svnno****@sourc*****
svnno****@sourc*****
2011年 3月 5日 (土) 23:52:45 JST
Tera TermRevision: 4367
http://sourceforge.jp/projects/ttssh2/svn/view?view=rev&revision=4367
Author: yutakapon
Date: 2011-03-05 23:52:45 +0900 (Sat, 05 Mar 2011)
Log Message:
-----------
TTSSHã®å„種暗å·è¨å®šã«é–¢ã—ã¦ã€teraterm.iniã®ã‚¨ãƒ³ãƒˆãƒªã§ã‚«ã‚¹ã‚¿ãƒžã‚¤ã‚ºã§ãるよã†ã«ã—ãŸã€‚
æ£å¼ãªUIã«é–¢ã—ã¦ã¯ã€ã“ã‚Œã‹ã‚‰æ¤œè¨Žã™ã‚‹ã€‚
KexOrder=56743210
HostKeyOrder=456230
MacOrder=120
CompOrder=012
Modified Paths:
--------------
trunk/installer/release/TERATERM.INI
trunk/ttssh2/ttxssh/key.c
trunk/ttssh2/ttxssh/ssh.c
trunk/ttssh2/ttxssh/ssh.h
trunk/ttssh2/ttxssh/ttxssh.c
trunk/ttssh2/ttxssh/ttxssh.h
-------------- next part --------------
Modified: trunk/installer/release/TERATERM.INI
===================================================================
--- trunk/installer/release/TERATERM.INI 2011-03-05 14:06:35 UTC (rev 4366)
+++ trunk/installer/release/TERATERM.INI 2011-03-05 14:52:45 UTC (rev 4367)
@@ -608,9 +608,6 @@
; SSH enabled flag (1=enabled 0=disabled)
Enabled=1
-; packet compression level (0=none)
-Compression=0
-
; default login username (setup to authentication dialog)
DefaultUserName=
DefaultForwarding=
@@ -621,7 +618,44 @@
; <...AES128-CTR, =...AES192-CTR, >...AES256-CTR, ?...Arcfour,
; @...Arcfour128, A...Arcfour256, B...CAST128-CBC, C...3DES-CTR,
; D...Blowfish-CTR, E...CAST128-CTR, etc)
+; 0...Ciphers below this line are disabled.
CipherOrder=>:=9<8C7D;A@?EB3062
+
+; KEX algorithm order(SSH2)
+; 0...diffie-hellman-group1-sha1
+; 1...diffie-hellman-group14-sha1
+; 2...diffie-hellman-group-exchange-sha1
+; 3...diffie-hellman-group-exchange-sha256
+; 4...ecdh-sha2-nistp256
+; 5...ecdh-sha2-nistp384
+; 6...ecdh-sha2-nistp521
+; 7...KEXs below this line are disabled.
+KexOrder=56743210
+
+; Host Key algorithm order(SSH2)
+; 2...RSA
+; 3...DSA
+; 4...ecdh-sha2-nistp256
+; 5...ecdh-sha2-nistp384
+; 6...ecdh-sha2-nistp521
+; 0...below this line are disabled.
+HostKeyOrder=456230
+
+; MAC algorithm order(SSH2)
+; 1...HMAC-SHA1
+; 2...HMAC-MD5
+; 0...below this line are disabled.
+MacOrder=120
+
+; Compression algorithm order(SSH2)
+; 1...zlib
+; 2...z****@opens*****(Delayed Compression)
+; 0...below this line are disabled.
+CompOrder=012
+; packet compression level (0=none)
+Compression=0
+
+
KnownHostsFiles=ssh_known_hosts
DefaultRhostsLocalUserName=
DefaultRhostsHostPrivateKeyFile=
Modified: trunk/ttssh2/ttxssh/key.c
===================================================================
--- trunk/ttssh2/ttxssh/key.c 2011-03-05 14:06:35 UTC (rev 4366)
+++ trunk/ttssh2/ttxssh/key.c 2011-03-05 14:52:45 UTC (rev 4367)
@@ -702,20 +702,15 @@
//
char *get_sshname_from_keytype(enum ssh_keytype type)
{
- if (type == KEY_RSA) {
- return "ssh-rsa";
- } else if (type == KEY_DSA) {
- return "ssh-dss";
- } else if (type == KEY_ECDSA256) {
- return "ecdsa-sha2-nistp256";
- } else if (type == KEY_ECDSA384) {
- return "ecdsa-sha2-nistp384";
- } else if (type == KEY_ECDSA521) {
- return "ecdsa-sha2-nistp521";
- } else {
- return "ssh-unknown";
+ int i;
+
+ for (i = 0 ; ssh2_host_key[i].name ; i++) {
+ if (type == ssh2_host_key[i].type)
+ return ssh2_host_key[i].name;
}
+ return "ssh-unknown";
}
+
char *get_sshname_from_key(Key *key)
{
return get_sshname_from_keytype(key->type);
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c 2011-03-05 14:06:35 UTC (rev 4366)
+++ trunk/ttssh2/ttxssh/ssh.c 2011-03-05 14:52:45 UTC (rev 4367)
@@ -4169,6 +4169,8 @@
void SSH2_update_compression_myproposal(PTInstVar pvar)
{
static char buf[128]; // TODO: malloc()‚É‚·‚ׂ«
+ int index;
+ int len, i;
// ’ÊM’†‚ɂ͌Ă΂ê‚È‚¢‚Í‚¸‚¾‚ªA”O‚Ì‚½‚ßB(2006.6.26 maya)
if (pvar->socket != INVALID_SOCKET) {
@@ -4177,11 +4179,22 @@
// ˆ³kƒŒƒxƒ‹‚ɉž‚¶‚ÄAmyproposal[]‚ð‘‚«Š·‚¦‚éB(2005.7.9 yutaka)
buf[0] = '\0';
- if (pvar->settings.CompressionLevel > 0) {
- // «—ˆ“I‚Ɉ³kƒAƒ‹ƒSƒŠƒYƒ€‚Ì—Dæ“x‚ðƒ†[ƒU‚ª•Ï‚¦‚ç‚ê‚é‚悤‚É‚·‚éB
- _snprintf_s(buf, sizeof(buf), _TRUNCATE, "zlib****@opens*****,zlib,none");
+ for (i = 0 ; pvar->settings.CompOrder[i] != 0 ; i++) {
+ index = pvar->settings.CompOrder[i] - '0';
+ if (index == COMP_NONE) // disabled line
+ break;
+ strncat_s(buf, sizeof(buf), ssh_comps[index].name, _TRUNCATE);
+ strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
}
- else {
+ len = strlen(buf);
+ buf[len - 1] = '\0'; // get rid of comma
+
+ // ˆ³kŽw’肪‚È‚¢ê‡‚ÍAˆ³kƒŒƒxƒ‹‚ð–³ðŒ‚Ƀ[ƒ‚É‚·‚éB
+ if (buf[0] == '\0') {
+ pvar->settings.CompressionLevel = 0;
+ }
+
+ if (pvar->settings.CompressionLevel == 0) {
_snprintf_s(buf, sizeof(buf), _TRUNCATE, KEX_DEFAULT_COMP);
}
if (buf[0] != '\0') {
@@ -4190,7 +4203,85 @@
}
}
+// KEXƒAƒ‹ƒSƒŠƒYƒ€—D懈ʂɉž‚¶‚ÄAmyproposal[]‚ð‘‚«Š·‚¦‚éB
+// (2011.2.28 yutaka)
+void SSH2_update_kex_myproposal(PTInstVar pvar)
+{
+ static char buf[256]; // TODO: malloc()‚É‚·‚ׂ«
+ int index;
+ int len, i;
+ // ’ÊM’†‚ɂ͌Ă΂ê‚È‚¢‚Í‚¸‚¾‚ªA”O‚Ì‚½‚ßB(2006.6.26 maya)
+ if (pvar->socket != INVALID_SOCKET) {
+ return;
+ }
+
+ buf[0] = '\0';
+ for (i = 0 ; pvar->settings.KexOrder[i] != 0 ; i++) {
+ index = pvar->settings.KexOrder[i] - '0';
+ if (index == KEX_DH_NONE) // disabled line
+ break;
+ strncat_s(buf, sizeof(buf), ssh2_kex_algorithms[index].name, _TRUNCATE);
+ strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
+ }
+ len = strlen(buf);
+ buf[len - 1] = '\0'; // get rid of comma
+ myproposal[PROPOSAL_KEX_ALGS] = buf;
+}
+
+// Host KeyƒAƒ‹ƒSƒŠƒYƒ€—D懈ʂɉž‚¶‚ÄAmyproposal[]‚ð‘‚«Š·‚¦‚éB
+// (2011.2.28 yutaka)
+void SSH2_update_host_key_myproposal(PTInstVar pvar)
+{
+ static char buf[256]; // TODO: malloc()‚É‚·‚ׂ«
+ int index;
+ int len, i;
+
+ // ’ÊM’†‚ɂ͌Ă΂ê‚È‚¢‚Í‚¸‚¾‚ªA”O‚Ì‚½‚ßB(2006.6.26 maya)
+ if (pvar->socket != INVALID_SOCKET) {
+ return;
+ }
+
+ buf[0] = '\0';
+ for (i = 0 ; pvar->settings.HostKeyOrder[i] != 0 ; i++) {
+ index = pvar->settings.HostKeyOrder[i] - '0';
+ if (index == KEY_NONE) // disabled line
+ break;
+ strncat_s(buf, sizeof(buf), ssh2_host_key[index].name, _TRUNCATE);
+ strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
+ }
+ len = strlen(buf);
+ buf[len - 1] = '\0'; // get rid of comma
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = buf;
+}
+
+// H-MACƒAƒ‹ƒSƒŠƒYƒ€—D懈ʂɉž‚¶‚ÄAmyproposal[]‚ð‘‚«Š·‚¦‚éB
+// (2011.2.28 yutaka)
+void SSH2_update_hmac_myproposal(PTInstVar pvar)
+{
+ static char buf[256]; // TODO: malloc()‚É‚·‚ׂ«
+ int index;
+ int len, i;
+
+ // ’ÊM’†‚ɂ͌Ă΂ê‚È‚¢‚Í‚¸‚¾‚ªA”O‚Ì‚½‚ßB(2006.6.26 maya)
+ if (pvar->socket != INVALID_SOCKET) {
+ return;
+ }
+
+ buf[0] = '\0';
+ for (i = 0 ; pvar->settings.MacOrder[i] != 0 ; i++) {
+ index = pvar->settings.MacOrder[i] - '0';
+ if (index == HMAC_NONE) // disabled line
+ break;
+ strncat_s(buf, sizeof(buf), ssh2_macs[index].name, _TRUNCATE);
+ strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
+ }
+ len = strlen(buf);
+ buf[len - 1] = '\0'; // get rid of comma
+ myproposal[PROPOSAL_MAC_ALGS_CTOS] = buf;
+ myproposal[PROPOSAL_MAC_ALGS_STOC] = buf;
+}
+
// ƒNƒ‰ƒCƒAƒ“ƒg‚©‚çƒT[ƒo‚ւ̃L[ŒðŠ·ŠJŽn—v‹
void SSH2_send_kexinit(PTInstVar pvar)
{
Modified: trunk/ttssh2/ttxssh/ssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ssh.h 2011-03-05 14:06:35 UTC (rev 4366)
+++ trunk/ttssh2/ttxssh/ssh.h 2011-03-05 14:52:45 UTC (rev 4367)
@@ -198,6 +198,7 @@
#define SSH2_OPEN_RESOURCE_SHORTAGE 4
enum ssh_keytype {
+ KEY_NONE,
KEY_RSA1,
KEY_RSA,
KEY_DSA,
@@ -205,8 +206,25 @@
KEY_ECDSA384,
KEY_ECDSA521,
KEY_UNSPEC,
+ KEY_MAX = KEY_UNSPEC,
};
+typedef struct ssh2_host_key {
+ enum ssh_keytype type;
+ char *name;
+} ssh2_host_key_t;
+
+static ssh2_host_key_t ssh2_host_key[] = {
+ {KEY_NONE, "none"},
+ {KEY_RSA1, "ssh-rsa1"}, // for SSH1 only
+ {KEY_RSA, "ssh-rsa"},
+ {KEY_DSA, "ssh-dss"},
+ {KEY_ECDSA256, "ecdsa-sha2-nistp256"},
+ {KEY_ECDSA384, "ecdsa-sha2-nistp384"},
+ {KEY_ECDSA521, "ecdsa-sha2-nistp521"},
+ {KEY_UNSPEC, "ssh-unknown"},
+};
+
#define KEX_DEFAULT_KEX "ecdh-sha2-nistp256," \
"ecdh-sha2-nistp384," \
"ecdh-sha2-nistp521," \
@@ -314,6 +332,7 @@
// ‰º‹L‚̃Cƒ“ƒfƒbƒNƒX‚Í ssh2_kex_algorithms[] ‚Ƈ‚킹‚邱‚ÆB
enum kex_algorithm {
+ KEX_DH_NONE, /* disabled line */
KEX_DH_GRP1_SHA1,
KEX_DH_GRP14_SHA1,
KEX_DH_GEX_SHA1,
@@ -322,6 +341,7 @@
KEX_ECDH_SHA2_384,
KEX_ECDH_SHA2_521,
KEX_DH_UNKNOWN,
+ KEX_DH_MAX = KEX_DH_UNKNOWN,
};
typedef struct ssh2_kex_algorithm {
@@ -331,6 +351,7 @@
} ssh2_kex_algorithm_t;
static ssh2_kex_algorithm_t ssh2_kex_algorithms[] = {
+ {KEX_DH_NONE , "none", NULL},
{KEX_DH_GRP1_SHA1, "diffie-hellman-group1-sha1", EVP_sha1},
{KEX_DH_GRP14_SHA1, "diffie-hellman-group14-sha1", EVP_sha1},
{KEX_DH_GEX_SHA1, "diffie-hellman-group-exchange-sha1", EVP_sha1},
@@ -344,9 +365,11 @@
// ‰º‹L‚̃Cƒ“ƒfƒbƒNƒX‚Í ssh2_macs[] ‚Ƈ‚킹‚邱‚ÆB
enum hmac_type {
+ HMAC_NONE,
HMAC_SHA1,
HMAC_MD5,
- HMAC_UNKNOWN
+ HMAC_UNKNOWN,
+ HMAC_MAX = HMAC_UNKNOWN,
};
typedef struct ssh2_mac {
@@ -357,6 +380,7 @@
} ssh2_mac_t;
static ssh2_mac_t ssh2_macs[] = {
+ {HMAC_NONE, "none", NULL, 0},
{HMAC_SHA1, "hmac-sha1", EVP_sha1, 0},
{HMAC_MD5, "hmac-md5", EVP_md5, 0},
{HMAC_UNKNOWN, NULL, NULL, 0},
@@ -368,7 +392,8 @@
COMP_NONE,
COMP_ZLIB,
COMP_DELAYED,
- COMP_UNKNOWN
+ COMP_UNKNOWN,
+ COMP_MAX = COMP_UNKNOWN,
};
typedef struct ssh_comp {
@@ -594,6 +619,9 @@
BOOL handle_SSH2_userauth_passwd_changereq(PTInstVar pvar);
void SSH2_update_compression_myproposal(PTInstVar pvar);
void SSH2_update_cipher_myproposal(PTInstVar pvar);
+void SSH2_update_kex_myproposal(PTInstVar pvar);
+void SSH2_update_host_key_myproposal(PTInstVar pvar);
+void SSH2_update_hmac_myproposal(PTInstVar pvar);
int SSH_notify_break_signal(PTInstVar pvar);
#endif
Modified: trunk/ttssh2/ttxssh/ttxssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.c 2011-03-05 14:06:35 UTC (rev 4366)
+++ trunk/ttssh2/ttxssh/ttxssh.c 2011-03-05 14:52:45 UTC (rev 4367)
@@ -253,6 +253,96 @@
buf[i] = 0;
}
+static void normalize_generic_order(char *buf, char default_strings[], int default_strings_len)
+{
+ char listed[KEX_DH_MAX + 1];
+ char allowed[KEX_DH_MAX + 1];
+ int i, j;
+
+ memset(listed, 0, sizeof(listed));
+ memset(allowed, 0, sizeof(allowed));
+ for (i = 0; i < default_strings_len ; i++) {
+ allowed[default_strings[i]] = 1;
+ }
+
+ for (i = 0; buf[i] != 0; i++) {
+ int num = buf[i] - '0';
+
+ if (num < 0 || num > default_strings_len
+ || !allowed[num]
+ || listed[num]) {
+ memmove(buf + i, buf + i + 1, strlen(buf + i + 1) + 1);
+ i--;
+ } else {
+ listed[num] = 1;
+ }
+ }
+
+ for (j = 0; j < default_strings_len ; j++) {
+ int num = default_strings[j];
+
+ if (!listed[num]) {
+ buf[i] = num + '0';
+ i++;
+ }
+ }
+
+ buf[i] = 0;
+}
+
+static void normalize_kex_order(char FAR * buf)
+{
+ static char default_strings[] = {
+ KEX_ECDH_SHA2_256,
+ KEX_ECDH_SHA2_384,
+ KEX_ECDH_SHA2_521,
+ KEX_DH_GEX_SHA256,
+ KEX_DH_GEX_SHA1,
+ KEX_DH_GRP14_SHA1,
+ KEX_DH_GRP1_SHA1,
+ KEX_DH_NONE,
+ };
+
+ normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
+}
+
+static void normalize_host_key_order(char FAR * buf)
+{
+ static char default_strings[] = {
+ KEY_ECDSA256,
+ KEY_ECDSA384,
+ KEY_ECDSA521,
+ KEY_RSA,
+ KEY_DSA,
+ KEY_NONE,
+ };
+
+ normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
+}
+
+static void normalize_mac_order(char FAR * buf)
+{
+ static char default_strings[] = {
+ HMAC_SHA1,
+ HMAC_MD5,
+ HMAC_NONE,
+ };
+
+ normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
+}
+
+static void normalize_comp_order(char FAR * buf)
+{
+ static char default_strings[] = {
+ COMP_NONE,
+ COMP_ZLIB,
+ COMP_DELAYED,
+ };
+
+ normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
+}
+
+
/* Remove local settings from the shared memory block. */
static void clear_local_settings(PTInstVar pvar)
{
@@ -310,6 +400,19 @@
READ_STD_STRING_OPTION(CipherOrder);
normalize_cipher_order(settings->CipherOrder);
+ // KEX order
+ READ_STD_STRING_OPTION(KexOrder);
+ normalize_kex_order(settings->KexOrder);
+ // Host Key algorithm order
+ READ_STD_STRING_OPTION(HostKeyOrder);
+ normalize_host_key_order(settings->HostKeyOrder);
+ // H-MAC order
+ READ_STD_STRING_OPTION(MacOrder);
+ normalize_mac_order(settings->MacOrder);
+ // Compression algorithm order
+ READ_STD_STRING_OPTION(CompOrder);
+ normalize_comp_order(settings->CompOrder);
+
read_string_option(fileName, "KnownHostsFiles", "ssh_known_hosts",
settings->KnownHostsFiles,
sizeof(settings->KnownHostsFiles));
@@ -392,6 +495,18 @@
WritePrivateProfileString("TTSSH", "CipherOrder",
settings->CipherOrder, fileName);
+ WritePrivateProfileString("TTSSH", "KexOrder",
+ settings->KexOrder, fileName);
+
+ WritePrivateProfileString("TTSSH", "HostKeyOrder",
+ settings->HostKeyOrder, fileName);
+
+ WritePrivateProfileString("TTSSH", "MacOrder",
+ settings->MacOrder, fileName);
+
+ WritePrivateProfileString("TTSSH", "CompOrder",
+ settings->CompOrder, fileName);
+
WritePrivateProfileString("TTSSH", "KnownHostsFiles",
settings->KnownHostsFiles, fileName);
@@ -825,6 +940,9 @@
// Ý’è‚ð myproposal ‚É”½‰f‚·‚é‚Ì‚ÍAÚ‘±’¼‘O‚Ì‚±‚±‚¾‚¯B (2006.6.26 maya)
SSH2_update_cipher_myproposal(pvar);
+ SSH2_update_kex_myproposal(pvar);
+ SSH2_update_host_key_myproposal(pvar);
+ SSH2_update_hmac_myproposal(pvar);
SSH2_update_compression_myproposal(pvar);
}
}
Modified: trunk/ttssh2/ttxssh/ttxssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.h 2011-03-05 14:06:35 UTC (rev 4366)
+++ trunk/ttssh2/ttxssh/ttxssh.h 2011-03-05 14:52:45 UTC (rev 4367)
@@ -139,6 +139,12 @@
// Confirm Agent forwarding
BOOL ForwardAgentConfirm;
+
+ // KEX order(derived from teraterm.ini)
+ char KexOrder[KEX_DH_MAX+1];
+ char HostKeyOrder[KEY_MAX+1];
+ char MacOrder[HMAC_MAX+1];
+ char CompOrder[COMP_MAX+1];
} TS_SSH;
typedef struct _TInstVar {