTX md; b = buffer_init(); @@ -6266,12 +6247,6 @@ // yutaka //debug_print(38, buffer_ptr(b), buffer_len(b)); - if (kex_type == KEX_DH_GEX_SHA256) { - evp_md = EVP_sha256(); - } - else { - evp_md = EVP_sha1(); - } EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, buffer_ptr(b), buffer_len(b)); EVP_DigestFinal(&md, digest, NULL); @@ -6469,12 +6444,7 @@ dh_server_pub, share_key); - if (pvar->kex_type == KEX_DH_GEX_SHA256) { - hashlen = 32; - } - else{ - hashlen = 20; - } + hashlen = EVP_MD_size(ssh2_kex_algorithms[pvar->kex_type].evp_md()); { push_memdump("DH_GEX_REPLY kex_dh_gex_hash", "my_kex", buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex)); push_memdump("DH_GEX_REPLY kex_dh_gex_hash", "peer_kex", buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex)); Modified: trunk/ttssh2/ttxssh/ssh.h =================================================================== --- trunk/ttssh2/ttxssh/ssh.h 2011-02-10 08:54:38 UTC (rev 4300) +++ trunk/ttssh2/ttxssh/ssh.h 2011-02-12 06:52:18 UTC (rev 4301) @@ -194,28 +194,6 @@ #define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 #define SSH2_OPEN_RESOURCE_SHORTAGE 4 -// L[ð·ASY -#define KEX_DH1 "diffie-hellman-group1-sha1" -#define KEX_DH14 "diffie-hellman-group14-sha1" -#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" -#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" - -// support of "Compression delayed" (2006.6.23 maya) -enum compression_type { - COMP_NONE, - COMP_ZLIB, - COMP_DELAYED, - COMP_UNKNOWN -}; - -enum kex_exchange { - KEX_DH_GRP1_SHA1, - KEX_DH_GRP14_SHA1, - KEX_DH_GEX_SHA1, - KEX_DH_GEX_SHA256, - KEX_MAX -}; - enum hostkey_type { KEY_RSA1, KEY_RSA, @@ -223,13 +201,6 @@ KEY_UNSPEC, }; -// ºLÌCfbNXÍ ssh2_macs[] Æí¹é±ÆB -enum hmac_type { - HMAC_SHA1, - HMAC_MD5, - HMAC_UNKNOWN -}; - #define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha256," \ "diffie-hellman-group-exchange-sha1," \ "diffie-hellman-group14-sha1," \ @@ -239,8 +210,8 @@ #define KEX_DEFAULT_ENCRYPT "" #define KEX_DEFAULT_MAC "hmac-sha1,hmac-md5" // support of "Compression delayed" (2006.6.23 maya) -#define KEX_DEFAULT_COMP "none,zlib****@opens*****,zlib" -#define KEX_DEFAULT_LANG "" +#define KEX_DEFAULT_COMP "none,zlib****@opens*****,zlib" +#define KEX_DEFAULT_LANG "" /* Minimum modulus size (n) for RSA keys. */ #define SSH_RSA_MINIMUM_MODULUS_SIZE 768 @@ -310,44 +281,91 @@ } ssh2_cipher_t; static ssh2_cipher_t ssh2_ciphers[] = { - {SSH2_CIPHER_3DES_CBC, "3des-cbc", 8, 24, 0, EVP_des_ede3_cbc}, - {SSH2_CIPHER_AES128_CBC, "aes128-cbc", 16, 16, 0, EVP_aes_128_cbc}, - {SSH2_CIPHER_AES192_CBC, "aes192-cbc", 16, 24, 0, EVP_aes_192_cbc}, - {SSH2_CIPHER_AES256_CBC, "aes256-cbc", 16, 32, 0, EVP_aes_256_cbc}, - {SSH2_CIPHER_BLOWFISH_CBC, "blowfish-cbc", 8, 16, 0, EVP_bf_cbc}, - {SSH2_CIPHER_AES128_CTR, "aes128-ctr", 16, 16, 0, evp_aes_128_ctr}, - {SSH2_CIPHER_AES192_CTR, "aes192-ctr", 16, 24, 0, evp_aes_128_ctr}, - {SSH2_CIPHER_AES256_CTR, "aes256-ctr", 16, 32, 0, evp_aes_128_ctr}, - {SSH2_CIPHER_ARCFOUR, "arcfour", 8, 16, 0, EVP_rc4}, + {SSH2_CIPHER_3DES_CBC, "3des-cbc", 8, 24, 0, EVP_des_ede3_cbc}, + {SSH2_CIPHER_AES128_CBC, "aes128-cbc", 16, 16, 0, EVP_aes_128_cbc}, + {SSH2_CIPHER_AES192_CBC, "aes192-cbc", 16, 24, 0, EVP_aes_192_cbc}, + {SSH2_CIPHER_AES256_CBC, "aes256-cbc", 16, 32, 0, EVP_aes_256_cbc}, + {SSH2_CIPHER_BLOWFISH_CBC, "blowfish-cbc", 8, 16, 0, EVP_bf_cbc}, + {SSH2_CIPHER_AES128_CTR, "aes128-ctr", 16, 16, 0, evp_aes_128_ctr}, + {SSH2_CIPHER_AES192_CTR, "aes192-ctr", 16, 24, 0, evp_aes_128_ctr}, + {SSH2_CIPHER_AES256_CTR, "aes256-ctr", 16, 32, 0, evp_aes_128_ctr}, + {SSH2_CIPHER_ARCFOUR, "arcfour", 8, 16, 0, EVP_rc4}, {SSH2_CIPHER_ARCFOUR128, "arcfour128", 8, 16, 1536, EVP_rc4}, {SSH2_CIPHER_ARCFOUR256, "arcfour256", 8, 32, 1536, EVP_rc4}, - {SSH2_CIPHER_CAST128_CBC, "cast128-cbc", 8, 16, 0, EVP_cast5_cbc}, - {SSH2_CIPHER_3DES_CTR, "3des-ctr", 8, 24, 0, evp_des3_ctr}, - {SSH2_CIPHER_BLOWFISH_CTR, "blowfish-ctr", 8, 16, 0, evp_bf_ctr}, - {SSH2_CIPHER_CAST128_CTR, "cast128-ctr", 8, 16, 0, evp_cast5_ctr}, - {SSH_CIPHER_NONE, NULL, 0, 0, 0, NULL}, + {SSH2_CIPHER_CAST128_CBC, "cast128-cbc", 8, 16, 0, EVP_cast5_cbc}, + {SSH2_CIPHER_3DES_CTR, "3des-ctr", 8, 24, 0, evp_des3_ctr}, + {SSH2_CIPHER_BLOWFISH_CTR, "blowfish-ctr", 8, 16, 0, evp_bf_ctr}, + {SSH2_CIPHER_CAST128_CTR, "cast128-ctr", 8, 16, 0, evp_cast5_ctr}, + {SSH_CIPHER_NONE, NULL, 0, 0, 0, NULL}, }; +// ºLÌCfbNXÍ ssh2_kex_algorithms[] Æí¹é±ÆB +enum kex_algorithm { + KEX_DH_GRP1_SHA1, + KEX_DH_GRP14_SHA1, + KEX_DH_GEX_SHA1, + KEX_DH_GEX_SHA256, + KEX_DH_UNKNOWN, +}; + +typedef struct ssh2_kex_algorithm { + enum kex_algorithm kextype; + char *name; + const EVP_MD *(*evp_md)(void); +} ssh2_kex_algorithm_t; + +static ssh2_kex_algorithm_t ssh2_kex_algorithms[] = { + {KEX_DH_GRP1_SHA1, "diffie-hellman-group1-sha1", EVP_sha1}, + {KEX_DH_GRP14_SHA1, "diffie-hellman-group14-sha1", EVP_sha1}, + {KEX_DH_GEX_SHA1, "diffie-hellman-group-exchange-sha1", EVP_sha1}, + {KEX_DH_GEX_SHA256, "diffie-hellman-group-exchange-sha256", EVP_sha256}, + {KEX_DH_UNKNOWN , NULL , NULL}, +}; + + +// ºLÌCfbNXÍ ssh2_macs[] Æí¹é±ÆB +enum hmac_type { + HMAC_SHA1, + HMAC_MD5, + HMAC_UNKNOWN +}; + typedef struct ssh2_mac { + enum hmac_type type; char *name; const EVP_MD *(*func)(void); int truncatebits; } ssh2_mac_t; static ssh2_mac_t ssh2_macs[] = { - {"hmac-sha1", EVP_sha1, 0}, - {"hmac-md5", EVP_md5, 0}, - {NULL, NULL, 0}, + {HMAC_SHA1, "hmac-sha1", EVP_sha1, 0}, + {HMAC_MD5, "hmac-md5", EVP_md5, 0}, + {HMAC_UNKNOWN, NULL, NULL, 0}, }; -static char *ssh_comp[] = { - "none", - "zlib", - "zlib****@opens*****", + +// ºLÌCfbNXÍ ssh_comps[] Æí¹é±ÆB +enum compression_type { + COMP_NONE, + COMP_ZLIB, + COMP_DELAYED, + COMP_UNKNOWN }; +typedef struct ssh_comp { + enum compression_type type; + char *name; +} ssh_comp_t; +static ssh_comp_t ssh_comps[] = { + {COMP_NONE, "none"}, + {COMP_ZLIB, "zlib"}, + {COMP_DELAYED, "zlib****@opens*****"}, + {COMP_UNKNOWN, NULL}, +}; + + struct Enc { u_char *key; u_char *iv; Modified: trunk/ttssh2/ttxssh/ttxssh.c =================================================================== --- trunk/ttssh2/ttxssh/ttxssh.c 2011-02-10 08:54:38 UTC (rev 4300) +++ trunk/ttssh2/ttxssh/ttxssh.c 2011-02-12 06:52:18 UTC (rev 4301) @@ -2236,16 +2236,7 @@ UTIL_get_lang_msg("DLG_ABOUT_PROTOCOL", pvar, "Using protocol:"); append_about_text(dlg, pvar->ts->UIMsg, buf); - if (pvar->kex_type == KEX_DH_GRP1_SHA1) { - strncpy_s(buf, sizeof(buf), KEX_DH1, _TRUNCATE); - } else if (pvar->kex_type == KEX_DH_GRP14_SHA1) { - strncpy_s(buf, sizeof(buf), KEX_DH14, _TRUNCATE); - } else if (pvar->kex_type == KEX_DH_GEX_SHA1) { - strncpy_s(buf, sizeof(buf), KEX_DHGEX_SHA1, _TRUNCATE); - } else { // KEX_DH_GEX_SHA256 - strncpy_s(buf, sizeof(buf), KEX_DHGEX_SHA256, _TRUNCATE); - } - append_about_text(dlg, "KEX:", buf); + append_about_text(dlg, "KEX:", ssh2_kex_algorithms[pvar->kex_type].name); if (pvar->hostkey_type == KEY_DSA) { strncpy_s(buf, sizeof(buf), "ssh-dss", _TRUNCATE); @@ -2257,18 +2248,10 @@ // add HMAC algorithm (2004.12.17 yutaka) buf[0] = '\0'; - if (pvar->ctos_hmac == HMAC_SHA1) { - strncat_s(buf, sizeof(buf), "hmac-sha1", _TRUNCATE); - } else if (pvar->ctos_hmac == HMAC_MD5) { - strncat_s(buf, sizeof(buf), "hmac-md5", _TRUNCATE); - } + strncat_s(buf, sizeof(buf), ssh2_macs[pvar->ctos_hmac].name , _TRUNCATE); UTIL_get_lang_msg("DLG_ABOUT_TOSERVER", pvar, " to server,"); strncat_s(buf, sizeof(buf), pvar->ts->UIMsg, _TRUNCATE); - if (pvar->stoc_hmac == HMAC_SHA1) { - strncat_s(buf, sizeof(buf), "hmac-sha1", _TRUNCATE); - } else if (pvar->stoc_hmac == HMAC_MD5) { - strncat_s(buf, sizeof(buf), "hmac-md5", _TRUNCATE); - } + strncat_s(buf, sizeof(buf), ssh2_macs[pvar->stoc_hmac].name , _TRUNCATE); UTIL_get_lang_msg("DLG_ABOUT_FROMSERVER", pvar, " from server"); strncat_s(buf, sizeof(buf), pvar->ts->UIMsg, _TRUNCATE); append_about_text(dlg, "HMAC:", buf); Modified: trunk/ttssh2/ttxssh/ttxssh.h =================================================================== --- trunk/ttssh2/ttxssh/ttxssh.h 2011-02-10 08:54:38 UTC (rev 4300) +++ trunk/ttssh2/ttxssh/ttxssh.h 2011-02-12 06:52:18 UTC (rev 4301) @@ -199,7 +199,7 @@ char client_version_string[128]; buffer_t *my_kex; buffer_t *peer_kex; - enum kex_exchange kex_type; // KEX algorithm + enum kex_algorithm kex_type; // KEX algorithm enum hostkey_type hostkey_type; SSHCipher ctos_cipher; SSHCipher stoc_cipher;