Lines Matching defs:kex
1 /* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */
45 #include "kex.h"
165 debug3("kex names ok: [%s]", names);
278 /* extract kex init proposal strings */
284 /* first kex follows / reserved */
320 error("kex protocol error: type %d seq %u", type, seq);
362 if (ssh->kex->ext_info_c)
372 struct kex *kex = ssh->kex;
392 kex->rsa_sha2 = 256;
397 kex->rsa_sha2 = 512;
411 struct kex *kex = ssh->kex;
418 kex->done = 1;
419 sshbuf_reset(kex->peer);
420 /* sshbuf_reset(kex->my); */
421 kex->flags &= ~KEX_INIT_SENT;
422 free(kex->name);
423 kex->name = NULL;
431 struct kex *kex = ssh->kex;
434 if (kex == NULL)
436 if (kex->flags & KEX_INIT_SENT)
438 kex->done = 0;
441 if (sshbuf_len(kex->my) < KEX_COOKIE_LEN)
443 if ((cookie = sshbuf_mutable_ptr(kex->my)) == NULL)
448 (r = sshpkt_putb(ssh, kex->my)) != 0 ||
452 kex->flags |= KEX_INIT_SENT;
461 struct kex *kex = ssh->kex;
468 if (kex == NULL)
473 if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
498 if (!(kex->flags & KEX_INIT_SENT))
504 if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)
505 return (kex->kex[kex->kex_type])(ssh);
511 kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp)
513 struct kex *kex;
517 if ((kex = calloc(1, sizeof(*kex))) == NULL)
519 if ((kex->peer = sshbuf_new()) == NULL ||
520 (kex->my = sshbuf_new()) == NULL) {
524 if ((r = kex_prop2buf(kex->my, proposal)) != 0)
526 kex->done = 0;
529 *kexp = kex;
532 kex_free(kex);
568 kex_free(struct kex *kex)
573 if (kex->dh)
574 DH_free(kex->dh);
576 if (kex->ec_client_key)
577 EC_KEY_free(kex->ec_client_key);
581 kex_free_newkeys(kex->newkeys[mode]);
582 kex->newkeys[mode] = NULL;
584 sshbuf_free(kex->peer);
585 sshbuf_free(kex->my);
586 free(kex->session_id);
587 free(kex->client_version_string);
588 free(kex->server_version_string);
589 free(kex->failed_choice);
590 free(kex->hostkey_alg);
591 free(kex->name);
592 free(kex);
600 if ((r = kex_new(ssh, proposal, &ssh->kex)) != 0)
603 kex_free(ssh->kex);
604 ssh->kex = NULL;
617 if (ssh->kex == NULL) {
618 error("%s: no kex", __func__);
621 if (ssh->kex->done == 0) {
625 ssh->kex->done = 0;
687 choose_kex(struct kex *k, char *client, char *server)
693 debug("kex: algorithm: %s", k->name ? k->name : "(no match)");
705 choose_hostkeyalg(struct kex *k, char *client, char *server)
709 debug("kex: host key algorithm: %s",
747 struct kex *kex = ssh->kex;
755 debug2("local %s KEXINIT proposal", kex->server ? "server" : "client");
756 if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0)
758 debug2("peer %s KEXINIT proposal", kex->server ? "client" : "server");
759 if ((r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0)
762 if (kex->server) {
771 if (kex->server) {
776 kex->ext_info_c = 1;
782 if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],
784 kex->failed_choice = peer[PROPOSAL_KEX_ALGS];
788 if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
790 kex->failed_choice = peer[PROPOSAL_SERVER_HOST_KEY_ALGS];
799 kex->newkeys[mode] = newkeys;
800 ctos = (!kex->server && mode == MODE_OUT) ||
801 (kex->server && mode == MODE_IN);
807 kex->failed_choice = peer[nenc];
816 kex->failed_choice = peer[nmac];
822 kex->failed_choice = peer[ncomp];
826 debug("kex: %s cipher: %s MAC: %s compression: %s",
834 newkeys = kex->newkeys[mode];
845 kex->we_need = need;
846 kex->dh_need = dh_need;
863 struct kex *kex = ssh->kex;
871 if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0)
879 if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL ||
883 ssh_digest_update(hashctx, kex->session_id,
884 kex->session_id_len) != 0 ||
898 if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL ||
927 struct kex *kex = ssh->kex;
933 if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen,
941 ctos = (!kex->server && mode == MODE_OUT) ||
942 (kex->server && mode == MODE_IN);
943 kex->newkeys[mode]->enc.iv = keys[ctos ? 0 : 1];
944 kex->newkeys[mode]->enc.key = keys[ctos ? 2 : 3];
945 kex->newkeys[mode]->mac.key = keys[ctos ? 4 : 5];