*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.62 2005/07/16 01:35:24 djm Exp $");
#include <openssl/crypto.h>
static void
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
{
- int i;
+ u_int i;
buffer_clear(b);
/*
static void
kex_prop_free(char **proposal)
{
- int i;
+ u_int i;
for (i = 0; i < PROPOSAL_MAX; i++)
xfree(proposal[i]);
void
kex_send_kexinit(Kex *kex)
{
- u_int32_t rand = 0;
+ u_int32_t rnd = 0;
u_char *cookie;
- int i;
+ u_int i;
if (kex == NULL) {
error("kex_send_kexinit: no kex, cannot rekey");
cookie = buffer_ptr(&kex->my);
for (i = 0; i < KEX_COOKIE_LEN; i++) {
if (i % 4 == 0)
- rand = arc4random();
- cookie[i] = rand;
- rand >>= 8;
+ rnd = arc4random();
+ cookie[i] = rnd;
+ rnd >>= 8;
}
packet_start(SSH2_MSG_KEXINIT);
packet_put_raw(buffer_ptr(&kex->my), buffer_len(&kex->my));
kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
{
char *ptr;
- int dlen;
- int i;
+ u_int i, dlen;
Kex *kex = (Kex *)ctxt;
debug("SSH2_MSG_KEXINIT received");
fatal("no kex alg");
if (strcmp(k->name, KEX_DH1) == 0) {
k->kex_type = KEX_DH_GRP1_SHA1;
+ } else if (strcmp(k->name, KEX_DH14) == 0) {
+ k->kex_type = KEX_DH_GRP14_SHA1;
} else if (strcmp(k->name, KEX_DHGEX) == 0) {
k->kex_type = KEX_DH_GEX_SHA1;
} else
xfree(hostkeyalg);
}
-static int
+static int
proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
{
static int check[] = {
char **my, **peer;
char **cprop, **sprop;
int nenc, nmac, ncomp;
- int mode;
- int ctos; /* direction: if true client-to-server */
- int need;
+ u_int mode, ctos, need;
int first_kex_follows, type;
my = kex_buf2prop(&kex->my, NULL);
kex->we_need = need;
/* ignore the next message if the proposals do not match */
- if (first_kex_follows && !proposals_match(my, peer) &&
+ if (first_kex_follows && !proposals_match(my, peer) &&
!(datafellows & SSH_BUG_FIRSTKEX)) {
type = packet_read();
debug2("skipping next packet (type %u)", type);
}
static u_char *
-derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
+derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
{
Buffer b;
const EVP_MD *evp_md = EVP_sha1();
EVP_MD_CTX md;
char c = id;
- int have;
+ u_int have;
int mdsz = EVP_MD_size(evp_md);
- u_char *digest = xmalloc(roundup(need, mdsz));
+ u_char *digest;
+
+ if (mdsz < 0)
+ fatal("derive_key: mdsz < 0");
+ digest = xmalloc(roundup(need, mdsz));
buffer_init(&b);
buffer_put_bignum2(&b, shared_secret);
kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
{
u_char *keys[NKEYS];
- int i, mode, ctos;
+ u_int i, mode, ctos;
for (i = 0; i < NKEYS; i++)
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
return ret;
}
+void
+derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
+ u_int8_t cookie[8], u_int8_t id[16])
+{
+ const EVP_MD *evp_md = EVP_md5();
+ EVP_MD_CTX md;
+ u_int8_t nbuf[2048], obuf[EVP_MAX_MD_SIZE];
+ int len;
+
+ EVP_DigestInit(&md, evp_md);
+
+ len = BN_num_bytes(host_modulus);
+ if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
+ fatal("%s: bad host modulus (len %d)", __func__, len);
+ BN_bn2bin(host_modulus, nbuf);
+ EVP_DigestUpdate(&md, nbuf, len);
+
+ len = BN_num_bytes(server_modulus);
+ if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
+ fatal("%s: bad server modulus (len %d)", __func__, len);
+ BN_bn2bin(server_modulus, nbuf);
+ EVP_DigestUpdate(&md, nbuf, len);
+
+ EVP_DigestUpdate(&md, cookie, 8);
+
+ EVP_DigestFinal(&md, obuf, NULL);
+ memcpy(id, obuf, 16);
+
+ memset(nbuf, 0, sizeof(nbuf));
+ memset(obuf, 0, sizeof(obuf));
+ memset(&md, 0, sizeof(md));
+}
+
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
void
dump_digest(char *msg, u_char *digest, int len)
{
- int i;
+ u_int i;
fprintf(stderr, "%s\n", msg);
for (i = 0; i< len; i++) {