version 1.17, 2000/01/18 09:41:05 |
version 1.18, 2000/02/11 10:59:11 |
|
|
int |
int |
auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) |
auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) |
{ |
{ |
BIGNUM *challenge, *encrypted_challenge, *aux; |
BIGNUM *challenge, *encrypted_challenge; |
RSA *pk; |
RSA *pk; |
BN_CTX *ctx = BN_CTX_new(); |
BN_CTX *ctx; |
unsigned char buf[32], mdbuf[16], response[16]; |
unsigned char buf[32], mdbuf[16], response[16]; |
MD5_CTX md; |
MD5_CTX md; |
unsigned int i; |
unsigned int i; |
|
|
|
|
encrypted_challenge = BN_new(); |
encrypted_challenge = BN_new(); |
challenge = BN_new(); |
challenge = BN_new(); |
aux = BN_new(); |
|
|
|
/* Generate a random challenge. */ |
/* Generate a random challenge. */ |
BN_rand(challenge, 256, 0, 0); |
BN_rand(challenge, 256, 0, 0); |
|
ctx = BN_CTX_new(); |
BN_mod(challenge, challenge, n, ctx); |
BN_mod(challenge, challenge, n, ctx); |
|
BN_CTX_free(ctx); |
|
|
/* Create the public key data structure. */ |
/* Create the public key data structure. */ |
pk = RSA_new(); |
pk = RSA_new(); |
|
|
packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); |
packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); |
packet_put_bignum(encrypted_challenge); |
packet_put_bignum(encrypted_challenge); |
packet_send(); |
packet_send(); |
|
BN_clear_free(encrypted_challenge); |
packet_write_wait(); |
packet_write_wait(); |
|
|
|
/* Wait for a response. */ |
|
packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); |
|
packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE); |
|
for (i = 0; i < 16; i++) |
|
response[i] = packet_get_char(); |
|
|
/* The response is MD5 of decrypted challenge plus session id. */ |
/* The response is MD5 of decrypted challenge plus session id. */ |
len = BN_num_bytes(challenge); |
len = BN_num_bytes(challenge); |
if (len <= 0 || len > 32) |
if (len <= 0 || len > 32) |
|
|
MD5_Update(&md, buf, 32); |
MD5_Update(&md, buf, 32); |
MD5_Update(&md, session_id, 16); |
MD5_Update(&md, session_id, 16); |
MD5_Final(mdbuf, &md); |
MD5_Final(mdbuf, &md); |
|
|
/* We will no longer need these. */ |
|
BN_clear_free(encrypted_challenge); |
|
BN_clear_free(challenge); |
BN_clear_free(challenge); |
BN_clear_free(aux); |
|
BN_CTX_free(ctx); |
|
|
|
/* Wait for a response. */ |
|
packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); |
|
packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE); |
|
for (i = 0; i < 16; i++) |
|
response[i] = packet_get_char(); |
|
|
|
/* Verify that the response is the original challenge. */ |
/* Verify that the response is the original challenge. */ |
if (memcmp(response, mdbuf, 16) != 0) { |
if (memcmp(response, mdbuf, 16) != 0) { |