diff options
author | Damien Miller <djm@mindrot.org> | 2000-10-14 16:23:11 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-10-14 16:23:11 +1100 |
commit | 874d77bb134a21a5cf625956b60173376a993ba8 (patch) | |
tree | 93dd73b2ff1fbf0ad5f3978a2c4e0d8438a0bf7c /kex.h | |
parent | 89d9796fbedef4eed6956a2c095c7cc25330c28d (diff) |
- (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org 2000/09/30 10:27:44
[log.c]
allow loglevel debug
- markus@cvs.openbsd.org 2000/10/03 11:59:57
[packet.c]
hmac->mac
- markus@cvs.openbsd.org 2000/10/03 12:03:03
[auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
move fake-auth from auth1.c to individual auth methods, disables s/key in
debug-msg
- markus@cvs.openbsd.org 2000/10/03 12:16:48
ssh.c
do not resolve canonname, i have no idea why this was added oin ossh
- markus@cvs.openbsd.org 2000/10/09 15:30:44
ssh-keygen.1 ssh-keygen.c
-X now reads private ssh.com DSA keys, too.
- markus@cvs.openbsd.org 2000/10/09 15:32:34
auth-options.c
clear options on every call.
- markus@cvs.openbsd.org 2000/10/09 15:51:00
authfd.c authfd.h
interop with ssh-agent2, from <res@shore.net>
- markus@cvs.openbsd.org 2000/10/10 14:20:45
compat.c
use rexexp for version string matching
- provos@cvs.openbsd.org 2000/10/10 22:02:18
[kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
First rough implementation of the diffie-hellman group exchange. The
client can ask the server for bigger groups to perform the diffie-hellman
in, thus increasing the attack complexity when using ciphers with longer
keys. University of Windsor provided network, T the company.
- markus@cvs.openbsd.org 2000/10/11 13:59:52
[auth-rsa.c auth2.c]
clear auth options unless auth sucessfull
- markus@cvs.openbsd.org 2000/10/11 14:00:27
[auth-options.h]
clear auth options unless auth sucessfull
- markus@cvs.openbsd.org 2000/10/11 14:03:27
[scp.1 scp.c]
support 'scp -o' with help from mouring@pconline.com
- markus@cvs.openbsd.org 2000/10/11 14:11:35
[dh.c]
Wall
- markus@cvs.openbsd.org 2000/10/11 14:14:40
[auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
[ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
add support for s/key (kbd-interactive) to ssh2, based on work by
mkiernan@avantgo.com and me
- markus@cvs.openbsd.org 2000/10/11 14:27:24
[auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
[myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
[sshconnect2.c sshd.c]
new cipher framework
- markus@cvs.openbsd.org 2000/10/11 14:45:21
[cipher.c]
remove DES
- markus@cvs.openbsd.org 2000/10/12 03:59:20
[cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
enable DES in SSH-1 clients only
- markus@cvs.openbsd.org 2000/10/12 08:21:13
[kex.h packet.c]
remove unused
- markus@cvs.openbsd.org 2000/10/13 12:34:46
[sshd.c]
Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
- markus@cvs.openbsd.org 2000/10/13 12:59:15
[cipher.c cipher.h myproposal.h rijndael.c rijndael.h]
rijndael/aes support
- markus@cvs.openbsd.org 2000/10/13 13:10:54
[sshd.8]
more info about -V
- markus@cvs.openbsd.org 2000/10/13 13:12:02
[myproposal.h]
prefer no compression
Diffstat (limited to 'kex.h')
-rw-r--r-- | kex.h | 35 |
1 files changed, 26 insertions, 9 deletions
@@ -24,8 +24,9 @@ | |||
24 | #ifndef KEX_H | 24 | #ifndef KEX_H |
25 | #define KEX_H | 25 | #define KEX_H |
26 | 26 | ||
27 | #define KEX_DH1 "diffie-hellman-group1-sha1" | 27 | #define KEX_DH1 "diffie-hellman-group1-sha1" |
28 | #define KEX_DSS "ssh-dss" | 28 | #define KEX_DHGEX "diffie-hellman-group-exchange-sha1" |
29 | #define KEX_DSS "ssh-dss" | ||
29 | 30 | ||
30 | enum kex_init_proposals { | 31 | enum kex_init_proposals { |
31 | PROPOSAL_KEX_ALGS, | 32 | PROPOSAL_KEX_ALGS, |
@@ -47,28 +48,30 @@ enum kex_modes { | |||
47 | MODE_MAX | 48 | MODE_MAX |
48 | }; | 49 | }; |
49 | 50 | ||
51 | enum kex_exchange { | ||
52 | DH_GRP1_SHA1, | ||
53 | DH_GEX_SHA1 | ||
54 | }; | ||
55 | |||
50 | typedef struct Kex Kex; | 56 | typedef struct Kex Kex; |
51 | typedef struct Mac Mac; | 57 | typedef struct Mac Mac; |
52 | typedef struct Comp Comp; | 58 | typedef struct Comp Comp; |
53 | typedef struct Enc Enc; | 59 | typedef struct Enc Enc; |
54 | 60 | ||
55 | struct Enc { | 61 | struct Enc { |
56 | int type; | 62 | char *name; |
63 | Cipher *cipher; | ||
57 | int enabled; | 64 | int enabled; |
58 | int block_size; | ||
59 | unsigned char *key; | 65 | unsigned char *key; |
60 | unsigned char *iv; | 66 | unsigned char *iv; |
61 | int key_len; | ||
62 | int iv_len; | ||
63 | char *name; | ||
64 | }; | 67 | }; |
65 | struct Mac { | 68 | struct Mac { |
66 | EVP_MD *md; | 69 | char *name; |
67 | int enabled; | 70 | int enabled; |
71 | EVP_MD *md; | ||
68 | int mac_len; | 72 | int mac_len; |
69 | unsigned char *key; | 73 | unsigned char *key; |
70 | int key_len; | 74 | int key_len; |
71 | char *name; | ||
72 | }; | 75 | }; |
73 | struct Comp { | 76 | struct Comp { |
74 | int type; | 77 | int type; |
@@ -83,6 +86,7 @@ struct Kex { | |||
83 | int server; | 86 | int server; |
84 | char *name; | 87 | char *name; |
85 | char *hostkeyalg; | 88 | char *hostkeyalg; |
89 | int kex_type; | ||
86 | }; | 90 | }; |
87 | 91 | ||
88 | Buffer *kex_init(char *myproposal[PROPOSAL_MAX]); | 92 | Buffer *kex_init(char *myproposal[PROPOSAL_MAX]); |
@@ -96,6 +100,8 @@ kex_choose_conf(char *cprop[PROPOSAL_MAX], | |||
96 | int kex_derive_keys(Kex *k, unsigned char *hash, BIGNUM *shared_secret); | 100 | int kex_derive_keys(Kex *k, unsigned char *hash, BIGNUM *shared_secret); |
97 | void packet_set_kex(Kex *k); | 101 | void packet_set_kex(Kex *k); |
98 | int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub); | 102 | int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub); |
103 | DH *dh_new_group_asc(const char *, const char *); | ||
104 | DH *dh_new_group(BIGNUM *, BIGNUM *); | ||
99 | DH *dh_new_group1(); | 105 | DH *dh_new_group1(); |
100 | 106 | ||
101 | unsigned char * | 107 | unsigned char * |
@@ -109,4 +115,15 @@ kex_hash( | |||
109 | BIGNUM *server_dh_pub, | 115 | BIGNUM *server_dh_pub, |
110 | BIGNUM *shared_secret); | 116 | BIGNUM *shared_secret); |
111 | 117 | ||
118 | unsigned char * | ||
119 | kex_hash_gex( | ||
120 | char *client_version_string, | ||
121 | char *server_version_string, | ||
122 | char *ckexinit, int ckexinitlen, | ||
123 | char *skexinit, int skexinitlen, | ||
124 | char *serverhostkeyblob, int sbloblen, | ||
125 | int minbits, BIGNUM *prime, BIGNUM *gen, | ||
126 | BIGNUM *client_dh_pub, | ||
127 | BIGNUM *server_dh_pub, | ||
128 | BIGNUM *shared_secret); | ||
112 | #endif | 129 | #endif |