Tera TermRevision: 10064
https://osdn.net/projects/ttssh2/scm/svn/commits/10064
Author: doda
Date: 2022-07-18 00:39:09 +0900 (Mon, 18 Jul 2022)
Log Message:
-----------
公開鍵形式と公開鍵署名アルゴリズムを分離した
rsa-sha2-256/512(署名形式)では公開鍵形式としてssh-rsaを使うため。
pvar->hostkey_type は署名アルゴリズムが格納されるようになる。
Modified Paths:
--------------
trunk/ttssh2/ttxssh/hostkey.c
trunk/ttssh2/ttxssh/hostkey.h
trunk/ttssh2/ttxssh/key.c
trunk/ttssh2/ttxssh/ssh.c
trunk/ttssh2/ttxssh/ttxssh.c
trunk/ttssh2/ttxssh/ttxssh.h
-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/hostkey.c
===================================================================
--- trunk/ttssh2/ttxssh/hostkey.c 2022-07-17 15:38:58 UTC (rev 10063)
+++ trunk/ttssh2/ttxssh/hostkey.c 2022-07-17 15:39:09 UTC (rev 10064)
@@ -32,20 +32,22 @@
struct ssh2_host_key_t {
+ ssh_keyalgo algo;
ssh_keytype type;
+ int digest_type;
char *name;
};
static const struct ssh2_host_key_t ssh2_host_key[] = {
- {KEY_RSA1, "ssh-rsa1"}, // for SSH1 only
- {KEY_RSA, "ssh-rsa"}, // RFC4253
- {KEY_DSA, "ssh-dss"}, // RFC4253
- {KEY_ECDSA256, "ecdsa-sha2-nistp256"}, // RFC5656
- {KEY_ECDSA384, "ecdsa-sha2-nistp384"}, // RFC5656
- {KEY_ECDSA521, "ecdsa-sha2-nistp521"}, // RFC5656
- {KEY_ED25519, "ssh-ed25519"}, // draft-bjh21-ssh-ed25519-02
- {KEY_UNSPEC, "ssh-unknown"},
- {KEY_NONE, NULL},
+ {KEY_ALGO_RSA1, KEY_RSA1, NID_sha1, "ssh-rsa1"}, // for SSH1 only
+ {KEY_ALGO_RSA, KEY_RSA, NID_sha1, "ssh-rsa"}, // RFC4253
+ {KEY_ALGO_DSA, KEY_DSA, NID_sha1, "ssh-dss"}, // RFC4253
+ {KEY_ALGO_ECDSA256, KEY_ECDSA256, NID_sha256, "ecdsa-sha2-nistp256"}, // RFC5656
+ {KEY_ALGO_ECDSA384, KEY_ECDSA384, NID_sha384, "ecdsa-sha2-nistp384"}, // RFC5656
+ {KEY_ALGO_ECDSA521, KEY_ECDSA521, NID_sha512, "ecdsa-sha2-nistp521"}, // RFC5656
+ {KEY_ALGO_ED25519, KEY_ED25519, NID_sha512, "ssh-ed25519"}, // RDC8709
+ {KEY_ALGO_UNSPEC, KEY_UNSPEC, NID_undef, "ssh-unknown"},
+ {KEY_ALGO_NONE, KEY_NONE, NID_undef, NULL},
};
struct ssh_digest_t {
@@ -109,6 +111,71 @@
return get_ssh2_hostkey_type_name(key->type);
}
+char* get_ssh2_keyalgo_name(ssh_keyalgo algo)
+{
+ const struct ssh2_host_key_t *ptr = ssh2_host_key;
+
+ while (ptr->name != NULL) {
+ if (algo == ptr->algo) {
+ return ptr->name;
+ }
+ ptr++;
+ }
+
+ // not found.
+ return "ssh-unknown";
+}
+
+ssh_keyalgo get_ssh2_keyalgo_from_name(const char *name)
+{
+ const struct ssh2_host_key_t *ptr = ssh2_host_key;
+
+ while (ptr->name != NULL) {
+ if (strcmp(name, ptr->name) == 0) {
+ return ptr->algo;
+ }
+ ptr++;
+ }
+
+ // not found.
+ return KEY_ALGO_UNSPEC;
+}
+
+int get_ssh2_keyalgo_hashtype(ssh_keyalgo algo)
+{
+ const struct ssh2_host_key_t *ptr = ssh2_host_key;
+
+ while (ptr->name != NULL) {
+ if (algo == ptr->algo) {
+ return ptr->digest_type;
+ }
+ ptr++;
+ }
+
+ // not found.
+ return NID_sha1;
+}
+
+ssh_keytype get_ssh2_keytype_from_keyalgo(ssh_keyalgo algo)
+{
+ const struct ssh2_host_key_t *ptr = ssh2_host_key;
+
+ while (ptr->name != NULL) {
+ if (algo == ptr->algo) {
+ return ptr->type;
+ }
+ ptr++;
+ }
+
+ // not found.
+ return KEY_UNSPEC;
+}
+
+const char* get_ssh2_keytype_name_from_keyalgo(ssh_keyalgo algo)
+{
+ return get_ssh2_hostkey_type_name(get_ssh2_keytype_from_keyalgo(algo));
+}
+
char* get_digest_algorithm_name(digest_algorithm id)
{
const struct ssh_digest_t *ptr = ssh_digests;
@@ -127,19 +194,19 @@
void normalize_host_key_order(char *buf)
{
static char default_strings[] = {
- KEY_ECDSA256,
- KEY_ECDSA384,
- KEY_ECDSA521,
- KEY_ED25519,
- KEY_RSA,
- KEY_DSA,
- KEY_NONE,
+ KEY_ALGO_ECDSA256,
+ KEY_ALGO_ECDSA384,
+ KEY_ALGO_ECDSA521,
+ KEY_ALGO_ED25519,
+ KEY_ALGO_RSA,
+ KEY_ALGO_DSA,
+ KEY_ALGO_NONE,
};
normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
}
-ssh_keytype choose_SSH2_host_key_algorithm(char *server_proposal, char *my_proposal)
+ssh_keyalgo choose_SSH2_host_key_algorithm(char *server_proposal, char *my_proposal)
{
ssh_keytype type = KEY_UNSPEC;
char str_keytype[20];
@@ -147,15 +214,7 @@
choose_SSH2_proposal(server_proposal, my_proposal, str_keytype, sizeof(str_keytype));
- while (ptr->name != NULL) {
- if (strcmp(ptr->name, str_keytype) == 0) {
- type = ptr->type;
- break;
- }
- ptr++;
- }
-
- return (type);
+ return get_ssh2_keyalgo_from_name(str_keytype);
}
// Host Key\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x97D\x90揇\x88ʂɉ\x9E\x82\xB6\x82āAmyproposal[]\x82\xF0\x8F\x91\x82\xAB\x8A\xB7\x82\xA6\x82\xE9\x81B
@@ -176,7 +235,7 @@
index = pvar->settings.HostKeyOrder[i] - '0';
if (index == KEY_NONE) // disabled line
break;
- strncat_s(buf, sizeof(buf), get_ssh2_hostkey_type_name(index), _TRUNCATE);
+ strncat_s(buf, sizeof(buf), get_ssh2_keyalgo_name(index), _TRUNCATE);
strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
}
len = strlen(buf);
Modified: trunk/ttssh2/ttxssh/hostkey.h
===================================================================
--- trunk/ttssh2/ttxssh/hostkey.h 2022-07-17 15:38:58 UTC (rev 10063)
+++ trunk/ttssh2/ttxssh/hostkey.h 2022-07-17 15:39:09 UTC (rev 10064)
@@ -43,6 +43,19 @@
KEY_UNSPEC,
KEY_MAX = KEY_UNSPEC,
} ssh_keytype;
+
+typedef enum {
+ KEY_ALGO_NONE,
+ KEY_ALGO_RSA1,
+ KEY_ALGO_RSA,
+ KEY_ALGO_DSA,
+ KEY_ALGO_ECDSA256,
+ KEY_ALGO_ECDSA384,
+ KEY_ALGO_ECDSA521,
+ KEY_ALGO_ED25519,
+ KEY_ALGO_UNSPEC,
+ KEY_ALGO_MAX = KEY_ALGO_UNSPEC,
+} ssh_keyalgo;
#define isFixedLengthKey(type) ((type) >= KEY_DSA && (type) <= KEY_ED25519)
// fingerprint\x82̎\xED\x95\xCA
@@ -76,10 +89,15 @@
ssh_keytype get_hostkey_type_from_name(char *name);
char* get_ssh2_hostkey_type_name(ssh_keytype type);
char *get_ssh2_hostkey_type_name_from_key(Key *key);
+ssh_keyalgo get_ssh2_keyalgo_from_name(const char *name);
+char* get_ssh2_keyalgo_name(ssh_keyalgo algo);
+int get_ssh2_keyalgo_hashtype(ssh_keyalgo algo);
+ssh_keytype get_ssh2_keytype_from_keyalgo(ssh_keyalgo algo);
+const char* get_ssh2_keytype_name_from_keyalgo(ssh_keyalgo algo);
char* get_digest_algorithm_name(digest_algorithm id);
void normalize_host_key_order(char *buf);
-ssh_keytype choose_SSH2_host_key_algorithm(char *server_proposal, char *my_proposal);
+ssh_keyalgo choose_SSH2_host_key_algorithm(char *server_proposal, char *my_proposal);
void SSH2_update_host_key_myproposal(PTInstVar pvar);
#endif /* SSHCMAC_H */
Modified: trunk/ttssh2/ttxssh/key.c
===================================================================
--- trunk/ttssh2/ttxssh/key.c 2022-07-17 15:38:58 UTC (rev 10063)
+++ trunk/ttssh2/ttxssh/key.c 2022-07-17 15:39:09 UTC (rev 10064)
@@ -2199,20 +2199,18 @@
//
static int check_hostkey_algorithm(PTInstVar pvar, Key *key)
{
- int ret = 0;
int i, index;
for (i = 0; pvar->settings.HostKeyOrder[i] != 0; i++) {
index = pvar->settings.HostKeyOrder[i] - '0';
- if (index == KEY_NONE) // disabled line
+ if (index == KEY_ALGO_NONE) // disabled line
break;
- if (strcmp(get_ssh2_hostkey_type_name_from_key(key),
- get_ssh2_hostkey_type_name(index)) == 0)
+ if (key->type == get_ssh2_keytype_from_keyalgo(index))
return 1;
}
- return (ret);
+ return 0;
}
// Callback function
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c 2022-07-17 15:38:58 UTC (rev 10063)
+++ trunk/ttssh2/ttxssh/ssh.c 2022-07-17 15:39:09 UTC (rev 10064)
@@ -4484,8 +4484,8 @@
void normalize_generic_order(char *buf, char default_strings[], int default_strings_len)
{
- char listed[max(KEX_DH_MAX,max(SSH_CIPHER_MAX,max(KEY_MAX,max(HMAC_MAX,COMP_MAX)))) + 1];
- char allowed[max(KEX_DH_MAX,max(SSH_CIPHER_MAX,max(KEY_MAX,max(HMAC_MAX,COMP_MAX)))) + 1];
+ char listed[max(KEX_DH_MAX,max(SSH_CIPHER_MAX,max(KEY_ALGO_MAX,max(HMAC_MAX,COMP_MAX)))) + 1];
+ char allowed[max(KEX_DH_MAX,max(SSH_CIPHER_MAX,max(KEY_ALGO_MAX,max(HMAC_MAX,COMP_MAX)))) + 1];
int i, j, k=-1;
memset(listed, 0, sizeof(listed));
@@ -4758,8 +4758,8 @@
logprintf(LOG_LEVEL_VERBOSE, "server proposal: server host key algorithm: %s", buf);
pvar->hostkey_type = choose_SSH2_host_key_algorithm(buf, myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]);
- if (pvar->hostkey_type == KEY_UNSPEC) {
- strncpy_s(tmp, sizeof(tmp), "unknown host KEY type: ", _TRUNCATE);
+ if (pvar->hostkey_type == KEY_ALGO_UNSPEC) {
+ strncpy_s(tmp, sizeof(tmp), "unknown host KEY algorithm: ", _TRUNCATE);
strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE);
msg = tmp;
goto error;
@@ -4968,7 +4968,7 @@
get_kex_algorithm_name(pvar->kex_type));
logprintf(LOG_LEVEL_VERBOSE, "server host key algorithm: %s",
- get_ssh2_hostkey_type_name(pvar->hostkey_type));
+ get_ssh2_keyalgo_name(pvar->hostkey_type));
logprintf(LOG_LEVEL_VERBOSE, "encryption algorithm client to server: %s",
get_cipher_string(pvar->ciphers[MODE_OUT]));
@@ -5596,10 +5596,13 @@
data += bloblen;
// known_hosts\x91Ή\x9E (2006.3.20 yutaka)
- if (hostkey->type != pvar->hostkey_type) { // \x83z\x83X\x83g\x83L\x81[\x82̎\xED\x95ʔ\xE4\x8Ar
+ if (hostkey->type != get_ssh2_keytype_from_keyalgo(pvar->hostkey_type)) { // \x83z\x83X\x83g\x83L\x81[\x82̎\xED\x95ʔ\xE4\x8Ar
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "%s: type mismatch for decoded server_host_key_blob (kex:%s blob:%s)", /*__FUNCTION__*/"handle_SSH2_dh_kex_reply",
- get_ssh2_hostkey_type_name(pvar->hostkey_type), get_ssh2_hostkey_type_name(hostkey->type));
+ "%s: type mismatch for decoded server_host_key_blob (kex:%s(%s) blob:%s)",
+ /*__FUNCTION__*/"handle_SSH2_dh_kex_reply",
+ get_ssh2_keytype_name_from_keyalgo(pvar->hostkey_type),
+ get_ssh2_keyalgo_name(pvar->hostkey_type),
+ get_ssh2_hostkey_type_name(hostkey->type));
emsg = emsg_tmp;
goto error;
}
@@ -5698,10 +5701,13 @@
}
data += bloblen;
- if (hostkey->type != pvar->hostkey_type) { // \x83z\x83X\x83g\x83L\x81[\x82̎\xED\x95ʔ\xE4\x8Ar
+ if (hostkey->type != get_ssh2_keytype_from_keyalgo(pvar->hostkey_type)) { // \x83z\x83X\x83g\x83L\x81[\x82̎\xED\x95ʔ\xE4\x8Ar
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "%s: type mismatch for decoded server_host_key_blob (kex:%s blob:%s)", /*__FUNCTION__*/"handle_SSH2_dh_kex_reply",
- get_ssh2_hostkey_type_name(pvar->hostkey_type), get_ssh2_hostkey_type_name(hostkey->type));
+ "%s: type mismatch for decoded server_host_key_blob (kex:%s(%s) blob:%s)",
+ /*__FUNCTION__*/"handle_SSH2_dh_kex_reply",
+ get_ssh2_keytype_name_from_keyalgo(pvar->hostkey_type),
+ get_ssh2_keyalgo_name(pvar->hostkey_type),
+ get_ssh2_hostkey_type_name(hostkey->type));
emsg = emsg_tmp;
goto error;
}
@@ -5861,10 +5867,13 @@
data += bloblen;
// known_hosts\x91Ή\x9E (2006.3.20 yutaka)
- if (hostkey->type != pvar->hostkey_type) { // \x83z\x83X\x83g\x83L\x81[\x82̎\xED\x95ʔ\xE4\x8Ar
+ if (hostkey->type != get_ssh2_keytype_from_keyalgo(pvar->hostkey_type)) { // \x83z\x83X\x83g\x83L\x81[\x82̎\xED\x95ʔ\xE4\x8Ar
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "%s: type mismatch for decoded server_host_key_blob (kex:%s blob:%s)", /*__FUNCTION__*/"handle_SSH2_dh_gex_reply",
- get_ssh2_hostkey_type_name(pvar->hostkey_type), get_ssh2_hostkey_type_name(hostkey->type));
+ "%s: type mismatch for decoded server_host_key_blob (kex:%s(%s) blob:%s)",
+ /*__FUNCTION__*/"handle_SSH2_dh_gex_reply",
+ get_ssh2_keytype_name_from_keyalgo(pvar->hostkey_type),
+ get_ssh2_keyalgo_name(pvar->hostkey_type),
+ get_ssh2_hostkey_type_name(hostkey->type));
emsg = emsg_tmp;
goto error;
}
@@ -5970,10 +5979,13 @@
data += bloblen;
// known_hosts\x91Ή\x9E (2006.3.20 yutaka)
- if (hostkey->type != pvar->hostkey_type) { // \x83z\x83X\x83g\x83L\x81[\x82̎\xED\x95ʔ\xE4\x8Ar
+ if (hostkey->type != get_ssh2_keytype_from_keyalgo(pvar->hostkey_type)) { // \x83z\x83X\x83g\x83L\x81[\x82̎\xED\x95ʔ\xE4\x8Ar
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "%s: type mismatch for decoded server_host_key_blob (kex:%s blob:%s)", /*__FUNCTION__*/"handle_SSH2_dh_gex_reply",
- get_ssh2_hostkey_type_name(pvar->hostkey_type), get_ssh2_hostkey_type_name(hostkey->type));
+ "%s: type mismatch for decoded server_host_key_blob (kex:%s(%s) blob:%s)",
+ /*__FUNCTION__*/"handle_SSH2_dh_gex_reply",
+ get_ssh2_keytype_name_from_keyalgo(pvar->hostkey_type),
+ get_ssh2_keyalgo_name(pvar->hostkey_type),
+ get_ssh2_hostkey_type_name(hostkey->type));
emsg = emsg_tmp;
goto error;
}
@@ -6134,10 +6146,13 @@
data += bloblen;
// known_hosts\x91Ή\x9E (2006.3.20 yutaka)
- if (hostkey->type != pvar->hostkey_type) { // \x83z\x83X\x83g\x83L\x81[\x82̎\xED\x95ʔ\xE4\x8Ar
+ if (hostkey->type != get_ssh2_keytype_from_keyalgo(pvar->hostkey_type)) { // \x83z\x83X\x83g\x83L\x81[\x82̎\xED\x95ʔ\xE4\x8Ar
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "%s: type mismatch for decoded server_host_key_blob (kex:%s blob:%s)", /*__FUNCTION__*/"handle_SSH2_ecdh_kex_reply",
- get_ssh2_hostkey_type_name(pvar->hostkey_type), get_ssh2_hostkey_type_name(hostkey->type));
+ "%s: type mismatch for decoded server_host_key_blob (kex:%s(%s) blob:%s)",
+ /*__FUNCTION__*/"handle_SSH2_ecdh_kex_reply",
+ get_ssh2_keytype_name_from_keyalgo(pvar->hostkey_type),
+ get_ssh2_keyalgo_name(pvar->hostkey_type),
+ get_ssh2_hostkey_type_name(hostkey->type));
emsg = emsg_tmp;
goto error;
}
@@ -6242,10 +6257,13 @@
data += bloblen;
// known_hosts\x91Ή\x9E (2006.3.20 yutaka)
- if (hostkey->type != pvar->hostkey_type) { // \x83z\x83X\x83g\x83L\x81[\x82̎\xED\x95ʔ\xE4\x8Ar
+ if (hostkey->type != get_ssh2_keytype_from_keyalgo(pvar->hostkey_type)) { // \x83z\x83X\x83g\x83L\x81[\x82̎\xED\x95ʔ\xE4\x8Ar
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "%s: type mismatch for decoded server_host_key_blob (kex:%s blob:%s)", /*__FUNCTION__*/"handle_SSH2_ecdh_kex_reply",
- get_ssh2_hostkey_type_name(pvar->hostkey_type), get_ssh2_hostkey_type_name(hostkey->type));
+ "%s: type mismatch for decoded server_host_key_blob (kex:%s(%s) blob:%s)",
+ /*__FUNCTION__*/"handle_SSH2_ecdh_kex_reply",
+ get_ssh2_keytype_name_from_keyalgo(pvar->hostkey_type),
+ get_ssh2_keyalgo_name(pvar->hostkey_type),
+ get_ssh2_hostkey_type_name(hostkey->type));
emsg = emsg_tmp;
goto error;
}
Modified: trunk/ttssh2/ttxssh/ttxssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.c 2022-07-17 15:38:58 UTC (rev 10063)
+++ trunk/ttssh2/ttxssh/ttxssh.c 2022-07-17 15:39:09 UTC (rev 10064)
@@ -1928,7 +1928,7 @@
UTIL_get_lang_msgU8("DLG_ABOUT_HOSTKEY", pvar, "Host Key:");
strncat_s(buf2, sizeof(buf2), pvar->ts->UIMsg, _TRUNCATE);
strncat_s(buf2, sizeof(buf2), " ", _TRUNCATE);
- strncat_s(buf2, sizeof(buf2), get_ssh2_hostkey_type_name(pvar->hostkey_type), _TRUNCATE);
+ strncat_s(buf2, sizeof(buf2), get_ssh2_keyalgo_name(pvar->hostkey_type), _TRUNCATE);
strncat_s(buf2, sizeof(buf2), "\r\n", _TRUNCATE);
UTIL_get_lang_msgU8("DLG_ABOUT_ENCRYPTION", pvar, "Encryption:");
@@ -2287,7 +2287,7 @@
L"<Host Keys below this line are disabled>", uimsg);
SendMessageW(hostkeyControl, LB_ADDSTRING, 0, (LPARAM)uimsg);
} else {
- const char *name = get_ssh2_hostkey_type_name(index);
+ const char *name = get_ssh2_keyalgo_name(index);
if (name != NULL) {
SendMessageA(hostkeyControl, LB_ADDSTRING, 0, (LPARAM) name);
}
@@ -2591,10 +2591,10 @@
buf[0] = 0;
SendMessage(cipherControl, LB_GETTEXT, i, (LPARAM) buf);
for (j = 0;
- j <= KEY_MAX
- && strcmp(buf, get_ssh2_hostkey_type_name(j)) != 0; j++) {
+ j <= KEY_ALGO_MAX
+ && strcmp(buf, get_ssh2_keyalgo_name(j)) != 0; j++) {
}
- if (j <= KEY_MAX) {
+ if (j <= KEY_ALGO_MAX) {
buf2[buf2index] = '0' + j;
buf2index++;
} else {
Modified: trunk/ttssh2/ttxssh/ttxssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.h 2022-07-17 15:38:58 UTC (rev 10063)
+++ trunk/ttssh2/ttxssh/ttxssh.h 2022-07-17 15:39:09 UTC (rev 10064)
@@ -191,7 +191,7 @@
// KEX order(derived from teraterm.ini)
char KexOrder[KEX_DH_MAX+1];
- char HostKeyOrder[KEY_MAX+1];
+ char HostKeyOrder[KEY_ALGO_MAX+1];
char MacOrder[HMAC_MAX+1];
char CompOrder[COMP_MAX+1];
@@ -272,7 +272,7 @@
buffer_t *my_kex;
buffer_t *peer_kex;
kex_algorithm kex_type; // KEX algorithm
- ssh_keytype hostkey_type;
+ ssh_keyalgo hostkey_type;
const struct ssh2cipher *ciphers[MODE_MAX];
const struct SSH2Mac *macs[MODE_MAX];
compression_type ctos_compression;