[Ttssh2-commit] [4367] TTSSHの各種暗号設定に関して、teraterm . iniのエントリでカスタマイズできるようにした。

svnno****@sourc***** svnno****@sourc*****
2011年 3月 5日 (土) 23:52:45 JST


Revision: 4367
          http://sourceforge.jp/projects/ttssh2/svn/view?view=rev&revision=4367
Author:   yutakapon
Date:     2011-03-05 23:52:45 +0900 (Sat, 05 Mar 2011)

Log Message:
-----------
TTSSHの各種暗号設定に関して、teraterm.iniのエントリでカスタマイズできるようにした。
正式なUIに関しては、これから検討する。

KexOrder=56743210
HostKeyOrder=456230
MacOrder=120
CompOrder=012

Modified Paths:
--------------
    trunk/installer/release/TERATERM.INI
    trunk/ttssh2/ttxssh/key.c
    trunk/ttssh2/ttxssh/ssh.c
    trunk/ttssh2/ttxssh/ssh.h
    trunk/ttssh2/ttxssh/ttxssh.c
    trunk/ttssh2/ttxssh/ttxssh.h


-------------- next part --------------
Modified: trunk/installer/release/TERATERM.INI
===================================================================
--- trunk/installer/release/TERATERM.INI	2011-03-05 14:06:35 UTC (rev 4366)
+++ trunk/installer/release/TERATERM.INI	2011-03-05 14:52:45 UTC (rev 4367)
@@ -608,9 +608,6 @@
 ; SSH enabled flag (1=enabled 0=disabled)
 Enabled=1
 
-; packet compression level (0=none)
-Compression=0
-
 ; default login username (setup to authentication dialog)
 DefaultUserName=
 DefaultForwarding=
@@ -621,7 +618,44 @@
 ;  <...AES128-CTR,   =...AES192-CTR,   >...AES256-CTR,     ?...Arcfour,
 ;  @...Arcfour128,   A...Arcfour256,   B...CAST128-CBC,    C...3DES-CTR,
 ;  D...Blowfish-CTR, E...CAST128-CTR,  etc)
+;  0...Ciphers below this line are disabled.
 CipherOrder=>:=9<8C7D;A@?EB3062
+
+; KEX algorithm order(SSH2)
+;  0...diffie-hellman-group1-sha1
+;  1...diffie-hellman-group14-sha1
+;  2...diffie-hellman-group-exchange-sha1
+;  3...diffie-hellman-group-exchange-sha256
+;  4...ecdh-sha2-nistp256
+;  5...ecdh-sha2-nistp384
+;  6...ecdh-sha2-nistp521
+;  7...KEXs below this line are disabled.
+KexOrder=56743210
+
+; Host Key algorithm order(SSH2)
+;  2...RSA
+;  3...DSA
+;  4...ecdh-sha2-nistp256
+;  5...ecdh-sha2-nistp384
+;  6...ecdh-sha2-nistp521
+;  0...below this line are disabled.
+HostKeyOrder=456230
+
+; MAC algorithm order(SSH2)
+;  1...HMAC-SHA1
+;  2...HMAC-MD5
+;  0...below this line are disabled.
+MacOrder=120
+
+; Compression algorithm order(SSH2)
+;  1...zlib
+;  2...z****@opens*****(Delayed Compression)
+;  0...below this line are disabled.
+CompOrder=012
+; packet compression level (0=none)
+Compression=0
+
+
 KnownHostsFiles=ssh_known_hosts
 DefaultRhostsLocalUserName=
 DefaultRhostsHostPrivateKeyFile=

Modified: trunk/ttssh2/ttxssh/key.c
===================================================================
--- trunk/ttssh2/ttxssh/key.c	2011-03-05 14:06:35 UTC (rev 4366)
+++ trunk/ttssh2/ttxssh/key.c	2011-03-05 14:52:45 UTC (rev 4367)
@@ -702,20 +702,15 @@
 //
 char *get_sshname_from_keytype(enum ssh_keytype type)
 {
-	if (type == KEY_RSA) {
-		return "ssh-rsa";
-	} else if (type == KEY_DSA) {
-		return "ssh-dss";
-	} else if (type == KEY_ECDSA256) {
-		return "ecdsa-sha2-nistp256";
-	} else if (type == KEY_ECDSA384) {
-		return "ecdsa-sha2-nistp384";
-	} else if (type == KEY_ECDSA521) {
-		return "ecdsa-sha2-nistp521";
-	} else {
-		return "ssh-unknown";
+	int i;
+
+	for (i = 0 ; ssh2_host_key[i].name ; i++) {
+		if (type == ssh2_host_key[i].type)
+			return ssh2_host_key[i].name;
 	}
+	return "ssh-unknown";
 }
+
 char *get_sshname_from_key(Key *key)
 {
 	return get_sshname_from_keytype(key->type);

Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c	2011-03-05 14:06:35 UTC (rev 4366)
+++ trunk/ttssh2/ttxssh/ssh.c	2011-03-05 14:52:45 UTC (rev 4367)
@@ -4169,6 +4169,8 @@
 void SSH2_update_compression_myproposal(PTInstVar pvar)
 {
 	static char buf[128]; // TODO: malloc()‚É‚·‚ׂ«
+	int index;
+	int len, i;
 
 	// ’ʐM’†‚ɂ͌Ă΂ê‚È‚¢‚Í‚¸‚¾‚ªA”O‚Ì‚½‚߁B(2006.6.26 maya)
 	if (pvar->socket != INVALID_SOCKET) {
@@ -4177,11 +4179,22 @@
 
 	// ˆ³kƒŒƒxƒ‹‚ɉž‚¶‚āAmyproposal[]‚ð‘‚«Š·‚¦‚éB(2005.7.9 yutaka)
 	buf[0] = '\0';
-	if (pvar->settings.CompressionLevel > 0) {
-		// «—ˆ“I‚Ɉ³kƒAƒ‹ƒSƒŠƒYƒ€‚Ì—Dæ“x‚ðƒ†[ƒU‚ª•Ï‚¦‚ç‚ê‚é‚悤‚É‚·‚éB
-		_snprintf_s(buf, sizeof(buf), _TRUNCATE, "zlib****@opens*****,zlib,none");
+	for (i = 0 ; pvar->settings.CompOrder[i] != 0 ; i++) {
+		index = pvar->settings.CompOrder[i] - '0';
+		if (index == COMP_NONE) // disabled line
+			break;
+		strncat_s(buf, sizeof(buf), ssh_comps[index].name, _TRUNCATE);
+		strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
 	}
-	else {
+	len = strlen(buf);
+	buf[len - 1] = '\0';  // get rid of comma
+
+	// ˆ³kŽw’肪‚È‚¢ê‡‚́Aˆ³kƒŒƒxƒ‹‚ð–³ðŒ‚Éƒ[ƒ‚É‚·‚éB
+	if (buf[0] == '\0') {
+		pvar->settings.CompressionLevel = 0;
+	}
+
+	if (pvar->settings.CompressionLevel == 0) {
 		_snprintf_s(buf, sizeof(buf), _TRUNCATE, KEX_DEFAULT_COMP);
 	}
 	if (buf[0] != '\0') {
@@ -4190,7 +4203,85 @@
 	}
 }
 
+// KEXƒAƒ‹ƒSƒŠƒYƒ€—Dæ‡ˆÊ‚ɉž‚¶‚āAmyproposal[]‚ð‘‚«Š·‚¦‚éB
+// (2011.2.28 yutaka)
+void SSH2_update_kex_myproposal(PTInstVar pvar)
+{
+	static char buf[256]; // TODO: malloc()‚É‚·‚ׂ«
+	int index;
+	int len, i;
 
+	// ’ʐM’†‚ɂ͌Ă΂ê‚È‚¢‚Í‚¸‚¾‚ªA”O‚Ì‚½‚߁B(2006.6.26 maya)
+	if (pvar->socket != INVALID_SOCKET) {
+		return;
+	}
+
+	buf[0] = '\0';
+	for (i = 0 ; pvar->settings.KexOrder[i] != 0 ; i++) {
+		index = pvar->settings.KexOrder[i] - '0';
+		if (index == KEX_DH_NONE) // disabled line
+			break;
+		strncat_s(buf, sizeof(buf), ssh2_kex_algorithms[index].name, _TRUNCATE);
+		strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
+	}
+	len = strlen(buf);
+	buf[len - 1] = '\0';  // get rid of comma
+	myproposal[PROPOSAL_KEX_ALGS] = buf; 
+}
+
+// Host KeyƒAƒ‹ƒSƒŠƒYƒ€—Dæ‡ˆÊ‚ɉž‚¶‚āAmyproposal[]‚ð‘‚«Š·‚¦‚éB
+// (2011.2.28 yutaka)
+void SSH2_update_host_key_myproposal(PTInstVar pvar)
+{
+	static char buf[256]; // TODO: malloc()‚É‚·‚ׂ«
+	int index;
+	int len, i;
+
+	// ’ʐM’†‚ɂ͌Ă΂ê‚È‚¢‚Í‚¸‚¾‚ªA”O‚Ì‚½‚߁B(2006.6.26 maya)
+	if (pvar->socket != INVALID_SOCKET) {
+		return;
+	}
+
+	buf[0] = '\0';
+	for (i = 0 ; pvar->settings.HostKeyOrder[i] != 0 ; i++) {
+		index = pvar->settings.HostKeyOrder[i] - '0';
+		if (index == KEY_NONE) // disabled line
+			break;
+		strncat_s(buf, sizeof(buf), ssh2_host_key[index].name, _TRUNCATE);
+		strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
+	}
+	len = strlen(buf);
+	buf[len - 1] = '\0';  // get rid of comma
+	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = buf; 
+}
+
+// H-MACƒAƒ‹ƒSƒŠƒYƒ€—Dæ‡ˆÊ‚ɉž‚¶‚āAmyproposal[]‚ð‘‚«Š·‚¦‚éB
+// (2011.2.28 yutaka)
+void SSH2_update_hmac_myproposal(PTInstVar pvar)
+{
+	static char buf[256]; // TODO: malloc()‚É‚·‚ׂ«
+	int index;
+	int len, i;
+
+	// ’ʐM’†‚ɂ͌Ă΂ê‚È‚¢‚Í‚¸‚¾‚ªA”O‚Ì‚½‚߁B(2006.6.26 maya)
+	if (pvar->socket != INVALID_SOCKET) {
+		return;
+	}
+
+	buf[0] = '\0';
+	for (i = 0 ; pvar->settings.MacOrder[i] != 0 ; i++) {
+		index = pvar->settings.MacOrder[i] - '0';
+		if (index == HMAC_NONE) // disabled line
+			break;
+		strncat_s(buf, sizeof(buf), ssh2_macs[index].name, _TRUNCATE);
+		strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
+	}
+	len = strlen(buf);
+	buf[len - 1] = '\0';  // get rid of comma
+	myproposal[PROPOSAL_MAC_ALGS_CTOS] = buf; 
+	myproposal[PROPOSAL_MAC_ALGS_STOC] = buf; 
+}
+
 // ƒNƒ‰ƒCƒAƒ“ƒg‚©‚çƒT[ƒo‚ւ̃L[ŒðŠ·ŠJŽn—v‹
 void SSH2_send_kexinit(PTInstVar pvar)
 {

Modified: trunk/ttssh2/ttxssh/ssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ssh.h	2011-03-05 14:06:35 UTC (rev 4366)
+++ trunk/ttssh2/ttxssh/ssh.h	2011-03-05 14:52:45 UTC (rev 4367)
@@ -198,6 +198,7 @@
 #define SSH2_OPEN_RESOURCE_SHORTAGE              4
 
 enum ssh_keytype {
+	KEY_NONE,
 	KEY_RSA1,
 	KEY_RSA,
 	KEY_DSA,
@@ -205,8 +206,25 @@
 	KEY_ECDSA384,
 	KEY_ECDSA521,
 	KEY_UNSPEC,
+	KEY_MAX = KEY_UNSPEC,
 };
 
+typedef struct ssh2_host_key {
+	enum ssh_keytype type;
+	char *name;
+} ssh2_host_key_t;
+
+static ssh2_host_key_t ssh2_host_key[] = {
+	{KEY_NONE, "none"},
+	{KEY_RSA1, "ssh-rsa1"},  // for SSH1 only
+	{KEY_RSA, "ssh-rsa"},
+	{KEY_DSA, "ssh-dss"},
+	{KEY_ECDSA256, "ecdsa-sha2-nistp256"},
+	{KEY_ECDSA384, "ecdsa-sha2-nistp384"},
+	{KEY_ECDSA521, "ecdsa-sha2-nistp521"},
+	{KEY_UNSPEC, "ssh-unknown"},
+};
+
 #define KEX_DEFAULT_KEX     "ecdh-sha2-nistp256," \
                             "ecdh-sha2-nistp384," \
                             "ecdh-sha2-nistp521," \
@@ -314,6 +332,7 @@
 
 // ‰º‹L‚̃Cƒ“ƒfƒbƒNƒX‚Í ssh2_kex_algorithms[] ‚ƍ‡‚킹‚邱‚ƁB
 enum kex_algorithm {
+	KEX_DH_NONE,       /* disabled line */
 	KEX_DH_GRP1_SHA1,
 	KEX_DH_GRP14_SHA1,
 	KEX_DH_GEX_SHA1,
@@ -322,6 +341,7 @@
 	KEX_ECDH_SHA2_384,
 	KEX_ECDH_SHA2_521,
 	KEX_DH_UNKNOWN,
+	KEX_DH_MAX = KEX_DH_UNKNOWN,
 };
 
 typedef struct ssh2_kex_algorithm {
@@ -331,6 +351,7 @@
 } ssh2_kex_algorithm_t;
 
 static ssh2_kex_algorithm_t ssh2_kex_algorithms[] = {
+	{KEX_DH_NONE      , "none",                                 NULL},
 	{KEX_DH_GRP1_SHA1,  "diffie-hellman-group1-sha1",           EVP_sha1},
 	{KEX_DH_GRP14_SHA1, "diffie-hellman-group14-sha1",          EVP_sha1},
 	{KEX_DH_GEX_SHA1,   "diffie-hellman-group-exchange-sha1",   EVP_sha1},
@@ -344,9 +365,11 @@
 
 // ‰º‹L‚̃Cƒ“ƒfƒbƒNƒX‚Í ssh2_macs[] ‚ƍ‡‚킹‚邱‚ƁB
 enum hmac_type {
+	HMAC_NONE,
 	HMAC_SHA1,
 	HMAC_MD5,
-	HMAC_UNKNOWN
+	HMAC_UNKNOWN,
+	HMAC_MAX = HMAC_UNKNOWN,
 };
 
 typedef struct ssh2_mac {
@@ -357,6 +380,7 @@
 } ssh2_mac_t;
 
 static ssh2_mac_t ssh2_macs[] = {
+	{HMAC_NONE,    "none",      NULL,     0},
 	{HMAC_SHA1,    "hmac-sha1", EVP_sha1, 0},
 	{HMAC_MD5,     "hmac-md5",  EVP_md5,  0},
 	{HMAC_UNKNOWN, NULL,        NULL,     0},
@@ -368,7 +392,8 @@
 	COMP_NONE,
 	COMP_ZLIB,
 	COMP_DELAYED,
-	COMP_UNKNOWN
+	COMP_UNKNOWN,
+	COMP_MAX = COMP_UNKNOWN,
 };
 
 typedef struct ssh_comp {
@@ -594,6 +619,9 @@
 BOOL handle_SSH2_userauth_passwd_changereq(PTInstVar pvar);
 void SSH2_update_compression_myproposal(PTInstVar pvar);
 void SSH2_update_cipher_myproposal(PTInstVar pvar);
+void SSH2_update_kex_myproposal(PTInstVar pvar);
+void SSH2_update_host_key_myproposal(PTInstVar pvar);
+void SSH2_update_hmac_myproposal(PTInstVar pvar);
 int SSH_notify_break_signal(PTInstVar pvar);
 
 #endif

Modified: trunk/ttssh2/ttxssh/ttxssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.c	2011-03-05 14:06:35 UTC (rev 4366)
+++ trunk/ttssh2/ttxssh/ttxssh.c	2011-03-05 14:52:45 UTC (rev 4367)
@@ -253,6 +253,96 @@
 	buf[i] = 0;
 }
 
+static void normalize_generic_order(char *buf, char default_strings[], int default_strings_len)
+{
+	char listed[KEX_DH_MAX + 1];
+	char allowed[KEX_DH_MAX + 1];
+	int i, j;
+
+	memset(listed, 0, sizeof(listed));
+	memset(allowed, 0, sizeof(allowed));
+	for (i = 0; i < default_strings_len ; i++) {
+		allowed[default_strings[i]] = 1;
+	}
+
+	for (i = 0; buf[i] != 0; i++) {
+		int num = buf[i] - '0';
+
+		if (num < 0 || num > default_strings_len
+			|| !allowed[num]
+			|| listed[num]) {
+			memmove(buf + i, buf + i + 1, strlen(buf + i + 1) + 1);
+			i--;
+		} else {
+			listed[num] = 1;
+		}
+	}
+
+	for (j = 0; j < default_strings_len ; j++) {
+		int num = default_strings[j];
+
+		if (!listed[num]) {
+			buf[i] = num + '0';
+			i++;
+		}
+	}
+
+	buf[i] = 0;
+}
+
+static void normalize_kex_order(char FAR * buf)
+{
+	static char default_strings[] = {
+		KEX_ECDH_SHA2_256,
+		KEX_ECDH_SHA2_384,
+		KEX_ECDH_SHA2_521,
+		KEX_DH_GEX_SHA256,
+		KEX_DH_GEX_SHA1,
+		KEX_DH_GRP14_SHA1,
+		KEX_DH_GRP1_SHA1,
+		KEX_DH_NONE,
+	};
+
+	normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
+}
+
+static void normalize_host_key_order(char FAR * buf)
+{
+	static char default_strings[] = {
+		KEY_ECDSA256,
+		KEY_ECDSA384,
+		KEY_ECDSA521,
+		KEY_RSA,
+		KEY_DSA,
+		KEY_NONE,
+	};
+
+	normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
+}
+
+static void normalize_mac_order(char FAR * buf)
+{
+	static char default_strings[] = {
+		HMAC_SHA1,
+		HMAC_MD5,
+		HMAC_NONE,
+	};
+
+	normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
+}
+
+static void normalize_comp_order(char FAR * buf)
+{
+	static char default_strings[] = {
+		COMP_NONE,
+		COMP_ZLIB,
+		COMP_DELAYED,
+	};
+
+	normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
+}
+
+
 /* Remove local settings from the shared memory block. */
 static void clear_local_settings(PTInstVar pvar)
 {
@@ -310,6 +400,19 @@
 	READ_STD_STRING_OPTION(CipherOrder);
 	normalize_cipher_order(settings->CipherOrder);
 
+	// KEX order
+	READ_STD_STRING_OPTION(KexOrder);
+	normalize_kex_order(settings->KexOrder);
+	// Host Key algorithm order
+	READ_STD_STRING_OPTION(HostKeyOrder);
+	normalize_host_key_order(settings->HostKeyOrder);
+	// H-MAC order
+	READ_STD_STRING_OPTION(MacOrder);
+	normalize_mac_order(settings->MacOrder);
+	// Compression algorithm order
+	READ_STD_STRING_OPTION(CompOrder);
+	normalize_comp_order(settings->CompOrder);
+
 	read_string_option(fileName, "KnownHostsFiles", "ssh_known_hosts",
 	                   settings->KnownHostsFiles,
 	                   sizeof(settings->KnownHostsFiles));
@@ -392,6 +495,18 @@
 	WritePrivateProfileString("TTSSH", "CipherOrder",
 	                          settings->CipherOrder, fileName);
 
+	WritePrivateProfileString("TTSSH", "KexOrder",
+	                          settings->KexOrder, fileName);
+
+	WritePrivateProfileString("TTSSH", "HostKeyOrder",
+	                          settings->HostKeyOrder, fileName);
+
+	WritePrivateProfileString("TTSSH", "MacOrder",
+	                          settings->MacOrder, fileName);
+
+	WritePrivateProfileString("TTSSH", "CompOrder",
+	                          settings->CompOrder, fileName);
+
 	WritePrivateProfileString("TTSSH", "KnownHostsFiles",
 	                          settings->KnownHostsFiles, fileName);
 
@@ -825,6 +940,9 @@
 
 		// Ý’è‚ð myproposal ‚É”½‰f‚·‚é‚̂́AÚ‘±’¼‘O‚Ì‚±‚±‚¾‚¯B (2006.6.26 maya)
 		SSH2_update_cipher_myproposal(pvar);
+		SSH2_update_kex_myproposal(pvar);
+		SSH2_update_host_key_myproposal(pvar);
+		SSH2_update_hmac_myproposal(pvar);
 		SSH2_update_compression_myproposal(pvar);
 	}
 }

Modified: trunk/ttssh2/ttxssh/ttxssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.h	2011-03-05 14:06:35 UTC (rev 4366)
+++ trunk/ttssh2/ttxssh/ttxssh.h	2011-03-05 14:52:45 UTC (rev 4367)
@@ -139,6 +139,12 @@
 
 	// Confirm Agent forwarding
 	BOOL ForwardAgentConfirm;
+
+	// KEX order(derived from teraterm.ini)
+	char KexOrder[KEX_DH_MAX+1];
+	char HostKeyOrder[KEY_MAX+1];
+	char MacOrder[HMAC_MAX+1];
+	char CompOrder[COMP_MAX+1];
 } TS_SSH;
 
 typedef struct _TInstVar {



Ttssh2-commit メーリングリストの案内