extern Socket ssh_connection_sharing_init(const char *host, int port,
Conf *conf, Ssh ssh, void **state);
+int ssh_share_test_for_upstream(const char *host, int port, Conf *conf);
void share_got_pkt_from_server(void *ctx, int type,
unsigned char *pkt, int pktlen);
void share_activate(void *state, const char *server_verstring);
void ssh_send_packet_from_downstream(Ssh ssh, unsigned id, int type,
const void *pkt, int pktlen,
const char *additional_log_text);
-void ssh_sharing_downstream_connected(Ssh ssh, unsigned id);
+void ssh_sharing_downstream_connected(Ssh ssh, unsigned id,
+ const char *peerinfo);
void ssh_sharing_downstream_disconnected(Ssh ssh, unsigned id);
void ssh_sharing_logf(Ssh ssh, unsigned id, const char *logfmt, ...);
int ssh_agent_forwarding_permitted(Ssh ssh);
struct ec_curve {
enum { EC_WEIERSTRASS, EC_MONTGOMERY, EC_EDWARDS } type;
- const char *name;
+ /* 'name' is the identifier of the curve when it has to appear in
+ * wire protocol encodings, as it does in e.g. the public key and
+ * signature formats for NIST curves. Curves which do not format
+ * their keys or signatures in this way just have name==NULL.
+ *
+ * 'textname' is non-NULL for all curves, and is a human-readable
+ * identification suitable for putting in log messages. */
+ const char *name, *textname;
unsigned int fieldBits;
Bignum p;
union {
const struct ssh_signkey *ec_alg_by_oid(int len, const void *oid,
const struct ec_curve **curve);
const unsigned char *ec_alg_oid(const struct ssh_signkey *alg, int *oidlen);
-const int ec_nist_alg_and_curve_by_bits(int bits,
- const struct ec_curve **curve,
- const struct ssh_signkey **alg);
-const int ec_ed_alg_and_curve_by_bits(int bits,
- const struct ec_curve **curve,
- const struct ssh_signkey **alg);
+extern const int ec_nist_curve_lengths[], n_ec_nist_curve_lengths;
+int ec_nist_alg_and_curve_by_bits(int bits,
+ const struct ec_curve **curve,
+ const struct ssh_signkey **alg);
+int ec_ed_alg_and_curve_by_bits(int bits,
+ const struct ec_curve **curve,
+ const struct ssh_signkey **alg);
struct ssh_signkey;
* SSH2 ECDH key exchange functions
*/
struct ssh_kex;
+const char *ssh_ecdhkex_curve_textname(const struct ssh_kex *kex);
void *ssh_ecdhkex_newkey(const struct ssh_kex *kex);
void ssh_ecdhkex_freekey(void *key);
char *ssh_ecdhkex_getpublic(void *key, int *len);
void MD5Final(unsigned char digest[16], struct MD5Context *context);
void MD5Simple(void const *p, unsigned len, unsigned char output[16]);
-void *hmacmd5_make_context(void);
+void *hmacmd5_make_context(void *);
void hmacmd5_free_context(void *handle);
void hmacmd5_key(void *handle, void const *key, int len);
void hmacmd5_do_hmac(void *handle, unsigned char const *blk, int len,
void SHA384_Final(SHA384_State * s, unsigned char *output);
void SHA384_Simple(const void *p, int len, unsigned char *output);
+struct ssh_mac;
struct ssh_cipher {
void *(*make_context)(void);
void (*free_context)(void *);
void (*setkey) (void *, unsigned char *key);/* for SSH-2 */
void (*encrypt) (void *, unsigned char *blk, int len);
void (*decrypt) (void *, unsigned char *blk, int len);
+ /* Ignored unless SSH_CIPHER_SEPARATE_LENGTH flag set */
+ void (*encrypt_length) (void *, unsigned char *blk, int len, unsigned long seq);
+ void (*decrypt_length) (void *, unsigned char *blk, int len, unsigned long seq);
const char *name;
int blksize;
- int keylen;
+ /* real_keybits is the number of bits of entropy genuinely used by
+ * the cipher scheme; it's used for deciding how big a
+ * Diffie-Hellman group is needed to exchange a key for the
+ * cipher. */
+ int real_keybits;
+ /* padded_keybytes is the number of bytes of key data expected as
+ * input to the setkey function; it's used for deciding how much
+ * data needs to be generated from the post-kex generation of key
+ * material. In a sensible cipher which uses all its key bytes for
+ * real work, this will just be real_keybits/8, but in DES-type
+ * ciphers which ignore one bit in each byte, it'll be slightly
+ * different. */
+ int padded_keybytes;
unsigned int flags;
#define SSH_CIPHER_IS_CBC 1
+#define SSH_CIPHER_SEPARATE_LENGTH 2
const char *text_name;
+ /* If set, this takes priority over other MAC. */
+ const struct ssh_mac *required_mac;
};
struct ssh2_ciphers {
};
struct ssh_mac {
- void *(*make_context)(void);
+ /* Passes in the cipher context */
+ void *(*make_context)(void *);
void (*free_context)(void *);
void (*setkey) (void *, unsigned char *key);
/* whole-packet operations */
void (*genresult) (void *, unsigned char *);
int (*verresult) (void *, unsigned char const *);
const char *name, *etm_name;
- int len;
+ int len, keylen;
const char *text_name;
};
struct ssh_hash {
void *(*init)(void); /* also allocates context */
+ void *(*copy)(const void *);
void (*bytes)(void *, const void *, int);
void (*final)(void *, unsigned char *); /* also frees context */
+ void (*free)(void *);
int hlen; /* output length in bytes */
const char *text_name;
};
extern const struct ssh2_ciphers ssh2_aes;
extern const struct ssh2_ciphers ssh2_blowfish;
extern const struct ssh2_ciphers ssh2_arcfour;
+extern const struct ssh2_ciphers ssh2_ccp;
extern const struct ssh_hash ssh_sha1;
extern const struct ssh_hash ssh_sha256;
extern const struct ssh_hash ssh_sha384;
/*
* PuTTY version number formatted as an SSH version string.
*/
-extern char sshver[];
+extern const char sshver[];
/*
* Gross hack: pscp will try to start SFTP but fall back to scp1 if
projects / PuTTY.git / blobdiff