DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
Loading...
Searching...
No Matches
SshKeyMat Struct Reference

AES-256-CTR + HMAC-SHA2-256 session keys for one SSH connection. More...

#include <ssh_keymat.h>

Public Attributes

SshAesCtrCtx c2s_ctx
 Client→server cipher (AES-256-CTR); server decrypts inbound with it.
 
SshAesCtrCtx s2c_ctx
 Server→client cipher (AES-256-CTR); server encrypts outbound with it.
 
uint8_t mac_key_c2s [64]
 HMAC key, client-to-server (aes mode); 32 bytes for SHA-256, 64 for SHA-512.
 
uint8_t mac_key_s2c [64]
 HMAC key, server-to-client (aes mode).
 
uint8_t mac_mode
 SSH_MAC_* selected for the aes256-ctr cipher (0 = hmac-sha2-256 E&M).
 
uint8_t cipher_mode
 SSH_CIPHER_* selected for this session (0 = aes256-ctr).
 
uint8_t chacha_key_c2s [SSH_CHACHAPOLY_KEY_LEN]
 client-to-server, used only in chacha mode.
 
uint8_t chacha_key_s2c [SSH_CHACHAPOLY_KEY_LEN]
 server-to-client, used only in chacha mode.
 
SshAesGcmCtx gcm_c2s
 client-to-server AES-256-GCM (server opens inbound with it).
 
SshAesGcmCtx gcm_s2c
 server-to-client AES-256-GCM (server seals outbound with it).
 
bool active
 True once keys are installed after successful KEX.
 

Detailed Description

AES-256-CTR + HMAC-SHA2-256 session keys for one SSH connection.

This struct occupies a separate BSS symbol (ssh_keys[]) from the packet receive buffer (ssh_pool[].pkt_buf). See the security model at the top of this file for why that separation matters.

Key derivation follows RFC 4253 §7.2. After the DH exchange hash H is known and K is available, six values are derived:

IV_c2s = SHA256(K || H || "A" || session_id) [16 bytes] IV_s2c = SHA256(K || H || "B" || session_id) [16 bytes] key_c2s = SHA256(K || H || "C" || session_id) [32 bytes] key_s2c = SHA256(K || H || "D" || session_id) [32 bytes] mac_c2s = SHA256(K || H || "E" || session_id) [32 bytes] mac_s2c = SHA256(K || H || "F" || session_id) [32 bytes]

c2s_ctx is initialized with key_c2s + IV_c2s (client-to-server, server decrypts). s2c_ctx is initialized with key_s2c + IV_s2c (server-to-client, server encrypts).

Definition at line 191 of file ssh_keymat.h.

Member Data Documentation

◆ c2s_ctx

SshAesCtrCtx SshKeyMat::c2s_ctx

Client→server cipher (AES-256-CTR); server decrypts inbound with it.

Definition at line 193 of file ssh_keymat.h.

Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_recv().

◆ s2c_ctx

SshAesCtrCtx SshKeyMat::s2c_ctx

Server→client cipher (AES-256-CTR); server encrypts outbound with it.

Definition at line 194 of file ssh_keymat.h.

Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_send().

◆ mac_key_c2s

uint8_t SshKeyMat::mac_key_c2s[64]

HMAC key, client-to-server (aes mode); 32 bytes for SHA-256, 64 for SHA-512.

Definition at line 196 of file ssh_keymat.h.

Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_recv().

◆ mac_key_s2c

uint8_t SshKeyMat::mac_key_s2c[64]

HMAC key, server-to-client (aes mode).

Definition at line 197 of file ssh_keymat.h.

Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_send().

◆ mac_mode

uint8_t SshKeyMat::mac_mode

SSH_MAC_* selected for the aes256-ctr cipher (0 = hmac-sha2-256 E&M).

Definition at line 198 of file ssh_keymat.h.

Referenced by ssh_dh_derive_keys_sid(), ssh_pkt_recv(), and ssh_pkt_send().

◆ cipher_mode

uint8_t SshKeyMat::cipher_mode

SSH_CIPHER_* selected for this session (0 = aes256-ctr).

Definition at line 200 of file ssh_keymat.h.

Referenced by ssh_dh_derive_keys_sid(), ssh_pkt_recv(), and ssh_pkt_send().

◆ chacha_key_c2s

uint8_t SshKeyMat::chacha_key_c2s[SSH_CHACHAPOLY_KEY_LEN]

client-to-server, used only in chacha mode.

Definition at line 202 of file ssh_keymat.h.

Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_recv().

◆ chacha_key_s2c

uint8_t SshKeyMat::chacha_key_s2c[SSH_CHACHAPOLY_KEY_LEN]

server-to-client, used only in chacha mode.

Definition at line 203 of file ssh_keymat.h.

Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_send().

◆ gcm_c2s

SshAesGcmCtx SshKeyMat::gcm_c2s

client-to-server AES-256-GCM (server opens inbound with it).

Definition at line 207 of file ssh_keymat.h.

Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_recv().

◆ gcm_s2c

SshAesGcmCtx SshKeyMat::gcm_s2c

server-to-client AES-256-GCM (server seals outbound with it).

Definition at line 208 of file ssh_keymat.h.

Referenced by ssh_dh_derive_keys_sid(), and ssh_pkt_send().

◆ active

bool SshKeyMat::active

True once keys are installed after successful KEX.

Definition at line 210 of file ssh_keymat.h.

Referenced by ssh_dh_derive_keys_sid().


The documentation for this struct was generated from the following file: