svnno****@sourc*****
svnno****@sourc*****
2011年 2月 15日 (火) 18:00:01 JST
Tera TermRevision: 4307
http://sourceforge.jp/projects/ttssh2/svn/view?view=rev&revision=4307
Author: maya
Date: 2011-02-15 18:00:01 +0900 (Tue, 15 Feb 2011)
Log Message:
-----------
éµã®ç¨®é¡žã‚’増やã›ã‚‹ã‚ˆã†ã«æ•´ç†ã—ãŸ
enum hostkey_type ã‚’ ssh_keytype ã«ãƒªãƒãƒ¼ãƒ ã—ãŸ
機能ãŒé‡è¤‡ã—ã¦ã„ã‚‹æ§‹é€ ä½“ãƒ»ã‚³ãƒ¼ãƒ‰ã‚’å‰Šé™¤ã—ãŸ
CRYPTKeyPair を削除ã€Key を使ã†ã‚ˆã†ã«ã—ãŸ
key_from_blob を使ã†ã‚ˆã†ã«ã—ãŸ
Modified Paths:
--------------
trunk/ttssh2/ttxssh/auth.c
trunk/ttssh2/ttxssh/auth.h
trunk/ttssh2/ttxssh/crypt.c
trunk/ttssh2/ttxssh/crypt.h
trunk/ttssh2/ttxssh/hosts.c
trunk/ttssh2/ttxssh/key.c
trunk/ttssh2/ttxssh/key.h
trunk/ttssh2/ttxssh/keyfiles.c
trunk/ttssh2/ttxssh/keyfiles.h
trunk/ttssh2/ttxssh/ssh.c
trunk/ttssh2/ttxssh/ssh.h
trunk/ttssh2/ttxssh/ttxssh.c
trunk/ttssh2/ttxssh/ttxssh.h
-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/auth.c
===================================================================
--- trunk/ttssh2/ttxssh/auth.c 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/auth.c 2011-02-15 09:00:01 UTC (rev 4307)
@@ -425,7 +425,7 @@
int method = SSH_AUTH_PASSWORD;
char FAR *password =
alloc_control_text(GetDlgItem(dlg, IDC_SSHPASSWORD));
- CRYPTKeyPair FAR *key_pair = NULL;
+ Key *key_pair = NULL;
if (IsDlgButtonChecked(dlg, IDC_SSHUSERSA)) {
method = SSH_AUTH_RSA;
@@ -1436,12 +1436,12 @@
destroy_malloced_string(&pvar->auth_state.cur_cred.password);
destroy_malloced_string(&pvar->auth_state.cur_cred.rhosts_client_user);
if (pvar->auth_state.cur_cred.key_pair != NULL) {
- CRYPT_free_key_pair(pvar->auth_state.cur_cred.key_pair);
+ key_free(pvar->auth_state.cur_cred.key_pair);
pvar->auth_state.cur_cred.key_pair = NULL;
}
}
-static char FAR *get_auth_method_name(SSHAuthMethod auth)
+static const char *get_auth_method_name(SSHAuthMethod auth)
{
switch (auth) {
case SSH_AUTH_PASSWORD:
@@ -1463,7 +1463,7 @@
void AUTH_get_auth_info(PTInstVar pvar, char FAR * dest, int len)
{
- char *method = "unknown";
+ const char *method = "unknown";
if (pvar->auth_state.user == NULL) {
strncpy_s(dest, len, "None", _TRUNCATE);
@@ -1490,16 +1490,12 @@
} else {
if (pvar->auth_state.cur_cred.method == SSH_AUTH_RSA) {
- if (pvar->auth_state.cur_cred.key_pair->RSA_key != NULL) {
- method = "RSA";
- } else if (pvar->auth_state.cur_cred.key_pair->DSA_key != NULL) {
- method = "DSA";
- }
+ method = key_type(pvar->auth_state.cur_cred.key_pair);
}
else if (pvar->auth_state.cur_cred.method == SSH_AUTH_PAGEANT) {
int len = get_uint32_MSBfirst(pvar->pageant_curkey + 4);
char *s = (char *)malloc(len+1);
- enum hostkey_type keytype;
+ enum ssh_keytype keytype;
memcpy(s, pvar->pageant_curkey+4+4, len);
s[len] = '\0';
Modified: trunk/ttssh2/ttxssh/auth.h
===================================================================
--- trunk/ttssh2/ttxssh/auth.h 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/auth.h 2011-02-15 09:00:01 UTC (rev 4307)
@@ -40,7 +40,7 @@
SSHAuthMethod method;
char FAR * password;
char FAR * rhosts_client_user;
- struct _CRYPTKeyPair FAR * key_pair;
+ struct Key FAR * key_pair;
} AUTHCred;
typedef enum { GENERIC_AUTH_MODE, TIS_AUTH_MODE } AuthMode;
Modified: trunk/ttssh2/ttxssh/crypt.c
===================================================================
--- trunk/ttssh2/ttxssh/crypt.c 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/crypt.c 2011-02-15 09:00:01 UTC (rev 4307)
@@ -1211,7 +1211,7 @@
decrypted_challenge_len =
RSA_private_decrypt(challenge_len, challenge, challenge,
- AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
+ AUTH_get_cur_cred(pvar)->key_pair->rsa,
RSA_PKCS1_PADDING);
if (decrypted_challenge_len < 0) {
free(session_buf);
@@ -1745,7 +1745,7 @@
}
}
-static void destroy_public_key(CRYPTPublicKey FAR * key)
+static void destroy_public_key(CRYPTPublicKey * key)
{
if (key->RSA_key != NULL) {
RSA_free(key->RSA_key);
@@ -1753,7 +1753,7 @@
}
}
-void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
+void CRYPT_free_public_key(CRYPTPublicKey * key)
{
destroy_public_key(key);
free(key);
@@ -1862,14 +1862,3 @@
memset(passphrase_key, 0, sizeof(passphrase_key));
return 1;
}
-
-void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
-{
- if (key_pair->RSA_key != NULL)
- RSA_free(key_pair->RSA_key);
-
- if (key_pair->DSA_key != NULL)
- DSA_free(key_pair->DSA_key);
-
- free(key_pair);
-}
Modified: trunk/ttssh2/ttxssh/crypt.h
===================================================================
--- trunk/ttssh2/ttxssh/crypt.h 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/crypt.h 2011-02-15 09:00:01 UTC (rev 4307)
@@ -82,14 +82,9 @@
} CRYPTDetectAttack;
typedef struct {
- RSA FAR * RSA_key;
+ RSA *RSA_key;
} CRYPTPublicKey;
-typedef struct _CRYPTKeyPair {
- RSA FAR * RSA_key;
- DSA *DSA_key;
-} CRYPTKeyPair;
-
typedef union {
Cipher3DESState c3DES;
CipherIDEAState cIDEA;
@@ -136,7 +131,6 @@
void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie);
#define CRYPT_get_server_cookie(pvar) ((pvar)->crypt_state.server_cookie)
-void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair);
void CRYPT_free_public_key(CRYPTPublicKey FAR * key);
BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
@@ -171,7 +165,7 @@
BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf, int bytes);
int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase, char FAR * buf, int len);
RSA FAR *make_key(PTInstVar pvar,
- int bits, unsigned char FAR * exp,
- unsigned char FAR * mod);
+ int bits, unsigned char FAR * exp,
+ unsigned char FAR * mod);
#endif
Modified: trunk/ttssh2/ttxssh/hosts.c
===================================================================
--- trunk/ttssh2/ttxssh/hosts.c 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/hosts.c 2011-02-15 09:00:01 UTC (rev 4307)
@@ -811,7 +811,7 @@
BN_cmp(key->rsa->e, pvar->hosts_state.hostkey.rsa->e) == 0 &&
BN_cmp(key->rsa->n, pvar->hosts_state.hostkey.rsa->n) == 0;
- } else { // // SSH2 DSA host public key
+ } else if (key->type == KEY_DSA) { // SSH2 DSA host public key
return key->dsa != NULL && pvar->hosts_state.hostkey.dsa &&
BN_cmp(key->dsa->p, pvar->hosts_state.hostkey.dsa->p) == 0 &&
@@ -820,6 +820,9 @@
BN_cmp(key->dsa->pub_key, pvar->hosts_state.hostkey.dsa->pub_key) == 0;
}
+ else {
+ return FALSE;
+ }
}
@@ -889,7 +892,7 @@
int host_len = strlen(pvar->hosts_state.prefetched_hostname);
char *result = NULL;
int index;
- enum hostkey_type type = pvar->hosts_state.hostkey.type;
+ enum ssh_keytype type = pvar->hosts_state.hostkey.type;
if (type == KEY_RSA1) {
int result_len = host_len + 50 + 8 +
Modified: trunk/ttssh2/ttxssh/key.c
===================================================================
--- trunk/ttssh2/ttxssh/key.c 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/key.c 2011-02-15 09:00:01 UTC (rev 4307)
@@ -287,19 +287,21 @@
return ret;
}
-int key_verify(RSA *rsa_key, DSA *dsa_key,
+int key_verify(Key *key,
unsigned char *signature, unsigned int signaturelen,
unsigned char *data, unsigned int datalen)
{
int ret = 0;
- if (rsa_key != NULL) {
- ret = ssh_rsa_verify(rsa_key, signature, signaturelen, data, datalen);
+ if (key->type == KEY_RSA) {
+ ret = ssh_rsa_verify(key->rsa, signature, signaturelen, data, datalen);
- } else if (dsa_key != NULL) {
- ret = ssh_dss_verify(dsa_key, signature, signaturelen, data, datalen);
+ }
+ else if (key->type == KEY_DSA) {
+ ret = ssh_dss_verify(key->dsa, signature, signaturelen, data, datalen);
- } else {
+ }
+ else {
return -1;
}
@@ -620,7 +622,7 @@
//
// ƒL[•¶Žš—ñ‚©‚çŽí•Ê‚ð”»’è‚·‚é
//
-enum hostkey_type get_keytype_from_name(char *name)
+enum ssh_keytype get_keytype_from_name(char *name)
{
if (strcmp(name, "rsa1") == 0) {
return KEY_RSA1;
@@ -699,7 +701,7 @@
RSA *rsa = NULL;
DSA *dsa = NULL;
Key *hostkey; // hostkey
- enum hostkey_type type;
+ enum ssh_keytype type;
hostkey = malloc(sizeof(Key));
if (hostkey == NULL)
@@ -718,8 +720,7 @@
type = get_keytype_from_name(key);
- // RSA key
- if (type == KEY_RSA) {
+ if (type == KEY_RSA) { // RSA key
rsa = RSA_new();
if (rsa == NULL) {
goto error;
@@ -736,7 +737,8 @@
hostkey->type = type;
hostkey->rsa = rsa;
- } else if (type == KEY_DSA) { // DSA key
+ }
+ else if (type == KEY_DSA) { // DSA key
dsa = DSA_new();
if (dsa == NULL) {
goto error;
@@ -777,21 +779,8 @@
return NULL;
}
-char *get_SSH2_keyname(CRYPTKeyPair *keypair)
-{
- char *s;
- if (keypair->RSA_key != NULL) {
- s = "ssh-rsa";
- } else {
- s = "ssh-dss";
- }
-
- return (s);
-}
-
-
-BOOL generate_SSH2_keysign(CRYPTKeyPair *keypair, char **sigptr, int *siglen, char *data, int datalen)
+BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen)
{
buffer_t *msg = NULL;
char *s;
@@ -802,30 +791,25 @@
return FALSE;
}
- if (keypair->RSA_key != NULL) { // RSA
- const EVP_MD *evp_md;
+ if (keypair->type == KEY_RSA) { // RSA
+ const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
u_char digest[EVP_MAX_MD_SIZE], *sig;
u_int slen, dlen, len;
- int ok, nid;
+ int ok, nid = NID_sha1;
- nid = NID_sha1;
- if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
- goto error;
- }
-
// ƒ_ƒCƒWƒFƒXƒg’l‚ÌŒvŽZ
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
EVP_DigestFinal(&md, digest, &dlen);
- slen = RSA_size(keypair->RSA_key);
+ slen = RSA_size(keypair->rsa);
sig = malloc(slen);
if (sig == NULL)
goto error;
// “dŽq–¼‚ðŒvŽZ
- ok = RSA_sign(nid, digest, dlen, sig, &len, keypair->RSA_key);
+ ok = RSA_sign(nid, digest, dlen, sig, &len, keypair->rsa);
memset(digest, 'd', sizeof(digest));
if (ok != 1) { // error
free(sig);
@@ -846,7 +830,7 @@
}
- s = get_SSH2_keyname(keypair);
+ s = get_sshname_from_key(keypair);
buffer_put_string(msg, s, strlen(s));
buffer_append_length(msg, sig, slen);
len = buffer_len(msg);
@@ -861,7 +845,8 @@
memcpy(*sigptr, buffer_ptr(msg), len);
free(sig);
- } else { // DSA
+ }
+ else if (keypair->type == KEY_DSA) { // DSA
DSA_SIG *sig;
const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
@@ -874,7 +859,7 @@
EVP_DigestFinal(&md, digest, &dlen);
// DSA“dŽq–¼‚ðŒvŽZ
- sig = DSA_do_sign(digest, dlen, keypair->DSA_key);
+ sig = DSA_do_sign(digest, dlen, keypair->dsa);
memset(digest, 'd', sizeof(digest));
if (sig == NULL) {
goto error;
@@ -893,7 +878,7 @@
DSA_SIG_free(sig);
// setting
- s = get_SSH2_keyname(keypair);
+ s = get_sshname_from_key(keypair);
buffer_put_string(msg, s, strlen(s));
buffer_append_length(msg, sigblob, sizeof(sigblob));
len = buffer_len(msg);
@@ -907,6 +892,10 @@
memcpy(*sigptr, buffer_ptr(msg), len);
}
+ else {
+ buffer_free(msg);
+ return FALSE;
+ }
buffer_free(msg);
return TRUE;
@@ -921,7 +910,7 @@
BOOL get_SSH2_publickey_blob(PTInstVar pvar, buffer_t **blobptr, int *bloblen)
{
buffer_t *msg = NULL;
- CRYPTKeyPair *keypair;
+ Key *keypair;
char *s;
msg = buffer_init();
@@ -932,22 +921,27 @@
keypair = pvar->auth_state.cur_cred.key_pair;
- if (keypair->RSA_key != NULL) { // RSA
- s = get_SSH2_keyname(keypair);
+ if (keypair->type == KEY_RSA) { // RSA
+ s = get_sshname_from_key(keypair);
buffer_put_string(msg, s, strlen(s));
- buffer_put_bignum2(msg, keypair->RSA_key->e); // ŒöŠJŽw”
- buffer_put_bignum2(msg, keypair->RSA_key->n); // p~q
+ buffer_put_bignum2(msg, keypair->rsa->e); // ŒöŠJŽw”
+ buffer_put_bignum2(msg, keypair->rsa->n); // p~q
- } else { // DSA
- s = get_SSH2_keyname(keypair);
+ }
+ else if (keypair->type == KEY_RSA) { // DSA
+ s = get_sshname_from_key(keypair);
buffer_put_string(msg, s, strlen(s));
- buffer_put_bignum2(msg, keypair->DSA_key->p); // ‘f”
- buffer_put_bignum2(msg, keypair->DSA_key->q); // (p-1)‚Ì‘fˆö”
- buffer_put_bignum2(msg, keypair->DSA_key->g); // ®”
- buffer_put_bignum2(msg, keypair->DSA_key->pub_key); // ŒöŠJŒ®
+ buffer_put_bignum2(msg, keypair->dsa->p); // ‘f”
+ buffer_put_bignum2(msg, keypair->dsa->q); // (p-1)‚Ì‘fˆö”
+ buffer_put_bignum2(msg, keypair->dsa->g); // ®”
+ buffer_put_bignum2(msg, keypair->dsa->pub_key); // ŒöŠJŒ®
}
+ else {
+ return FALSE;
+ }
+
*blobptr = msg;
*bloblen = buffer_len(msg);
Modified: trunk/ttssh2/ttxssh/key.h
===================================================================
--- trunk/ttssh2/ttxssh/key.h 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/key.h 2011-02-15 09:00:01 UTC (rev 4307)
@@ -28,27 +28,21 @@
#include "ttxssh.h"
-#if 0
-int ssh_dss_verify(DSA *key,
- u_char *signature, u_int signaturelen,
- u_char *data, u_int datalen);
-int ssh_rsa_verify(RSA *key,
- u_char *signature, u_int signaturelen,
- u_char *data, u_int datalen);
-#endif
-int key_verify(RSA *rsa_key, DSA *dsa_key,
+int key_verify(Key *key,
unsigned char *signature, unsigned int signaturelen,
unsigned char *data, unsigned int datalen);
RSA *duplicate_RSA(RSA *src);
DSA *duplicate_DSA(DSA *src);
-char* key_fingerprint_raw(Key *k, int *dgst_raw_length);
+char* key_fingerprint_raw(Key *k, int *dgst_raw_length);
char *key_fingerprint(Key *key, enum fp_rep dgst_rep);
-void key_free(Key *key);
+
+const char *key_type(const Key *k);
char *get_sshname_from_key(Key *key);
enum hostkey_type get_keytype_from_name(char *name);
+
+void key_free(Key *key);
int key_to_blob(Key *key, char **blobp, int *lenp);
Key *key_from_blob(char *data, int blen);
-char *get_SSH2_keyname(CRYPTKeyPair *keypair);
-BOOL generate_SSH2_keysign(CRYPTKeyPair *keypair, char **sigptr, int *siglen, char *data, int datalen);
BOOL get_SSH2_publickey_blob(PTInstVar pvar, buffer_t **blobptr, int *bloblen);
+BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen);
Modified: trunk/ttssh2/ttxssh/keyfiles.c
===================================================================
--- trunk/ttssh2/ttxssh/keyfiles.c 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/keyfiles.c 2011-02-15 09:00:01 UTC (rev 4307)
@@ -33,6 +33,7 @@
#include "ttxssh.h"
#include "keyfiles.h"
+#include "key.h"
#include <io.h>
#include <fcntl.h>
@@ -91,11 +92,11 @@
return OK;
}
-static RSA FAR *read_RSA_private_key(PTInstVar pvar,
- char FAR * relative_name,
- char FAR * passphrase,
- BOOL FAR * invalid_passphrase,
- BOOL is_auto_login)
+static RSA *read_RSA_private_key(PTInstVar pvar,
+ char * relative_name,
+ char * passphrase,
+ BOOL * invalid_passphrase,
+ BOOL is_auto_login)
{
char filename[2048];
int fd;
@@ -310,26 +311,25 @@
return key;
}
-CRYPTKeyPair FAR *KEYFILES_read_private_key(PTInstVar pvar,
- char FAR * relative_name,
- char FAR * passphrase,
- BOOL FAR * invalid_passphrase,
- BOOL is_auto_login)
+Key *KEYFILES_read_private_key(PTInstVar pvar,
+ char * relative_name,
+ char * passphrase,
+ BOOL * invalid_passphrase,
+ BOOL is_auto_login)
{
- RSA FAR *RSA_key = read_RSA_private_key(pvar, relative_name,
- passphrase, invalid_passphrase,
- is_auto_login);
+ RSA *RSA_key = read_RSA_private_key(pvar, relative_name,
+ passphrase, invalid_passphrase,
+ is_auto_login);
if (RSA_key == NULL) {
return FALSE;
} else {
- CRYPTKeyPair FAR *result =
- (CRYPTKeyPair FAR *) malloc(sizeof(CRYPTKeyPair));
+ Key *result = (Key *) malloc(sizeof(Key));
// ƒtƒŠ[‚·‚é‚Æ‚«‚É 0 ‚©‚Ç‚¤‚©‚Å”»•Ê‚·‚邽‚ߒljÁB(2004.12.20 yutaka)
- ZeroMemory(result, sizeof(CRYPTKeyPair));
+ ZeroMemory(result, sizeof(Key));
- result->RSA_key = RSA_key;
+ result->rsa = RSA_key;
return result;
}
}
@@ -339,17 +339,17 @@
// SSH2
//
-CRYPTKeyPair *read_SSH2_private_key(PTInstVar pvar,
- char FAR * relative_name,
- char FAR * passphrase,
- BOOL FAR * invalid_passphrase,
- BOOL is_auto_login,
- char *errmsg,
- int errmsg_len)
+Key *read_SSH2_private_key(PTInstVar pvar,
+ char * relative_name,
+ char * passphrase,
+ BOOL * invalid_passphrase,
+ BOOL is_auto_login,
+ char *errmsg,
+ int errmsg_len)
{
char filename[2048];
FILE *fp = NULL;
- CRYPTKeyPair *result = NULL;
+ Key *result = NULL;
EVP_PKEY *pk = NULL;
unsigned long err = 0;
@@ -368,8 +368,8 @@
goto error;
}
- result = (CRYPTKeyPair *)malloc(sizeof(CRYPTKeyPair));
- ZeroMemory(result, sizeof(CRYPTKeyPair));
+ result = (Key *)malloc(sizeof(Key));
+ ZeroMemory(result, sizeof(Key));
// ƒtƒ@ƒCƒ‹‚©‚çƒpƒXƒtƒŒ[ƒY‚ðŒ³‚É”é–§Œ®‚ð“Ç‚Ýž‚ÞB
pk = PEM_read_PrivateKey(fp, NULL, NULL, passphrase);
@@ -381,19 +381,21 @@
}
if (pk->type == EVP_PKEY_RSA) { // RSA key
- result->RSA_key = EVP_PKEY_get1_RSA(pk);
- result->DSA_key = NULL;
+ result->type = KEY_RSA;
+ result->rsa = EVP_PKEY_get1_RSA(pk);
+ result->dsa = NULL;
// RSA–Ú‚‚ç‚Ü‚µ‚ð—LŒø‚É‚·‚éiƒ^ƒCƒ~ƒ“ƒOUŒ‚‚©‚ç‚Ì–hŒäj
- if (RSA_blinding_on(result->RSA_key, NULL) != 1) {
+ if (RSA_blinding_on(result->rsa, NULL) != 1) {
err = ERR_get_error();
ERR_error_string_n(err, errmsg, errmsg_len);
goto error;
}
} else if (pk->type == EVP_PKEY_DSA) { // DSA key
- result->RSA_key = NULL;
- result->DSA_key = EVP_PKEY_get1_DSA(pk);
+ result->type = KEY_DSA;
+ result->rsa = NULL;
+ result->dsa = EVP_PKEY_get1_DSA(pk);
} else {
goto error;
@@ -410,7 +412,7 @@
EVP_PKEY_free(pk);
if (result != NULL)
- CRYPT_free_key_pair(result);
+ key_free(result);
if (fp != NULL)
fclose(fp);
Modified: trunk/ttssh2/ttxssh/keyfiles.h
===================================================================
--- trunk/ttssh2/ttxssh/keyfiles.h 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/keyfiles.h 2011-02-15 09:00:01 UTC (rev 4307)
@@ -34,16 +34,18 @@
#ifndef __KEYFILES_H
#define __KEYFILES_H
-CRYPTKeyPair FAR * KEYFILES_read_private_key(PTInstVar pvar, char FAR * relative_name,
- char FAR * passphrase, BOOL FAR * invalid_passphrase,
- BOOL is_auto_login);
+Key * KEYFILES_read_private_key(PTInstVar pvar,
+ char * relative_name,
+ char * passphrase,
+ BOOL * invalid_passphrase,
+ BOOL is_auto_login);
-CRYPTKeyPair *read_SSH2_private_key(PTInstVar pvar,
- char FAR * relative_name,
- char FAR * passphrase,
- BOOL FAR * invalid_passphrase,
- BOOL is_auto_login,
- char *errmsg,
- int errmsg_len);
+Key *read_SSH2_private_key(PTInstVar pvar,
+ char * relative_name,
+ char * passphrase,
+ BOOL * invalid_passphrase,
+ BOOL is_auto_login,
+ char *errmsg,
+ int errmsg_len);
#endif
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/ssh.c 2011-02-15 09:00:01 UTC (rev 4307)
@@ -2473,7 +2473,7 @@
break;
}
case SSH_AUTH_RSA:{
- int len = BN_num_bytes(cred->key_pair->RSA_key->n);
+ int len = BN_num_bytes(cred->key_pair->rsa->n);
unsigned char FAR *outmsg =
begin_send_packet(pvar, SSH_CMSG_AUTH_RSA, 2 + len);
@@ -2482,15 +2482,15 @@
LOG_LEVEL_VERBOSE);
set_ushort16_MSBfirst(outmsg, len * 8);
- BN_bn2bin(cred->key_pair->RSA_key->n, outmsg + 2);
+ BN_bn2bin(cred->key_pair->rsa->n, outmsg + 2);
/* don't destroy the current credentials yet */
enque_handlers(pvar, 2, RSA_msgs, RSA_handlers);
break;
}
case SSH_AUTH_RHOSTS_RSA:{
- int mod_len = BN_num_bytes(cred->key_pair->RSA_key->n);
+ int mod_len = BN_num_bytes(cred->key_pair->rsa->n);
int name_len = strlen(cred->rhosts_client_user);
- int exp_len = BN_num_bytes(cred->key_pair->RSA_key->e);
+ int exp_len = BN_num_bytes(cred->key_pair->rsa->e);
int index;
unsigned char FAR *outmsg =
begin_send_packet(pvar, SSH_CMSG_AUTH_RHOSTS_RSA,
@@ -2506,11 +2506,11 @@
set_uint32(outmsg + index, 8 * mod_len);
set_ushort16_MSBfirst(outmsg + index + 4, 8 * exp_len);
- BN_bn2bin(cred->key_pair->RSA_key->e, outmsg + index + 6);
+ BN_bn2bin(cred->key_pair->rsa->e, outmsg + index + 6);
index += 6 + exp_len;
set_ushort16_MSBfirst(outmsg + index, 8 * mod_len);
- BN_bn2bin(cred->key_pair->RSA_key->n, outmsg + index + 2);
+ BN_bn2bin(cred->key_pair->rsa->n, outmsg + index + 2);
/* don't destroy the current credentials yet */
enque_handlers(pvar, 2, RSA_msgs, RSA_handlers);
break;
@@ -4515,26 +4515,13 @@
msg = tmp;
goto error;
}
- if (strcmp(str_keytype, "ssh-rsa") == 0) {
- pvar->hostkey_type = KEY_RSA;
- } else if (strcmp(str_keytype, "ssh-dss") == 0) {
- pvar->hostkey_type = KEY_DSA;
- } else if (strcmp(str_keytype, "rsa1") == 0) {
- pvar->hostkey_type = KEY_RSA1;
- } else if (strcmp(str_keytype, "rsa") == 0) {
- pvar->hostkey_type = KEY_RSA;
- } else if (strcmp(str_keytype, "dsa") == 0) {
- pvar->hostkey_type = KEY_DSA;
- }
-#if 0
- // TODO: Œ»ó‚Í KEY_RSA ‚µ‚©ƒTƒ|[ƒg‚µ‚Ä‚¢‚È‚¢ (2004.10.24 yutaka)
- if (pvar->hostkey_type != KEY_RSA) {
- strcpy(tmp, "unknown KEY type: ");
- strcat(tmp, buf);
+ pvar->hostkey_type = get_keytype_from_name(str_keytype);
+ if (pvar->hostkey_type == KEY_UNSPEC) {
+ strncpy_s(tmp, sizeof(tmp), "unknown host KEY type: ", _TRUNCATE);
+ strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE);
msg = tmp;
goto error;
}
-#endif
_snprintf_s(buf, sizeof(buf), _TRUNCATE,
"server host key algorithm: %s", str_keytype);
@@ -4925,10 +4912,7 @@
int len;
int offset = 0;
char *server_host_key_blob;
- int bloblen, keynamelen, siglen;
- char key[128];
- RSA *rsa = NULL;
- DSA *dsa = NULL;
+ int bloblen, siglen;
BIGNUM *dh_server_pub = NULL;
char *signature;
int dh_len, share_len;
@@ -4937,7 +4921,7 @@
char *hash;
char *emsg, emsg_tmp[1024]; // error message
int ret, hashlen;
- Key hostkey; // hostkey
+ Key *hostkey; // hostkey
notify_verbose_message(pvar, "SSH2_MSG_KEXDH_REPLY was received.", LOG_LEVEL_VERBOSE);
@@ -4959,83 +4943,21 @@
push_memdump("KEXDH_REPLY", "server_host_key_blob", server_host_key_blob, bloblen);
- // key_from_blob()#key.c ‚̈—‚ªˆÈ‰º‚©‚çŽn‚Ü‚éB
- // known_hostsŒŸØ—p‚Ì server_host_key ‚Í rsa or dsa ‚Æ‚È‚éB
- keynamelen = get_uint32_MSBfirst(data);
- if (keynamelen >= 128) {
- emsg = "keyname length too big @ handle_SSH2_dh_kex_reply()";
+ hostkey = key_from_blob(data, bloblen);
+ if (hostkey == NULL) {
+ emsg = "key_from_blob error @ handle_SSH2_dh_gex_reply()";
goto error;
}
- data +=4 ;
- memcpy(key, data, keynamelen);
- key[keynamelen] = 0;
- data += keynamelen;
+ data += bloblen;
- push_memdump("KEXDH_REPLY", "keyname", key, keynamelen);
-
- // RSA key
- if (strcmp(key, "ssh-rsa") == 0) {
- rsa = RSA_new();
- if (rsa == NULL) {
- emsg = "Out of memory1 @ handle_SSH2_dh_kex_reply()";
- goto error;
- }
- rsa->n = BN_new();
- rsa->e = BN_new();
- if (rsa->n == NULL || rsa->e == NULL) {
- emsg = "Out of memory2 @ handle_SSH2_dh_kex_reply()";
- goto error;
- }
-
- buffer_get_bignum2(&data, rsa->e);
- buffer_get_bignum2(&data, rsa->n);
-
- hostkey.type = KEY_RSA;
- hostkey.rsa = rsa;
-
- } else if (strcmp(key, "ssh-dss") == 0) { // DSA key
- dsa = DSA_new();
- if (dsa == NULL) {
- emsg = "Out of memory3 @ handle_SSH2_dh_kex_reply()";
- goto error;
- }
- dsa->p = BN_new();
- dsa->q = BN_new();
- dsa->g = BN_new();
- dsa->pub_key = BN_new();
- if (dsa->p == NULL ||
- dsa->q == NULL ||
- dsa->g == NULL ||
- dsa->pub_key == NULL) {
- emsg = "Out of memory4 @ handle_SSH2_dh_kex_reply()";
- goto error;
- }
-
- buffer_get_bignum2(&data, dsa->p);
- buffer_get_bignum2(&data, dsa->q);
- buffer_get_bignum2(&data, dsa->g);
- buffer_get_bignum2(&data, dsa->pub_key);
-
- hostkey.type = KEY_DSA;
- hostkey.dsa = dsa;
-
- } else {
- // unknown key
- _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "Unknown key type(%s) @ handle_SSH2_dh_kex_reply()", key);
- emsg = emsg_tmp;
- goto error;
-
- }
-
// known_hosts‘Ήž (2006.3.20 yutaka)
- if (hostkey.type != pvar->hostkey_type) { // ƒzƒXƒgƒL[‚ÌŽí•Ê”äŠr
+ if (hostkey->type != pvar->hostkey_type) { // ƒzƒXƒgƒL[‚ÌŽí•Ê”äŠr
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
"type mismatch for decoded server_host_key_blob @ %s", __FUNCTION__);
emsg = emsg_tmp;
goto error;
}
- HOSTS_check_host_key(pvar, pvar->ssh_state.hostname, pvar->ssh_state.tcpport, &hostkey);
+ HOSTS_check_host_key(pvar, pvar->ssh_state.hostname, pvar->ssh_state.tcpport, hostkey);
if (pvar->socket == INVALID_SOCKET) {
emsg = "Server disconnected @ handle_SSH2_dh_kex_reply()";
goto error;
@@ -5043,7 +4965,7 @@
dh_server_pub = BN_new();
if (dh_server_pub == NULL) {
- emsg = "Out of memory5 @ handle_SSH2_dh_kex_reply()";
+ emsg = "Out of memory1 @ handle_SSH2_dh_kex_reply()";
goto error;
}
@@ -5064,13 +4986,13 @@
dh_len = DH_size(pvar->kexdh);
dh_buf = malloc(dh_len);
if (dh_buf == NULL) {
- emsg = "Out of memory6 @ handle_SSH2_dh_kex_reply()";
+ emsg = "Out of memory2 @ handle_SSH2_dh_kex_reply()";
goto error;
}
share_len = DH_compute_key(dh_buf, dh_server_pub, pvar->kexdh);
share_key = BN_new();
if (share_key == NULL) {
- emsg = "Out of memory7 @ handle_SSH2_dh_kex_reply()";
+ emsg = "Out of memory3 @ handle_SSH2_dh_kex_reply()";
goto error;
}
// 'share_key'‚ªƒT[ƒo‚ƃNƒ‰ƒCƒAƒ“ƒg‚Å‹¤—L‚·‚錮iG^A~B mod Pj‚Æ‚È‚éB
@@ -5117,12 +5039,12 @@
}
}
- if ((ret = key_verify(rsa, dsa, signature, siglen, hash, hashlen)) != 1) {
- if (ret == -3 && rsa != NULL) {
+ if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) {
+ if (ret == -3 && hostkey->type == KEY_RSA) {
if (!pvar->settings.EnableRsaShortKeyServer) {
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
"key verify error(remote rsa key length is too short %d-bit) "
- "@ handle_SSH2_dh_kex_reply()", BN_num_bits(rsa->n));
+ "@ handle_SSH2_dh_kex_reply()", BN_num_bits(hostkey->rsa->n));
}
else {
goto cont;
@@ -5184,17 +5106,15 @@
SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka)
BN_free(dh_server_pub);
- RSA_free(rsa);
- DSA_free(dsa);
+ key_free(hostkey);
DH_free(pvar->kexdh); pvar->kexdh = NULL;
free(dh_buf);
return TRUE;
error:
- RSA_free(rsa);
- DSA_free(dsa);
- DH_free(pvar->kexdh); pvar->kexdh = NULL;
BN_free(dh_server_pub);
+ DH_free(pvar->kexdh); pvar->kexdh = NULL;
+ key_free(hostkey);
free(dh_buf);
BN_free(share_key);
@@ -5215,10 +5135,7 @@
int len;
int offset = 0;
char *server_host_key_blob;
- int bloblen, keynamelen, siglen;
- char key[128];
- RSA *rsa = NULL;
- DSA *dsa = NULL;
+ int bloblen, siglen;
BIGNUM *dh_server_pub = NULL;
char *signature;
int dh_len, share_len;
@@ -5227,7 +5144,7 @@
char *hash;
char *emsg, emsg_tmp[1024]; // error message
int ret, hashlen;
- Key hostkey; // hostkey
+ Key *hostkey = NULL; // hostkey
notify_verbose_message(pvar, "SSH2_MSG_KEX_DH_GEX_REPLY was received.", LOG_LEVEL_VERBOSE);
@@ -5249,83 +5166,21 @@
push_memdump("DH_GEX_REPLY", "server_host_key_blob", server_host_key_blob, bloblen);
- // key_from_blob()#key.c ‚̈—‚ªˆÈ‰º‚©‚çŽn‚Ü‚éB
- // known_hostsŒŸØ—p‚Ì server_host_key ‚Í rsa or dsa ‚Æ‚È‚éB
- keynamelen = get_uint32_MSBfirst(data);
- if (keynamelen >= 128) {
- emsg = "keyname length too big @ handle_SSH2_dh_gex_reply()";
+ hostkey = key_from_blob(data, bloblen);
+ if (hostkey == NULL) {
+ emsg = "key_from_blob error @ handle_SSH2_dh_gex_reply()";
goto error;
}
- data +=4 ;
- memcpy(key, data, keynamelen);
- key[keynamelen] = 0;
- data += keynamelen;
+ data += bloblen;
- push_memdump("DH_GEX_REPLY", "keyname", key, keynamelen);
-
- // RSA key
- if (strcmp(key, "ssh-rsa") == 0) {
- rsa = RSA_new();
- if (rsa == NULL) {
- emsg = "Out of memory1 @ handle_SSH2_dh_gex_reply()";
- goto error;
- }
- rsa->n = BN_new();
- rsa->e = BN_new();
- if (rsa->n == NULL || rsa->e == NULL) {
- emsg = "Out of memory2 @ handle_SSH2_dh_gex_reply()";
- goto error;
- }
-
- buffer_get_bignum2(&data, rsa->e);
- buffer_get_bignum2(&data, rsa->n);
-
- hostkey.type = KEY_RSA;
- hostkey.rsa = rsa;
-
- } else if (strcmp(key, "ssh-dss") == 0) { // DSA key
- dsa = DSA_new();
- if (dsa == NULL) {
- emsg = "Out of memory3 @ handle_SSH2_dh_gex_reply()";
- goto error;
- }
- dsa->p = BN_new();
- dsa->q = BN_new();
- dsa->g = BN_new();
- dsa->pub_key = BN_new();
- if (dsa->p == NULL ||
- dsa->q == NULL ||
- dsa->g == NULL ||
- dsa->pub_key == NULL) {
- emsg = "Out of memory4 @ handle_SSH2_dh_gex_reply()";
- goto error;
- }
-
- buffer_get_bignum2(&data, dsa->p);
- buffer_get_bignum2(&data, dsa->q);
- buffer_get_bignum2(&data, dsa->g);
- buffer_get_bignum2(&data, dsa->pub_key);
-
- hostkey.type = KEY_DSA;
- hostkey.dsa = dsa;
-
- } else {
- // unknown key
- _snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
- "Unknown key type(%s) @ handle_SSH2_dh_gex_reply()", key);
- emsg = emsg_tmp;
- goto error;
-
- }
-
// known_hosts‘Ήž (2006.3.20 yutaka)
- if (hostkey.type != pvar->hostkey_type) { // ƒzƒXƒgƒL[‚ÌŽí•Ê”äŠr
+ if (hostkey->type != pvar->hostkey_type) { // ƒzƒXƒgƒL[‚ÌŽí•Ê”äŠr
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
"type mismatch for decoded server_host_key_blob @ %s", __FUNCTION__);
emsg = emsg_tmp;
goto error;
}
- HOSTS_check_host_key(pvar, pvar->ssh_state.hostname, pvar->ssh_state.tcpport, &hostkey);
+ HOSTS_check_host_key(pvar, pvar->ssh_state.hostname, pvar->ssh_state.tcpport, hostkey);
if (pvar->socket == INVALID_SOCKET) {
emsg = "Server disconnected @ handle_SSH2_dh_gex_reply()";
goto error;
@@ -5333,7 +5188,7 @@
dh_server_pub = BN_new();
if (dh_server_pub == NULL) {
- emsg = "Out of memory5 @ handle_SSH2_dh_gex_reply()";
+ emsg = "Out of memory1 @ handle_SSH2_dh_gex_reply()";
goto error;
}
@@ -5355,13 +5210,13 @@
dh_len = DH_size(pvar->kexdh);
dh_buf = malloc(dh_len);
if (dh_buf == NULL) {
- emsg = "Out of memory6 @ handle_SSH2_dh_gex_reply()";
+ emsg = "Out of memory2 @ handle_SSH2_dh_gex_reply()";
goto error;
}
share_len = DH_compute_key(dh_buf, dh_server_pub, pvar->kexdh);
share_key = BN_new();
if (share_key == NULL) {
- emsg = "Out of memory7 @ handle_SSH2_dh_gex_reply()";
+ emsg = "Out of memory3 @ handle_SSH2_dh_gex_reply()";
goto error;
}
// 'share_key'‚ªƒT[ƒo‚ƃNƒ‰ƒCƒAƒ“ƒg‚Å‹¤—L‚·‚錮iG^A~B mod Pj‚Æ‚È‚éB
@@ -5417,12 +5272,12 @@
}
}
- if ((ret = key_verify(rsa, dsa, signature, siglen, hash, hashlen)) != 1) {
- if (ret == -3 && rsa != NULL) {
+ if ((ret = key_verify(hostkey, signature, siglen, hash, hashlen)) != 1) {
+ if (ret == -3 && hostkey->type == KEY_RSA) {
if (!pvar->settings.EnableRsaShortKeyServer) {
_snprintf_s(emsg_tmp, sizeof(emsg_tmp), _TRUNCATE,
"key verify error(remote rsa key length is too short %d-bit) "
- "@ handle_SSH2_dh_gex_reply", BN_num_bits(rsa->n));
+ "@ handle_SSH2_dh_gex_reply()", BN_num_bits(hostkey->rsa->n));
}
else {
goto cont;
@@ -5484,17 +5339,15 @@
SSH2_dispatch_add_message(SSH2_MSG_IGNORE); // XXX: Tru64 UNIX workaround (2005.3.5 yutaka)
BN_free(dh_server_pub);
- RSA_free(rsa);
- DSA_free(dsa);
+ key_free(hostkey);
DH_free(pvar->kexdh); pvar->kexdh = NULL;
free(dh_buf);
return TRUE;
error:
- RSA_free(rsa);
- DSA_free(dsa);
- DH_free(pvar->kexdh); pvar->kexdh = NULL;
BN_free(dh_server_pub);
+ key_free(hostkey);
+ DH_free(pvar->kexdh); pvar->kexdh = NULL;
free(dh_buf);
BN_free(share_key);
@@ -5765,7 +5618,7 @@
int bloblen;
char *signature = NULL;
int siglen;
- CRYPTKeyPair *keypair = pvar->auth_state.cur_cred.key_pair;
+ Key *keypair = pvar->auth_state.cur_cred.key_pair;
if (get_SSH2_publickey_blob(pvar, &blob, &bloblen) == FALSE) {
goto error;
@@ -5787,7 +5640,7 @@
s = "publickey";
buffer_put_string(signbuf, s, strlen(s));
buffer_put_char(signbuf, 1); // true
- s = get_SSH2_keyname(keypair); // key type‚ɉž‚¶‚½•¶Žš—ñ‚𓾂é
+ s = get_sshname_from_key(keypair); // key type‚ɉž‚¶‚½•¶Žš—ñ‚𓾂é
buffer_put_string(signbuf, s, strlen(s));
s = buffer_ptr(blob);
buffer_append_length(signbuf, s, bloblen);
@@ -5805,7 +5658,7 @@
s = "publickey";
buffer_put_string(msg, s, strlen(s));
buffer_put_char(msg, 1); // true
- s = get_SSH2_keyname(keypair); // key type‚ɉž‚¶‚½•¶Žš—ñ‚𓾂é
+ s = get_sshname_from_key(keypair); // key type‚ɉž‚¶‚½•¶Žš—ñ‚𓾂é
buffer_put_string(msg, s, strlen(s));
s = buffer_ptr(blob);
buffer_append_length(msg, s, bloblen);
Modified: trunk/ttssh2/ttxssh/ssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ssh.h 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/ssh.h 2011-02-15 09:00:01 UTC (rev 4307)
@@ -194,7 +194,7 @@
#define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3
#define SSH2_OPEN_RESOURCE_SHORTAGE 4
-enum hostkey_type {
+enum ssh_keytype {
KEY_RSA1,
KEY_RSA,
KEY_DSA,
@@ -406,7 +406,7 @@
// ƒzƒXƒgƒL[(SSH1, SSH2ŠÜ‚Þ)‚̃f[ƒ^\‘¢ (2006.3.21 yutaka)
typedef struct Key {
// host key type
- enum hostkey_type type;
+ enum ssh_keytype type;
// SSH2 RSA
RSA *rsa;
// SSH2 DSA
Modified: trunk/ttssh2/ttxssh/ttxssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.c 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/ttxssh.c 2011-02-15 09:00:01 UTC (rev 4307)
@@ -99,9 +99,9 @@
static TInstVar FAR *pvar;
typedef struct {
- int cnt;
- HWND dlg;
- enum hostkey_type type;
+ int cnt;
+ HWND dlg;
+ enum ssh_keytype type;
} cbarg_t;
/* WIN32 allows multiple instances of a DLL */
@@ -2864,7 +2864,7 @@
typedef struct {
RSA *rsa;
DSA *dsa;
- enum hostkey_type type;
+ enum ssh_keytype type;
} ssh_private_key_t;
static ssh_private_key_t private_key = {NULL, NULL, KEY_UNSPEC};
@@ -2872,7 +2872,7 @@
typedef struct {
RSA *rsa;
DSA *dsa;
- enum hostkey_type type;
+ enum ssh_keytype type;
} ssh_public_key_t;
static ssh_public_key_t public_key = {NULL, NULL, KEY_UNSPEC};
@@ -2894,7 +2894,7 @@
public_key.type = KEY_UNSPEC;
}
-static BOOL generate_ssh_key(enum hostkey_type type, int bits, void (*cbfunc)(int, int, void *), void *cbarg)
+static BOOL generate_ssh_key(enum ssh_keytype type, int bits, void (*cbfunc)(int, int, void *), void *cbarg)
{
// if SSH key already is generated, should free the resource.
free_ssh_key();
@@ -3440,7 +3440,7 @@
static BOOL CALLBACK TTXKeyGenerator(HWND dlg, UINT msg, WPARAM wParam,
LPARAM lParam)
{
- static enum hostkey_type key_type;
+ static enum ssh_keytype key_type;
char uimsg[MAX_UIMSG];
LOGFONT logfont;
HFONT font;
Modified: trunk/ttssh2/ttxssh/ttxssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.h 2011-02-15 00:21:10 UTC (rev 4306)
+++ trunk/ttssh2/ttxssh/ttxssh.h 2011-02-15 09:00:01 UTC (rev 4307)
@@ -200,7 +200,7 @@
buffer_t *my_kex;
buffer_t *peer_kex;
enum kex_algorithm kex_type; // KEX algorithm
- enum hostkey_type hostkey_type;
+ enum ssh_keytype hostkey_type;
SSHCipher ctos_cipher;
SSHCipher stoc_cipher;
enum hmac_type ctos_hmac;