| version 1.9.2.2, 2002/05/17 00:03:23 |
version 1.10, 2001/12/05 10:06:12 |
|
|
| #include "dh.h" |
#include "dh.h" |
| #include "ssh2.h" |
#include "ssh2.h" |
| #include "compat.h" |
#include "compat.h" |
| #include "monitor_wrap.h" |
|
| |
|
| static u_char * |
static u_char * |
| kexgex_hash( |
kexgex_hash( |
|
|
| { |
{ |
| Buffer b; |
Buffer b; |
| static u_char digest[EVP_MAX_MD_SIZE]; |
static u_char digest[EVP_MAX_MD_SIZE]; |
| const EVP_MD *evp_md = EVP_sha1(); |
EVP_MD *evp_md = EVP_sha1(); |
| EVP_MD_CTX md; |
EVP_MD_CTX md; |
| |
|
| buffer_init(&b); |
buffer_init(&b); |
|
|
| buffer_free(&b); |
buffer_free(&b); |
| |
|
| #ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
| dump_digest("hash", digest, EVP_MD_size(evp_md)); |
dump_digest("hash", digest, evp_md->md_size); |
| #endif |
#endif |
| return digest; |
return digest; |
| } |
} |
|
|
| Key *server_host_key; |
Key *server_host_key; |
| u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
| u_int klen, kout, slen, sbloblen; |
u_int klen, kout, slen, sbloblen; |
| int min, max, nbits; |
int dlen, plen, min, max, nbits; |
| DH *dh; |
DH *dh; |
| |
|
| nbits = dh_estimate(kex->we_need * 8); |
nbits = dh_estimate(kex->we_need * 8); |
|
|
| packet_send(); |
packet_send(); |
| |
|
| debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP"); |
debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP"); |
| packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP); |
packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_GROUP); |
| |
|
| if ((p = BN_new()) == NULL) |
if ((p = BN_new()) == NULL) |
| fatal("BN_new"); |
fatal("BN_new"); |
| packet_get_bignum2(p); |
packet_get_bignum2(p, &dlen); |
| if ((g = BN_new()) == NULL) |
if ((g = BN_new()) == NULL) |
| fatal("BN_new"); |
fatal("BN_new"); |
| packet_get_bignum2(g); |
packet_get_bignum2(g, &dlen); |
| packet_check_eom(); |
packet_done(); |
| |
|
| if (BN_num_bits(p) < min || BN_num_bits(p) > max) |
if (BN_num_bits(p) < min || BN_num_bits(p) > max) |
| fatal("DH_GEX group out of range: %d !< %d !< %d", |
fatal("DH_GEX group out of range: %d !< %d !< %d", |
|
|
| packet_send(); |
packet_send(); |
| |
|
| debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY"); |
debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY"); |
| packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY); |
packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_REPLY); |
| |
|
| /* key, cert */ |
/* key, cert */ |
| server_host_key_blob = packet_get_string(&sbloblen); |
server_host_key_blob = packet_get_string(&sbloblen); |
| server_host_key = key_from_blob(server_host_key_blob, sbloblen); |
server_host_key = key_from_blob(server_host_key_blob, sbloblen); |
| if (server_host_key == NULL) |
if (server_host_key == NULL) |
| fatal("cannot decode server_host_key_blob"); |
fatal("cannot decode server_host_key_blob"); |
| if (server_host_key->type != kex->hostkey_type) |
|
| fatal("type mismatch for decoded server_host_key_blob"); |
|
| if (kex->verify_host_key == NULL) |
if (kex->verify_host_key == NULL) |
| fatal("cannot verify server_host_key"); |
fatal("cannot verify server_host_key"); |
| if (kex->verify_host_key(server_host_key) == -1) |
if (kex->verify_host_key(server_host_key) == -1) |
| fatal("server_host_key verification failed"); |
fatal("server_host_key verification failed"); |
| |
|
| /* DH paramter f, server public DH key */ |
/* DH paramter f, server public DH key */ |
| if ((dh_server_pub = BN_new()) == NULL) |
dh_server_pub = BN_new(); |
| |
if (dh_server_pub == NULL) |
| fatal("dh_server_pub == NULL"); |
fatal("dh_server_pub == NULL"); |
| packet_get_bignum2(dh_server_pub); |
packet_get_bignum2(dh_server_pub, &dlen); |
| |
|
| #ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
| fprintf(stderr, "dh_server_pub= "); |
fprintf(stderr, "dh_server_pub= "); |
|
|
| |
|
| /* signed H */ |
/* signed H */ |
| signature = packet_get_string(&slen); |
signature = packet_get_string(&slen); |
| packet_check_eom(); |
packet_done(); |
| |
|
| if (!dh_pub_is_valid(dh, dh_server_pub)) |
if (!dh_pub_is_valid(dh, dh_server_pub)) |
| packet_disconnect("bad server public DH value"); |
packet_disconnect("bad server public DH value"); |
|
|
| #ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
| dump_digest("shared secret", kbuf, kout); |
dump_digest("shared secret", kbuf, kout); |
| #endif |
#endif |
| if ((shared_secret = BN_new()) == NULL) |
shared_secret = BN_new(); |
| fatal("kexgex_client: BN_new failed"); |
|
| BN_bin2bn(kbuf, kout, shared_secret); |
BN_bin2bn(kbuf, kout, shared_secret); |
| memset(kbuf, 0, klen); |
memset(kbuf, 0, klen); |
| xfree(kbuf); |
xfree(kbuf); |
|
|
| /* have keys, free DH */ |
/* have keys, free DH */ |
| DH_free(dh); |
DH_free(dh); |
| xfree(server_host_key_blob); |
xfree(server_host_key_blob); |
| BN_clear_free(dh_server_pub); |
BN_free(dh_server_pub); |
| |
|
| if (key_verify(server_host_key, signature, slen, hash, 20) != 1) |
if (key_verify(server_host_key, signature, slen, hash, 20) != 1) |
| fatal("key_verify failed for server_host_key"); |
fatal("key_verify failed for server_host_key"); |
|
|
| { |
{ |
| BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; |
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; |
| Key *server_host_key; |
Key *server_host_key; |
| DH *dh; |
DH *dh = dh; |
| u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
| u_int sbloblen, klen, kout, slen; |
u_int sbloblen, klen, kout; |
| int min = -1, max = -1, nbits = -1, type; |
int min = -1, max = -1, nbits = -1, type, plen, dlen, slen; |
| |
|
| if (kex->load_host_key == NULL) |
if (kex->load_host_key == NULL) |
| fatal("Cannot load hostkey"); |
fatal("Cannot load hostkey"); |
|
|
| if (server_host_key == NULL) |
if (server_host_key == NULL) |
| fatal("Unsupported hostkey type %d", kex->hostkey_type); |
fatal("Unsupported hostkey type %d", kex->hostkey_type); |
| |
|
| type = packet_read(); |
type = packet_read(&plen); |
| switch (type) { |
switch (type) { |
| case SSH2_MSG_KEX_DH_GEX_REQUEST: |
case SSH2_MSG_KEX_DH_GEX_REQUEST: |
| debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); |
debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); |
|
|
| default: |
default: |
| fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); |
fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); |
| } |
} |
| packet_check_eom(); |
packet_done(); |
| |
|
| if (max < min || nbits < min || max < nbits) |
if (max < min || nbits < min || max < nbits) |
| fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", |
fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", |
| min, nbits, max); |
min, nbits, max); |
| |
|
| /* Contact privileged parent */ |
dh = choose_dh(min, nbits, max); |
| dh = PRIVSEP(choose_dh(min, nbits, max)); |
|
| if (dh == NULL) |
if (dh == NULL) |
| packet_disconnect("Protocol error: no matching DH grp found"); |
packet_disconnect("Protocol error: no matching DH grp found"); |
| |
|
|
|
| dh_gen_key(dh, kex->we_need * 8); |
dh_gen_key(dh, kex->we_need * 8); |
| |
|
| debug("expecting SSH2_MSG_KEX_DH_GEX_INIT"); |
debug("expecting SSH2_MSG_KEX_DH_GEX_INIT"); |
| packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT); |
packet_read_expect(&plen, SSH2_MSG_KEX_DH_GEX_INIT); |
| |
|
| /* key, cert */ |
/* key, cert */ |
| if ((dh_client_pub = BN_new()) == NULL) |
dh_client_pub = BN_new(); |
| |
if (dh_client_pub == NULL) |
| fatal("dh_client_pub == NULL"); |
fatal("dh_client_pub == NULL"); |
| packet_get_bignum2(dh_client_pub); |
packet_get_bignum2(dh_client_pub, &dlen); |
| packet_check_eom(); |
|
| |
|
| #ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
| fprintf(stderr, "dh_client_pub= "); |
fprintf(stderr, "dh_client_pub= "); |
|
|
| #ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
| dump_digest("shared secret", kbuf, kout); |
dump_digest("shared secret", kbuf, kout); |
| #endif |
#endif |
| if ((shared_secret = BN_new()) == NULL) |
shared_secret = BN_new(); |
| fatal("kexgex_server: BN_new failed"); |
|
| BN_bin2bn(kbuf, kout, shared_secret); |
BN_bin2bn(kbuf, kout, shared_secret); |
| memset(kbuf, 0, klen); |
memset(kbuf, 0, klen); |
| xfree(kbuf); |
xfree(kbuf); |
|
|
| dh->pub_key, |
dh->pub_key, |
| shared_secret |
shared_secret |
| ); |
); |
| BN_clear_free(dh_client_pub); |
BN_free(dh_client_pub); |
| |
|
| /* save session id := H */ |
/* save session id := H */ |
| /* XXX hashlen depends on KEX */ |
/* XXX hashlen depends on KEX */ |
|
|
| |
|
| /* sign H */ |
/* sign H */ |
| /* XXX hashlen depends on KEX */ |
/* XXX hashlen depends on KEX */ |
| PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); |
key_sign(server_host_key, &signature, &slen, hash, 20); |
| |
|
| /* destroy_sensitive_data(); */ |
/* destroy_sensitive_data(); */ |
| |
|
|
|
| packet_put_bignum2(dh->pub_key); /* f */ |
packet_put_bignum2(dh->pub_key); /* f */ |
| packet_put_string(signature, slen); |
packet_put_string(signature, slen); |
| packet_send(); |
packet_send(); |
| |
|
| xfree(signature); |
xfree(signature); |
| xfree(server_host_key_blob); |
xfree(server_host_key_blob); |
| /* have keys, free DH */ |
/* have keys, free DH */ |
![[BACK]](/icons/back.gif){kind=icon}
Return to kexgex.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh