Commit 461f854e authored by Niels Möller's avatar Niels Möller
Browse files

Work in progress.

Rev: src/client_keyexchange.c:1.2
Rev: src/keyexchange.c:1.7
Rev: src/keyexchange.h:1.8
parent 1f73754c
/* client_keyexchange.c
*
* $Id$ */
/* lsh, an implementation of the ssh protocol
*
* Copyright (C) 1998 Niels Möller
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "client_keyexchange.h"
static void do_handle_dh_reply(struct packet_handler *c,
struct ssh_connection *connection,
struct lsh_string *packet);
{
struct dh_client *closure = (struct dh_client *) c;
struct verifier *v;
if (!dh_process_server_msg(&closure->dh, packet))
return send_disconnect(connection, "Bad dh-reply\r\n");
v = LOOKUP_VERIFIER(closure->verifier, closure->dh.server_host_key);
if (!v)
/* FIXME: Use a more appropriate error code. Should probably have
* a separate file for sending and recieving various types of
* disconnects. */
return send_disconnect(connection, "Bad server host key\r\n");
if (!dh_verify_server_msg(&closure->dh, v))
/* FIXME: Same here */
return send_disconnect(connection, "Bad server host key\r\n");
/* Key exchange successful! */
}
static void do_init_dh(struct keyexchange_algorithm *c,
struct ssh_connection *connection)
{
struct dh_algorithm_client *closure = (struct dh_algorithm_client *) c;
struct dh_client *dh = xalloc(sizeof(struct dh_client));
struct lsh_string *msg;
/* Initialize */
dh->super.handler = do_handle_dh_reply;
init_diffie_hellman_instance(closure->dh, &dh->dh, connection);
dh->hash = MAKE_HASH(closure->hash);
dh->signature_algorithm = closure->signature_algorithm;
/* Send client's message */
A_WRITE(connection->write, dh_make_client_msg(&dh->dh));
/* Install handler */
connection->dispatch[SSH_MSG_KEXDH_REPLY] = &dh->super;
/* Disable kexinit handler */
dh->saved_kexinit_handler = connection->dispatch[SSH_MSG_KEXINIT];
connection->dispatch[SSH_MSG_KEXINIT] = connection->fail;
return WRITE_OK;
}
......@@ -28,6 +28,7 @@
#include "format.h"
#include "keyexchange.h"
#include "parse.h"
#include "publickey_crypto.h"
#include "ssh.h"
#include "xalloc.h"
......@@ -127,12 +128,18 @@ int initiate_keyexchange(struct ssh_connection *connection,
struct lsh_string *first_packet)
{
int res;
lsh_string *s;
connection->sent_kexinit = kex;
kex->first_kex_packet_follows = !!first_packet;
res = A_WRITE(connection->write, format_kex(kex));
connection->kexinits[connection->type] = kex;
s = format_kex(kex);
/* Save value for later signing */
connection->literal_kexinits[connection->type] = s;
res = A_WRITE(connection->write, lsh_string_dup(s));
if ( (res == WRITE_OK) && first_packet)
return A_WRITE(connection->write, first_packet);
else
......@@ -186,9 +193,10 @@ static int do_handle_kexinit(struct packet_hander *c,
if (!msg)
return 0;
lsh_free(packet);
/* Save value for later signing */
connection->literal_kexinits[connection->type] = packet;
connection->kexinits[!connection->type] = msg;
/* Have we sent a kexinit message? */
......@@ -252,13 +260,23 @@ static int do_handle_kexinit(struct packet_hander *c,
for (i = 0; i<KEX_PARAMETERS; i++)
algorithms[i] = ALIST_GET(closure->algorithms, parameters[i]);
newkeys = make_newkeys_handler(ALIST_GET(closure->alist, hostkey_algorithm),
newkeys = make_newkeys_handler(ALIST_GET(closure->algorithms,
hostkey_algorithm),
algorithms);
return KEYEXCHANGE_INIT(ALIST_GET(algorithms, kex_algorithm), connection);
}
}
static int do_handle_newkeys(struct packet_handler *c,
struct ssh_connection *connection,
struct lsh_string *packet)
{
struct packet_handler *
make_newkeys_handler(struct signature_algorithm *hostkey_algorithm,
void *parameters)
{
......@@ -90,13 +90,11 @@ struct handle_keyexinit
struct handle_newkeys
{
struct packet_handler super;
struct crypto_algorithm *encryption_client_to_server;
struct crypto_algorithm *encryption_server_to_client;
struct mac_algorithm *mac_client_to_server;
struct mac_algorithm *mac_server_to_client;
/* Algorithms for transmission */
struct crypto_algorithm *crypto;
struct mac_algorithm *mac;
#if 0
struct compression_algorithm *compression_client_to_server;
struct compression_algorithm *compression_server_to_client;
struct compression_algorithm *compressor;
#endif
};
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment