kexgex.c (92555) | kexgex.c (98675) |
---|---|
1/* 2 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 10 unchanged lines hidden (view full) --- 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26#include "includes.h" | 1/* 2 * Copyright (c) 2000 Niels Provos. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 10 unchanged lines hidden (view full) --- 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26#include "includes.h" |
27RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $"); | 27RCSID("$OpenBSD: kexgex.c,v 1.22 2002/03/24 17:27:03 stevesk Exp $"); |
28 29#include <openssl/bn.h> 30 31#include "xmalloc.h" 32#include "buffer.h" 33#include "bufaux.h" 34#include "key.h" 35#include "kex.h" 36#include "log.h" 37#include "packet.h" 38#include "dh.h" 39#include "ssh2.h" 40#include "compat.h" | 28 29#include <openssl/bn.h> 30 31#include "xmalloc.h" 32#include "buffer.h" 33#include "bufaux.h" 34#include "key.h" 35#include "kex.h" 36#include "log.h" 37#include "packet.h" 38#include "dh.h" 39#include "ssh2.h" 40#include "compat.h" |
41#include "monitor_wrap.h" |
|
41 42static u_char * 43kexgex_hash( 44 char *client_version_string, 45 char *server_version_string, 46 char *ckexinit, int ckexinitlen, 47 char *skexinit, int skexinitlen, 48 u_char *serverhostkeyblob, int sbloblen, --- 205 unchanged lines hidden (view full) --- 254 255/* server */ 256 257static void 258kexgex_server(Kex *kex) 259{ 260 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; 261 Key *server_host_key; | 42 43static u_char * 44kexgex_hash( 45 char *client_version_string, 46 char *server_version_string, 47 char *ckexinit, int ckexinitlen, 48 char *skexinit, int skexinitlen, 49 u_char *serverhostkeyblob, int sbloblen, --- 205 unchanged lines hidden (view full) --- 255 256/* server */ 257 258static void 259kexgex_server(Kex *kex) 260{ 261 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; 262 Key *server_host_key; |
262 DH *dh = dh; | 263 DH *dh; |
263 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; 264 u_int sbloblen, klen, kout, slen; 265 int min = -1, max = -1, nbits = -1, type; 266 267 if (kex->load_host_key == NULL) 268 fatal("Cannot load hostkey"); 269 server_host_key = kex->load_host_key(kex->hostkey_type); 270 if (server_host_key == NULL) --- 20 unchanged lines hidden (view full) --- 291 fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); 292 } 293 packet_check_eom(); 294 295 if (max < min || nbits < min || max < nbits) 296 fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", 297 min, nbits, max); 298 | 264 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; 265 u_int sbloblen, klen, kout, slen; 266 int min = -1, max = -1, nbits = -1, type; 267 268 if (kex->load_host_key == NULL) 269 fatal("Cannot load hostkey"); 270 server_host_key = kex->load_host_key(kex->hostkey_type); 271 if (server_host_key == NULL) --- 20 unchanged lines hidden (view full) --- 292 fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type); 293 } 294 packet_check_eom(); 295 296 if (max < min || nbits < min || max < nbits) 297 fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d", 298 min, nbits, max); 299 |
299 dh = choose_dh(min, nbits, max); | 300 /* Contact privileged parent */ 301 dh = PRIVSEP(choose_dh(min, nbits, max)); |
300 if (dh == NULL) 301 packet_disconnect("Protocol error: no matching DH grp found"); 302 303 debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); 304 packet_start(SSH2_MSG_KEX_DH_GEX_GROUP); 305 packet_put_bignum2(dh->p); 306 packet_put_bignum2(dh->g); 307 packet_send(); --- 66 unchanged lines hidden (view full) --- 374 if (kex->session_id == NULL) { 375 kex->session_id_len = 20; 376 kex->session_id = xmalloc(kex->session_id_len); 377 memcpy(kex->session_id, hash, kex->session_id_len); 378 } 379 380 /* sign H */ 381 /* XXX hashlen depends on KEX */ | 302 if (dh == NULL) 303 packet_disconnect("Protocol error: no matching DH grp found"); 304 305 debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); 306 packet_start(SSH2_MSG_KEX_DH_GEX_GROUP); 307 packet_put_bignum2(dh->p); 308 packet_put_bignum2(dh->g); 309 packet_send(); --- 66 unchanged lines hidden (view full) --- 376 if (kex->session_id == NULL) { 377 kex->session_id_len = 20; 378 kex->session_id = xmalloc(kex->session_id_len); 379 memcpy(kex->session_id, hash, kex->session_id_len); 380 } 381 382 /* sign H */ 383 /* XXX hashlen depends on KEX */ |
382 key_sign(server_host_key, &signature, &slen, hash, 20); | 384 PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); |
383 384 /* destroy_sensitive_data(); */ 385 386 /* send server hostkey, DH pubkey 'f' and singed H */ 387 debug("SSH2_MSG_KEX_DH_GEX_REPLY sent"); 388 packet_start(SSH2_MSG_KEX_DH_GEX_REPLY); 389 packet_put_string(server_host_key_blob, sbloblen); 390 packet_put_bignum2(dh->pub_key); /* f */ 391 packet_put_string(signature, slen); 392 packet_send(); | 385 386 /* destroy_sensitive_data(); */ 387 388 /* send server hostkey, DH pubkey 'f' and singed H */ 389 debug("SSH2_MSG_KEX_DH_GEX_REPLY sent"); 390 packet_start(SSH2_MSG_KEX_DH_GEX_REPLY); 391 packet_put_string(server_host_key_blob, sbloblen); 392 packet_put_bignum2(dh->pub_key); /* f */ 393 packet_put_string(signature, slen); 394 packet_send(); |
395 |
|
393 xfree(signature); 394 xfree(server_host_key_blob); 395 /* have keys, free DH */ 396 DH_free(dh); 397 398 kex_derive_keys(kex, hash, shared_secret); 399 BN_clear_free(shared_secret); 400 401 kex_finish(kex); 402} 403 404void 405kexgex(Kex *kex) 406{ 407 if (kex->server) 408 kexgex_server(kex); 409 else 410 kexgex_client(kex); 411} | 396 xfree(signature); 397 xfree(server_host_key_blob); 398 /* have keys, free DH */ 399 DH_free(dh); 400 401 kex_derive_keys(kex, hash, shared_secret); 402 BN_clear_free(shared_secret); 403 404 kex_finish(kex); 405} 406 407void 408kexgex(Kex *kex) 409{ 410 if (kex->server) 411 kexgex_server(kex); 412 else 413 kexgex_client(kex); 414} |