Lines Matching +full:com +full:- +full:seq

68 static int kex_choose_conf(struct ssh *, uint32_t seq);
120 { NULL, 0, -1, -1},
130 for (k = kexalgs; k->name != NULL; k++) { in kex_alg_list()
133 nlen = strlen(k->name); in kex_alg_list()
139 memcpy(ret + rlen, k->name, nlen + 1); in kex_alg_list()
150 for (k = kexalgs; k->name != NULL; k++) { in kex_alg_by_name()
151 if (strcmp(k->name, name) == 0) in kex_alg_by_name()
180 /* returns non-zero if proposal contains any algorithm from algs */
231 * configuration file. The user-provided string may begin with '+' to
232 * indicate that it should be appended to the default, '-' that the
262 } else if (*list == '-') { in kex_assemble_names()
280 /* Explicit list, overrides default - just use "list" as is */ in kex_assemble_names()
284 * The supplied names may be a pattern-list. For the -list case, in kex_assemble_names()
293 /* Apply positive (i.e. non-negated) patterns from the list */ in kex_assemble_names()
313 /* An empty name-list is an error */ in kex_assemble_names()
345 const char **defprop = ssh->kex->server ? defpropserver : defpropclient; in kex_proposal_populate_entries()
355 if ((cp = kex_names_cat(kexalgos, ssh->kex->server ? in kex_proposal_populate_entries()
356 "ext-info-s,kex-strict-s-v00@openssh.com" : in kex_proposal_populate_entries()
357 "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) in kex_proposal_populate_entries()
484 kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh) in kex_protocol_error() argument
489 if ((ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) { in kex_protocol_error()
491 "unexpected packet type %u (seqnr %u)", type, seq); in kex_protocol_error()
493 error_f("type %u seq %u", type, seq); in kex_protocol_error()
495 (r = sshpkt_put_u32(ssh, seq)) != 0 || in kex_protocol_error()
517 * rsa-sha2-512-cert-v01@openssh.com => rsa-sha2-512 in kex_set_server_sig_algs()
524 free(ssh->kex->server_sig_algs); in kex_set_server_sig_algs()
525 ssh->kex->server_sig_algs = NULL; in kex_set_server_sig_algs()
533 if (ssh->kex->server_sig_algs != NULL && in kex_set_server_sig_algs()
534 has_any_alg(sigalg, ssh->kex->server_sig_algs)) in kex_set_server_sig_algs()
536 xextendf(&ssh->kex->server_sig_algs, ",", "%s", sigalg); in kex_set_server_sig_algs()
540 if (ssh->kex->server_sig_algs == NULL) in kex_set_server_sig_algs()
541 ssh->kex->server_sig_algs = xstrdup(""); in kex_set_server_sig_algs()
549 if (ssh->kex->server_sig_algs == NULL && in kex_compose_ext_info_server()
550 (ssh->kex->server_sig_algs = sshkey_alg_list(0, 1, 1, ',')) == NULL) in kex_compose_ext_info_server()
553 (r = sshbuf_put_cstring(m, "server-sig-algs")) != 0 || in kex_compose_ext_info_server()
554 (r = sshbuf_put_cstring(m, ssh->kex->server_sig_algs)) != 0 || in kex_compose_ext_info_server()
556 "publickey-hostbound@openssh.com")) != 0 || in kex_compose_ext_info_server()
558 (r = sshbuf_put_cstring(m, "ping@openssh.com")) != 0 || in kex_compose_ext_info_server()
572 (r = sshbuf_put_cstring(m, "ext-info-in-auth@openssh.com")) != 0 || in kex_compose_ext_info_client()
589 if ((ssh->kex->flags & KEX_INITIAL) == 0) in kex_maybe_send_ext_info()
591 if (!ssh->kex->ext_info_c && !ssh->kex->ext_info_s) in kex_maybe_send_ext_info()
597 if (ssh->kex->ext_info_c && in kex_maybe_send_ext_info()
600 if (ssh->kex->ext_info_s && in kex_maybe_send_ext_info()
625 if ((ssh->kex->flags & KEX_HAS_EXT_INFO_IN_AUTH) == 0) in kex_server_update_ext_info()
631 (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || in kex_server_update_ext_info()
632 (r = sshpkt_put_cstring(ssh, ssh->kex->server_sig_algs)) != 0 || in kex_server_update_ext_info()
668 kex->flags |= flag; in kex_ext_info_check_ver()
681 if (strcmp(name, "server-sig-algs") == 0) { in kex_ext_info_client_parse()
688 free(ssh->kex->server_sig_algs); in kex_ext_info_client_parse()
689 ssh->kex->server_sig_algs = xstrdup((const char *)value); in kex_ext_info_client_parse()
690 } else if (ssh->kex->ext_info_received == 1 && in kex_ext_info_client_parse()
691 strcmp(name, "publickey-hostbound@openssh.com") == 0) { in kex_ext_info_client_parse()
692 if ((r = kex_ext_info_check_ver(ssh->kex, name, value, vlen, in kex_ext_info_client_parse()
696 } else if (ssh->kex->ext_info_received == 1 && in kex_ext_info_client_parse()
697 strcmp(name, "ping@openssh.com") == 0) { in kex_ext_info_client_parse()
698 if ((r = kex_ext_info_check_ver(ssh->kex, name, value, vlen, in kex_ext_info_client_parse()
714 if (strcmp(name, "ext-info-in-auth@openssh.com") == 0) { in kex_ext_info_server_parse()
715 if ((r = kex_ext_info_check_ver(ssh->kex, name, value, vlen, in kex_ext_info_server_parse()
725 kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh) in kex_input_ext_info() argument
727 struct kex *kex = ssh->kex; in kex_input_ext_info()
728 const int max_ext_info = kex->server ? 1 : 2; in kex_input_ext_info()
736 if (++kex->ext_info_received > max_ext_info) { in kex_input_ext_info()
738 return dispatch_protocol_error(type, seq, ssh); in kex_input_ext_info()
746 return dispatch_protocol_error(type, seq, ssh); in kex_input_ext_info()
756 if (kex->server) { in kex_input_ext_info()
772 kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh) in kex_input_newkeys() argument
774 struct kex *kex = ssh->kex; in kex_input_newkeys()
775 int r, initial = (kex->flags & KEX_INITIAL) != 0; in kex_input_newkeys()
779 if (kex->ext_info_c && initial) in kex_input_newkeys()
789 if ((r = kex_buf2prop(kex->my, NULL, &prop)) != 0) in kex_input_newkeys()
792 kex->server ? in kex_input_newkeys()
793 "ext-info-s,kex-strict-s-v00@openssh.com" : in kex_input_newkeys()
794 "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) { in kex_input_newkeys()
800 if ((r = kex_prop2buf(ssh->kex->my, prop)) != 0) { in kex_input_newkeys()
810 kex->done = 1; in kex_input_newkeys()
811 kex->flags &= ~KEX_INITIAL; in kex_input_newkeys()
812 sshbuf_reset(kex->peer); in kex_input_newkeys()
813 kex->flags &= ~KEX_INIT_SENT; in kex_input_newkeys()
814 free(kex->name); in kex_input_newkeys()
815 kex->name = NULL; in kex_input_newkeys()
823 struct kex *kex = ssh->kex; in kex_send_kexinit()
830 if (kex->flags & KEX_INIT_SENT) in kex_send_kexinit()
832 kex->done = 0; in kex_send_kexinit()
835 if (sshbuf_len(kex->my) < KEX_COOKIE_LEN) { in kex_send_kexinit()
837 sshbuf_len(kex->my), KEX_COOKIE_LEN); in kex_send_kexinit()
840 if ((cookie = sshbuf_mutable_ptr(kex->my)) == NULL) { in kex_send_kexinit()
847 (r = sshpkt_putb(ssh, kex->my)) != 0 || in kex_send_kexinit()
853 kex->flags |= KEX_INIT_SENT; in kex_send_kexinit()
858 kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) in kex_input_kexinit() argument
860 struct kex *kex = ssh->kex; in kex_input_kexinit()
873 if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) in kex_input_kexinit()
890 * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported in kex_input_kexinit()
895 * XXX2 - RFC4253 is kind of ambiguous on what first_kex_follows means in kex_input_kexinit()
904 if (!(kex->flags & KEX_INIT_SENT)) in kex_input_kexinit()
907 if ((r = kex_choose_conf(ssh, seq)) != 0) in kex_input_kexinit()
910 if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL) in kex_input_kexinit()
911 return (kex->kex[kex->kex_type])(ssh); in kex_input_kexinit()
913 error_f("unknown kex type %u", kex->kex_type); in kex_input_kexinit()
923 (kex->peer = sshbuf_new()) == NULL || in kex_new()
924 (kex->my = sshbuf_new()) == NULL || in kex_new()
925 (kex->client_version = sshbuf_new()) == NULL || in kex_new()
926 (kex->server_version = sshbuf_new()) == NULL || in kex_new()
927 (kex->session_id = sshbuf_new()) == NULL) { in kex_new()
939 if (newkeys->enc.key) { in kex_free_newkeys()
940 explicit_bzero(newkeys->enc.key, newkeys->enc.key_len); in kex_free_newkeys()
941 free(newkeys->enc.key); in kex_free_newkeys()
942 newkeys->enc.key = NULL; in kex_free_newkeys()
944 if (newkeys->enc.iv) { in kex_free_newkeys()
945 explicit_bzero(newkeys->enc.iv, newkeys->enc.iv_len); in kex_free_newkeys()
946 free(newkeys->enc.iv); in kex_free_newkeys()
947 newkeys->enc.iv = NULL; in kex_free_newkeys()
949 free(newkeys->enc.name); in kex_free_newkeys()
950 explicit_bzero(&newkeys->enc, sizeof(newkeys->enc)); in kex_free_newkeys()
951 free(newkeys->comp.name); in kex_free_newkeys()
952 explicit_bzero(&newkeys->comp, sizeof(newkeys->comp)); in kex_free_newkeys()
953 mac_clear(&newkeys->mac); in kex_free_newkeys()
954 if (newkeys->mac.key) { in kex_free_newkeys()
955 explicit_bzero(newkeys->mac.key, newkeys->mac.key_len); in kex_free_newkeys()
956 free(newkeys->mac.key); in kex_free_newkeys()
957 newkeys->mac.key = NULL; in kex_free_newkeys()
959 free(newkeys->mac.name); in kex_free_newkeys()
960 explicit_bzero(&newkeys->mac, sizeof(newkeys->mac)); in kex_free_newkeys()
973 DH_free(kex->dh); in kex_free()
975 EC_KEY_free(kex->ec_client_key); in kex_free()
979 kex_free_newkeys(kex->newkeys[mode]); in kex_free()
980 kex->newkeys[mode] = NULL; in kex_free()
982 sshbuf_free(kex->peer); in kex_free()
983 sshbuf_free(kex->my); in kex_free()
984 sshbuf_free(kex->client_version); in kex_free()
985 sshbuf_free(kex->server_version); in kex_free()
986 sshbuf_free(kex->client_pub); in kex_free()
987 sshbuf_free(kex->session_id); in kex_free()
988 sshbuf_free(kex->initial_sig); in kex_free()
989 sshkey_free(kex->initial_hostkey); in kex_free()
990 free(kex->failed_choice); in kex_free()
991 free(kex->hostkey_alg); in kex_free()
992 free(kex->name); in kex_free()
1001 if ((r = kex_prop2buf(ssh->kex->my, proposal)) != 0) in kex_ready()
1003 ssh->kex->flags = KEX_INITIAL; in kex_ready()
1017 kex_free(ssh->kex); in kex_setup()
1018 ssh->kex = NULL; in kex_setup()
1025 * Request key re-exchange, returns 0 on success or a ssherr.h error
1026 * code otherwise. Must not be called if KEX is incomplete or in-progress.
1031 if (ssh->kex == NULL) { in kex_start_rekex()
1035 if (ssh->kex->done == 0) { in kex_start_rekex()
1039 ssh->kex->done = 0; in kex_start_rekex()
1050 if ((enc->cipher = cipher_by_name(name)) == NULL) { in choose_enc()
1055 enc->name = name; in choose_enc()
1056 enc->enabled = 0; in choose_enc()
1057 enc->iv = NULL; in choose_enc()
1058 enc->iv_len = cipher_ivlen(enc->cipher); in choose_enc()
1059 enc->key = NULL; in choose_enc()
1060 enc->key_len = cipher_keylen(enc->cipher); in choose_enc()
1061 enc->block_size = cipher_blocksize(enc->cipher); in choose_enc()
1077 mac->name = name; in choose_mac()
1078 mac->key = NULL; in choose_mac()
1079 mac->enabled = 0; in choose_mac()
1091 if (strcmp(name, "zlib@openssh.com") == 0) { in choose_comp()
1092 comp->type = COMP_DELAYED; in choose_comp()
1094 comp->type = COMP_ZLIB; in choose_comp()
1098 comp->type = COMP_NONE; in choose_comp()
1104 comp->name = name; in choose_comp()
1113 k->name = match_list(client, server, NULL); in choose_kex()
1115 debug("kex: algorithm: %s", k->name ? k->name : "(no match)"); in choose_kex()
1116 if (k->name == NULL) in choose_kex()
1118 if ((kexalg = kex_alg_by_name(k->name)) == NULL) { in choose_kex()
1119 error_f("unsupported KEX method %s", k->name); in choose_kex()
1122 k->kex_type = kexalg->type; in choose_kex()
1123 k->hash_alg = kexalg->hash_alg; in choose_kex()
1124 k->ec_nid = kexalg->ec_nid; in choose_kex()
1131 free(k->hostkey_alg); in choose_hostkeyalg()
1132 k->hostkey_alg = match_list(client, server, NULL); in choose_hostkeyalg()
1135 k->hostkey_alg ? k->hostkey_alg : "(no match)"); in choose_hostkeyalg()
1136 if (k->hostkey_alg == NULL) in choose_hostkeyalg()
1138 k->hostkey_type = sshkey_type_from_name(k->hostkey_alg); in choose_hostkeyalg()
1139 if (k->hostkey_type == KEY_UNSPEC) { in choose_hostkeyalg()
1140 error_f("unsupported hostkey algorithm %s", k->hostkey_alg); in choose_hostkeyalg()
1143 k->hostkey_nid = sshkey_ecdsa_nid_from_name(k->hostkey_alg); in choose_hostkeyalg()
1151 PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, -1 in proposals_match()
1156 for (idx = &check[0]; *idx != -1; idx++) { in proposals_match()
1178 kex_choose_conf(struct ssh *ssh, uint32_t seq) in kex_choose_conf() argument
1180 struct kex *kex = ssh->kex; in kex_choose_conf()
1188 debug2("local %s KEXINIT proposal", kex->server ? "server" : "client"); in kex_choose_conf()
1189 if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0) in kex_choose_conf()
1191 debug2("peer %s KEXINIT proposal", kex->server ? "client" : "server"); in kex_choose_conf()
1192 if ((r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0) in kex_choose_conf()
1195 if (kex->server) { in kex_choose_conf()
1204 if ((kex->flags & KEX_INITIAL) != 0) { in kex_choose_conf()
1205 if (kex->server) { in kex_choose_conf()
1206 kex->ext_info_c = kexalgs_contains(peer, "ext-info-c"); in kex_choose_conf()
1207 kex->kex_strict = kexalgs_contains(peer, in kex_choose_conf()
1208 "kex-strict-c-v00@openssh.com"); in kex_choose_conf()
1210 kex->ext_info_s = kexalgs_contains(peer, "ext-info-s"); in kex_choose_conf()
1211 kex->kex_strict = kexalgs_contains(peer, in kex_choose_conf()
1212 "kex-strict-s-v00@openssh.com"); in kex_choose_conf()
1214 if (kex->kex_strict) { in kex_choose_conf()
1216 if (seq != 0) in kex_choose_conf()
1223 /* Check whether client supports rsa-sha2 algorithms */ in kex_choose_conf()
1224 if (kex->server && (kex->flags & KEX_INITIAL)) { in kex_choose_conf()
1226 "rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com")) in kex_choose_conf()
1227 kex->flags |= KEX_RSA_SHA2_256_SUPPORTED; in kex_choose_conf()
1229 "rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com")) in kex_choose_conf()
1230 kex->flags |= KEX_RSA_SHA2_512_SUPPORTED; in kex_choose_conf()
1236 kex->failed_choice = peer[PROPOSAL_KEX_ALGS]; in kex_choose_conf()
1242 kex->failed_choice = peer[PROPOSAL_SERVER_HOST_KEY_ALGS]; in kex_choose_conf()
1251 kex->newkeys[mode] = newkeys; in kex_choose_conf()
1252 ctos = (!kex->server && mode == MODE_OUT) || in kex_choose_conf()
1253 (kex->server && mode == MODE_IN); in kex_choose_conf()
1257 if ((r = choose_enc(&newkeys->enc, cprop[nenc], in kex_choose_conf()
1259 kex->failed_choice = peer[nenc]; in kex_choose_conf()
1263 authlen = cipher_authlen(newkeys->enc.cipher); in kex_choose_conf()
1266 (r = choose_mac(ssh, &newkeys->mac, cprop[nmac], in kex_choose_conf()
1268 kex->failed_choice = peer[nmac]; in kex_choose_conf()
1272 if ((r = choose_comp(&newkeys->comp, cprop[ncomp], in kex_choose_conf()
1274 kex->failed_choice = peer[ncomp]; in kex_choose_conf()
1279 ctos ? "client->server" : "server->client", in kex_choose_conf()
1280 newkeys->enc.name, in kex_choose_conf()
1281 authlen == 0 ? newkeys->mac.name : "<implicit>", in kex_choose_conf()
1282 newkeys->comp.name); in kex_choose_conf()
1286 newkeys = kex->newkeys[mode]; in kex_choose_conf()
1287 need = MAXIMUM(need, newkeys->enc.key_len); in kex_choose_conf()
1288 need = MAXIMUM(need, newkeys->enc.block_size); in kex_choose_conf()
1289 need = MAXIMUM(need, newkeys->enc.iv_len); in kex_choose_conf()
1290 need = MAXIMUM(need, newkeys->mac.key_len); in kex_choose_conf()
1291 dh_need = MAXIMUM(dh_need, cipher_seclen(newkeys->enc.cipher)); in kex_choose_conf()
1292 dh_need = MAXIMUM(dh_need, newkeys->enc.block_size); in kex_choose_conf()
1293 dh_need = MAXIMUM(dh_need, newkeys->enc.iv_len); in kex_choose_conf()
1294 dh_need = MAXIMUM(dh_need, newkeys->mac.key_len); in kex_choose_conf()
1297 kex->we_need = need; in kex_choose_conf()
1298 kex->dh_need = dh_need; in kex_choose_conf()
1302 ssh->dispatch_skip_packets = 1; in kex_choose_conf()
1314 struct kex *kex = ssh->kex; in derive_key()
1322 if ((mdsz = ssh_digest_bytes(kex->hash_alg)) == 0) in derive_key()
1330 if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL || in derive_key()
1334 ssh_digest_update_buffer(hashctx, kex->session_id) != 0 || in derive_key()
1345 * Kn = HASH(K || H || K1 || K2 || ... || Kn-1) in derive_key()
1349 if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL || in derive_key()
1379 struct kex *kex = ssh->kex; in kex_derive_keys()
1385 if ((kex->flags & KEX_INITIAL) != 0) { in kex_derive_keys()
1386 if (sshbuf_len(kex->session_id) != 0) { in kex_derive_keys()
1390 if ((r = sshbuf_put(kex->session_id, hash, hashlen)) != 0) in kex_derive_keys()
1392 } else if (sshbuf_len(kex->session_id) == 0) { in kex_derive_keys()
1397 if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen, in kex_derive_keys()
1405 ctos = (!kex->server && mode == MODE_OUT) || in kex_derive_keys()
1406 (kex->server && mode == MODE_IN); in kex_derive_keys()
1407 kex->newkeys[mode]->enc.iv = keys[ctos ? 0 : 1]; in kex_derive_keys()
1408 kex->newkeys[mode]->enc.key = keys[ctos ? 2 : 3]; in kex_derive_keys()
1409 kex->newkeys[mode]->mac.key = keys[ctos ? 4 : 5]; in kex_derive_keys()
1417 struct kex *kex = ssh->kex; in kex_load_hostkey()
1421 if (kex->load_host_public_key == NULL || in kex_load_hostkey()
1422 kex->load_host_private_key == NULL) { in kex_load_hostkey()
1426 *pubp = kex->load_host_public_key(kex->hostkey_type, in kex_load_hostkey()
1427 kex->hostkey_nid, ssh); in kex_load_hostkey()
1428 *prvp = kex->load_host_private_key(kex->hostkey_type, in kex_load_hostkey()
1429 kex->hostkey_nid, ssh); in kex_load_hostkey()
1438 struct kex *kex = ssh->kex; in kex_verify_host_key()
1440 if (kex->verify_host_key == NULL) { in kex_verify_host_key()
1444 if (server_host_key->type != kex->hostkey_type || in kex_verify_host_key()
1445 (kex->hostkey_type == KEY_ECDSA && in kex_verify_host_key()
1446 server_host_key->ecdsa_nid != kex->hostkey_nid)) in kex_verify_host_key()
1448 if (kex->verify_host_key(server_host_key, ssh) == -1) in kex_verify_host_key()
1471 if (!ssh->kex->server) in send_error()
1494 struct sshbuf *our_version = ssh->kex->server ? in kex_exchange_identification()
1495 ssh->kex->server_version : ssh->kex->client_version; in kex_exchange_identification()
1496 struct sshbuf *peer_version = ssh->kex->server ? in kex_exchange_identification()
1497 ssh->kex->client_version : ssh->kex->server_version; in kex_exchange_identification()
1505 if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%s%s%s\r\n", in kex_exchange_identification()
1551 if (r == -1 && errno == ETIMEDOUT) { in kex_exchange_identification()
1558 } else if (r == -1) { in kex_exchange_identification()
1601 memcmp(sshbuf_ptr(peer_version), "SSH-", 4) == 0) in kex_exchange_identification()
1610 if (ssh->kex->server) { in kex_exchange_identification()
1633 if (sscanf(peer_version_string, "SSH-%d.%d-%[^\n]\n", in kex_exchange_identification()
1666 if (ssh->kex->server && (ssh->compat & SSH_BUG_PROBE) != 0) { in kex_exchange_identification()
1673 if (ssh->kex->server && (ssh->compat & SSH_BUG_SCANNER) != 0) { in kex_exchange_identification()