version 1.168, 2001/02/19 23:09:05 |
version 1.169, 2001/02/23 18:15:13 |
|
|
Key **host_keys; /* all private host keys */ |
Key **host_keys; /* all private host keys */ |
int have_ssh1_key; |
int have_ssh1_key; |
int have_ssh2_key; |
int have_ssh2_key; |
|
u_char ssh1_cookie[SSH_SESSION_KEY_LENGTH]; |
} sensitive_data; |
} sensitive_data; |
|
|
/* |
/* |
|
|
void |
void |
generate_empheral_server_key(void) |
generate_empheral_server_key(void) |
{ |
{ |
|
u_int32_t rand = 0; |
|
int i; |
|
|
log("Generating %s%d bit RSA key.", sensitive_data.server_key ? "new " : "", |
log("Generating %s%d bit RSA key.", sensitive_data.server_key ? "new " : "", |
options.server_key_bits); |
options.server_key_bits); |
if (sensitive_data.server_key != NULL) |
if (sensitive_data.server_key != NULL) |
key_free(sensitive_data.server_key); |
key_free(sensitive_data.server_key); |
sensitive_data.server_key = key_generate(KEY_RSA1, options.server_key_bits); |
sensitive_data.server_key = key_generate(KEY_RSA1, options.server_key_bits); |
arc4random_stir(); |
|
log("RSA key generation complete."); |
log("RSA key generation complete."); |
|
|
|
for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { |
|
if (i % 4 == 0) |
|
rand = arc4random(); |
|
sensitive_data.ssh1_cookie[i] = rand & 0xff; |
|
rand >>= 8; |
|
} |
|
arc4random_stir(); |
} |
} |
|
|
void |
void |
|
|
} |
} |
} |
} |
sensitive_data.ssh1_host_key = NULL; |
sensitive_data.ssh1_host_key = NULL; |
|
memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH); |
} |
} |
Key * |
Key * |
load_private_key_autodetect(const char *filename) |
load_private_key_autodetect(const char *filename) |
|
|
sensitive_data.server_key->rsa) < 0) |
sensitive_data.server_key->rsa) < 0) |
rsafail++; |
rsafail++; |
} |
} |
|
|
compute_session_id(session_id, cookie, |
|
sensitive_data.ssh1_host_key->rsa->n, |
|
sensitive_data.server_key->rsa->n); |
|
|
|
/* Destroy the private and public keys. They will no longer be needed. */ |
|
destroy_sensitive_data(); |
|
|
|
/* |
/* |
* Extract session key from the decrypted integer. The key is in the |
* Extract session key from the decrypted integer. The key is in the |
* least significant 256 bits of the integer; the first byte of the |
* least significant 256 bits of the integer; the first byte of the |
|
|
memset(session_key, 0, sizeof(session_key)); |
memset(session_key, 0, sizeof(session_key)); |
BN_bn2bin(session_key_int, |
BN_bn2bin(session_key_int, |
session_key + sizeof(session_key) - len); |
session_key + sizeof(session_key) - len); |
|
|
|
compute_session_id(session_id, cookie, |
|
sensitive_data.ssh1_host_key->rsa->n, |
|
sensitive_data.server_key->rsa->n); |
|
/* |
|
* Xor the first 16 bytes of the session key with the |
|
* session id. |
|
*/ |
|
for (i = 0; i < 16; i++) |
|
session_key[i] ^= session_id[i]; |
} |
} |
} |
} |
if (rsafail) { |
if (rsafail) { |
|
int bytes = BN_num_bytes(session_key_int); |
|
char *buf = xmalloc(bytes); |
|
MD5_CTX md; |
|
|
log("do_connection: generating a fake encryption key"); |
log("do_connection: generating a fake encryption key"); |
for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { |
BN_bn2bin(session_key_int, buf); |
if (i % 4 == 0) |
MD5_Init(&md); |
rand = arc4random(); |
MD5_Update(&md, buf, bytes); |
session_key[i] = rand & 0xff; |
MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); |
rand >>= 8; |
MD5_Final(session_key, &md); |
} |
MD5_Init(&md); |
|
MD5_Update(&md, session_key, 16); |
|
MD5_Update(&md, buf, bytes); |
|
MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); |
|
MD5_Final(session_key + 16, &md); |
|
memset(buf, 0, bytes); |
|
xfree(buf); |
} |
} |
|
/* Destroy the private and public keys. They will no longer be needed. */ |
|
destroy_sensitive_data(); |
|
|
/* Destroy the decrypted integer. It is no longer needed. */ |
/* Destroy the decrypted integer. It is no longer needed. */ |
BN_clear_free(session_key_int); |
BN_clear_free(session_key_int); |
|
|
/* Xor the first 16 bytes of the session key with the session id. */ |
|
for (i = 0; i < 16; i++) |
|
session_key[i] ^= session_id[i]; |
|
|
|
/* Set the session key. From this on all communications will be encrypted. */ |
/* Set the session key. From this on all communications will be encrypted. */ |
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type); |
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type); |