src/usr.bin/ssh/kexdh.c - diff

Return to kexdh.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/kexdh.c between version 1.3 and 1.3.2.2

version 1.3, 2001/04/04 09:48:34

version 1.3.2.2, 2002/03/09 00:20:44

Line 38

#include "dh.h"

#include "ssh2.h"

u_char *

static u_char *

kex_dh_hash(

char *client_version_string,

char *server_version_string,

char *ckexinit, int ckexinitlen,

char *skexinit, int skexinitlen,

char *serverhostkeyblob, int sbloblen,

u_char *serverhostkeyblob, int sbloblen,

BIGNUM *client_dh_pub,

BIGNUM *server_dh_pub,

BIGNUM *shared_secret)

{

Buffer b;

static u_char digest[EVP_MAX_MD_SIZE];

EVP_MD *evp_md = EVP_sha1();

const EVP_MD *evp_md = EVP_sha1();

EVP_MD_CTX md;

buffer_init(&b);

buffer_put_string(&b, client_version_string, strlen(client_version_string));

buffer_put_cstring(&b, client_version_string);

buffer_put_string(&b, server_version_string, strlen(server_version_string));

buffer_put_cstring(&b, server_version_string);

/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */

buffer_put_int(&b, ckexinitlen+1);

Line 81

buffer_free(&b);

#ifdef DEBUG_KEX

dump_digest("hash", digest, evp_md->md_size);

dump_digest("hash", digest, EVP_MD_size(evp_md));

#endif

return digest;

}

/* client */

void

static void

kexdh_client(Kex *kex)

{

BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;

DH *dh;

Key *server_host_key;

char *server_host_key_blob = NULL, *signature = NULL;

u_char *server_host_key_blob = NULL, *signature = NULL;

u_char *kbuf, *hash;

u_int klen, kout, slen, sbloblen;

int dlen, plen;

/* generate and send 'e', client DH public key */

dh = dh_new_group1();

Line 115

Line 114

#endif

debug("expecting SSH2_MSG_KEXDH_REPLY");

packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY);

packet_read_expect(SSH2_MSG_KEXDH_REPLY);

/* key, cert */

server_host_key_blob = packet_get_string(&sbloblen);

server_host_key = key_from_blob(server_host_key_blob, sbloblen);

if (server_host_key == NULL)

fatal("cannot decode server_host_key_blob");

if (server_host_key->type != kex->hostkey_type)

fatal("type mismatch for decoded server_host_key_blob");

if (kex->verify_host_key == NULL)

fatal("cannot verify server_host_key");

if (kex->verify_host_key(server_host_key) == -1)

fatal("server_host_key verification failed");

if (kex->check_host_key == NULL)

fatal("cannot check server_host_key");

kex->check_host_key(server_host_key);

/* DH paramter f, server public DH key */

dh_server_pub = BN_new();

if ((dh_server_pub = BN_new()) == NULL)

if (dh_server_pub == NULL)

fatal("dh_server_pub == NULL");

packet_get_bignum2(dh_server_pub, &dlen);

packet_get_bignum2(dh_server_pub);

#ifdef DEBUG_KEXDH

fprintf(stderr, "dh_server_pub= ");

Line 142

/* signed H */

signature = packet_get_string(&slen);

packet_done();

packet_check_eom();

if (!dh_pub_is_valid(dh, dh_server_pub))

packet_disconnect("bad server public DH value");

Line 153

#ifdef DEBUG_KEXDH

dump_digest("shared secret", kbuf, kout);

#endif

shared_secret = BN_new();

if ((shared_secret = BN_new()) == NULL)

fatal("kexdh_client: BN_new failed");

BN_bin2bn(kbuf, kout, shared_secret);

memset(kbuf, 0, klen);

xfree(kbuf);

Line 170

Line 171

shared_secret

);

xfree(server_host_key_blob);

BN_free(dh_server_pub);

BN_clear_free(dh_server_pub);

DH_free(dh);

if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)

if (key_verify(server_host_key, signature, slen, hash, 20) != 1)

fatal("key_verify failed for server_host_key");

key_free(server_host_key);

xfree(signature);

Line 192

Line 193

/* server */

void

static void

kexdh_server(Kex *kex)

{

BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;

Line 200

Line 201

Key *server_host_key;

u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;

u_int sbloblen, klen, kout;

int dlen, slen, plen;

u_int slen;

/* generate server DH public key */

dh = dh_new_group1();

dh_gen_key(dh, kex->we_need * 8);

debug("expecting SSH2_MSG_KEXDH_INIT");

packet_read_expect(&plen, SSH2_MSG_KEXDH_INIT);

packet_read_expect(SSH2_MSG_KEXDH_INIT);

if (kex->load_host_key == NULL)

fatal("Cannot load hostkey");

Line 216

Line 217

fatal("Unsupported hostkey type %d", kex->hostkey_type);

/* key, cert */

dh_client_pub = BN_new();

if ((dh_client_pub = BN_new()) == NULL)

if (dh_client_pub == NULL)

fatal("dh_client_pub == NULL");

packet_get_bignum2(dh_client_pub, &dlen);

packet_get_bignum2(dh_client_pub);

packet_check_eom();

#ifdef DEBUG_KEXDH

fprintf(stderr, "dh_client_pub= ");

Line 243

Line 244

#ifdef DEBUG_KEXDH

dump_digest("shared secret", kbuf, kout);

#endif

shared_secret = BN_new();

if ((shared_secret = BN_new()) == NULL)

fatal("kexdh_server: BN_new failed");

BN_bin2bn(kbuf, kout, shared_secret);

memset(kbuf, 0, klen);

xfree(kbuf);

Line 256

Line 258

kex->server_version_string,

buffer_ptr(&kex->peer), buffer_len(&kex->peer),

buffer_ptr(&kex->my), buffer_len(&kex->my),

(char *)server_host_key_blob, sbloblen,

server_host_key_blob, sbloblen,

dh_client_pub,

dh->pub_key,

shared_secret

);

BN_free(dh_client_pub);

BN_clear_free(dh_client_pub);

/* save session id := H */

/* XXX hashlen depends on KEX */

Line 279

Line 281

/* send server hostkey, DH pubkey 'f' and singed H */

packet_start(SSH2_MSG_KEXDH_REPLY);

packet_put_string((char *)server_host_key_blob, sbloblen);

packet_put_string(server_host_key_blob, sbloblen);

packet_put_bignum2(dh->pub_key); /* f */

packet_put_string((char *)signature, slen);

packet_put_string(signature, slen);

packet_send();

xfree(signature);