dsniff  2.4b2
About: A collection of tools for network auditing
  Fossies Dox: dsniff-2.4b2.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

ssh.c
Go to the documentation of this file.
1 /*
2  * ssh.c
3  *
4  * Minimal SSH-1 protocol implementation.
5  *
6  * Copyright (c) 2000 Dug Song <dugsong@monkey.org>
7  *
8  * $Id: ssh.c,v 1.6 2001/03/15 08:33:04 dugsong Exp $
9  */
10 
11 #include "config.h"
12 
13 #include <sys/param.h>
14 #include <sys/types.h>
15 #include <arpa/nameser.h>
16 #include <openssl/ssl.h>
17 #include <openssl/err.h>
18 #include <openssl/rand.h>
19 
20 #include <err.h>
21 #include <errno.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <unistd.h>
26 
27 #include "hex.h"
28 #include "options.h"
29 #include "sshcrypto.h"
30 #include "ssh.h"
31 
32 static u_int crc32_tab[] = {
33  0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
34  0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
35  0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
36  0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
37  0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
38  0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
39  0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
40  0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
41  0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
42  0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
43  0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
44  0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
45  0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
46  0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
47  0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
48  0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
49  0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
50  0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
51  0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
52  0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
53  0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
54  0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
55  0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
56  0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
57  0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
58  0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
59  0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
60  0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
61  0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
62  0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
63  0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
64  0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
65  0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
66  0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
67  0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
68  0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
69  0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
70  0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
71  0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
72  0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
73  0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
74  0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
75  0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
76  0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
77  0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
78  0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
79  0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
80  0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
81  0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
82  0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
83  0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
84  0x2d02ef8dL
85 };
86 
87 static u_char pkt[4 + 8 + SSH_MAX_PKTLEN];
88 
89 static void
90 put_bn(BIGNUM *bn, u_char **pp)
91 {
92  short i;
93 
94  i = BN_num_bits(bn);
95  PUTSHORT(i, *pp);
96  *pp += BN_bn2bin(bn, *pp);
97 }
98 
99 static void
100 get_bn(BIGNUM *bn, u_char **pp, int *lenp)
101 {
102  short i;
103 
104  if (*lenp < 2) {
105  errx(1, "short buffer");
106  }
107  GETSHORT(i, *pp); *lenp -= 2;
108 
109  i = ((i + 7) / 8);
110 
111  if (*lenp < i) {
112  errx(1, "short buffer");
113  }
114  BN_bin2bn(*pp, i, bn);
115 
116  *pp += i; *lenp -= i;
117 }
118 
119 static u_char *
120 ssh_session_id(u_char *cookie, BIGNUM *hostkey_n, BIGNUM *servkey_n)
121 {
122  static u_char sessid[16];
123  u_int i, j;
124  u_char *p;
125 
126  i = BN_num_bytes(hostkey_n);
127  j = BN_num_bytes(servkey_n);
128 
129  if ((p = malloc(i + j + 8)) == NULL)
130  return (NULL);
131 
132  /* XXX - conform to sshd implementation here, not RFC. */
133  BN_bn2bin(hostkey_n, p);
134  BN_bn2bin(servkey_n, p + i);
135  memcpy(p + i + j, cookie, 8);
136 
137  MD5(p, i + j + 8, sessid);
138  free(p);
139 
140  return (sessid);
141 }
142 
143 static u_int
144 ssh_crc32(const unsigned char *p, u_int len)
145 {
146  u_int i;
147  u_int val;
148 
149  val = 0;
150  for (i = 0; i < len; i ++) {
151  val = crc32_tab[(val ^ p[i]) & 0xff] ^ (val >> 8);
152  }
153  return (val);
154 }
155 
156 static ssize_t
157 atomicio(ssize_t (*f)(), int fd, void *_s, size_t n)
158 {
159  char *s = _s;
160  ssize_t res, pos = 0;
161 
162  while (n > pos) {
163  res = (f) (fd, s + pos, n - pos);
164  switch (res) {
165  case -1:
166  if (errno == EINTR || errno == EAGAIN)
167  continue;
168  case 0:
169  return (res);
170  default:
171  pos += res;
172  }
173  }
174  return (pos);
175 }
176 
177 void
178 SSH_init(void)
179 {
180  SSL_library_init();
181  SSL_load_error_strings();
182  ERR_load_crypto_strings();
183 #ifndef BSD
184  if (!RAND_status()) {
185  RAND_seed("if you had a real operating system, "
186  "you'd have a real kernel PRNG", 65);
187  }
188 #endif
189 }
190 
191 SSH_CTX *
193 {
194  SSH_CTX *ctx;
195 
196  if ((ctx = calloc(sizeof(*ctx), 1)) == NULL)
197  return (NULL);
198 
199  ctx->authmask = (1 << SSH_AUTH_PASSWORD);
200  ctx->encmask = ((1 << SSH_CIPHER_3DES) | (1 << SSH_CIPHER_BLOWFISH) |
201  (1 << SSH_CIPHER_NONE));
202 
203  return (ctx);
204 }
205 
206 SSH *
208 {
209  SSH *ssh;
210 
211  if ((ssh = calloc(sizeof(*ssh), 1)) == NULL)
212  return (NULL);
213 
214  ssh->fd = -1;
215  ssh->ctx = ctx;
216 
217  return (ssh);
218 }
219 
220 void
221 SSH_set_fd(SSH *ssh, int fd)
222 {
223  ssh->fd = fd;
224 }
225 
226 #define SKIP(p, i, l) { (p) += (l); if (((i) -= (l)) < 0) return (-1); }
227 
228 int
230 {
231  BIGNUM *enckey;
232  u_char *p, cipher, cookie[8], msg[1024];
233  u_int32_t num;
234  int i;
235 
236  /* Generate anti-spoofing cookie. */
237  RAND_bytes(cookie, sizeof(cookie));
238 
239  /* Send public key. */
240  p = msg;
241  *p++ = SSH_SMSG_PUBLIC_KEY; /* type */
242  memcpy(p, cookie, 8); p += 8; /* cookie */
243  num = 768; PUTLONG(num, p); /* servkey bits */
244  put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */
245  put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */
246  num = 1024; PUTLONG(num, p); /* hostkey bits */
247  put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */
248  put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */
249  num = 0; PUTLONG(num, p); /* protocol flags */
250  num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */
251  num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */
252 
253  if (SSH_send(ssh, msg, p - msg) < 0) {
254  warn("SSH_send");
255  return (-1);
256  }
257  /* Receive session key. */
258  if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
259  warn("SSH_recv");
260  return (-1);
261  }
262  p = pkt;
263 
264  /* Verify type. */
265  if (p[0] != SSH_CMSG_SESSION_KEY) {
266  warnx("expected packet type %d, got %d",
268  return (-1);
269  }
270  SKIP(p, i, 1);
271 
272  /* Verify cipher. */
273  cipher = p[0];
274  if (cipher != SSH_CIPHER_NONE &&
275  (ssh->ctx->encmask & (1 << cipher)) == 0) {
276  warnx("cipher type %d not supported", cipher);
277  return (-1);
278  }
279  SKIP(p, i, 1);
280 
281  /* Verify cookie. */
282  if (memcmp(p, cookie, 8) != 0) {
283  warnx("cookie doesn't match");
284  return (-1);
285  }
286  SKIP(p, i, 8);
287 
288  /* Get encrypted session key. */
289  if ((enckey = BN_new()) == NULL) {
290  warn("BN_new");
291  return (-1);
292  }
293  get_bn(enckey, &p, &i);
294 
295  /* Skip protocol flags. */
296  SKIP(p, i, 4);
297 
298  /* Decrypt session key. */
299  if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) {
300  rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey);
301  rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey);
302  }
303  else {
304  rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey);
305  rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey);
306  }
307  BN_mask_bits(enckey, sizeof(ssh->sesskey) * 8);
308  i = BN_num_bytes(enckey);
309 
310  if (i < 0 || i > sizeof(ssh->sesskey)) {
311  warnx("session key bogus");
312  return (-1);
313  }
314  memset(ssh->sesskey, 0, sizeof(ssh->sesskey));
315  BN_bn2bin(enckey, ssh->sesskey + sizeof(ssh->sesskey) - i);
316  BN_clear_free(enckey);
317 
318  /* Derive real session key using session id. */
319  if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
320  ssh->ctx->servkey->n)) == NULL) {
321  warn("ssh_session_id");
322  return (-1);
323  }
324  for (i = 0; i < 16; i++) {
325  ssh->sesskey[i] ^= p[i];
326  }
327  /* Set cipher. */
328  if (cipher == SSH_CIPHER_3DES) {
329  ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
330  ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
333  }
334  else if (cipher == SSH_CIPHER_BLOWFISH) {
335  ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
336  ssh->dstate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
339  }
340 
341  /* Send verification. */
342  msg[0] = SSH_SMSG_SUCCESS;
343 
344  if (SSH_send(ssh, msg, 1) == -1) {
345  warn("SSH_send");
346  return (-1);
347  }
348  return (0);
349 }
350 
351 int
353 {
354  BIGNUM *bn;
355  u_char *p, cipher, cookie[8], msg[1024];
356  u_int32_t num;
357  int i;
358 
359  /* Get public key. */
360  if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
361  warn("SSH_recv");
362  return (-1);
363  }
364  p = pkt;
365 
366  /* Verify type. */
367  if (p[0] != SSH_SMSG_PUBLIC_KEY) {
368  warnx("expected packet type %d, got %d",
369  SSH_SMSG_PUBLIC_KEY, p[0]);
370  return (-1);
371  }
372  SKIP(p, i, 1);
373 
374  /* Get cookie. */
375  if (i > 8) memcpy(cookie, p, 8);
376  SKIP(p, i, 8);
377 
378  /* Get servkey. */
379  ssh->ctx->servkey = RSA_new();
380  ssh->ctx->servkey->n = BN_new();
381  ssh->ctx->servkey->e = BN_new();
382 
383  SKIP(p, i, 4);
384  get_bn(ssh->ctx->servkey->e, &p, &i);
385  get_bn(ssh->ctx->servkey->n, &p, &i);
386 
387  /* Get hostkey. */
388  ssh->ctx->hostkey = RSA_new();
389  ssh->ctx->hostkey->n = BN_new();
390  ssh->ctx->hostkey->e = BN_new();
391 
392  SKIP(p, i, 4);
393  get_bn(ssh->ctx->hostkey->e, &p, &i);
394  get_bn(ssh->ctx->hostkey->n, &p, &i);
395 
396  /* Get cipher, auth masks. */
397  SKIP(p, i, 4);
398  if (i < 8) return (-1);
399  GETLONG(ssh->ctx->encmask, p);
400  GETLONG(ssh->ctx->authmask, p);
401 
402  /* Generate session key. */
403  RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey));
404 
405  /* Obfuscate with session id. */
406  if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
407  ssh->ctx->servkey->n)) == NULL) {
408  warn("ssh_session_id");
409  return (-1);
410  }
411  if ((bn = BN_new()) == NULL) {
412  warn("BN_new");
413  return (-1);
414  }
415  BN_set_word(bn, 0);
416 
417  for (i = 0; i < sizeof(ssh->sesskey); i++) {
418  BN_lshift(bn, bn, 8);
419  if (i < 16) BN_add_word(bn, ssh->sesskey[i] ^ p[i]);
420  else BN_add_word(bn, ssh->sesskey[i]);
421  }
422  /* Encrypt session key. */
423  if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) {
424  rsa_public_encrypt(bn, bn, ssh->ctx->servkey);
425  rsa_public_encrypt(bn, bn, ssh->ctx->hostkey);
426  }
427  else {
428  rsa_public_encrypt(bn, bn, ssh->ctx->hostkey);
429  rsa_public_encrypt(bn, bn, ssh->ctx->servkey);
430  }
431  RSA_free(ssh->ctx->servkey);
432  RSA_free(ssh->ctx->hostkey);
433 
434  /* Verify auth and cipher type. */
435  if ((ssh->ctx->authmask & (1 << SSH_AUTH_PASSWORD)) == 0) {
436  warnx("password auth not supported!");
437  return (-1);
438  }
439  if ((ssh->ctx->encmask & (1 << SSH_CIPHER_BLOWFISH))) {
440  cipher = SSH_CIPHER_BLOWFISH;
441  }
442  else if ((ssh->ctx->encmask & (1 << SSH_CIPHER_3DES))) {
443  cipher = SSH_CIPHER_3DES;
444  }
445  else {
446  warnx("no supported cipher");
447  return (-1);
448  }
449  /* Send SSH_CMSG_SESSION_KEY. */
450  p = msg;
451  *p++ = SSH_CMSG_SESSION_KEY; /* type */
452  *p++ = cipher; /* cipher type */
453  memcpy(p, cookie, 8); p += 8; /* cookie */
454  put_bn(bn, &p); /* enc sesskey */
455  num = 0; PUTLONG(num, p); /* flags */
456 
457  BN_clear_free(bn);
458 
459  if (SSH_send(ssh, msg, p - msg) < 0) {
460  warn("SSH_send");
461  return (-1);
462  }
463  /* Set cipher. */
464  if (cipher == SSH_CIPHER_BLOWFISH) {
465  ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
466  ssh->dstate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
469  }
470  else if (cipher == SSH_CIPHER_3DES) {
471  ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
472  ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
475  }
476  /* Get server response. */
477  if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
478  warn("SSH_recv");
479  return (-1);
480  }
481  if (i < 1 || pkt[0] != SSH_SMSG_SUCCESS) {
482  warnx("server rejected us");
483  return (-1);
484  }
485  return (0);
486 }
487 
488 int
489 SSH_recv(SSH *ssh, u_char *buf, int size)
490 {
491  u_int32_t i, crc, len;
492  u_char *p;
493 
494  /* Read length. */
495  if (atomicio(read, ssh->fd, &len, sizeof(len)) != sizeof(len)) {
496  return (-1);
497  }
498  len = ntohl(len);
499  i = 8 - (len % 8);
500 
501  if (i + len > size) {
502  errno = EINVAL;
503  return (-1);
504  }
505  /* Read padding + data + crc. */
506  if (atomicio(read, ssh->fd, buf, i + len) != i + len)
507  return (-1);
508 
509  /* Decrypt payload. */
510  if (ssh->decrypt != NULL) {
511  ssh->decrypt(buf, buf, i + len, ssh->dstate);
512  }
513  /* Verify CRC. */
514  len -= 4;
515  p = buf + i + len;
516  GETLONG(crc, p);
517 
518  if (ssh_crc32(buf, i + len) != crc) {
519  warnx("check bytes corrupted on input");
520  errno = EINVAL;
521  return (-1);
522  }
523  /* Skip padding. */
524  memmove(buf, buf + i, len);
525 
526  if (Opt_debug) {
527  hex_print(buf, len, 0);
528  }
529  return (len);
530 }
531 
532 int
533 SSH_send(SSH *ssh, u_char *buf, int len)
534 {
535  u_char *p;
536  u_int32_t i;
537 
538  if (len > SSH_MAX_PKTLEN) {
539  errno = EMSGSIZE;
540  return (-1);
541  }
542  p = pkt;
543 
544  /* Add length (msg + crc). */
545  i = len + 4;
546  PUTLONG(i, p);
547 
548  /* Add padding. */
549  i = 8 - ((len + 4) % 8);
550  if (ssh->encrypt != NULL) {
551  RAND_bytes(p, i);
552  }
553  else memset(p, 0, i);
554  p += i;
555 
556  /* Add data. */
557  memmove(p, buf, len);
558  p += len;
559 
560  /* Add CRC. */
561  i = ssh_crc32(pkt + 4, (p - pkt) - 4);
562  PUTLONG(i, p);
563 
564  i = p - pkt;
565 
566  /* Encrypt payload. */
567  if (ssh->encrypt != NULL) {
568  ssh->encrypt(pkt + 4, pkt + 4, i - 4, ssh->estate);
569  }
570  /* Send it. */
571  if (atomicio(write, ssh->fd, pkt, i) != i)
572  return (-1);
573 
574  return (len);
575 }
576 
577 void
579 {
580  close(ssh->fd);
581 }
SSH_set_fd
void SSH_set_fd(SSH *ssh, int fd)
Definition: ssh.c:221
des3_encrypt
void des3_encrypt(u_char *src, u_char *dst, int len, void *state)
Definition: sshcrypto.c:171
SKIP
#define SKIP(p, i, l)
Definition: ssh.c:226
ssh::encrypt
void(* encrypt)(u_char *src, u_char *dst, int len, void *state)
Definition: ssh.h:51
ssh::fd
int fd
Definition: ssh.h:46
warnx
void warnx(const char *fmt,...)
Definition: err.c:89
ssh_ctx::encmask
int encmask
Definition: ssh.h:40
blowfish_encrypt
void blowfish_encrypt(u_char *src, u_char *dst, int len, void *state)
Definition: sshcrypto.c:124
SSH_SMSG_PUBLIC_KEY
#define SSH_SMSG_PUBLIC_KEY
Definition: ssh.h:27
SSH_CMSG_SESSION_KEY
#define SSH_CMSG_SESSION_KEY
Definition: ssh.h:28
ssh
Definition: ssh.h:45
rsa_public_encrypt
void rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
Definition: sshcrypto.c:35
SSH_CIPHER_BLOWFISH
#define SSH_CIPHER_BLOWFISH
Definition: ssh.h:23
Opt_debug
int Opt_debug
Definition: dsniff.c:37
blowfish_init
void * blowfish_init(u_char *sesskey, int len)
Definition: sshcrypto.c:110
options.h
SSH_MAX_PKTLEN
#define SSH_MAX_PKTLEN
Definition: ssh.h:15
SSH_recv
int SSH_recv(SSH *ssh, u_char *buf, int size)
Definition: ssh.c:489
des3_init
void * des3_init(u_char *sesskey, int len)
Definition: sshcrypto.c:149
ssh_session_id
static u_char * ssh_session_id(u_char *cookie, BIGNUM *hostkey_n, BIGNUM *servkey_n)
Definition: ssh.c:120
SSH_connect
int SSH_connect(SSH *ssh)
Definition: ssh.c:352
SSH_send
int SSH_send(SSH *ssh, u_char *buf, int len)
Definition: ssh.c:533
pkt
static u_char pkt[4+8+262144]
Definition: ssh.c:87
sshcrypto.h
atomicio
static ssize_t atomicio(ssize_t(*f)(), int fd, void *_s, size_t n)
Definition: ssh.c:157
ssh::estate
void * estate
Definition: ssh.h:49
rsa_private_decrypt
void rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
Definition: sshcrypto.c:67
ssh::dstate
void * dstate
Definition: ssh.h:50
SSH_SMSG_SUCCESS
#define SSH_SMSG_SUCCESS
Definition: ssh.h:31
SSH_CIPHER_3DES
#define SSH_CIPHER_3DES
Definition: ssh.h:22
ssh::sesskey
u_char sesskey[32]
Definition: ssh.h:48
hex.h
get_bn
static void get_bn(BIGNUM *bn, u_char **pp, int *lenp)
Definition: ssh.c:100
SSH_CIPHER_NONE
#define SSH_CIPHER_NONE
Definition: ssh.h:21
SSH_CTX_new
SSH_CTX * SSH_CTX_new(void)
Definition: ssh.c:192
ssh_ctx
Definition: ssh.h:38
err.h
crc32_tab
static u_int crc32_tab[]
Definition: ssh.c:32
buf
Definition: buf.h:14
put_bn
static void put_bn(BIGNUM *bn, u_char **pp)
Definition: ssh.c:90
SSH_init
void SSH_init(void)
Definition: ssh.c:178
errx
void errx(int eval, const char *fmt,...)
Definition: err.c:76
ssh::ctx
SSH_CTX * ctx
Definition: ssh.h:47
warn
void warn(const char *fmt,...)
Definition: err.c:62
SSH_AUTH_PASSWORD
#define SSH_AUTH_PASSWORD
Definition: ssh.h:18
memcmp
int memcmp(void *s1, void *s2, size_t n) const
Definition: memcmp.c:44
des3_decrypt
void des3_decrypt(u_char *src, u_char *dst, int len, void *state)
Definition: sshcrypto.c:184
SSH_new
SSH * SSH_new(SSH_CTX *ctx)
Definition: ssh.c:207
SSH_accept
int SSH_accept(SSH *ssh)
Definition: ssh.c:229
config.h
hex_print
void hex_print(const u_char *buf, int len, int offset)
Definition: hex.c:50
blowfish_decrypt
void blowfish_decrypt(u_char *src, u_char *dst, int len, void *state)
Definition: sshcrypto.c:136
ssh_ctx::servkey
RSA * servkey
Definition: ssh.h:41
SSH_close
void SSH_close(SSH *ssh)
Definition: ssh.c:578
ssh.h
ssh::decrypt
void(* decrypt)(u_char *src, u_char *dst, int len, void *state)
Definition: ssh.h:52
ssh_ctx::authmask
int authmask
Definition: ssh.h:39
ssh_ctx::hostkey
RSA * hostkey
Definition: ssh.h:42
ssh_crc32
static u_int ssh_crc32(const unsigned char *p, u_int len)
Definition: ssh.c:144