├── THANKS ├── tests └── Makefile.am ├── examples ├── dsa.pub ├── dsa.sec ├── rsa.pub ├── rsa.sec ├── Makefile.am ├── ChangeLog ├── keytool.c ├── client.c └── server.c ├── doc ├── Makefile.am └── ChangeLog ├── m4 ├── Makefile.am ├── ltversion.m4 ├── gpg-error.m4 ├── libgcrypt.m4 ├── ltsugar.m4 └── lt~obsolete.m4 ├── README-alpha ├── AUTHORS ├── TODO ├── ChangeLog ├── NEWS ├── acinclude.m4 ├── README ├── Makefile.am ├── src ├── banner.h ├── memory.h ├── auth.h ├── Makefile.am ├── types.h ├── bstring.h ├── pubkey.h ├── kex.h ├── memory.c ├── error.c ├── utils.h ├── bstring.c ├── stream.h ├── packet.h ├── gsti-config.in ├── logging.c ├── stream.c ├── banner.c ├── utils.c ├── api.h ├── buffer.h ├── gsti.m4 ├── ssh.h ├── buffer.c └── main.c ├── README.SVN ├── mkinstalldirs ├── configure.ac ├── autogen.sh ├── INSTALL ├── install-sh └── missing /THANKS: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /tests/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | EXTRA_DIST = 3 | -------------------------------------------------------------------------------- /examples/dsa.pub: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gpg/gsti/master/examples/dsa.pub -------------------------------------------------------------------------------- /examples/dsa.sec: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gpg/gsti/master/examples/dsa.sec -------------------------------------------------------------------------------- /examples/rsa.pub: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gpg/gsti/master/examples/rsa.pub -------------------------------------------------------------------------------- /examples/rsa.sec: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gpg/gsti/master/examples/rsa.sec -------------------------------------------------------------------------------- /doc/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | 3 | EXTRA_DIST = draft-ietf-secsh-architecture-13.txt \ 4 | draft-ietf-secsh-transport-15.txt 5 | 6 | -------------------------------------------------------------------------------- /m4/Makefile.am: -------------------------------------------------------------------------------- 1 | EXTRA_DIST = gpg-error.m4 libgcrypt.m4 \ 2 | libtool.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 lt~obsolete.m4 3 | -------------------------------------------------------------------------------- /README-alpha: -------------------------------------------------------------------------------- 1 | 2 | THIS IS WORK IN PROGESS! 3 | 4 | Many things are subject to change and it might be possible the code 5 | contains serious security problems. Don't even expect an answer on a mail. 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /doc/ChangeLog: -------------------------------------------------------------------------------- 1 | 2002-09-29 19:43:29 Timo Schulz (ts@winpt.org) 2 | 3 | * draft-ietf-secsh-transport-14.txt: New. 4 | * draft-ietf-secsh-architecture-12.txt: New. 5 | 6 | 2002-10-02 18:56:53 Timo Schulz (ts@winpt.org) 7 | 8 | * Updated both drafts. 9 | 10 | 2002-10-05 19:06:22 Timo Schulz (ts@winpt.org) 11 | 12 | * draft-ietf-secsh-userauth-16.txt: New. 13 | 14 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Package: gsti 2 | Maintainer: Werner Koch 3 | Bug reports: (mailing list) 4 | Security related bug reports: 5 | 6 | 7 | Authors of GSTI 8 | =============== 9 | 10 | Simon Tatham 11 | (src/zlib.c) <===== FIXME: there is no license attached 12 | 13 | Timo Schulz 14 | Bug fixes and a bulk of new code since 2001. 15 | 16 | Werner Koch 17 | Original Author and initiator of the project. 18 | 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | GSTI's ToDo list -*- outline -*- 2 | 3 | * Find a way to handle the first packet to establish a connection. 4 | 2002-10-01: partly done. but it's not really clean. 5 | 6 | * Implement all code for sections which are marked with 'fixme' or 'todo' 7 | 8 | * We need a way to merge BSTRING and BUFFER together. 9 | They do the same things so they are redundant. 10 | 11 | * implement the rest of the compression code in packet.c 12 | 13 | * After the code base is somewhat stable 14 | ** Integrate SecureFTP code. 15 | -------------------------------------------------------------------------------- /examples/Makefile.am: -------------------------------------------------------------------------------- 1 | ## Process this file with automake to produce Makefile.in 2 | 3 | noinst_PROGRAMS = server client keytool 4 | #dump-mod 5 | 6 | EXTRA_DIST = dsa.pub dsa.sec 7 | 8 | INCLUDES = -I$(top_srcdir)/src $(LIBGCRYPT_CFLAGS) 9 | 10 | client_SOURCES = client.c 11 | server_SOURCES = server.c 12 | keytool_SOURCES = keytool.c 13 | # fixme: This file is missing from teh CVS dump_mod_SOURCES = dump-mod.c 14 | 15 | client_LDADD = ../src/libgsti.la $(LIBGCRYPT_LIBS) 16 | server_LDADD = ../src/libgsti.la $(LIBGCRYPT_LIBS) 17 | keytool_LDADD = ../src/libgsti.la $(LIBGCRYPT_LIBS) 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- 1 | 2010-01-25 Werner Koch 2 | 3 | * configure.ac (AC_CONFIG_FILES): Add src/gsti.h. 4 | (GNUPG_FIX_HDR_VERSION): Remove. 5 | 6 | * autogen.sh: Update from libgpg-error. 7 | 8 | 2005-08-18 Werner Koch 9 | 10 | Released 0.3.0. 11 | 12 | 2004-03-08 Werner Koch 13 | 14 | * configure.in: Removed. 15 | * configure.ac: New. Based on the old one 16 | 17 | * autogen.sh: Replaced by modern version taken from libksba. 18 | 19 | * Makefile.am (dist-hook): New. 20 | 21 | 2002-10-03 23:18:16 Timo Schulz (ts@winpt.org) 22 | 23 | * set version to 0.2.0 24 | 25 | 2000-01-31 14:36:40 Werner Koch (wk@bilbo.gnupg.de) 26 | 27 | * set version to 0.0.1 28 | 29 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- 1 | Noteworthy changes in version 0.3.0 (2005-08-18) 2 | ------------------------------------------------ 3 | 4 | * Now using the libgcrypt 1.2 API and libgpg-error 5 | 6 | * Modernized the entire configuration systems. 7 | 8 | * RSA support for digital signatures. 9 | 10 | * Set user defined preferred cipher and/or hmac algorithms. 11 | 12 | 13 | Noteworthy changes in version 0.2.0 14 | ----------------------------------- 15 | 16 | * All global functions now have a unique (prefixed) name. 17 | 18 | * The code to establish a secure channel basically works without 19 | any known flaws (protocol violations). 20 | 21 | * Implemented all required algorithms from the draft. 22 | Digital signatures: DSS. 23 | User authentication: publickey. 24 | Cipher: 3DES. 25 | 26 | -------------------------------------------------------------------------------- /m4/ltversion.m4: -------------------------------------------------------------------------------- 1 | # ltversion.m4 -- version numbers -*- Autoconf -*- 2 | # 3 | # Copyright (C) 2004 Free Software Foundation, Inc. 4 | # Written by Scott James Remnant, 2004 5 | # 6 | # This file is free software; the Free Software Foundation gives 7 | # unlimited permission to copy and/or distribute it, with or without 8 | # modifications, as long as this notice is preserved. 9 | 10 | # Generated from ltversion.in. 11 | 12 | # serial 3017 ltversion.m4 13 | # This file is part of GNU Libtool 14 | 15 | m4_define([LT_PACKAGE_VERSION], [2.2.6b]) 16 | m4_define([LT_PACKAGE_REVISION], [1.3017]) 17 | 18 | AC_DEFUN([LTVERSION_VERSION], 19 | [macro_version='2.2.6b' 20 | macro_revision='1.3017' 21 | _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) 22 | _LT_DECL(, macro_revision, 0) 23 | ]) 24 | -------------------------------------------------------------------------------- /acinclude.m4: -------------------------------------------------------------------------------- 1 | 2 | dnl GNUPG_FIX_HDR_VERSION(FILE, NAME) 3 | dnl Make the version number in gcrypt/gcrypt.h the same as the one here. 4 | dnl (this is easier than to have a .in file just for one substitution) 5 | dnl We must use a temp file in the current directory because make distcheck 6 | dnl install all sourcefiles RO. 7 | dnl 8 | AC_DEFUN([GNUPG_FIX_HDR_VERSION], 9 | [ sed "s/^#define $2 \".*/#define $2 \"$VERSION\"/" $srcdir/$1 > fixhdr.tmp 10 | if cmp -s $srcdir/$1 fixhdr.tmp 2>/dev/null; then 11 | rm -f fixhdr.tmp 12 | else 13 | rm -f $srcdir/$1 14 | if mv fixhdr.tmp $srcdir/$1 ; then 15 | : 16 | else 17 | AC_MSG_ERROR([[ 18 | *** 19 | *** Failed to fix the version string macro $2 in $1. 20 | *** The old file has been saved as fixhdr.tmp 21 | ***]]) 22 | fi 23 | AC_MSG_WARN([fixed the $2 macro in $1]) 24 | fi 25 | ]) 26 | 27 | 28 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | 2 | GNU Secure Transport Initiative (GSTI) 3 | --------------------------------------- 4 | 5 | This is a library which implements a basic part of the 6 | protocol used by SSH to create a secure transport channel. 7 | 8 | The drafts which describe the protocol used in the libraray can 9 | be found in the doc/ directory: 10 | 11 | *-architecture-* Describes the design and the notation of SSH. 12 | *-transport-* How to build a secure low-level transport channel. 13 | *-userauth-* Protocol for the user authentication. 14 | 15 | 16 | Please note that this library *cannot* be used to talk with SSH servers. 17 | Even if they use the same protocol, the library is not a ssh client. 18 | 19 | The library only includes all required algorithms to be in compliance 20 | with the SSH drafts. 21 | 22 | You need the Libgcrypt library from ftp.gnupg.org/gcrypt/libgcrypt 23 | 24 | 25 | Some parts of the lib design are still in flux and the code need more 26 | tests. So please consider the library as a beta version! 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | ## Process this file with automake to produce Makefile.in 2 | # Copyright (C) 1999, 2000 Werner Koch 3 | # Copyright (C) 2002 Timo Schulz 4 | # Copyright (C) 2004 g10 Code GmbH 5 | # 6 | # This file is part of GSTI. 7 | # 8 | # GSTI is free software; you can redistribute it and/or modify 9 | # it under the terms of the GNU Lesser General Public License as 10 | # published by the Free Software Foundation; either version 2.1 of 11 | # the License, or (at your option) any later version. 12 | # 13 | # GSTI is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU Lesser General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, see . 20 | 21 | ACLOCAL_AMFLAGS = -I m4 22 | AUTOMAKE_OPTIONS = dist-bzip2 23 | 24 | EXTRA_DIST = README-alpha autogen.sh 25 | 26 | SUBDIRS = m4 src examples tests doc 27 | 28 | 29 | dist-hook: 30 | @set -e; echo "$(VERSION)" > $(distdir)/VERSION 31 | 32 | -------------------------------------------------------------------------------- /src/banner.h: -------------------------------------------------------------------------------- 1 | /* banner.h - SSH userauth banner 2 | Copyright (C) 2010 g10 Code GmbH 3 | 4 | This file is part of GSTI. 5 | 6 | GSTI is free software; you can redistribute it and/or modify 7 | it under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 2 of the License, or 9 | (at your option) any later version. 10 | 11 | GSTI is distributed in the hope that it will be useful, 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | GNU General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with GSTI; if not, write to the Free Software Foundation, 18 | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ 19 | 20 | #ifndef GSTI_BANNER_H 21 | #define GSTI_BANNER_H 1 22 | 23 | gsti_error_t _gsti_auth_send_banner_packet (gsti_ctx_t ctx); 24 | gsti_error_t _gsti_auth_proc_banner_packet (gsti_ctx_t ctx); 25 | gsti_error_t _gsti_banner_run_auth_cb (gsti_ctx_t ctx); 26 | 27 | #endif /*GSTI_BANNER_H*/ 28 | -------------------------------------------------------------------------------- /src/memory.h: -------------------------------------------------------------------------------- 1 | /* memory.h 2 | Copyright (C) 1999 Werner Koch 3 | Copyright (C) 2002 Timo Schulz 4 | Copyright (C) 2004 g10 Code GmbH 5 | 6 | This file is part of GSTI. 7 | 8 | GSTI is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | GSTI is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License 19 | along with GSTI; if not, write to the Free Software Foundation, 20 | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ 21 | 22 | #ifndef GSTI_MEMORY_H 23 | #define GSTI_MEMORY_H 1 24 | 25 | #include "types.h" 26 | 27 | void *_gsti_xmalloc (size_t n); 28 | void *_gsti_xcalloc (size_t n, size_t m); 29 | void *_gsti_xrealloc (void *p, size_t n); 30 | char *_gsti_xstrdup (const char *string); 31 | void _gsti_free (void *); 32 | 33 | gsti_strlist_t _gsti_strlist_insert (gsti_strlist_t head, const char *s); 34 | void _gsti_strlist_free (gsti_strlist_t a); 35 | 36 | #endif /* GSTI_MEMORY_H */ 37 | -------------------------------------------------------------------------------- /src/auth.h: -------------------------------------------------------------------------------- 1 | /* auth.h - SSH authentication 2 | Copyright (C) 2004 g10 Code GmbH 3 | 4 | This file is part of GSTI. 5 | 6 | GSTI is free software; you can redistribute it and/or modify 7 | it under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 2 of the License, or 9 | (at your option) any later version. 10 | 11 | GSTI is distributed in the hope that it will be useful, 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | GNU General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with GSTI; if not, write to the Free Software Foundation, 18 | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ 19 | 20 | #ifndef GSTI_AUTH_H 21 | #define GSTI_AUTH_H 1 22 | 23 | 24 | /*-- auth.c --*/ 25 | gsti_error_t _gsti_auth_send_success_packet (gsti_ctx_t ctx); 26 | gsti_error_t _gsti_auth_proc_success_packet (gsti_ctx_t ctx); 27 | 28 | gsti_error_t _gsti_auth_send_pkok_packet (gsti_ctx_t ctx); 29 | gsti_error_t _gsti_auth_proc_pkok_packet (gsti_ctx_t ctx); 30 | 31 | gsti_error_t _gsti_auth_send_request_packet (gsti_ctx_t ctx); 32 | gsti_error_t _gsti_auth_proc_request_packet (gsti_ctx_t ctx); 33 | 34 | gsti_error_t _gsti_auth_send_failure_packet (gsti_ctx_t ctx, gsti_auth_t auth); 35 | 36 | gsti_error_t _gsti_auth_run_auth_cb (gsti_ctx_t ctx); 37 | 38 | #endif /*GSTI_AUTH_H*/ 39 | -------------------------------------------------------------------------------- /src/Makefile.am: -------------------------------------------------------------------------------- 1 | ## Process this file with automake to produce Makefile.in 2 | # Copyright (C) 1999, 2000 Free Software Foundation 3 | # Copyright (C) 2002 Timo Schulz 4 | # Copyright (C) 2004 g10 Code GmbH 5 | # 6 | # This file is part of GSTI. 7 | # 8 | # GSTI is free software; you can redistribute it and/or modify 9 | # it under the terms of the GNU Lesser General Public License as 10 | # published by the Free Software Foundation; either version 2.1 of 11 | # the License, or (at your option) any later version. 12 | # 13 | # GSTI is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU Lesser General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, see . 20 | 21 | 22 | EXTRA_DIST = gsti-config.in gsti.m4 23 | bin_SCRIPTS = gsti-config 24 | include_HEADERS = gsti.h 25 | lib_LTLIBRARIES = libgsti.la 26 | m4datadir = $(datadir)/aclocal 27 | m4data_DATA = gsti.m4 28 | 29 | AM_CFLAGS = @GPG_ERROR_CFLAGS@ @LIBGCRYPT_CFLAGS@ 30 | 31 | libgsti_la_LDFLAGS = -version-info \ 32 | @LIBGSTI_LT_CURRENT@:@LIBGSTI_LT_REVISION@:@LIBGSTI_LT_AGE@ 33 | 34 | libgsti_la_SOURCES = \ 35 | gsti.h \ 36 | ssh.h \ 37 | error.c \ 38 | bstring.h bstring.c \ 39 | buffer.h buffer.c \ 40 | banner.c banner.h \ 41 | auth.c auth.h \ 42 | api.h \ 43 | types.h \ 44 | pubkey.c pubkey.h \ 45 | logging.c \ 46 | main.c \ 47 | fsm.c \ 48 | channel.c \ 49 | memory.h memory.c \ 50 | utils.h utils.c \ 51 | stream.h stream.c \ 52 | packet.h packet.c \ 53 | kex.h kex.c \ 54 | zlib.c \ 55 | moduli.h 56 | 57 | -------------------------------------------------------------------------------- /src/types.h: -------------------------------------------------------------------------------- 1 | /* types.h 2 | Copyright (C) 1999 Werner Koch 3 | Copyright (C) 2002 Timo Schulz 4 | Copyright (C) 2004 g10 Code GmbH 5 | 6 | This file is part of GSTI. 7 | 8 | GSTI is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | GSTI is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License 19 | along with GSTI; if not, write to the Free Software Foundation, 20 | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ 21 | 22 | #ifndef GSTI_TYPES_H 23 | #define GSTI_TYPES_H 24 | 25 | /* all the user visible type are here */ 26 | #include 27 | 28 | #ifndef HAVE_BYTE_TYPEDEF 29 | #undef byte 30 | typedef unsigned char byte; 31 | #define HAVE_BYTE_TYPEDEF 32 | #endif 33 | 34 | #ifndef HAVE_U32_TYPEDEF 35 | #undef u32 36 | typedef unsigned int u32; 37 | #define HAVE_U32_TYPEDEF 38 | #endif 39 | 40 | #ifndef HAVE_U16_TYPEDEF 41 | #undef u16 42 | typedef unsigned short u16; 43 | #define HAVE_U16_TYPEDEF 44 | #endif 45 | 46 | struct gsti_strlist_s 47 | { 48 | struct gsti_strlist_s *next; 49 | char d[1]; 50 | }; 51 | typedef struct gsti_strlist_s *gsti_strlist_t; 52 | typedef struct gsti_strlist_s *STRLIST; 53 | 54 | 55 | #ifndef DIM 56 | #define DIM(v) (sizeof(v)/sizeof((v)[0])) 57 | #endif 58 | 59 | #include "bstring.h" 60 | 61 | #endif /* GSTI_TYPES_H */ 62 | -------------------------------------------------------------------------------- /src/bstring.h: -------------------------------------------------------------------------------- 1 | /* bstring.h - Binary string handling. 2 | Copyright (C) 2004 g10 Code GmbH 3 | 4 | This file is part of GSTI. 5 | 6 | GSTI is free software; you can redistribute it and/or modify 7 | it under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 2 of the License, or 9 | (at your option) any later version. 10 | 11 | GSTI is distributed in the hope that it will be useful, 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | GNU General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with GSTI; if not, write to the Free Software Foundation, 18 | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ 19 | 20 | #ifndef GSTI_BSTRING_H 21 | #define GSTI_BSTRING_H 1 22 | 23 | 24 | /* Binary strings. */ 25 | 26 | /* Binary strings are strings which may contain binary zeroes. */ 27 | struct gsti_bstr; 28 | typedef struct gsti_bstr *gsti_bstr_t; 29 | 30 | /* Create a new binary string from AMOUNT bytes starting from DATA, 31 | and return it in BSTR. */ 32 | gpg_error_t gsti_bstr_make (gsti_bstr_t *bstr, 33 | const void *data, size_t amount); 34 | 35 | /* Create a new binary string from the binary string BSTR. */ 36 | gsti_error_t gsti_bstr_copy (gsti_bstr_t *r_bstr, gsti_bstr_t bstr); 37 | 38 | /* Free the binary string BSTR. */ 39 | void gsti_bstr_free (gsti_bstr_t bstr); 40 | 41 | /* Return the length of the binary string BSTR. */ 42 | size_t gsti_bstr_length (gsti_bstr_t bstr); 43 | 44 | /* Return the data of the binary string BSTR. */ 45 | void *gsti_bstr_data (gsti_bstr_t bstr); 46 | 47 | /* Return true if BSTR matches STR. */ 48 | int gsti_bstr_match_str_p (gsti_bstr_t bstr, const char *str); 49 | 50 | 51 | #endif /* GSTI_BSTRING_H */ 52 | -------------------------------------------------------------------------------- /src/pubkey.h: -------------------------------------------------------------------------------- 1 | /* pubkey.h 2 | Copyright (C) 2002 Timo Schulz 3 | Copyright (C) 2004 g10 Code GmbH 4 | 5 | This file is part of GSTI. 6 | 7 | GSTI is free software; you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation; either version 2 of the License, or 10 | (at your option) any later version. 11 | 12 | GSTI is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with this program; if not, write to the Free Software Foundation, 19 | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ 20 | 21 | #ifndef GSTI_PUBKEY_H 22 | #define GSTI_PUBKEY_H 23 | 24 | typedef enum 25 | { 26 | SSH_PK_NONE = 0, 27 | SSH_PK_DSS = 1, 28 | SSH_PK_RSA = 2, 29 | SSH_PK_LAST = 3, 30 | } gsti_key_type_t; 31 | 32 | 33 | struct gsti_key_s 34 | { 35 | gcry_mpi_t key[6]; 36 | unsigned nkey; 37 | gsti_key_type_t type; 38 | unsigned int secret : 1; 39 | gsti_sign_fnc_t sign_fnc; 40 | void *sign_fnc_value; 41 | }; 42 | 43 | gsti_error_t _gsti_key_getblob (gsti_key_t pk, gsti_bstr_t * r_blob); 44 | gsti_error_t _gsti_key_fromblob (gsti_bstr_t blob, gsti_key_t * r_key); 45 | 46 | gsti_error_t _gsti_sig_encode (gsti_key_t sk, const void *data, size_t datalen, 47 | gsti_bstr_t *r_sig); 48 | gsti_error_t _gsti_sig_decode (gsti_bstr_t key, gsti_bstr_t sig, 49 | const byte * hash, gsti_key_t *r_pk); 50 | 51 | gsti_error_t _gsti_ssh_get_pkname (gsti_key_type_t pktype, int asbstr, 52 | byte **r_namebuf, size_t *r_n); 53 | gsti_error_t _gsti_ssh_cmp_pkname (gsti_key_type_t pktype, const char *name, 54 | size_t len); 55 | gsti_error_t _gsti_ssh_cmp_keys (gsti_key_t a, gsti_key_t b); 56 | 57 | #endif /*GSTI_PUBKEY_H */ 58 | -------------------------------------------------------------------------------- /README.SVN: -------------------------------------------------------------------------------- 1 | If you are building from CVS, run the script 2 | 3 | ./autogen.sh 4 | 5 | first, to make sure that you have all the necessary maintainer tools 6 | are installed and to build the actual configuration files. Then run 7 | 8 | ./configure --enable-maintainer-mode 9 | 10 | followed by the usual make. 11 | 12 | If autogen.sh complains about insufficient versions of the required 13 | tools, or the tools are not installed, you may use environment 14 | variables to override the default tool names: 15 | 16 | AUTOMAKE_SUFFIX is used as a suffix for all tools from the automake 17 | package. For example 18 | AUTOMAKE_SUFFIX="-1.7" ./autogen.sh 19 | uses "automake-1.7" and "aclocal-1.7. 20 | AUTOMAKE_PREFIX is used as a prefix for all tools from the automake 21 | page and may be combined with AUTOMAKE_SUFFIX. e.g.: 22 | AUTOMAKE_PREFIX=/usr/foo/bin ./autogen.sh 23 | uses "automake" and "aclocal" in the /usr/foo/bin 24 | directory. 25 | AUTOCONF_SUFFIX is used as a suffix for all tools from the automake 26 | package 27 | AUTOCONF_PREFIX is used as a prefix for all tools from the automake 28 | package 29 | GETTEXT_SUFFIX is used as a suffix for all tools from the gettext 30 | package 31 | GETTEXT_PREFIX is used as a prefix for all tools from the gettext 32 | package 33 | 34 | It is also possible to use the variable name AUTOMAKE, AUTOCONF, 35 | ACLOCAL, AUTOHEADER, GETTEXT and MSGMERGE to directly specify the name 36 | of the programs to run. It is however better to use the suffix and 37 | prefix forms as described above because that does not require 38 | knowledge about the actual tools used by autgen.sh. 39 | 40 | 41 | Please don't use autopoint, libtoolize or autoreconf unless you are 42 | the current maintainer and want to update the standard configuration 43 | files. All those files should be in the CVS and only updated manually 44 | if the maintainer decides that newer versions are required. The 45 | maintainer should also make sure that the required version of automake 46 | et al. are properly indicated at the top of configure.ac and take care 47 | to copy the files and not merely use symlinks. 48 | 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /src/kex.h: -------------------------------------------------------------------------------- 1 | /* kex.h - kex exchange (KEX) 2 | Copyright (C) 1999 Werner Koch 3 | Copyright (C) 2004 g10 Code GmbH 4 | 5 | This file is part of GSTI. 6 | 7 | GSTI is free software; you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation; either version 2 of the License, or 10 | (at your option) any later version. 11 | 12 | GSTI is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with this program; if not, write to the Free Software Foundation, 19 | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ 20 | 21 | #ifndef GSTI_KEX_H 22 | #define GSTI_KEX_H 23 | 24 | void _gsti_kex_set_defaults (gsti_ctx_t ctx); 25 | gsti_error_t _gsti_kex_check_alglist (int type, const 26 | unsigned short * buf, size_t n); 27 | 28 | /* fixme: Internal function - prefix with _gsti. */ 29 | gsti_error_t _gsti_kex_send_version (gsti_ctx_t ctx); 30 | gsti_error_t _gsti_kex_wait_on_version (gsti_ctx_t ctx); 31 | 32 | gsti_error_t _gsti_kex_send_init_packet (gsti_ctx_t ctx); 33 | gsti_error_t _gsti_kex_proc_init_packet (gsti_ctx_t ctx); 34 | 35 | gsti_error_t _gsti_kex_send_kexdh_init (gsti_ctx_t ctx); 36 | gsti_error_t kex_proc_kexdh_init (gsti_ctx_t ctx); 37 | 38 | gsti_error_t kex_send_kexdh_reply (gsti_ctx_t ctx); 39 | gsti_error_t kex_proc_kexdh_reply (gsti_ctx_t ctx); 40 | 41 | gsti_error_t kex_send_newkeys (gsti_ctx_t ctx); 42 | gsti_error_t kex_proc_newkeys (gsti_ctx_t ctx); 43 | 44 | gsti_error_t kex_send_service_request (gsti_ctx_t ctx, const char *name); 45 | gsti_error_t kex_proc_service_request (gsti_ctx_t ctx); 46 | gsti_error_t kex_send_service_accept (gsti_ctx_t ctx); 47 | gsti_error_t kex_proc_service_accept (gsti_ctx_t ctx); 48 | 49 | gsti_error_t _gsti_kex_send_gex_request (gsti_ctx_t ctx); 50 | gsti_error_t _gsti_kex_proc_gex_request (gsti_ctx_t ctx); 51 | 52 | gsti_error_t _gsti_kex_send_gex_group (gsti_ctx_t ctx); 53 | gsti_error_t _gsti_kex_proc_gex_group (gsti_ctx_t ctx); 54 | 55 | 56 | #endif /* GSTI_KEX_H */ 57 | -------------------------------------------------------------------------------- /src/memory.c: -------------------------------------------------------------------------------- 1 | /* memory.c - Memory allocation wrappers. 2 | Copyright (C) 1999, 2002 Werner Koch 3 | Copyright (C) 2002 Timo Schulz 4 | Copyright (C) 2004 g10 Code GmbH 5 | 6 | This file is part of GSTI. 7 | 8 | GSTI is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | GSTI is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License 19 | along with GSTI; if not, write to the Free Software Foundation, 20 | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ 21 | 22 | #if HAVE_CONFIG_H 23 | #include 24 | #endif 25 | 26 | #include 27 | #include 28 | #include 29 | 30 | #include "memory.h" 31 | 32 | static void 33 | out_of_core (void) 34 | { 35 | fputs ("\nfatal: out of memory\n", stderr); 36 | exit (2); 37 | } 38 | 39 | 40 | void * 41 | _gsti_xmalloc (size_t n) 42 | { 43 | void *p = gcry_xmalloc (n); 44 | if (!p) 45 | out_of_core (); 46 | return p; 47 | } 48 | 49 | 50 | void * 51 | _gsti_xcalloc (size_t n, size_t m) 52 | { 53 | void *p = gcry_xcalloc (n, m); 54 | if (!p) 55 | out_of_core (); 56 | return p; 57 | } 58 | 59 | 60 | void * 61 | _gsti_xrealloc (void *p, size_t n) 62 | { 63 | void *pp = gcry_realloc (p, n); 64 | if (!pp) 65 | out_of_core (); 66 | return pp; 67 | } 68 | 69 | 70 | void 71 | _gsti_free (void *p) 72 | { 73 | gcry_free (p); 74 | } 75 | 76 | 77 | char * 78 | _gsti_xstrdup (const char *string) 79 | { 80 | char *p = gcry_xstrdup (string); 81 | if (!p) 82 | out_of_core (); 83 | return p; 84 | } 85 | 86 | 87 | gsti_strlist_t 88 | _gsti_strlist_insert (gsti_strlist_t head, const char *s) 89 | { 90 | gsti_strlist_t item; 91 | 92 | item = _gsti_xmalloc (sizeof *item + strlen (s)); 93 | item->next = head; 94 | strcpy (item->d, s); 95 | return item; 96 | } 97 | 98 | 99 | void 100 | _gsti_strlist_free (gsti_strlist_t a) 101 | { 102 | while (a) 103 | { 104 | gsti_strlist_t a2 = a->next; 105 | _gsti_free (a); 106 | a = a2; 107 | } 108 | } 109 | -------------------------------------------------------------------------------- /m4/gpg-error.m4: -------------------------------------------------------------------------------- 1 | # gpg-error.m4 - autoconf macro to detect libgpg-error. 2 | # Copyright (C) 2002, 2003, 2004 g10 Code GmbH 3 | # 4 | # This file is free software; as a special exception the author gives 5 | # unlimited permission to copy and/or distribute it, with or without 6 | # modifications, as long as this notice is preserved. 7 | # 8 | # This file is distributed in the hope that it will be useful, but 9 | # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the 10 | # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 | 12 | dnl AM_PATH_GPG_ERROR([MINIMUM-VERSION, 13 | dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) 14 | dnl Test for libgpg-error and define GPG_ERROR_CFLAGS and GPG_ERROR_LIBS 15 | dnl 16 | AC_DEFUN([AM_PATH_GPG_ERROR], 17 | [ AC_ARG_WITH(gpg-error-prefix, 18 | AC_HELP_STRING([--with-gpg-error-prefix=PFX], 19 | [prefix where GPG Error is installed (optional)]), 20 | gpg_error_config_prefix="$withval", gpg_error_config_prefix="") 21 | if test x$gpg_error_config_prefix != x ; then 22 | if test x${GPG_ERROR_CONFIG+set} != xset ; then 23 | GPG_ERROR_CONFIG=$gpg_error_config_prefix/bin/gpg-error-config 24 | fi 25 | fi 26 | 27 | AC_PATH_PROG(GPG_ERROR_CONFIG, gpg-error-config, no) 28 | min_gpg_error_version=ifelse([$1], ,0.0,$1) 29 | AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) 30 | ok=no 31 | if test "$GPG_ERROR_CONFIG" != "no" ; then 32 | req_major=`echo $min_gpg_error_version | \ 33 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` 34 | req_minor=`echo $min_gpg_error_version | \ 35 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` 36 | gpg_error_config_version=`$GPG_ERROR_CONFIG $gpg_error_config_args --version` 37 | major=`echo $gpg_error_config_version | \ 38 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` 39 | minor=`echo $gpg_error_config_version | \ 40 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` 41 | if test "$major" -gt "$req_major"; then 42 | ok=yes 43 | else 44 | if test "$major" -eq "$req_major"; then 45 | if test "$minor" -ge "$req_minor"; then 46 | ok=yes 47 | fi 48 | fi 49 | fi 50 | fi 51 | if test $ok = yes; then 52 | GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags` 53 | GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs` 54 | AC_MSG_RESULT([yes ($gpg_error_config_version)]) 55 | ifelse([$2], , :, [$2]) 56 | else 57 | GPG_ERROR_CFLAGS="" 58 | GPG_ERROR_LIBS="" 59 | AC_MSG_RESULT(no) 60 | ifelse([$3], , :, [$3]) 61 | fi 62 | AC_SUBST(GPG_ERROR_CFLAGS) 63 | AC_SUBST(GPG_ERROR_LIBS) 64 | ]) 65 | 66 | -------------------------------------------------------------------------------- /examples/ChangeLog: -------------------------------------------------------------------------------- 1 | 2005-07-13 Werner Koch 2 | 3 | * server.c (wait_connection): use socklen_t for NAMELEN. 4 | 5 | 2004-07-20 Marcus Brinkmann 6 | 7 | * client.c (myread): Function removed. 8 | (reader_loop, mypkt_handler, myctrl_handler): New functions. 9 | (main): New variable READY. Use it with the myctrl_handler. Do 10 | not register read function, but packet handler and control 11 | callbacks. Run gsti_start (), and reader_loop() until the ready 12 | flag is set. 13 | * server.c (myread): Function removed. 14 | (reader_loop, mypkt_handler): New functions. 15 | (main): Do not register read function, but packet handler 16 | callback. Run gsti_start() and reader_loop(). 17 | 18 | 2004-07-14 Timo Schulz 19 | 20 | * server.c (main): Set an example banner which is shown to 21 | the client. 22 | * client.c (my_auth_cb): New. Show banner if available. 23 | 24 | 2004-07-10 Timo Schulz 25 | 26 | * server.c (my_auth_cb): Example how to use the auth callback. 27 | 28 | 2004-07-08 Timo Schulz 29 | 30 | * client.c (main): Show how to use the preference API. 31 | 32 | 2004-07-01 Werner Koch 33 | 34 | * server.c (PUBKEY): Not used; removed. 35 | * rsa.sec: Adapted for swapped n,e. 36 | 37 | 2004-06-30 Werner Koch 38 | 39 | * server.c, client.c: Add a few comments. 40 | 41 | 2004-06-09 Timo Schulz 42 | 43 | * client.c (main): Add parameter for gsti_init(). 44 | * server.c (main): Likewise. 45 | * keytool.c (main): Remove all old context names. 46 | 47 | 2004-06-07 Timo Schulz 48 | 49 | Everywhere: Change GSTI_PKTDESC to gsti_pktdesc_s ctx. 50 | 51 | 2004-06-06 Timo Schulz 52 | 53 | * client.c (main): Use new callback code. 54 | * server.c (main): Likewise. 55 | 56 | 2004-05-26 Marcus Brinkmann 57 | 58 | Everywhere: Change GSTIHD hd to gsti_ctx_t ctx. 59 | 60 | 2004-05-25 Marcus Brinkmann 61 | 62 | * server.c (main): Do not look at result of gsti_deinit. 63 | 64 | 2004-05-24 Marcus Brinkmann 65 | 66 | * server.c (main): Add HD argument to gsti_set_log_level. 67 | * client.c (make_connection): Likewise. 68 | 69 | 2004-03-08 Werner Koch 70 | 71 | Changed indentation to GNU style. 72 | 73 | 2004-03-08 Werner Koch 74 | 75 | * server.c, client.c: Fixed copyright entries from "Free Software 76 | Foundation, Inc" to "Werner Koch". It was originally intended to 77 | assign the code to the FSF but this actually never happened and 78 | frankly there has been no real release as the code lived his life 79 | for most time merely as a test bed for libgcrypt. 80 | 81 | 82 | -------------------------------------------------------------------------------- /src/error.c: -------------------------------------------------------------------------------- 1 | /* error.c - Error handling for GSTI. 2 | Copyright (C) 2003, 2004 g10 Code GmbH 3 | 4 | This file is part of GSTI. 5 | 6 | GSTI is free software; you can redistribute it and/or modify 7 | it under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 2 of the License, or 9 | (at your option) any later version. 10 | 11 | GSTI is distributed in the hope that it will be useful, 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | GNU General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with GSTI; if not, write to the Free Software Foundation, 18 | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ 19 | 20 | #if HAVE_CONFIG_H 21 | #include 22 | #endif 23 | 24 | #include 25 | 26 | /* Return a pointer to a string containing a description of the error 27 | code in the error value ERR. */ 28 | const char * 29 | gsti_strerror (gsti_error_t err) 30 | { 31 | return gpg_strerror (err); 32 | } 33 | 34 | 35 | /* Return the error string for ERR in the user-supplied buffer BUF of 36 | size BUFLEN. This function is, in contrast to gpg_strerror, 37 | thread-safe if a thread-safe strerror_r() function is provided by 38 | the system. If the function succeeds, 0 is returned and BUF 39 | contains the string describing the error. If the buffer was not 40 | large enough, ERANGE is returned and BUF contains as much of the 41 | beginning of the error string as fits into the buffer. */ 42 | int 43 | gsti_strerror_r (gpg_error_t err, char *buf, size_t buflen) 44 | { 45 | return gpg_strerror_r (err, buf, buflen); 46 | } 47 | 48 | 49 | /* Return a pointer to a string containing a description of the error 50 | source in the error value ERR. */ 51 | const char * 52 | gsti_strsource (gsti_error_t err) 53 | { 54 | return gpg_strsource (err); 55 | } 56 | 57 | 58 | /* Retrieve the error code for the system error ERR. This returns 59 | GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report 60 | this). */ 61 | gsti_err_code_t 62 | gsti_err_code_from_errno (int err) 63 | { 64 | return gpg_err_code_from_errno (err); 65 | } 66 | 67 | 68 | /* Retrieve the system error for the error code CODE. This returns 0 69 | if CODE is not a system error code. */ 70 | int 71 | gsti_err_code_to_errno (gsti_err_code_t code) 72 | { 73 | return gpg_err_code_from_errno (code); 74 | } 75 | 76 | 77 | /* Return an error value with the error source SOURCE and the system 78 | error ERR. */ 79 | gsti_error_t 80 | gsti_err_make_from_errno (gpg_err_source_t source, int err) 81 | { 82 | return gpg_err_make_from_errno (source, err); 83 | } 84 | 85 | 86 | /* Return an error value with the system error ERR. */ 87 | gsti_err_code_t 88 | gsti_error_from_errno (int err) 89 | { 90 | return gsti_error (gpg_err_code_from_errno (err)); 91 | } 92 | -------------------------------------------------------------------------------- /src/utils.h: -------------------------------------------------------------------------------- 1 | /* utils.h 2 | Copyright (C) 1999 Werner Koch 3 | Copyright (C) 2004 g10 Code GmbH 4 | 5 | This file is part of GSTI. 6 | 7 | GSTI is free software; you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation; either version 2 of the License, or 10 | (at your option) any later version. 11 | 12 | GSTI is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with this program; if not, write to the Free Software Foundation, 19 | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ 20 | 21 | #ifndef GSTI_UTILS_H 22 | #define GSTI_UTILS_H 1 23 | 24 | #include 25 | 26 | #include 27 | 28 | #include "bstring.h" 29 | #include "memory.h" 30 | 31 | enum 32 | { 33 | TYPE_HEXBUF = 1, 34 | TYPE_STRLIST = 2, 35 | TYPE_MPI = 3, 36 | TYPE_BSTRING = 4, 37 | TYPE_BUFFER = 5, 38 | }; 39 | 40 | void _gsti_bstring_hash (gcry_md_hd_t md, gsti_bstr_t a); 41 | 42 | gsti_strlist_t _gsti_algolist_parse (const char *string, size_t length); 43 | size_t _gsti_algolist_build (unsigned char *buffer, size_t length, 44 | gsti_strlist_t list); 45 | int _gsti_algolist_find (gsti_strlist_t list, const char *algo); 46 | void _gsti_dump_object (gsti_ctx_t ctx, const char *prefix, int type, 47 | void *opaque, size_t len); 48 | 49 | #define _gsti_dump_bstring(c, prefix, str ) \ 50 | _gsti_dump_object( (c), (prefix), TYPE_BSTRING, (str), 0 ) 51 | 52 | #define _gsti_dump_hexbuf(c, prefix, buf, len ) \ 53 | _gsti_dump_object( (c), (prefix), TYPE_HEXBUF, (buf), (len) ) 54 | 55 | #define _gsti_dump_mpi(c, prefix, mpi ) \ 56 | _gsti_dump_object( (c), (prefix), TYPE_MPI, (mpi), 0 ) 57 | 58 | #define _gsti_dump_strlist(c, prefix, list ) \ 59 | _gsti_dump_object( (c), (prefix), TYPE_STRLIST, (list), 0 ) 60 | 61 | #define _gsti_dump_buffer(c, prefix, buf ) \ 62 | _gsti_dump_object( (c), (prefix), TYPE_BUFFER, (buf), 0 ) 63 | 64 | void _gsti_print_string (gsti_ctx_t ctx, const char *string, size_t n); 65 | 66 | /*-- logging.c --*/ 67 | void _gsti_log_err (gsti_ctx_t ctx, const char *fmt, ...); 68 | void _gsti_log_info (gsti_ctx_t ctx, const char *fmt, ...); 69 | void _gsti_log_cont (gsti_ctx_t ctx, const char *fmt, ...); 70 | void _gsti_log_debug (gsti_ctx_t ctx, const char *fmt, ...); 71 | 72 | /*-- zlib.c --*/ 73 | void _gsti_compress_init (void); 74 | int _gsti_compress_block (byte * block, int len, byte ** outblock, 75 | int *outlen); 76 | void _gsti_decompress_init (void); 77 | int _gsti_decompress_block (byte * block, int len, byte ** outblock, 78 | int *outlen); 79 | 80 | 81 | /* Some handy macros */ 82 | #ifndef STR 83 | #define STR(v) #v 84 | #endif 85 | #define STR2(v) STR(v) 86 | 87 | 88 | #endif /* GSTI_UTILS_H */ 89 | -------------------------------------------------------------------------------- /src/bstring.c: -------------------------------------------------------------------------------- 1 | /* bstring.c - Binary string management for GSTI. 2 | Copyright (C) 2004, 2010 g10 Code GmbH 3 | 4 | This file is part of GSTI. 5 | 6 | GSTI is free software; you can redistribute it and/or modify 7 | it under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 2 of the License, or 9 | (at your option) any later version. 10 | 11 | GSTI is distributed in the hope that it will be useful, 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | GNU General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with GSTI; if not, write to the Free Software Foundation, 18 | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ 19 | 20 | #if HAVE_CONFIG_H 21 | #include 22 | #endif 23 | 24 | #include 25 | #include 26 | #include 27 | 28 | #include "gsti.h" 29 | 30 | #include "types.h" 31 | 32 | 33 | struct gsti_bstr 34 | { 35 | /* The length of the binary string. */ 36 | size_t length; 37 | 38 | /* This is really the whole string following here. */ 39 | gsti_byte_t data[1]; 40 | }; 41 | 42 | 43 | /* Create a new binary string from AMOUNT bytes starting from DATA, 44 | and return it in BSTR. */ 45 | gsti_error_t 46 | gsti_bstr_make (gsti_bstr_t *bstr, const void *data, size_t amount) 47 | { 48 | *bstr = malloc (sizeof (struct gsti_bstr) - 1 + amount); 49 | 50 | if (!*bstr) 51 | return gpg_error_from_errno (errno); 52 | 53 | (*bstr)->length = amount; 54 | if (data) 55 | memcpy ((*bstr)->data, data, amount); 56 | 57 | return 0; 58 | } 59 | 60 | 61 | /* Create a new binary string from the binary string BSTR. */ 62 | gsti_error_t 63 | gsti_bstr_copy (gsti_bstr_t *r_bstr, gsti_bstr_t bstr) 64 | { 65 | if (!bstr) 66 | { 67 | *r_bstr = NULL; 68 | return 0; 69 | } 70 | 71 | return gsti_bstr_make (r_bstr, bstr->data, bstr->length); 72 | } 73 | 74 | 75 | /* Free the binary string BSTR. */ 76 | void 77 | gsti_bstr_free (gsti_bstr_t bstr) 78 | { 79 | if (bstr) 80 | free (bstr); 81 | } 82 | 83 | 84 | /* Return the length of the binary string BSTR. */ 85 | size_t 86 | gsti_bstr_length (gsti_bstr_t bstr) 87 | { 88 | if (!bstr) 89 | return 0; 90 | return bstr->length; 91 | } 92 | 93 | 94 | /* Return the data of the binary string BSTR. */ 95 | void * 96 | gsti_bstr_data (gsti_bstr_t bstr) 97 | { 98 | if (!bstr) 99 | return NULL; 100 | return bstr->data; 101 | } 102 | 103 | 104 | /* Return true if BSTR matches STR. */ 105 | int 106 | gsti_bstr_match_str_p (gsti_bstr_t bstr, const char *str) 107 | { 108 | size_t len; 109 | 110 | if (!bstr && !str) 111 | return 1; 112 | if (!bstr || !str) 113 | return 0; 114 | len = strlen (str); 115 | if (bstr->length != len) 116 | return 0; 117 | return !memcmp (bstr->data, str, len); 118 | } 119 | 120 | -------------------------------------------------------------------------------- /src/stream.h: -------------------------------------------------------------------------------- 1 | /* stream.h 2 | * Copyright (C) 1999 Werner Koch 3 | * Copyright (C) 2002 Timo Schulz 4 | * 5 | * This file is part of GSTI. 6 | * 7 | * GSTI is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 2 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * GSTI is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 20 | */ 21 | 22 | #ifndef GSTI_STREAM_H 23 | #define GSTI_STREAM_H 24 | 25 | #include "types.h" 26 | /* 27 | * It would be nice to use glic streams but we can't do so becuase 28 | * this library is supposed to be run on many different kinds of systems 29 | */ 30 | 31 | typedef struct read_stream_s *read_stream_t; 32 | struct read_stream_s 33 | { 34 | gsti_read_fnc_t readfnc; 35 | void * fnc_ctx; 36 | int read_eof; /* last read returned eof */ 37 | int error; /* an error has been encountered */ 38 | size_t size; /* allocated size */ 39 | /* todo: replace counts by pointers */ 40 | size_t start; /* number of invalid bytes at the begin of the buffer */ 41 | size_t len; /* currently filled to this len */ 42 | unsigned char buf[1]; 43 | }; 44 | 45 | 46 | typedef struct write_stream_s *write_stream_t; 47 | struct write_stream_s 48 | { 49 | gsti_write_fnc_t writefnc; 50 | void * fnc_ctx; 51 | int error; /* an error has been encountered */ 52 | size_t size; /* allocated size */ 53 | /* todo: replace counts by pointers */ 54 | size_t used; /* currently filled to this len */ 55 | unsigned char buf[1]; 56 | }; 57 | 58 | 59 | 60 | #define _gsti_stream_get(a) \ 61 | ( ( (a)->start >= (a)->len )? _gsti_stream_getbyte( (a) ) \ 62 | : ( (a)->buf[(a)->start++] ) ) 63 | #define _gsti_stream_put(a,c) \ 64 | ( ( (a)->used >= (a)->size )? _gsti_stream_putbyte( (a), (c) ) \ 65 | : ( (a)->buf[(a)->used++] = (c), 0 ) ) 66 | 67 | #define _gsti_stream_eof(a) ( (a)->start >= a->len && (a)->read_eof ) 68 | #define _gsti_stream_error(a) ( (a)->error ) 69 | 70 | gsti_error_t _gsti_read_stream_new (read_stream_t * r_shd, 71 | gsti_read_fnc_t readfnc, void * fnc_ctx); 72 | void _gsti_read_stream_free (read_stream_t a); 73 | 74 | int _gsti_stream_getbyte (read_stream_t a); 75 | gsti_error_t _gsti_stream_readn (read_stream_t a, byte * buffer, size_t nbytes); 76 | gsti_error_t _gsti_write_stream_new (write_stream_t * r_shd, 77 | gsti_write_fnc_t writefnc, void * fnc_ctx); 78 | void _gsti_write_stream_free (write_stream_t a); 79 | 80 | int _gsti_stream_putbyte (write_stream_t a, int c); 81 | gsti_error_t _gsti_stream_writen (write_stream_t a, 82 | const void *buffer, size_t nbytes); 83 | gsti_error_t _gsti_stream_flush (write_stream_t a); 84 | 85 | 86 | #endif /* GSTI_STREAM_H */ 87 | -------------------------------------------------------------------------------- /src/packet.h: -------------------------------------------------------------------------------- 1 | /* packet.h 2 | Copyright (C) 1999 Werner Koch 3 | Copyright (C) 2002 Timo Schulz 4 | Copyright (C) 2004 g10 Code GmbH 5 | 6 | This file is part of GSTI. 7 | 8 | GSTI is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | GSTI is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License 19 | along with this program; if not, write to the Free Software Foundation, 20 | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ 21 | 22 | #ifndef GSTI_PACKET_H 23 | #define GSTI_PACKET_H 24 | 25 | #include 26 | 27 | #include "ssh.h" 28 | #include "types.h" 29 | #include "buffer.h" 30 | 31 | #define MAX_PKTLEN 40000 /* sanity limit */ 32 | #define PKTBUFSIZE 50000 /* somewhat large size of a packet buffer */ 33 | 34 | #define MAX_SEQNO 2147483647 35 | 36 | enum 37 | { 38 | SSH_HMAC_SHA1 = GCRY_MD_SHA1, 39 | SSH_HMAC_MD5 = GCRY_MD_MD5, 40 | SSH_HMAC_RMD160 = GCRY_MD_RMD160 41 | }; 42 | 43 | enum 44 | { 45 | SSH_CIPHER_3DES = GCRY_CIPHER_3DES, 46 | SSH_CIPHER_BLOWFISH = GCRY_CIPHER_BLOWFISH, 47 | SSH_CIPHER_TWOFISH256 = GCRY_CIPHER_TWOFISH, 48 | SSH_CIPHER_AES128 = GCRY_CIPHER_AES128, 49 | SSH_CIPHER_CAST128 = GCRY_CIPHER_CAST5, 50 | SSH_CIPHER_SERPENT128 = GCRY_CIPHER_SERPENT128 51 | }; 52 | 53 | 54 | enum 55 | { 56 | SSH_KEX_NONE = 0, 57 | SSH_KEX_GROUP1 = 1, 58 | SSH_KEX_GROUP_EXCHANGE = 2 59 | }; 60 | 61 | 62 | typedef struct 63 | { 64 | const char *name; 65 | int algid; 66 | int blksize; /* for ciphers only */ 67 | int mode; /* for ciphers only */ 68 | int len; 69 | } algorithm_list; 70 | 71 | 72 | typedef struct 73 | { 74 | byte cookie[SSH_COOKIESIZE]; 75 | gsti_strlist_t kex_algo; 76 | gsti_strlist_t server_host_key_algos; 77 | gsti_strlist_t encr_algos_c2s; 78 | gsti_strlist_t encr_algos_s2c; 79 | gsti_strlist_t mac_algos_c2s; 80 | gsti_strlist_t mac_algos_s2c; 81 | gsti_strlist_t compr_algos_c2s; 82 | gsti_strlist_t compr_algos_s2c; 83 | int first_kex_packet_follows; 84 | } MSG_kexinit; 85 | 86 | 87 | typedef struct 88 | { 89 | unsigned int min; 90 | unsigned int n; 91 | unsigned int max; 92 | } MSG_gexdh_request; 93 | 94 | 95 | typedef struct 96 | { 97 | gcry_mpi_t p; 98 | gcry_mpi_t g; 99 | } MSG_gexdh_group; 100 | 101 | 102 | typedef struct 103 | { 104 | gcry_mpi_t e; 105 | } MSG_kexdh_init; 106 | 107 | 108 | typedef struct 109 | { 110 | gsti_bstr_t k_s; /* servers public host key */ 111 | gcry_mpi_t f; 112 | gsti_bstr_t sig_h; /* signature of the hash */ 113 | } MSG_kexdh_reply; 114 | 115 | 116 | void _gsti_packet_init (gsti_ctx_t ctx); 117 | void _gsti_packet_free (gsti_ctx_t ctx); 118 | gsti_error_t _gsti_handle_packet_data (gsti_ctx_t ctx, char *data, 119 | size_t data_len, size_t *amount); 120 | struct packet_buffer_s; 121 | gsti_error_t _gsti_packet_write (gsti_ctx_t ctx, struct packet_buffer_s *pkt); 122 | gsti_error_t _gsti_write_packet_from_buffer (gsti_ctx_t ctx, 123 | gsti_buffer_t buf); 124 | gsti_error_t _gsti_packet_flush (gsti_ctx_t ctx); 125 | 126 | #endif /* GSTI_PACKET_H */ 127 | -------------------------------------------------------------------------------- /mkinstalldirs: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # mkinstalldirs --- make directory hierarchy 3 | 4 | scriptversion=2004-02-15.20 5 | 6 | # Original author: Noah Friedman 7 | # Created: 1993-05-16 8 | # Public domain. 9 | # 10 | # This file is maintained in Automake, please report 11 | # bugs to or send patches to 12 | # . 13 | 14 | errstatus=0 15 | dirmode="" 16 | 17 | usage="\ 18 | Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ... 19 | 20 | Create each directory DIR (with mode MODE, if specified), including all 21 | leading file name components. 22 | 23 | Report bugs to ." 24 | 25 | # process command line arguments 26 | while test $# -gt 0 ; do 27 | case $1 in 28 | -h | --help | --h*) # -h for help 29 | echo "$usage" 30 | exit 0 31 | ;; 32 | -m) # -m PERM arg 33 | shift 34 | test $# -eq 0 && { echo "$usage" 1>&2; exit 1; } 35 | dirmode=$1 36 | shift 37 | ;; 38 | --version) 39 | echo "$0 $scriptversion" 40 | exit 0 41 | ;; 42 | --) # stop option processing 43 | shift 44 | break 45 | ;; 46 | -*) # unknown option 47 | echo "$usage" 1>&2 48 | exit 1 49 | ;; 50 | *) # first non-opt arg 51 | break 52 | ;; 53 | esac 54 | done 55 | 56 | for file 57 | do 58 | if test -d "$file"; then 59 | shift 60 | else 61 | break 62 | fi 63 | done 64 | 65 | case $# in 66 | 0) exit 0 ;; 67 | esac 68 | 69 | # Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and 70 | # mkdir -p a/c at the same time, both will detect that a is missing, 71 | # one will create a, then the other will try to create a and die with 72 | # a "File exists" error. This is a problem when calling mkinstalldirs 73 | # from a parallel make. We use --version in the probe to restrict 74 | # ourselves to GNU mkdir, which is thread-safe. 75 | case $dirmode in 76 | '') 77 | if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then 78 | echo "mkdir -p -- $*" 79 | exec mkdir -p -- "$@" 80 | else 81 | # On NextStep and OpenStep, the `mkdir' command does not 82 | # recognize any option. It will interpret all options as 83 | # directories to create, and then abort because `.' already 84 | # exists. 85 | test -d ./-p && rmdir ./-p 86 | test -d ./--version && rmdir ./--version 87 | fi 88 | ;; 89 | *) 90 | if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 && 91 | test ! -d ./--version; then 92 | echo "mkdir -m $dirmode -p -- $*" 93 | exec mkdir -m "$dirmode" -p -- "$@" 94 | else 95 | # Clean up after NextStep and OpenStep mkdir. 96 | for d in ./-m ./-p ./--version "./$dirmode"; 97 | do 98 | test -d $d && rmdir $d 99 | done 100 | fi 101 | ;; 102 | esac 103 | 104 | for file 105 | do 106 | set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` 107 | shift 108 | 109 | pathcomp= 110 | for d 111 | do 112 | pathcomp="$pathcomp$d" 113 | case $pathcomp in 114 | -*) pathcomp=./$pathcomp ;; 115 | esac 116 | 117 | if test ! -d "$pathcomp"; then 118 | echo "mkdir $pathcomp" 119 | 120 | mkdir "$pathcomp" || lasterr=$? 121 | 122 | if test ! -d "$pathcomp"; then 123 | errstatus=$lasterr 124 | else 125 | if test ! -z "$dirmode"; then 126 | echo "chmod $dirmode $pathcomp" 127 | lasterr="" 128 | chmod "$dirmode" "$pathcomp" || lasterr=$? 129 | 130 | if test ! -z "$lasterr"; then 131 | errstatus=$lasterr 132 | fi 133 | fi 134 | fi 135 | fi 136 | 137 | pathcomp="$pathcomp/" 138 | done 139 | done 140 | 141 | exit $errstatus 142 | 143 | # Local Variables: 144 | # mode: shell-script 145 | # sh-indentation: 2 146 | # eval: (add-hook 'write-file-hooks 'time-stamp) 147 | # time-stamp-start: "scriptversion=" 148 | # time-stamp-format: "%:y-%02m-%02d.%02H" 149 | # time-stamp-end: "$" 150 | # End: 151 | -------------------------------------------------------------------------------- /m4/libgcrypt.m4: -------------------------------------------------------------------------------- 1 | dnl Autoconf macros for libgcrypt 2 | dnl Copyright (C) 2002, 2004 Free Software Foundation, Inc. 3 | dnl 4 | dnl This file is free software; as a special exception the author gives 5 | dnl unlimited permission to copy and/or distribute it, with or without 6 | dnl modifications, as long as this notice is preserved. 7 | dnl 8 | dnl This file is distributed in the hope that it will be useful, but 9 | dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the 10 | dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 | 12 | 13 | dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION, 14 | dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) 15 | dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS. 16 | dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed 17 | dnl with the API version to also check the API compatibility. Example: 18 | dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed 19 | dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using 20 | dnl this features allows to prevent build against newer versions of libgcrypt 21 | dnl with a changed API. 22 | dnl 23 | AC_DEFUN([AM_PATH_LIBGCRYPT], 24 | [ AC_ARG_WITH(libgcrypt-prefix, 25 | AC_HELP_STRING([--with-libgcrypt-prefix=PFX], 26 | [prefix where LIBGCRYPT is installed (optional)]), 27 | libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") 28 | if test x$libgcrypt_config_prefix != x ; then 29 | if test x${LIBGCRYPT_CONFIG+set} != xset ; then 30 | LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config 31 | fi 32 | fi 33 | 34 | AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) 35 | tmp=ifelse([$1], ,1:1.2.0,$1) 36 | if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then 37 | req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` 38 | min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` 39 | else 40 | req_libgcrypt_api=0 41 | min_libgcrypt_version="$tmp" 42 | fi 43 | 44 | AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version) 45 | ok=no 46 | if test "$LIBGCRYPT_CONFIG" != "no" ; then 47 | req_major=`echo $min_libgcrypt_version | \ 48 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` 49 | req_minor=`echo $min_libgcrypt_version | \ 50 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` 51 | req_micro=`echo $min_libgcrypt_version | \ 52 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` 53 | libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` 54 | major=`echo $libgcrypt_config_version | \ 55 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` 56 | minor=`echo $libgcrypt_config_version | \ 57 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` 58 | micro=`echo $libgcrypt_config_version | \ 59 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` 60 | if test "$major" -gt "$req_major"; then 61 | ok=yes 62 | else 63 | if test "$major" -eq "$req_major"; then 64 | if test "$minor" -gt "$req_minor"; then 65 | ok=yes 66 | else 67 | if test "$minor" -eq "$req_minor"; then 68 | if test "$micro" -ge "$req_micro"; then 69 | ok=yes 70 | fi 71 | fi 72 | fi 73 | fi 74 | fi 75 | fi 76 | if test $ok = yes; then 77 | AC_MSG_RESULT([yes ($libgcrypt_config_version)]) 78 | else 79 | AC_MSG_RESULT(no) 80 | fi 81 | if test $ok = yes; then 82 | # If we have a recent libgcrypt, we should also check that the 83 | # API is compatible 84 | if test "$req_libgcrypt_api" -gt 0 ; then 85 | tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` 86 | if test "$tmp" -gt 0 ; then 87 | AC_MSG_CHECKING([LIBGCRYPT API version]) 88 | if test "$req_libgcrypt_api" -eq "$tmp" ; then 89 | AC_MSG_RESULT([okay]) 90 | else 91 | ok=no 92 | AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp]) 93 | fi 94 | fi 95 | fi 96 | fi 97 | if test $ok = yes; then 98 | LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` 99 | LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` 100 | ifelse([$2], , :, [$2]) 101 | else 102 | LIBGCRYPT_CFLAGS="" 103 | LIBGCRYPT_LIBS="" 104 | ifelse([$3], , :, [$3]) 105 | fi 106 | AC_SUBST(LIBGCRYPT_CFLAGS) 107 | AC_SUBST(LIBGCRYPT_LIBS) 108 | ]) 109 | -------------------------------------------------------------------------------- /src/gsti-config.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc. 3 | # 4 | # This file is free software; as a special exception the author gives 5 | # unlimited permission to copy and/or distribute it, with or without 6 | # modifications, as long as this notice is preserved. 7 | # 8 | # This file is distributed in the hope that it will be useful, but 9 | # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the 10 | # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 | 12 | # General. 13 | prefix="@prefix@" 14 | exec_prefix="@exec_prefix@" 15 | thread_module="" 16 | version="@VERSION@" 17 | gpg_error_libs="@GPG_ERROR_LIBS@" 18 | gpg_error_cflags="@GPG_ERROR_CFLAGS@" 19 | libgcrypt_libs="@LIBGCRYPT_LIBS@" 20 | 21 | # LIBS values. 22 | libs="@LIBGSTI_CONFIG_LIBS@" 23 | libs_pthread="@LIBGSTI_CONFIG_LIBS_PTHREAD@" 24 | libs_pth="@LIBGSTI_CONFIG_LIBS_PTH@" 25 | 26 | # CFLAGS values. 27 | cflags="@LIBGSTI_CONFIG_CFLAGS@" 28 | cflags_pthread="@LIBGSTI_CONFIG_CFLAGS_PTHREAD@" 29 | cflags_pth="@LIBGSTI_CONFIG_CFLAGS_PTH@" 30 | 31 | # API info 32 | api_version="@LIBGSTI_CONFIG_API_VERSION@" 33 | 34 | # Misc information. 35 | thread_modules="@LIBGSTI_THREAD_MODULES@" 36 | 37 | # State variables. 38 | echo_libs=no 39 | echo_cflags=no 40 | echo_prefix=no 41 | echo_algorithms=no 42 | echo_exec_prefix=no 43 | echo_version=no 44 | echo_api_version=no 45 | 46 | # Prints usage information. 47 | usage() 48 | { 49 | cat <&2 67 | fi 68 | 69 | while test $# -gt 0; do 70 | case "$1" in 71 | # Set up `optarg'. 72 | --*=*) 73 | optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` 74 | ;; 75 | *) 76 | optarg="" 77 | ;; 78 | esac 79 | 80 | case $1 in 81 | --thread=*) 82 | for thread_mod in $thread_modules; do 83 | if test "$thread_mod" = "$optarg"; then 84 | thread_module="$optarg"; 85 | fi 86 | done 87 | if test "x$thread_module" = "x"; then 88 | usage 1 1>&2 89 | fi 90 | ;; 91 | --prefix=*) 92 | # For compatibility reasons with old M4 macros, we ignore 93 | # setting of prefix. 94 | ;; 95 | --prefix) 96 | echo_prefix=yes 97 | ;; 98 | --exec-prefix=*) 99 | ;; 100 | --exec-prefix) 101 | echo_exec_prefix=yes 102 | ;; 103 | --version) 104 | echo_version=yes 105 | ;; 106 | --api-version) 107 | echo_api_version=yes 108 | ;; 109 | --cflags) 110 | echo_cflags=yes 111 | ;; 112 | --libs) 113 | echo_libs=yes 114 | ;; 115 | --algorithms) 116 | echo_algorithms=yes 117 | ;; 118 | *) 119 | usage 1 1>&2 120 | ;; 121 | esac 122 | shift 123 | done 124 | 125 | if test "$echo_prefix" = "yes"; then 126 | echo "$prefix" 127 | fi 128 | 129 | if test "$echo_exec_prefix" = "yes"; then 130 | echo "$exec_prefix" 131 | fi 132 | 133 | if test "$echo_cflags" = "yes"; then 134 | includes="" 135 | cflags_final="$cflags" 136 | 137 | # Set up `includes'. 138 | if test "@includedir@" != "/usr/include" ; then 139 | includes="-I@includedir@" 140 | for i in $cflags ; do 141 | if test "$i" = "-I@includedir@" ; then 142 | includes="" 143 | fi 144 | done 145 | fi 146 | 147 | # Set up `cflags_final'. 148 | case "$thread_module" in 149 | pthread) 150 | cflags_final=$cflags_pthread 151 | ;; 152 | pth) 153 | cflags_final=$cflags_pth 154 | ;; 155 | esac 156 | cflags_final="$cflags_final @GPG_ERROR_CFLAGS@" 157 | 158 | echo "$includes $cflags_final" 159 | fi 160 | 161 | if test "$echo_libs" = "yes"; then 162 | libdirs="" 163 | libs_final="$libs" 164 | 165 | # Set up `libdirs'. 166 | if test "@libdir@" != "/usr/lib" ; then 167 | libdirs="-L@libdir@" 168 | for i in $libs ; do 169 | if test "$i" = "-L@libdir@" ; then 170 | libdirs="" 171 | fi 172 | done 173 | fi 174 | 175 | # Set up `libs_final'. 176 | case "$thread_module" in 177 | pthread) 178 | libs_final=$libs_pthread 179 | ;; 180 | pth) 181 | libs_final=$libs_pth 182 | ;; 183 | esac 184 | libs_final="$libs_final $gpg_error_libs $libgcrypt_libs" 185 | 186 | echo "$libdirs $libs_final" 187 | fi 188 | 189 | if test "$echo_version" = "yes"; then 190 | echo "$version" 191 | fi 192 | 193 | if test "$echo_api_version" = "yes"; then 194 | echo "$api_version" 195 | fi 196 | 197 | 198 | -------------------------------------------------------------------------------- /m4/ltsugar.m4: -------------------------------------------------------------------------------- 1 | # ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- 2 | # 3 | # Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. 4 | # Written by Gary V. Vaughan, 2004 5 | # 6 | # This file is free software; the Free Software Foundation gives 7 | # unlimited permission to copy and/or distribute it, with or without 8 | # modifications, as long as this notice is preserved. 9 | 10 | # serial 6 ltsugar.m4 11 | 12 | # This is to help aclocal find these macros, as it can't see m4_define. 13 | AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) 14 | 15 | 16 | # lt_join(SEP, ARG1, [ARG2...]) 17 | # ----------------------------- 18 | # Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their 19 | # associated separator. 20 | # Needed until we can rely on m4_join from Autoconf 2.62, since all earlier 21 | # versions in m4sugar had bugs. 22 | m4_define([lt_join], 23 | [m4_if([$#], [1], [], 24 | [$#], [2], [[$2]], 25 | [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) 26 | m4_define([_lt_join], 27 | [m4_if([$#$2], [2], [], 28 | [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) 29 | 30 | 31 | # lt_car(LIST) 32 | # lt_cdr(LIST) 33 | # ------------ 34 | # Manipulate m4 lists. 35 | # These macros are necessary as long as will still need to support 36 | # Autoconf-2.59 which quotes differently. 37 | m4_define([lt_car], [[$1]]) 38 | m4_define([lt_cdr], 39 | [m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], 40 | [$#], 1, [], 41 | [m4_dquote(m4_shift($@))])]) 42 | m4_define([lt_unquote], $1) 43 | 44 | 45 | # lt_append(MACRO-NAME, STRING, [SEPARATOR]) 46 | # ------------------------------------------ 47 | # Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'. 48 | # Note that neither SEPARATOR nor STRING are expanded; they are appended 49 | # to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). 50 | # No SEPARATOR is output if MACRO-NAME was previously undefined (different 51 | # than defined and empty). 52 | # 53 | # This macro is needed until we can rely on Autoconf 2.62, since earlier 54 | # versions of m4sugar mistakenly expanded SEPARATOR but not STRING. 55 | m4_define([lt_append], 56 | [m4_define([$1], 57 | m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) 58 | 59 | 60 | 61 | # lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) 62 | # ---------------------------------------------------------- 63 | # Produce a SEP delimited list of all paired combinations of elements of 64 | # PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list 65 | # has the form PREFIXmINFIXSUFFIXn. 66 | # Needed until we can rely on m4_combine added in Autoconf 2.62. 67 | m4_define([lt_combine], 68 | [m4_if(m4_eval([$# > 3]), [1], 69 | [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl 70 | [[m4_foreach([_Lt_prefix], [$2], 71 | [m4_foreach([_Lt_suffix], 72 | ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, 73 | [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) 74 | 75 | 76 | # lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) 77 | # ----------------------------------------------------------------------- 78 | # Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited 79 | # by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. 80 | m4_define([lt_if_append_uniq], 81 | [m4_ifdef([$1], 82 | [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], 83 | [lt_append([$1], [$2], [$3])$4], 84 | [$5])], 85 | [lt_append([$1], [$2], [$3])$4])]) 86 | 87 | 88 | # lt_dict_add(DICT, KEY, VALUE) 89 | # ----------------------------- 90 | m4_define([lt_dict_add], 91 | [m4_define([$1($2)], [$3])]) 92 | 93 | 94 | # lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) 95 | # -------------------------------------------- 96 | m4_define([lt_dict_add_subkey], 97 | [m4_define([$1($2:$3)], [$4])]) 98 | 99 | 100 | # lt_dict_fetch(DICT, KEY, [SUBKEY]) 101 | # ---------------------------------- 102 | m4_define([lt_dict_fetch], 103 | [m4_ifval([$3], 104 | m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), 105 | m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) 106 | 107 | 108 | # lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) 109 | # ----------------------------------------------------------------- 110 | m4_define([lt_if_dict_fetch], 111 | [m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], 112 | [$5], 113 | [$6])]) 114 | 115 | 116 | # lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) 117 | # -------------------------------------------------------------- 118 | m4_define([lt_dict_filter], 119 | [m4_if([$5], [], [], 120 | [lt_join(m4_quote(m4_default([$4], [[, ]])), 121 | lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), 122 | [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl 123 | ]) 124 | -------------------------------------------------------------------------------- /src/logging.c: -------------------------------------------------------------------------------- 1 | /* logging.c - GSTI logging interface. 2 | Copyright (C) 1999 Werner Koch 3 | Copyright (C) 2002 Timo Schulz 4 | Copyright (C) 2004 g10 Code GmbH 5 | 6 | This file is part of GSTI. 7 | 8 | GSTI is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | GSTI is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License 19 | along with this program; if not, write to the Free Software Foundation, 20 | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ 21 | 22 | #if HAVE_CONFIG_H 23 | #include 24 | #endif 25 | 26 | #include 27 | #include 28 | #include 29 | 30 | #include 31 | 32 | #include "gsti.h" 33 | #include "types.h" 34 | #include "buffer.h" 35 | #include "memory.h" 36 | #include "api.h" 37 | 38 | 39 | /* Log the message FMT with the arguments ARG_PTR for the context CTX, 40 | under the level LEVEL. */ 41 | static void 42 | _gsti_logv (gsti_ctx_t ctx, gsti_log_level_t level, 43 | const char *fmt, va_list arg_ptr) 44 | { 45 | gio_stream_t log_stream; 46 | int iscont = (level == GSTI_LOG_CONT); 47 | 48 | if (ctx) 49 | { 50 | if (level == GSTI_LOG_CONT) 51 | level = ctx->last_log_level; 52 | else 53 | ctx->last_log_level = level; 54 | 55 | if (ctx->log_level < level) 56 | return; 57 | } 58 | 59 | if (ctx && ctx->log_stream) 60 | log_stream = ctx->log_stream; 61 | else 62 | /* FIXME: Reimplement this in terms of GIO, when it is written. */ 63 | log_stream = stderr; 64 | 65 | /* FIXME: This is not atomic. Also, it does not show the context in 66 | which the error occured. */ 67 | if (!iscont) 68 | fputs ("gsti: ", log_stream); 69 | switch (level) 70 | { 71 | case GSTI_LOG_CONT: 72 | break; 73 | 74 | case GSTI_LOG_ERROR: 75 | case GSTI_LOG_INFO: 76 | break; 77 | 78 | case GSTI_LOG_DEBUG: 79 | /* FIXME: Reimplement this in terms of GIO, when it is written. */ 80 | if (!iscont) 81 | fputs ("DBG: ", log_stream); 82 | break; 83 | 84 | case GSTI_LOG_NONE: 85 | default: 86 | assert (!"unexpected log level"); 87 | } 88 | /* FIXME: Reimplement this in terms of GIO, when it is written. */ 89 | vfprintf (log_stream, fmt, arg_ptr); 90 | } 91 | 92 | 93 | /* Log the error ERR, which occured in context CTX, and return it. */ 94 | void 95 | _gsti_log_err (gsti_ctx_t ctx, const char *fmt, ...) 96 | { 97 | va_list arg; 98 | 99 | va_start (arg, fmt); 100 | _gsti_logv (ctx, GSTI_LOG_ERROR, fmt, arg); 101 | va_end (arg); 102 | } 103 | 104 | 105 | /* Log the information FMT for context CTX. */ 106 | void 107 | _gsti_log_info (gsti_ctx_t ctx, const char *fmt, ...) 108 | { 109 | va_list arg; 110 | 111 | va_start (arg, fmt); 112 | _gsti_logv (ctx, GSTI_LOG_INFO, fmt, arg); 113 | va_end (arg); 114 | } 115 | 116 | /* Log the information FMT for context CTX; this version does not 117 | print a prefix and should be used to continue a log line. */ 118 | void 119 | _gsti_log_cont (gsti_ctx_t ctx, const char *fmt, ...) 120 | { 121 | va_list arg; 122 | 123 | va_start (arg, fmt); 124 | _gsti_logv (ctx, GSTI_LOG_CONT, fmt, arg); 125 | va_end (arg); 126 | } 127 | 128 | 129 | /* Log the debug message FMT for context CTX. */ 130 | void 131 | _gsti_log_debug (gsti_ctx_t ctx, const char *fmt, ...) 132 | { 133 | va_list arg; 134 | 135 | va_start (arg, fmt); 136 | _gsti_logv (ctx, GSTI_LOG_DEBUG, fmt, arg); 137 | va_end (arg); 138 | } 139 | 140 | 141 | /* Set the stream for logging output for context CTX to STREAM. This 142 | acquires a new reference to the stream. */ 143 | gsti_error_t 144 | gsti_set_log_stream (gsti_ctx_t ctx, gio_stream_t stream) 145 | { 146 | gio_stream_t new_stream; 147 | 148 | if (ctx->log_stream) 149 | { 150 | /* FIXME: Implement this in terms of GIO, when it is written. */ 151 | fflush (ctx->log_stream); 152 | ctx->log_stream = NULL; 153 | } 154 | 155 | /* FIXME: Implement this in terms of GIO, when it is written. */ 156 | new_stream = fdopen (fileno (stream), "r"); 157 | if (!new_stream) 158 | return gsti_error (GPG_ERR_INV_ARG); 159 | 160 | ctx->log_stream = new_stream; 161 | return 0; 162 | } 163 | 164 | 165 | /* Set the maximum level up to which messages are passed to the log 166 | handler for the context CTX. */ 167 | void 168 | gsti_set_log_level (gsti_ctx_t ctx, gsti_log_level_t level) 169 | { 170 | ctx->log_level = level; 171 | } 172 | -------------------------------------------------------------------------------- /examples/keytool.c: -------------------------------------------------------------------------------- 1 | /* keytool.c - Key API example 2 | * Copyright (C) 2002 Timo Schulz 3 | * 4 | * This file is part of GSTI. 5 | * 6 | * GSTI is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * GSTI is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 19 | */ 20 | 21 | #include 22 | #include 23 | #include 24 | #include /* ????? fixme */ 25 | #include 26 | 27 | #include "gsti.h" 28 | #include "types.h" 29 | #include "pubkey.h" 30 | 31 | #define DSS_PUBKEY "dsa.pub" 32 | #define DSS_SECKEY "dsa.sec" 33 | 34 | #define RSA_PUBKEY "rsa.pub" 35 | #define RSA_SECKEY "rsa.sec" 36 | 37 | 38 | /* fingerprint #77:82:ed:59:b0:a3:b3:5b:8b:c1:66:cd:01:9b:97:80# */ 39 | /* secret key #7e:17:76:1b:3a:fe:05:ff:a9:08:4e:2b:6c:fd:aa:a6:c0:a6:b5:90# */ 40 | 41 | static void 42 | print_fpr (unsigned char *fpr, int n) 43 | { 44 | char *fprhex; 45 | int i; 46 | 47 | fprhex = calloc (1, 128); 48 | if (!fprhex) 49 | abort (); 50 | for (i = 0; i < n; i++) 51 | { 52 | int c = (i != (n - 1)) ? ':' : ' '; 53 | sprintf (fprhex + 3 * i, "%02X%c", fpr[i], c); 54 | } 55 | fprintf (stderr, "%s\n", fprhex); 56 | free (fprhex); 57 | } 58 | 59 | 60 | static void 61 | genkey (int algo) 62 | { 63 | gcry_sexp_t s_key = NULL, s_param = NULL; 64 | gsti_error_t err; 65 | gsti_key_t key; 66 | const char * s; 67 | int nbits = 1024; 68 | 69 | algo = SSH_PK_RSA; /* XXX */ 70 | switch (algo) 71 | { 72 | case SSH_PK_DSS: s = "(genkey(dsa(nbits %d)))"; break; 73 | case SSH_PK_RSA: s = "(genkey(rsa(nbits %d)))"; break; 74 | default: printf ("invalid pk algo '%d'\n", algo); return; 75 | } 76 | err = gcry_sexp_build (&s_param, NULL, s, nbits); 77 | if (!err) 78 | err = gcry_pk_genkey (&s_key, s_param); 79 | if (err) 80 | printf ("genkey: %s\n", gsti_strerror (err)); 81 | 82 | gcry_sexp_release (s_param); 83 | gcry_sexp_dump (s_key); 84 | 85 | gsti_key_from_sexp (s_key, &key); 86 | gcry_sexp_release (s_key); 87 | 88 | gsti_key_save (RSA_PUBKEY, 0, key); 89 | gsti_key_save (RSA_SECKEY, 1, key); 90 | gsti_key_free (key); 91 | } 92 | 93 | 94 | int 95 | main (int argc, char **argv) 96 | { 97 | gcry_mpi_t sig[2]; 98 | gsti_key_t key; 99 | unsigned char *fpr; 100 | int rc, md_arr[2], i; 101 | 102 | gsti_control (GSTI_SECMEM_INIT); 103 | if (argc != 1) 104 | { 105 | argc--, argv++; 106 | genkey (atoi (*argv)); 107 | return 0; 108 | } 109 | 110 | rc = gsti_key_load (DSS_PUBKEY, 0, &key); 111 | if (rc) 112 | { 113 | printf ("load pubkey: %s: `%s'\n", DSS_PUBKEY, gsti_strerror (rc)); 114 | exit (1); 115 | } 116 | md_arr[0] = GSTI_DIGEST_MD5; 117 | md_arr[1] = GSTI_DIGEST_SHA1; 118 | for (i = 0; i < 2; i++) 119 | { 120 | rc = gsti_key_fingerprint (key, md_arr[i], &fpr); 121 | if (rc) 122 | printf ("could not get fingerprint.\n"); 123 | else 124 | { 125 | print_fpr (fpr, i==0? 16 : 20); 126 | free (fpr); 127 | } 128 | } 129 | 130 | gsti_key_free (key); 131 | key = NULL; 132 | 133 | rc = gsti_key_load (RSA_PUBKEY, 0, &key); 134 | if (rc) 135 | { 136 | printf ("load rsa pubkey: %s: %s\n", RSA_PUBKEY, gsti_strerror (rc)); 137 | exit (1); 138 | } 139 | md_arr[0] = GSTI_DIGEST_MD5; 140 | md_arr[1] = GSTI_DIGEST_SHA1; 141 | for (i=0; i < 2; i++) 142 | { 143 | rc = gsti_key_fingerprint (key, md_arr[i], &fpr); 144 | if (rc) 145 | printf ("could not get fngerprint.\n"); 146 | else 147 | { 148 | print_fpr (fpr, i == 0? 16 : 20); 149 | free (fpr); 150 | } 151 | } 152 | 153 | gsti_key_free (key); 154 | key= NULL; 155 | sig[0] = sig[1] = NULL; 156 | 157 | rc = gsti_key_load (DSS_SECKEY, 1, &key); 158 | if (rc) 159 | { 160 | printf ("load seckey: %s: `%s'\n", DSS_SECKEY, gsti_strerror (rc)); 161 | goto leave; 162 | } 163 | 164 | rc = _gsti_dss_sign (key, fpr, sig); 165 | if (rc) 166 | { 167 | printf ("signing test failed: %s\n", gsti_strerror (rc)); 168 | goto leave; 169 | } 170 | rc = _gsti_dss_verify (key, fpr, sig); 171 | if (rc) 172 | { 173 | printf ("verify signature failed: %s\n", gsti_strerror (rc)); 174 | goto leave; 175 | } 176 | printf ("key check: ok (rc=%d)\n", rc); 177 | 178 | leave: 179 | if (fpr) 180 | free (fpr); 181 | if (sig[0]) 182 | gcry_mpi_release (sig[0]); 183 | if (sig[1]) 184 | gcry_mpi_release (sig[1]); 185 | gsti_key_free (key); 186 | gsti_control (GSTI_SECMEM_RELEASE); 187 | 188 | return 0; 189 | } 190 | -------------------------------------------------------------------------------- /src/stream.c: -------------------------------------------------------------------------------- 1 | /* stream.c - input output buffering 2 | Copyright (C) 1999 Werner Koch 3 | Copyright (C) 2002 Timo Schulz 4 | Copyright (C) 2004 g10 Code GmbH 5 | 6 | This file is part of GSTI. 7 | 8 | GSTI is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | GSTI is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License 19 | along with this program; if not, write to the Free Software Foundation, 20 | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ 21 | 22 | #if HAVE_CONFIG_H 23 | #include 24 | #endif 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | #include "types.h" 32 | #include "memory.h" 33 | #include "stream.h" 34 | 35 | 36 | #define STREAM_BUFSIZE 512 37 | 38 | /* Create a new read stream. */ 39 | gsti_error_t 40 | _gsti_read_stream_new (read_stream_t * r_shd, 41 | gsti_read_fnc_t readfnc, void * fnc_ctx) 42 | { 43 | read_stream_t a; 44 | 45 | a = _gsti_xcalloc (1, sizeof *a + STREAM_BUFSIZE - 1); 46 | a->readfnc = readfnc; 47 | a->fnc_ctx = fnc_ctx; 48 | a->size = STREAM_BUFSIZE; 49 | *r_shd = a; 50 | 51 | return 0; 52 | } 53 | 54 | 55 | void 56 | _gsti_read_stream_free (read_stream_t a) 57 | { 58 | _gsti_free (a); 59 | } 60 | 61 | 62 | /* This is the function version of the stream_get() macro. It is used 63 | internally to to the underflow handling. It may be used directly. 64 | the function returns -1 on EOF. */ 65 | int 66 | _gsti_stream_getbyte (read_stream_t a) 67 | { 68 | gsti_error_t rc; 69 | size_t n; 70 | 71 | if (a->start < a->len) 72 | return a->buf[a->start++]; 73 | if (a->read_eof) 74 | return -1; 75 | 76 | a->len = 0; 77 | a->start = 0; 78 | n = a->size; 79 | rc = a->readfnc (a->fnc_ctx, a->buf, n, &n); 80 | if (rc) 81 | { 82 | a->error = rc; 83 | return -1; 84 | } 85 | if (!n) 86 | { 87 | a->read_eof = 1; 88 | return -1; 89 | } 90 | a->len = n; 91 | return a->buf[a->start++]; 92 | } 93 | 94 | 95 | /* Read NBYTES from A and store it in buffer. If BUFFER is NULL the 96 | given anpount is actually skipped. Returns 0 on success or an 97 | error code. */ 98 | gsti_error_t 99 | _gsti_stream_readn (read_stream_t a, byte * buffer, size_t nbytes) 100 | { 101 | int c; 102 | 103 | while (nbytes) 104 | { 105 | c = _gsti_stream_get (a); 106 | if (c == -1) 107 | return a->error ? a->error : gsti_error (GPG_ERR_EOF); 108 | if (buffer) 109 | { 110 | *buffer = c; 111 | buffer++; 112 | } 113 | nbytes--; 114 | } 115 | 116 | return 0; 117 | } 118 | 119 | 120 | gsti_error_t 121 | _gsti_write_stream_new (write_stream_t * r_shd, 122 | gsti_write_fnc_t writefnc, void * fnc_ctx) 123 | { 124 | write_stream_t a; 125 | 126 | a = _gsti_xcalloc (1, sizeof *a + STREAM_BUFSIZE - 1); 127 | a->writefnc = writefnc; 128 | a->fnc_ctx = fnc_ctx; 129 | a->size = STREAM_BUFSIZE; 130 | *r_shd = a; 131 | 132 | return 0; 133 | } 134 | 135 | 136 | void 137 | _gsti_write_stream_free (write_stream_t a) 138 | { 139 | _gsti_free (a); 140 | } 141 | 142 | 143 | /* This is the function version of the stream_put() macro. It is used 144 | internally to do the flush handling. It may be used directly. */ 145 | int 146 | _gsti_stream_putbyte (write_stream_t a, int c) 147 | { 148 | size_t n; 149 | gsti_error_t rc; 150 | 151 | if (!a->used) 152 | return 0; 153 | 154 | rc = a->writefnc (a->fnc_ctx, a->buf, a->used, &n); 155 | if (rc) 156 | { 157 | a->error = rc; 158 | return -1; 159 | } 160 | a->used = 0; 161 | return _gsti_stream_put (a, c); 162 | } 163 | 164 | 165 | gsti_error_t 166 | _gsti_stream_flush (write_stream_t a) 167 | { 168 | size_t n; 169 | gsti_error_t rc; 170 | 171 | rc = a->used ? a->writefnc (a->fnc_ctx, a->buf, a->used, &n) : 0; 172 | if (rc) 173 | { 174 | a->error = rc; 175 | return rc; 176 | } 177 | a->used = 0; 178 | rc = a->writefnc (a->fnc_ctx, NULL, 0, NULL); 179 | if (rc) 180 | { 181 | a->error = rc; 182 | return rc; 183 | } 184 | return 0; 185 | } 186 | 187 | 188 | /* Write NBYTES from buffer. If BUFFER is NULL the strong random bytes 189 | are written. Returns 0 on success or an error code. */ 190 | gsti_error_t 191 | _gsti_stream_writen (write_stream_t a, const void *buffer, size_t nbytes) 192 | { 193 | gsti_error_t err = 0; 194 | const unsigned char *s = buffer; 195 | 196 | if (buffer) 197 | { 198 | while (nbytes) 199 | { 200 | if (_gsti_stream_put (a, *s)) 201 | { 202 | err = a->error; 203 | break; 204 | } 205 | s++; 206 | nbytes--; 207 | } 208 | } 209 | else 210 | { /* write random padding */ 211 | byte * pad = _gsti_xcalloc (1, nbytes); 212 | gcry_create_nonce (pad, nbytes); 213 | err = _gsti_stream_writen (a, pad, nbytes); 214 | gcry_free (pad); 215 | } 216 | 217 | return err; 218 | } 219 | -------------------------------------------------------------------------------- /src/banner.c: -------------------------------------------------------------------------------- 1 | /* auth.c - Public key authentication 2 | Copyright (C) 2002 Timo Schulz 3 | Copyright (C) 2004, 2010 g10 Code GmbH 4 | 5 | This file is part of GSTI. 6 | 7 | GSTI is free software; you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation; either version 2 of the License, or 10 | (at your option) any later version. 11 | 12 | GSTI is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with GSTI; if not, write to the Free Software Foundation, 19 | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ 20 | 21 | #if HAVE_CONFIG_H 22 | #include 23 | #endif 24 | 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | #include "types.h" 31 | #include "utils.h" 32 | #include "buffer.h" 33 | #include "api.h" 34 | #include "packet.h" 35 | 36 | 37 | 38 | typedef struct 39 | { 40 | gsti_bstr_t msg; 41 | gsti_bstr_t lang; 42 | 43 | } MSG_auth_banner; 44 | 45 | /* 46 | Helper functions. 47 | 48 | */ 49 | 50 | 51 | /* Read a bstring and return it as a BSTR object. */ 52 | static gsti_error_t 53 | read_bstring (gsti_buffer_t buf, gsti_bstr_t * r_dst) 54 | { 55 | gsti_error_t err; 56 | char *p; 57 | size_t n; 58 | 59 | err = gsti_buf_getstr (buf, &p, &n); 60 | if (err) 61 | return err; 62 | 63 | err = gsti_bstr_make (r_dst, p, n); 64 | free (p); 65 | 66 | return err; 67 | } 68 | 69 | 70 | 71 | 72 | 73 | /* 74 | Banner stuff 75 | 76 | */ 77 | 78 | static void 79 | dump_auth_banner (gsti_ctx_t ctx, MSG_auth_banner * ban) 80 | { 81 | _gsti_log_debug (ctx, "MSG_userauth_banner:\n"); 82 | _gsti_dump_bstring (ctx, " msg: ", ban->msg); 83 | _gsti_dump_bstring (ctx, " lang: ", ban->lang); 84 | } 85 | 86 | 87 | static gsti_error_t 88 | build_auth_banner (MSG_auth_banner * ban, packet_buffer_t pkt) 89 | { 90 | gsti_error_t err; 91 | gsti_buffer_t buf; 92 | size_t len; 93 | 94 | assert (pkt->size > (gsti_bstr_length (ban->msg)+8)); 95 | 96 | err = gsti_buf_alloc (&buf); 97 | if (err) 98 | return err; 99 | 100 | err = gsti_buf_putc (buf, 0); 101 | if (!err) 102 | err = gsti_buf_putbstr (buf, ban->msg); 103 | if (!err) 104 | err = gsti_buf_putbstr (buf, ban->lang); 105 | if (!err) 106 | { 107 | len = gsti_buf_readable (buf); 108 | pkt->type = SSH_MSG_USERAUTH_BANNER; 109 | pkt->payload_len = len; 110 | err = gsti_buf_getraw (buf, pkt->payload, len); 111 | assert (!err); 112 | } 113 | 114 | gsti_buf_free (buf); 115 | return err; 116 | } 117 | 118 | 119 | static gsti_error_t 120 | parse_auth_banner (MSG_auth_banner * ban, const gsti_buffer_t buf) 121 | { 122 | gsti_error_t err; 123 | int val; 124 | 125 | memset (ban, 0, sizeof * ban); 126 | if (gsti_buf_readable (buf) < (4+4)) 127 | return gsti_error (GPG_ERR_TOO_SHORT); 128 | 129 | err = gsti_buf_getc (buf, &val); 130 | if (err) 131 | return err; 132 | if (val != SSH_MSG_USERAUTH_BANNER) 133 | return gsti_error (GPG_ERR_UNEXPECTED); 134 | 135 | err = read_bstring (buf, &ban->msg); 136 | if (!err) 137 | err = read_bstring (buf, &ban->lang); 138 | 139 | if (!err && gsti_buf_readable (buf)) 140 | err = gsti_error (GPG_ERR_INV_PACKET); 141 | return err; 142 | } 143 | 144 | 145 | static gsti_error_t 146 | init_banner (MSG_auth_banner *ban, gsti_ctx_t ctx, 147 | const char * lang, size_t llen) 148 | { 149 | gsti_error_t err; 150 | 151 | if (!ctx) 152 | return gsti_error (GPG_ERR_INV_ARG); 153 | if (!lang) 154 | { 155 | lang = "en_US"; 156 | llen = 5; 157 | } 158 | if (!ctx->banner) 159 | err = gsti_bstr_make (&ban->msg, "", 0); 160 | else 161 | err = gsti_bstr_copy (&ban->msg, ctx->banner); 162 | if (!err) 163 | err = gsti_bstr_make (&ban->lang, lang, llen); 164 | return err; 165 | } 166 | 167 | 168 | static void 169 | free_auth_banner (MSG_auth_banner * ban) 170 | { 171 | if (ban) 172 | { 173 | gsti_bstr_free (ban->msg); 174 | gsti_bstr_free (ban->lang); 175 | } 176 | } 177 | 178 | 179 | gsti_error_t 180 | _gsti_auth_proc_banner_packet (gsti_ctx_t ctx) 181 | { 182 | MSG_auth_banner ban; 183 | gsti_error_t err; 184 | 185 | if (ctx->pkt.type != SSH_MSG_USERAUTH_BANNER) 186 | return gsti_error (GPG_ERR_BUG); 187 | 188 | memset (&ban, 0, sizeof ban); 189 | err = parse_auth_banner (&ban, ctx->pktbuf); 190 | if (!err) 191 | { 192 | gsti_bstr_free (ctx->banner); 193 | ctx->banner = ban.msg; 194 | ban.msg = NULL; 195 | } 196 | 197 | dump_auth_banner (ctx, &ban); 198 | free_auth_banner (&ban); 199 | return err; 200 | } 201 | 202 | 203 | gsti_error_t 204 | _gsti_auth_send_banner_packet (gsti_ctx_t ctx) 205 | { 206 | MSG_auth_banner ban; 207 | gsti_error_t err; 208 | 209 | memset (&ban, 0, sizeof ban); 210 | err = init_banner (&ban, ctx, NULL, 0); 211 | if (!err) 212 | err = build_auth_banner (&ban, &ctx->pkt); 213 | if (!err) 214 | err = _gsti_packet_write (ctx, &ctx->pkt); 215 | if (!err) 216 | err = _gsti_packet_flush (ctx); 217 | 218 | dump_auth_banner (ctx, &ban); 219 | free_auth_banner (&ban); 220 | return err; 221 | } 222 | 223 | 224 | gsti_error_t 225 | _gsti_banner_run_auth_cb (gsti_ctx_t ctx) 226 | { 227 | if (!ctx->auth_cb) 228 | return 0; 229 | 230 | return ctx->auth_cb (ctx->auth_cb_val, GSTI_AUTHCB_BANNER, 231 | gsti_bstr_data (ctx->banner), 232 | gsti_bstr_length (ctx->banner)); 233 | } 234 | 235 | -------------------------------------------------------------------------------- /m4/lt~obsolete.m4: -------------------------------------------------------------------------------- 1 | # lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- 2 | # 3 | # Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc. 4 | # Written by Scott James Remnant, 2004. 5 | # 6 | # This file is free software; the Free Software Foundation gives 7 | # unlimited permission to copy and/or distribute it, with or without 8 | # modifications, as long as this notice is preserved. 9 | 10 | # serial 4 lt~obsolete.m4 11 | 12 | # These exist entirely to fool aclocal when bootstrapping libtool. 13 | # 14 | # In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN) 15 | # which have later been changed to m4_define as they aren't part of the 16 | # exported API, or moved to Autoconf or Automake where they belong. 17 | # 18 | # The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN 19 | # in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us 20 | # using a macro with the same name in our local m4/libtool.m4 it'll 21 | # pull the old libtool.m4 in (it doesn't see our shiny new m4_define 22 | # and doesn't know about Autoconf macros at all.) 23 | # 24 | # So we provide this file, which has a silly filename so it's always 25 | # included after everything else. This provides aclocal with the 26 | # AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything 27 | # because those macros already exist, or will be overwritten later. 28 | # We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. 29 | # 30 | # Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. 31 | # Yes, that means every name once taken will need to remain here until 32 | # we give up compatibility with versions before 1.7, at which point 33 | # we need to keep only those names which we still refer to. 34 | 35 | # This is to help aclocal find these macros, as it can't see m4_define. 36 | AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) 37 | 38 | m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) 39 | m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) 40 | m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) 41 | m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) 42 | m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) 43 | m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) 44 | m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) 45 | m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) 46 | m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) 47 | m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) 48 | m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) 49 | m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) 50 | m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) 51 | m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) 52 | m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) 53 | m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) 54 | m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) 55 | m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) 56 | m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) 57 | m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) 58 | m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) 59 | m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) 60 | m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) 61 | m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) 62 | m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) 63 | m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) 64 | m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) 65 | m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) 66 | m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) 67 | m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) 68 | m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) 69 | m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) 70 | m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) 71 | m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) 72 | m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) 73 | m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) 74 | m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) 75 | m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) 76 | m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) 77 | m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) 78 | m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) 79 | m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) 80 | m4_ifndef([AC_LIBTOOL_RC], [AC_DEFUN([AC_LIBTOOL_RC])]) 81 | m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) 82 | m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) 83 | m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) 84 | m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) 85 | m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) 86 | m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) 87 | m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) 88 | m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) 89 | m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) 90 | m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) 91 | m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) 92 | m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) 93 | -------------------------------------------------------------------------------- /src/utils.c: -------------------------------------------------------------------------------- 1 | /* utils.c - Some utility functions. 2 | Copyright (C) 1999 Werner Koch 3 | Copyright (C) 2002 Timo Schulz 4 | Copyright (C) 2004 g10 Code GmbH 5 | 6 | This file is part of GSTI. 7 | 8 | GSTI is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | GSTI is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License 19 | along with this program; if not, write to the Free Software Foundation, 20 | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ 21 | 22 | #if HAVE_CONFIG_H 23 | #include 24 | #endif 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | #include "types.h" 34 | #include "memory.h" 35 | #include "utils.h" 36 | #include "buffer.h" 37 | 38 | 39 | /**************** 40 | * Take a comma separated list of algorithm identifiers and 41 | * return a STRLIST with these algorithms. 42 | */ 43 | gsti_strlist_t 44 | _gsti_algolist_parse (const char * string, size_t length) 45 | { 46 | const char *comma, *s; 47 | size_t n; 48 | gsti_strlist_t item, list, *listp; 49 | 50 | list = NULL; 51 | listp = &list; 52 | for (;;) 53 | { 54 | comma = memchr (string, ',', length); 55 | n = comma ? (comma - string) : length; 56 | if (n) 57 | { 58 | for (s = string; n && *s && isspace (*(const unsigned char*)s); 59 | n--, s++) 60 | ; 61 | if (*s && n) 62 | { /* we have at least one non-space charcater */ 63 | item = _gsti_xmalloc (sizeof *item + n); 64 | item->next = NULL; 65 | memcpy (item->d, string, n); 66 | /* and trim trailing spaces */ 67 | for (n--; n && isspace ((unsigned int)item->d[n]); n--) 68 | ; 69 | item->d[++n] = 0; 70 | *listp = item; 71 | listp = &item->next; 72 | } 73 | } 74 | 75 | if (!comma) 76 | return list; 77 | comma++; 78 | length -= comma - string; 79 | string = comma; 80 | } 81 | } 82 | 83 | size_t 84 | _gsti_algolist_build (byte * buffer, size_t length, gsti_strlist_t list) 85 | { 86 | size_t n; 87 | int any = 0; 88 | byte *p = buffer; 89 | 90 | if (length < 4) 91 | return 0; /* not event enough space to hold the length */ 92 | length -= 4; 93 | p += 4; 94 | for (; list; list = list->next) 95 | { 96 | n = strlen (list->d); 97 | if (n) 98 | { 99 | if (n + any > length) 100 | return 0; /* too short */ 101 | if (any) 102 | { 103 | *p++ = ','; 104 | length--; 105 | } 106 | else 107 | any = 1; 108 | memcpy (p, list->d, n); 109 | p += n; 110 | length -= n; 111 | } 112 | } 113 | n = (p - buffer) - 4; 114 | p = buffer; 115 | p[0] = n >> 24; 116 | p[1] = n >> 16; 117 | p[2] = n >> 8; 118 | p[3] = n; 119 | 120 | return n + 4; 121 | } 122 | 123 | 124 | int 125 | _gsti_algolist_find (gsti_strlist_t list, const char *algo) 126 | { 127 | gsti_strlist_t l; 128 | 129 | for (l = list; l; l = l->next) 130 | { 131 | if (!strcmp (l->d, algo)) 132 | return 1; 133 | } 134 | return 0; 135 | } 136 | 137 | 138 | void 139 | _gsti_print_string (gsti_ctx_t ctx, const char *string, size_t n) 140 | { 141 | const unsigned char *p = (const unsigned char*)string; 142 | size_t i; 143 | 144 | for (i=0; i < n; i++) 145 | if (p[i] < 32 || p[i] > 126) 146 | break; 147 | if (i < n || *p == '\"') 148 | { 149 | for (; n; n--, p++) 150 | _gsti_log_cont (ctx, "%02X", *p); 151 | } 152 | else 153 | { 154 | _gsti_log_cont (ctx, "\""); 155 | for (; n; n--, p++) 156 | _gsti_log_cont (ctx, "%c", *p); 157 | _gsti_log_cont (ctx, "\""); 158 | } 159 | } 160 | 161 | 162 | void 163 | _gsti_dump_object (gsti_ctx_t ctx, 164 | const char *prefix, int type, void *opaque, size_t len) 165 | { 166 | 167 | /* FIXME: check whether debugging is enabled and shortcut this 168 | function otherwise. */ 169 | 170 | if (!opaque) 171 | return; 172 | switch (type) 173 | { 174 | case TYPE_HEXBUF: 175 | { 176 | byte *buf = opaque; 177 | _gsti_log_debug (ctx, "%s", prefix); 178 | for (; len; len--, buf++) 179 | _gsti_log_cont (ctx, "%02X", *buf); 180 | _gsti_log_cont (ctx, "\n"); 181 | break; 182 | } 183 | case TYPE_STRLIST: 184 | { 185 | gsti_strlist_t list = opaque; 186 | int i; 187 | for (i = 0; list; list = list->next, i++) 188 | _gsti_log_debug (ctx, "%s[%d]: `%s'\n", prefix, i, list->d); 189 | break; 190 | } 191 | case TYPE_MPI: 192 | { 193 | gcry_mpi_t a = opaque; 194 | unsigned char buf[400]; 195 | size_t n; 196 | 197 | if (gcry_mpi_print (GCRYMPI_FMT_HEX, buf, sizeof buf, &n, a)) 198 | strcpy ((char*)buf, "[can't print value]"); 199 | _gsti_log_debug (ctx, "%s%s\n", prefix, buf); 200 | break; 201 | } 202 | case TYPE_BSTRING: 203 | { 204 | gsti_bstr_t a = opaque; 205 | _gsti_log_debug (ctx, "%s", prefix); 206 | if (a) 207 | _gsti_print_string (ctx, gsti_bstr_data (a), gsti_bstr_length (a)); 208 | _gsti_log_cont (ctx, "\n"); 209 | break; 210 | } 211 | case TYPE_BUFFER: 212 | { 213 | gsti_buffer_t buf = opaque; 214 | int amount = gsti_buf_readable (buf); 215 | unsigned char *data = gsti_buf_getptr (buf); 216 | 217 | if (!amount) 218 | _gsti_log_debug (ctx, "[empty]\n"); 219 | else 220 | { 221 | while (amount--) 222 | _gsti_log_debug (ctx, "%4x", *(data++)); 223 | _gsti_log_cont (ctx, "\n"); 224 | } 225 | break; 226 | } 227 | 228 | } 229 | } 230 | 231 | void 232 | _gsti_bstring_hash (gcry_md_hd_t md, gsti_bstr_t a) 233 | { 234 | byte buf[4]; 235 | size_t n = gsti_bstr_length (a); 236 | 237 | buf[0] = n >> 24; 238 | buf[1] = n >> 16; 239 | buf[2] = n >> 8; 240 | buf[3] = n; 241 | gcry_md_write (md, buf, 4); 242 | gcry_md_write (md, gsti_bstr_data (a), n); 243 | } 244 | -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- 1 | # Configure.ac script for GSTI 2 | # Copyright (C) 1999 Werner Koch 3 | # Copyright (C) 2004 g10 COde GmbH 4 | # 5 | # This file is part of GSTI. 6 | # 7 | # GSTI is free software; you can redistribute it and/or modify it 8 | # under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 2.1 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # GSTI is distributed in the hope that it will be useful, but WITHOUT 13 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 14 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 15 | # License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, see . 19 | # 20 | # (Process this file with autoconf to produce a configure script.) 21 | AC_PREREQ(2.59) 22 | min_automake_version="1.10" 23 | 24 | # Remember to change the version number immediately *after* a release. 25 | # Set my_issvn to "yes" for non-released code. Remember to run an 26 | # "svn up" and "autogen.sh" right before creating a distribution. 27 | m4_define([my_version], [0.5.0]) 28 | m4_define([my_issvn], [yes]) 29 | 30 | m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ 31 | | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) 32 | AC_INIT([gsti], 33 | [my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision])], 34 | [bug-libgcrypt@gnupg.org]) 35 | 36 | # LT Version numbers, remember to change them just *before* a release. 37 | # (Code changed: REVISION++) 38 | # (Interfaces added/removed/changed: CURRENT++, REVISION=0) 39 | # (Interfaces added: AGE++) 40 | # (Interfaces removed: AGE=0) 41 | LIBGSTI_LT_CURRENT=0 42 | LIBGSTI_LT_AGE=0 43 | LIBGSTI_LT_REVISION=1 44 | 45 | # If the API is changed in an incompatible way: increment the next counter. 46 | LIBGSTI_CONFIG_API_VERSION=1 47 | 48 | # 49 | # Required library versions. 50 | # 51 | NEED_GPG_ERROR_VERSION=1.0 52 | 53 | NEED_LIBGCRYPT_API=1 54 | NEED_LIBGCRYPT_VERSION=1.4.0 55 | 56 | 57 | # 58 | # Setup standard defines 59 | # 60 | PACKAGE=$PACKAGE_NAME 61 | VERSION=$PACKAGE_VERSION 62 | 63 | AC_CONFIG_SRCDIR([src/gsti.h.in]) 64 | AM_INIT_AUTOMAKE([]) 65 | AM_CONFIG_HEADER(config.h) 66 | AC_CONFIG_MACRO_DIR([m4]) 67 | 68 | AC_SUBST(LIBGSTI_LT_CURRENT) 69 | AC_SUBST(LIBGSTI_LT_AGE) 70 | AC_SUBST(LIBGSTI_LT_REVISION) 71 | AC_SUBST(PACKAGE) 72 | AC_SUBST(VERSION) 73 | AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of this package]) 74 | AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version of this package]) 75 | 76 | 77 | AC_GNU_SOURCE 78 | AM_MAINTAINER_MODE 79 | 80 | have_gpg_error=no 81 | have_libgcrypt=no 82 | 83 | 84 | # 85 | # Configure options 86 | # 87 | AC_MSG_CHECKING([whether to enable internal ZLIB compression support]) 88 | AC_ARG_ENABLE(newzlib, 89 | [ --enable-newzlib enable internal ZLIB compression support], 90 | use_newzlib=yes, use_newzlib=no) 91 | AC_MSG_RESULT($use_newzlib) 92 | if test "$use_newzlib" = yes; then 93 | AC_DEFINE(USE_NEWZLIB, 1, [Define to include internal ZLIB support]) 94 | fi 95 | 96 | 97 | # 98 | # Checks for programs 99 | # 100 | missing_dir=`cd $ac_aux_dir && pwd` 101 | AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir) 102 | AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) 103 | AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir) 104 | AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) 105 | AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir) 106 | AC_PROG_AWK 107 | AC_PROG_CC 108 | AC_PROG_CPP 109 | AC_PROG_INSTALL 110 | AC_PROG_LN_S 111 | AC_PROG_MAKE_SET 112 | 113 | AC_C_INLINE 114 | 115 | LT_PREREQ([2.2.6]) 116 | LT_INIT([win32-dll disable-shared]) 117 | LT_LANG([Windows Resource]) 118 | 119 | if test "$GCC" = yes; then 120 | CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" 121 | fi 122 | 123 | 124 | # 125 | # Checks for header files 126 | # 127 | AC_HEADER_STDC 128 | AC_CHECK_HEADERS([string.h]) 129 | 130 | 131 | # 132 | # Checks for typedefs and structures 133 | # 134 | 135 | # 136 | # Checks for compiler features 137 | # 138 | 139 | # 140 | # Checks for library functions 141 | # 142 | 143 | # 144 | # libgpg-error is a library with error codes shared between GnuPG 145 | # related projects. 146 | # 147 | AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION", 148 | have_gpg_error=yes,have_gpg_error=no) 149 | AC_DEFINE(GPG_ERR_SOURCE_DEFAULT, GPG_ERR_SOURCE_GSTI, 150 | [The default error source for GPGME.]) 151 | 152 | # 153 | # Libgcrypt is our generic crypto library 154 | # 155 | AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION", 156 | have_libgcrypt=yes,have_libgcrypt=no) 157 | 158 | 159 | # 160 | # Checks for system services 161 | # 162 | 163 | # 164 | # Stuff to be used is gsti-config 165 | # 166 | LIBGSTI_CONFIG_LIBS="-lgsti" 167 | LIBGSTI_CONFIG_CFLAGS="" 168 | AC_SUBST(LIBGSTI_CONFIG_API_VERSION) 169 | AC_SUBST(LIBGSTI_CONFIG_LIBS) 170 | AC_SUBST(LIBGSTI_CONFIG_CFLAGS) 171 | 172 | 173 | # 174 | # Print errors here so that they are visible all 175 | # together and the user can acquire them all together. 176 | # 177 | die=no 178 | if test "$have_gpg_error" = "no"; then 179 | die=yes 180 | AC_MSG_NOTICE([[ 181 | *** 182 | *** You need libgpg-error to build this program. 183 | ** This library is for example available at 184 | *** ftp://ftp.gnupg.org/gcrypt/libgpg-error 185 | *** (at least version $NEED_GPG_ERROR_VERSION is required.) 186 | ***]]) 187 | fi 188 | if test "$have_libgcrypt" = "no"; then 189 | die=yes 190 | AC_MSG_NOTICE([[ 191 | *** 192 | *** You need libgcrypt to build this program. 193 | ** This library is for example available at 194 | *** ftp://ftp.gnupg.org/gcrypt/libgcrypt 195 | *** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API) is required.) 196 | ***]]) 197 | fi 198 | if test "$die" = "yes"; then 199 | AC_MSG_ERROR([[ 200 | *** 201 | *** Required libraries not found. Please consult the above messages 202 | *** and install them before running configure again. 203 | ***]]) 204 | fi 205 | 206 | # 207 | # Substitutions to set generated files in a Emacs buffer to read-only. 208 | # 209 | AC_SUBST(emacs_local_vars_begin, ['Local Variables:']) 210 | AC_SUBST(emacs_local_vars_read_only, ['buffer-read-only: t']) 211 | AC_SUBST(emacs_local_vars_end, ['End:']) 212 | 213 | # 214 | # Write config files 215 | # 216 | AC_CONFIG_FILES([ 217 | Makefile 218 | m4/Makefile 219 | src/Makefile 220 | src/gsti.h 221 | src/gsti-config 222 | examples/Makefile 223 | tests/Makefile 224 | doc/Makefile 225 | ]) 226 | AC_OUTPUT 227 | -------------------------------------------------------------------------------- /src/api.h: -------------------------------------------------------------------------------- 1 | /* api.h 2 | Copyright (C) 1999 Werner Koch 3 | Copyright (C) 2002 Timo Schulz 4 | Copyright (C) 2004 g10 Code GmbH 5 | 6 | This file is part of GSTI. 7 | 8 | GSTI is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | GSTI is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License 19 | along with this program; if not, write to the Free Software Foundation, 20 | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ 21 | 22 | #ifndef GSTI_API_H 23 | #define GSTI_API_H 24 | 25 | #include "types.h" 26 | #include "stream.h" 27 | #include "utils.h" 28 | #include "auth.h" 29 | #include "banner.h" 30 | #include "ssh.h" 31 | 32 | struct packet_buffer_s 33 | { 34 | int packet_len; 35 | int padding_len; 36 | byte *packet_buffer; /* malloced of length SIZE+5 */ 37 | size_t payload_len; 38 | size_t size; 39 | byte *payload; /* = packet_buffer+5 */ 40 | int type; 41 | }; 42 | typedef struct packet_buffer_s * packet_buffer_t; 43 | 44 | struct gsti_kex_s 45 | { 46 | gsti_bstr_t h; /* current exchange hash */ 47 | gcry_mpi_t k; /* the shared secret */ 48 | gcry_mpi_t p; /* safe prime (GEX only) */ 49 | gcry_mpi_t g; /* generator for subgroup */ 50 | gsti_bstr_t iv_a; /* IV client to server */ 51 | gsti_bstr_t iv_b; /* IV server to client */ 52 | gsti_bstr_t key_c; /* Enc client to server */ 53 | gsti_bstr_t key_d; /* Enc server to client */ 54 | gsti_bstr_t mac_e; /* Mac client to server */ 55 | gsti_bstr_t mac_f; /* Mac server to client */ 56 | int type; 57 | }; 58 | typedef struct gsti_kex_s * gsti_kex_t; 59 | 60 | 61 | /* Channels. */ 62 | struct gsti_channel_type; 63 | typedef struct gsti_channel_type *gsti_channel_type_t; 64 | 65 | struct gsti_channel; 66 | typedef struct gsti_channel *gsti_channel_t; 67 | 68 | struct gsti_context 69 | { 70 | gsti_write_fnc_t writefnc; 71 | void *writectx; 72 | read_stream_t read_stream; 73 | write_stream_t write_stream; 74 | gsti_strlist_t local_services; 75 | 76 | /* Logging. */ 77 | gio_stream_t log_stream; 78 | gsti_log_level_t log_level; 79 | gsti_log_level_t last_log_level; 80 | 81 | 82 | /* True if this is the server side. This is set by 83 | gsti_set_hostkey. */ 84 | int we_are_server; 85 | 86 | gsti_bstr_t peer_version_string; /* Received from the peer. */ 87 | gsti_bstr_t host_kexinit_data; /* KEX data sent to the peer. */ 88 | gsti_bstr_t peer_kexinit_data; /* KEX data received from the peer. */ 89 | 90 | gsti_bstr_t service_name; 91 | 92 | struct packet_buffer_s pkt; 93 | gsti_buffer_t pktbuf; 94 | 95 | gsti_bstr_t session_id; /* the exchange hash from the first KEX */ 96 | u32 send_seqno; 97 | u32 recv_seqno; 98 | 99 | struct gsti_kex_s kex; 100 | 101 | void * host_kex; /* save algorithm lists */ 102 | 103 | struct 104 | { 105 | unsigned int min; 106 | unsigned int max; 107 | unsigned int n; 108 | unsigned int peer_min; 109 | unsigned int peer_max; 110 | unsigned int peer_n; 111 | unsigned int used:1; 112 | } gex; 113 | 114 | struct 115 | { 116 | unsigned short encr[8]; 117 | unsigned short compr[4]; 118 | unsigned short hmac[4]; 119 | } prefs; 120 | 121 | byte cookie[SSH_COOKIESIZE]; 122 | int sent_newkeys; 123 | int req_newkeys; 124 | 125 | gcry_mpi_t secret_x; /* temporary use only */ 126 | gcry_mpi_t kexdh_e; /* ditto */ 127 | gcry_mpi_t secret_y; /* fixme: we could reuse secret_x kexdh_e */ 128 | gcry_mpi_t kexdh_f; /* ditto */ 129 | 130 | int ciph_blksize; 131 | int ciph_algo; 132 | int ciph_mode; 133 | gcry_cipher_hd_t encrypt_hd; 134 | gcry_cipher_hd_t decrypt_hd; 135 | 136 | int mac_algo; 137 | int mac_len; 138 | gcry_md_hd_t send_mac; 139 | gcry_md_hd_t recv_mac; 140 | 141 | byte *user_read_buffer; 142 | size_t user_read_bufsize; 143 | size_t user_read_nbytes; 144 | 145 | const byte *user_write_buffer; 146 | size_t user_write_bufsize; 147 | 148 | gsti_key_t hostkey; 149 | 150 | gsti_auth_t auth; /* Current authentication info. */ 151 | gsti_auth_cb_t auth_cb; /* Authentication callback. */ 152 | void *auth_cb_val; /* First arg used for AUTH_CB. */ 153 | 154 | gsti_bstr_t banner; /* The current banner. */ 155 | 156 | struct 157 | { 158 | unsigned int use:1; 159 | unsigned int init:1; 160 | } zlib; 161 | 162 | unsigned long id; 163 | 164 | gsti_channel_type_t channel_types; 165 | 166 | gsti_channel_t channels; 167 | size_t nr_channels; 168 | size_t max_channels; 169 | 170 | /* The control callback hook. This is used by GSTI to inform the 171 | user about changes in the state of the connection. */ 172 | gsti_control_cb_t control_cb; 173 | void *control_cb_value; 174 | 175 | /* The pre-ident callback hook. This is used by GSTI to inform the 176 | user about strings sent by the server before identification. */ 177 | gsti_pre_ident_cb_t pre_ident_cb; 178 | void *pre_ident_cb_value; 179 | 180 | /* The user packet handler callback hook. This is used by GSTI to 181 | pass user-defined packets to the user. */ 182 | gsti_packet_handler_cb_t user_pkt_handler_cb; 183 | void *user_pkt_handler_cb_value; 184 | 185 | /* The current state of the connection. */ 186 | int state; 187 | /* STATE_INFO is free to be used by the data_handler callback. It 188 | is initially 0. */ 189 | unsigned int state_info; 190 | 191 | /* STATE_DATA, STATE_DATA_LEN and STATE_DATA_ALLOC are used by 192 | gsti_push_data to buffer incomplete data. FIXME: Free this 193 | somewhere. */ 194 | char *state_data; 195 | size_t state_data_len; 196 | size_t state_data_alloc; 197 | 198 | /* The DATA_HANDLER callback is used by gsti_push_data to inject 199 | data into the state machine. */ 200 | gsti_error_t (*data_handler) (gsti_ctx_t ctx, char *data, size_t data_len, 201 | size_t *amount); 202 | 203 | /* The PACKET_HANDLER callback is used by _gsti_handle_packet_data 204 | to inject a packet into the state machine. */ 205 | gsti_error_t (*packet_handler) (gsti_ctx_t ctx); 206 | }; 207 | 208 | /*-- channel.c --*/ 209 | gsti_error_t _gsti_handle_channel_packet (gsti_ctx_t ctx); 210 | 211 | #endif /* GSTI_API_H */ 212 | -------------------------------------------------------------------------------- /src/buffer.h: -------------------------------------------------------------------------------- 1 | /* buffer.h - Buffer handling. 2 | Copyright (C) 2002 Timo Schulz 3 | Copyright (C) 2004 g10 Code GmbH 4 | 5 | This file is part of GSTI. 6 | 7 | GSTI is free software; you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation; either version 2 of the License, or 10 | (at your option) any later version. 11 | 12 | GSTI is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with GSTI; if not, write to the Free Software Foundation, 19 | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ 20 | 21 | #ifndef GSTI_BUFFER_H 22 | #define GSTI_BUFFER_H 1 23 | 24 | #include 25 | 26 | #include "types.h" 27 | 28 | 29 | /* Formatted buffers. */ 30 | 31 | /* Buffers are losely formatted objects that support the SSH data 32 | types. */ 33 | struct gsti_buffer 34 | { 35 | /* The buffer data. */ 36 | gsti_byte_t *data; 37 | 38 | /* The allocated size of the buffer. */ 39 | size_t size; 40 | 41 | /* The amount of data in the buffer. */ 42 | size_t end; 43 | 44 | /* The current offset into the buffer. This is used and 45 | automatically adjusted by the various get functions. */ 46 | size_t offset; 47 | }; 48 | 49 | typedef struct gsti_buffer *gsti_buffer_t; 50 | 51 | 52 | /* Allocate a new buffer and return it in R_BUF. */ 53 | gpg_error_t gsti_buf_alloc (gsti_buffer_t *r_buf); 54 | 55 | /* Destroy the buffer BUF and release all associated resources. */ 56 | void gsti_buf_free (gsti_buffer_t buf); 57 | 58 | /* Set the content of the buffer to AMOUNT bytes starting from DATA, 59 | and reset the buffer offset. */ 60 | gpg_error_t gsti_buf_set (gsti_buffer_t buf, const char *data, size_t amount); 61 | 62 | 63 | /* Functions for appending to the buffer. These functions do not 64 | change the offset into the buffer. They grow the buffer by 65 | allocating more space if necessary. */ 66 | 67 | /* Append the character CHR to the buffer BUF. */ 68 | gpg_error_t gsti_buf_putc (gsti_buffer_t buf, int chr); 69 | 70 | /* Append the byte VAL to the buffer BUF. */ 71 | gpg_error_t gsti_buf_putbyte (gsti_buffer_t buf, gsti_byte_t val); 72 | 73 | /* Append the boolean VAL to the buffer BUF. */ 74 | gpg_error_t gsti_buf_putbool (gsti_buffer_t buf, int val); 75 | 76 | /* Append the 32-bit unsigned integer to the buffer BUF. */ 77 | gpg_error_t gsti_buf_putuint32 (gsti_buffer_t buf, gsti_uint32_t val); 78 | 79 | /* Append the string data, AMOUNT bytes starting from DATA, to the 80 | buffer BUF. */ 81 | gpg_error_t gsti_buf_putstr (gsti_buffer_t buf, const char *data, 82 | size_t amount); 83 | 84 | /* Append the binary string BSTR to the buffer BUF. */ 85 | gpg_error_t gsti_buf_putbstr (gsti_buffer_t buf, gsti_bstr_t bstr); 86 | 87 | /* Append the MPI VAL to the buffer BUF. */ 88 | gpg_error_t gsti_buf_putmpi (gsti_buffer_t buf, gcry_mpi_t mpi); 89 | 90 | /* Append AMOUNT bytes starting from DATA to the buffer BUF. */ 91 | gpg_error_t gsti_buf_putraw (gsti_buffer_t buf, const void *data, 92 | size_t amount); 93 | 94 | 95 | /* Functions for reading from the buffer. These functions usually 96 | increase the buffer offset. */ 97 | 98 | /* Return the amount of data left for reading in the buffer BUF 99 | without changing the buffer offset. */ 100 | size_t gsti_buf_readable (gsti_buffer_t buf); 101 | 102 | /* Return a pointer to the first byte of the currently readable buffer 103 | data. */ 104 | void *gsti_buf_getptr (gsti_buffer_t buf); 105 | 106 | /* Return the character at the current offset in the buffer BUF in 107 | R_CHR, and increase the offset to point to the byte following that 108 | character. Returns the GPG_ERR_INV_PACKET error code if there is 109 | no more character in the buffer. */ 110 | gpg_error_t gsti_buf_getc (gsti_buffer_t buf, int *r_chr); 111 | 112 | /* Return the byte at the current offset in the buffer BUF in R_VAL, and 113 | increase the offset to point to the byte following that character. 114 | Returns the GPG_ERR_INV_PACKET error code if there is no more 115 | character in the buffer. */ 116 | gpg_error_t gsti_buf_getbyte (gsti_buffer_t buf, gsti_byte_t *r_val); 117 | 118 | /* Return the boolean at the current offset in the buffer BUF in 119 | R_VAL, and increase the offset to point to the byte following that 120 | boolean. Returns the GPG_ERR_INV_PACKET error code if there is no 121 | boolean in the buffer. */ 122 | gpg_error_t gsti_buf_getbool (gsti_buffer_t buf, int *r_val); 123 | 124 | /* Return the 32-bit unsigned integer at the current offset in the 125 | buffer BUF in R_VAL, and increase the offset to point to the byte 126 | following that integer. Returns the GPG_ERR_INV_PACKET error code 127 | if there is no more character in the buffer. */ 128 | gpg_error_t gsti_buf_getuint32 (gsti_buffer_t buf, gsti_uint32_t *r_val); 129 | 130 | /* Return the string at the current offset in the buffer BUF in R_STR 131 | and its length in R_LENGTH, and increase the offset to point to the 132 | byte following that string. Returns the GPG_ERR_INV_PACKET error 133 | code if there is no valid string in the buffer. The returned 134 | string is allocated with malloc and must be freed by the user. */ 135 | gpg_error_t gsti_buf_getstr (gsti_buffer_t buf, char **r_str, 136 | size_t *r_length); 137 | 138 | /* Return the binary string at the current offset in the buffer BUF in 139 | R_BSTR, and increase the offset to point to the byte following that 140 | binary string. Returns the GPG_ERR_INV_PACKET error code if there 141 | is no valid binary string in the buffer. */ 142 | gpg_error_t gsti_buf_getbstr (gsti_buffer_t buf, gsti_bstr_t *r_bstr); 143 | 144 | /* Return the MPI at the current offset in the buffer BUF in R_VAL, 145 | and increase the offset to point to the byte following that MPI. 146 | Returns the GPG_ERR_INV_PACKET error code if there is no valid MPI 147 | in the buffer. */ 148 | gpg_error_t gsti_buf_getmpi (gsti_buffer_t buf, gcry_mpi_t *r_val); 149 | 150 | /* Return AMOUNT bytes starting from the current offset in the buffer 151 | BUF in DATA, and increase the offset to point to the byte following 152 | that data. Returns the GPG_ERR_INV_PACKET error code if there are 153 | not AMOUNT bytes available in the buffer. */ 154 | gpg_error_t gsti_buf_getraw (gsti_buffer_t buf, void *data, size_t amount); 155 | 156 | 157 | #endif /* GSTI_BUFFER_H */ 158 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # Run this to generate all the initial makefiles, etc. 3 | # 4 | # Copyright (C) 2003 g10 Code GmbH 5 | # 6 | # This file is free software; as a special exception the author gives 7 | # unlimited permission to copy and/or distribute it, with or without 8 | # modifications, as long as this notice is preserved. 9 | # 10 | # This program is distributed in the hope that it will be useful, but 11 | # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the 12 | # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 | 14 | configure_ac="configure.ac" 15 | 16 | cvtver () { 17 | awk 'NR==1 {split($NF,A,".");X=1000000*A[1]+1000*A[2]+A[3];print X;exit 0}' 18 | } 19 | 20 | check_version () { 21 | if [ `("$1" --version || echo "0") | cvtver` -ge "$2" ]; then 22 | return 0 23 | fi 24 | echo "**Error**: "\`$1\'" not installed or too old." >&2 25 | echo ' Version '$3' or newer is required.' >&2 26 | [ -n "$4" ] && echo ' Note that this is part of '\`$4\''.' >&2 27 | DIE="yes" 28 | return 1 29 | } 30 | 31 | DIE=no 32 | FORCE= 33 | if test "$1" = "--force"; then 34 | FORCE=" --force" 35 | shift 36 | fi 37 | 38 | # Convenience option to use certain configure options for some hosts. 39 | myhost="" 40 | myhostsub="" 41 | case "$1" in 42 | --build-w32) 43 | myhost="w32" 44 | ;; 45 | --build-w32ce) 46 | myhost="w32" 47 | myhostsub="ce" 48 | ;; 49 | *) 50 | ;; 51 | esac 52 | 53 | 54 | 55 | # ***** W32 build script ******* 56 | # Used to cross-compile for Windows. 57 | if [ "$myhost" = "w32" ]; then 58 | tmp=`dirname $0` 59 | tsdir=`cd "$tmp"; pwd` 60 | shift 61 | if [ ! -f $tsdir/config.guess ]; then 62 | echo "$tsdir/config.guess not found" >&2 63 | exit 1 64 | fi 65 | build=`$tsdir/config.guess` 66 | 67 | case $myhostsub in 68 | ce) 69 | [ -z "$w32root" ] && w32root="$HOME/w32ce_root" 70 | toolprefixes="arm-mingw32ce" 71 | ;; 72 | *) 73 | [ -z "$w32root" ] && w32root="$HOME/w32root" 74 | toolprefixes="i586-mingw32msvc i386-mingw32msvc" 75 | ;; 76 | esac 77 | echo "Using $w32root as standard install directory" >&2 78 | 79 | # Locate the cross compiler 80 | crossbindir= 81 | for host in $toolprefixes; do 82 | if ${host}-gcc --version >/dev/null 2>&1 ; then 83 | crossbindir=/usr/${host}/bin 84 | conf_CC="CC=${host}-gcc" 85 | break; 86 | fi 87 | done 88 | if [ -z "$crossbindir" ]; then 89 | echo "Cross compiler kit not installed" >&2 90 | if [ -z "$sub" ]; then 91 | echo "Under Debian GNU/Linux, you may install it using" >&2 92 | echo " apt-get install mingw32 mingw32-runtime mingw32-binutils" >&2 93 | fi 94 | echo "Stop." >&2 95 | exit 1 96 | fi 97 | 98 | if [ -f "$tsdir/config.log" ]; then 99 | if ! head $tsdir/config.log | grep "$host" >/dev/null; then 100 | echo "Pease run a 'make distclean' first" >&2 101 | exit 1 102 | fi 103 | fi 104 | 105 | ./configure --enable-maintainer-mode --prefix=${w32root} \ 106 | --host=${host} --build=${build} 107 | 108 | exit $? 109 | fi 110 | # ***** end W32 build script ******* 111 | 112 | 113 | # ***** AMD64 cross build script ******* 114 | # Used to cross-compile for AMD64 (for testing) 115 | if test "$1" = "--build-amd64"; then 116 | tmp=`dirname $0` 117 | tsdir=`cd "$tmp"; pwd` 118 | shift 119 | if [ ! -f $tsdir/config.guess ]; then 120 | echo "$tsdir/config.guess not found" >&2 121 | exit 1 122 | fi 123 | build=`$tsdir/config.guess` 124 | 125 | [ -z "$amd64root" ] && amd64root="$HOME/amd64root" 126 | echo "Using $amd64root as standard install directory" >&2 127 | 128 | # Locate the cross compiler 129 | crossbindir= 130 | for host in x86_64-linux-gnu amd64-linux-gnu; do 131 | if ${host}-gcc --version >/dev/null 2>&1 ; then 132 | crossbindir=/usr/${host}/bin 133 | conf_CC="CC=${host}-gcc" 134 | break; 135 | fi 136 | done 137 | if [ -z "$crossbindir" ]; then 138 | echo "Cross compiler kit not installed" >&2 139 | echo "Stop." >&2 140 | exit 1 141 | fi 142 | 143 | if [ -f "$tsdir/config.log" ]; then 144 | if ! head $tsdir/config.log | grep "$host" >/dev/null; then 145 | echo "Please run a 'make distclean' first" >&2 146 | exit 1 147 | fi 148 | fi 149 | 150 | $tsdir/configure --enable-maintainer-mode --prefix=${amd64root} \ 151 | --host=${host} --build=${build} 152 | rc=$? 153 | exit $rc 154 | fi 155 | # ***** end AMD64 cross build script ******* 156 | 157 | 158 | 159 | # Grep the required versions from configure.ac 160 | autoconf_vers=`sed -n '/^AC_PREREQ(/ { 161 | s/^.*(\(.*\))/\1/p 162 | q 163 | }' ${configure_ac}` 164 | autoconf_vers_num=`echo "$autoconf_vers" | cvtver` 165 | 166 | automake_vers=`sed -n '/^min_automake_version=/ { 167 | s/^.*="\(.*\)"/\1/p 168 | q 169 | }' ${configure_ac}` 170 | automake_vers_num=`echo "$automake_vers" | cvtver` 171 | 172 | if [ -z "$autoconf_vers" -o -z "$automake_vers" ]; then 173 | echo "**Error**: version information not found in "\`${configure_ac}\'"." >&2 174 | exit 1 175 | fi 176 | 177 | # Allow to override the default tool names 178 | AUTOCONF=${AUTOCONF_PREFIX}${AUTOCONF:-autoconf}${AUTOCONF_SUFFIX} 179 | AUTOHEADER=${AUTOCONF_PREFIX}${AUTOHEADER:-autoheader}${AUTOCONF_SUFFIX} 180 | 181 | AUTOMAKE=${AUTOMAKE_PREFIX}${AUTOMAKE:-automake}${AUTOMAKE_SUFFIX} 182 | ACLOCAL=${AUTOMAKE_PREFIX}${ACLOCAL:-aclocal}${AUTOMAKE_SUFFIX} 183 | 184 | if check_version $AUTOCONF $autoconf_vers_num $autoconf_vers ; then 185 | check_version $AUTOHEADER $autoconf_vers_num $autoconf_vers autoconf 186 | fi 187 | if check_version $AUTOMAKE $automake_vers_num $automake_vers; then 188 | check_version $ACLOCAL $automake_vers_num $autoconf_vers automake 189 | fi 190 | 191 | if test "$DIE" = "yes"; then 192 | cat <= $min_gsti_version) 31 | no_gsti="" 32 | if test "$GSTI_CONFIG" = "no" ; then 33 | no_gsti=yes 34 | else 35 | GSTI_CFLAGS=`$GSTI_CONFIG $gsti_config_args --cflags` 36 | GSTI_LIBS=`$GSTI_CONFIG $gsti_config_args --libs` 37 | gsti_config_version=`$GSTI_CONFIG $gsti_config_args --version` 38 | if test "x$enable_gstitest" = "xyes" ; then 39 | ac_save_CFLAGS="$CFLAGS" 40 | ac_save_LIBS="$LIBS" 41 | CFLAGS="$CFLAGS $GSTI_CFLAGS" 42 | LIBS="$LIBS $GSTI_LIBS" 43 | dnl 44 | dnl Now check if the installed gsti is sufficiently new. Also sanity 45 | dnl checks the results of gsti-config to some extent 46 | dnl 47 | rm -f conf.gstitest 48 | AC_TRY_RUN([ 49 | #include 50 | #include 51 | #include 52 | #include 53 | 54 | int 55 | main () 56 | { 57 | system ("touch conf.gstitest"); 58 | 59 | if( strcmp( gsti_check_version(NULL), "$gsti_config_version" ) ) 60 | { 61 | printf("\n*** 'gsti-config --version' returned %s, but GSTI (%s)\n", 62 | "$gsti_config_version", gsti_check_version(NULL) ); 63 | printf("*** was found! If gsti-config was correct, then it is best\n"); 64 | printf("*** to remove the old version of GSTI. You may also be able to fix the error\n"); 65 | printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n"); 66 | printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n"); 67 | printf("*** required on your system.\n"); 68 | printf("*** If gsti-config was wrong, set the environment variable GSTI_CONFIG\n"); 69 | printf("*** to point to the correct copy of gsti-config, and remove the file config.cache\n"); 70 | printf("*** before re-running configure\n"); 71 | } 72 | else if ( strcmp(gsti_check_version(NULL), GSTI_VERSION ) ) 73 | { 74 | printf("*** GSTI header file (version %s) does not match\n", GSTI_VERSION); 75 | printf("*** library (version %s)\n", GSTI_VERSION, gsti_check_version(NULL) ); 76 | } 77 | else 78 | { 79 | if ( gsti_check_version( "$min_gsti_version" ) ) 80 | { 81 | return 0; 82 | } 83 | else 84 | { 85 | printf("\n*** An old version of GSTI (%s) was found.\n", 86 | gsti_check_version(NULL) ); 87 | printf("*** You need a version of GSTI newer than %s. The latest version of\n", 88 | "$min_gsti_version" ); 89 | printf("*** GSTI is always available from ftp://ftp.gnupg.org/pub/gcrypt/gsti.\n"); 90 | printf("*** \n"); 91 | printf("*** If you have already installed a sufficiently new version, this error\n"); 92 | printf("*** probably means that the wrong copy of the gsti-config shell script is\n"); 93 | printf("*** being found. The easiest way to fix this is to remove the old version\n"); 94 | printf("*** of GSTI, but you can also set the GSTI_CONFIG environment to point to the\n"); 95 | printf("*** correct copy of gsti-config. (In this case, you will have to\n"); 96 | printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n"); 97 | printf("*** so that the correct libraries are found at run-time))\n"); 98 | } 99 | } 100 | return 1; 101 | } 102 | ],, no_gsti=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"]) 103 | CFLAGS="$ac_save_CFLAGS" 104 | LIBS="$ac_save_LIBS" 105 | fi 106 | fi 107 | if test "x$no_gsti" = x ; then 108 | AC_MSG_RESULT(yes) 109 | ifelse([$2], , :, [$2]) 110 | else 111 | AC_MSG_RESULT(no) 112 | if test "$GSTI_CONFIG" = "no" ; then 113 | echo "*** The gsti-config script installed by GSTI could not be found" 114 | echo "*** If GSTI was installed in PREFIX, make sure PREFIX/bin is in" 115 | echo "*** your path, or set the GSTI_CONFIG environment variable to the" 116 | echo "*** full path to gsti-config." 117 | else 118 | if test -f conf.gstitest ; then 119 | : 120 | else 121 | echo "*** Could not run gsti test program, checking why..." 122 | CFLAGS="$CFLAGS $GSTI_CFLAGS" 123 | LIBS="$LIBS $GSTI_LIBS" 124 | AC_TRY_LINK([ 125 | #include 126 | #include 127 | ], [ return !!gsti_check_version(NULL); ], 128 | [ echo "*** The test program compiled, but did not run. This usually means" 129 | echo "*** that the run-time linker is not finding GSTI or finding the wrong" 130 | echo "*** version of GSTI. If it is not finding GSTI, you'll need to set your" 131 | echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" 132 | echo "*** to the installed location Also, make sure you have run ldconfig if that" 133 | echo "*** is required on your system" 134 | echo "***" 135 | echo "*** If you have an old version installed, it is best to remove it, although" 136 | echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" 137 | echo "***" ], 138 | [ echo "*** The test program failed to compile or link. See the file config.log for the" 139 | echo "*** exact error that occured. This usually means GSTI was incorrectly installed" 140 | echo "*** or that you have moved GSTI since it was installed. In the latter case, you" 141 | echo "*** may want to edit the gsti-config script: $GSTI_CONFIG" ]) 142 | CFLAGS="$ac_save_CFLAGS" 143 | LIBS="$ac_save_LIBS" 144 | fi 145 | fi 146 | GSTI_CFLAGS="" 147 | GSTI_LIBS="" 148 | ifelse([$3], , :, [$3]) 149 | fi 150 | AC_SUBST(GSTI_CFLAGS) 151 | AC_SUBST(GSTI_LIBS) 152 | rm -f conf.gstitest 153 | ]) 154 | 155 | -------------------------------------------------------------------------------- /src/ssh.h: -------------------------------------------------------------------------------- 1 | /* ssh.h - Important SSH constants. 2 | Copyright (C) 2004 g10 Code GmbH 3 | 4 | This file is part of GSTI. 5 | 6 | GSTI is free software; you can redistribute it and/or modify 7 | it under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 2 of the License, or 9 | (at your option) any later version. 10 | 11 | GSTI is distributed in the hope that it will be useful, 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | GNU General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with GSTI; if not, write to the Free Software Foundation, 18 | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ 19 | 20 | #ifndef _GSTI_SSH_H 21 | #define _GSTI_SSH_H 1 22 | 23 | /* Values for a boolean. */ 24 | #define SSH_FALSE 0 25 | #define SSH_TRUE 1 26 | 27 | /* List separator. */ 28 | #define SSH_SEPARATOR ',' 29 | 30 | /* Used cookie size */ 31 | #define SSH_COOKIESIZE 16 32 | 33 | 34 | /* Protocol versions. */ 35 | #define SSH_IDENT_PREFIX "SSH-" 36 | #define SSH_IDENT_PREFIX_LEN (sizeof (SSH_IDENT_PREFIX) - 1) 37 | #define SSH_IDENT_MAX_LEN 255 38 | #define SSH_VERSION_COMPAT "1.99" 39 | #define SSH_VERSION_2 "2.0" 40 | 41 | 42 | /* Transport Layer 5.2 Compression. */ 43 | /* Required. */ 44 | #define SSH_COMPRESSION_NONE "none" 45 | /* Optional. */ 46 | #define SSH_COMPRESSION_ZLIB "zlib" 47 | 48 | 49 | /* Transport Layer 5.3 Encryption. */ 50 | /* Required. */ 51 | #define SSH_CIPHER_3DES_CBC "3des-cbc" 52 | /* Recommended. */ 53 | #define SSH_CIPHER_AES128_CBC "aes128-cbc" 54 | /* Optional. */ 55 | #define SSH_CIPHER_NONE "none" 56 | #define SSH_CIPHER_BLOWFISH_CBC "blowfish-cbc" 57 | #define SSH_CIPHER_TWOFISH256_CBC "twofish256-cbc" 58 | #define SSH_CIPHER_TWOFISH_CBC "twofish-cbc" 59 | #define SSH_CIPHER_TWOFISH192_CBC "twofish192-cbc" 60 | #define SSH_CIPHER_TWOFISH128_CBC "twofish128-cbc" 61 | #define SSH_CIPHER_AES256_CBC "aes256-cbc" 62 | #define SSH_CIPHER_AES192_CBC "aes192-cbc" 63 | #define SSH_CIPHER_SERPENT256_CBC "serpent256-cbc" 64 | #define SSH_CIPHER_SERPENT192_CBC "serpent192-cbc" 65 | #define SSH_CIPHER_SERPENT128_CBC "serpent128-cbc" 66 | #define SSH_CIPHER_ARCFOUR "arcfour" 67 | #define SSH_CIPHER_IDEA_CBC "idea-cbc" 68 | #define SSH_CIPHER_CAST128_CBC "cast128-cbc" 69 | 70 | 71 | /* Transport Layer 5.4 Data Integrity. */ 72 | /* Required. */ 73 | #define SSH_MAC_HMAC_SHA1 "hmac-sha1" 74 | /* Recommended. */ 75 | #define SSH_MAC_HMAC_SHA1_96 "hmac-sha1-96" 76 | /* Optional. */ 77 | #define SSH_MAC_NONE "none" 78 | #define SSH_MAC_HMAC_MD5 "hmac-md5" 79 | #define SSH_MAC_HMAC_MD5_96 "hmac-md5-96" 80 | 81 | 82 | /* Transport Layer 5.5 Key Exchange Methods. */ 83 | /* Required. */ 84 | #define SSH_KEX_DHG1_SHA1 "diffie-hellman-group1-sha1" 85 | 86 | /* Group Exchange Methods (dh-group-exchange-04.txt) */ 87 | #define SSH_GEX_DHG_SHA1 "diffie-hellman-group-exchange-sha1" 88 | 89 | 90 | /* Transport Layer 5.6 Public Key Algorithms. */ 91 | /* Required. */ 92 | #define SSH_PKA_SSH_DSS "ssh-dss" 93 | /* Recommended. */ 94 | #define SSH_PKA_SSH_RSA "ssh-rsa" 95 | /* Optional. */ 96 | #define SSH_PKA_X509V3_SIGN_RSA "x509v3-sign-rsa" 97 | #define SSH_PKA_X509V3_SIGN_DSS "x509v3-sign-dss" 98 | #define SSH_PKA_SPKI_SIGN_RSA "spki-sign-rsa" 99 | #define SSH_PKA_SPKI_SIGN_DSS "spki-sign-dss" 100 | #define SSH_PKA_PGP_SIGN_RSA "pgp-sign-rsa" 101 | #define SSH_PKA_PGP_SIGN_DSS "pgp-sign-dss" 102 | 103 | 104 | /* Transport Layer 10.1 Disconnection Message. */ 105 | typedef enum 106 | { 107 | SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT = 1, 108 | SSH_DISCONNECT_PROTOCOL_ERROR = 2, 109 | SSH_DISCONNECT_KEY_EXCHANGE_FAILED = 3, 110 | SSH_DISCONNECT_RESERVED = 4, 111 | SSH_DISCONNECT_MAC_ERROR = 5, 112 | SSH_DISCONNECT_COMPRESSION_ERROR = 6, 113 | SSH_DISCONNECT_SERVICE_NOT_AVAILABLE = 7, 114 | SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED = 8, 115 | SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE = 9, 116 | SSH_DISCONNECT_CONNECTION_LOST = 10, 117 | SSH_DISCONNECT_BY_APPLICATION = 11, 118 | SSH_DISCONNECT_TOO_MANY_CONNECTIONS = 12, 119 | SSH_DISCONNECT_AUTH_CANCELLED_BY_USER = 13, 120 | SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE = 14, 121 | SSH_DISCONNECT_ILLEGAL_USER_NAME = 15 122 | } 123 | ssh_disconnect_code_t; 124 | 125 | 126 | /* Message Numbers. */ 127 | typedef enum 128 | { 129 | /* Transport Layer 11 Summary of Message Numbers. */ 130 | SSH_MSG_DISCONNECT = 1, /*[ssh-trans]*/ 131 | SSH_MSG_IGNORE = 2, /*[ssh-trans]*/ 132 | SSH_MSG_UNIMPLEMENTED = 3, /*[ssh-trans]*/ 133 | SSH_MSG_DEBUG = 4, /*[ssh-trans]*/ 134 | SSH_MSG_SERVICE_REQUEST = 5, /*[ssh-trans]*/ 135 | SSH_MSG_SERVICE_ACCEPT = 6, /*[ssh-trans]*/ 136 | 137 | SSH_MSG_KEXINIT = 20, /*[ssh-trans]*/ 138 | SSH_MSG_NEWKEYS = 21, /*[ssh-trans]*/ 139 | 140 | /* Standard RFC4253 Key Exchange Message Numbers. */ 141 | SSH_MSG_KEXDH_INIT = 30, /*[ssh-trans]*/ 142 | SSH_MSG_KEXDH_REPLY = 31, /*[ssh-trans]*/ 143 | 144 | /* Diffie-Hellman Group Exchange as per RFC4419. */ 145 | SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30, /*[rfc-4419]*/ 146 | SSH_MSG_KEX_DH_GEX_GROUP = 31, /*[rfc-4419]*/ 147 | SSH_MSG_KEX_DH_GEX_INIT = 32, /*[rfc-4419]*/ 148 | SSH_MSG_KEX_DH_GEX_REPLY = 33, /*[rfc-4419]*/ 149 | SSH_MSG_KEX_DH_GEX_REQUEST = 34, /*[rfc-4419]*/ 150 | 151 | /* Authentication 3.2 Authentication Protocol Message Numbers. */ 152 | SSH_MSG_USERAUTH_REQUEST = 50, /*[ssh-userauth]*/ 153 | SSH_MSG_USERAUTH_FAILURE = 51, /*[ssh-userauth]*/ 154 | SSH_MSG_USERAUTH_SUCCESS = 52, /*[ssh-userauth]*/ 155 | SSH_MSG_USERAUTH_BANNER = 53, /*[ssh-userauth]*/ 156 | 157 | /* Authentication 3.3 "publickey". */ 158 | SSH_MSG_USERAUTH_PK_OK = 60, 159 | 160 | /* Authentication 3.4 "password". */ 161 | SSH_MSG_USERAUTH_PASSWORD_CHANGEREQ = 60, 162 | 163 | /* Connection 9 Summary of Message Numbers. */ 164 | SSH_MSG_CHANNEL_BEGIN = 80, 165 | SSH_MSG_CHANNEL_END = 127, 166 | 167 | SSH_MSG_GLOBAL_REQUEST = 80, /*[ssh-connect]*/ 168 | SSH_MSG_REQUEST_SUCCESS = 81, /*[ssh-connect]*/ 169 | SSH_MSG_REQUEST_FAILURE = 82, /*[ssh-connect]*/ 170 | SSH_MSG_CHANNEL_OPEN = 90, /*[ssh-connect]*/ 171 | SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 91, /*[ssh-connect]*/ 172 | SSH_MSG_CHANNEL_OPEN_FAILURE = 92, /*[ssh-connect]*/ 173 | SSH_MSG_CHANNEL_WINDOW_ADJUST = 93, /*[ssh-connect]*/ 174 | SSH_MSG_CHANNEL_DATA = 94, /*[ssh-connect]*/ 175 | SSH_MSG_CHANNEL_EXTENDED_DATA = 95, /*[ssh-connect]*/ 176 | SSH_MSG_CHANNEL_EOF = 96, /*[ssh-connect]*/ 177 | SSH_MSG_CHANNEL_CLOSE = 97, /*[ssh-connect]*/ 178 | SSH_MSG_CHANNEL_REQUEST = 98, /*[ssh-connect]*/ 179 | SSH_MSG_CHANNEL_SUCCESS = 99, /*[ssh-connect]*/ 180 | SSH_MSG_CHANNEL_FAILURE = 100, /*[ssh-connect]*/ 181 | 182 | /* The beginning and end of the reserved block. */ 183 | SSH_MSG_RESERVED_BEGIN = 128, 184 | SSH_MSG_RESERVED_END = 191, 185 | 186 | /* The beginning and end of the user defined block. */ 187 | SSH_MSG_USER_BEGIN = 192, 188 | SSH_MSG_USER_END = 255 189 | } 190 | ssh_msg_id_t; 191 | 192 | 193 | /* Connection 5.1 Opening a Channel. */ 194 | typedef enum 195 | { 196 | SSH_OPEN_ADMINISTRATIVELY_PROHIBITED = 1, 197 | SSH_OPEN_CONNECT_FAILED = 2, 198 | SSH_OPEN_UNKNOWN_CHANNEL_TYPE = 3, 199 | SSH_OPEN_RESOURCE_SHORTAGE = 4 200 | } 201 | ssh_open_code_t; 202 | 203 | 204 | #endif /* _GSTI_SSH_H */ 205 | -------------------------------------------------------------------------------- /examples/client.c: -------------------------------------------------------------------------------- 1 | /* client.c - An example how to use gsti 2 | Copyright (C) 1999 Werner Koch 3 | Copyright (C) 2004 g10 Code GmbH 4 | 5 | This file is part of GSTI. 6 | 7 | GSTI is free software; you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation; either version 2 of the License, or 10 | (at your option) any later version. 11 | 12 | GSTI is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with this program; if not, write to the Free Software Foundation, 19 | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | 35 | #define PGMNAME "ex-client: " 36 | /*#define SECKEY "dsa.sec"*/ 37 | #define SECKEY "rsa.sec" 38 | 39 | struct sock_ctx_s 40 | { 41 | int conn_fd; 42 | }; 43 | 44 | 45 | static void 46 | log_rc (int rc, const char *text) 47 | { 48 | const char *s; 49 | if (!*(s = gsti_strerror (rc)) || !strcmp (s, "[?]")) 50 | fprintf (stderr, PGMNAME "gsti_%s: rc=%d\n", text, rc); 51 | else 52 | fprintf (stderr, PGMNAME "gsti_%s: %s\n", text, s); 53 | } 54 | 55 | static void 56 | make_connection (int *r_conn_fd, const char *host) 57 | { 58 | struct sockaddr_in name; 59 | struct hostent *hostinfo; 60 | int conn_fd; 61 | 62 | *r_conn_fd = -1; 63 | conn_fd = socket (PF_INET, SOCK_STREAM, 0); 64 | if (conn_fd == -1) 65 | { 66 | fprintf (stderr, PGMNAME "socket() failed: %s\n", strerror (errno)); 67 | exit (2); 68 | } 69 | 70 | hostinfo = gethostbyname (host); 71 | if (!hostinfo) 72 | { 73 | fprintf (stderr, PGMNAME "unknown host `%s'\n", host); 74 | exit (1); 75 | } 76 | name.sin_family = AF_INET; 77 | name.sin_port = htons (9000); 78 | name.sin_addr = *(struct in_addr *) hostinfo->h_addr; 79 | if (connect (conn_fd, (struct sockaddr *) &name, sizeof name)) 80 | { 81 | fprintf (stderr, PGMNAME "connect() failed: %s\n", strerror (errno)); 82 | exit (2); 83 | } 84 | *r_conn_fd = conn_fd; 85 | } 86 | 87 | 88 | static gsti_error_t 89 | reader_loop (struct sock_ctx_s *ctx, gsti_ctx_t gsti_ctx, int *ready) 90 | { 91 | gsti_error_t err = 0; 92 | char buffer[512]; 93 | int res; 94 | 95 | do 96 | { 97 | do 98 | { 99 | res = read (ctx->conn_fd, buffer, sizeof(buffer)); 100 | } 101 | while (res == -1 && errno == EINTR); 102 | 103 | if (res == -1) 104 | { 105 | fprintf (stderr, PGMNAME "reader_loop: error: %s\n", 106 | strerror (errno)); 107 | err = gsti_error_from_errno (errno); 108 | } 109 | else 110 | { 111 | /* dump_hexbuf (stderr, "reader_loop: ", buffer, res); */ 112 | 113 | err = gsti_push_data (gsti_ctx, buffer, res); 114 | } 115 | } 116 | while (!err && res && !*ready); 117 | 118 | return err; 119 | } 120 | 121 | 122 | static gsti_error_t 123 | mywrite (void * ctx, const void *buffer, size_t to_write, size_t *nbytes) 124 | { 125 | struct sock_ctx_s * c = ctx; 126 | int n, nn=0; 127 | const char *p = buffer; 128 | 129 | if (!buffer) 130 | return 0; /* no need for flushing */ 131 | do 132 | { 133 | /*dump_hexbuf( stderr, "mywrite: ", p, nbytes ); */ 134 | n = write (c->conn_fd, p, to_write); 135 | if (n == -1) 136 | { 137 | fprintf (stderr, PGMNAME "mywrite: error: %s\n", strerror (errno)); 138 | return gsti_error_from_errno (errno); 139 | } 140 | to_write -= n; 141 | p += n; 142 | nn += n; 143 | } 144 | while (to_write); 145 | *nbytes = nn; 146 | return 0; 147 | } 148 | 149 | 150 | gsti_error_t 151 | mypkt_handler (gsti_ctx_t ctx, void *arg, gsti_pktdesc_t pkt) 152 | { 153 | /* dump_hexbuf (stderr, "got packet: ", pkt->data, pkt->datalen); */ 154 | 155 | return 0; 156 | } 157 | 158 | 159 | void 160 | myctrl_handler (gsti_ctx_t ctx, void *arg, unsigned int mask, 161 | unsigned int flags) 162 | { 163 | int *ready = (int *) arg; 164 | 165 | *ready = !((mask & flags) & GSTI_CONTROL_FLAG_KEX); 166 | } 167 | 168 | static gsti_error_t 169 | my_auth_cb (void * hd, int code, const void * buf, size_t len) 170 | { 171 | if (code != GSTI_AUTHID_BANNER) 172 | return 0; 173 | if (!len) 174 | fprintf (stderr, "*** empty banner message.\n"); 175 | else 176 | fprintf (stderr, "*** banner message: %s\n", (const char *)buf); 177 | return 0; 178 | } 179 | 180 | 181 | int 182 | main (int argc, char **argv) 183 | { 184 | struct sock_ctx_s fd; 185 | gpg_error_t err; 186 | gsti_ctx_t ctx; 187 | struct gsti_pktdesc_s pkt; 188 | unsigned short c_prefs[8] = {0}; 189 | unsigned short h_prefs[4] = {0}; 190 | int i; 191 | int ready = 0; 192 | 193 | if (argc) 194 | { 195 | argc--; 196 | argv++; 197 | } 198 | 199 | /* Initialize our local context object. */ 200 | memset (&fd, 0, sizeof fd); 201 | 202 | /* Make sure we get secure memory. */ 203 | gsti_control (GSTI_SECMEM_INIT); 204 | 205 | /* We are single-threaded, thus no locking is required. */ 206 | gsti_control (GSTI_DISABLE_LOCKING); 207 | 208 | /* Initialize a GSTI context. */ 209 | err = gsti_init (&ctx); 210 | log_rc (err, "init"); 211 | 212 | /* This context should be logged at debug level. */ 213 | gsti_set_log_level (ctx, GSTI_LOG_DEBUG); 214 | 215 | /* Enable DH group exchange */ 216 | /*gsti_set_kex_dhgex (ctx, 1024, 1024, 4096);*/ 217 | 218 | /* Set personal kex preferences */ 219 | c_prefs[0] = GSTI_CIPHER_CAST128; 220 | c_prefs[1] = GSTI_CIPHER_SERPENT128; 221 | c_prefs[2] = 0; 222 | err = gsti_set_kex_prefs (ctx, GSTI_PREFS_ENCR, c_prefs, 2); 223 | log_rc (err, "set_kex_prefs (encr)"); 224 | 225 | h_prefs[0] = GSTI_HMAC_SHA1; 226 | h_prefs[1] = GSTI_HMAC_RMD160; 227 | h_prefs[2] = GSTI_HMAC_MD5; 228 | h_prefs[3] = 0; 229 | err = gsti_set_kex_prefs (ctx, GSTI_PREFS_HMAC, h_prefs, 3); 230 | log_rc (err, "set_kex_prefs (hmac)"); 231 | 232 | /* Register our read/write functions. */ 233 | gsti_set_packet_handler_cb (ctx, mypkt_handler, 0); 234 | gsti_set_writefnc (ctx, mywrite, &fd); 235 | gsti_set_control_cb (ctx, myctrl_handler, &ready); 236 | 237 | /* Register our auth callback */ 238 | gsti_set_auth_callback (ctx, my_auth_cb, NULL); 239 | 240 | /* Register a key and a user. */ 241 | err = gsti_set_client_key (ctx, SECKEY); 242 | log_rc (err, "set_client_key"); 243 | err = gsti_set_client_user (ctx, "twoaday"); 244 | /*err = gsti_set_client_user (ctx, "root");*/ 245 | log_rc (err, "set_client_user"); 246 | 247 | #if 0 248 | rc = gsti_set_service (ctx, "log-lines@gnu.org"); 249 | log_rc (rc, "set-service"); 250 | #endif 251 | 252 | /* Create a connection to the host given on the command line or to 253 | localhost if no args are given. */ 254 | make_connection (&fd.conn_fd, argc ? *argv : "localhost"); 255 | 256 | /* Fire up the engine. */ 257 | err = gsti_start (ctx); 258 | log_rc (err, "start"); 259 | 260 | /* Process incoming data until we are ready. */ 261 | err = reader_loop (&fd, ctx, &ready); 262 | log_rc (err, "reader_loop"); 263 | 264 | /* Send 2 simple data packets. */ 265 | for (i = 0; i < 2; i++) 266 | { 267 | memset (&pkt, 0, sizeof pkt); 268 | pkt.data = ((const unsigned char*) 269 | "\xf0\x01\x00\x00\x00\x04" "hallo" "\x00\x00\x00\x00"); 270 | pkt.datalen = 15; 271 | err = gsti_put_packet (ctx, &pkt); 272 | log_rc (err, "put_packet"); 273 | 274 | err = gsti_put_packet (ctx, NULL); 275 | log_rc (err, "flush_packet"); 276 | 277 | printf ("seqno %lu\n", pkt.seqno); 278 | } 279 | 280 | /* Release the context. */ 281 | gsti_deinit (ctx); 282 | 283 | /* And the secure memory. */ 284 | gsti_control (GSTI_SECMEM_RELEASE); 285 | 286 | return 0; 287 | } 288 | -------------------------------------------------------------------------------- /examples/server.c: -------------------------------------------------------------------------------- 1 | /* server.c - An example how to use gsti 2 | Copyright (C) 1999 Werner Koch 3 | Copyright (C) 2004 g10 Code GmbH 4 | 5 | This file is part of GSTI. 6 | 7 | GSTI is free software; you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation; either version 2 of the License, or 10 | (at your option) any later version. 11 | 12 | GSTI is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with this program; if not, write to the Free Software Foundation, 19 | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | 34 | #include 35 | 36 | /*#define PUBKEY "dsa.pub" 37 | #define SECKEY "dsa.sec"*/ 38 | #define SECKEY "rsa.sec" 39 | 40 | #define PGMNAME "ex-server: " 41 | 42 | struct sock_ctx_s 43 | { 44 | int listen_fd; 45 | int conn_fd; 46 | }; 47 | 48 | 49 | void 50 | dump_hexbuf (FILE * fp, const char *prefix, const unsigned char *buf, 51 | size_t len) 52 | { 53 | fputs (prefix, fp); 54 | for (; len; len--, buf++) 55 | fprintf (fp, "%02X ", *buf); 56 | putc ('\n', fp); 57 | } 58 | 59 | static void 60 | log_rc (int rc, const char *text) 61 | { 62 | const char *s; 63 | if (!*(s = gsti_strerror (rc)) || !strcmp (s, "[?]")) 64 | fprintf (stderr, PGMNAME "gsti_%s: rc=%d\n", text, rc); 65 | else 66 | fprintf (stderr, PGMNAME "gsti_%s: %s\n", text, s); 67 | } 68 | 69 | 70 | 71 | static void 72 | wait_connection (int * listen_fd, int * conn_fd) 73 | { 74 | struct sockaddr_in name; 75 | struct sockaddr_in peer_name; 76 | socklen_t namelen; 77 | int one = 1; 78 | 79 | if (*listen_fd != -1) 80 | close (*listen_fd); 81 | 82 | *listen_fd = socket (PF_INET, SOCK_STREAM, 0); 83 | if (*listen_fd == -1) 84 | { 85 | fprintf (stderr, PGMNAME "socket() failed: %s", strerror (errno)); 86 | exit (2); 87 | } 88 | 89 | if (setsockopt (*listen_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof one)) 90 | { 91 | fprintf (stderr, PGMNAME "setsocketopt() failed: %s", strerror (errno)); 92 | exit (2); 93 | } 94 | 95 | name.sin_family = AF_INET; 96 | name.sin_port = htons (9000); 97 | name.sin_addr.s_addr = htonl (INADDR_ANY); 98 | if (bind (*listen_fd, (struct sockaddr *) &name, sizeof name)) 99 | { 100 | fprintf (stderr, PGMNAME "bind() failed: %s", strerror (errno)); 101 | exit (2); 102 | } 103 | 104 | if (listen (*listen_fd, 1)) 105 | { 106 | fprintf (stderr, PGMNAME "listen() failed: %s\n", strerror (errno)); 107 | exit (2); 108 | } 109 | 110 | namelen = sizeof peer_name; 111 | *conn_fd = accept (*listen_fd, (struct sockaddr *) &peer_name, &namelen); 112 | if (*conn_fd == -1) 113 | { 114 | fprintf (stderr, PGMNAME "accept() failed: %s\n", strerror (errno)); 115 | exit (2); 116 | } 117 | close (*listen_fd); 118 | *listen_fd = -1; /* not needed anymore */ 119 | } 120 | 121 | 122 | static gsti_error_t 123 | reader_loop (struct sock_ctx_s *ctx, gsti_ctx_t gsti_ctx) 124 | { 125 | gsti_error_t err = 0; 126 | char buffer[512]; 127 | int res; 128 | 129 | do 130 | { 131 | do 132 | { 133 | res = read (ctx->conn_fd, buffer, sizeof(buffer)); 134 | } 135 | while (res == -1 && errno == EINTR); 136 | 137 | if (res == -1) 138 | { 139 | fprintf (stderr, PGMNAME "myread: error: %s\n", strerror (errno)); 140 | err = gsti_error_from_errno (errno); 141 | } 142 | else 143 | { 144 | /*dump_hexbuf (stderr, "myread: ", buffer, res); */ 145 | 146 | err = gsti_push_data (gsti_ctx, buffer, res); 147 | } 148 | } 149 | while (!err && res); 150 | 151 | return err; 152 | } 153 | 154 | 155 | static gsti_error_t 156 | mywrite (void * ctx, const void *buffer, size_t to_write, size_t *nbytes) 157 | { 158 | struct sock_ctx_s * c = ctx; 159 | int n, nn=0; 160 | const char *p = buffer; 161 | 162 | if (!buffer) 163 | return 0; /* no need for flushing */ 164 | do 165 | { 166 | /*dump_hexbuf( stderr, "mywrite: ", p, nbytes ); */ 167 | n = write (c->conn_fd, p, to_write); 168 | if (n == -1) 169 | { 170 | fprintf (stderr, PGMNAME "mywrite: error: %s\n", strerror (errno)); 171 | return -1; 172 | } 173 | to_write -= n; 174 | p += n; 175 | nn += n; 176 | } 177 | while (to_write); 178 | *nbytes = nn; 179 | return 0; 180 | } 181 | 182 | 183 | gsti_error_t 184 | mypkt_handler (gsti_ctx_t ctx, void *arg, gsti_pktdesc_t pkt) 185 | { 186 | dump_hexbuf (stderr, "got packet: ", pkt->data, pkt->datalen); 187 | 188 | return 0; 189 | } 190 | 191 | 192 | /* Example how to influence the authentication depending on its 193 | values. For example to reject one or more users system access or 194 | to perform checks if the user's public key is valid (too short, not 195 | expired, revoked or whatever the local system policy is) */ 196 | static gsti_error_t 197 | my_auth_cb (void * ctx, int authid, const void * buf, size_t buflen) 198 | { 199 | FILE * fp; 200 | unsigned char keybuf[512]; 201 | size_t n; 202 | 203 | if (!buflen) 204 | { 205 | fprintf (stderr, "** auth callback: no data.\n"); 206 | return 0; 207 | } 208 | 209 | switch (authid) 210 | { 211 | case GSTI_AUTHID_USER: 212 | fprintf (stderr, "** auth callback user: id=%d val=%s (%d)\n", 213 | authid, (const char*)buf, buflen); 214 | /* do not allow root logins */ 215 | if (!memcmp (buf, "root", 4)) 216 | return gsti_error (GPG_ERR_INV_NAME); 217 | break; 218 | 219 | case GSTI_AUTHID_PUBKEY: 220 | fprintf (stderr, "** auth callback pubkey: id=%d len=%d\n", 221 | authid, buflen); 222 | /* check against rsa.pub */ 223 | fp = fopen ("rsa.pub", "rb"); 224 | if (!fp) 225 | return gsti_error_from_errno (errno); 226 | n = fread (keybuf, 1, 512, fp); 227 | fclose (fp); 228 | if (n != buflen || memcmp (buf, keybuf, buflen)) 229 | return gsti_error (GPG_ERR_BAD_PUBKEY); 230 | break; 231 | } 232 | 233 | return 0; 234 | } 235 | 236 | 237 | int 238 | main (int argc, char **argv) 239 | { 240 | gpg_error_t err; 241 | struct sock_ctx_s fd; 242 | gsti_ctx_t ctx; 243 | 244 | if (argc) 245 | { 246 | argc--; 247 | argv++; 248 | } 249 | 250 | /* Initialize our local context object. */ 251 | memset (&fd, 0, sizeof fd); 252 | 253 | /* Make sure we get secure memory. */ 254 | gsti_control (GSTI_SECMEM_INIT); 255 | 256 | /* Initialize a GSTI context. */ 257 | err = gsti_init (&ctx); 258 | log_rc (err, "init"); 259 | 260 | /* This context should be logged at debug level. */ 261 | gsti_set_log_level (ctx, GSTI_LOG_DEBUG); 262 | 263 | /* Register our host key. */ 264 | err = gsti_set_hostkey (ctx, SECKEY); 265 | log_rc (err, "set_hostkey"); 266 | 267 | /* Register our read/write functions. */ 268 | gsti_set_packet_handler_cb (ctx, mypkt_handler, 0); 269 | gsti_set_writefnc (ctx, mywrite, &fd); 270 | 271 | /* Register our auth callback function */ 272 | gsti_set_auth_callback (ctx, my_auth_cb, NULL); 273 | 274 | /* Set simple banner message */ 275 | gsti_set_auth_banner (ctx, "Eddie lives somewhere in time...", 0); 276 | 277 | #if 0 278 | err = gsti_set_service (ctx, "log-lines@gnu.org,dummy@gnu.org"); 279 | log_err (err, "set-service"); 280 | #endif 281 | 282 | /* Wait for a client to connect. */ 283 | wait_connection (&fd.listen_fd, &fd.conn_fd); 284 | 285 | /* Fire up the engine. */ 286 | err = gsti_start (ctx); 287 | log_rc (err, "start"); 288 | 289 | /* Process incoming data. */ 290 | err = reader_loop (&fd, ctx); 291 | log_rc (err, "reader_loop"); 292 | 293 | /* Release the context. */ 294 | gsti_deinit (ctx); 295 | 296 | /* And the secure memory. */ 297 | gsti_control (GSTI_SECMEM_RELEASE); 298 | 299 | return 0; 300 | } 301 | -------------------------------------------------------------------------------- /INSTALL: -------------------------------------------------------------------------------- 1 | Installation Instructions 2 | ************************* 3 | 4 | Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004 Free 5 | Software Foundation, Inc. 6 | 7 | This file is free documentation; the Free Software Foundation gives 8 | unlimited permission to copy, distribute and modify it. 9 | 10 | Basic Installation 11 | ================== 12 | 13 | These are generic installation instructions. 14 | 15 | The `configure' shell script attempts to guess correct values for 16 | various system-dependent variables used during compilation. It uses 17 | those values to create a `Makefile' in each directory of the package. 18 | It may also create one or more `.h' files containing system-dependent 19 | definitions. Finally, it creates a shell script `config.status' that 20 | you can run in the future to recreate the current configuration, and a 21 | file `config.log' containing compiler output (useful mainly for 22 | debugging `configure'). 23 | 24 | It can also use an optional file (typically called `config.cache' 25 | and enabled with `--cache-file=config.cache' or simply `-C') that saves 26 | the results of its tests to speed up reconfiguring. (Caching is 27 | disabled by default to prevent problems with accidental use of stale 28 | cache files.) 29 | 30 | If you need to do unusual things to compile the package, please try 31 | to figure out how `configure' could check whether to do them, and mail 32 | diffs or instructions to the address given in the `README' so they can 33 | be considered for the next release. If you are using the cache, and at 34 | some point `config.cache' contains results you don't want to keep, you 35 | may remove or edit it. 36 | 37 | The file `configure.ac' (or `configure.in') is used to create 38 | `configure' by a program called `autoconf'. You only need 39 | `configure.ac' if you want to change it or regenerate `configure' using 40 | a newer version of `autoconf'. 41 | 42 | The simplest way to compile this package is: 43 | 44 | 1. `cd' to the directory containing the package's source code and type 45 | `./configure' to configure the package for your system. If you're 46 | using `csh' on an old version of System V, you might need to type 47 | `sh ./configure' instead to prevent `csh' from trying to execute 48 | `configure' itself. 49 | 50 | Running `configure' takes awhile. While running, it prints some 51 | messages telling which features it is checking for. 52 | 53 | 2. Type `make' to compile the package. 54 | 55 | 3. Optionally, type `make check' to run any self-tests that come with 56 | the package. 57 | 58 | 4. Type `make install' to install the programs and any data files and 59 | documentation. 60 | 61 | 5. You can remove the program binaries and object files from the 62 | source code directory by typing `make clean'. To also remove the 63 | files that `configure' created (so you can compile the package for 64 | a different kind of computer), type `make distclean'. There is 65 | also a `make maintainer-clean' target, but that is intended mainly 66 | for the package's developers. If you use it, you may have to get 67 | all sorts of other programs in order to regenerate files that came 68 | with the distribution. 69 | 70 | Compilers and Options 71 | ===================== 72 | 73 | Some systems require unusual options for compilation or linking that the 74 | `configure' script does not know about. Run `./configure --help' for 75 | details on some of the pertinent environment variables. 76 | 77 | You can give `configure' initial values for configuration parameters 78 | by setting variables in the command line or in the environment. Here 79 | is an example: 80 | 81 | ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix 82 | 83 | *Note Defining Variables::, for more details. 84 | 85 | Compiling For Multiple Architectures 86 | ==================================== 87 | 88 | You can compile the package for more than one kind of computer at the 89 | same time, by placing the object files for each architecture in their 90 | own directory. To do this, you must use a version of `make' that 91 | supports the `VPATH' variable, such as GNU `make'. `cd' to the 92 | directory where you want the object files and executables to go and run 93 | the `configure' script. `configure' automatically checks for the 94 | source code in the directory that `configure' is in and in `..'. 95 | 96 | If you have to use a `make' that does not support the `VPATH' 97 | variable, you have to compile the package for one architecture at a 98 | time in the source code directory. After you have installed the 99 | package for one architecture, use `make distclean' before reconfiguring 100 | for another architecture. 101 | 102 | Installation Names 103 | ================== 104 | 105 | By default, `make install' will install the package's files in 106 | `/usr/local/bin', `/usr/local/man', etc. You can specify an 107 | installation prefix other than `/usr/local' by giving `configure' the 108 | option `--prefix=PREFIX'. 109 | 110 | You can specify separate installation prefixes for 111 | architecture-specific files and architecture-independent files. If you 112 | give `configure' the option `--exec-prefix=PREFIX', the package will 113 | use PREFIX as the prefix for installing programs and libraries. 114 | Documentation and other data files will still use the regular prefix. 115 | 116 | In addition, if you use an unusual directory layout you can give 117 | options like `--bindir=DIR' to specify different values for particular 118 | kinds of files. Run `configure --help' for a list of the directories 119 | you can set and what kinds of files go in them. 120 | 121 | If the package supports it, you can cause programs to be installed 122 | with an extra prefix or suffix on their names by giving `configure' the 123 | option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. 124 | 125 | Optional Features 126 | ================= 127 | 128 | Some packages pay attention to `--enable-FEATURE' options to 129 | `configure', where FEATURE indicates an optional part of the package. 130 | They may also pay attention to `--with-PACKAGE' options, where PACKAGE 131 | is something like `gnu-as' or `x' (for the X Window System). The 132 | `README' should mention any `--enable-' and `--with-' options that the 133 | package recognizes. 134 | 135 | For packages that use the X Window System, `configure' can usually 136 | find the X include and library files automatically, but if it doesn't, 137 | you can use the `configure' options `--x-includes=DIR' and 138 | `--x-libraries=DIR' to specify their locations. 139 | 140 | Specifying the System Type 141 | ========================== 142 | 143 | There may be some features `configure' cannot figure out automatically, 144 | but needs to determine by the type of machine the package will run on. 145 | Usually, assuming the package is built to be run on the _same_ 146 | architectures, `configure' can figure that out, but if it prints a 147 | message saying it cannot guess the machine type, give it the 148 | `--build=TYPE' option. TYPE can either be a short name for the system 149 | type, such as `sun4', or a canonical name which has the form: 150 | 151 | CPU-COMPANY-SYSTEM 152 | 153 | where SYSTEM can have one of these forms: 154 | 155 | OS KERNEL-OS 156 | 157 | See the file `config.sub' for the possible values of each field. If 158 | `config.sub' isn't included in this package, then this package doesn't 159 | need to know the machine type. 160 | 161 | If you are _building_ compiler tools for cross-compiling, you should 162 | use the `--target=TYPE' option to select the type of system they will 163 | produce code for. 164 | 165 | If you want to _use_ a cross compiler, that generates code for a 166 | platform different from the build platform, you should specify the 167 | "host" platform (i.e., that on which the generated programs will 168 | eventually be run) with `--host=TYPE'. 169 | 170 | Sharing Defaults 171 | ================ 172 | 173 | If you want to set default values for `configure' scripts to share, you 174 | can create a site shell script called `config.site' that gives default 175 | values for variables like `CC', `cache_file', and `prefix'. 176 | `configure' looks for `PREFIX/share/config.site' if it exists, then 177 | `PREFIX/etc/config.site' if it exists. Or, you can set the 178 | `CONFIG_SITE' environment variable to the location of the site script. 179 | A warning: not all `configure' scripts look for a site script. 180 | 181 | Defining Variables 182 | ================== 183 | 184 | Variables not defined in a site shell script can be set in the 185 | environment passed to `configure'. However, some packages may run 186 | configure again during the build, and the customized values of these 187 | variables may be lost. In order to avoid this problem, you should set 188 | them in the `configure' command line, using `VAR=value'. For example: 189 | 190 | ./configure CC=/usr/local2/bin/gcc 191 | 192 | will cause the specified gcc to be used as the C compiler (unless it is 193 | overridden in the site shell script). 194 | 195 | `configure' Invocation 196 | ====================== 197 | 198 | `configure' recognizes the following options to control how it operates. 199 | 200 | `--help' 201 | `-h' 202 | Print a summary of the options to `configure', and exit. 203 | 204 | `--version' 205 | `-V' 206 | Print the version of Autoconf used to generate the `configure' 207 | script, and exit. 208 | 209 | `--cache-file=FILE' 210 | Enable the cache: use and save the results of the tests in FILE, 211 | traditionally `config.cache'. FILE defaults to `/dev/null' to 212 | disable caching. 213 | 214 | `--config-cache' 215 | `-C' 216 | Alias for `--cache-file=config.cache'. 217 | 218 | `--quiet' 219 | `--silent' 220 | `-q' 221 | Do not print messages saying which checks are being made. To 222 | suppress all normal output, redirect it to `/dev/null' (any error 223 | messages will still be shown). 224 | 225 | `--srcdir=DIR' 226 | Look for the package's source code in directory DIR. Usually 227 | `configure' can determine that directory automatically. 228 | 229 | `configure' also accepts some other, not widely useful, options. Run 230 | `configure --help' for more details. 231 | 232 | -------------------------------------------------------------------------------- /install-sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # install - install a program, script, or datafile 3 | 4 | scriptversion=2004-12-17.09 5 | 6 | # This originates from X11R5 (mit/util/scripts/install.sh), which was 7 | # later released in X11R6 (xc/config/util/install.sh) with the 8 | # following copyright and license. 9 | # 10 | # Copyright (C) 1994 X Consortium 11 | # 12 | # Permission is hereby granted, free of charge, to any person obtaining a copy 13 | # of this software and associated documentation files (the "Software"), to 14 | # deal in the Software without restriction, including without limitation the 15 | # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 16 | # sell copies of the Software, and to permit persons to whom the Software is 17 | # furnished to do so, subject to the following conditions: 18 | # 19 | # The above copyright notice and this permission notice shall be included in 20 | # all copies or substantial portions of the Software. 21 | # 22 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 23 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 24 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 25 | # X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN 26 | # AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- 27 | # TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 28 | # 29 | # Except as contained in this notice, the name of the X Consortium shall not 30 | # be used in advertising or otherwise to promote the sale, use or other deal- 31 | # ings in this Software without prior written authorization from the X Consor- 32 | # tium. 33 | # 34 | # 35 | # FSF changes to this file are in the public domain. 36 | # 37 | # Calling this script install-sh is preferred over install.sh, to prevent 38 | # `make' implicit rules from creating a file called install from it 39 | # when there is no Makefile. 40 | # 41 | # This script is compatible with the BSD install script, but was written 42 | # from scratch. It can only install one file at a time, a restriction 43 | # shared with many OS's install programs. 44 | 45 | # set DOITPROG to echo to test this script 46 | 47 | # Don't use :- since 4.3BSD and earlier shells don't like it. 48 | doit="${DOITPROG-}" 49 | 50 | # put in absolute paths if you don't have them in your path; or use env. vars. 51 | 52 | mvprog="${MVPROG-mv}" 53 | cpprog="${CPPROG-cp}" 54 | chmodprog="${CHMODPROG-chmod}" 55 | chownprog="${CHOWNPROG-chown}" 56 | chgrpprog="${CHGRPPROG-chgrp}" 57 | stripprog="${STRIPPROG-strip}" 58 | rmprog="${RMPROG-rm}" 59 | mkdirprog="${MKDIRPROG-mkdir}" 60 | 61 | chmodcmd="$chmodprog 0755" 62 | chowncmd= 63 | chgrpcmd= 64 | stripcmd= 65 | rmcmd="$rmprog -f" 66 | mvcmd="$mvprog" 67 | src= 68 | dst= 69 | dir_arg= 70 | dstarg= 71 | no_target_directory= 72 | 73 | usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE 74 | or: $0 [OPTION]... SRCFILES... DIRECTORY 75 | or: $0 [OPTION]... -t DIRECTORY SRCFILES... 76 | or: $0 [OPTION]... -d DIRECTORIES... 77 | 78 | In the 1st form, copy SRCFILE to DSTFILE. 79 | In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. 80 | In the 4th, create DIRECTORIES. 81 | 82 | Options: 83 | -c (ignored) 84 | -d create directories instead of installing files. 85 | -g GROUP $chgrpprog installed files to GROUP. 86 | -m MODE $chmodprog installed files to MODE. 87 | -o USER $chownprog installed files to USER. 88 | -s $stripprog installed files. 89 | -t DIRECTORY install into DIRECTORY. 90 | -T report an error if DSTFILE is a directory. 91 | --help display this help and exit. 92 | --version display version info and exit. 93 | 94 | Environment variables override the default commands: 95 | CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG 96 | " 97 | 98 | while test -n "$1"; do 99 | case $1 in 100 | -c) shift 101 | continue;; 102 | 103 | -d) dir_arg=true 104 | shift 105 | continue;; 106 | 107 | -g) chgrpcmd="$chgrpprog $2" 108 | shift 109 | shift 110 | continue;; 111 | 112 | --help) echo "$usage"; exit 0;; 113 | 114 | -m) chmodcmd="$chmodprog $2" 115 | shift 116 | shift 117 | continue;; 118 | 119 | -o) chowncmd="$chownprog $2" 120 | shift 121 | shift 122 | continue;; 123 | 124 | -s) stripcmd=$stripprog 125 | shift 126 | continue;; 127 | 128 | -t) dstarg=$2 129 | shift 130 | shift 131 | continue;; 132 | 133 | -T) no_target_directory=true 134 | shift 135 | continue;; 136 | 137 | --version) echo "$0 $scriptversion"; exit 0;; 138 | 139 | *) # When -d is used, all remaining arguments are directories to create. 140 | # When -t is used, the destination is already specified. 141 | test -n "$dir_arg$dstarg" && break 142 | # Otherwise, the last argument is the destination. Remove it from $@. 143 | for arg 144 | do 145 | if test -n "$dstarg"; then 146 | # $@ is not empty: it contains at least $arg. 147 | set fnord "$@" "$dstarg" 148 | shift # fnord 149 | fi 150 | shift # arg 151 | dstarg=$arg 152 | done 153 | break;; 154 | esac 155 | done 156 | 157 | if test -z "$1"; then 158 | if test -z "$dir_arg"; then 159 | echo "$0: no input file specified." >&2 160 | exit 1 161 | fi 162 | # It's OK to call `install-sh -d' without argument. 163 | # This can happen when creating conditional directories. 164 | exit 0 165 | fi 166 | 167 | for src 168 | do 169 | # Protect names starting with `-'. 170 | case $src in 171 | -*) src=./$src ;; 172 | esac 173 | 174 | if test -n "$dir_arg"; then 175 | dst=$src 176 | src= 177 | 178 | if test -d "$dst"; then 179 | mkdircmd=: 180 | chmodcmd= 181 | else 182 | mkdircmd=$mkdirprog 183 | fi 184 | else 185 | # Waiting for this to be detected by the "$cpprog $src $dsttmp" command 186 | # might cause directories to be created, which would be especially bad 187 | # if $src (and thus $dsttmp) contains '*'. 188 | if test ! -f "$src" && test ! -d "$src"; then 189 | echo "$0: $src does not exist." >&2 190 | exit 1 191 | fi 192 | 193 | if test -z "$dstarg"; then 194 | echo "$0: no destination specified." >&2 195 | exit 1 196 | fi 197 | 198 | dst=$dstarg 199 | # Protect names starting with `-'. 200 | case $dst in 201 | -*) dst=./$dst ;; 202 | esac 203 | 204 | # If destination is a directory, append the input filename; won't work 205 | # if double slashes aren't ignored. 206 | if test -d "$dst"; then 207 | if test -n "$no_target_directory"; then 208 | echo "$0: $dstarg: Is a directory" >&2 209 | exit 1 210 | fi 211 | dst=$dst/`basename "$src"` 212 | fi 213 | fi 214 | 215 | # This sed command emulates the dirname command. 216 | dstdir=`echo "$dst" | sed -e 's,/*$,,;s,[^/]*$,,;s,/*$,,;s,^$,.,'` 217 | 218 | # Make sure that the destination directory exists. 219 | 220 | # Skip lots of stat calls in the usual case. 221 | if test ! -d "$dstdir"; then 222 | defaultIFS=' 223 | ' 224 | IFS="${IFS-$defaultIFS}" 225 | 226 | oIFS=$IFS 227 | # Some sh's can't handle IFS=/ for some reason. 228 | IFS='%' 229 | set x `echo "$dstdir" | sed -e 's@/@%@g' -e 's@^%@/@'` 230 | shift 231 | IFS=$oIFS 232 | 233 | pathcomp= 234 | 235 | while test $# -ne 0 ; do 236 | pathcomp=$pathcomp$1 237 | shift 238 | if test ! -d "$pathcomp"; then 239 | $mkdirprog "$pathcomp" 240 | # mkdir can fail with a `File exist' error in case several 241 | # install-sh are creating the directory concurrently. This 242 | # is OK. 243 | test -d "$pathcomp" || exit 244 | fi 245 | pathcomp=$pathcomp/ 246 | done 247 | fi 248 | 249 | if test -n "$dir_arg"; then 250 | $doit $mkdircmd "$dst" \ 251 | && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \ 252 | && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \ 253 | && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \ 254 | && { test -z "$chmodcmd" || $doit $chmodcmd "$dst"; } 255 | 256 | else 257 | dstfile=`basename "$dst"` 258 | 259 | # Make a couple of temp file names in the proper directory. 260 | dsttmp=$dstdir/_inst.$$_ 261 | rmtmp=$dstdir/_rm.$$_ 262 | 263 | # Trap to clean up those temp files at exit. 264 | trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 265 | trap '(exit $?); exit' 1 2 13 15 266 | 267 | # Copy the file name to the temp name. 268 | $doit $cpprog "$src" "$dsttmp" && 269 | 270 | # and set any options; do chmod last to preserve setuid bits. 271 | # 272 | # If any of these fail, we abort the whole thing. If we want to 273 | # ignore errors from any of these, just make sure not to ignore 274 | # errors from the above "$doit $cpprog $src $dsttmp" command. 275 | # 276 | { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \ 277 | && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \ 278 | && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \ 279 | && { test -z "$chmodcmd" || $doit $chmodcmd "$dsttmp"; } && 280 | 281 | # Now rename the file to the real destination. 282 | { $doit $mvcmd -f "$dsttmp" "$dstdir/$dstfile" 2>/dev/null \ 283 | || { 284 | # The rename failed, perhaps because mv can't rename something else 285 | # to itself, or perhaps because mv is so ancient that it does not 286 | # support -f. 287 | 288 | # Now remove or move aside any old file at destination location. 289 | # We try this two ways since rm can't unlink itself on some 290 | # systems and the destination file might be busy for other 291 | # reasons. In this case, the final cleanup might fail but the new 292 | # file should still install successfully. 293 | { 294 | if test -f "$dstdir/$dstfile"; then 295 | $doit $rmcmd -f "$dstdir/$dstfile" 2>/dev/null \ 296 | || $doit $mvcmd -f "$dstdir/$dstfile" "$rmtmp" 2>/dev/null \ 297 | || { 298 | echo "$0: cannot unlink or rename $dstdir/$dstfile" >&2 299 | (exit 1); exit 1 300 | } 301 | else 302 | : 303 | fi 304 | } && 305 | 306 | # Now rename the file to the real destination. 307 | $doit $mvcmd "$dsttmp" "$dstdir/$dstfile" 308 | } 309 | } 310 | fi || { (exit 1); exit 1; } 311 | done 312 | 313 | # The final little trick to "correctly" pass the exit status to the exit trap. 314 | { 315 | (exit 0); exit 0 316 | } 317 | 318 | # Local variables: 319 | # eval: (add-hook 'write-file-hooks 'time-stamp) 320 | # time-stamp-start: "scriptversion=" 321 | # time-stamp-format: "%:y-%02m-%02d.%02H" 322 | # time-stamp-end: "$" 323 | # End: 324 | -------------------------------------------------------------------------------- /missing: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # Common stub for a few missing GNU programs while installing. 3 | 4 | scriptversion=2004-09-07.08 5 | 6 | # Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004 7 | # Free Software Foundation, Inc. 8 | # Originally by Fran,cois Pinard , 1996. 9 | 10 | # This program is free software; you can redistribute it and/or modify 11 | # it under the terms of the GNU General Public License as published by 12 | # the Free Software Foundation; either version 2, or (at your option) 13 | # any later version. 14 | 15 | # This program is distributed in the hope that it will be useful, 16 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | # GNU General Public License for more details. 19 | 20 | # You should have received a copy of the GNU General Public License 21 | # along with this program; if not, write to the Free Software 22 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 23 | # 02111-1307, USA. 24 | 25 | # As a special exception to the GNU General Public License, if you 26 | # distribute this file as part of a program that contains a 27 | # configuration script generated by Autoconf, you may include it under 28 | # the same distribution terms that you use for the rest of that program. 29 | 30 | if test $# -eq 0; then 31 | echo 1>&2 "Try \`$0 --help' for more information" 32 | exit 1 33 | fi 34 | 35 | run=: 36 | 37 | # In the cases where this matters, `missing' is being run in the 38 | # srcdir already. 39 | if test -f configure.ac; then 40 | configure_ac=configure.ac 41 | else 42 | configure_ac=configure.in 43 | fi 44 | 45 | msg="missing on your system" 46 | 47 | case "$1" in 48 | --run) 49 | # Try to run requested program, and just exit if it succeeds. 50 | run= 51 | shift 52 | "$@" && exit 0 53 | # Exit code 63 means version mismatch. This often happens 54 | # when the user try to use an ancient version of a tool on 55 | # a file that requires a minimum version. In this case we 56 | # we should proceed has if the program had been absent, or 57 | # if --run hadn't been passed. 58 | if test $? = 63; then 59 | run=: 60 | msg="probably too old" 61 | fi 62 | ;; 63 | 64 | -h|--h|--he|--hel|--help) 65 | echo "\ 66 | $0 [OPTION]... PROGRAM [ARGUMENT]... 67 | 68 | Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an 69 | error status if there is no known handling for PROGRAM. 70 | 71 | Options: 72 | -h, --help display this help and exit 73 | -v, --version output version information and exit 74 | --run try to run the given command, and emulate it if it fails 75 | 76 | Supported PROGRAM values: 77 | aclocal touch file \`aclocal.m4' 78 | autoconf touch file \`configure' 79 | autoheader touch file \`config.h.in' 80 | automake touch all \`Makefile.in' files 81 | bison create \`y.tab.[ch]', if possible, from existing .[ch] 82 | flex create \`lex.yy.c', if possible, from existing .c 83 | help2man touch the output file 84 | lex create \`lex.yy.c', if possible, from existing .c 85 | makeinfo touch the output file 86 | tar try tar, gnutar, gtar, then tar without non-portable flags 87 | yacc create \`y.tab.[ch]', if possible, from existing .[ch] 88 | 89 | Send bug reports to ." 90 | exit 0 91 | ;; 92 | 93 | -v|--v|--ve|--ver|--vers|--versi|--versio|--version) 94 | echo "missing $scriptversion (GNU Automake)" 95 | exit 0 96 | ;; 97 | 98 | -*) 99 | echo 1>&2 "$0: Unknown \`$1' option" 100 | echo 1>&2 "Try \`$0 --help' for more information" 101 | exit 1 102 | ;; 103 | 104 | esac 105 | 106 | # Now exit if we have it, but it failed. Also exit now if we 107 | # don't have it and --version was passed (most likely to detect 108 | # the program). 109 | case "$1" in 110 | lex|yacc) 111 | # Not GNU programs, they don't have --version. 112 | ;; 113 | 114 | tar) 115 | if test -n "$run"; then 116 | echo 1>&2 "ERROR: \`tar' requires --run" 117 | exit 1 118 | elif test "x$2" = "x--version" || test "x$2" = "x--help"; then 119 | exit 1 120 | fi 121 | ;; 122 | 123 | *) 124 | if test -z "$run" && ($1 --version) > /dev/null 2>&1; then 125 | # We have it, but it failed. 126 | exit 1 127 | elif test "x$2" = "x--version" || test "x$2" = "x--help"; then 128 | # Could not run --version or --help. This is probably someone 129 | # running `$TOOL --version' or `$TOOL --help' to check whether 130 | # $TOOL exists and not knowing $TOOL uses missing. 131 | exit 1 132 | fi 133 | ;; 134 | esac 135 | 136 | # If it does not exist, or fails to run (possibly an outdated version), 137 | # try to emulate it. 138 | case "$1" in 139 | aclocal*) 140 | echo 1>&2 "\ 141 | WARNING: \`$1' is $msg. You should only need it if 142 | you modified \`acinclude.m4' or \`${configure_ac}'. You might want 143 | to install the \`Automake' and \`Perl' packages. Grab them from 144 | any GNU archive site." 145 | touch aclocal.m4 146 | ;; 147 | 148 | autoconf) 149 | echo 1>&2 "\ 150 | WARNING: \`$1' is $msg. You should only need it if 151 | you modified \`${configure_ac}'. You might want to install the 152 | \`Autoconf' and \`GNU m4' packages. Grab them from any GNU 153 | archive site." 154 | touch configure 155 | ;; 156 | 157 | autoheader) 158 | echo 1>&2 "\ 159 | WARNING: \`$1' is $msg. You should only need it if 160 | you modified \`acconfig.h' or \`${configure_ac}'. You might want 161 | to install the \`Autoconf' and \`GNU m4' packages. Grab them 162 | from any GNU archive site." 163 | files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` 164 | test -z "$files" && files="config.h" 165 | touch_files= 166 | for f in $files; do 167 | case "$f" in 168 | *:*) touch_files="$touch_files "`echo "$f" | 169 | sed -e 's/^[^:]*://' -e 's/:.*//'`;; 170 | *) touch_files="$touch_files $f.in";; 171 | esac 172 | done 173 | touch $touch_files 174 | ;; 175 | 176 | automake*) 177 | echo 1>&2 "\ 178 | WARNING: \`$1' is $msg. You should only need it if 179 | you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. 180 | You might want to install the \`Automake' and \`Perl' packages. 181 | Grab them from any GNU archive site." 182 | find . -type f -name Makefile.am -print | 183 | sed 's/\.am$/.in/' | 184 | while read f; do touch "$f"; done 185 | ;; 186 | 187 | autom4te) 188 | echo 1>&2 "\ 189 | WARNING: \`$1' is needed, but is $msg. 190 | You might have modified some files without having the 191 | proper tools for further handling them. 192 | You can get \`$1' as part of \`Autoconf' from any GNU 193 | archive site." 194 | 195 | file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'` 196 | test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'` 197 | if test -f "$file"; then 198 | touch $file 199 | else 200 | test -z "$file" || exec >$file 201 | echo "#! /bin/sh" 202 | echo "# Created by GNU Automake missing as a replacement of" 203 | echo "# $ $@" 204 | echo "exit 0" 205 | chmod +x $file 206 | exit 1 207 | fi 208 | ;; 209 | 210 | bison|yacc) 211 | echo 1>&2 "\ 212 | WARNING: \`$1' $msg. You should only need it if 213 | you modified a \`.y' file. You may need the \`Bison' package 214 | in order for those modifications to take effect. You can get 215 | \`Bison' from any GNU archive site." 216 | rm -f y.tab.c y.tab.h 217 | if [ $# -ne 1 ]; then 218 | eval LASTARG="\${$#}" 219 | case "$LASTARG" in 220 | *.y) 221 | SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` 222 | if [ -f "$SRCFILE" ]; then 223 | cp "$SRCFILE" y.tab.c 224 | fi 225 | SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` 226 | if [ -f "$SRCFILE" ]; then 227 | cp "$SRCFILE" y.tab.h 228 | fi 229 | ;; 230 | esac 231 | fi 232 | if [ ! -f y.tab.h ]; then 233 | echo >y.tab.h 234 | fi 235 | if [ ! -f y.tab.c ]; then 236 | echo 'main() { return 0; }' >y.tab.c 237 | fi 238 | ;; 239 | 240 | lex|flex) 241 | echo 1>&2 "\ 242 | WARNING: \`$1' is $msg. You should only need it if 243 | you modified a \`.l' file. You may need the \`Flex' package 244 | in order for those modifications to take effect. You can get 245 | \`Flex' from any GNU archive site." 246 | rm -f lex.yy.c 247 | if [ $# -ne 1 ]; then 248 | eval LASTARG="\${$#}" 249 | case "$LASTARG" in 250 | *.l) 251 | SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` 252 | if [ -f "$SRCFILE" ]; then 253 | cp "$SRCFILE" lex.yy.c 254 | fi 255 | ;; 256 | esac 257 | fi 258 | if [ ! -f lex.yy.c ]; then 259 | echo 'main() { return 0; }' >lex.yy.c 260 | fi 261 | ;; 262 | 263 | help2man) 264 | echo 1>&2 "\ 265 | WARNING: \`$1' is $msg. You should only need it if 266 | you modified a dependency of a manual page. You may need the 267 | \`Help2man' package in order for those modifications to take 268 | effect. You can get \`Help2man' from any GNU archive site." 269 | 270 | file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` 271 | if test -z "$file"; then 272 | file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'` 273 | fi 274 | if [ -f "$file" ]; then 275 | touch $file 276 | else 277 | test -z "$file" || exec >$file 278 | echo ".ab help2man is required to generate this page" 279 | exit 1 280 | fi 281 | ;; 282 | 283 | makeinfo) 284 | echo 1>&2 "\ 285 | WARNING: \`$1' is $msg. You should only need it if 286 | you modified a \`.texi' or \`.texinfo' file, or any other file 287 | indirectly affecting the aspect of the manual. The spurious 288 | call might also be the consequence of using a buggy \`make' (AIX, 289 | DU, IRIX). You might want to install the \`Texinfo' package or 290 | the \`GNU make' package. Grab either from any GNU archive site." 291 | file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` 292 | if test -z "$file"; then 293 | file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` 294 | file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file` 295 | fi 296 | touch $file 297 | ;; 298 | 299 | tar) 300 | shift 301 | 302 | # We have already tried tar in the generic part. 303 | # Look for gnutar/gtar before invocation to avoid ugly error 304 | # messages. 305 | if (gnutar --version > /dev/null 2>&1); then 306 | gnutar "$@" && exit 0 307 | fi 308 | if (gtar --version > /dev/null 2>&1); then 309 | gtar "$@" && exit 0 310 | fi 311 | firstarg="$1" 312 | if shift; then 313 | case "$firstarg" in 314 | *o*) 315 | firstarg=`echo "$firstarg" | sed s/o//` 316 | tar "$firstarg" "$@" && exit 0 317 | ;; 318 | esac 319 | case "$firstarg" in 320 | *h*) 321 | firstarg=`echo "$firstarg" | sed s/h//` 322 | tar "$firstarg" "$@" && exit 0 323 | ;; 324 | esac 325 | fi 326 | 327 | echo 1>&2 "\ 328 | WARNING: I can't seem to be able to run \`tar' with the given arguments. 329 | You may want to install GNU tar or Free paxutils, or check the 330 | command line arguments." 331 | exit 1 332 | ;; 333 | 334 | *) 335 | echo 1>&2 "\ 336 | WARNING: \`$1' is needed, and is $msg. 337 | You might have modified some files without having the 338 | proper tools for further handling them. Check the \`README' file, 339 | it often tells you about the needed prerequisites for installing 340 | this package. You may also peek at any GNU archive site, in case 341 | some other package would contain this missing \`$1' program." 342 | exit 1 343 | ;; 344 | esac 345 | 346 | exit 0 347 | 348 | # Local variables: 349 | # eval: (add-hook 'write-file-hooks 'time-stamp) 350 | # time-stamp-start: "scriptversion=" 351 | # time-stamp-format: "%:y-%02m-%02d.%02H" 352 | # time-stamp-end: "$" 353 | # End: 354 | -------------------------------------------------------------------------------- /src/buffer.c: -------------------------------------------------------------------------------- 1 | /* buffer.c - Buffer handling for GSTI. 2 | Copyright (C) 2002 Timo Schulz 3 | Copyright (C) 2004 g10 Code GmbH 4 | 5 | This file is part of GSTI. 6 | 7 | GSTI is free software; you can redistribute it and/or modify 8 | it under the terms of the GNU General Public License as published by 9 | the Free Software Foundation; either version 2 of the License, or 10 | (at your option) any later version. 11 | 12 | GSTI is distributed in the hope that it will be useful, 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | GNU General Public License for more details. 16 | 17 | You should have received a copy of the GNU General Public License 18 | along with GSTI; if not, write to the Free Software Foundation, 19 | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ 20 | 21 | #if HAVE_CONFIG_H 22 | #include 23 | #endif 24 | 25 | #include 26 | #include 27 | 28 | #include 29 | 30 | #include "gsti.h" 31 | 32 | #include "ssh.h" 33 | #include "buffer.h" 34 | 35 | /* FIXME: The code assumes that size_t can hold a 32 bit unsigned 36 | integer. */ 37 | 38 | 39 | /* The buffer size will always be a multiple of this. Must be a power 40 | of 2. */ 41 | #define GSTI_BUFFER_STEP_SIZE (1 << 10) 42 | 43 | 44 | /* Ensure that at least AMOUNT of bytes are free in the buffer BUF, 45 | growing the buffer if necessary. */ 46 | static gsti_error_t 47 | buffer_grow (gsti_buffer_t buf, size_t amount) 48 | { 49 | size_t new_size = buf->end + amount; 50 | unsigned char *new_data; 51 | 52 | if (new_size <= buf->size) 53 | return 0; 54 | 55 | /* Round up to nearest buffer size. */ 56 | new_size = (new_size + GSTI_BUFFER_STEP_SIZE - 1) 57 | & ~(GSTI_BUFFER_STEP_SIZE - 1); 58 | 59 | if (!buf->data) 60 | new_data = malloc (new_size); 61 | else 62 | new_data = realloc (buf->data, new_size); 63 | 64 | if (!new_data) 65 | return gpg_error_from_errno (errno); 66 | 67 | buf->data = new_data; 68 | buf->size = new_size; 69 | 70 | return 0; 71 | } 72 | 73 | 74 | /* Create a new buffer and return it in R_BUF. */ 75 | gsti_error_t 76 | gsti_buf_alloc (gsti_buffer_t *r_buf) 77 | { 78 | gsti_buffer_t buf; 79 | 80 | buf = malloc (sizeof (*buf)); 81 | 82 | if (!buf) 83 | return gpg_error_from_errno (errno); 84 | 85 | buf->data = NULL; 86 | buf->size = 0; 87 | buf->end = 0; 88 | buf->offset = 0; 89 | 90 | *r_buf = buf; 91 | return 0; 92 | } 93 | 94 | 95 | /* Destroy the buffer BUF and release all associated resources. */ 96 | void 97 | gsti_buf_free (gsti_buffer_t buf) 98 | { 99 | if (!buf) 100 | return; 101 | 102 | if (buf->data) 103 | free (buf->data); 104 | free (buf); 105 | } 106 | 107 | 108 | /* Set the content of the buffer to AMOUNT bytes starting from DATA, 109 | and reset the buffer offset. */ 110 | gsti_error_t 111 | gsti_buf_set (gsti_buffer_t buf, const char *data, size_t amount) 112 | { 113 | buf->end = 0; 114 | buf->offset = 0; 115 | 116 | return gsti_buf_putraw (buf, data, amount); 117 | } 118 | 119 | 120 | /* Append the character CHR to the buffer BUF. */ 121 | gsti_error_t 122 | gsti_buf_putc (gsti_buffer_t buf, int chr) 123 | { 124 | gsti_error_t err; 125 | 126 | err = buffer_grow (buf, 1); 127 | if (!err) 128 | buf->data[buf->end++] = (unsigned char) (chr & 0xff); 129 | 130 | return err; 131 | } 132 | 133 | 134 | /* Append the byte VAL to the buffer BUF. */ 135 | gsti_error_t 136 | gsti_buf_putbyte (gsti_buffer_t buf, unsigned char val) 137 | { 138 | gsti_error_t err; 139 | 140 | err = buffer_grow (buf, 1); 141 | if (!err) 142 | buf->data[buf->end++] = val; 143 | 144 | return err; 145 | } 146 | 147 | 148 | /* Append the boolean VAL to the buffer BUF. */ 149 | gpg_error_t 150 | gsti_buf_putbool (gsti_buffer_t buf, int val) 151 | { 152 | return gsti_buf_putbyte (buf, val ? SSH_TRUE : SSH_FALSE); 153 | } 154 | 155 | 156 | /* Append the 32-bit unsigned integer to the buffer BUF. */ 157 | gsti_error_t 158 | gsti_buf_putuint32 (gsti_buffer_t buf, gsti_uint32_t val) 159 | { 160 | gsti_error_t err; 161 | 162 | err = buffer_grow (buf, 4); 163 | if (!err) 164 | { 165 | buf->data[buf->end++] = val >> 24; 166 | buf->data[buf->end++] = val >> 16; 167 | buf->data[buf->end++] = val >> 8; 168 | buf->data[buf->end++] = val; 169 | } 170 | 171 | return err; 172 | } 173 | 174 | 175 | /* Append the string data, AMOUNT bytes starting from DATA, to the 176 | buffer BUF. */ 177 | gsti_error_t 178 | gsti_buf_putstr (gsti_buffer_t buf, const char *data, size_t amount) 179 | { 180 | gsti_error_t err; 181 | 182 | err = gsti_buf_putuint32 (buf, amount); 183 | if (err) 184 | return err; 185 | if (!amount) 186 | return 0; 187 | 188 | return gsti_buf_putraw (buf, data, amount); 189 | } 190 | 191 | 192 | /* Append the binary string BSTR to the buffer BUF. */ 193 | gpg_error_t 194 | gsti_buf_putbstr (gsti_buffer_t buf, gsti_bstr_t bstr) 195 | { 196 | return gsti_buf_putstr (buf, 197 | (const char*)gsti_bstr_data (bstr), 198 | gsti_bstr_length (bstr)); 199 | } 200 | 201 | 202 | /* Append the MPI VAL to the buffer BUF. */ 203 | gsti_error_t 204 | gsti_buf_putmpi (gsti_buffer_t buf, gcry_mpi_t mpi) 205 | { 206 | gsti_error_t err; 207 | unsigned char mpibuf[512]; 208 | size_t mpilen; 209 | 210 | err = gcry_mpi_print (GCRYMPI_FMT_SSH, mpibuf, sizeof (mpibuf), &mpilen, 211 | mpi); 212 | if (!err) 213 | err = gsti_buf_putraw (buf, mpibuf, mpilen); 214 | 215 | return err; 216 | } 217 | 218 | 219 | /* Append AMOUNT bytes starting from DATA to the buffer BUF. */ 220 | gsti_error_t 221 | gsti_buf_putraw (gsti_buffer_t buf, const void *data, size_t amount) 222 | { 223 | gsti_error_t err; 224 | 225 | err = buffer_grow (buf, amount); 226 | if (!err) 227 | { 228 | memcpy (&buf->data[buf->end], data, amount); 229 | buf->end += amount; 230 | } 231 | 232 | return err; 233 | } 234 | 235 | 236 | /* Return the amount of data left for reading in the buffer BUF. */ 237 | size_t 238 | gsti_buf_readable (gsti_buffer_t buf) 239 | { 240 | return buf->end - buf->offset; 241 | } 242 | 243 | 244 | /* Return a pointer to the first byte of the currently readable buffer 245 | data. */ 246 | void * 247 | gsti_buf_getptr (gsti_buffer_t buf) 248 | { 249 | return &buf->data[buf->offset]; 250 | } 251 | 252 | 253 | /* Return the character at the current offset in the buffer BUF in 254 | VAL, and increase the offset to point to the byte following that 255 | character. Returns the GPG_ERR_INV_PACKET error code if there is 256 | no more character in the buffer. */ 257 | gsti_error_t 258 | gsti_buf_getc (gsti_buffer_t buf, int *r_chr) 259 | { 260 | if (gsti_buf_readable (buf) < 1) 261 | return gsti_error (GPG_ERR_INV_PACKET); 262 | 263 | *r_chr = (char) buf->data[buf->offset++]; 264 | return 0; 265 | } 266 | 267 | 268 | /* Return the byte at the current offset in the buffer BUF in R_VAL, and 269 | increase the offset to point to the byte following that character. 270 | Returns the GPG_ERR_INV_PACKET error code if there is no more 271 | character in the buffer. */ 272 | gsti_error_t 273 | gsti_buf_getbyte (gsti_buffer_t buf, unsigned char *r_val) 274 | { 275 | if (gsti_buf_readable (buf) < 1) 276 | return gsti_error (GPG_ERR_INV_PACKET); 277 | 278 | *r_val = buf->data[buf->offset++]; 279 | return 0; 280 | } 281 | 282 | 283 | 284 | /* Return the boolean at the current offset in the buffer BUF in 285 | R_VAL, and increase the offset to point to the byte following that 286 | boolean. Returns the GPG_ERR_INV_PACKET error code if there is no 287 | boolean in the buffer. */ 288 | gpg_error_t 289 | gsti_buf_getbool (gsti_buffer_t buf, int *r_val) 290 | { 291 | gpg_error_t err; 292 | gsti_byte_t val; 293 | 294 | err = gsti_buf_getbyte (buf, &val); 295 | if (err) 296 | return err; 297 | 298 | *r_val = val ? 1 : 0; 299 | return 0; 300 | } 301 | 302 | 303 | /* Return the 32-bit unsigned integer at the current offset in the 304 | buffer BUF in VAL, and increase the offset to point to the byte 305 | following that integer. Returns the GPG_ERR_INV_PACKET error code 306 | if there is no more character in the buffer. */ 307 | gsti_error_t 308 | gsti_buf_getuint32 (gsti_buffer_t buf, gsti_uint32_t *val) 309 | { 310 | if (gsti_buf_readable (buf) < 4) 311 | return gsti_error (GPG_ERR_INV_PACKET); 312 | 313 | *val = buf->data[buf->offset++] << 24; 314 | *val |= buf->data[buf->offset++] << 16; 315 | *val |= buf->data[buf->offset++] << 8; 316 | *val |= buf->data[buf->offset++]; 317 | 318 | return 0; 319 | } 320 | 321 | 322 | /* Return the string at the current offset in the buffer BUF in R_STR 323 | and its length in R_LENGTH (without the trailing zero), and 324 | increase the offset to point to the byte following that string. A 325 | trailing zero will be appended to the string. Returns the 326 | GPG_ERR_INV_PACKET error code if there is no valid string in the 327 | buffer. The returned string is allocated with malloc and must be 328 | freed by the user. */ 329 | gsti_error_t 330 | gsti_buf_getstr (gsti_buffer_t buf, char **r_str, size_t *r_length) 331 | { 332 | gsti_error_t err; 333 | char *str; 334 | size_t len; 335 | 336 | err = gsti_buf_getuint32 (buf, &len); 337 | if (err) 338 | return err; 339 | 340 | if (!len) 341 | { /* allow empty strings */ 342 | *r_str = malloc (1); 343 | r_str[0] = '\0'; 344 | *r_length = 1; 345 | return 0; 346 | } 347 | 348 | if (len > gsti_buf_readable (buf)) 349 | return gsti_error (GPG_ERR_INV_PACKET); 350 | 351 | str = malloc (len + 1); 352 | if (!str) 353 | return gpg_error_from_errno (errno); 354 | 355 | err = gsti_buf_getraw (buf, str, len); 356 | if (err) 357 | { 358 | free (str); 359 | return err; 360 | } 361 | str[len] = '\0'; 362 | 363 | *r_str = str; 364 | *r_length = (size_t) len; 365 | 366 | return 0; 367 | } 368 | 369 | 370 | /* Return the binary string at the current offset in the buffer BUF in 371 | R_BSTR, and increase the offset to point to the byte following that 372 | binary string. Returns the GPG_ERR_INV_PACKET error code if there 373 | is no valid binary string in the buffer. */ 374 | gpg_error_t 375 | gsti_buf_getbstr (gsti_buffer_t buf, gsti_bstr_t *r_bstr) 376 | { 377 | gsti_error_t err; 378 | size_t len; 379 | 380 | err = gsti_buf_getuint32 (buf, &len); 381 | if (err) 382 | return err; 383 | 384 | if (len > gsti_buf_readable (buf)) 385 | return gsti_error (GPG_ERR_INV_PACKET); 386 | 387 | err = gsti_bstr_make (r_bstr, buf->data + buf->offset, len); 388 | if (err) 389 | return err; 390 | 391 | buf->offset += len; 392 | 393 | return 0; 394 | } 395 | 396 | 397 | 398 | /* Return the MPI at the current offset in the buffer BUF in R_VAL, 399 | and increase the offset to point to the byte following that MPI. 400 | Returns the GPG_ERR_INV_PACKET error code if there is no valid MPI 401 | in the buffer. */ 402 | gsti_error_t 403 | gsti_buf_getmpi (gsti_buffer_t buf, gcry_mpi_t *r_val) 404 | { 405 | gsti_error_t err; 406 | unsigned char mpibuf[512]; 407 | size_t mpilen; 408 | 409 | err = gsti_buf_getuint32 (buf, &mpilen); 410 | if (err) 411 | return err; 412 | 413 | if (mpilen > sizeof (mpibuf) - 4) 414 | return gsti_error (GPG_ERR_INV_PACKET); 415 | 416 | mpibuf[0] = mpilen >> 24; 417 | mpibuf[1] = mpilen >> 16; 418 | mpibuf[2] = mpilen >> 8; 419 | mpibuf[3] = mpilen; 420 | gsti_buf_getraw (buf, mpibuf + 4, mpilen); 421 | 422 | return gcry_mpi_scan (r_val, GCRYMPI_FMT_SSH, mpibuf, mpilen + 4, NULL); 423 | } 424 | 425 | 426 | /* Return AMOUNT bytes starting from the current offset in the buffer 427 | BUF in DATA, and increase the offset to point to the byte following 428 | that data. Returns the GPG_ERR_INV_PACKET error code if there are 429 | not AMOUNT bytes available in the buffer. */ 430 | gsti_error_t 431 | gsti_buf_getraw (gsti_buffer_t buf, void *data, size_t amount) 432 | { 433 | if (amount > gsti_buf_readable (buf)) 434 | return gsti_error (GPG_ERR_INV_PACKET); 435 | 436 | memcpy (data, buf->data + buf->offset, amount); 437 | buf->offset += amount; 438 | 439 | return 0; 440 | } 441 | -------------------------------------------------------------------------------- /src/main.c: -------------------------------------------------------------------------------- 1 | /* main.c - Main APIs 2 | Copyright (C) 1999 Werner Koch 3 | Copyright (C) 2002 Timo Schulz 4 | Copyright (C) 2004 g10 Code GmbH 5 | 6 | This file is part of GSTI. 7 | 8 | GSTI is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | 13 | GSTI is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License 19 | along with this program; if not, write to the Free Software Foundation, 20 | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ 21 | 22 | #if HAVE_CONFIG_H 23 | #include 24 | #endif 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | 34 | #include "types.h" 35 | #include "buffer.h" 36 | #include "memory.h" 37 | #include "packet.h" 38 | #include "api.h" 39 | #include "kex.h" 40 | #include "pubkey.h" 41 | 42 | static const char * 43 | parse_version_number (const char *s, int *number) 44 | { 45 | int val = 0; 46 | 47 | if (*s == '0' && isdigit (s[1])) 48 | return NULL; /* leading zeros are not allowed */ 49 | for (; isdigit (*s); s++) 50 | { 51 | val *= 10; 52 | val += *s - '0'; 53 | } 54 | *number = val; 55 | return val < 0 ? NULL : s; 56 | } 57 | 58 | 59 | static const char * 60 | parse_version_string (const char *s, int *major, int *minor, int *micro) 61 | { 62 | s = parse_version_number (s, major); 63 | if (!s || *s != '.') 64 | return NULL; 65 | s++; 66 | s = parse_version_number (s, minor); 67 | if (!s || *s != '.') 68 | return NULL; 69 | s++; 70 | s = parse_version_number (s, micro); 71 | if (!s) 72 | return NULL; 73 | return s; /* patchlevel */ 74 | } 75 | 76 | 77 | /**************** 78 | * Check that the the version of the library is at minimum the requested one 79 | * and return the version string; return NULL if the condition is not 80 | * satisfied. If a NULL is passed to thsi function, no check is done, 81 | * but the version string is simpley returned. 82 | */ 83 | const char * 84 | gsti_check_version (const char *req_version) 85 | { 86 | const char *ver = VERSION; 87 | int my_major, my_minor, my_micro; 88 | int rq_major, rq_minor, rq_micro; 89 | const char *my_plvl, *rq_plvl; 90 | 91 | if (!req_version) 92 | return ver; 93 | 94 | my_plvl = parse_version_string (ver, &my_major, &my_minor, &my_micro); 95 | if (!my_plvl) 96 | return NULL; /* very strange our own version is bogus */ 97 | rq_plvl = parse_version_string (req_version, &rq_major, &rq_minor, 98 | &rq_micro); 99 | if (!rq_plvl) 100 | return NULL; /* req version string is invalid */ 101 | 102 | if (my_major > rq_major 103 | || (my_major == rq_major && my_minor > rq_minor) 104 | || (my_major == rq_major && my_minor == rq_minor 105 | && my_micro > rq_micro) 106 | || (my_major == rq_major && my_minor == rq_minor 107 | && my_micro == rq_micro && strcmp (my_plvl, rq_plvl) >= 0)) 108 | { 109 | return ver; 110 | } 111 | return NULL; 112 | } 113 | 114 | 115 | void 116 | gsti_control (enum gsti_ctl_cmds ctl) 117 | { 118 | switch (ctl) 119 | { 120 | case GSTI_DISABLE_LOCKING: 121 | gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING); 122 | break; 123 | 124 | case GSTI_SECMEM_INIT: 125 | gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); 126 | gcry_control (GCRYCTL_DISABLE_SECMEM_WARN); 127 | break; 128 | 129 | case GSTI_SECMEM_RELEASE: 130 | gcry_control (GCRYCTL_TERM_SECMEM); 131 | break; 132 | } 133 | } 134 | 135 | 136 | gsti_error_t 137 | gsti_init (gsti_ctx_t * r_ctx) 138 | { 139 | gsti_ctx_t ctx; 140 | gsti_error_t err; 141 | 142 | ctx = _gsti_xcalloc (1, sizeof *ctx); 143 | _gsti_packet_init (ctx); 144 | _gsti_kex_set_defaults (ctx); 145 | 146 | err = gsti_auth_new (&ctx->auth); 147 | /* FIXME: Handle error. */ 148 | 149 | *r_ctx = ctx; 150 | return 0; 151 | } 152 | 153 | 154 | static void 155 | _gsti_kex_free (gsti_kex_t kex) 156 | { 157 | if (!kex) 158 | return; 159 | gcry_mpi_release (kex->p); 160 | gcry_mpi_release (kex->g); 161 | gsti_bstr_free (kex->h); 162 | gsti_bstr_free (kex->iv_a); 163 | gsti_bstr_free (kex->iv_b); 164 | gsti_bstr_free (kex->key_c); 165 | gsti_bstr_free (kex->key_d); 166 | gsti_bstr_free (kex->mac_e); 167 | gsti_bstr_free (kex->mac_f); 168 | } 169 | 170 | 171 | void 172 | gsti_deinit (gsti_ctx_t ctx) 173 | { 174 | if (!ctx) 175 | return; 176 | 177 | gsti_auth_free (ctx->auth); 178 | _gsti_read_stream_free (ctx->read_stream); 179 | _gsti_write_stream_free (ctx->write_stream); 180 | _gsti_strlist_free (ctx->local_services); 181 | gsti_bstr_free (ctx->peer_version_string); 182 | gsti_bstr_free (ctx->host_kexinit_data); 183 | gsti_bstr_free (ctx->peer_kexinit_data); 184 | _gsti_free (ctx->service_name); 185 | gsti_bstr_free (ctx->session_id); 186 | _gsti_kex_free (&ctx->kex); 187 | gcry_cipher_close (ctx->encrypt_hd); 188 | gcry_cipher_close (ctx->decrypt_hd); 189 | gsti_key_free (ctx->hostkey); 190 | _gsti_packet_free (ctx); 191 | _gsti_free (ctx); 192 | if (ctx->state_data) 193 | free (ctx->state_data); 194 | } 195 | 196 | 197 | gsti_error_t 198 | gsti_set_writefnc (gsti_ctx_t ctx, gsti_write_fnc_t writefnc, void * opaque) 199 | { 200 | if (!ctx) 201 | return gsti_error (GPG_ERR_INV_ARG); 202 | 203 | ctx->writefnc = writefnc; 204 | ctx->writectx = opaque; 205 | 206 | return 0; 207 | } 208 | 209 | 210 | /* A client can request a special service using this function. A 211 | servicename must have a @ in it, so that it does not conflict with 212 | any standard service. Comma and colons should be avoided in a 213 | service name. If this is not used, a standard SSH service is used. 214 | A server must use this function to set acceptable services. A 215 | client uses the first service from the list. */ 216 | gsti_error_t 217 | gsti_set_service (gsti_ctx_t ctx, const char *svcname) 218 | { 219 | gsti_strlist_t s; 220 | 221 | if (!ctx) 222 | return gsti_error (GPG_ERR_INV_ARG); 223 | if (!svcname || !*svcname) 224 | return 0; 225 | ctx->local_services = _gsti_algolist_parse (svcname, strlen (svcname)); 226 | for (s = ctx->local_services; s; s = s->next) 227 | { 228 | if (!strchr (s->d, '@')) 229 | ; 230 | _gsti_log_info (ctx, "service `%s'\n", s->d); 231 | } 232 | return 0; 233 | } 234 | 235 | 236 | gsti_error_t 237 | gsti_set_hostkey (gsti_ctx_t ctx, const char *file) 238 | { 239 | struct stat statbuf; 240 | 241 | if (!ctx) 242 | return gsti_error (GPG_ERR_INV_ARG); 243 | if (stat (file, &statbuf)) 244 | return gsti_error_from_errno (errno); 245 | 246 | ctx->we_are_server = 1; 247 | return gsti_key_load (file, 1, &ctx->hostkey); 248 | } 249 | 250 | 251 | gsti_key_t 252 | gsti_get_hostkey (gsti_ctx_t ctx) 253 | { 254 | if (!ctx) 255 | return NULL; 256 | return ctx->hostkey; 257 | } 258 | 259 | 260 | gsti_error_t 261 | gsti_set_client_key (gsti_ctx_t ctx, const char *file) 262 | { 263 | struct stat statbuf; 264 | 265 | if (!ctx) 266 | return gsti_error (GPG_ERR_INV_ARG); 267 | if (stat (file, &statbuf)) 268 | return gsti_error_from_errno (errno); 269 | 270 | gsti_key_free (ctx->auth->key); 271 | ctx->auth->key = NULL; 272 | return gsti_key_load (file, 1, &ctx->auth->key); 273 | } 274 | 275 | 276 | /* Set the client authentication key from a ssh style keyblob in KEY 277 | and KEYLEN. Optionally a sign function may be assigned to the 278 | key. */ 279 | gsti_error_t 280 | gsti_set_client_key_blob (gsti_ctx_t ctx, 281 | const unsigned char *key, size_t keylen, 282 | gsti_sign_fnc_t sign_fnc, void *sign_fnc_value) 283 | { 284 | gsti_error_t err; 285 | gsti_bstr_t bstr; 286 | 287 | if (!ctx) 288 | return gsti_error (GPG_ERR_INV_ARG); 289 | 290 | err = gsti_bstr_make (&bstr, key, keylen); 291 | if (err) 292 | return err; 293 | 294 | gsti_key_free (ctx->auth->key); 295 | ctx->auth->key = NULL; 296 | err = _gsti_key_fromblob (bstr, &ctx->auth->key); 297 | if (!err) 298 | { 299 | ctx->auth->key->sign_fnc = sign_fnc; 300 | ctx->auth->key->sign_fnc_value = sign_fnc_value; 301 | } 302 | gsti_bstr_free (bstr); 303 | return err; 304 | } 305 | 306 | 307 | gsti_error_t 308 | gsti_set_client_user (gsti_ctx_t ctx, const char *user) 309 | { 310 | if (!ctx) 311 | return gsti_error (GPG_ERR_INV_ARG); 312 | 313 | _gsti_free (ctx->auth->user); 314 | ctx->auth->user = _gsti_xstrdup (user); 315 | 316 | return 0; 317 | } 318 | 319 | gsti_error_t 320 | gsti_set_auth_method (gsti_ctx_t ctx, int methd) 321 | { 322 | if (!ctx) 323 | return gsti_error (GPG_ERR_INV_ARG); 324 | 325 | switch (methd) 326 | { 327 | case GSTI_AUTH_PUBLICKEY: 328 | ctx->auth->method = methd; 329 | break; 330 | default: 331 | return gsti_error (GPG_ERR_PROTOCOL_VIOLATION); 332 | } 333 | 334 | return 0; 335 | } 336 | 337 | 338 | gsti_error_t 339 | gsti_set_compression (gsti_ctx_t ctx, int val) 340 | { 341 | #ifndef USE_ZLIB 342 | ctx->zlib.use = 0; 343 | return gsti_error (GPG_ERR_NOT_IMPLEMENTED); 344 | #else 345 | if (!ctx) 346 | return gsti_error (GPG_ERR_INV_ARG); 347 | ctx->zlib.use = val; 348 | return 0; 349 | #endif 350 | } 351 | 352 | 353 | 354 | gsti_error_t 355 | gsti_set_kex_dhgex (gsti_ctx_t ctx, unsigned int min, unsigned int n, 356 | unsigned int max) 357 | { 358 | if (!ctx) 359 | return gsti_error (GPG_ERR_INV_ARG); 360 | 361 | if (n < min || n > max) 362 | return gsti_error (GPG_ERR_INV_ARG); 363 | if (!n || !min || !max) 364 | { 365 | _gsti_kex_set_defaults (ctx); 366 | return 0; 367 | } 368 | 369 | ctx->gex.min = min; 370 | ctx->gex.n = n; 371 | ctx->gex.max = max; 372 | ctx->gex.used = 1; 373 | 374 | return 0; 375 | } 376 | 377 | 378 | gsti_key_t 379 | gsti_get_auth_key (gsti_ctx_t ctx) 380 | { 381 | if (!ctx) 382 | return NULL; 383 | return ctx->auth->key; 384 | } 385 | 386 | 387 | gsti_error_t 388 | gsti_set_auth_callback (gsti_ctx_t ctx, gsti_auth_cb_t fnc, 389 | void * fnc_value) 390 | { 391 | if (!ctx) 392 | return gsti_error (GPG_ERR_INV_ARG); 393 | ctx->auth_cb = fnc; 394 | ctx->auth_cb_val = fnc_value; 395 | 396 | return 0; 397 | } 398 | 399 | 400 | gsti_error_t 401 | gsti_set_auth_banner (gsti_ctx_t ctx, const char * data, int isfile) 402 | { 403 | gsti_error_t err = 0; 404 | 405 | if (!ctx) 406 | gsti_error (GPG_ERR_INV_ARG); 407 | 408 | if (!isfile) 409 | { 410 | gsti_bstr_free (ctx->banner); 411 | err = gsti_bstr_make (&ctx->banner, data, strlen (data)); 412 | } 413 | else 414 | ; /* FIXME: todo */ 415 | return err; 416 | } 417 | 418 | 419 | gsti_error_t 420 | gsti_set_kex_prefs (gsti_ctx_t ctx, enum gsti_prefs type, 421 | const unsigned short * prefs, size_t n) 422 | { 423 | gsti_error_t err = 0; 424 | int i; 425 | 426 | if (!ctx) 427 | return gsti_error (GPG_ERR_INV_ARG); 428 | if (!n) 429 | return 0; 430 | 431 | switch (type) 432 | { 433 | case GSTI_PREFS_ENCR: 434 | if (n > DIM (ctx->prefs.encr)) 435 | return gsti_error (GPG_ERR_TOO_LARGE); 436 | err = _gsti_kex_check_alglist (type, prefs, n); 437 | if (!err) 438 | for (i=0; i < n; i++) 439 | ctx->prefs.encr[i] = prefs[i]; 440 | break; 441 | 442 | case GSTI_PREFS_COMPR: 443 | if (n > DIM (ctx->prefs.compr)) 444 | return gsti_error (GPG_ERR_TOO_LARGE); 445 | break; 446 | 447 | case GSTI_PREFS_HMAC: 448 | if (n > DIM (ctx->prefs.hmac)) 449 | return gsti_error (GPG_ERR_TOO_LARGE); 450 | err = _gsti_kex_check_alglist (type, prefs,n ); 451 | if (!err) 452 | for (i=0; i < n; i++) 453 | ctx->prefs.hmac[i] = prefs[i]; 454 | break; 455 | 456 | default: 457 | return gsti_error (GPG_ERR_INV_ATTR); 458 | } 459 | 460 | return err; 461 | } 462 | 463 | --------------------------------------------------------------------------------