#include <crypt.h>
Public Member Functions | |
ne7ssh_crypt (ne7ssh_session *_session) | |
~ne7ssh_crypt () | |
bool | isInited () |
uint32 | getEncryptBlock () |
uint32 | getDecryptBlock () |
uint32 | getMacOutLen () |
uint32 | getMacInLen () |
bool | agree (Botan::SecureVector< Botan::byte > &result, const char *local, Botan::SecureVector< Botan::byte > &remote) |
bool | negotiatedKex (Botan::SecureVector< Botan::byte > &kexAlgo) |
bool | negotiatedHostkey (Botan::SecureVector< Botan::byte > &hostKeyAlgo) |
bool | negotiatedCryptoC2s (Botan::SecureVector< Botan::byte > &cryptoAlgo) |
bool | negotiatedCryptoS2c (Botan::SecureVector< Botan::byte > &cryptoAlgo) |
bool | negotiatedMacC2s (Botan::SecureVector< Botan::byte > &macAlgo) |
bool | negotiatedMacS2c (Botan::SecureVector< Botan::byte > &macAlgo) |
bool | negotiatedCmprsC2s (Botan::SecureVector< Botan::byte > &cmprsAlgo) |
bool | negotiatedCmprsS2c (Botan::SecureVector< Botan::byte > &cmprsAlgo) |
bool | getKexPublic (Botan::BigInt &publicKey) |
bool | makeKexSecret (Botan::SecureVector< Botan::byte > &result, Botan::BigInt &f) |
bool | computeH (Botan::SecureVector< Botan::byte > &result, Botan::SecureVector< Botan::byte > &val) |
bool | verifySig (Botan::SecureVector< Botan::byte > &hostKey, Botan::SecureVector< Botan::byte > &sig) |
bool | makeNewKeys () |
bool | encryptPacket (Botan::SecureVector< Botan::byte > &crypted, Botan::SecureVector< Botan::byte > &hmac, Botan::SecureVector< Botan::byte > &packet, uint32 seq) |
bool | decryptPacket (Botan::SecureVector< Botan::byte > &decrypted, Botan::SecureVector< Botan::byte > &packet, uint32 len) |
void | computeMac (Botan::SecureVector< Botan::byte > &hmac, Botan::SecureVector< Botan::byte > &packet, uint32 seq) |
void | compressData (Botan::SecureVector< Botan::byte > &buffer) |
void | decompressData (Botan::SecureVector< Botan::byte > &buffer) |
bool | isCompressed () |
Private Types | |
enum | kexMethods { DH_GROUP1_SHA1, DH_GROUP14_SHA1 } |
enum | hostkeyMethods { SSH_DSS, SSH_RSA } |
enum | cryptoMethods { TDES_CBC, AES128_CBC, AES192_CBC, AES256_CBC, BLOWFISH_CBC, CAST128_CBC, TWOFISH_CBC } |
enum | macMethods { HMAC_SHA1, HMAC_MD5, HMAC_NONE } |
enum | cmprsMethods { NONE, ZLIB } |
Private Member Functions | |
bool | getDHGroup1Sha1Public (Botan::BigInt &publicKey) |
bool | getDHGroup14Sha1Public (Botan::BigInt &publicKey) |
Botan::DSA_PublicKey * | getDSAKey (Botan::SecureVector< Botan::byte > &hostKey) |
Botan::RSA_PublicKey * | getRSAKey (Botan::SecureVector< Botan::byte > &hostKey) |
const char * | getHashAlgo () |
const char * | getCryptAlgo (uint32 crypto) |
const char * | getHmacAlgo (uint32 method) |
uint32 | getMacKeyLen (uint32 method) |
uint32 | getMacDigestLen (uint32 method) |
bool | compute_key (Botan::SecureVector< Botan::byte > &key, Botan::byte ID, uint32 nBytes) |
Private Attributes | |
ne7ssh_session * | session |
uint32 | kexMethod |
uint32 | hostkeyMethod |
uint32 | c2sCryptoMethod |
uint32 | s2cCryptoMethod |
uint32 | c2sMacMethod |
uint32 | s2cMacMethod |
uint32 | c2sCmprsMethod |
uint32 | s2cCmprsMethod |
bool | inited |
Botan::SecureVector< Botan::byte > | H |
Botan::SecureVector< Botan::byte > | K |
Botan::Pipe * | encrypt |
Botan::Pipe * | decrypt |
Botan::Pipe * | compress |
Botan::Pipe * | decompress |
Botan::HMAC * | hmacOut |
Botan::HMAC * | hmacIn |
Botan::DH_PrivateKey * | privKexKey |
uint32 | encryptBlock |
uint32 | decryptBlock |
ne7ssh_crypt::ne7ssh_crypt | ( | ne7ssh_session * | _session | ) |
ne7ssh_crypt class constructor.
_session | Pointer to ne7ssh_session class. |
ne7ssh_crypt::~ne7ssh_crypt | ( | ) |
ne7ssh_crypt class destructor.
bool ne7ssh_crypt::agree | ( | Botan::SecureVector< Botan::byte > & | result, | |
const char * | local, | |||
Botan::SecureVector< Botan::byte > & | remote | |||
) |
This function is used in negotiations of crypto, signing and HMAC algorithms.
result | Reference to a vector where negotiated algorithm name will be dumped. | |
local | String containing a list of localy supported algorithms, separated by commas. | |
remote | Reference to vector containing a list of algorithms supported by remote side, separated by commas. |
References ne7ssh_string::nextPart(), ne7ssh_string::resetParts(), and ne7ssh_string::split().
Referenced by ne7ssh_kex::handleInit().
void ne7ssh_crypt::compressData | ( | Botan::SecureVector< Botan::byte > & | buffer | ) |
Compresses the data.
buffer | Reference to vector containing payload to be compress. Results will also be dumped into this var. |
bool ne7ssh_crypt::compute_key | ( | Botan::SecureVector< Botan::byte > & | key, | |
Botan::byte | ID, | |||
uint32 | nBytes | |||
) | [private] |
Function used to compute crypto and HMAC keys.
Keys are computed using K, H, ID and sessionID values. All these are concated and hashed. If hash is not long enough K, H, and newly generated key is used over and over again, till keys are long enough.
key | Resulting key will be dumped into this var. | |
ID | Single character ID, as specified in SSH protocol specs. | |
nBytes | Key length in bytes. |
References ne7ssh_string::addChar(), ne7ssh_string::addVector(), ne7ssh_string::addVectorField(), ne7ssh_string::clear(), ne7ssh::errors(), getHashAlgo(), ne7ssh_session::getSessionID(), ne7ssh_session::getSshChannel(), Ne7sshError::push(), and ne7ssh_string::value().
Referenced by makeNewKeys().
bool ne7ssh_crypt::computeH | ( | Botan::SecureVector< Botan::byte > & | result, | |
Botan::SecureVector< Botan::byte > & | val | |||
) |
Computes H value by checking what hash algorithm is used and hashing "val".
result | H value will be dumped into this var. | |
val | Reference to vector containing material for H variable generation. |
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by ne7ssh_kex::makeH().
void ne7ssh_crypt::computeMac | ( | Botan::SecureVector< Botan::byte > & | hmac, | |
Botan::SecureVector< Botan::byte > & | packet, | |||
uint32 | seq | |||
) |
Computes HMAC from specific packet.
hmac | Generated HMAC value will be dumped into this var. | |
packet | Reference to vector containing packet for HMAC generation. | |
seq | receive sequence. |
Referenced by ne7ssh_transport::waitForPacket().
void ne7ssh_crypt::decompressData | ( | Botan::SecureVector< Botan::byte > & | buffer | ) |
Decompresses the data.
buffer | Reference to vector containing packet payload to decompress. Result will also be dumped into this var. |
Referenced by ne7ssh_transport::getPacket().
bool ne7ssh_crypt::decryptPacket | ( | Botan::SecureVector< Botan::byte > & | decrypted, | |
Botan::SecureVector< Botan::byte > & | packet, | |||
uint32 | len | |||
) |
Decrypts a packet.
decrypted | Decrypted payload will be dumped into this var. | |
packet | Reference to vector containing encrypted packet. | |
len | Specifies the length of chunk to be decrypted. |
Referenced by ne7ssh_transport::waitForPacket().
bool ne7ssh_crypt::encryptPacket | ( | Botan::SecureVector< Botan::byte > & | crypted, | |
Botan::SecureVector< Botan::byte > & | hmac, | |||
Botan::SecureVector< Botan::byte > & | packet, | |||
uint32 | seq | |||
) |
Encrypts a packet and generates HMAC, if enabled during negotiation.
The entire packet is encrypted, only HMAC stays in raw format.
crypted | Encrypted packet will be dumped into this var. | |
hmac | HMAC will be dumped into this var. | |
packet | Reference to vector containing unencrypted packet. | |
seq | Transmited packet sequence. |
Referenced by ne7ssh_transport::sendPacket().
const char * ne7ssh_crypt::getCryptAlgo | ( | uint32 | crypto | ) | [private] |
Returns a string represenation of negotiated cipher algorithm.
crypto | Integer represenating a cipher algorithm. |
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by makeNewKeys().
uint32 ne7ssh_crypt::getDecryptBlock | ( | ) | [inline] |
Returns the size of decryption block
Referenced by ne7ssh_transport::waitForPacket().
bool ne7ssh_crypt::getDHGroup14Sha1Public | ( | Botan::BigInt & | publicKey | ) | [private] |
Generates a new Public Key, based on Diffie Helman Group14, SHA1 standard.
publicKey | Reference to publick Key. The result will be dumped into this var. |
Referenced by getKexPublic().
bool ne7ssh_crypt::getDHGroup1Sha1Public | ( | Botan::BigInt & | publicKey | ) | [private] |
Generates a new Public Key, based on Diffie Helman Group1, SHA1 standard.
publicKey | Reference to publick Key. The result will be dumped into this var. |
Referenced by getKexPublic().
DSA_PublicKey * ne7ssh_crypt::getDSAKey | ( | Botan::SecureVector< Botan::byte > & | hostKey | ) | [private] |
Generates a new DSA public Key from p,q,g,y values extracted from the host key received from the server.
hostKey | Reference to vector containing host key received from a server. |
References ne7ssh_string::addVector(), ne7ssh_string::getBigInt(), ne7ssh_string::getString(), and negotiatedHostkey().
Referenced by verifySig().
uint32 ne7ssh_crypt::getEncryptBlock | ( | ) | [inline] |
Returns the size of encryption block.
Referenced by ne7ssh_transport::sendPacket().
const char * ne7ssh_crypt::getHashAlgo | ( | ) | [private] |
Returns a string represenation of negotiated one way hash algorithm. For DH1_GROUP1_SHA1, "SHA-1" will be returned.
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by compute_key().
const char * ne7ssh_crypt::getHmacAlgo | ( | uint32 | method | ) | [private] |
Returns a string represenation of negotiated HMAC algorithm.
method | Integer represenating HMAC algorithm. |
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by makeNewKeys().
bool ne7ssh_crypt::getKexPublic | ( | Botan::BigInt & | publicKey | ) |
Generates KEX public key.
publicKey | Public key will be dumped into this var. |
References ne7ssh::errors(), getDHGroup14Sha1Public(), getDHGroup1Sha1Public(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by ne7ssh_kex::sendKexDHInit().
uint32 ne7ssh_crypt::getMacDigestLen | ( | uint32 | method | ) | [private] |
Returns digest length of negotiated HMAC algorithm.
If HMAC integrity checking is enabled, this value is used in the verification process. Digest length coded in accordance with SSH protocol specs.
method | Integer represenation of HMAC algorithm. |
Referenced by getMacInLen(), and getMacOutLen().
uint32 ne7ssh_crypt::getMacInLen | ( | ) | [inline] |
Returns digest length of HMAC algorithm used to verify integrity of data received.
References getMacDigestLen().
Referenced by ne7ssh_transport::getPacket(), and ne7ssh_transport::waitForPacket().
uint32 ne7ssh_crypt::getMacKeyLen | ( | uint32 | method | ) | [private] |
Returns key length of the negotiated HMAC algorithm.
Used in HMAC key generation. Key length coded in accordance with SSH protocol specs.
method | Integer represenating HMAC algorithm. |
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by makeNewKeys().
uint32 ne7ssh_crypt::getMacOutLen | ( | ) | [inline] |
Returns digest length of HMAC algorithm used to verify integrity of transmited data.
References getMacDigestLen().
RSA_PublicKey * ne7ssh_crypt::getRSAKey | ( | Botan::SecureVector< Botan::byte > & | hostKey | ) | [private] |
Generates a new RSA public Key from n and e values extracted from the host key received from the server.
hostKey | Reference to a vector containing host key. |
References ne7ssh_string::addVector(), ne7ssh_string::getBigInt(), ne7ssh_string::getString(), and negotiatedHostkey().
Referenced by verifySig().
bool ne7ssh_crypt::isCompressed | ( | ) | [inline] |
Checks if compression is enabled.
bool ne7ssh_crypt::isInited | ( | ) | [inline] |
Checks if cryptographic engine has been initialized.
The engine is initialized when all crypto and hmac keys are generated and the cryptographic Pipes are created.
Referenced by ne7ssh_transport::getPacket(), ne7ssh_kex::handleKexDHReply(), ne7ssh_transport::sendPacket(), and ne7ssh_transport::waitForPacket().
bool ne7ssh_crypt::makeKexSecret | ( | Botan::SecureVector< Botan::byte > & | result, | |
Botan::BigInt & | f | |||
) |
At the end of key exchange this function is used to generate a shared secret key from private KEX key, that one gets from getKexPublic() function and F value received from a server.
result | Secret key will be dumped into this var. | |
f | Reference to F value. |
References ne7ssh_string::bn2vector().
Referenced by ne7ssh_kex::handleKexDHReply().
bool ne7ssh_crypt::makeNewKeys | ( | ) |
Generates new cipher and HMAC keys.
References compute_key(), getCryptAlgo(), getHmacAlgo(), and getMacKeyLen().
Referenced by ne7ssh_kex::sendKexNewKeys().
bool ne7ssh_crypt::negotiatedCmprsC2s | ( | Botan::SecureVector< Botan::byte > & | cmprsAlgo | ) |
Parses negotiated client to server compression algorithm and registers it's integer representation with the class.
cmprsAlgo | Reference to a vector containing the negotiated compression algorithm. |
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by ne7ssh_kex::handleInit().
bool ne7ssh_crypt::negotiatedCmprsS2c | ( | Botan::SecureVector< Botan::byte > & | cmprsAlgo | ) |
Parses negotiated server to client compression algorithm and registers it's integer representation with the class.
cmprsAlgo | Reference to a vector containing the negotiated compression algorithm. |
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by ne7ssh_kex::handleInit().
bool ne7ssh_crypt::negotiatedCryptoC2s | ( | Botan::SecureVector< Botan::byte > & | cryptoAlgo | ) |
Parse negotiated client to server cipher algorithm and registers it's integer representation with the class.
cryptoAlgo | Reference to a vector containing the negotiated cipher algorithm. |
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by ne7ssh_kex::handleInit().
bool ne7ssh_crypt::negotiatedCryptoS2c | ( | Botan::SecureVector< Botan::byte > & | cryptoAlgo | ) |
Parses negotiated server to client cipher algorithm and registers it's integer representation with the class.
cryptoAlgo | Reference to a vector containing the negotiated cipher algorithm. |
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by ne7ssh_kex::handleInit().
bool ne7ssh_crypt::negotiatedHostkey | ( | Botan::SecureVector< Botan::byte > & | hostKeyAlgo | ) |
Parses negotiated host key algorithm and registers it's integer representation with the class.
hostKeyAlgo | Reference to a vector containing the negotiated host key algorithm. |
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by getDSAKey(), getRSAKey(), and ne7ssh_kex::handleInit().
bool ne7ssh_crypt::negotiatedKex | ( | Botan::SecureVector< Botan::byte > & | kexAlgo | ) |
Parses negotiated key exchange algorithm vector, and registers it's integer representation with the class.
kexAlgo | Reference to a vector containing the negotiated KEX algorithm. |
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by ne7ssh_kex::handleInit().
bool ne7ssh_crypt::negotiatedMacC2s | ( | Botan::SecureVector< Botan::byte > & | macAlgo | ) |
Parses negotiated client to server HMAC algorithm and registers it's integer representation with the class.
macAlgo | Reference to a vector containing the negotiated HMAC algorithm. |
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by ne7ssh_kex::handleInit().
bool ne7ssh_crypt::negotiatedMacS2c | ( | Botan::SecureVector< Botan::byte > & | macAlgo | ) |
Parses negotiated server to client HMAC algorithm vector and registers it's integer representation with the class.
macAlgo | Reference to a vector containing the negotiated HMAC algorithm. |
References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().
Referenced by ne7ssh_kex::handleInit().
bool ne7ssh_crypt::verifySig | ( | Botan::SecureVector< Botan::byte > & | hostKey, | |
Botan::SecureVector< Botan::byte > & | sig | |||
) |
Verifies host signature.
hostKey | Reference to vector containing hostKey. | |
sig | Regerence to vector containing the signature. |
References ne7ssh::errors(), getDSAKey(), getRSAKey(), ne7ssh_session::getSshChannel(), ne7ssh_string::getString(), and Ne7sshError::push().
Referenced by ne7ssh_kex::handleKexDHReply().