extern Socket ssh_connection_sharing_init(const char *host, int port,
Conf *conf, Ssh ssh, void **state);
+int ssh_share_test_for_upstream(const char *host, int port, Conf *conf);
void share_got_pkt_from_server(void *ctx, int type,
unsigned char *pkt, int pktlen);
void share_activate(void *state, const char *server_verstring);
void ssh_send_packet_from_downstream(Ssh ssh, unsigned id, int type,
const void *pkt, int pktlen,
const char *additional_log_text);
-void ssh_sharing_downstream_connected(Ssh ssh, unsigned id);
+void ssh_sharing_downstream_connected(Ssh ssh, unsigned id,
+ const char *peerinfo);
void ssh_sharing_downstream_disconnected(Ssh ssh, unsigned id);
void ssh_sharing_logf(Ssh ssh, unsigned id, const char *logfmt, ...);
int ssh_agent_forwarding_permitted(Ssh ssh);
struct ec_curve {
enum { EC_WEIERSTRASS, EC_MONTGOMERY, EC_EDWARDS } type;
+ /* 'name' is the identifier of the curve when it has to appear in
+ * wire protocol encodings, as it does in e.g. the public key and
+ * signature formats for NIST curves. Curves which do not format
+ * their keys or signatures in this way just have name==NULL.
+ *
+ * 'textname' is non-NULL for all curves, and is a human-readable
+ * identification suitable for putting in log messages. */
+ const char *name, *textname;
unsigned int fieldBits;
Bignum p;
union {
};
};
-extern unsigned char nistp256_oid[];
-extern unsigned char nistp384_oid[];
-extern unsigned char nistp521_oid[];
-extern unsigned char curve25519_oid[];
-extern int nistp256_oid_len;
-extern int nistp384_oid_len;
-extern int nistp521_oid_len;
-extern int curve25519_oid_len;
-struct ec_curve *ec_p256(void);
-struct ec_curve *ec_p384(void);
-struct ec_curve *ec_p521(void);
-struct ec_curve *ec_ed25519(void);
-struct ec_curve *ec_curve25519(void);
+const struct ssh_signkey *ec_alg_by_oid(int len, const void *oid,
+ const struct ec_curve **curve);
+const unsigned char *ec_alg_oid(const struct ssh_signkey *alg, int *oidlen);
+extern const int ec_nist_curve_lengths[], n_ec_nist_curve_lengths;
+const int ec_nist_alg_and_curve_by_bits(int bits,
+ const struct ec_curve **curve,
+ const struct ssh_signkey **alg);
+const int ec_ed_alg_and_curve_by_bits(int bits,
+ const struct ec_curve **curve,
+ const struct ssh_signkey **alg);
+
+struct ssh_signkey;
struct ec_key {
+ const struct ssh_signkey *signalg;
struct ec_point publicKey;
Bignum privateKey;
};
/*
* SSH2 ECDH key exchange functions
*/
-void *ssh_ecdhkex_newkey(const char *name);
+struct ssh_kex;
+const char *ssh_ecdhkex_curve_textname(const struct ssh_kex *kex);
+void *ssh_ecdhkex_newkey(const struct ssh_kex *kex);
void ssh_ecdhkex_freekey(void *key);
char *ssh_ecdhkex_getpublic(void *key, int *len);
Bignum ssh_ecdhkex_getkey(void *key, char *remoteKey, int remoteKeyLen);
void MD5Final(unsigned char digest[16], struct MD5Context *context);
void MD5Simple(void const *p, unsigned len, unsigned char output[16]);
-void *hmacmd5_make_context(void);
+void *hmacmd5_make_context(void *);
void hmacmd5_free_context(void *handle);
void hmacmd5_key(void *handle, void const *key, int len);
void hmacmd5_do_hmac(void *handle, unsigned char const *blk, int len,
void SHA384_Final(SHA384_State * s, unsigned char *output);
void SHA384_Simple(const void *p, int len, unsigned char *output);
+struct ssh_mac;
struct ssh_cipher {
void *(*make_context)(void);
void (*free_context)(void *);
void (*encrypt) (void *, unsigned char *blk, int len);
void (*decrypt) (void *, unsigned char *blk, int len);
int blksize;
- char *text_name;
+ const char *text_name;
};
struct ssh2_cipher {
void (*setkey) (void *, unsigned char *key);/* for SSH-2 */
void (*encrypt) (void *, unsigned char *blk, int len);
void (*decrypt) (void *, unsigned char *blk, int len);
- char *name;
+ /* Ignored unless SSH_CIPHER_SEPARATE_LENGTH flag set */
+ void (*encrypt_length) (void *, unsigned char *blk, int len, unsigned long seq);
+ void (*decrypt_length) (void *, unsigned char *blk, int len, unsigned long seq);
+ const char *name;
int blksize;
- int keylen;
+ /* real_keybits is the number of bits of entropy genuinely used by
+ * the cipher scheme; it's used for deciding how big a
+ * Diffie-Hellman group is needed to exchange a key for the
+ * cipher. */
+ int real_keybits;
+ /* padded_keybytes is the number of bytes of key data expected as
+ * input to the setkey function; it's used for deciding how much
+ * data needs to be generated from the post-kex generation of key
+ * material. In a sensible cipher which uses all its key bytes for
+ * real work, this will just be real_keybits/8, but in DES-type
+ * ciphers which ignore one bit in each byte, it'll be slightly
+ * different. */
+ int padded_keybytes;
unsigned int flags;
#define SSH_CIPHER_IS_CBC 1
- char *text_name;
+#define SSH_CIPHER_SEPARATE_LENGTH 2
+ const char *text_name;
+ /* If set, this takes priority over other MAC. */
+ const struct ssh_mac *required_mac;
};
struct ssh2_ciphers {
};
struct ssh_mac {
- void *(*make_context)(void);
+ /* Passes in the cipher context */
+ void *(*make_context)(void *);
void (*free_context)(void *);
void (*setkey) (void *, unsigned char *key);
/* whole-packet operations */
void (*bytes) (void *, unsigned char const *, int);
void (*genresult) (void *, unsigned char *);
int (*verresult) (void *, unsigned char const *);
- char *name, *etm_name;
- int len;
- char *text_name;
+ const char *name, *etm_name;
+ int len, keylen;
+ const char *text_name;
};
struct ssh_hash {
void *(*init)(void); /* also allocates context */
+ void *(*copy)(const void *);
void (*bytes)(void *, const void *, int);
void (*final)(void *, unsigned char *); /* also frees context */
+ void (*free)(void *);
int hlen; /* output length in bytes */
- char *text_name;
+ const char *text_name;
};
struct ssh_kex {
- char *name, *groupname;
+ const char *name, *groupname;
enum { KEXTYPE_DH, KEXTYPE_RSA, KEXTYPE_ECDH } main_type;
- /* For DH */
- const unsigned char *pdata, *gdata; /* NULL means group exchange */
- int plen, glen;
const struct ssh_hash *hash;
+ const void *extra; /* private to the kex methods */
};
struct ssh_kexes {
};
struct ssh_signkey {
- void *(*newkey) (const char *data, int len);
+ void *(*newkey) (const struct ssh_signkey *self,
+ const char *data, int len);
void (*freekey) (void *key);
char *(*fmtkey) (void *key);
unsigned char *(*public_blob) (void *key, int *len);
unsigned char *(*private_blob) (void *key, int *len);
- void *(*createkey) (const unsigned char *pub_blob, int pub_len,
+ void *(*createkey) (const struct ssh_signkey *self,
+ const unsigned char *pub_blob, int pub_len,
const unsigned char *priv_blob, int priv_len);
- void *(*openssh_createkey) (const unsigned char **blob, int *len);
+ void *(*openssh_createkey) (const struct ssh_signkey *self,
+ const unsigned char **blob, int *len);
int (*openssh_fmtkey) (void *key, unsigned char *blob, int len);
/* OpenSSH private key blobs, as created by openssh_fmtkey and
* consumed by openssh_createkey, always (at least so far...) take
* skip over the right number to find the next key in the file.
* openssh_private_npieces gives that information. */
int openssh_private_npieces;
- int (*pubkey_bits) (const void *blob, int len);
+ int (*pubkey_bits) (const struct ssh_signkey *self,
+ const void *blob, int len);
int (*verifysig) (void *key, const char *sig, int siglen,
const char *data, int datalen);
unsigned char *(*sign) (void *key, const char *data, int datalen,
int *siglen);
- char *name;
- char *keytype; /* for host key cache */
+ const char *name;
+ const char *keytype; /* for host key cache */
+ const void *extra; /* private to the public key methods */
};
struct ssh_compress {
- char *name;
+ const char *name;
/* For zlib@openssh.com: if non-NULL, this name will be considered once
* userauth has completed successfully. */
- char *delayed_name;
+ const char *delayed_name;
void *(*compress_init) (void);
void (*compress_cleanup) (void *);
int (*compress) (void *, unsigned char *block, int len,
int (*decompress) (void *, unsigned char *block, int len,
unsigned char **outblock, int *outlen);
int (*disable_compression) (void *);
- char *text_name;
+ const char *text_name;
};
struct ssh2_userkey {
extern const struct ssh2_ciphers ssh2_aes;
extern const struct ssh2_ciphers ssh2_blowfish;
extern const struct ssh2_ciphers ssh2_arcfour;
+extern const struct ssh2_ciphers ssh2_ccp;
extern const struct ssh_hash ssh_sha1;
extern const struct ssh_hash ssh_sha256;
extern const struct ssh_hash ssh_sha384;
/*
* PuTTY version number formatted as an SSH version string.
*/
-extern char sshver[];
+extern const char sshver[];
/*
* Gross hack: pscp will try to start SFTP but fall back to scp1 if
/* Allocate and register a new channel for port forwarding */
void *new_sock_channel(void *handle, struct PortForwarding *pf);
-void ssh_send_port_open(void *channel, char *hostname, int port, char *org);
+void ssh_send_port_open(void *channel, const char *hostname, int port,
+ const char *org);
/* Exports from portfwd.c */
extern char *pfd_connect(struct PortForwarding **pf, char *hostname, int port,
void diagbn(char *prefix, Bignum md);
#endif
+int dh_is_gex(const struct ssh_kex *kex);
void *dh_setup_group(const struct ssh_kex *kex);
void *dh_setup_gex(Bignum pval, Bignum gval);
void dh_cleanup(void *);
char *ssh2_fingerprint_blob(const void *blob, int bloblen);
char *ssh2_fingerprint(const struct ssh_signkey *alg, void *data);
int key_type(const Filename *filename);
-char *key_type_to_str(int type);
+const char *key_type_to_str(int type);
int import_possible(int type);
int import_target_type(int type);