version 1.12, 2009/06/21 07:37:15 |
version 1.13, 2010/02/26 20:29:54 |
|
|
kexgex_server(Kex *kex) |
kexgex_server(Kex *kex) |
{ |
{ |
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; |
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; |
Key *server_host_key; |
Key *server_host_public, *server_host_private; |
DH *dh; |
DH *dh; |
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
u_int sbloblen, klen, slen, hashlen; |
u_int sbloblen, klen, slen, hashlen; |
int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1; |
int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1; |
int type, kout; |
int type, kout; |
|
|
if (kex->load_host_key == NULL) |
if (kex->load_host_public_key == NULL || |
|
kex->load_host_private_key == NULL) |
fatal("Cannot load hostkey"); |
fatal("Cannot load hostkey"); |
server_host_key = kex->load_host_key(kex->hostkey_type); |
server_host_public = kex->load_host_public_key(kex->hostkey_type); |
if (server_host_key == NULL) |
if (server_host_public == NULL) |
fatal("Unsupported hostkey type %d", kex->hostkey_type); |
fatal("Unsupported hostkey type %d", kex->hostkey_type); |
|
server_host_private = kex->load_host_private_key(kex->hostkey_type); |
|
if (server_host_private == NULL) |
|
fatal("Missing private key for hostkey type %d", |
|
kex->hostkey_type); |
|
|
|
|
type = packet_read(); |
type = packet_read(); |
switch (type) { |
switch (type) { |
case SSH2_MSG_KEX_DH_GEX_REQUEST: |
case SSH2_MSG_KEX_DH_GEX_REQUEST: |
|
|
memset(kbuf, 0, klen); |
memset(kbuf, 0, klen); |
xfree(kbuf); |
xfree(kbuf); |
|
|
key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); |
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); |
|
|
if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) |
if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) |
omin = min = omax = max = -1; |
omin = min = omax = max = -1; |
|
|
} |
} |
|
|
/* sign H */ |
/* sign H */ |
if (PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, |
if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash, |
hashlen)) < 0) |
hashlen)) < 0) |
fatal("kexgex_server: key_sign failed"); |
fatal("kexgex_server: key_sign failed"); |
|
|