version 1.42, 2001/12/19 07:18:56 |
version 1.43, 2001/12/27 18:22:16 |
|
|
if (!auth) |
if (!auth) |
return 0; |
return 0; |
|
|
challenge = BN_new(); |
if ((challenge = BN_new()) == NULL) |
|
fatal("try_agent_authentication: BN_new failed"); |
/* Loop through identities served by the agent. */ |
/* Loop through identities served by the agent. */ |
for (key = ssh_get_first_identity(auth, &comment, 1); |
for (key = ssh_get_first_identity(auth, &comment, 1); |
key != NULL; |
key != NULL; |
|
|
packet_disconnect("Protocol error during RSA authentication: %d", type); |
packet_disconnect("Protocol error during RSA authentication: %d", type); |
|
|
/* Get the challenge from the packet. */ |
/* Get the challenge from the packet. */ |
challenge = BN_new(); |
if ((challenge = BN_new()) == NULL) |
|
fatal("try_rsa_authentication: BN_new failed"); |
packet_get_bignum(challenge, &clen); |
packet_get_bignum(challenge, &clen); |
|
|
packet_integrity_check(plen, clen, type); |
packet_integrity_check(plen, clen, type); |
|
|
packet_disconnect("Protocol error during RSA authentication: %d", type); |
packet_disconnect("Protocol error during RSA authentication: %d", type); |
|
|
/* Get the challenge from the packet. */ |
/* Get the challenge from the packet. */ |
challenge = BN_new(); |
if ((challenge = BN_new()) == NULL) |
|
fatal("try_rhosts_rsa_authentication: BN_new failed"); |
packet_get_bignum(challenge, &clen); |
packet_get_bignum(challenge, &clen); |
|
|
packet_integrity_check(plen, clen, type); |
packet_integrity_check(plen, clen, type); |
|
|
{ |
{ |
int i; |
int i; |
BIGNUM *key; |
BIGNUM *key; |
RSA *host_key; |
Key *host_key, *server_key; |
RSA *public_key; |
|
Key k; |
|
int bits, rbits; |
int bits, rbits; |
int ssh_cipher_default = SSH_CIPHER_3DES; |
int ssh_cipher_default = SSH_CIPHER_3DES; |
u_char session_key[SSH_SESSION_KEY_LENGTH]; |
u_char session_key[SSH_SESSION_KEY_LENGTH]; |
|
|
cookie[i] = packet_get_char(); |
cookie[i] = packet_get_char(); |
|
|
/* Get the public key. */ |
/* Get the public key. */ |
public_key = RSA_new(); |
server_key = key_new(KEY_RSA1); |
bits = packet_get_int();/* bits */ |
bits = packet_get_int(); |
public_key->e = BN_new(); |
packet_get_bignum(server_key->rsa->e, &clen); |
packet_get_bignum(public_key->e, &clen); |
|
sum_len += clen; |
sum_len += clen; |
public_key->n = BN_new(); |
packet_get_bignum(server_key->rsa->n, &clen); |
packet_get_bignum(public_key->n, &clen); |
|
sum_len += clen; |
sum_len += clen; |
|
|
rbits = BN_num_bits(public_key->n); |
rbits = BN_num_bits(server_key->rsa->n); |
if (bits != rbits) { |
if (bits != rbits) { |
log("Warning: Server lies about size of server public key: " |
log("Warning: Server lies about size of server public key: " |
"actual size is %d bits vs. announced %d.", rbits, bits); |
"actual size is %d bits vs. announced %d.", rbits, bits); |
log("Warning: This may be due to an old implementation of ssh."); |
log("Warning: This may be due to an old implementation of ssh."); |
} |
} |
/* Get the host key. */ |
/* Get the host key. */ |
host_key = RSA_new(); |
host_key = key_new(KEY_RSA1); |
bits = packet_get_int();/* bits */ |
bits = packet_get_int(); |
host_key->e = BN_new(); |
packet_get_bignum(host_key->rsa->e, &clen); |
packet_get_bignum(host_key->e, &clen); |
|
sum_len += clen; |
sum_len += clen; |
host_key->n = BN_new(); |
packet_get_bignum(host_key->rsa->n, &clen); |
packet_get_bignum(host_key->n, &clen); |
|
sum_len += clen; |
sum_len += clen; |
|
|
rbits = BN_num_bits(host_key->n); |
rbits = BN_num_bits(host_key->rsa->n); |
if (bits != rbits) { |
if (bits != rbits) { |
log("Warning: Server lies about size of server host key: " |
log("Warning: Server lies about size of server host key: " |
"actual size is %d bits vs. announced %d.", rbits, bits); |
"actual size is %d bits vs. announced %d.", rbits, bits); |
|
|
supported_authentications = packet_get_int(); |
supported_authentications = packet_get_int(); |
|
|
debug("Received server public key (%d bits) and host key (%d bits).", |
debug("Received server public key (%d bits) and host key (%d bits).", |
BN_num_bits(public_key->n), BN_num_bits(host_key->n)); |
BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); |
|
|
packet_integrity_check(payload_len, |
packet_integrity_check(payload_len, |
8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4, |
8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4, |
SSH_SMSG_PUBLIC_KEY); |
SSH_SMSG_PUBLIC_KEY); |
k.type = KEY_RSA1; |
if (verify_host_key(host, hostaddr, host_key) == -1) |
k.rsa = host_key; |
|
if (verify_host_key(host, hostaddr, &k) == -1) |
|
fatal("Host key verification failed."); |
fatal("Host key verification failed."); |
|
|
client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; |
client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; |
|
|
compute_session_id(session_id, cookie, host_key->n, public_key->n); |
compute_session_id(session_id, cookie, host_key->rsa->n, server_key->rsa->n); |
|
|
/* Generate a session key. */ |
/* Generate a session key. */ |
arc4random_stir(); |
arc4random_stir(); |
|
|
* is the highest byte of the integer. The session key is xored with |
* is the highest byte of the integer. The session key is xored with |
* the first 16 bytes of the session id. |
* the first 16 bytes of the session id. |
*/ |
*/ |
key = BN_new(); |
if ((key = BN_new()) == NULL) |
|
fatal("respond_to_rsa_challenge: BN_new failed"); |
BN_set_word(key, 0); |
BN_set_word(key, 0); |
for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { |
for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { |
BN_lshift(key, key, 8); |
BN_lshift(key, key, 8); |
|
|
* Encrypt the integer using the public key and host key of the |
* Encrypt the integer using the public key and host key of the |
* server (key with smaller modulus first). |
* server (key with smaller modulus first). |
*/ |
*/ |
if (BN_cmp(public_key->n, host_key->n) < 0) { |
if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) { |
/* Public key has smaller modulus. */ |
/* Public key has smaller modulus. */ |
if (BN_num_bits(host_key->n) < |
if (BN_num_bits(host_key->rsa->n) < |
BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) { |
BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { |
fatal("respond_to_rsa_challenge: host_key %d < public_key %d + " |
fatal("respond_to_rsa_challenge: host_key %d < server_key %d + " |
"SSH_KEY_BITS_RESERVED %d", |
"SSH_KEY_BITS_RESERVED %d", |
BN_num_bits(host_key->n), |
BN_num_bits(host_key->rsa->n), |
BN_num_bits(public_key->n), |
BN_num_bits(server_key->rsa->n), |
SSH_KEY_BITS_RESERVED); |
SSH_KEY_BITS_RESERVED); |
} |
} |
rsa_public_encrypt(key, key, public_key); |
rsa_public_encrypt(key, key, server_key->rsa); |
rsa_public_encrypt(key, key, host_key); |
rsa_public_encrypt(key, key, host_key->rsa); |
} else { |
} else { |
/* Host key has smaller modulus (or they are equal). */ |
/* Host key has smaller modulus (or they are equal). */ |
if (BN_num_bits(public_key->n) < |
if (BN_num_bits(server_key->rsa->n) < |
BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) { |
BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { |
fatal("respond_to_rsa_challenge: public_key %d < host_key %d + " |
fatal("respond_to_rsa_challenge: server_key %d < host_key %d + " |
"SSH_KEY_BITS_RESERVED %d", |
"SSH_KEY_BITS_RESERVED %d", |
BN_num_bits(public_key->n), |
BN_num_bits(server_key->rsa->n), |
BN_num_bits(host_key->n), |
BN_num_bits(host_key->rsa->n), |
SSH_KEY_BITS_RESERVED); |
SSH_KEY_BITS_RESERVED); |
} |
} |
rsa_public_encrypt(key, key, host_key); |
rsa_public_encrypt(key, key, host_key->rsa); |
rsa_public_encrypt(key, key, public_key); |
rsa_public_encrypt(key, key, server_key->rsa); |
} |
} |
|
|
/* Destroy the public keys since we no longer need them. */ |
/* Destroy the public keys since we no longer need them. */ |
RSA_free(public_key); |
key_free(server_key); |
RSA_free(host_key); |
key_free(host_key); |
|
|
if (options.cipher == SSH_CIPHER_NOT_SET) { |
if (options.cipher == SSH_CIPHER_NOT_SET) { |
if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default)) |
if (cipher_mask_ssh1(1) & supported_ciphers & (1 << ssh_cipher_default)) |