[gssapi-openssh.git] / openssh / kexgss.c

/*
 * Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"

#ifdef GSSAPI

#include <openssl/crypto.h>
#include <openssl/bn.h>

#include "buffer.h"
#include "bufaux.h"
#include "ssh2.h"
#include "kex.h"

/* This is now the same as the DH hash ... */

u_char *
kex_gssapi_hash(
    char *client_version_string,
    char *server_version_string,
    char *ckexinit, int ckexinitlen,
    char *skexinit, int skexinitlen,
    u_char *serverhostkeyblob, int sbloblen,
    BIGNUM *client_dh_pub,
    BIGNUM *server_dh_pub,
    BIGNUM *shared_secret)
{
	Buffer b;
	static u_char digest[EVP_MAX_MD_SIZE];
	EVP_MD *evp_md = EVP_sha1();
	EVP_MD_CTX md;

	buffer_init(&b);
	buffer_put_string(&b, client_version_string, strlen(client_version_string));
	buffer_put_string(&b, server_version_string, strlen(server_version_string));

	/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
	buffer_put_int(&b, ckexinitlen+1);
	buffer_put_char(&b, SSH2_MSG_KEXINIT);
	buffer_append(&b, ckexinit, ckexinitlen);
	buffer_put_int(&b, skexinitlen+1);
	buffer_put_char(&b, SSH2_MSG_KEXINIT);
	buffer_append(&b, skexinit, skexinitlen);

	buffer_put_string(&b, serverhostkeyblob, sbloblen);
	buffer_put_bignum2(&b, client_dh_pub);
	buffer_put_bignum2(&b, server_dh_pub);
	buffer_put_bignum2(&b, shared_secret);

#ifdef DEBUG_KEX
	buffer_dump(&b);
#endif
	EVP_DigestInit(&md, evp_md);
	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
	EVP_DigestFinal(&md, digest, NULL);

	buffer_free(&b);

#ifdef DEBUG_KEX
	dump_digest("hash", digest, evp_md->md_size);
#endif
	return digest;
}

#endif /* GSSAPI */
Commit	Line	Data
5598e598	1	/*
905081a4	2	* Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved.
5598e598	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	23	*/
	24
	25	#include "includes.h"
	26
	27	#ifdef GSSAPI
	28
	29	#include <openssl/crypto.h>
	30	#include <openssl/bn.h>
	31
5598e598	32	#include "buffer.h"
5598e598	33	#include "bufaux.h"
5598e598	34	#include "ssh2.h"
b46fa825	35	#include "kex.h"
5598e598	36
	37	/* This is now the same as the DH hash ... */
	38
	39	u_char *
	40	kex_gssapi_hash(
	41	char *client_version_string,
	42	char *server_version_string,
	43	char *ckexinit, int ckexinitlen,
	44	char *skexinit, int skexinitlen,
	45	u_char *serverhostkeyblob, int sbloblen,
	46	BIGNUM *client_dh_pub,
	47	BIGNUM *server_dh_pub,
	48	BIGNUM *shared_secret)
	49	{
	50	Buffer b;
	51	static u_char digest[EVP_MAX_MD_SIZE];
	52	EVP_MD *evp_md = EVP_sha1();
	53	EVP_MD_CTX md;
	54
	55	buffer_init(&b);
	56	buffer_put_string(&b, client_version_string, strlen(client_version_string));
	57	buffer_put_string(&b, server_version_string, strlen(server_version_string));
	58
	59	/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
	60	buffer_put_int(&b, ckexinitlen+1);
	61	buffer_put_char(&b, SSH2_MSG_KEXINIT);
	62	buffer_append(&b, ckexinit, ckexinitlen);
	63	buffer_put_int(&b, skexinitlen+1);
	64	buffer_put_char(&b, SSH2_MSG_KEXINIT);
	65	buffer_append(&b, skexinit, skexinitlen);
	66
	67	buffer_put_string(&b, serverhostkeyblob, sbloblen);
	68	buffer_put_bignum2(&b, client_dh_pub);
	69	buffer_put_bignum2(&b, server_dh_pub);
	70	buffer_put_bignum2(&b, shared_secret);
	71
	72	#ifdef DEBUG_KEX
	73	buffer_dump(&b);
	74	#endif
	75	EVP_DigestInit(&md, evp_md);
	76	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
	77	EVP_DigestFinal(&md, digest, NULL);
	78
	79	buffer_free(&b);
	80
	81	#ifdef DEBUG_KEX
	82	dump_digest("hash", digest, evp_md->md_size);
	83	#endif
	84	return digest;
	85	}
	86
5598e598	87	#endif /* GSSAPI */