version 1.40, 2001/01/31 20:48:08 |
version 1.41, 2001/02/04 15:32:26 |
|
|
/* diffie-hellman-group1-sha1 */ |
/* diffie-hellman-group1-sha1 */ |
|
|
void |
void |
ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, |
ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, |
Buffer *client_kexinit, Buffer *server_kexinit) |
Buffer *client_kexinit, Buffer *server_kexinit) |
{ |
{ |
#ifdef DEBUG_KEXDH |
#ifdef DEBUG_KEXDH |
|
|
int |
int |
dh_estimate(int bits) |
dh_estimate(int bits) |
{ |
{ |
|
|
if (bits < 64) |
if (bits < 64) |
return (512); /* O(2**63) */ |
return (512); /* O(2**63) */ |
if (bits < 128) |
if (bits < 128) |
|
|
buffer_ptr(client_kexinit), buffer_len(client_kexinit), |
buffer_ptr(client_kexinit), buffer_len(client_kexinit), |
buffer_ptr(server_kexinit), buffer_len(server_kexinit), |
buffer_ptr(server_kexinit), buffer_len(server_kexinit), |
server_host_key_blob, sbloblen, |
server_host_key_blob, sbloblen, |
nbits, dh->p, dh->g, |
nbits, dh->p, dh->g, |
dh->pub_key, |
dh->pub_key, |
dh_server_pub, |
dh_server_pub, |
shared_secret |
shared_secret |
|
|
for (;;) { |
for (;;) { |
method = authmethod_get(authlist); |
method = authmethod_get(authlist); |
if (method == NULL) |
if (method == NULL) |
fatal("Unable to find an authentication method"); |
fatal("Unable to find an authentication method"); |
authctxt->method = method; |
authctxt->method = method; |
if (method->userauth(authctxt) != 0) { |
if (method->userauth(authctxt) != 0) { |
debug2("we sent a %s packet, wait for reply", method->name); |
debug2("we sent a %s packet, wait for reply", method->name); |
|
|
debug2("we did not send a packet, disable method"); |
debug2("we did not send a packet, disable method"); |
method->enabled = NULL; |
method->enabled = NULL; |
} |
} |
} |
} |
xfree(authlist); |
xfree(authlist); |
} |
} |
|
|
|
|
buffer_init(&b); |
buffer_init(&b); |
if (datafellows & SSH_OLD_SESSIONID) { |
if (datafellows & SSH_OLD_SESSIONID) { |
buffer_append(&b, session_id2, session_id2_len); |
buffer_append(&b, session_id2, session_id2_len); |
skip = session_id2_len; |
skip = session_id2_len; |
} else { |
} else { |
buffer_put_string(&b, session_id2, session_id2_len); |
buffer_put_string(&b, session_id2, session_id2_len); |
skip = buffer_len(&b); |
skip = buffer_len(&b); |
|
|
} else { |
} else { |
buffer_put_cstring(&b, authctxt->method->name); |
buffer_put_cstring(&b, authctxt->method->name); |
buffer_put_char(&b, have_sig); |
buffer_put_char(&b, have_sig); |
buffer_put_cstring(&b, key_ssh_name(k)); |
buffer_put_cstring(&b, key_ssh_name(k)); |
} |
} |
buffer_put_string(&b, blob, bloblen); |
buffer_put_string(&b, blob, bloblen); |
|
|
|
|
buffer_put_cstring(&b, authctxt->method->name); |
buffer_put_cstring(&b, authctxt->method->name); |
buffer_put_char(&b, have_sig); |
buffer_put_char(&b, have_sig); |
if (!(datafellows & SSH_BUG_PKAUTH)) |
if (!(datafellows & SSH_BUG_PKAUTH)) |
buffer_put_cstring(&b, key_ssh_name(k)); |
buffer_put_cstring(&b, key_ssh_name(k)); |
buffer_put_string(&b, blob, bloblen); |
buffer_put_string(&b, blob, bloblen); |
} |
} |
xfree(blob); |
xfree(blob); |
|
|
* use a built-in default list. If the server sends a nil list after |
* use a built-in default list. If the server sends a nil list after |
* previously sending a valid list, continue using the list originally |
* previously sending a valid list, continue using the list originally |
* sent. |
* sent. |
*/ |
*/ |
|
|
Authmethod * |
Authmethod * |
authmethod_get(char *authlist) |
authmethod_get(char *authlist) |
{ |
{ |
char *name = NULL, *authname_old; |
char *name = NULL, *authname_old; |
Authmethod *method = NULL; |
Authmethod *method = NULL; |
|
|
/* Use a suitable default if we're passed a nil list. */ |
/* Use a suitable default if we're passed a nil list. */ |
if (authlist == NULL || strlen(authlist) == 0) |
if (authlist == NULL || strlen(authlist) == 0) |
authlist = def_authlist; |
authlist = def_authlist; |