bool SshKeyExchange::sendDhInitPacket(const SshIncomingPacket &serverKexInit) { #ifdef CREATOR_SSH_DEBUG qDebug("server requests key exchange"); #endif serverKexInit.printRawBytes(); SshKeyExchangeInit kexInitParams = serverKexInit.extractKeyExchangeInitData(); printNameList("Key Algorithms", kexInitParams.keyAlgorithms); printNameList("Server Host Key Algorithms", kexInitParams.serverHostKeyAlgorithms); printNameList("Encryption algorithms client to server", kexInitParams.encryptionAlgorithmsClientToServer); printNameList("Encryption algorithms server to client", kexInitParams.encryptionAlgorithmsServerToClient); printNameList("MAC algorithms client to server", kexInitParams.macAlgorithmsClientToServer); printNameList("MAC algorithms server to client", kexInitParams.macAlgorithmsServerToClient); printNameList("Compression algorithms client to server", kexInitParams.compressionAlgorithmsClientToServer); printNameList("Compression algorithms client to server", kexInitParams.compressionAlgorithmsClientToServer); printNameList("Languages client to server", kexInitParams.languagesClientToServer); printNameList("Languages server to client", kexInitParams.languagesServerToClient); #ifdef CREATOR_SSH_DEBUG qDebug("First packet follows: %d", kexInitParams.firstKexPacketFollows); #endif const QByteArray &keyAlgo = SshCapabilities::findBestMatch(SshCapabilities::KeyExchangeMethods, kexInitParams.keyAlgorithms.names); m_serverHostKeyAlgo = SshCapabilities::findBestMatch(SshCapabilities::PublicKeyAlgorithms, kexInitParams.serverHostKeyAlgorithms.names); m_encryptionAlgo = SshCapabilities::findBestMatch(SshCapabilities::EncryptionAlgorithms, kexInitParams.encryptionAlgorithmsClientToServer.names); m_decryptionAlgo = SshCapabilities::findBestMatch(SshCapabilities::EncryptionAlgorithms, kexInitParams.encryptionAlgorithmsServerToClient.names); m_c2sHMacAlgo = SshCapabilities::findBestMatch(SshCapabilities::MacAlgorithms, kexInitParams.macAlgorithmsClientToServer.names); m_s2cHMacAlgo = SshCapabilities::findBestMatch(SshCapabilities::MacAlgorithms, kexInitParams.macAlgorithmsServerToClient.names); SshCapabilities::findBestMatch(SshCapabilities::CompressionAlgorithms, kexInitParams.compressionAlgorithmsClientToServer.names); SshCapabilities::findBestMatch(SshCapabilities::CompressionAlgorithms, kexInitParams.compressionAlgorithmsServerToClient.names); AutoSeeded_RNG rng; m_dhKey.reset(new DH_PrivateKey(rng, DL_Group(botanKeyExchangeAlgoName(keyAlgo)))); const AbstractSshPacket::Payload &payload = serverKexInit.payLoad(); m_serverKexInitPayload = QByteArray(payload.data, payload.size); m_sendFacility.sendKeyDhInitPacket(m_dhKey->get_y()); return kexInitParams.firstKexPacketFollows; }
bool SshKeyExchange::sendDhInitPacket(const SshIncomingPacket &serverKexInit) { #ifdef CREATOR_SSH_DEBUG qDebug("server requests key exchange"); #endif serverKexInit.printRawBytes(); SshKeyExchangeInit kexInitParams = serverKexInit.extractKeyExchangeInitData(); printNameList("Key Algorithms", kexInitParams.keyAlgorithms); printNameList("Server Host Key Algorithms", kexInitParams.serverHostKeyAlgorithms); printNameList("Encryption algorithms client to server", kexInitParams.encryptionAlgorithmsClientToServer); printNameList("Encryption algorithms server to client", kexInitParams.encryptionAlgorithmsServerToClient); printNameList("MAC algorithms client to server", kexInitParams.macAlgorithmsClientToServer); printNameList("MAC algorithms server to client", kexInitParams.macAlgorithmsServerToClient); printNameList("Compression algorithms client to server", kexInitParams.compressionAlgorithmsClientToServer); printNameList("Compression algorithms client to server", kexInitParams.compressionAlgorithmsClientToServer); printNameList("Languages client to server", kexInitParams.languagesClientToServer); printNameList("Languages server to client", kexInitParams.languagesServerToClient); #ifdef CREATOR_SSH_DEBUG qDebug("First packet follows: %d", kexInitParams.firstKexPacketFollows); #endif m_kexAlgoName = SshCapabilities::findBestMatch(SshCapabilities::KeyExchangeMethods, kexInitParams.keyAlgorithms.names); m_serverHostKeyAlgo = SshCapabilities::findBestMatch(SshCapabilities::PublicKeyAlgorithms, kexInitParams.serverHostKeyAlgorithms.names); determineHashingAlgorithm(kexInitParams, true); determineHashingAlgorithm(kexInitParams, false); m_encryptionAlgo = SshCapabilities::findBestMatch(SshCapabilities::EncryptionAlgorithms, kexInitParams.encryptionAlgorithmsClientToServer.names); m_decryptionAlgo = SshCapabilities::findBestMatch(SshCapabilities::EncryptionAlgorithms, kexInitParams.encryptionAlgorithmsServerToClient.names); SshCapabilities::findBestMatch(SshCapabilities::CompressionAlgorithms, kexInitParams.compressionAlgorithmsClientToServer.names); SshCapabilities::findBestMatch(SshCapabilities::CompressionAlgorithms, kexInitParams.compressionAlgorithmsServerToClient.names); AutoSeeded_RNG rng; if (m_kexAlgoName.startsWith(SshCapabilities::EcdhKexNamePrefix)) { m_ecdhKey.reset(new ECDH_PrivateKey(rng, EC_Group(botanKeyExchangeAlgoName(m_kexAlgoName)))); m_sendFacility.sendKeyEcdhInitPacket(convertByteArray(m_ecdhKey->public_value())); } else { m_dhKey.reset(new DH_PrivateKey(rng, DL_Group(botanKeyExchangeAlgoName(m_kexAlgoName)))); m_sendFacility.sendKeyDhInitPacket(m_dhKey->get_y()); } m_serverKexInitPayload = serverKexInit.payLoad(); return kexInitParams.firstKexPacketFollows; }
bool SshKeyExchange::sendDhInitPacket(const SshIncomingPacket &serverKexInit) { #ifdef CREATOR_SSH_DEBUG qDebug("server requests key exchange"); #endif serverKexInit.printRawBytes(); SshKeyExchangeInit kexInitParams = serverKexInit.extractKeyExchangeInitData(); printNameList("Key Algorithms", kexInitParams.keyAlgorithms); printNameList("Server Host Key Algorithms", kexInitParams.serverHostKeyAlgorithms); printNameList("Encryption algorithms client to server", kexInitParams.encryptionAlgorithmsClientToServer); printNameList("Encryption algorithms server to client", kexInitParams.encryptionAlgorithmsServerToClient); printNameList("MAC algorithms client to server", kexInitParams.macAlgorithmsClientToServer); printNameList("MAC algorithms server to client", kexInitParams.macAlgorithmsServerToClient); printNameList("Compression algorithms client to server", kexInitParams.compressionAlgorithmsClientToServer); printNameList("Compression algorithms client to server", kexInitParams.compressionAlgorithmsClientToServer); printNameList("Languages client to server", kexInitParams.languagesClientToServer); printNameList("Languages server to client", kexInitParams.languagesServerToClient); #ifdef CREATOR_SSH_DEBUG qDebug("First packet follows: %d", kexInitParams.firstKexPacketFollows); #endif m_kexAlgoName = SshCapabilities::findBestMatch(SshCapabilities::KeyExchangeMethods, kexInitParams.keyAlgorithms.names); const QList<QByteArray> &commonHostKeyAlgos = SshCapabilities::commonCapabilities(SshCapabilities::PublicKeyAlgorithms, kexInitParams.serverHostKeyAlgorithms.names); const bool ecdh = m_kexAlgoName.startsWith(SshCapabilities::EcdhKexNamePrefix); foreach (const QByteArray &possibleHostKeyAlgo, commonHostKeyAlgos) { if (ecdh && possibleHostKeyAlgo == SshCapabilities::PubKeyEcdsa) { m_serverHostKeyAlgo = possibleHostKeyAlgo; break; } if (!ecdh && (possibleHostKeyAlgo == SshCapabilities::PubKeyDss || possibleHostKeyAlgo == SshCapabilities::PubKeyRsa)) { m_serverHostKeyAlgo = possibleHostKeyAlgo; break; } } if (m_serverHostKeyAlgo.isEmpty()) { throw SshServerException(SSH_DISCONNECT_KEY_EXCHANGE_FAILED, "Invalid combination of key exchange and host key algorithms.", QCoreApplication::translate("SshConnection", "No matching host key algorithm available for key exchange algorithm \"%1\".") .arg(QString::fromLatin1(m_kexAlgoName))); } determineHashingAlgorithm(kexInitParams, true); determineHashingAlgorithm(kexInitParams, false); m_encryptionAlgo = SshCapabilities::findBestMatch(SshCapabilities::EncryptionAlgorithms, kexInitParams.encryptionAlgorithmsClientToServer.names); m_decryptionAlgo = SshCapabilities::findBestMatch(SshCapabilities::EncryptionAlgorithms, kexInitParams.encryptionAlgorithmsServerToClient.names); SshCapabilities::findBestMatch(SshCapabilities::CompressionAlgorithms, kexInitParams.compressionAlgorithmsClientToServer.names); SshCapabilities::findBestMatch(SshCapabilities::CompressionAlgorithms, kexInitParams.compressionAlgorithmsServerToClient.names); AutoSeeded_RNG rng; if (ecdh) { m_ecdhKey.reset(new ECDH_PrivateKey(rng, EC_Group(botanKeyExchangeAlgoName(m_kexAlgoName)))); m_sendFacility.sendKeyEcdhInitPacket(convertByteArray(m_ecdhKey->public_value())); } else { m_dhKey.reset(new DH_PrivateKey(rng, DL_Group(botanKeyExchangeAlgoName(m_kexAlgoName)))); m_sendFacility.sendKeyDhInitPacket(m_dhKey->get_y()); } m_serverKexInitPayload = serverKexInit.payLoad(); return kexInitParams.firstKexPacketFollows; }