extern Socket ssh_connection_sharing_init(const char *host, int port,
Conf *conf, Ssh ssh, void **state);
+int ssh_share_test_for_upstream(const char *host, int port, Conf *conf);
void share_got_pkt_from_server(void *ctx, int type,
unsigned char *pkt, int pktlen);
void share_activate(void *state, const char *server_verstring);
void MD5Final(unsigned char digest[16], struct MD5Context *context);
void MD5Simple(void const *p, unsigned len, unsigned char output[16]);
-void *hmacmd5_make_context(void);
+void *hmacmd5_make_context(void *);
void hmacmd5_free_context(void *handle);
void hmacmd5_key(void *handle, void const *key, int len);
void hmacmd5_do_hmac(void *handle, unsigned char const *blk, int len,
void SHA384_Final(SHA384_State * s, unsigned char *output);
void SHA384_Simple(const void *p, int len, unsigned char *output);
+struct ssh_mac;
struct ssh_cipher {
void *(*make_context)(void);
void (*free_context)(void *);
void (*setkey) (void *, unsigned char *key);/* for SSH-2 */
void (*encrypt) (void *, unsigned char *blk, int len);
void (*decrypt) (void *, unsigned char *blk, int len);
+ /* Ignored unless SSH_CIPHER_SEPARATE_LENGTH flag set */
+ void (*encrypt_length) (void *, unsigned char *blk, int len, unsigned long seq);
+ void (*decrypt_length) (void *, unsigned char *blk, int len, unsigned long seq);
const char *name;
int blksize;
- int keylen;
+ /* real_keybits is the number of bits of entropy genuinely used by
+ * the cipher scheme; it's used for deciding how big a
+ * Diffie-Hellman group is needed to exchange a key for the
+ * cipher. */
+ int real_keybits;
+ /* padded_keybytes is the number of bytes of key data expected as
+ * input to the setkey function; it's used for deciding how much
+ * data needs to be generated from the post-kex generation of key
+ * material. In a sensible cipher which uses all its key bytes for
+ * real work, this will just be real_keybits/8, but in DES-type
+ * ciphers which ignore one bit in each byte, it'll be slightly
+ * different. */
+ int padded_keybytes;
unsigned int flags;
#define SSH_CIPHER_IS_CBC 1
+#define SSH_CIPHER_SEPARATE_LENGTH 2
const char *text_name;
+ /* If set, this takes priority over other MAC. */
+ const struct ssh_mac *required_mac;
};
struct ssh2_ciphers {
};
struct ssh_mac {
- void *(*make_context)(void);
+ /* Passes in the cipher context */
+ void *(*make_context)(void *);
void (*free_context)(void *);
void (*setkey) (void *, unsigned char *key);
/* whole-packet operations */
void (*genresult) (void *, unsigned char *);
int (*verresult) (void *, unsigned char const *);
const char *name, *etm_name;
- int len;
+ int len, keylen;
const char *text_name;
};
struct ssh_hash {
void *(*init)(void); /* also allocates context */
+ void *(*copy)(const void *);
void (*bytes)(void *, const void *, int);
void (*final)(void *, unsigned char *); /* also frees context */
+ void (*free)(void *);
int hlen; /* output length in bytes */
const char *text_name;
};
extern const struct ssh2_ciphers ssh2_aes;
extern const struct ssh2_ciphers ssh2_blowfish;
extern const struct ssh2_ciphers ssh2_arcfour;
+extern const struct ssh2_ciphers ssh2_ccp;
extern const struct ssh_hash ssh_sha1;
extern const struct ssh_hash ssh_sha256;
extern const struct ssh_hash ssh_sha384;