int
kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp)
{
struct kex *kex;
int r;
*kexp = NULL;
if ((kex = calloc(1, sizeof(*kex))) == NULL)
return SSH_ERR_ALLOC_FAIL;
if ((kex->peer = sshbuf_new()) == NULL ||
(kex->my = sshbuf_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((r = kex_prop2buf(kex->my, proposal)) != 0)
goto out;
kex->done = 0;
kex_reset_dispatch(ssh);
r = 0;
*kexp = kex;
out:
if (r != 0)
kex_free(kex);
return r;
}
int
kex_setup(struct ssh *ssh, char *proposal[PROPOSAL_MAX])
{
int r;
if ((r = kex_new(ssh, proposal, &ssh->kex)) != 0)
return r;
if ((r = kex_send_kexinit(ssh)) != 0) { /* we start */
kex_free(ssh->kex);
ssh->kex = NULL;
return r;
}
return 0;
}
int
kex_setup(ncrack_ssh_state *nstate, char *proposal[PROPOSAL_MAX])
{
int r;
if ((r = kex_new(nstate, proposal, &nstate->kex)) != 0) {
return r;
}
if ((r = kex_send_kexinit(nstate)) != 0) { /* we start */
kex_free(nstate->kex);
nstate->kex = NULL;
return r;
}
return 0;
}
static void
do_kex_with_key(char *kex, int keytype, int bits)
{
struct ssh *client = NULL, *server = NULL, *server2 = NULL;
struct sshkey *private, *public;
struct sshbuf *state;
struct kex_params kex_params;
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
TEST_START("sshkey_generate");
ASSERT_INT_EQ(sshkey_generate(keytype, bits, &private), 0);
TEST_DONE();
TEST_START("sshkey_from_private");
ASSERT_INT_EQ(sshkey_from_private(private, &public), 0);
TEST_DONE();
TEST_START("ssh_init");
memcpy(kex_params.proposal, myproposal, sizeof(myproposal));
if (kex != NULL)
kex_params.proposal[PROPOSAL_KEX_ALGS] = kex;
ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0);
ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0);
ASSERT_PTR_NE(client, NULL);
ASSERT_PTR_NE(server, NULL);
TEST_DONE();
TEST_START("ssh_add_hostkey");
ASSERT_INT_EQ(ssh_add_hostkey(server, private), 0);
ASSERT_INT_EQ(ssh_add_hostkey(client, public), 0);
TEST_DONE();
TEST_START("kex");
run_kex(client, server);
TEST_DONE();
TEST_START("rekeying client");
ASSERT_INT_EQ(kex_send_kexinit(client), 0);
run_kex(client, server);
TEST_DONE();
TEST_START("rekeying server");
ASSERT_INT_EQ(kex_send_kexinit(server), 0);
run_kex(client, server);
TEST_DONE();
TEST_START("ssh_packet_get_state");
state = sshbuf_new();
ASSERT_PTR_NE(state, NULL);
ASSERT_INT_EQ(ssh_packet_get_state(server, state), 0);
ASSERT_INT_GE(sshbuf_len(state), 1);
TEST_DONE();
TEST_START("ssh_packet_set_state");
server2 = NULL;
ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0);
ASSERT_PTR_NE(server2, NULL);
ASSERT_INT_EQ(ssh_add_hostkey(server2, private), 0);
kex_free(server2->kex); /* XXX or should ssh_packet_set_state()? */
ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0);
ASSERT_INT_EQ(sshbuf_len(state), 0);
sshbuf_free(state);
ASSERT_PTR_NE(server2->kex, NULL);
/* XXX we need to set the callbacks */
server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
#ifdef OPENSSL_HAS_ECC
server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
#endif
server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
server2->kex->load_host_public_key = server->kex->load_host_public_key;
server2->kex->load_host_private_key = server->kex->load_host_private_key;
server2->kex->sign = server->kex->sign;
TEST_DONE();
TEST_START("rekeying server2");
ASSERT_INT_EQ(kex_send_kexinit(server2), 0);
run_kex(client, server2);
ASSERT_INT_EQ(kex_send_kexinit(client), 0);
run_kex(client, server2);
TEST_DONE();
TEST_START("cleanup");
sshkey_free(private);
sshkey_free(public);
ssh_free(client);
ssh_free(server);
ssh_free(server2);
TEST_DONE();
}
static void
do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c,
int direction, int packet_index,
const char *dump_path, struct sshbuf *replace_data)
{
struct ssh *client = NULL, *server = NULL, *server2 = NULL;
struct sshkey *pubkey = NULL;
struct sshbuf *state;
struct kex_params kex_params;
char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
char *keyname = NULL;
TEST_START("sshkey_from_private");
ASSERT_INT_EQ(sshkey_from_private(prvkey, &pubkey), 0);
TEST_DONE();
TEST_START("ssh_init");
memcpy(kex_params.proposal, myproposal, sizeof(myproposal));
if (kex != NULL)
kex_params.proposal[PROPOSAL_KEX_ALGS] = strdup(kex);
keyname = strdup(sshkey_ssh_name(prvkey));
ASSERT_PTR_NE(keyname, NULL);
kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname;
ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0);
ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0);
ASSERT_PTR_NE(client, NULL);
ASSERT_PTR_NE(server, NULL);
TEST_DONE();
TEST_START("ssh_add_hostkey");
ASSERT_INT_EQ(ssh_add_hostkey(server, prvkey), 0);
ASSERT_INT_EQ(ssh_add_hostkey(client, pubkey), 0);
TEST_DONE();
TEST_START("kex");
run_kex(client, server, s2c, c2s, direction, packet_index,
dump_path, replace_data);
TEST_DONE();
TEST_START("rekeying client");
ASSERT_INT_EQ(kex_send_kexinit(client), 0);
run_kex(client, server, s2c, c2s, direction, packet_index,
dump_path, replace_data);
TEST_DONE();
TEST_START("rekeying server");
ASSERT_INT_EQ(kex_send_kexinit(server), 0);
run_kex(client, server, s2c, c2s, direction, packet_index,
dump_path, replace_data);
TEST_DONE();
TEST_START("ssh_packet_get_state");
state = sshbuf_new();
ASSERT_PTR_NE(state, NULL);
ASSERT_INT_EQ(ssh_packet_get_state(server, state), 0);
ASSERT_INT_GE(sshbuf_len(state), 1);
TEST_DONE();
TEST_START("ssh_packet_set_state");
server2 = NULL;
ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0);
ASSERT_PTR_NE(server2, NULL);
ASSERT_INT_EQ(ssh_add_hostkey(server2, prvkey), 0);
kex_free(server2->kex); /* XXX or should ssh_packet_set_state()? */
ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0);
ASSERT_INT_EQ(sshbuf_len(state), 0);
sshbuf_free(state);
ASSERT_PTR_NE(server2->kex, NULL);
/* XXX we need to set the callbacks */
server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
#ifdef OPENSSL_HAS_ECC
server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
#endif
server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
server2->kex->load_host_public_key = server->kex->load_host_public_key;
server2->kex->load_host_private_key = server->kex->load_host_private_key;
server2->kex->sign = server->kex->sign;
TEST_DONE();
TEST_START("rekeying server2");
ASSERT_INT_EQ(kex_send_kexinit(server2), 0);
run_kex(client, server2, s2c, c2s, direction, packet_index,
dump_path, replace_data);
ASSERT_INT_EQ(kex_send_kexinit(client), 0);
run_kex(client, server2, s2c, c2s, direction, packet_index,
dump_path, replace_data);
TEST_DONE();
TEST_START("cleanup");
sshkey_free(pubkey);
ssh_free(client);
ssh_free(server);
ssh_free(server2);
free(keyname);
TEST_DONE();
}
