Commit 75d130d3 authored by Niels Möller's avatar Niels Möller
Browse files

*** empty log message ***

Rev: ChangeLog:1.199
Rev: src/exception.h:1.18
Rev: src/keyexchange.h:1.44
Rev: src/server_keyexchange.h:1.11
Rev: src/server_session.c:1.41
Rev: src/srp.h:1.1
parent 613f6dd2
2000-05-28 Niels Mller <nisse@cuckoo.localdomain>
* src/unix_user.c (do_read_file): Changed USER_READ_FILE to use
exceptions and continuations.
* src/ssh.h: Added message numbers for SRP key exchange and dh
group negotiation.
* src/srp_exchange.c: Various bugfixes. At least compiles now.
* src/sexp.c (sexp_check_type_l): Renamed tthe sexp_check_type
function.
(sexp_check_type): Moved and renamed the spki_check_type function.
(sexp2bignum_u): New function.
(sexp_atom_eq): New function.
(sexp_atoms_eq): Renamed the previos sexp_atom_eq function.
(sexp_get_un): Use sexp2bignum_u.
* src/publickey_crypto.h: Renamed all occurences of
"diffie_hellman" do "dh".
* src/publickey_crypto.c (zn_ring_add): New function.
(zn_ring_subtract): New function.
* src/keyexchange.c (kex_build_secret): Use a string rather than a
bignum for the third argument.
(keyexchange_finish): New function.
* src/io.c (check_user_permissions): Made fname argument const.
(io_read_user_file): Fixed call to fstat().
* src/invert-defs: Use -u flag to sort (is that a GNU:ism?)
* src/exception.c (make_protocol_exception): Updated with new
messages.
* src/dh_exchange.c (dh_hash_update): New (or ersurrected)
function.
(dh_hash_digest): Don't hash the host key here.
(dh_make_server_msg): Hash host key.
(dh_process_server_msg): Likewise.
* src/client_keyexchange.h (make_srp_client): New prototype.
* acconfig.h: Added WITH_SRP.
* configure.in: Include sys/types.h when checking for utmp
members.
Added --disable-srp option.
* src/client_keyexchange.c (do_handle_dh_reply): Use
keyexchange_finish().
First attempt at SRP support.
* src/server_keyexchange.c: Likewise
* src/atoms.in: Added srp-group1-sha1, srp-verifier and ssh-group1.
2000-05-27 Niels Mller <nisse@cuckoo.localdomain>
* src/testsuite/Makefile.am (TS_MORE_SH): Added lsh-4-test.
* src/publickey_crypto.h: Renamed the class group to abstract_group.
(GROUP_RANGE): Renamed from GROUP_MEMBER, as it actually doesn't
check membership.
......
......@@ -62,9 +62,14 @@ void exception_raise(struct exception_handler *e,
# define EXCEPTION_RAISE(h, e) ((h)->raise((h), (e)))
#endif /* !DEBUG_TRACE */
/* NOTE: This is pretty useless, as it requires that the parent be
* static as well. Used only for the default_exception_handler and
* ignore_exception_handler, and perhaps some others with NULL parent.
* */
#define STATIC_EXCEPTION_HANDLER(r, p) \
{ STATIC_HEADER, (r), (p), __FILE__ ":" STRING_LINE ": Static" }
#define HANDLER_CONTEXT (__FILE__ ":" STRING_LINE ": " FUNCTION_NAME)
......
......@@ -70,16 +70,13 @@
(class
(name keyexchange_algorithm)
(vars
;; FIXME: Add some method or attribute describing
;; the requirements on the hostkey algorithm.
; Algorithms is an array indexed by the KEX_* values above
(init method void
"struct ssh_connection *connection"
;; "struct ssh_service *finished"
"int hostkey_algorithm_atom"
;; "struct signature_algorithm *hostkey_algorithm"
"struct lsh_object *extra"
; Secret key (if applicable and available).
;;"struct keypair *key"
"struct object_list *algorithms")))
*/
......@@ -115,6 +112,7 @@
#define MAKE_KEXINIT(s) ((s)->make((s)))
/* FIXME: We don't need this class. */
/* Installs keys for use. */
/* GABA:
(class
......@@ -186,10 +184,18 @@ struct install_keys *
make_install_new_keys(int is_server,
struct object_list *algorithms);
#if 0
struct hash_instance *
kex_build_secret(struct hash_algorithm *H,
struct lsh_string *exchange_hash,
mpz_t K);
#endif
void
keyexchange_finish(struct ssh_connection *connection,
struct install_keys *install,
struct hash_algorithm *H,
struct lsh_string *exchange_hash,
struct lsh_string *K);
#endif /* LSH_KEYEXCHANGE_H_INCLUDED */
......@@ -28,12 +28,14 @@
#include "keyexchange.h"
#include "publickey_crypto.h"
#include "server_userauth.h"
/* This function consumes the server key */
struct keyexchange_algorithm *
make_dh_server(struct diffie_hellman_method *dh);
/* struct alist *keys); */
make_dh_server(struct dh_method *dh);
struct install_keys *make_server_install_keys(struct object_list *algorithms);
struct keyexchange_algorithm *
make_srp_server(struct dh_method *dh,
struct user_db *db);
#endif /* LSH_SERVER_KEYEXCHANGE_H_INCLUDED */
......@@ -375,8 +375,6 @@ static void do_exit_shell(struct exit_callback *c, int signaled,
struct server_session *session = closure->session;
struct ssh_channel *channel = &session->super;
CHECK_TYPE(server_session, session);
trace("server_session.c: do_exit_shell()\n");
/* NOTE: We don't close the child's stdio here. The io-backend
......
/* srp.h
*
* Declarations for Thomas Wu's Secure Remote Password Protocol
*
* $Id$ */
/* lsh, an implementation of the ssh protocol
*
* Copyright (C) 2000 Niels Möller
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef SRP_H_INCLUDED
#define SRP_H_INCLUDED
#include "publickey_crypto.h"
#define GABA_DECLARE
#include "srp.h.x"
#undef GABA_DECLARE
/* GABA:
(class
(name srp_entry)
(vars
(name string)
(salt string)
(verifier bignum)))
*/
/* Copies the name, rather than consuming it. */
struct srp_entry *
make_srp_entry(struct lsh_string *name, struct sexp *e);
void
srp_hash_password(mpz_t x,
struct hash_algorithm *H,
struct lsh_string *salt,
struct lsh_string *name,
struct lsh_string *passwd);
struct lsh_string *
srp_make_init_msg(struct dh_instance *dh, struct lsh_string *name);
/* Returns the name */
struct lsh_string *
srp_process_init_msg(struct dh_instance *self, struct lsh_string *packet);
struct lsh_string *
srp_make_reply_msg(struct dh_instance *dh, struct srp_entry *entry);
/* Returns the salt */
struct lsh_string *
srp_process_reply_msg(struct dh_instance *dh, struct lsh_string *packet);
struct lsh_string *
srp_make_client_proof(struct dh_instance *dh,
mpz_t x);
struct lsh_string *
srp_process_client_proof(struct dh_instance *dh, struct lsh_string *packet);
int
srp_process_server_proof(struct dh_instance *dh, struct lsh_string *packet);
#endif /* SRP_H_INCLUDED */
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment