static Key *
keygrab_ssh2(con *c)
{
int j;
packet_set_connection(c->c_fd, c->c_fd);
enable_compat20();
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
c->c_keytype == KT_DSA ? "ssh-dss" :
(c->c_keytype == KT_RSA ? "ssh-rsa" :
(c->c_keytype == KT_ED25519 ? "ssh-ed25519" :
"ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"));
c->c_kex = kex_setup(myproposal);
c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
c->c_kex->kex[KEX_C25519_SHA256] = kexc25519_client;
c->c_kex->verify_host_key = hostjump;
if (!(j = setjmp(kexjmp))) {
nonfatal_fatal = 1;
dispatch_run(DISPATCH_BLOCK, &c->c_kex->done, c->c_kex);
fprintf(stderr, "Impossible! dispatch_run() returned!\n");
exit(1);
}
nonfatal_fatal = 0;
free(c->c_kex);
c->c_kex = NULL;
packet_close();
return j < 0? NULL : kexjmp_key;
}
static void
keygrab_ssh2(con *c)
{
const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
int r;
switch (c->c_keytype) {
case KT_DSA:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"*****@*****.**" : "ssh-dss";
break;
case KT_RSA:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"*****@*****.**" : "ssh-rsa";
break;
case KT_ED25519:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"*****@*****.**" : "ssh-ed25519";
break;
case KT_XMSS:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"*****@*****.**" : "*****@*****.**";
break;
case KT_ECDSA:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"[email protected],"
"[email protected],"
"*****@*****.**" :
"ecdsa-sha2-nistp256,"
"ecdsa-sha2-nistp384,"
"ecdsa-sha2-nistp521";
break;
default:
fatal("unknown key type %d", c->c_keytype);
break;
}
if ((r = kex_setup(c->c_ssh, myproposal)) != 0) {
free(c->c_ssh);
fprintf(stderr, "kex_setup: %s\n", ssh_err(r));
exit(1);
}
#ifdef WITH_OPENSSL
c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;
c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;
c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;
c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
#endif
c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
/*
* do the key-exchange until an error occurs or until
* the key_print_wrapper() callback sets c_done.
*/
ssh_dispatch_run(c->c_ssh, DISPATCH_BLOCK, &c->c_done);
}
static void
keygrab_ssh2(con *c)
{
const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
int r;
enable_compat20();
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
c->c_keytype == KT_DSA ? "ssh-dss" :
(c->c_keytype == KT_RSA ? "ssh-rsa" :
(c->c_keytype == KT_ED25519 ? "ssh-ed25519" :
"ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"));
if ((r = kex_setup(c->c_ssh, myproposal)) != 0) {
free(c->c_ssh);
fprintf(stderr, "kex_setup: %s\n", ssh_err(r));
exit(1);
}
#ifdef WITH_OPENSSL
c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
#endif
c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
/*
* do the key-exchange until an error occurs or until
* the key_print_wrapper() callback sets c_done.
*/
ssh_dispatch_run(c->c_ssh, DISPATCH_BLOCK, &c->c_done, c->c_ssh);
}
void
ssh_kex2(char *host, struct sockaddr *hostaddr)
{
Kex *kex;
xxx_host = host;
xxx_hostaddr = hostaddr;
if (options.ciphers == (char *)-1) {
log("No valid ciphers for protocol version 2 given, using defaults.");
options.ciphers = NULL;
}
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
myproposal[PROPOSAL_ENC_ALGS_STOC] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
} else {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
}
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
if (options.hostkeyalgorithms != NULL)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
options.hostkeyalgorithms;
/* start key exchange */
kex = kex_setup(myproposal);
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->verify_host_key=&verify_host_key_callback;
xxx_kex = kex;
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
session_id2 = kex->session_id;
session_id2_len = kex->session_id_len;
#ifdef DEBUG_KEXDH
/* send 1st encrypted/maced/compressed message */
packet_start(SSH2_MSG_IGNORE);
packet_put_cstring("markus");
packet_send();
packet_write_wait();
#endif
}
/*
* SSH2 key exchange: diffie-hellman-group1-sha1
*/
void
do_ssh2_kex(void)
{
Kex *kex;
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
myproposal[PROPOSAL_ENC_ALGS_STOC] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
if (!options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
}
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
/* start key exchange */
kex = kex_setup(myproposal);
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->server = 1;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->load_host_key=&get_hostkey_by_type;
kex->host_key_index=&get_hostkey_index;
xxx_kex = kex;
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
session_id2 = kex->session_id;
session_id2_len = kex->session_id_len;
#ifdef DEBUG_KEXDH
/* send 1st encrypted/maced/compressed message */
packet_start(SSH2_MSG_IGNORE);
packet_put_cstring("markus");
packet_send();
packet_write_wait();
#endif
debug("KEX done");
}
void
ssh_kex2(char *host, struct sockaddr *hostaddr)
{
Kex *kex;
Kex_hook_func kex_hook = NULL;
static char **myproposal;
myproposal = my_clnt_proposal;
xxx_host = host;
xxx_hostaddr = hostaddr;
#ifdef GSSAPI
/* Add the GSSAPI mechanisms currently supported on this client to
* the key exchange algorithm proposal */
if (options.gss_keyex)
kex_hook = ssh_gssapi_client_kex_hook;
#endif /* GSSAPI */
if (options.ciphers == (char *)-1) {
log("No valid ciphers for protocol version 2 given, using defaults.");
options.ciphers = NULL;
}
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
myproposal[PROPOSAL_ENC_ALGS_STOC] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
} else {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
}
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
if (options.hostkeyalgorithms != NULL)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
options.hostkeyalgorithms;
if (options.rekey_limit)
packet_set_rekey_limit((u_int32_t)options.rekey_limit);
if (datafellows & SSH_BUG_LOCALES_NOT_LANGTAGS) {
char *locale = setlocale(LC_ALL, "");
/* Solaris 9 SSHD expects a locale, not a langtag list */
myproposal[PROPOSAL_LANG_CTOS] = "";
if (locale != NULL && *locale != '\0' &&
strcmp(locale, "C") != 0)
myproposal[PROPOSAL_LANG_CTOS] = locale;
} else {
myproposal[PROPOSAL_LANG_CTOS] = g11n_getlangs();
}
/* Same languages proposal for both directions */
if (myproposal[PROPOSAL_LANG_CTOS] == NULL) {
myproposal[PROPOSAL_LANG_CTOS] = "";
myproposal[PROPOSAL_LANG_STOC] = "";
} else {
myproposal[PROPOSAL_LANG_STOC] =
myproposal[PROPOSAL_LANG_CTOS];
}
/* start key exchange */
kex = kex_setup(host, myproposal, kex_hook);
kex_start(kex);
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
#ifdef GSSAPI
kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
kex->options.gss_deleg_creds = options.gss_deleg_creds;
#endif /* GSSAPI */
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->verify_host_key=&verify_host_key_callback;
kex->accept_host_key=&accept_host_key_callback;
xxx_kex = kex;
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
session_id2 = kex->session_id;
session_id2_len = kex->session_id_len;
#ifdef DEBUG_KEXDH
/* send 1st encrypted/maced/compressed message */
packet_start(SSH2_MSG_IGNORE);
packet_put_cstring("markus");
packet_send();
packet_write_wait();
#endif
debug("done: ssh_kex2.");
}