Lines Matching defs:kex
1 /* $OpenBSD: kex.c,v 1.185 2024/01/08 00:34:33 djm Exp $ */
53 #include "kex.h"
175 debug3("kex names ok: [%s]", names);
345 const char **defprop = ssh->kex->server ? defpropserver : defpropclient;
355 if ((cp = kex_names_cat(kexalgos, ssh->kex->server ?
356 "ext-info-s,kex-strict-s-v00@openssh.com" :
357 "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL)
444 /* extract kex init proposal strings */
452 /* first kex follows / reserved */
489 if ((ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) {
524 free(ssh->kex->server_sig_algs);
525 ssh->kex->server_sig_algs = NULL;
533 if (ssh->kex->server_sig_algs != NULL &&
534 has_any_alg(sigalg, ssh->kex->server_sig_algs))
536 xextendf(&ssh->kex->server_sig_algs, ",", "%s", sigalg);
540 if (ssh->kex->server_sig_algs == NULL)
541 ssh->kex->server_sig_algs = xstrdup("");
549 if (ssh->kex->server_sig_algs == NULL &&
550 (ssh->kex->server_sig_algs = sshkey_alg_list(0, 1, 1, ',')) == NULL)
554 (r = sshbuf_put_cstring(m, ssh->kex->server_sig_algs)) != 0 ||
589 if ((ssh->kex->flags & KEX_INITIAL) == 0)
591 if (!ssh->kex->ext_info_c && !ssh->kex->ext_info_s)
597 if (ssh->kex->ext_info_c &&
600 if (ssh->kex->ext_info_s &&
625 if ((ssh->kex->flags & KEX_HAS_EXT_INFO_IN_AUTH) == 0)
632 (r = sshpkt_put_cstring(ssh, ssh->kex->server_sig_algs)) != 0 ||
659 kex_ext_info_check_ver(struct kex *kex, const char *name,
668 kex->flags |= flag;
688 free(ssh->kex->server_sig_algs);
689 ssh->kex->server_sig_algs = xstrdup((const char *)value);
690 } else if (ssh->kex->ext_info_received == 1 &&
692 if ((r = kex_ext_info_check_ver(ssh->kex, name, value, vlen,
696 } else if (ssh->kex->ext_info_received == 1 &&
698 if ((r = kex_ext_info_check_ver(ssh->kex, name, value, vlen,
715 if ((r = kex_ext_info_check_ver(ssh->kex, name, value, vlen,
727 struct kex *kex = ssh->kex;
728 const int max_ext_info = kex->server ? 1 : 2;
736 if (++kex->ext_info_received > max_ext_info) {
756 if (kex->server) {
774 struct kex *kex = ssh->kex;
775 int r, initial = (kex->flags & KEX_INITIAL) != 0;
779 if (kex->ext_info_c && initial)
789 if ((r = kex_buf2prop(kex->my, NULL, &prop)) != 0)
792 kex->server ?
793 "ext-info-s,kex-strict-s-v00@openssh.com" :
794 "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) {
800 if ((r = kex_prop2buf(ssh->kex->my, prop)) != 0) {
810 kex->done = 1;
811 kex->flags &= ~KEX_INITIAL;
812 sshbuf_reset(kex->peer);
813 kex->flags &= ~KEX_INIT_SENT;
814 free(kex->name);
815 kex->name = NULL;
823 struct kex *kex = ssh->kex;
826 if (kex == NULL) {
827 error_f("no kex");
830 if (kex->flags & KEX_INIT_SENT)
832 kex->done = 0;
835 if (sshbuf_len(kex->my) < KEX_COOKIE_LEN) {
836 error_f("bad kex length: %zu < %d",
837 sshbuf_len(kex->my), KEX_COOKIE_LEN);
840 if ((cookie = sshbuf_mutable_ptr(kex->my)) == NULL) {
847 (r = sshpkt_putb(ssh, kex->my)) != 0 ||
853 kex->flags |= KEX_INIT_SENT;
860 struct kex *kex = ssh->kex;
867 if (kex == NULL) {
868 error_f("no kex");
873 if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
904 if (!(kex->flags & KEX_INIT_SENT))
910 if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)
911 return (kex->kex[kex->kex_type])(ssh);
913 error_f("unknown kex type %u", kex->kex_type);
917 struct kex *
920 struct kex *kex;
922 if ((kex = calloc(1, sizeof(*kex))) == NULL ||
923 (kex->peer = sshbuf_new()) == NULL ||
924 (kex->my = sshbuf_new()) == NULL ||
925 (kex->client_version = sshbuf_new()) == NULL ||
926 (kex->server_version = sshbuf_new()) == NULL ||
927 (kex->session_id = sshbuf_new()) == NULL) {
928 kex_free(kex);
931 return kex;
965 kex_free(struct kex *kex)
969 if (kex == NULL)
973 DH_free(kex->dh);
975 EC_KEY_free(kex->ec_client_key);
979 kex_free_newkeys(kex->newkeys[mode]);
980 kex->newkeys[mode] = NULL;
982 sshbuf_free(kex->peer);
983 sshbuf_free(kex->my);
984 sshbuf_free(kex->client_version);
985 sshbuf_free(kex->server_version);
986 sshbuf_free(kex->client_pub);
987 sshbuf_free(kex->session_id);
988 sshbuf_free(kex->initial_sig);
989 sshkey_free(kex->initial_hostkey);
990 free(kex->failed_choice);
991 free(kex->hostkey_alg);
992 free(kex->name);
993 free(kex);
1001 if ((r = kex_prop2buf(ssh->kex->my, proposal)) != 0)
1003 ssh->kex->flags = KEX_INITIAL;
1017 kex_free(ssh->kex);
1018 ssh->kex = NULL;
1031 if (ssh->kex == NULL) {
1032 error_f("no kex");
1035 if (ssh->kex->done == 0) {
1039 ssh->kex->done = 0;
1109 choose_kex(struct kex *k, char *client, char *server)
1115 debug("kex: algorithm: %s", k->name ? k->name : "(no match)");
1129 choose_hostkeyalg(struct kex *k, char *client, char *server)
1134 debug("kex: host key algorithm: %s",
1180 struct kex *kex = ssh->kex;
1188 debug2("local %s KEXINIT proposal", kex->server ? "server" : "client");
1189 if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0)
1191 debug2("peer %s KEXINIT proposal", kex->server ? "client" : "server");
1192 if ((r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0)
1195 if (kex->server) {
1204 if ((kex->flags & KEX_INITIAL) != 0) {
1205 if (kex->server) {
1206 kex->ext_info_c = kexalgs_contains(peer, "ext-info-c");
1207 kex->kex_strict = kexalgs_contains(peer,
1208 "kex-strict-c-v00@openssh.com");
1210 kex->ext_info_s = kexalgs_contains(peer, "ext-info-s");
1211 kex->kex_strict = kexalgs_contains(peer,
1212 "kex-strict-s-v00@openssh.com");
1214 if (kex->kex_strict) {
1224 if (kex->server && (kex->flags & KEX_INITIAL)) {
1227 kex->flags |= KEX_RSA_SHA2_256_SUPPORTED;
1230 kex->flags |= KEX_RSA_SHA2_512_SUPPORTED;
1234 if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],
1236 kex->failed_choice = peer[PROPOSAL_KEX_ALGS];
1240 if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
1242 kex->failed_choice = peer[PROPOSAL_SERVER_HOST_KEY_ALGS];
1251 kex->newkeys[mode] = newkeys;
1252 ctos = (!kex->server && mode == MODE_OUT) ||
1253 (kex->server && mode == MODE_IN);
1259 kex->failed_choice = peer[nenc];
1268 kex->failed_choice = peer[nmac];
1274 kex->failed_choice = peer[ncomp];
1278 debug("kex: %s cipher: %s MAC: %s compression: %s",
1286 newkeys = kex->newkeys[mode];
1297 kex->we_need = need;
1298 kex->dh_need = dh_need;
1314 struct kex *kex = ssh->kex;
1322 if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0)
1330 if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL ||
1334 ssh_digest_update_buffer(hashctx, kex->session_id) != 0 ||
1349 if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL ||
1379 struct kex *kex = ssh->kex;
1385 if ((kex->flags & KEX_INITIAL) != 0) {
1386 if (sshbuf_len(kex->session_id) != 0) {
1387 error_f("already have session ID at kex");
1390 if ((r = sshbuf_put(kex->session_id, hash, hashlen)) != 0)
1392 } else if (sshbuf_len(kex->session_id) == 0) {
1397 if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen,
1405 ctos = (!kex->server && mode == MODE_OUT) ||
1406 (kex->server && mode == MODE_IN);
1407 kex->newkeys[mode]->enc.iv = keys[ctos ? 0 : 1];
1408 kex->newkeys[mode]->enc.key = keys[ctos ? 2 : 3];
1409 kex->newkeys[mode]->mac.key = keys[ctos ? 4 : 5];
1417 struct kex *kex = ssh->kex;
1421 if (kex->load_host_public_key == NULL ||
1422 kex->load_host_private_key == NULL) {
1426 *pubp = kex->load_host_public_key(kex->hostkey_type,
1427 kex->hostkey_nid, ssh);
1428 *prvp = kex->load_host_private_key(kex->hostkey_type,
1429 kex->hostkey_nid, ssh);
1438 struct kex *kex = ssh->kex;
1440 if (kex->verify_host_key == NULL) {
1444 if (server_host_key->type != kex->hostkey_type ||
1445 (kex->hostkey_type == KEY_ECDSA &&
1446 server_host_key->ecdsa_nid != kex->hostkey_nid))
1448 if (kex->verify_host_key(server_host_key, ssh) == -1)
1471 if (!ssh->kex->server)
1494 struct sshbuf *our_version = ssh->kex->server ?
1495 ssh->kex->server_version : ssh->kex->client_version;
1496 struct sshbuf *peer_version = ssh->kex->server ?
1497 ssh->kex->client_version : ssh->kex->server_version;
1610 if (ssh->kex->server) {
1666 if (ssh->kex->server && (ssh->compat & SSH_BUG_PROBE) != 0) {
1673 if (ssh->kex->server && (ssh->compat & SSH_BUG_SCANNER) != 0) {