version 1.3, 2001/04/04 09:48:34 |
version 1.3.2.2, 2002/03/09 00:20:44 |
|
|
#include "dh.h" |
#include "dh.h" |
#include "ssh2.h" |
#include "ssh2.h" |
|
|
u_char * |
static u_char * |
kex_dh_hash( |
kex_dh_hash( |
char *client_version_string, |
char *client_version_string, |
char *server_version_string, |
char *server_version_string, |
char *ckexinit, int ckexinitlen, |
char *ckexinit, int ckexinitlen, |
char *skexinit, int skexinitlen, |
char *skexinit, int skexinitlen, |
char *serverhostkeyblob, int sbloblen, |
u_char *serverhostkeyblob, int sbloblen, |
BIGNUM *client_dh_pub, |
BIGNUM *client_dh_pub, |
BIGNUM *server_dh_pub, |
BIGNUM *server_dh_pub, |
BIGNUM *shared_secret) |
BIGNUM *shared_secret) |
{ |
{ |
Buffer b; |
Buffer b; |
static u_char digest[EVP_MAX_MD_SIZE]; |
static u_char digest[EVP_MAX_MD_SIZE]; |
EVP_MD *evp_md = EVP_sha1(); |
const EVP_MD *evp_md = EVP_sha1(); |
EVP_MD_CTX md; |
EVP_MD_CTX md; |
|
|
buffer_init(&b); |
buffer_init(&b); |
buffer_put_string(&b, client_version_string, strlen(client_version_string)); |
buffer_put_cstring(&b, client_version_string); |
buffer_put_string(&b, server_version_string, strlen(server_version_string)); |
buffer_put_cstring(&b, server_version_string); |
|
|
/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ |
/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ |
buffer_put_int(&b, ckexinitlen+1); |
buffer_put_int(&b, ckexinitlen+1); |
|
|
buffer_free(&b); |
buffer_free(&b); |
|
|
#ifdef DEBUG_KEX |
#ifdef DEBUG_KEX |
dump_digest("hash", digest, evp_md->md_size); |
dump_digest("hash", digest, EVP_MD_size(evp_md)); |
#endif |
#endif |
return digest; |
return digest; |
} |
} |
|
|
/* client */ |
/* client */ |
|
|
void |
static void |
kexdh_client(Kex *kex) |
kexdh_client(Kex *kex) |
{ |
{ |
BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; |
BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; |
DH *dh; |
DH *dh; |
Key *server_host_key; |
Key *server_host_key; |
char *server_host_key_blob = NULL, *signature = NULL; |
u_char *server_host_key_blob = NULL, *signature = NULL; |
u_char *kbuf, *hash; |
u_char *kbuf, *hash; |
u_int klen, kout, slen, sbloblen; |
u_int klen, kout, slen, sbloblen; |
int dlen, plen; |
|
|
|
/* generate and send 'e', client DH public key */ |
/* generate and send 'e', client DH public key */ |
dh = dh_new_group1(); |
dh = dh_new_group1(); |
|
|
#endif |
#endif |
|
|
debug("expecting SSH2_MSG_KEXDH_REPLY"); |
debug("expecting SSH2_MSG_KEXDH_REPLY"); |
packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY); |
packet_read_expect(SSH2_MSG_KEXDH_REPLY); |
|
|
/* key, cert */ |
/* key, cert */ |
server_host_key_blob = packet_get_string(&sbloblen); |
server_host_key_blob = packet_get_string(&sbloblen); |
server_host_key = key_from_blob(server_host_key_blob, sbloblen); |
server_host_key = key_from_blob(server_host_key_blob, sbloblen); |
if (server_host_key == NULL) |
if (server_host_key == NULL) |
fatal("cannot decode server_host_key_blob"); |
fatal("cannot decode server_host_key_blob"); |
|
if (server_host_key->type != kex->hostkey_type) |
|
fatal("type mismatch for decoded server_host_key_blob"); |
|
if (kex->verify_host_key == NULL) |
|
fatal("cannot verify server_host_key"); |
|
if (kex->verify_host_key(server_host_key) == -1) |
|
fatal("server_host_key verification failed"); |
|
|
if (kex->check_host_key == NULL) |
|
fatal("cannot check server_host_key"); |
|
kex->check_host_key(server_host_key); |
|
|
|
/* DH paramter f, server public DH key */ |
/* DH paramter f, server public DH key */ |
dh_server_pub = BN_new(); |
if ((dh_server_pub = BN_new()) == NULL) |
if (dh_server_pub == NULL) |
|
fatal("dh_server_pub == NULL"); |
fatal("dh_server_pub == NULL"); |
packet_get_bignum2(dh_server_pub, &dlen); |
packet_get_bignum2(dh_server_pub); |
|
|
#ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
fprintf(stderr, "dh_server_pub= "); |
fprintf(stderr, "dh_server_pub= "); |
|
|
|
|
/* signed H */ |
/* signed H */ |
signature = packet_get_string(&slen); |
signature = packet_get_string(&slen); |
packet_done(); |
packet_check_eom(); |
|
|
if (!dh_pub_is_valid(dh, dh_server_pub)) |
if (!dh_pub_is_valid(dh, dh_server_pub)) |
packet_disconnect("bad server public DH value"); |
packet_disconnect("bad server public DH value"); |
|
|
#ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
dump_digest("shared secret", kbuf, kout); |
dump_digest("shared secret", kbuf, kout); |
#endif |
#endif |
shared_secret = BN_new(); |
if ((shared_secret = BN_new()) == NULL) |
|
fatal("kexdh_client: BN_new failed"); |
BN_bin2bn(kbuf, kout, shared_secret); |
BN_bin2bn(kbuf, kout, shared_secret); |
memset(kbuf, 0, klen); |
memset(kbuf, 0, klen); |
xfree(kbuf); |
xfree(kbuf); |
|
|
shared_secret |
shared_secret |
); |
); |
xfree(server_host_key_blob); |
xfree(server_host_key_blob); |
BN_free(dh_server_pub); |
BN_clear_free(dh_server_pub); |
DH_free(dh); |
DH_free(dh); |
|
|
if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1) |
if (key_verify(server_host_key, signature, slen, hash, 20) != 1) |
fatal("key_verify failed for server_host_key"); |
fatal("key_verify failed for server_host_key"); |
key_free(server_host_key); |
key_free(server_host_key); |
xfree(signature); |
xfree(signature); |
|
|
|
|
/* server */ |
/* server */ |
|
|
void |
static void |
kexdh_server(Kex *kex) |
kexdh_server(Kex *kex) |
{ |
{ |
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; |
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; |
|
|
Key *server_host_key; |
Key *server_host_key; |
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
u_int sbloblen, klen, kout; |
u_int sbloblen, klen, kout; |
int dlen, slen, plen; |
u_int slen; |
|
|
/* generate server DH public key */ |
/* generate server DH public key */ |
dh = dh_new_group1(); |
dh = dh_new_group1(); |
dh_gen_key(dh, kex->we_need * 8); |
dh_gen_key(dh, kex->we_need * 8); |
|
|
debug("expecting SSH2_MSG_KEXDH_INIT"); |
debug("expecting SSH2_MSG_KEXDH_INIT"); |
packet_read_expect(&plen, SSH2_MSG_KEXDH_INIT); |
packet_read_expect(SSH2_MSG_KEXDH_INIT); |
|
|
if (kex->load_host_key == NULL) |
if (kex->load_host_key == NULL) |
fatal("Cannot load hostkey"); |
fatal("Cannot load hostkey"); |
|
|
fatal("Unsupported hostkey type %d", kex->hostkey_type); |
fatal("Unsupported hostkey type %d", kex->hostkey_type); |
|
|
/* key, cert */ |
/* key, cert */ |
dh_client_pub = BN_new(); |
if ((dh_client_pub = BN_new()) == NULL) |
if (dh_client_pub == NULL) |
|
fatal("dh_client_pub == NULL"); |
fatal("dh_client_pub == NULL"); |
packet_get_bignum2(dh_client_pub, &dlen); |
packet_get_bignum2(dh_client_pub); |
|
packet_check_eom(); |
|
|
#ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
fprintf(stderr, "dh_client_pub= "); |
fprintf(stderr, "dh_client_pub= "); |
|
|
#ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
dump_digest("shared secret", kbuf, kout); |
dump_digest("shared secret", kbuf, kout); |
#endif |
#endif |
shared_secret = BN_new(); |
if ((shared_secret = BN_new()) == NULL) |
|
fatal("kexdh_server: BN_new failed"); |
BN_bin2bn(kbuf, kout, shared_secret); |
BN_bin2bn(kbuf, kout, shared_secret); |
memset(kbuf, 0, klen); |
memset(kbuf, 0, klen); |
xfree(kbuf); |
xfree(kbuf); |
|
|
kex->server_version_string, |
kex->server_version_string, |
buffer_ptr(&kex->peer), buffer_len(&kex->peer), |
buffer_ptr(&kex->peer), buffer_len(&kex->peer), |
buffer_ptr(&kex->my), buffer_len(&kex->my), |
buffer_ptr(&kex->my), buffer_len(&kex->my), |
(char *)server_host_key_blob, sbloblen, |
server_host_key_blob, sbloblen, |
dh_client_pub, |
dh_client_pub, |
dh->pub_key, |
dh->pub_key, |
shared_secret |
shared_secret |
); |
); |
BN_free(dh_client_pub); |
BN_clear_free(dh_client_pub); |
|
|
/* save session id := H */ |
/* save session id := H */ |
/* XXX hashlen depends on KEX */ |
/* XXX hashlen depends on KEX */ |
|
|
|
|
/* send server hostkey, DH pubkey 'f' and singed H */ |
/* send server hostkey, DH pubkey 'f' and singed H */ |
packet_start(SSH2_MSG_KEXDH_REPLY); |
packet_start(SSH2_MSG_KEXDH_REPLY); |
packet_put_string((char *)server_host_key_blob, sbloblen); |
packet_put_string(server_host_key_blob, sbloblen); |
packet_put_bignum2(dh->pub_key); /* f */ |
packet_put_bignum2(dh->pub_key); /* f */ |
packet_put_string((char *)signature, slen); |
packet_put_string(signature, slen); |
packet_send(); |
packet_send(); |
|
|
xfree(signature); |
xfree(signature); |