Commit 53ffa108 authored by Niels Möller's avatar Niels Möller
Browse files

Use the connection->kex_state variable.

Rev: src/client_keyexchange.c:1.7
Rev: src/client_keyexchange.h:1.5
Rev: src/keyexchange.c:1.12
Rev: src/keyexchange.h:1.13
Rev: src/server_keyexchange.c:1.4
Rev: src/server_keyexchange.h:1.3
parent 1eed66d0
...@@ -87,8 +87,8 @@ static int do_handle_dh_reply(struct packet_handler *c, ...@@ -87,8 +87,8 @@ static int do_handle_dh_reply(struct packet_handler *c,
lsh_free(hash); lsh_free(hash);
/* Reinstall keyexchange handler */ connection->dispatch[SSH_MSG_KEXDH_REPLY] = connection->fail;
connection->dispatch[SSH_MSG_KEXINIT] = closure->saved_kexinit_handler; connection->kex_state = KEX_STATE_NEWKEYS;
return res; return res;
} }
...@@ -124,11 +124,9 @@ static int do_init_dh(struct keyexchange_algorithm *c, ...@@ -124,11 +124,9 @@ static int do_init_dh(struct keyexchange_algorithm *c,
/* Install handler */ /* Install handler */
connection->dispatch[SSH_MSG_KEXDH_REPLY] = &dh->super; connection->dispatch[SSH_MSG_KEXDH_REPLY] = &dh->super;
/* Disable kexinit handler */ connection->kex_state = KEX_STATE_IN_PROGRESS;
dh->saved_kexinit_handler = connection->dispatch[SSH_MSG_KEXINIT];
connection->dispatch[SSH_MSG_KEXINIT] = connection->fail;
return WRITE_OK; return WRITE_OK;
} }
......
...@@ -56,7 +56,6 @@ struct dh_client ...@@ -56,7 +56,6 @@ struct dh_client
struct diffie_hellman_instance dh; struct diffie_hellman_instance dh;
struct lookup_verifier *verifier; struct lookup_verifier *verifier;
struct install_keys *install; struct install_keys *install;
struct packet_handler *saved_kexinit_handler;
}; };
struct keyexchange_algorithm * struct keyexchange_algorithm *
......
...@@ -95,19 +95,6 @@ struct kexinit *parse_kexinit(struct lsh_string *packet) ...@@ -95,19 +95,6 @@ struct kexinit *parse_kexinit(struct lsh_string *packet)
return res; return res;
} }
#if 0
struct abstract_write *make_packet_kexinit(struct handle_kexinit *handler)
{
struct handle_kexinit_packet *closure
= xalloc(sizeof(struct handle_kexinit_packet));
closure->super.write = do_handle_kexinit;
closure->handler = handler;
return &closure->super;
}
#endif
struct lsh_string *format_kex(struct kexinit *kex) struct lsh_string *format_kex(struct kexinit *kex)
{ {
return ssh_format("%c%ls%A%A%A%A%A%A%A%A%A%A%c%i", return ssh_format("%c%ls%A%A%A%A%A%A%A%A%A%A%c%i",
...@@ -228,7 +215,7 @@ static int do_handle_kexinit(struct packet_handler *c, ...@@ -228,7 +215,7 @@ static int do_handle_kexinit(struct packet_handler *c,
if (msg->first_kex_packet_follows) if (msg->first_kex_packet_follows)
{ {
/* Wrong guess */ /* Wrong guess */
connection->ignore_one_packet = 1; connection->kex_state = KEX_STATE_IGNORE;
} }
/* FIXME: Ignores that some keyechange algorithms require /* FIXME: Ignores that some keyechange algorithms require
* certain features of the host key algorithms. */ * certain features of the host key algorithms. */
...@@ -416,6 +403,8 @@ static int do_handle_newkeys(struct packet_handler *c, ...@@ -416,6 +403,8 @@ static int do_handle_newkeys(struct packet_handler *c,
connection->rec_crypto = closure->crypto; connection->rec_crypto = closure->crypto;
connection->rec_mac = closure->mac; connection->rec_mac = closure->mac;
connection->kex_state = KEX_STATE_INIT;
connection->dispatch[SSH_MSG_NEWKEYS] = NULL; connection->dispatch[SSH_MSG_NEWKEYS] = NULL;
lsh_free(closure); lsh_free(closure);
......
...@@ -40,6 +40,20 @@ ...@@ -40,6 +40,20 @@
#define KEX_PARAMETERS 6 #define KEX_PARAMETERS 6
/* A KEX_INIT msg can be accepted. This is true, most of the time. */
#define KEX_STATE_INIT 0
/* Ignore next packet */
#define KEX_STATE_IGNORE 1
/* Key exchange is in progress. Neither KEX_INIT or NEWKEYS messages
* can be recieved */
#define KEX_STATE_IN_PROGRESS 2
/* Key exchange is finished. A NEWKEYS message should be recieved, and
* nothing else. */
#define KEX_STATE_NEWKEYS 3
/* algorithms is an array indexed by the KEX_* values above */ /* algorithms is an array indexed by the KEX_* values above */
struct keyexchange_algorithm struct keyexchange_algorithm
{ {
......
...@@ -48,22 +48,6 @@ static int do_handle_dh_init(struct packet_handler *c, ...@@ -48,22 +48,6 @@ static int do_handle_dh_init(struct packet_handler *c,
return WRITE_CLOSED; return WRITE_CLOSED;
} }
#if 0
signer = LOOKUP_SIGNER(closure->signer, closure->dh.server_host_key);
if (!signer)
/* FIXME: Use a more appropriate error code. Should probably have
* a separate file for sending and recieving various types of
* disconnects. */
return disconnect_kex_failed(connection, "Bad server host key\r\n");
#endif
#if 0
if (!dh_verify_server_msg(&closure->dh, v))
/* FIXME: Same here */
return disconnect_kex_failed(connection, "Bad server host key\r\n");
#endif
/* Send server's message, to complete key exchange */ /* Send server's message, to complete key exchange */
res = A_WRITE(connection->write, dh_make_server_msg(&closure->dh, res = A_WRITE(connection->write, dh_make_server_msg(&closure->dh,
closure->signer)); closure->signer));
...@@ -96,8 +80,8 @@ static int do_handle_dh_init(struct packet_handler *c, ...@@ -96,8 +80,8 @@ static int do_handle_dh_init(struct packet_handler *c,
lsh_free(hash); lsh_free(hash);
/* Reinstall keyexchange handler */ connection->kex_state = KEX_STATE_NEWKEYS;
connection->dispatch[SSH_MSG_KEXINIT] = closure->saved_kexinit_handler; connection->dispatch[SSH_MSG_KEXDH_INIT] = connection->fail;
return res; return res;
} }
...@@ -124,16 +108,10 @@ static int do_init_dh(struct keyexchange_algorithm *c, ...@@ -124,16 +108,10 @@ static int do_init_dh(struct keyexchange_algorithm *c,
dh->install = make_server_install_keys(algorithms); dh->install = make_server_install_keys(algorithms);
#if 0
/* Send server's message */
A_WRITE(connection->write, dh_make_server_msg(&dh->dh));
#endif
/* Install handler */ /* Install handler */
connection->dispatch[SSH_MSG_KEXDH_INIT] = &dh->super; connection->dispatch[SSH_MSG_KEXDH_INIT] = &dh->super;
/* Disable kexinit handler */ connection->kex_state = KEX_STATE_IN_PROGRESS;
dh->saved_kexinit_handler = connection->dispatch[SSH_MSG_KEXINIT];
connection->dispatch[SSH_MSG_KEXINIT] = connection->fail;
return WRITE_OK; return WRITE_OK;
} }
......
...@@ -45,7 +45,6 @@ struct dh_server ...@@ -45,7 +45,6 @@ struct dh_server
struct lsh_string *server_key; struct lsh_string *server_key;
struct signer *signer; struct signer *signer;
struct install_keys *install; struct install_keys *install;
struct packet_handler *saved_kexinit_handler;
}; };
struct keyexchange_algorithm * struct keyexchange_algorithm *
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment