void
ssh_kex2(char *host, struct sockaddr *hostaddr)
{
Kex *kex;
xxx_host = host;
xxx_hostaddr = hostaddr;
if (options.ciphers == (char *)-1) {
log("No valid ciphers for protocol version 2 given, using defaults.");
options.ciphers = NULL;
}
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
myproposal[PROPOSAL_ENC_ALGS_STOC] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
} else {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
}
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
if (options.hostkeyalgorithms != NULL)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
options.hostkeyalgorithms;
/* start key exchange */
kex = kex_setup(myproposal);
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->verify_host_key=&verify_host_key_callback;
xxx_kex = kex;
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
session_id2 = kex->session_id;
session_id2_len = kex->session_id_len;
#ifdef DEBUG_KEXDH
/* send 1st encrypted/maced/compressed message */
packet_start(SSH2_MSG_IGNORE);
packet_put_cstring("markus");
packet_send();
packet_write_wait();
#endif
}
/*
* SSH2 key exchange: diffie-hellman-group1-sha1
*/
void
do_ssh2_kex(void)
{
Kex *kex;
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
myproposal[PROPOSAL_ENC_ALGS_STOC] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
if (!options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
}
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
/* start key exchange */
kex = kex_setup(myproposal);
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->server = 1;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->load_host_key=&get_hostkey_by_type;
kex->host_key_index=&get_hostkey_index;
xxx_kex = kex;
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
session_id2 = kex->session_id;
session_id2_len = kex->session_id_len;
#ifdef DEBUG_KEXDH
/* send 1st encrypted/maced/compressed message */
packet_start(SSH2_MSG_IGNORE);
packet_put_cstring("markus");
packet_send();
packet_write_wait();
#endif
debug("KEX done");
}
void do_kex2_exchange()
{
Kex *kex ;
int seqnr;
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
myproposal[PROPOSAL_ENC_ALGS_STOC] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
if (options.compression == COMP_NONE) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
} else if (options.compression == COMP_DELAYED) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,[email protected]";
}
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
kex = xcalloc(1, sizeof(*kex));
buffer_init(&kex->peer);
buffer_init(&kex->my);
kex_prop2buf(&kex->my, myproposal);
kex->done = 0;
kex->server = 1;
kex->client_version_string=g_data.client_version_string;
kex->server_version_string=g_data.server_version_string;
kex->load_host_key=&get_hostkey_by_type;
kex->host_key_index=&get_hostkey_index;
kex_send_kexinit(kex);
//packet_read_expect(SSH2_MSG_KEXINIT);
if (SSH2_MSG_KEXINIT != packet_read_seqnr(&seqnr)) {
goto err;
}
kex_input_init(0, seqnr, kex);
kex_choose_conf(kex);
switch (kex->kex_type) {
case KEX_DH_GRP1_SHA1:
case KEX_DH_GRP14_SHA1:
kexdh_server(kex);
break;
case KEX_DH_GEX_SHA1:
case KEX_DH_GEX_SHA256:
kexgex_server(kex);
break;
default:
goto err;
}
g_data.kex = kex;
err:
return ;
}
void
ssh_kex2(char *host, struct sockaddr *hostaddr)
{
Kex *kex;
Kex_hook_func kex_hook = NULL;
static char **myproposal;
myproposal = my_clnt_proposal;
xxx_host = host;
xxx_hostaddr = hostaddr;
#ifdef GSSAPI
/* Add the GSSAPI mechanisms currently supported on this client to
* the key exchange algorithm proposal */
if (options.gss_keyex)
kex_hook = ssh_gssapi_client_kex_hook;
#endif /* GSSAPI */
if (options.ciphers == (char *)-1) {
log("No valid ciphers for protocol version 2 given, using defaults.");
options.ciphers = NULL;
}
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
myproposal[PROPOSAL_ENC_ALGS_STOC] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
} else {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
}
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
if (options.hostkeyalgorithms != NULL)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
options.hostkeyalgorithms;
if (options.rekey_limit)
packet_set_rekey_limit((u_int32_t)options.rekey_limit);
if (datafellows & SSH_BUG_LOCALES_NOT_LANGTAGS) {
char *locale = setlocale(LC_ALL, "");
/* Solaris 9 SSHD expects a locale, not a langtag list */
myproposal[PROPOSAL_LANG_CTOS] = "";
if (locale != NULL && *locale != '\0' &&
strcmp(locale, "C") != 0)
myproposal[PROPOSAL_LANG_CTOS] = locale;
} else {
myproposal[PROPOSAL_LANG_CTOS] = g11n_getlangs();
}
/* Same languages proposal for both directions */
if (myproposal[PROPOSAL_LANG_CTOS] == NULL) {
myproposal[PROPOSAL_LANG_CTOS] = "";
myproposal[PROPOSAL_LANG_STOC] = "";
} else {
myproposal[PROPOSAL_LANG_STOC] =
myproposal[PROPOSAL_LANG_CTOS];
}
/* start key exchange */
kex = kex_setup(host, myproposal, kex_hook);
kex_start(kex);
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
#ifdef GSSAPI
kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
kex->options.gss_deleg_creds = options.gss_deleg_creds;
#endif /* GSSAPI */
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->verify_host_key=&verify_host_key_callback;
kex->accept_host_key=&accept_host_key_callback;
xxx_kex = kex;
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
session_id2 = kex->session_id;
session_id2_len = kex->session_id_len;
#ifdef DEBUG_KEXDH
/* send 1st encrypted/maced/compressed message */
packet_start(SSH2_MSG_IGNORE);
packet_put_cstring("markus");
packet_send();
packet_write_wait();
#endif
debug("done: ssh_kex2.");
}
