src/usr.bin/ssh/kexdh.c - diff

Return to kexdh.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/kexdh.c between version 1.7.2.2 and 1.8

version 1.7.2.2, 2002/05/17 00:03:23

version 1.8, 2001/12/27 18:22:16

Line 37

#include "packet.h"

#include "dh.h"

#include "ssh2.h"

#include "monitor_wrap.h"

static u_char *

kex_dh_hash(

Line 52

Line 51

{

Buffer b;

static u_char digest[EVP_MAX_MD_SIZE];

const EVP_MD *evp_md = EVP_sha1();

EVP_MD *evp_md = EVP_sha1();

EVP_MD_CTX md;

buffer_init(&b);

Line 82

Line 81

buffer_free(&b);

#ifdef DEBUG_KEX

dump_digest("hash", digest, EVP_MD_size(evp_md));

dump_digest("hash", digest, evp_md->md_size);

#endif

return digest;

}

Line 98

Line 97

u_char *server_host_key_blob = NULL, *signature = NULL;

u_char *kbuf, *hash;

u_int klen, kout, slen, sbloblen;

int dlen, plen;

/* generate and send 'e', client DH public key */

dh = dh_new_group1();

Line 115

#endif

debug("expecting SSH2_MSG_KEXDH_REPLY");

packet_read_expect(SSH2_MSG_KEXDH_REPLY);

packet_read_expect(&plen, SSH2_MSG_KEXDH_REPLY);

/* key, cert */

server_host_key_blob = packet_get_string(&sbloblen);

server_host_key = key_from_blob(server_host_key_blob, sbloblen);

if (server_host_key == NULL)

fatal("cannot decode server_host_key_blob");

if (server_host_key->type != kex->hostkey_type)

fatal("type mismatch for decoded server_host_key_blob");

if (kex->verify_host_key == NULL)

fatal("cannot verify server_host_key");

if (kex->verify_host_key(server_host_key) == -1)

Line 132

Line 131

/* DH paramter f, server public DH key */

if ((dh_server_pub = BN_new()) == NULL)

fatal("dh_server_pub == NULL");

packet_get_bignum2(dh_server_pub);

packet_get_bignum2(dh_server_pub, &dlen);

#ifdef DEBUG_KEXDH

fprintf(stderr, "dh_server_pub= ");

Line 143

Line 142

/* signed H */

signature = packet_get_string(&slen);

packet_check_eom();

packet_done();

if (!dh_pub_is_valid(dh, dh_server_pub))

packet_disconnect("bad server public DH value");

Line 172

Line 171

shared_secret

);

xfree(server_host_key_blob);

BN_clear_free(dh_server_pub);

BN_free(dh_server_pub);

DH_free(dh);

if (key_verify(server_host_key, signature, slen, hash, 20) != 1)

Line 202

Line 201

Key *server_host_key;

u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;

u_int sbloblen, klen, kout;

u_int slen;

int dlen, slen, plen;

/* generate server DH public key */

dh = dh_new_group1();

dh_gen_key(dh, kex->we_need * 8);

debug("expecting SSH2_MSG_KEXDH_INIT");

packet_read_expect(SSH2_MSG_KEXDH_INIT);

packet_read_expect(&plen, SSH2_MSG_KEXDH_INIT);

if (kex->load_host_key == NULL)

fatal("Cannot load hostkey");

Line 220

Line 219

/* key, cert */

if ((dh_client_pub = BN_new()) == NULL)

fatal("dh_client_pub == NULL");

packet_get_bignum2(dh_client_pub);

packet_get_bignum2(dh_client_pub, &dlen);

packet_check_eom();

#ifdef DEBUG_KEXDH

fprintf(stderr, "dh_client_pub= ");

Line 264

Line 262

dh->pub_key,

shared_secret

);

BN_clear_free(dh_client_pub);

BN_free(dh_client_pub);

/* save session id := H */

/* XXX hashlen depends on KEX */

Line 276

Line 274

/* sign H */

/* XXX hashlen depends on KEX */

PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));

key_sign(server_host_key, &signature, &slen, hash, 20);

/* destroy_sensitive_data(); */