svnno****@sourc*****
svnno****@sourc*****
2011年 3月 8日 (火) 23:19:03 JST
Tera TermRevision: 4378
http://sourceforge.jp/projects/ttssh2/svn/view?view=rev&revision=4378
Author: maya
Date: 2011-03-08 23:19:03 +0900 (Tue, 08 Mar 2011)
Log Message:
-----------
SSH2 㮠圧縮㧠none を利用ã§ãるよã†ã«ä¿®æ£ã—ãŸã€‚
ソース整ç†
éµå½¢å¼ãƒ»KEXプãƒãƒˆã‚³ãƒ«ãƒ»MAC・圧縮ã®åå‰ã‚„関数をå–å¾—ã™ã‚‹é–¢æ•°ã‚’作æˆã€‚
ã“ã‚Œã«ã‚ˆã‚Šå®šç¾©ã§é †åºã‚’入れ替ãˆã¦ã‚‚よããªã£ãŸã€‚
enum ã«åž‹åを付ã‘ãŸã€‚
共通ã®é–¢æ•°ã‚’使ãˆã‚‹ã¨ã“ã‚ã§ä½¿ã†ã‚ˆã†ã«ã—ãŸã€‚
Modified Paths:
--------------
trunk/installer/release/TERATERM.INI
trunk/ttssh2/ttxssh/auth.c
trunk/ttssh2/ttxssh/cipher.h
trunk/ttssh2/ttxssh/hosts.c
trunk/ttssh2/ttxssh/kex.c
trunk/ttssh2/ttxssh/key.c
trunk/ttssh2/ttxssh/key.h
trunk/ttssh2/ttxssh/ssh.c
trunk/ttssh2/ttxssh/ssh.h
trunk/ttssh2/ttxssh/ttxssh.c
trunk/ttssh2/ttxssh/ttxssh.h
-------------- next part --------------
Modified: trunk/installer/release/TERATERM.INI
===================================================================
--- trunk/installer/release/TERATERM.INI 2011-03-08 10:09:06 UTC (rev 4377)
+++ trunk/installer/release/TERATERM.INI 2011-03-08 14:19:03 UTC (rev 4378)
@@ -648,10 +648,11 @@
MacOrder=120
; Compression algorithm order(SSH2)
-; 1...zlib
-; 2...z****@opens*****(Delayed Compression)
+; 1...none
+; 2...zlib
+; 3...z****@opens*****(Delayed Compression)
; 0...below this line are disabled.
-CompOrder=210
+CompOrder=3210
; packet compression level (0=none)
Compression=0
Modified: trunk/ttssh2/ttxssh/auth.c
===================================================================
--- trunk/ttssh2/ttxssh/auth.c 2011-03-08 10:09:06 UTC (rev 4377)
+++ trunk/ttssh2/ttxssh/auth.c 2011-03-08 14:19:03 UTC (rev 4378)
@@ -1495,7 +1495,7 @@
else if (pvar->auth_state.cur_cred.method == SSH_AUTH_PAGEANT) {
int len = get_uint32_MSBfirst(pvar->pageant_curkey + 4);
char *s = (char *)malloc(len+1);
- enum ssh_keytype keytype;
+ ssh_keytype keytype;
memcpy(s, pvar->pageant_curkey+4+4, len);
s[len] = '\0';
Modified: trunk/ttssh2/ttxssh/cipher.h
===================================================================
--- trunk/ttssh2/ttxssh/cipher.h 2011-03-08 10:09:06 UTC (rev 4377)
+++ trunk/ttssh2/ttxssh/cipher.h 2011-03-08 14:19:03 UTC (rev 4378)
@@ -54,10 +54,6 @@
#define SSH_CIPHER_BLOWFISH 6
#define SSH_CIPHER_RESERVED 7
-#ifndef SSH_CIPHER_MAX
-#define SSH_CIPHER_MAX 31
-#endif
-
#define CIPHER_ENCRYPT 1
#define CIPHER_DECRYPT 0
Modified: trunk/ttssh2/ttxssh/hosts.c
===================================================================
--- trunk/ttssh2/ttxssh/hosts.c 2011-03-08 10:09:06 UTC (rev 4377)
+++ trunk/ttssh2/ttxssh/hosts.c 2011-03-08 14:19:03 UTC (rev 4378)
@@ -915,7 +915,7 @@
int host_len = strlen(pvar->hosts_state.prefetched_hostname);
char *result = NULL;
int index;
- enum ssh_keytype type = pvar->hosts_state.hostkey.type;
+ ssh_keytype type = pvar->hosts_state.hostkey.type;
switch (type) {
case KEY_RSA1:
Modified: trunk/ttssh2/ttxssh/kex.c
===================================================================
--- trunk/ttssh2/ttxssh/kex.c 2011-03-08 10:09:06 UTC (rev 4377)
+++ trunk/ttssh2/ttxssh/kex.c 2011-03-08 14:19:03 UTC (rev 4378)
@@ -458,7 +458,7 @@
for (i = 0; i < NKEYS; i++) {
keys[i] = derive_key('A'+i, need, hash, shared_secret, session_id, session_id_len,
- ssh2_kex_algorithms[pvar->kex_type].evp_md());
+ get_kex_algorithm_EVP_MD(pvar->kex_type));
//debug_print(i, keys[i], need);
}
Modified: trunk/ttssh2/ttxssh/key.c
===================================================================
--- trunk/ttssh2/ttxssh/key.c 2011-03-08 10:09:06 UTC (rev 4377)
+++ trunk/ttssh2/ttxssh/key.c 2011-03-08 14:19:03 UTC (rev 4378)
@@ -288,7 +288,7 @@
return ret;
}
-int ssh_ecdsa_verify(EC_KEY *key, enum ssh_keytype keytype,
+int ssh_ecdsa_verify(EC_KEY *key, ssh_keytype keytype,
u_char *signature, u_int signaturelen,
u_char *data, u_int datalen)
{
@@ -310,7 +310,7 @@
len = get_uint32_MSBfirst(ptr);
ptr += 4;
- if (strncmp(get_sshname_from_keytype(keytype), ptr, len) != 0) {
+ if (strncmp(get_ssh_keytype_name(keytype), ptr, len) != 0) {
return -3;
}
ptr += len;
@@ -700,26 +700,15 @@
//
// ƒL[‚©‚當Žš—ñ‚ð•Ô‹p‚·‚é
//
-char *get_sshname_from_keytype(enum ssh_keytype type)
-{
- int i;
-
- for (i = 0 ; ssh2_host_key[i].name ; i++) {
- if (type == ssh2_host_key[i].type)
- return ssh2_host_key[i].name;
- }
- return "ssh-unknown";
-}
-
char *get_sshname_from_key(Key *key)
{
- return get_sshname_from_keytype(key->type);
+ return get_ssh_keytype_name(key->type);
}
//
// ƒL[•¶Žš—ñ‚©‚çŽí•Ê‚ð”»’è‚·‚é
//
-enum ssh_keytype get_keytype_from_name(char *name)
+ssh_keytype get_keytype_from_name(char *name)
{
if (strcmp(name, "rsa1") == 0) {
return KEY_RSA1;
@@ -742,7 +731,7 @@
}
-enum ssh_keytype key_curve_name_to_keytype(char *name)
+ssh_keytype key_curve_name_to_keytype(char *name)
{
if (strcmp(name, "nistp256") == 0) {
return KEY_ECDSA256;
@@ -754,7 +743,7 @@
return KEY_UNSPEC;
}
-char *curve_keytype_to_name(enum ssh_keytype type)
+char *curve_keytype_to_name(ssh_keytype type)
{
switch (type) {
case KEY_ECDSA256:
@@ -845,7 +834,7 @@
EC_POINT *q = NULL;
char *curve = NULL;
Key *hostkey; // hostkey
- enum ssh_keytype type;
+ ssh_keytype type;
hostkey = malloc(sizeof(Key));
if (hostkey == NULL)
@@ -1189,7 +1178,7 @@
return TRUE;
}
-int kextype_to_cipher_nid(enum kex_algorithm type)
+int kextype_to_cipher_nid(kex_algorithm type)
{
switch (type) {
case KEX_ECDH_SHA2_256:
@@ -1202,7 +1191,7 @@
return NID_undef;
}
-int keytype_to_hash_nid(enum ssh_keytype type)
+int keytype_to_hash_nid(ssh_keytype type)
{
switch (type) {
case KEY_ECDSA256:
@@ -1215,7 +1204,7 @@
return NID_undef;
}
-int keytype_to_cipher_nid(enum ssh_keytype type)
+int keytype_to_cipher_nid(ssh_keytype type)
{
switch (type) {
case KEY_ECDSA256:
@@ -1228,7 +1217,7 @@
return NID_undef;
}
-enum ssh_keytype nid_to_keytype(int nid)
+ssh_keytype nid_to_keytype(int nid)
{
switch (nid) {
case NID_X9_62_prime256v1:
Modified: trunk/ttssh2/ttxssh/key.h
===================================================================
--- trunk/ttssh2/ttxssh/key.h 2011-03-08 10:09:06 UTC (rev 4377)
+++ trunk/ttssh2/ttxssh/key.h 2011-03-08 14:19:03 UTC (rev 4378)
@@ -38,10 +38,9 @@
char *key_fingerprint(Key *key, enum fp_rep dgst_rep);
const char *key_type(const Key *k);
-char *get_sshname_from_keytype(enum ssh_keytype type);
char *get_sshname_from_key(Key *key);
enum hostkey_type get_keytype_from_name(char *name);
-char *curve_keytype_to_name(enum ssh_keytype type);
+char *curve_keytype_to_name(ssh_keytype type);
void key_free(Key *key);
int key_to_blob(Key *key, char **blobp, int *lenp);
@@ -49,7 +48,7 @@
BOOL get_SSH2_publickey_blob(PTInstVar pvar, buffer_t **blobptr, int *bloblen);
BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen);
-int kextype_to_cipher_nid(enum kex_algorithm type);
-int keytype_to_hash_nid(enum ssh_keytype type);
-int keytype_to_cipher_nid(enum ssh_keytype type);
-enum ssh_keytype nid_to_keytype(int nid);
+int kextype_to_cipher_nid(kex_algorithm type);
+int keytype_to_hash_nid(ssh_keytype type);
+int keytype_to_cipher_nid(ssh_keytype type);
+ssh_keytype nid_to_keytype(int nid);
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c 2011-03-08 10:09:06 UTC (rev 4377)
+++ trunk/ttssh2/ttxssh/ssh.c 2011-03-08 14:19:03 UTC (rev 4378)
@@ -4042,24 +4042,112 @@
return type;
}
-#if 0
-static int get_mac_index(char *name)
+char* get_kex_algorithm_name(kex_algorithm kextype)
{
+ ssh2_kex_algorithm_t *ptr = ssh2_kex_algorithms;
+ static char buf[64];
+
+ while (ptr->name != NULL) {
+ if (kextype == ptr->kextype) {
+ strncpy_s(buf, sizeof(buf), ptr->name, _TRUNCATE);
+ break;
+ }
+ ptr++;
+ }
+ return buf;
+}
+
+const EVP_MD* get_kex_algorithm_EVP_MD(kex_algorithm kextype)
+{
+ ssh2_kex_algorithm_t *ptr = ssh2_kex_algorithms;
+ const EVP_MD *evp_md;
+
+ while (ptr->name != NULL) {
+ if (kextype == ptr->kextype) {
+ evp_md = ptr->evp_md();
+ break;
+ }
+ ptr++;
+ }
+ return evp_md;
+}
+
+char* get_ssh2_mac_name(hmac_type type)
+{
ssh2_mac_t *ptr = ssh2_macs;
- int val = -1;
+ static char buf[64];
while (ptr->name != NULL) {
- if (strcmp(ptr->name, name) == 0) {
- val = ptr - ssh2_macs;
+ if (type == ptr->type) {
+ strncpy_s(buf, sizeof(buf), ptr->name, _TRUNCATE);
break;
}
ptr++;
}
- return (val);
+ return buf;
}
-#endif
+const EVP_MD* get_ssh2_mac_EVP_MD(hmac_type type)
+{
+ ssh2_mac_t *ptr = ssh2_macs;
+ const EVP_MD *evp_md;
+ while (ptr->name != NULL) {
+ if (type == ptr->type) {
+ evp_md = ptr->evp_md();
+ break;
+ }
+ ptr++;
+ }
+ return evp_md;
+}
+
+int get_ssh2_mac_truncatebits(hmac_type type)
+{
+ ssh2_mac_t *ptr = ssh2_macs;
+ int bits;
+
+ while (ptr->name != NULL) {
+ if (type == ptr->type) {
+ bits = ptr->truncatebits;
+ break;
+ }
+ ptr++;
+ }
+ return bits;
+}
+
+char* get_ssh2_comp_name(compression_type type)
+{
+ ssh2_comp_t *ptr = ssh2_comps;
+ static char buf[32];
+
+ while (ptr->name != NULL) {
+ if (type == ptr->type) {
+ strncpy_s(buf, sizeof(buf), ptr->name, _TRUNCATE);
+ break;
+ }
+ ptr++;
+ }
+ return buf;
+}
+
+char* get_ssh_keytype_name(ssh_keytype type)
+{
+ ssh2_host_key_t *ptr = ssh2_host_key;
+ static char buf[32];
+
+ while (ptr->name != NULL) {
+ if (type == ptr->type) {
+ strncpy_s(buf, sizeof(buf), ptr->name, _TRUNCATE);
+ break;
+ }
+ ptr++;
+ }
+ return buf;
+}
+
+
static void do_write_buffer_file(void *buf, int len, char *file, int lineno)
{
FILE *fp;
@@ -4183,7 +4271,7 @@
index = pvar->settings.CompOrder[i] - '0';
if (index == COMP_NONE) // disabled line
break;
- strncat_s(buf, sizeof(buf), ssh_comps[index].name, _TRUNCATE);
+ strncat_s(buf, sizeof(buf), get_ssh2_comp_name(index), _TRUNCATE);
strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
}
len = strlen(buf);
@@ -4195,7 +4283,7 @@
}
if (pvar->settings.CompressionLevel == 0) {
- _snprintf_s(buf, sizeof(buf), _TRUNCATE, ssh_comps[COMP_NONE].name);
+ _snprintf_s(buf, sizeof(buf), _TRUNCATE, get_ssh2_comp_name(COMP_NOCOMP));
}
if (buf[0] != '\0') {
myproposal[PROPOSAL_COMP_ALGS_CTOS] = buf; // Client To Server
@@ -4221,7 +4309,7 @@
index = pvar->settings.KexOrder[i] - '0';
if (index == KEX_DH_NONE) // disabled line
break;
- strncat_s(buf, sizeof(buf), ssh2_kex_algorithms[index].name, _TRUNCATE);
+ strncat_s(buf, sizeof(buf), get_kex_algorithm_name(index), _TRUNCATE);
strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
}
len = strlen(buf);
@@ -4247,7 +4335,7 @@
index = pvar->settings.HostKeyOrder[i] - '0';
if (index == KEY_NONE) // disabled line
break;
- strncat_s(buf, sizeof(buf), ssh2_host_key[index].name, _TRUNCATE);
+ strncat_s(buf, sizeof(buf), get_ssh_keytype_name(index), _TRUNCATE);
strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
}
len = strlen(buf);
@@ -4273,7 +4361,7 @@
index = pvar->settings.MacOrder[i] - '0';
if (index == HMAC_NONE) // disabled line
break;
- strncat_s(buf, sizeof(buf), ssh2_macs[index].name, _TRUNCATE);
+ strncat_s(buf, sizeof(buf), get_ssh2_mac_name(index), _TRUNCATE);
strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
}
len = strlen(buf);
@@ -4359,9 +4447,9 @@
}
}
-static enum kex_algorithm choose_SSH2_kex_algorithm(char *server_proposal, char *my_proposal)
+static kex_algorithm choose_SSH2_kex_algorithm(char *server_proposal, char *my_proposal)
{
- enum kex_algorithm type = KEX_DH_UNKNOWN;
+ kex_algorithm type = KEX_DH_UNKNOWN;
char str_kextype[40];
ssh2_kex_algorithm_t *ptr = ssh2_kex_algorithms;
@@ -4398,9 +4486,9 @@
}
-static enum hmac_type choose_SSH2_hmac_algorithm(char *server_proposal, char *my_proposal)
+static hmac_type choose_SSH2_hmac_algorithm(char *server_proposal, char *my_proposal)
{
- enum hmac_type type = HMAC_UNKNOWN;
+ hmac_type type = HMAC_UNKNOWN;
char str_hmac[16];
ssh2_mac_t *ptr = ssh2_macs;
@@ -4418,11 +4506,11 @@
}
-static enum compression_type choose_SSH2_compression_algorithm(char *server_proposal, char *my_proposal)
+static compression_type choose_SSH2_compression_algorithm(char *server_proposal, char *my_proposal)
{
- enum compression_type type = COMP_UNKNOWN;
+ compression_type type = COMP_UNKNOWN;
char str_comp[20];
- ssh_comp_t *ptr = ssh_comps;
+ ssh2_comp_t *ptr = ssh2_comps;
// OpenSSH 4.3‚Å‚Í’x‰„ƒpƒPƒbƒgˆ³k("zlib****@opens*****")‚ªV‹K’ljÁ‚³‚ê‚Ä‚¢‚邽‚ßA
// ƒ}ƒbƒ`‚µ‚È‚¢‚悤‚ÉC³‚µ‚½B
@@ -4463,11 +4551,11 @@
}
// current_keys[]‚Éݒ肵‚Ä‚¨‚¢‚ÄA‚ ‚Æ‚Å pvar->ssh2_keys[] ‚ÖƒRƒs[‚·‚éB
- md = ssh2_macs[val].func();
+ md = get_ssh2_mac_EVP_MD(val);
current_keys[mode].mac.md = md;
current_keys[mode].mac.key_len = current_keys[mode].mac.mac_len = EVP_MD_size(md);
- if (ssh2_macs[val].truncatebits != 0) {
- current_keys[mode].mac.mac_len = ssh2_macs[val].truncatebits / 8;
+ if (get_ssh2_mac_truncatebits(val) != 0) {
+ current_keys[mode].mac.mac_len = get_ssh2_mac_truncatebits(val) / 8;
}
// ƒL[ƒTƒCƒY‚ƃuƒƒbƒNƒTƒCƒY‚à‚±‚±‚Åݒ肵‚Ä‚¨‚ (2004.11.7 yutaka)
@@ -4592,7 +4680,7 @@
goto error;
}
- _snprintf_s(buf, sizeof(buf), _TRUNCATE, "KEX algorithm: %s", ssh2_kex_algorithms[pvar->kex_type].name);
+ _snprintf_s(buf, sizeof(buf), _TRUNCATE, "KEX algorithm: %s", get_kex_algorithm_name(pvar->kex_type));
notify_verbose_message(pvar, buf, LOG_LEVEL_VERBOSE);
// ƒzƒXƒgƒL[ƒAƒ‹ƒSƒŠƒYƒ€ƒ`ƒFƒbƒN
@@ -4683,7 +4771,7 @@
_snprintf_s(buf, sizeof(buf), _TRUNCATE,
"MAC algorithm client to server: %s",
- ssh2_macs[pvar->ctos_hmac].name);
+ get_ssh2_mac_name(pvar->ctos_hmac));
notify_verbose_message(pvar, buf, LOG_LEVEL_VERBOSE);
size = get_payload_uint32(pvar, offset);
@@ -4703,7 +4791,7 @@
_snprintf_s(buf, sizeof(buf), _TRUNCATE,
"MAC algorithm server to client: %s",
- ssh2_macs[pvar->stoc_hmac].name);
+ get_ssh2_mac_name(pvar->stoc_hmac));
notify_verbose_message(pvar, buf, LOG_LEVEL_VERBOSE);
// ˆ³kƒAƒ‹ƒSƒŠƒYƒ€‚ÌŒˆ’è
@@ -4726,7 +4814,7 @@
_snprintf_s(buf, sizeof(buf), _TRUNCATE,
"compression algorithm client to server: %s",
- ssh_comps[pvar->ctos_compression].name);
+ get_ssh2_comp_name(pvar->ctos_compression));
notify_verbose_message(pvar, buf, LOG_LEVEL_VERBOSE);
size = get_payload_uint32(pvar, offset);
@@ -4746,7 +4834,7 @@
_snprintf_s(buf, sizeof(buf), _TRUNCATE,
"compression algorithm server to client: %s",
- ssh_comps[pvar->stoc_compression].name);
+ get_ssh2_comp_name(pvar->stoc_compression));
notify_verbose_message(pvar, buf, LOG_LEVEL_VERBOSE);
// we_need‚ÌŒˆ’è (2004.11.6 yutaka)
@@ -5390,7 +5478,7 @@
// ƒnƒbƒVƒ…‚ÌŒvŽZ
/* calc and verify H */
hash = kex_dh_gex_hash(
- ssh2_kex_algorithms[pvar->kex_type].evp_md(),
+ get_kex_algorithm_EVP_MD(pvar->kex_type),
pvar->client_version_string,
pvar->server_version_string,
buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex),
@@ -5627,7 +5715,7 @@
// ƒnƒbƒVƒ…‚ÌŒvŽZ
/* calc and verify H */
- hash = kex_ecdh_hash(ssh2_kex_algorithms[pvar->kex_type].evp_md(),
+ hash = kex_ecdh_hash(get_kex_algorithm_EVP_MD(pvar->kex_type),
group,
pvar->client_version_string,
pvar->server_version_string,
Modified: trunk/ttssh2/ttxssh/ssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ssh.h 2011-03-08 10:09:06 UTC (rev 4377)
+++ trunk/ttssh2/ttxssh/ssh.h 2011-03-08 14:19:03 UTC (rev 4378)
@@ -91,18 +91,16 @@
SSH2_CIPHER_ARCFOUR, SSH2_CIPHER_ARCFOUR128, SSH2_CIPHER_ARCFOUR256,
SSH2_CIPHER_CAST128_CBC,
SSH2_CIPHER_3DES_CTR, SSH2_CIPHER_BLOWFISH_CTR, SSH2_CIPHER_CAST128_CTR,
+ SSH_CIPHER_MAX = SSH2_CIPHER_CAST128_CTR,
} SSHCipher;
-#define SSH_CIPHER_MAX SSH2_CIPHER_CAST128_CTR
-
typedef enum {
SSH_AUTH_NONE, SSH_AUTH_RHOSTS, SSH_AUTH_RSA, SSH_AUTH_PASSWORD,
SSH_AUTH_RHOSTS_RSA, SSH_AUTH_TIS, SSH_AUTH_KERBEROS,
SSH_AUTH_PAGEANT = 16,
+ SSH_AUTH_MAX = SSH_AUTH_PAGEANT,
} SSHAuthMethod;
-#define SSH_AUTH_MAX SSH_AUTH_PAGEANT
-
typedef enum {
SSH_GENERIC_AUTHENTICATION, SSH_TIS_AUTHENTICATION
} SSHAuthMode;
@@ -197,60 +195,8 @@
#define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3
#define SSH2_OPEN_RESOURCE_SHORTAGE 4
-enum ssh_keytype {
- KEY_NONE,
- KEY_RSA1,
- KEY_RSA,
- KEY_DSA,
- KEY_ECDSA256,
- KEY_ECDSA384,
- KEY_ECDSA521,
- KEY_UNSPEC,
- KEY_MAX = KEY_UNSPEC,
-};
-#define isECDSAkey(type) ((type) >= KEY_ECDSA256 && (type) <= KEY_ECDSA521)
-typedef struct ssh2_host_key {
- enum ssh_keytype type;
- char *name;
-} ssh2_host_key_t;
-
-static ssh2_host_key_t ssh2_host_key[] = {
- {KEY_NONE, "none"},
- {KEY_RSA1, "ssh-rsa1"}, // for SSH1 only
- {KEY_RSA, "ssh-rsa"},
- {KEY_DSA, "ssh-dss"},
- {KEY_ECDSA256, "ecdsa-sha2-nistp256"},
- {KEY_ECDSA384, "ecdsa-sha2-nistp384"},
- {KEY_ECDSA521, "ecdsa-sha2-nistp521"},
- {KEY_UNSPEC, "ssh-unknown"},
-};
-
-#define KEX_DEFAULT_KEX "ecdh-sha2-nistp256," \
- "ecdh-sha2-nistp384," \
- "ecdh-sha2-nistp521," \
- "diffie-hellman-group-exchange-sha256," \
- "diffie-hellman-group-exchange-sha1," \
- "diffie-hellman-group14-sha1," \
- "diffie-hellman-group1-sha1"
-#define KEX_DEFAULT_PK_ALG "ecdsa-sha2-nistp256," \
- "ecdsa-sha2-nistp384," \
- "ecdsa-sha2-nistp521," \
- "ssh-rsa,ssh-dss"
-// use the setting of pvar.CipherOrder.
-#define KEX_DEFAULT_ENCRYPT ""
-#define KEX_DEFAULT_MAC "hmac-sha1,hmac-md5"
-// support of "Compression delayed" (2006.6.23 maya)
-#define KEX_DEFAULT_COMP "none,zlib****@opens*****,zlib"
-#define KEX_DEFAULT_LANG ""
-
-/* Minimum modulus size (n) for RSA keys. */
-#define SSH_RSA_MINIMUM_MODULUS_SIZE 768
-
-#define SSH_KEYGEN_DEFAULT_BITS 2048
-#define SSH_RSA_MINIMUM_KEY_SIZE 768
-#define SSH_DSA_MINIMUM_KEY_SIZE 1024
-
+// ƒNƒ‰ƒCƒAƒ“ƒg‚©‚çƒT[ƒo‚Ö‚Ì’ñˆÄŽ–€
enum kex_init_proposals {
PROPOSAL_KEX_ALGS,
PROPOSAL_SERVER_HOST_KEY_ALGS,
@@ -265,29 +211,14 @@
PROPOSAL_MAX
};
+#define KEX_DEFAULT_KEX ""
+#define KEX_DEFAULT_PK_ALG ""
+#define KEX_DEFAULT_ENCRYPT ""
+#define KEX_DEFAULT_MAC ""
+#define KEX_DEFAULT_COMP ""
+#define KEX_DEFAULT_LANG ""
-// ƒNƒ‰ƒCƒAƒ“ƒg‚©‚çƒT[ƒo‚Ö‚Ì’ñˆÄŽ–€
-#ifdef SSH2_DEBUG
static char *myproposal[PROPOSAL_MAX] = {
-// KEX_DEFAULT_KEX,
- "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256",
- KEX_DEFAULT_PK_ALG,
-// "ssh-dss,ssh-rsa",
- KEX_DEFAULT_ENCRYPT,
- KEX_DEFAULT_ENCRYPT,
- "hmac-md5,hmac-sha1",
- "hmac-md5,hmac-sha1",
-// "hmac-sha1",
-// "hmac-sha1",
-// KEX_DEFAULT_MAC,
-// KEX_DEFAULT_MAC,
- KEX_DEFAULT_COMP,
- KEX_DEFAULT_COMP,
- KEX_DEFAULT_LANG,
- KEX_DEFAULT_LANG,
-};
-#else
-static char *myproposal[PROPOSAL_MAX] = {
KEX_DEFAULT_KEX,
KEX_DEFAULT_PK_ALG,
KEX_DEFAULT_ENCRYPT,
@@ -299,9 +230,45 @@
KEX_DEFAULT_LANG,
KEX_DEFAULT_LANG,
};
-#endif
+typedef enum {
+ KEY_NONE,
+ KEY_RSA1,
+ KEY_RSA,
+ KEY_DSA,
+ KEY_ECDSA256,
+ KEY_ECDSA384,
+ KEY_ECDSA521,
+ KEY_UNSPEC,
+ KEY_MAX = KEY_UNSPEC,
+} ssh_keytype;
+#define isECDSAkey(type) ((type) >= KEY_ECDSA256 && (type) <= KEY_ECDSA521)
+
+typedef struct ssh2_host_key {
+ ssh_keytype type;
+ char *name;
+} ssh2_host_key_t;
+
+static ssh2_host_key_t ssh2_host_key[] = {
+ {KEY_RSA1, "ssh-rsa1"}, // for SSH1 only
+ {KEY_RSA, "ssh-rsa"},
+ {KEY_DSA, "ssh-dss"},
+ {KEY_ECDSA256, "ecdsa-sha2-nistp256"},
+ {KEY_ECDSA384, "ecdsa-sha2-nistp384"},
+ {KEY_ECDSA521, "ecdsa-sha2-nistp521"},
+ {KEY_UNSPEC, "ssh-unknown"},
+ {KEY_NONE, NULL},
+};
+
+/* Minimum modulus size (n) for RSA keys. */
+#define SSH_RSA_MINIMUM_MODULUS_SIZE 768
+
+#define SSH_KEYGEN_DEFAULT_BITS 2048
+#define SSH_RSA_MINIMUM_KEY_SIZE 768
+#define SSH_DSA_MINIMUM_KEY_SIZE 1024
+
+
typedef struct ssh2_cipher {
SSHCipher cipher;
char *name;
@@ -331,8 +298,7 @@
};
-// ‰º‹L‚̃Cƒ“ƒfƒbƒNƒX‚Í ssh2_kex_algorithms[] ‚Ƈ‚킹‚邱‚ÆB
-enum kex_algorithm {
+typedef enum {
KEX_DH_NONE, /* disabled line */
KEX_DH_GRP1_SHA1,
KEX_DH_GRP14_SHA1,
@@ -343,16 +309,15 @@
KEX_ECDH_SHA2_521,
KEX_DH_UNKNOWN,
KEX_DH_MAX = KEX_DH_UNKNOWN,
-};
+} kex_algorithm;
typedef struct ssh2_kex_algorithm {
- enum kex_algorithm kextype;
+ kex_algorithm kextype;
char *name;
const EVP_MD *(*evp_md)(void);
} ssh2_kex_algorithm_t;
static ssh2_kex_algorithm_t ssh2_kex_algorithms[] = {
- {KEX_DH_NONE , "none", NULL},
{KEX_DH_GRP1_SHA1, "diffie-hellman-group1-sha1", EVP_sha1},
{KEX_DH_GRP14_SHA1, "diffie-hellman-group14-sha1", EVP_sha1},
{KEX_DH_GEX_SHA1, "diffie-hellman-group-exchange-sha1", EVP_sha1},
@@ -360,53 +325,51 @@
{KEX_ECDH_SHA2_256, "ecdh-sha2-nistp256", EVP_sha256},
{KEX_ECDH_SHA2_384, "ecdh-sha2-nistp384", EVP_sha384},
{KEX_ECDH_SHA2_521, "ecdh-sha2-nistp521", EVP_sha512},
- {KEX_DH_UNKNOWN , NULL , NULL},
+ {KEX_DH_NONE , NULL, NULL},
};
-// ‰º‹L‚̃Cƒ“ƒfƒbƒNƒX‚Í ssh2_macs[] ‚Ƈ‚킹‚邱‚ÆB
-enum hmac_type {
- HMAC_NONE,
+typedef enum {
+ HMAC_NONE, /* disabled line */
HMAC_SHA1,
HMAC_MD5,
HMAC_UNKNOWN,
HMAC_MAX = HMAC_UNKNOWN,
-};
+} hmac_type;
typedef struct ssh2_mac {
- enum hmac_type type;
+ hmac_type type;
char *name;
- const EVP_MD *(*func)(void);
+ const EVP_MD *(*evp_md)(void);
int truncatebits;
} ssh2_mac_t;
static ssh2_mac_t ssh2_macs[] = {
- {HMAC_NONE, "none", NULL, 0},
{HMAC_SHA1, "hmac-sha1", EVP_sha1, 0},
{HMAC_MD5, "hmac-md5", EVP_md5, 0},
- {HMAC_UNKNOWN, NULL, NULL, 0},
+ {HMAC_NONE, NULL, NULL, 0},
};
-// ‰º‹L‚̃Cƒ“ƒfƒbƒNƒX‚Í ssh_comps[] ‚Ƈ‚킹‚邱‚ÆB
-enum compression_type {
- COMP_NONE,
+typedef enum {
+ COMP_NONE, /* disabled line */
+ COMP_NOCOMP,
COMP_ZLIB,
COMP_DELAYED,
COMP_UNKNOWN,
COMP_MAX = COMP_UNKNOWN,
-};
+} compression_type;
-typedef struct ssh_comp {
- enum compression_type type;
+typedef struct ssh2_comp {
+ compression_type type;
char *name;
-} ssh_comp_t;
+} ssh2_comp_t;
-static ssh_comp_t ssh_comps[] = {
- {COMP_NONE, "none"},
+static ssh2_comp_t ssh2_comps[] = {
+ {COMP_NOCOMP, "none"},
{COMP_ZLIB, "zlib"},
{COMP_DELAYED, "zlib****@opens*****"},
- {COMP_UNKNOWN, NULL},
+ {COMP_NONE, NULL},
};
@@ -450,7 +413,7 @@
// ƒzƒXƒgƒL[(SSH1, SSH2ŠÜ‚Þ)‚̃f[ƒ^\‘¢ (2006.3.21 yutaka)
typedef struct Key {
// host key type
- enum ssh_keytype type;
+ ssh_keytype type;
// SSH2 RSA
RSA *rsa;
// SSH2 DSA
@@ -608,7 +571,14 @@
void debug_print(int no, char *msg, int len);
int get_cipher_block_size(SSHCipher cipher);
int get_cipher_key_len(SSHCipher cipher);
+char* get_kex_algorithm_name(kex_algorithm kextype);
const EVP_CIPHER* get_cipher_EVP_CIPHER(SSHCipher cipher);
+const EVP_MD* get_kex_algorithm_EVP_MD(kex_algorithm kextype);
+char* get_ssh2_mac_name(hmac_type type);
+const EVP_MD* get_ssh2_mac_EVP_MD(hmac_type type);
+int get_ssh2_mac_truncatebits(hmac_type type);
+char* get_ssh2_comp_name(compression_type type);
+char* get_ssh_keytype_name(ssh_keytype type);
int get_cipher_discard_len(SSHCipher cipher);
void ssh_heartbeat_lock_initialize(void);
void ssh_heartbeat_lock_finalize(void);
Modified: trunk/ttssh2/ttxssh/ttxssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.c 2011-03-08 10:09:06 UTC (rev 4377)
+++ trunk/ttssh2/ttxssh/ttxssh.c 2011-03-08 14:19:03 UTC (rev 4378)
@@ -102,7 +102,7 @@
typedef struct {
int cnt;
HWND dlg;
- enum ssh_keytype type;
+ ssh_keytype type;
} cbarg_t;
/* WIN32 allows multiple instances of a DLL */
@@ -178,27 +178,60 @@
init_TTSSH(pvar);
}
+static void normalize_generic_order(char *buf, char default_strings[], int default_strings_len)
+{
+ char listed[max(KEX_DH_MAX,max(SSH_CIPHER_MAX,max(KEY_MAX,max(HMAC_MAX,COMP_MAX)))) + 1];
+ char allowed[max(KEX_DH_MAX,max(SSH_CIPHER_MAX,max(KEY_MAX,max(HMAC_MAX,COMP_MAX)))) + 1];
+ int i, j;
+
+ memset(listed, 0, sizeof(listed));
+ memset(allowed, 0, sizeof(allowed));
+ for (i = 0; i < default_strings_len ; i++) {
+ allowed[default_strings[i]] = 1;
+ }
+
+ for (i = 0; buf[i] != 0; i++) {
+ int num = buf[i] - '0';
+
+ if (num < 0 || num > default_strings_len
+ || !allowed[num]
+ || listed[num]) {
+ memmove(buf + i, buf + i + 1, strlen(buf + i + 1) + 1);
+ i--;
+ } else {
+ listed[num] = 1;
+ }
+ }
+
+ for (j = 0; j < default_strings_len ; j++) {
+ int num = default_strings[j];
+
+ if (!listed[num]) {
+ buf[i] = num + '0';
+ i++;
+ }
+ }
+
+ buf[i] = 0;
+}
+
/*
* Remove unsupported cipher or duplicated cipher.
* Add unspecified ciphers at the end of list.
*/
static void normalize_cipher_order(char FAR * buf)
{
- char ciphers_listed[SSH_CIPHER_MAX + 1];
- char ciphers_allowed[SSH_CIPHER_MAX + 1];
- int i, j;
-
/* SSH_CIPHER_NONE means that all ciphers below that one are disabled.
We *never* allow no encryption. */
#if 0
- static char default_ciphers[] = {
+ static char default_strings[] = {
SSH_CIPHER_3DES,
SSH_CIPHER_NONE,
SSH_CIPHER_DES, SSH_CIPHER_BLOWFISH
};
#else
// for SSH2(yutaka)
- static char default_ciphers[] = {
+ static char default_strings[] = {
SSH2_CIPHER_AES256_CTR,
SSH2_CIPHER_AES256_CBC,
SSH2_CIPHER_AES192_CTR,
@@ -221,75 +254,9 @@
};
#endif
- memset(ciphers_listed, 0, sizeof(ciphers_listed));
-
- memset(ciphers_allowed, 0, sizeof(ciphers_allowed));
- for (i = 0; i < NUM_ELEM(default_ciphers); i++) {
- ciphers_allowed[default_ciphers[i]] = 1;
- }
-
- for (i = 0; buf[i] != 0; i++) {
- int cipher_num = buf[i] - '0';
-
- if (cipher_num < 0 || cipher_num > SSH_CIPHER_MAX
- || !ciphers_allowed[cipher_num]
- || ciphers_listed[cipher_num]) {
- memmove(buf + i, buf + i + 1, strlen(buf + i + 1) + 1);
- i--;
- } else {
- ciphers_listed[cipher_num] = 1;
- }
- }
-
- for (j = 0; j < NUM_ELEM(default_ciphers); j++) {
- int cipher_num = default_ciphers[j];
-
- if (!ciphers_listed[cipher_num]) {
- buf[i] = cipher_num + '0';
- i++;
- }
- }
-
- buf[i] = 0;
+ normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
}
-static void normalize_generic_order(char *buf, char default_strings[], int default_strings_len)
-{
- char listed[KEX_DH_MAX + 1];
- char allowed[KEX_DH_MAX + 1];
- int i, j;
-
- memset(listed, 0, sizeof(listed));
- memset(allowed, 0, sizeof(allowed));
- for (i = 0; i < default_strings_len ; i++) {
- allowed[default_strings[i]] = 1;
- }
-
- for (i = 0; buf[i] != 0; i++) {
- int num = buf[i] - '0';
-
- if (num < 0 || num > default_strings_len
- || !allowed[num]
- || listed[num]) {
- memmove(buf + i, buf + i + 1, strlen(buf + i + 1) + 1);
- i--;
- } else {
- listed[num] = 1;
- }
- }
-
- for (j = 0; j < default_strings_len ; j++) {
- int num = default_strings[j];
-
- if (!listed[num]) {
- buf[i] = num + '0';
- i++;
- }
- }
-
- buf[i] = 0;
-}
-
static void normalize_kex_order(char FAR * buf)
{
static char default_strings[] = {
@@ -336,6 +303,7 @@
static char default_strings[] = {
COMP_DELAYED,
COMP_ZLIB,
+ COMP_NOCOMP,
COMP_NONE,
};
@@ -2355,18 +2323,18 @@
UTIL_get_lang_msg("DLG_ABOUT_PROTOCOL", pvar, "Using protocol:");
append_about_text(dlg, pvar->ts->UIMsg, buf);
- append_about_text(dlg, "KEX:", ssh2_kex_algorithms[pvar->kex_type].name);
+ append_about_text(dlg, "KEX:", get_kex_algorithm_name(pvar->kex_type));
- strncpy_s(buf, sizeof(buf), get_sshname_from_keytype(pvar->hostkey_type), _TRUNCATE);
+ strncpy_s(buf, sizeof(buf), get_ssh_keytype_name(pvar->hostkey_type), _TRUNCATE);
UTIL_get_lang_msg("DLG_ABOUT_HOSTKEY", pvar, "Host Key:");
append_about_text(dlg, pvar->ts->UIMsg, buf);
// add HMAC algorithm (2004.12.17 yutaka)
buf[0] = '\0';
- strncat_s(buf, sizeof(buf), ssh2_macs[pvar->ctos_hmac].name , _TRUNCATE);
+ strncat_s(buf, sizeof(buf), get_ssh2_mac_name(pvar->ctos_hmac) , _TRUNCATE);
UTIL_get_lang_msg("DLG_ABOUT_TOSERVER", pvar, " to server,");
strncat_s(buf, sizeof(buf), pvar->ts->UIMsg, _TRUNCATE);
- strncat_s(buf, sizeof(buf), ssh2_macs[pvar->stoc_hmac].name , _TRUNCATE);
+ strncat_s(buf, sizeof(buf), get_ssh2_mac_name(pvar->stoc_hmac) , _TRUNCATE);
UTIL_get_lang_msg("DLG_ABOUT_FROMSERVER", pvar, " from server");
strncat_s(buf, sizeof(buf), pvar->ts->UIMsg, _TRUNCATE);
append_about_text(dlg, "HMAC:", buf);
@@ -2980,7 +2948,7 @@
RSA *rsa;
DSA *dsa;
EC_KEY *ecdsa;
- enum ssh_keytype type;
+ ssh_keytype type;
} ssh_private_key_t;
static ssh_private_key_t private_key = {NULL, NULL, NULL, KEY_UNSPEC};
@@ -2989,7 +2957,7 @@
RSA *rsa;
DSA *dsa;
EC_KEY *ecdsa;
- enum ssh_keytype type;
+ ssh_keytype type;
} ssh_public_key_t;
static ssh_public_key_t public_key = {NULL, NULL, NULL, KEY_UNSPEC};
@@ -3016,7 +2984,7 @@
public_key.type = KEY_UNSPEC;
}
-static BOOL generate_ssh_key(enum ssh_keytype type, int bits, void (*cbfunc)(int, int, void *), void *cbarg)
+static BOOL generate_ssh_key(ssh_keytype type, int bits, void (*cbfunc)(int, int, void *), void *cbarg)
{
// if SSH key already is generated, should free the resource.
free_ssh_key();
@@ -3605,7 +3573,7 @@
static BOOL CALLBACK TTXKeyGenerator(HWND dlg, UINT msg, WPARAM wParam,
LPARAM lParam)
{
- static enum ssh_keytype key_type;
+ static ssh_keytype key_type;
static int saved_key_bits;
char uimsg[MAX_UIMSG];
LOGFONT logfont;
@@ -3962,7 +3930,7 @@
case KEY_ECDSA256: // ECDSA
case KEY_ECDSA384:
case KEY_ECDSA521:
- keyname = get_sshname_from_keytype(public_key.type);
+ keyname = get_ssh_keytype_name(public_key.type);
buffer_put_string(b, keyname, strlen(keyname));
s = curve_keytype_to_name(public_key.type);
buffer_put_string(b, s, strlen(s));
Modified: trunk/ttssh2/ttxssh/ttxssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.h 2011-03-08 10:09:06 UTC (rev 4377)
+++ trunk/ttssh2/ttxssh/ttxssh.h 2011-03-08 14:19:03 UTC (rev 4378)
@@ -206,14 +206,14 @@
char client_version_string[128];
buffer_t *my_kex;
buffer_t *peer_kex;
- enum kex_algorithm kex_type; // KEX algorithm
- enum ssh_keytype hostkey_type;
+ kex_algorithm kex_type; // KEX algorithm
+ ssh_keytype hostkey_type;
SSHCipher ctos_cipher;
SSHCipher stoc_cipher;
- enum hmac_type ctos_hmac;
- enum hmac_type stoc_hmac;
- enum compression_type ctos_compression;
- enum compression_type stoc_compression;
+ hmac_type ctos_hmac;
+ hmac_type stoc_hmac;
+ compression_type ctos_compression;
+ compression_type stoc_compression;
int we_need;
int key_done;
int rekeying;