|
DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
|
AES-256-CTR + HMAC-SHA2-256 session keys for one SSH connection. More...
#include <ssh_keymat.h>
Public Attributes | |
| SshAesCtrCtx | c2s_ctx |
| Client→server cipher (AES-256-CTR); server decrypts inbound with it. | |
| SshAesCtrCtx | s2c_ctx |
| Server→client cipher (AES-256-CTR); server encrypts outbound with it. | |
| uint8_t | mac_key_c2s [64] |
| HMAC key, client-to-server (aes mode); 32 bytes for SHA-256, 64 for SHA-512. | |
| uint8_t | mac_key_s2c [64] |
| HMAC key, server-to-client (aes mode). | |
| uint8_t | mac_mode |
| SSH_MAC_* selected for the aes256-ctr cipher (0 = hmac-sha2-256 E&M). | |
| uint8_t | cipher_mode |
| SSH_CIPHER_* selected for this session (0 = aes256-ctr). | |
| uint8_t | chacha_key_c2s [SSH_CHACHAPOLY_KEY_LEN] |
| client-to-server, used only in chacha mode. | |
| uint8_t | chacha_key_s2c [SSH_CHACHAPOLY_KEY_LEN] |
| server-to-client, used only in chacha mode. | |
| SshAesGcmCtx | gcm_c2s |
| client-to-server AES-256-GCM (server opens inbound with it). | |
| SshAesGcmCtx | gcm_s2c |
| server-to-client AES-256-GCM (server seals outbound with it). | |
| bool | active |
| True once keys are installed after successful KEX. | |
AES-256-CTR + HMAC-SHA2-256 session keys for one SSH connection.
This struct occupies a separate BSS symbol (ssh_keys[]) from the packet receive buffer (ssh_pool[].pkt_buf). See the security model at the top of this file for why that separation matters.
Key derivation follows RFC 4253 §7.2. After the DH exchange hash H is known and K is available, six values are derived:
IV_c2s = SHA256(K || H || "A" || session_id) [16 bytes] IV_s2c = SHA256(K || H || "B" || session_id) [16 bytes] key_c2s = SHA256(K || H || "C" || session_id) [32 bytes] key_s2c = SHA256(K || H || "D" || session_id) [32 bytes] mac_c2s = SHA256(K || H || "E" || session_id) [32 bytes] mac_s2c = SHA256(K || H || "F" || session_id) [32 bytes]
c2s_ctx is initialized with key_c2s + IV_c2s (client-to-server, server decrypts). s2c_ctx is initialized with key_s2c + IV_s2c (server-to-client, server encrypts).
Definition at line 191 of file ssh_keymat.h.
| SshAesCtrCtx SshKeyMat::c2s_ctx |
Client→server cipher (AES-256-CTR); server decrypts inbound with it.
Definition at line 193 of file ssh_keymat.h.
Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_recv().
| SshAesCtrCtx SshKeyMat::s2c_ctx |
Server→client cipher (AES-256-CTR); server encrypts outbound with it.
Definition at line 194 of file ssh_keymat.h.
Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_send().
| uint8_t SshKeyMat::mac_key_c2s[64] |
HMAC key, client-to-server (aes mode); 32 bytes for SHA-256, 64 for SHA-512.
Definition at line 196 of file ssh_keymat.h.
Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_recv().
| uint8_t SshKeyMat::mac_key_s2c[64] |
HMAC key, server-to-client (aes mode).
Definition at line 197 of file ssh_keymat.h.
Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_send().
| uint8_t SshKeyMat::mac_mode |
SSH_MAC_* selected for the aes256-ctr cipher (0 = hmac-sha2-256 E&M).
Definition at line 198 of file ssh_keymat.h.
Referenced by ssh_dh_derive_keys_sid(), ssh_pkt_recv(), and ssh_pkt_send().
| uint8_t SshKeyMat::cipher_mode |
SSH_CIPHER_* selected for this session (0 = aes256-ctr).
Definition at line 200 of file ssh_keymat.h.
Referenced by ssh_dh_derive_keys_sid(), ssh_pkt_recv(), and ssh_pkt_send().
| uint8_t SshKeyMat::chacha_key_c2s[SSH_CHACHAPOLY_KEY_LEN] |
client-to-server, used only in chacha mode.
Definition at line 202 of file ssh_keymat.h.
Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_recv().
| uint8_t SshKeyMat::chacha_key_s2c[SSH_CHACHAPOLY_KEY_LEN] |
server-to-client, used only in chacha mode.
Definition at line 203 of file ssh_keymat.h.
Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_send().
| SshAesGcmCtx SshKeyMat::gcm_c2s |
client-to-server AES-256-GCM (server opens inbound with it).
Definition at line 207 of file ssh_keymat.h.
Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_recv().
| SshAesGcmCtx SshKeyMat::gcm_s2c |
server-to-client AES-256-GCM (server seals outbound with it).
Definition at line 208 of file ssh_keymat.h.
Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_send().
| bool SshKeyMat::active |
True once keys are installed after successful KEX.
Definition at line 210 of file ssh_keymat.h.
Referenced by ssh_dh_derive_keys_sid().