version 1.33, 2018/04/10 00:10:49 |
version 1.34, 2018/09/13 02:08:33 |
|
|
struct kex *kex = ssh->kex; |
struct kex *kex = ssh->kex; |
int r; |
int r; |
u_int min = 0, max = 0, nbits = 0; |
u_int min = 0, max = 0, nbits = 0; |
|
const BIGNUM *dh_p, *dh_g; |
|
|
debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); |
debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); |
if ((r = sshpkt_get_u32(ssh, &min)) != 0 || |
if ((r = sshpkt_get_u32(ssh, &min)) != 0 || |
|
|
goto out; |
goto out; |
} |
} |
debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); |
debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); |
|
DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); |
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 || |
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 || |
(r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 || |
(r = sshpkt_put_bignum2(ssh, dh_p)) != 0 || |
(r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 || |
(r = sshpkt_put_bignum2(ssh, dh_g)) != 0 || |
(r = sshpkt_send(ssh)) != 0) |
(r = sshpkt_send(ssh)) != 0) |
goto out; |
goto out; |
|
|
|
|
{ |
{ |
struct kex *kex = ssh->kex; |
struct kex *kex = ssh->kex; |
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; |
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; |
|
const BIGNUM *pub_key, *dh_p, *dh_g; |
struct sshkey *server_host_public, *server_host_private; |
struct sshkey *server_host_public, *server_host_private; |
u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; |
u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; |
u_char hash[SSH_DIGEST_MAX_LENGTH]; |
u_char hash[SSH_DIGEST_MAX_LENGTH]; |
|
|
(r = sshpkt_get_end(ssh)) != 0) |
(r = sshpkt_get_end(ssh)) != 0) |
goto out; |
goto out; |
|
|
|
DH_get0_key(kex->dh, &pub_key, NULL); |
|
DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); |
|
|
#ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
fprintf(stderr, "dh_client_pub= "); |
fprintf(stderr, "dh_client_pub= "); |
BN_print_fp(stderr, dh_client_pub); |
BN_print_fp(stderr, dh_client_pub); |
fprintf(stderr, "\n"); |
fprintf(stderr, "\n"); |
debug("bits %d", BN_num_bits(dh_client_pub)); |
debug("bits %d", BN_num_bits(dh_client_pub)); |
#endif |
|
|
|
#ifdef DEBUG_KEXDH |
|
DHparams_print_fp(stderr, kex->dh); |
DHparams_print_fp(stderr, kex->dh); |
fprintf(stderr, "pub= "); |
fprintf(stderr, "pub= "); |
BN_print_fp(stderr, kex->dh->pub_key); |
BN_print_fp(stderr, pub_key); |
fprintf(stderr, "\n"); |
fprintf(stderr, "\n"); |
#endif |
#endif |
if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { |
if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { |
|
|
sshbuf_ptr(kex->my), sshbuf_len(kex->my), |
sshbuf_ptr(kex->my), sshbuf_len(kex->my), |
server_host_key_blob, sbloblen, |
server_host_key_blob, sbloblen, |
kex->min, kex->nbits, kex->max, |
kex->min, kex->nbits, kex->max, |
kex->dh->p, kex->dh->g, |
dh_p, dh_g, |
dh_client_pub, |
dh_client_pub, |
kex->dh->pub_key, |
pub_key, |
shared_secret, |
shared_secret, |
hash, &hashlen)) != 0) |
hash, &hashlen)) != 0) |
goto out; |
goto out; |
|
|
/* send server hostkey, DH pubkey 'f' and signed H */ |
/* send server hostkey, DH pubkey 'f' and signed H */ |
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || |
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || |
(r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || |
(r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || |
(r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ |
(r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ |
(r = sshpkt_put_string(ssh, signature, slen)) != 0 || |
(r = sshpkt_put_string(ssh, signature, slen)) != 0 || |
(r = sshpkt_send(ssh)) != 0) |
(r = sshpkt_send(ssh)) != 0) |
goto out; |
goto out; |