38 findSessionInfo( sessionInfoPtr->attributeList,
44 assert(
isReadPtr( keyData, keyDataLength ) );
51 keyData, keyDataLength );
52 if( attributeListPtr == NULL )
55 return( addSessionInfoS( &sessionInfoPtr->attributeList,
57 fingerPrint, hashSize ) );
70 keyData, keyDataLength );
76 memcmp( attributeListPtr->value, fingerPrint, hashSize ) )
82 const BYTE *reqFingerPrint = attributeListPtr->value;
83 const int reqFingerPrintLength = attributeListPtr->
valueLength;
87 "Server key fingerprint %02X %02X %02X %02X...%02X %02X "
88 "doesn't match requested fingerprint "
89 "%02X %02X %02X %02X...%02X %02X",
90 fingerPrint[ 0 ], fingerPrint[ 1 ],
91 fingerPrint[ 2 ], fingerPrint[ 3 ],
92 fingerPrint[ hashSize - 2 ], fingerPrint[ hashSize - 1 ],
93 reqFingerPrint[ 0 ], reqFingerPrint[ 1 ],
94 reqFingerPrint[ 2 ], reqFingerPrint[ 3 ],
95 reqFingerPrint[ reqFingerPrintLength - 2 ],
96 reqFingerPrint[ reqFingerPrintLength - 1 ] ) );
100 "Server key fingerprint doesn't match requested "
153 writeUint32( stream, 1024 );
159 status = streamBookmarkComplete( stream, &keyexInfoPtr,
160 &keyexInfoLength, keyexInfoLength );
162 status = wrapPacketSSH2( sessionInfoPtr, stream, packetOffset,
165 status = sendPacketSSH2( sessionInfoPtr, stream,
TRUE );
166 sMemDisconnect( stream );
174 memcpy( handshakeInfo->encodedReqKeySizes, keyexInfoPtr,
176 handshakeInfo->encodedReqKeySizesLength = keyexInfoLength;
189 sMemConnect( stream, sessionInfoPtr->receiveBuffer, length );
191 status = readInteger32Checked( stream, NULL, &dummy,
MIN_PKCSIZE,
194 status = readInteger32( stream, NULL, &dummy, 1,
198 status = streamBookmarkComplete( stream, &keyexInfoPtr,
202 sMemDisconnect( stream );
212 "Insecure DH key used in key exchange" ) );
217 "Invalid DH ephemeral key data packet" ) );
231 sessionInfoPtr->receiveBufSize ) );
232 memmove( (
BYTE * ) keyexInfoPtr + keyDataHdrSize, keyexInfoPtr,
234 sMemOpen( stream, keyexInfoPtr, keyDataHdrSize );
235 writeUint32( stream,
sizeofString32(
"ssh-dh", 6 ) + keyexInfoLength );
236 status = writeString32( stream,
"ssh-dh", 6 );
237 sMemDisconnect( stream );
245 status = initDHcontextSSH( &handshakeInfo->iServerCryptContext,
246 &handshakeInfo->serverKeySize, keyexInfoPtr,
247 keyDataHdrSize + keyexInfoLength,
260 "Invalid DH ephemeral key data" ) );
287 status = initECDHcontextSSH( &handshakeInfo->iServerCryptContext,
288 &handshakeInfo->serverKeySize,
289 handshakeInfo->keyexAlgo );
316 int packetOffset = 0,
status;
327 sNetGetErrorInfo( &sessionInfoPtr->stream,
328 &sessionInfoPtr->errorInfo );
340 status = hashAsString( handshakeInfo->iExchangeHashContext,
343 status = hashAsString( handshakeInfo->iExchangeHashContext,
344 sessionInfoPtr->receiveBuffer,
345 strlen( sessionInfoPtr->receiveBuffer ) );
347 handshakeInfo->iExchangeHashAltContext !=
CRYPT_ERROR )
349 status = hashAsString( handshakeInfo->iExchangeHashAltContext,
352 status = hashAsString( handshakeInfo->iExchangeHashAltContext,
353 sessionInfoPtr->receiveBuffer,
354 strlen( sessionInfoPtr->receiveBuffer ) );
362 status = initDHcontextSSH( &handshakeInfo->iServerCryptContext,
363 &handshakeInfo->serverKeySize, NULL, 0,
375 status = processHelloSSH( sessionInfoPtr, handshakeInfo,
376 &serverHelloLength,
FALSE );
419 status = openPacketStreamSSH( &stream, sessionInfoPtr,
SSH_MSG_KEXINIT );
424 CRYPT_IATTRIBUTE_RANDOM_NONCE,
428 sMemDisconnect( &stream );
431 status = writeAlgoString( &stream, handshakeInfo->keyexAlgo );
433 status = writeAlgoString( &stream, handshakeInfo->pubkeyAlgo );
435 status = writeAlgoString( &stream, sessionInfoPtr->cryptAlgo );
437 status = writeAlgoString( &stream, sessionInfoPtr->cryptAlgo );
439 status = writeAlgoString( &stream, sessionInfoPtr->integrityAlgo );
441 status = writeAlgoString( &stream, sessionInfoPtr->integrityAlgo );
448 writeUint32( &stream, 0 );
449 writeUint32( &stream, 0 );
451 status = writeUint32( &stream, 0 );
454 status = streamBookmarkComplete( &stream, &clientHelloPtr,
459 status = wrapPacketSSH2( sessionInfoPtr, &stream, 0,
FALSE,
TRUE );
462 sMemDisconnect( &stream );
473 status = hashAsString( handshakeInfo->iExchangeHashContext,
474 clientHelloPtr, clientHelloLength );
478 sessionInfoPtr->receiveBufSize ) );
479 memmove( sessionInfoPtr->receiveBuffer + 1,
480 sessionInfoPtr->receiveBuffer, serverHelloLength );
482 status = hashAsString( handshakeInfo->iExchangeHashContext,
483 sessionInfoPtr->receiveBuffer,
484 serverHelloLength + 1 );
488 sMemDisconnect( &stream );
497 if( handshakeInfo->requestedServerKeySize > 0 )
499 status = processDHE( sessionInfoPtr, handshakeInfo, &stream,
511 if( handshakeInfo->isECDH )
513 status = switchToECDH( sessionInfoPtr, handshakeInfo,
517 sMemDisconnect( &stream );
530 if( handshakeInfo->requestedServerKeySize > 0 )
534 status = openPacketStreamSSH( &stream, sessionInfoPtr,
548 if( handshakeInfo->isECDH )
549 status = writeString32( &stream, keyAgreeParams.publicValue,
552 status = writeInteger32( &stream, keyAgreeParams.publicValue,
556 status = streamBookmarkComplete( &stream, &keyexPtr, &keyexLength,
559 status = wrapPacketSSH2( sessionInfoPtr, &stream, packetOffset,
568 status = sendPacketSSH2( sessionInfoPtr, &stream,
TRUE );
570 sMemDisconnect( &stream );
578 memcpy( handshakeInfo->clientKeyexValue, keyexPtr, keyexLength );
579 handshakeInfo->clientKeyexValueLength =
keyexLength;
588 sessionInfoPtr->iKeyexAuthContext = createInfo.
cryptHandle;
643 readHSPacketSSH2( sessionInfoPtr,
644 ( handshakeInfo->requestedServerKeySize > 0 ) ? \
653 sMemConnect( &stream, sessionInfoPtr->receiveBuffer, length );
655 status = readUint32( &stream );
658 status = readAlgoString( &stream, handshakeInfo->algoStringPubkeyTbl,
659 handshakeInfo->algoStringPubkeyTblNoEntries,
664 sMemDisconnect( &stream );
667 if( pubkeyAlgo != handshakeInfo->pubkeyAlgo )
669 sMemDisconnect( &stream );
672 "Invalid %s phase 2 public key algorithm %d, expected %d",
673 handshakeInfo->isECDH ?
"ECDH" :
"DH", pubkeyAlgo,
674 handshakeInfo->pubkeyAlgo ) );
682 status = readInteger32Checked( &stream, NULL, &dummy,
688 status = readInteger32Checked( &stream, NULL, &dummy,
694 status = readInteger32Checked( &stream, NULL, &dummy,
699 readUniversal32( &stream );
700 status = readInteger32Checked( &stream, NULL, &dummy,
709 status = streamBookmarkComplete( &stream, &keyBlobPtr,
710 &keyBlobLength, keyBlobLength );
712 status = streamBookmarkComplete( &stream, &keyPtr, &keyLength,
716 sMemDisconnect( &stream );
725 "Insecure server public key used in key exchange" ) );
730 "Invalid %s phase 2 server public key data",
731 handshakeInfo->isECDH ?
"ECDH" :
"DH" ) );
736 CRYPT_IATTRIBUTE_KEY_SSH );
739 sMemDisconnect( &stream );
744 "Invalid %s phase 2 server public key value",
745 handshakeInfo->isECDH ?
"ECDH" :
"DH" ) );
759 status = processKeyFingerprint( sessionInfoPtr,
760 keyBlobPtr, keyBlobLength );
764 sMemDisconnect( &stream );
770 status = readRawObject32( &stream, handshakeInfo->serverKeyexValue,
772 &handshakeInfo->serverKeyexValueLength );
775 if( handshakeInfo->isECDH )
778 handshakeInfo->serverKeySize,
785 handshakeInfo->serverKeySize,
792 sMemDisconnect( &stream );
795 "Invalid %s phase 2 keyex value",
796 handshakeInfo->isECDH ?
"ECDH" :
"DH" ) );
798 status = completeKeyex( sessionInfoPtr, handshakeInfo,
FALSE );
801 sMemDisconnect( &stream );
807 status = length = readUint32( &stream );
809 status = sSkip( &stream, length );
811 status = streamBookmarkComplete( &stream, &sigPtr, &sigLength,
813 sMemDisconnect( &stream );
818 "Invalid %s phase 2 packet signature data",
819 handshakeInfo->isECDH ?
"ECDH" :
"DH" ) );
849 "x509v3-sign-dss", 15 ) && \
851 "spki-sign-dss", 13 ) && \
853 "pgp-sign-dss", 12 ) ) )
863 sMemOpen( &stream, sessionInfoPtr->receiveBuffer,
866 writeString32( &stream,
"ssh-dss", 7 );
867 status = swrite( &stream, sigPtr, sigLength );
869 fixedSigLength = stell( &stream );
870 sMemDisconnect( &stream );
876 sigPtr = sessionInfoPtr->receiveBuffer;
877 sigLength = fixedSigLength;
881 status = iCryptCheckSignature( sigPtr, sigLength, CRYPT_IFORMAT_SSH,
882 sessionInfoPtr->iKeyexAuthContext,
883 handshakeInfo->iExchangeHashContext,
889 "Invalid handshake data signature" ) );
896 if( handshakeInfo->iExchangeHashAltContext !=
CRYPT_ERROR )
900 handshakeInfo->iExchangeHashAltContext =
CRYPT_ERROR;
920 status = initSecurityInfo( sessionInfoPtr, handshakeInfo );
931 status = openPacketStreamSSH( &stream, sessionInfoPtr,
SSH_MSG_NEWKEYS );
933 status = wrapPacketSSH2( sessionInfoPtr, &stream, 0,
FALSE,
TRUE );
936 sMemDisconnect( &stream );
952 status = writeString32( &stream,
"ssh-userauth", 12 );
954 status = wrapPacketSSH2( sessionInfoPtr, &stream, packetOffset,
958 sMemDisconnect( &stream );
1005 status = sendPacketSSH2( sessionInfoPtr, &stream,
TRUE );
1006 sMemDisconnect( &stream );
1043 sMemConnect( &stream, sessionInfoPtr->receiveBuffer, length );
1046 sMemDisconnect( &stream );
1048 stringLength != 12 || \
1049 memcmp( stringBuffer,
"ssh-userauth", 12 ) )
1055 "Invalid service accept packet" ) );
1060 status = processClientAuth( sessionInfoPtr, handshakeInfo );
1066 if( getCurrentChannelNo( sessionInfoPtr, \
1071 status = createChannel( sessionInfoPtr );
1076 return( sendChannelOpen( sessionInfoPtr ) );
1078 status = sendChannelOpen( sessionInfoPtr );
1088 sputc( &stream, 0 );
1089 status = wrapPacketSSH2( sessionInfoPtr, &stream, 0,
TRUE,
TRUE );
1091 status = sendPacketSSH2( sessionInfoPtr, &stream,
TRUE );
1092 sMemDisconnect( &stream );
1110 handshakeInfo->beginHandshake = beginClientHandshake;
1111 handshakeInfo->exchangeKeys = exchangeClientKeys;
1112 handshakeInfo->completeHandshake = completeClientHandshake;