mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-09 17:38:00 +00:00
b94c6a7e38
This is a major code reorganisation in preparation for making this code base into one that can build an SSH server as well as a client. (Mostly for purposes of using the server as a regression test suite for the client, though I have some other possible uses in mind too. However, it's currently no part of my plan to harden the server to the point where it can sensibly be deployed in a hostile environment.) In this preparatory commit, I've broken up the SSH-2 transport and connection layers, and the SSH-1 connection layer, into multiple source files, with each layer having its own header file containing the shared type definitions. In each case, the new source file contains code that's specific to the client side of the protocol, so that a new file can be swapped in in its place when building the server. Mostly this is just a straightforward moving of code without changing it very much, but there are a couple of actual changes in the process: The parsing of SSH-2 global-request and channel open-messages is now done by a new pair of functions in the client module. For channel opens, I've invented a new union data type to be the return value from that function, representing either failure (plus error message), success (plus Channel instance to manage the new channel), or an instruction to hand the channel over to a sharing downstream (plus a pointer to the downstream in question). Also, the tree234 of remote port forwardings in ssh2connection is now initialised on first use by the client-specific code, so that's where its compare function lives. The shared ssh2connection_free() still takes responsibility for freeing it, but now has to check if it's non-null first. The outer shell of the ssh2_lportfwd_open method, for making a local-to-remote port forwarding, is still centralised in ssh2connection.c, but the part of it that actually constructs the outgoing channel-open message has moved into the client code, because that will have to change depending on whether the channel-open has to have type direct-tcpip or forwarded-tcpip. In the SSH-1 connection layer, half the filter_queue method has moved out into the new client-specific code, but not all of it - bidirectional channel maintenance messages are still handled centrally. One exception is SSH_MSG_PORT_OPEN, which can be sent in both directions, but with subtly different semantics - from server to client, it's referring to a previously established remote forwarding (and must be rejected if there isn't one that matches it), but from client to server it's just a "direct-tcpip" request with no prior context. So that one is in the client-specific module, and when I add the server code it will have its own different handler.
220 lines
6.8 KiB
C
220 lines
6.8 KiB
C
/*
|
|
* Header connecting the pieces of the SSH-2 transport layer.
|
|
*/
|
|
|
|
#ifndef PUTTY_SSH2TRANSPORT_H
|
|
#define PUTTY_SSH2TRANSPORT_H
|
|
|
|
#ifndef NO_GSSAPI
|
|
#include "sshgssc.h"
|
|
#include "sshgss.h"
|
|
#define MIN_CTXT_LIFETIME 5 /* Avoid rekey with short lifetime (seconds) */
|
|
#define GSS_KEX_CAPABLE (1<<0) /* Can do GSS KEX */
|
|
#define GSS_CRED_UPDATED (1<<1) /* Cred updated since previous delegation */
|
|
#define GSS_CTXT_EXPIRES (1<<2) /* Context expires before next timer */
|
|
#define GSS_CTXT_MAYFAIL (1<<3) /* Context may expire during handshake */
|
|
#endif
|
|
|
|
#define DH_MIN_SIZE 1024
|
|
#define DH_MAX_SIZE 8192
|
|
|
|
enum kexlist {
|
|
KEXLIST_KEX, KEXLIST_HOSTKEY, KEXLIST_CSCIPHER, KEXLIST_SCCIPHER,
|
|
KEXLIST_CSMAC, KEXLIST_SCMAC, KEXLIST_CSCOMP, KEXLIST_SCCOMP,
|
|
NKEXLIST
|
|
};
|
|
#define MAXKEXLIST 16
|
|
struct kexinit_algorithm {
|
|
const char *name;
|
|
union {
|
|
struct {
|
|
const struct ssh_kex *kex;
|
|
int warn;
|
|
} kex;
|
|
struct {
|
|
const ssh_keyalg *hostkey;
|
|
int warn;
|
|
} hk;
|
|
struct {
|
|
const struct ssh2_cipheralg *cipher;
|
|
int warn;
|
|
} cipher;
|
|
struct {
|
|
const struct ssh2_macalg *mac;
|
|
int etm;
|
|
} mac;
|
|
struct {
|
|
const struct ssh_compression_alg *comp;
|
|
int delayed;
|
|
} comp;
|
|
} u;
|
|
};
|
|
|
|
#define HOSTKEY_ALGORITHMS(X) \
|
|
X(HK_ED25519, ssh_ecdsa_ed25519) \
|
|
X(HK_ECDSA, ssh_ecdsa_nistp256) \
|
|
X(HK_ECDSA, ssh_ecdsa_nistp384) \
|
|
X(HK_ECDSA, ssh_ecdsa_nistp521) \
|
|
X(HK_DSA, ssh_dss) \
|
|
X(HK_RSA, ssh_rsa) \
|
|
/* end of list */
|
|
#define COUNT_HOSTKEY_ALGORITHM(type, alg) +1
|
|
#define N_HOSTKEY_ALGORITHMS (0 HOSTKEY_ALGORITHMS(COUNT_HOSTKEY_ALGORITHM))
|
|
|
|
struct ssh_signkey_with_user_pref_id {
|
|
const ssh_keyalg *alg;
|
|
int id;
|
|
};
|
|
extern const struct ssh_signkey_with_user_pref_id
|
|
ssh2_hostkey_algs[N_HOSTKEY_ALGORITHMS];
|
|
|
|
/*
|
|
* Enumeration of high-level classes of reason why we might need to do
|
|
* a repeat key exchange. A full detailed reason in human-readable
|
|
* string form for the Event Log is also provided, but this enum type
|
|
* is used to discriminate between classes of reason that the code
|
|
* needs to treat differently.
|
|
*
|
|
* RK_NONE == 0 is the value indicating that no rekey is currently
|
|
* needed at all. RK_INITIAL indicates that we haven't even done the
|
|
* _first_ key exchange yet. RK_SERVER indicates that we're rekeying
|
|
* because the server asked for it, not because we decided it
|
|
* ourselves. RK_NORMAL is the usual case. RK_GSS_UPDATE indicates
|
|
* that we're rekeying because we've just got new GSSAPI credentials
|
|
* (hence there's no point in doing a preliminary check for new GSS
|
|
* creds, because we already know the answer); RK_POST_USERAUTH
|
|
* indicates that _if_ we're going to need a post-userauth immediate
|
|
* rekey for any reason, this is the moment to do it.
|
|
*
|
|
* So RK_POST_USERAUTH only tells the transport layer to _consider_
|
|
* rekeying, not to definitely do it. Also, that one enum value is
|
|
* special in that the user-readable reason text is passed in to the
|
|
* transport layer as NULL, whereas fills in the reason text after it
|
|
* decides whether it needs a rekey at all. In the other cases,
|
|
* rekey_reason is passed in to the at the same time as rekey_class.
|
|
*/
|
|
typedef enum RekeyClass {
|
|
RK_NONE = 0,
|
|
RK_INITIAL,
|
|
RK_SERVER,
|
|
RK_NORMAL,
|
|
RK_POST_USERAUTH,
|
|
RK_GSS_UPDATE
|
|
} RekeyClass;
|
|
|
|
typedef struct transport_direction {
|
|
const struct ssh2_cipheralg *cipher;
|
|
const struct ssh2_macalg *mac;
|
|
int etm_mode;
|
|
const struct ssh_compression_alg *comp;
|
|
int comp_delayed;
|
|
} transport_direction;
|
|
|
|
struct ssh2_transport_state {
|
|
int crState, crStateKex;
|
|
|
|
PacketProtocolLayer *higher_layer;
|
|
PktInQueue pq_in_higher;
|
|
PktOutQueue pq_out_higher;
|
|
IdempotentCallback ic_pq_out_higher;
|
|
|
|
Conf *conf;
|
|
char *savedhost;
|
|
int savedport;
|
|
const char *rekey_reason;
|
|
enum RekeyClass rekey_class;
|
|
|
|
unsigned long max_data_size;
|
|
|
|
const struct ssh_kex *kex_alg;
|
|
const ssh_keyalg *hostkey_alg;
|
|
char *hostkey_str; /* string representation, for easy checking in rekeys */
|
|
unsigned char session_id[SSH2_KEX_MAX_HASH_LEN];
|
|
int session_id_len;
|
|
struct dh_ctx *dh_ctx;
|
|
ssh_hash *exhash;
|
|
|
|
struct DataTransferStats *stats;
|
|
|
|
char *client_greeting, *server_greeting;
|
|
|
|
int kex_in_progress;
|
|
unsigned long next_rekey, last_rekey;
|
|
const char *deferred_rekey_reason;
|
|
int higher_layer_ok;
|
|
|
|
/*
|
|
* Fully qualified host name, which we need if doing GSSAPI.
|
|
*/
|
|
char *fullhostname;
|
|
|
|
/* shgss is outside the ifdef on purpose to keep APIs simple. If
|
|
* NO_GSSAPI is not defined, then it's just an opaque structure
|
|
* tag and the pointer will be NULL. */
|
|
struct ssh_connection_shared_gss_state *shgss;
|
|
#ifndef NO_GSSAPI
|
|
int gss_status;
|
|
time_t gss_cred_expiry; /* Re-delegate if newer */
|
|
unsigned long gss_ctxt_lifetime; /* Re-delegate when short */
|
|
#endif
|
|
ssh_transient_hostkey_cache *thc;
|
|
|
|
int gss_kex_used;
|
|
|
|
int nbits, pbits, warn_kex, warn_hk, warn_cscipher, warn_sccipher;
|
|
Bignum p, g, e, f, K;
|
|
strbuf *client_kexinit, *server_kexinit;
|
|
int kex_init_value, kex_reply_value;
|
|
transport_direction in, out;
|
|
ptrlen hostkeydata, sigdata;
|
|
char *keystr, *fingerprint;
|
|
ssh_key *hkey; /* actual host key */
|
|
struct RSAKey *rsa_kex_key; /* for RSA kex */
|
|
struct ec_key *ecdh_key; /* for ECDH kex */
|
|
unsigned char exchange_hash[SSH2_KEX_MAX_HASH_LEN];
|
|
int can_gssapi_keyex;
|
|
int need_gss_transient_hostkey;
|
|
int warned_about_no_gss_transient_hostkey;
|
|
int got_session_id;
|
|
int dlgret;
|
|
int guessok;
|
|
int ignorepkt;
|
|
struct kexinit_algorithm kexlists[NKEXLIST][MAXKEXLIST];
|
|
#ifndef NO_GSSAPI
|
|
Ssh_gss_buf gss_buf;
|
|
Ssh_gss_buf gss_rcvtok, gss_sndtok;
|
|
Ssh_gss_stat gss_stat;
|
|
Ssh_gss_buf mic;
|
|
int init_token_sent;
|
|
int complete_rcvd;
|
|
int gss_delegate;
|
|
#endif
|
|
|
|
/*
|
|
* List of host key algorithms for which we _don't_ have a stored
|
|
* host key. These are indices into the main hostkey_algs[] array
|
|
*/
|
|
int uncert_hostkeys[N_HOSTKEY_ALGORITHMS];
|
|
int n_uncert_hostkeys;
|
|
|
|
/*
|
|
* Flag indicating that the current rekey is intended to finish
|
|
* with a newly cross-certified host key.
|
|
*/
|
|
int cross_certifying;
|
|
|
|
PacketProtocolLayer ppl;
|
|
};
|
|
|
|
/* Helpers shared between transport and kex */
|
|
PktIn *ssh2_transport_pop(struct ssh2_transport_state *s);
|
|
void ssh2_transport_dialog_callback(void *, int);
|
|
|
|
/* Provided by transport for use in kex */
|
|
void ssh2transport_finalise_exhash(struct ssh2_transport_state *s);
|
|
|
|
/* Provided by kex for use in transport */
|
|
void ssh2kex_coroutine(struct ssh2_transport_state *s);
|
|
|
|
#endif /* PUTTY_SSH2TRANSPORT_H */
|