ne7ssh_crypt Class Reference

#include <crypt.h>

Collaboration diagram for ne7ssh_crypt:

Collaboration graph
[legend]

List of all members.

Public Member Functions

 ne7ssh_crypt (ne7ssh_session *_session)
 ~ne7ssh_crypt ()
bool isInited ()
uint32 getEncryptBlock ()
uint32 getDecryptBlock ()
uint32 getMacOutLen ()
uint32 getMacInLen ()
bool agree (Botan::SecureVector< Botan::byte > &result, const char *local, Botan::SecureVector< Botan::byte > &remote)
bool negotiatedKex (Botan::SecureVector< Botan::byte > &kexAlgo)
bool negotiatedHostkey (Botan::SecureVector< Botan::byte > &hostKeyAlgo)
bool negotiatedCryptoC2s (Botan::SecureVector< Botan::byte > &cryptoAlgo)
bool negotiatedCryptoS2c (Botan::SecureVector< Botan::byte > &cryptoAlgo)
bool negotiatedMacC2s (Botan::SecureVector< Botan::byte > &macAlgo)
bool negotiatedMacS2c (Botan::SecureVector< Botan::byte > &macAlgo)
bool negotiatedCmprsC2s (Botan::SecureVector< Botan::byte > &cmprsAlgo)
bool negotiatedCmprsS2c (Botan::SecureVector< Botan::byte > &cmprsAlgo)
bool getKexPublic (Botan::BigInt &publicKey)
bool makeKexSecret (Botan::SecureVector< Botan::byte > &result, Botan::BigInt &f)
bool computeH (Botan::SecureVector< Botan::byte > &result, Botan::SecureVector< Botan::byte > &val)
bool verifySig (Botan::SecureVector< Botan::byte > &hostKey, Botan::SecureVector< Botan::byte > &sig)
bool makeNewKeys ()
bool encryptPacket (Botan::SecureVector< Botan::byte > &crypted, Botan::SecureVector< Botan::byte > &hmac, Botan::SecureVector< Botan::byte > &packet, uint32 seq)
bool decryptPacket (Botan::SecureVector< Botan::byte > &decrypted, Botan::SecureVector< Botan::byte > &packet, uint32 len)
void computeMac (Botan::SecureVector< Botan::byte > &hmac, Botan::SecureVector< Botan::byte > &packet, uint32 seq)
void compressData (Botan::SecureVector< Botan::byte > &buffer)
void decompressData (Botan::SecureVector< Botan::byte > &buffer)
bool isCompressed ()

Private Types

enum  kexMethods { DH_GROUP1_SHA1, DH_GROUP14_SHA1 }
enum  hostkeyMethods { SSH_DSS, SSH_RSA }
enum  cryptoMethods {
  TDES_CBC, AES128_CBC, AES192_CBC, AES256_CBC,
  BLOWFISH_CBC, CAST128_CBC, TWOFISH_CBC
}
enum  macMethods { HMAC_SHA1, HMAC_MD5, HMAC_NONE }
enum  cmprsMethods { NONE, ZLIB }

Private Member Functions

bool getDHGroup1Sha1Public (Botan::BigInt &publicKey)
bool getDHGroup14Sha1Public (Botan::BigInt &publicKey)
Botan::DSA_PublicKey * getDSAKey (Botan::SecureVector< Botan::byte > &hostKey)
Botan::RSA_PublicKey * getRSAKey (Botan::SecureVector< Botan::byte > &hostKey)
const char * getHashAlgo ()
const char * getCryptAlgo (uint32 crypto)
const char * getHmacAlgo (uint32 method)
uint32 getMacKeyLen (uint32 method)
uint32 getMacDigestLen (uint32 method)
bool compute_key (Botan::SecureVector< Botan::byte > &key, Botan::byte ID, uint32 nBytes)

Private Attributes

ne7ssh_sessionsession
uint32 kexMethod
uint32 hostkeyMethod
uint32 c2sCryptoMethod
uint32 s2cCryptoMethod
uint32 c2sMacMethod
uint32 s2cMacMethod
uint32 c2sCmprsMethod
uint32 s2cCmprsMethod
bool inited
Botan::SecureVector< Botan::byte > H
Botan::SecureVector< Botan::byte > K
Botan::Pipe * encrypt
Botan::Pipe * decrypt
Botan::Pipe * compress
Botan::Pipe * decompress
Botan::HMAC * hmacOut
Botan::HMAC * hmacIn
Botan::DH_PrivateKey * privKexKey
uint32 encryptBlock
uint32 decryptBlock


Detailed Description

Author:
Andrew Useckas

Constructor & Destructor Documentation

ne7ssh_crypt::ne7ssh_crypt ( ne7ssh_session _session  ) 

ne7ssh_crypt class constructor.

Parameters:
_session Pointer to ne7ssh_session class.

ne7ssh_crypt::~ne7ssh_crypt (  ) 

ne7ssh_crypt class destructor.


Member Function Documentation

bool ne7ssh_crypt::agree ( Botan::SecureVector< Botan::byte > &  result,
const char *  local,
Botan::SecureVector< Botan::byte > &  remote 
)

This function is used in negotiations of crypto, signing and HMAC algorithms.

Parameters:
result Reference to a vector where negotiated algorithm name will be dumped.
local String containing a list of localy supported algorithms, separated by commas.
remote Reference to vector containing a list of algorithms supported by remote side, separated by commas.
Returns:
True, if common algorithm was found, otherwise false is returned.

References ne7ssh_string::nextPart(), ne7ssh_string::resetParts(), and ne7ssh_string::split().

Referenced by ne7ssh_kex::handleInit().

void ne7ssh_crypt::compressData ( Botan::SecureVector< Botan::byte > &  buffer  ) 

Compresses the data.

Parameters:
buffer Reference to vector containing payload to be compress. Results will also be dumped into this var.

bool ne7ssh_crypt::compute_key ( Botan::SecureVector< Botan::byte > &  key,
Botan::byte  ID,
uint32  nBytes 
) [private]

Function used to compute crypto and HMAC keys.

Keys are computed using K, H, ID and sessionID values. All these are concated and hashed. If hash is not long enough K, H, and newly generated key is used over and over again, till keys are long enough.

Parameters:
key Resulting key will be dumped into this var.
ID Single character ID, as specified in SSH protocol specs.
nBytes Key length in bytes.
Returns:
True if key generation was successful, otherwise false is returned.

References ne7ssh_string::addChar(), ne7ssh_string::addVector(), ne7ssh_string::addVectorField(), ne7ssh_string::clear(), ne7ssh::errors(), getHashAlgo(), ne7ssh_session::getSessionID(), ne7ssh_session::getSshChannel(), Ne7sshError::push(), and ne7ssh_string::value().

Referenced by makeNewKeys().

bool ne7ssh_crypt::computeH ( Botan::SecureVector< Botan::byte > &  result,
Botan::SecureVector< Botan::byte > &  val 
)

Computes H value by checking what hash algorithm is used and hashing "val".

Parameters:
result H value will be dumped into this var.
val Reference to vector containing material for H variable generation.
Returns:
True if key generation was successful, otherwise false is returned.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by ne7ssh_kex::makeH().

void ne7ssh_crypt::computeMac ( Botan::SecureVector< Botan::byte > &  hmac,
Botan::SecureVector< Botan::byte > &  packet,
uint32  seq 
)

Computes HMAC from specific packet.

Parameters:
hmac Generated HMAC value will be dumped into this var.
packet Reference to vector containing packet for HMAC generation.
seq receive sequence.

Referenced by ne7ssh_transport::waitForPacket().

void ne7ssh_crypt::decompressData ( Botan::SecureVector< Botan::byte > &  buffer  ) 

Decompresses the data.

Parameters:
buffer Reference to vector containing packet payload to decompress. Result will also be dumped into this var.

Referenced by ne7ssh_transport::getPacket().

bool ne7ssh_crypt::decryptPacket ( Botan::SecureVector< Botan::byte > &  decrypted,
Botan::SecureVector< Botan::byte > &  packet,
uint32  len 
)

Decrypts a packet.

Parameters:
decrypted Decrypted payload will be dumped into this var.
packet Reference to vector containing encrypted packet.
len Specifies the length of chunk to be decrypted.
Returns:
True if decryption is successful, otherwise false returned.

Referenced by ne7ssh_transport::waitForPacket().

bool ne7ssh_crypt::encryptPacket ( Botan::SecureVector< Botan::byte > &  crypted,
Botan::SecureVector< Botan::byte > &  hmac,
Botan::SecureVector< Botan::byte > &  packet,
uint32  seq 
)

Encrypts a packet and generates HMAC, if enabled during negotiation.

The entire packet is encrypted, only HMAC stays in raw format.

Parameters:
crypted Encrypted packet will be dumped into this var.
hmac HMAC will be dumped into this var.
packet Reference to vector containing unencrypted packet.
seq Transmited packet sequence.
Returns:
True if encryption successful, otherwise false is returned.

Referenced by ne7ssh_transport::sendPacket().

const char * ne7ssh_crypt::getCryptAlgo ( uint32  crypto  )  [private]

Returns a string represenation of negotiated cipher algorithm.

Parameters:
crypto Integer represenating a cipher algorithm.
Returns:
A string containing algorithm name.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by makeNewKeys().

uint32 ne7ssh_crypt::getDecryptBlock (  )  [inline]

Returns the size of decryption block

Returns:
Size of the block

Referenced by ne7ssh_transport::waitForPacket().

bool ne7ssh_crypt::getDHGroup14Sha1Public ( Botan::BigInt &  publicKey  )  [private]

Generates a new Public Key, based on Diffie Helman Group14, SHA1 standard.

Parameters:
publicKey Reference to publick Key. The result will be dumped into this var.
Returns:
If generation successful returns true, otherwise false is returned.

Referenced by getKexPublic().

bool ne7ssh_crypt::getDHGroup1Sha1Public ( Botan::BigInt &  publicKey  )  [private]

Generates a new Public Key, based on Diffie Helman Group1, SHA1 standard.

Parameters:
publicKey Reference to publick Key. The result will be dumped into this var.
Returns:
If generation successful returns true, otherwise false is returned.

Referenced by getKexPublic().

DSA_PublicKey * ne7ssh_crypt::getDSAKey ( Botan::SecureVector< Botan::byte > &  hostKey  )  [private]

Generates a new DSA public Key from p,q,g,y values extracted from the host key received from the server.

Parameters:
hostKey Reference to vector containing host key received from a server.
Returns:
Returns newly generated DSA public Key. If host key vector is trash, more likely application will be aborted within Botan library.

References ne7ssh_string::addVector(), ne7ssh_string::getBigInt(), ne7ssh_string::getString(), and negotiatedHostkey().

Referenced by verifySig().

uint32 ne7ssh_crypt::getEncryptBlock (  )  [inline]

Returns the size of encryption block.

Returns:
Size of the block.

Referenced by ne7ssh_transport::sendPacket().

const char * ne7ssh_crypt::getHashAlgo (  )  [private]

Returns a string represenation of negotiated one way hash algorithm. For DH1_GROUP1_SHA1, "SHA-1" will be returned.

Returns:
A string containing algorithm name.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by compute_key().

const char * ne7ssh_crypt::getHmacAlgo ( uint32  method  )  [private]

Returns a string represenation of negotiated HMAC algorithm.

Parameters:
method Integer represenating HMAC algorithm.
Returns:
A string containing algorithm name.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by makeNewKeys().

bool ne7ssh_crypt::getKexPublic ( Botan::BigInt &  publicKey  ) 

Generates KEX public key.

Parameters:
publicKey Public key will be dumped into this var.
Returns:
True if key generation was successful, otherwise false is returned.

References ne7ssh::errors(), getDHGroup14Sha1Public(), getDHGroup1Sha1Public(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by ne7ssh_kex::sendKexDHInit().

uint32 ne7ssh_crypt::getMacDigestLen ( uint32  method  )  [private]

Returns digest length of negotiated HMAC algorithm.

If HMAC integrity checking is enabled, this value is used in the verification process. Digest length coded in accordance with SSH protocol specs.

Parameters:
method Integer represenation of HMAC algorithm.
Returns:
Key length.

Referenced by getMacInLen(), and getMacOutLen().

uint32 ne7ssh_crypt::getMacInLen (  )  [inline]

Returns digest length of HMAC algorithm used to verify integrity of data received.

Returns:
Digest length.

References getMacDigestLen().

Referenced by ne7ssh_transport::getPacket(), and ne7ssh_transport::waitForPacket().

uint32 ne7ssh_crypt::getMacKeyLen ( uint32  method  )  [private]

Returns key length of the negotiated HMAC algorithm.

Used in HMAC key generation. Key length coded in accordance with SSH protocol specs.

Parameters:
method Integer represenating HMAC algorithm.
Returns:
Key length.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by makeNewKeys().

uint32 ne7ssh_crypt::getMacOutLen (  )  [inline]

Returns digest length of HMAC algorithm used to verify integrity of transmited data.

Returns:
Digest length.

References getMacDigestLen().

RSA_PublicKey * ne7ssh_crypt::getRSAKey ( Botan::SecureVector< Botan::byte > &  hostKey  )  [private]

Generates a new RSA public Key from n and e values extracted from the host key received from the server.

Parameters:
hostKey Reference to a vector containing host key.
Returns:
Returns newly generated ESA public Key. If the hostkey is trash, more likely application will abort within Botan library.

References ne7ssh_string::addVector(), ne7ssh_string::getBigInt(), ne7ssh_string::getString(), and negotiatedHostkey().

Referenced by verifySig().

bool ne7ssh_crypt::isCompressed (  )  [inline]

Checks if compression is enabled.

Returns:
If compression is enabled returns true, otherwise false is returned.

bool ne7ssh_crypt::isInited (  )  [inline]

Checks if cryptographic engine has been initialized.

The engine is initialized when all crypto and hmac keys are generated and the cryptographic Pipes are created.

Returns:
True if cryptographic engine is initialized, otherwise false is returned.

Referenced by ne7ssh_transport::getPacket(), ne7ssh_kex::handleKexDHReply(), ne7ssh_transport::sendPacket(), and ne7ssh_transport::waitForPacket().

bool ne7ssh_crypt::makeKexSecret ( Botan::SecureVector< Botan::byte > &  result,
Botan::BigInt &  f 
)

At the end of key exchange this function is used to generate a shared secret key from private KEX key, that one gets from getKexPublic() function and F value received from a server.

Parameters:
result Secret key will be dumped into this var.
f Reference to F value.
Returns:
True if key generation was successful, otherwise false is returned.

References ne7ssh_string::bn2vector().

Referenced by ne7ssh_kex::handleKexDHReply().

bool ne7ssh_crypt::makeNewKeys (  ) 

Generates new cipher and HMAC keys.

Returns:
True if key generation was successful, otherwise false is returned.

References compute_key(), getCryptAlgo(), getHmacAlgo(), and getMacKeyLen().

Referenced by ne7ssh_kex::sendKexNewKeys().

bool ne7ssh_crypt::negotiatedCmprsC2s ( Botan::SecureVector< Botan::byte > &  cmprsAlgo  ) 

Parses negotiated client to server compression algorithm and registers it's integer representation with the class.

Parameters:
cmprsAlgo Reference to a vector containing the negotiated compression algorithm.
Returns:
True if negotiated algorithm is recognized, otherwise false is returned.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by ne7ssh_kex::handleInit().

bool ne7ssh_crypt::negotiatedCmprsS2c ( Botan::SecureVector< Botan::byte > &  cmprsAlgo  ) 

Parses negotiated server to client compression algorithm and registers it's integer representation with the class.

Parameters:
cmprsAlgo Reference to a vector containing the negotiated compression algorithm.
Returns:
True if negotiated algorithm is recognized, otherwise false is returned.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by ne7ssh_kex::handleInit().

bool ne7ssh_crypt::negotiatedCryptoC2s ( Botan::SecureVector< Botan::byte > &  cryptoAlgo  ) 

Parse negotiated client to server cipher algorithm and registers it's integer representation with the class.

Parameters:
cryptoAlgo Reference to a vector containing the negotiated cipher algorithm.
Returns:
True if negotiated algorithm is recognized, otherwise false is returned.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by ne7ssh_kex::handleInit().

bool ne7ssh_crypt::negotiatedCryptoS2c ( Botan::SecureVector< Botan::byte > &  cryptoAlgo  ) 

Parses negotiated server to client cipher algorithm and registers it's integer representation with the class.

Parameters:
cryptoAlgo Reference to a vector containing the negotiated cipher algorithm.
Returns:
True if negotiated algorithm is recognized, otherwise false is returned.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by ne7ssh_kex::handleInit().

bool ne7ssh_crypt::negotiatedHostkey ( Botan::SecureVector< Botan::byte > &  hostKeyAlgo  ) 

Parses negotiated host key algorithm and registers it's integer representation with the class.

Parameters:
hostKeyAlgo Reference to a vector containing the negotiated host key algorithm.
Returns:
True if negotiated algorithm is recognized, otherwise false is returned.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by getDSAKey(), getRSAKey(), and ne7ssh_kex::handleInit().

bool ne7ssh_crypt::negotiatedKex ( Botan::SecureVector< Botan::byte > &  kexAlgo  ) 

Parses negotiated key exchange algorithm vector, and registers it's integer representation with the class.

Parameters:
kexAlgo Reference to a vector containing the negotiated KEX algorithm.
Returns:
True if negotiated algorithm is recognized, otherwise false is returned.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by ne7ssh_kex::handleInit().

bool ne7ssh_crypt::negotiatedMacC2s ( Botan::SecureVector< Botan::byte > &  macAlgo  ) 

Parses negotiated client to server HMAC algorithm and registers it's integer representation with the class.

Parameters:
macAlgo Reference to a vector containing the negotiated HMAC algorithm.
Returns:
True if negotiated algorithm is recognized, otherwise false is returned.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by ne7ssh_kex::handleInit().

bool ne7ssh_crypt::negotiatedMacS2c ( Botan::SecureVector< Botan::byte > &  macAlgo  ) 

Parses negotiated server to client HMAC algorithm vector and registers it's integer representation with the class.

Parameters:
macAlgo Reference to a vector containing the negotiated HMAC algorithm.
Returns:
True if negotiated algorithm is recognized, otherwise false is returned.

References ne7ssh::errors(), ne7ssh_session::getSshChannel(), and Ne7sshError::push().

Referenced by ne7ssh_kex::handleInit().

bool ne7ssh_crypt::verifySig ( Botan::SecureVector< Botan::byte > &  hostKey,
Botan::SecureVector< Botan::byte > &  sig 
)

Verifies host signature.

Parameters:
hostKey Reference to vector containing hostKey.
sig Regerence to vector containing the signature.
Returns:
True if signature verification was successful, otherwise false is returned.

References ne7ssh::errors(), getDSAKey(), getRSAKey(), ne7ssh_session::getSshChannel(), ne7ssh_string::getString(), and Ne7sshError::push().

Referenced by ne7ssh_kex::handleKexDHReply().


The documentation for this class was generated from the following files:

Generated on Tue May 5 14:10:43 2009 for ne7ssh.kdevelop by  doxygen 1.5.9