From 402c6cc68170ee63d07c5ff4a081e113b1628445 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Fri, 21 Jun 2002 00:43:42 +0000 Subject: [PATCH] - markus@cvs.openbsd.org 2002/06/19 18:01:00 [cipher.c monitor.c monitor_wrap.c packet.c packet.h] make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken). --- ChangeLog | 7 ++++++- cipher.c | 37 +++++++------------------------------ monitor.c | 15 +++++++++------ monitor_wrap.c | 14 +++++++++++--- packet.c | 21 ++++++++++++++++++++- packet.h | 3 ++- 6 files changed, 55 insertions(+), 42 deletions(-) diff --git a/ChangeLog b/ChangeLog index 568477786..664f86266 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,11 @@ ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c xmalloc.h] KNF done automatically while reading.... + - markus@cvs.openbsd.org 2002/06/19 18:01:00 + [cipher.c monitor.c monitor_wrap.c packet.c packet.h] + make the monitor sync the transfer ssh1 session key; + transfer keycontext only for RC4 (this is still depends on EVP + implementation details and is broken). - (bal) Cygwin special handling of empty passwords wrong. Patch by vinschen@redhat.com @@ -960,4 +965,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2225 2002/06/21 00:41:51 mouring Exp $ +$Id: ChangeLog,v 1.2226 2002/06/21 00:43:42 mouring Exp $ diff --git a/cipher.c b/cipher.c index 39807d5c2..b18c701fb 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.58 2002/06/04 23:05:49 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $"); #include "xmalloc.h" #include "log.h" @@ -689,28 +689,14 @@ int cipher_get_keycontext(CipherContext *cc, u_char *dat) { Cipher *c = cc->cipher; - int plen; + int plen = 0; - if (c->number == SSH_CIPHER_3DES) { - struct ssh1_3des_ctx *desc; - desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); - if (desc == NULL) - fatal("%s: no 3des context", __func__); - plen = EVP_X_STATE_LEN(desc->k1); + if (c->evptype == EVP_rc4) { + plen = EVP_X_STATE_LEN(cc->evp); if (dat == NULL) - return (3*plen); - memcpy(dat, EVP_X_STATE(desc->k1), plen); - memcpy(dat + plen, EVP_X_STATE(desc->k2), plen); - memcpy(dat + 2*plen, EVP_X_STATE(desc->k3), plen); - return (3*plen); + return (plen); + memcpy(dat, EVP_X_STATE(cc->evp), plen); } - - /* Generic EVP */ - plen = EVP_X_STATE_LEN(cc->evp); - if (dat == NULL) - return (plen); - - memcpy(dat, EVP_X_STATE(cc->evp), plen); return (plen); } @@ -720,16 +706,7 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat) Cipher *c = cc->cipher; int plen; - if (c->number == SSH_CIPHER_3DES) { - struct ssh1_3des_ctx *desc; - desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); - if (desc == NULL) - fatal("%s: no 3des context", __func__); - plen = EVP_X_STATE_LEN(desc->k1); - memcpy(EVP_X_STATE(desc->k1), dat, plen); - memcpy(EVP_X_STATE(desc->k2), dat + plen, plen); - memcpy(EVP_X_STATE(desc->k3), dat + 2*plen, plen); - } else { + if (c->evptype == EVP_rc4) { plen = EVP_X_STATE_LEN(cc->evp); memcpy(EVP_X_STATE(cc->evp), dat, plen); } diff --git a/monitor.c b/monitor.c index 39009f703..c769f12e7 100644 --- a/monitor.c +++ b/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.14 2002/06/04 23:05:49 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.15 2002/06/19 18:01:00 markus Exp $"); #include @@ -83,6 +83,8 @@ struct { u_int ivinlen; u_char *ivout; u_int ivoutlen; + u_char *ssh1key; + u_int ssh1keylen; int ssh1cipher; int ssh1protoflags; u_char *input; @@ -1303,14 +1305,13 @@ monitor_apply_keystate(struct monitor *pmonitor) set_newkeys(MODE_IN); set_newkeys(MODE_OUT); } else { - u_char key[SSH_SESSION_KEY_LENGTH]; - - memset(key, 'a', sizeof(key)); packet_set_protocol_flags(child_state.ssh1protoflags); - packet_set_encryption_key(key, SSH_SESSION_KEY_LENGTH, - child_state.ssh1cipher); + packet_set_encryption_key(child_state.ssh1key, + child_state.ssh1keylen, child_state.ssh1cipher); + xfree(child_state.ssh1key); } + /* for rc4 and other stateful ciphers */ packet_set_keycontext(MODE_OUT, child_state.keyout); xfree(child_state.keyout); packet_set_keycontext(MODE_IN, child_state.keyin); @@ -1396,6 +1397,8 @@ mm_get_keystate(struct monitor *pmonitor) if (!compat20) { child_state.ssh1protoflags = buffer_get_int(&m); child_state.ssh1cipher = buffer_get_int(&m); + child_state.ssh1key = buffer_get_string(&m, + &child_state.ssh1keylen); child_state.ivout = buffer_get_string(&m, &child_state.ivoutlen); child_state.ivin = buffer_get_string(&m, &child_state.ivinlen); diff --git a/monitor_wrap.c b/monitor_wrap.c index e40874627..f7e332d8e 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.10 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.11 2002/06/19 18:01:00 markus Exp $"); #include #include @@ -520,13 +520,21 @@ mm_send_keystate(struct monitor *pmonitor) if (!compat20) { u_char iv[24]; - int ivlen; + u_char *key; + u_int ivlen, keylen; buffer_put_int(&m, packet_get_protocol_flags()); buffer_put_int(&m, packet_get_ssh1_cipher()); - debug3("%s: Sending ssh1 IV", __func__); + debug3("%s: Sending ssh1 KEY+IV", __func__); + keylen = packet_get_encryption_key(NULL); + key = xmalloc(keylen+1); /* add 1 if keylen == 0 */ + keylen = packet_get_encryption_key(key); + buffer_put_string(&m, key, keylen); + memset(key, 0, keylen); + xfree(key); + ivlen = packet_get_keyiv_len(MODE_OUT); packet_get_keyiv(MODE_OUT, iv, ivlen); buffer_put_string(&m, iv, ivlen); diff --git a/packet.c b/packet.c index abc89e76c..86511276f 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.94 2002/06/04 23:02:06 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.95 2002/06/19 18:01:00 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -60,6 +60,7 @@ RCSID("$OpenBSD: packet.c,v 1.94 2002/06/04 23:02:06 markus Exp $"); #include "log.h" #include "canohost.h" #include "misc.h" +#include "ssh.h" #ifdef PACKET_DEBUG #define DBG(x) x @@ -118,6 +119,10 @@ Newkeys *newkeys[MODE_MAX]; static u_int32_t read_seqnr = 0; static u_int32_t send_seqnr = 0; +/* Session key for protocol v1 */ +static u_char ssh1_key[SSH_SESSION_KEY_LENGTH]; +static u_int ssh1_keylen; + /* roundup current message to extra_pad bytes */ static u_char extra_pad = 0; @@ -391,6 +396,7 @@ packet_start_compression(int level) * key is used for both sending and reception. However, both directions are * encrypted independently of each other. */ + void packet_set_encryption_key(const u_char *key, u_int keylen, int number) @@ -400,10 +406,23 @@ packet_set_encryption_key(const u_char *key, u_int keylen, fatal("packet_set_encryption_key: unknown cipher number %d", number); if (keylen < 20) fatal("packet_set_encryption_key: keylen too small: %d", keylen); + if (keylen > SSH_SESSION_KEY_LENGTH) + fatal("packet_set_encryption_key: keylen too big: %d", keylen); + memcpy(ssh1_key, key, keylen); + ssh1_keylen = keylen; cipher_init(&send_context, cipher, key, keylen, NULL, 0, CIPHER_ENCRYPT); cipher_init(&receive_context, cipher, key, keylen, NULL, 0, CIPHER_DECRYPT); } +u_int +packet_get_encryption_key(u_char *key) +{ + if (key == NULL) + return (ssh1_keylen); + memcpy(key, ssh1_key, ssh1_keylen); + return (ssh1_keylen); +} + /* Start constructing a packet to send. */ void packet_start(u_char type) diff --git a/packet.h b/packet.h index 151ca74a1..3ff75593a 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.34 2002/03/18 17:16:38 markus Exp $ */ +/* $OpenBSD: packet.h,v 1.35 2002/06/19 18:01:00 markus Exp $ */ /* * Author: Tatu Ylonen @@ -24,6 +24,7 @@ int packet_get_connection_in(void); int packet_get_connection_out(void); void packet_close(void); void packet_set_encryption_key(const u_char *, u_int, int); +u_int packet_get_encryption_key(u_char *); void packet_set_protocol_flags(u_int); u_int packet_get_protocol_flags(void); void packet_start_compression(int);