| kexgexs.c (225736) | kexgexs.c (263970) |
|---|---|
| 1/* $OpenBSD: kexgexs.c,v 1.14 2010/11/10 01:33:07 djm Exp $ */ | 1/* $OpenBSD: kexgexs.c,v 1.19 2014/02/02 03:44:31 djm Exp $ */ |
| 2/* 3 * Copyright (c) 2000 Niels Provos. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright --- 53 unchanged lines hidden (view full) --- 63 64 if (kex->load_host_public_key == NULL || 65 kex->load_host_private_key == NULL) 66 fatal("Cannot load hostkey"); 67 server_host_public = kex->load_host_public_key(kex->hostkey_type); 68 if (server_host_public == NULL) 69 fatal("Unsupported hostkey type %d", kex->hostkey_type); 70 server_host_private = kex->load_host_private_key(kex->hostkey_type); | 2/* 3 * Copyright (c) 2000 Niels Provos. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright --- 53 unchanged lines hidden (view full) --- 63 64 if (kex->load_host_public_key == NULL || 65 kex->load_host_private_key == NULL) 66 fatal("Cannot load hostkey"); 67 server_host_public = kex->load_host_public_key(kex->hostkey_type); 68 if (server_host_public == NULL) 69 fatal("Unsupported hostkey type %d", kex->hostkey_type); 70 server_host_private = kex->load_host_private_key(kex->hostkey_type); |
| 71 if (server_host_private == NULL) 72 fatal("Missing private key for hostkey type %d", 73 kex->hostkey_type); | |
| 74 | 71 |
| 75 | |
| 76 type = packet_read(); 77 switch (type) { 78 case SSH2_MSG_KEX_DH_GEX_REQUEST: 79 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); 80 omin = min = packet_get_int(); 81 onbits = nbits = packet_get_int(); 82 omax = max = packet_get_int(); 83 min = MAX(DH_GRP_MIN, min); --- 65 unchanged lines hidden (view full) --- 149 fatal("DH_compute_key: failed"); 150#ifdef DEBUG_KEXDH 151 dump_digest("shared secret", kbuf, kout); 152#endif 153 if ((shared_secret = BN_new()) == NULL) 154 fatal("kexgex_server: BN_new failed"); 155 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) 156 fatal("kexgex_server: BN_bin2bn failed"); | 72 type = packet_read(); 73 switch (type) { 74 case SSH2_MSG_KEX_DH_GEX_REQUEST: 75 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); 76 omin = min = packet_get_int(); 77 onbits = nbits = packet_get_int(); 78 omax = max = packet_get_int(); 79 min = MAX(DH_GRP_MIN, min); --- 65 unchanged lines hidden (view full) --- 145 fatal("DH_compute_key: failed"); 146#ifdef DEBUG_KEXDH 147 dump_digest("shared secret", kbuf, kout); 148#endif 149 if ((shared_secret = BN_new()) == NULL) 150 fatal("kexgex_server: BN_new failed"); 151 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) 152 fatal("kexgex_server: BN_bin2bn failed"); |
| 157 memset(kbuf, 0, klen); 158 xfree(kbuf); | 153 explicit_bzero(kbuf, klen); 154 free(kbuf); |
| 159 160 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); 161 162 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) 163 omin = min = omax = max = -1; 164 165 /* calc H */ 166 kexgex_hash( | 155 156 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); 157 158 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) 159 omin = min = omax = max = -1; 160 161 /* calc H */ 162 kexgex_hash( |
| 167 kex->evp_md, | 163 kex->hash_alg, |
| 168 kex->client_version_string, 169 kex->server_version_string, 170 buffer_ptr(&kex->peer), buffer_len(&kex->peer), 171 buffer_ptr(&kex->my), buffer_len(&kex->my), 172 server_host_key_blob, sbloblen, 173 omin, onbits, omax, 174 dh->p, dh->g, 175 dh_client_pub, --- 6 unchanged lines hidden (view full) --- 182 /* save session id := H */ 183 if (kex->session_id == NULL) { 184 kex->session_id_len = hashlen; 185 kex->session_id = xmalloc(kex->session_id_len); 186 memcpy(kex->session_id, hash, kex->session_id_len); 187 } 188 189 /* sign H */ | 164 kex->client_version_string, 165 kex->server_version_string, 166 buffer_ptr(&kex->peer), buffer_len(&kex->peer), 167 buffer_ptr(&kex->my), buffer_len(&kex->my), 168 server_host_key_blob, sbloblen, 169 omin, onbits, omax, 170 dh->p, dh->g, 171 dh_client_pub, --- 6 unchanged lines hidden (view full) --- 178 /* save session id := H */ 179 if (kex->session_id == NULL) { 180 kex->session_id_len = hashlen; 181 kex->session_id = xmalloc(kex->session_id_len); 182 memcpy(kex->session_id, hash, kex->session_id_len); 183 } 184 185 /* sign H */ |
| 190 if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash, 191 hashlen)) < 0) 192 fatal("kexgex_server: key_sign failed"); | 186 kex->sign(server_host_private, server_host_public, &signature, &slen, 187 hash, hashlen); |
| 193 194 /* destroy_sensitive_data(); */ 195 196 /* send server hostkey, DH pubkey 'f' and singed H */ 197 debug("SSH2_MSG_KEX_DH_GEX_REPLY sent"); 198 packet_start(SSH2_MSG_KEX_DH_GEX_REPLY); 199 packet_put_string(server_host_key_blob, sbloblen); 200 packet_put_bignum2(dh->pub_key); /* f */ 201 packet_put_string(signature, slen); 202 packet_send(); 203 | 188 189 /* destroy_sensitive_data(); */ 190 191 /* send server hostkey, DH pubkey 'f' and singed H */ 192 debug("SSH2_MSG_KEX_DH_GEX_REPLY sent"); 193 packet_start(SSH2_MSG_KEX_DH_GEX_REPLY); 194 packet_put_string(server_host_key_blob, sbloblen); 195 packet_put_bignum2(dh->pub_key); /* f */ 196 packet_put_string(signature, slen); 197 packet_send(); 198 |
| 204 xfree(signature); 205 xfree(server_host_key_blob); | 199 free(signature); 200 free(server_host_key_blob); |
| 206 /* have keys, free DH */ 207 DH_free(dh); 208 | 201 /* have keys, free DH */ 202 DH_free(dh); 203 |
| 209 kex_derive_keys(kex, hash, hashlen, shared_secret); | 204 kex_derive_keys_bn(kex, hash, hashlen, shared_secret); |
| 210 BN_clear_free(shared_secret); 211 212 kex_finish(kex); 213} | 205 BN_clear_free(shared_secret); 206 207 kex_finish(kex); 208} |