*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: kex.c,v 1.9 2000/07/10 16:30:25 ho Exp $");
#include "ssh.h"
#include "ssh2.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
+#include "packet.h"
#include "cipher.h"
#include "compat.h"
-#if HAVE_OPENSSL
-# include <openssl/bn.h>
-# include <openssl/dh.h>
-# include <openssl/crypto.h>
-# include <openssl/bio.h>
-# include <openssl/bn.h>
-# include <openssl/dh.h>
-# include <openssl/pem.h>
-#endif /* HAVE_OPENSSL */
-#if HAVE_SSL
-# include <ssl/bn.h>
-# include <ssl/dh.h>
-# include <ssl/crypto.h>
-# include <ssl/bio.h>
-# include <ssl/bn.h>
-# include <ssl/dh.h>
-# include <ssl/pem.h>
-#endif /* HAVE_SSL */
-
-#include "entropy.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+
#include "kex.h"
+#define KEX_COOKIE_LEN 16
+
Buffer *
kex_init(char *myproposal[PROPOSAL_MAX])
{
- char c = 0;
- unsigned char cookie[16];
+ int first_kex_packet_follows = 0;
+ unsigned char cookie[KEX_COOKIE_LEN];
u_int32_t rand = 0;
int i;
Buffer *ki = xmalloc(sizeof(*ki));
- for (i = 0; i < 16; i++) {
+ for (i = 0; i < KEX_COOKIE_LEN; i++) {
if (i % 4 == 0)
rand = arc4random();
cookie[i] = rand & 0xff;
buffer_append(ki, (char *)cookie, sizeof cookie);
for (i = 0; i < PROPOSAL_MAX; i++)
buffer_put_cstring(ki, myproposal[i]);
- buffer_append(ki, &c, 1); /* boolean first_kex_packet_follows */
- buffer_put_int(ki, 0); /* uint32 0 (reserved for future extension) */
+ buffer_put_char(ki, first_kex_packet_follows);
+ buffer_put_int(ki, 0); /* uint32 reserved */
return ki;
}
+/* send kexinit, parse and save reply */
+void
+kex_exchange_kexinit(
+ Buffer *my_kexinit, Buffer *peer_kexint,
+ char *peer_proposal[PROPOSAL_MAX])
+{
+ int i;
+ char *ptr;
+ int plen;
+
+ debug("send KEXINIT");
+ packet_start(SSH2_MSG_KEXINIT);
+ packet_put_raw(buffer_ptr(my_kexinit), buffer_len(my_kexinit));
+ packet_send();
+ packet_write_wait();
+ debug("done");
+
+ /*
+ * read and save raw KEXINIT payload in buffer. this is used during
+ * computation of the session_id and the session keys.
+ */
+ debug("wait KEXINIT");
+ packet_read_expect(&plen, SSH2_MSG_KEXINIT);
+ ptr = packet_get_raw(&plen);
+ buffer_append(peer_kexint, ptr, plen);
+
+ /* parse packet and save algorithm proposal */
+ /* skip cookie */
+ for (i = 0; i < KEX_COOKIE_LEN; i++)
+ packet_get_char();
+ /* extract kex init proposal strings */
+ for (i = 0; i < PROPOSAL_MAX; i++) {
+ peer_proposal[i] = packet_get_string(NULL);
+ debug("got kexinit: %s", peer_proposal[i]);
+ }
+ /* first kex follow / reserved */
+ i = packet_get_char();
+ debug("first kex follow: %d ", i);
+ i = packet_get_int();
+ debug("reserved: %d ", i);
+ packet_done();
+ debug("done");
+}
+
/* diffie-hellman-group1-sha1 */
+int
+dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
+{
+ int i;
+ int n = BN_num_bits(dh_pub);
+ int bits_set = 0;
+
+ /* we only accept g==2 */
+ if (!BN_is_word(dh->g, 2)) {
+ log("invalid DH base != 2");
+ return 0;
+ }
+ if (dh_pub->neg) {
+ log("invalid public DH value: negativ");
+ return 0;
+ }
+ for (i = 0; i <= n; i++)
+ if (BN_is_bit_set(dh_pub, i))
+ bits_set++;
+ debug("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
+
+ /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
+ if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
+ return 1;
+ log("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
+ return 0;
+}
+
DH *
-new_dh_group1()
+dh_new_group1()
{
static char *group1 =
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
"FFFFFFFF" "FFFFFFFF";
DH *dh;
- int ret;
+ int ret, tries = 0;
dh = DH_new();
if(dh == NULL)
fatal("DH_new");
- ret = BN_hex2bn(&dh->p,group1);
+ ret = BN_hex2bn(&dh->p, group1);
if(ret<0)
fatal("BN_hex2bn");
dh->g = BN_new();
if(dh->g == NULL)
fatal("DH_new g");
- BN_set_word(dh->g,2);
-
- seed_rng();
- if (DH_generate_key(dh) == 0)
- fatal("DH_generate_key");
- seed_rng();
-
+ BN_set_word(dh->g, 2);
+ do {
+ if (DH_generate_key(dh) == 0)
+ fatal("DH_generate_key");
+ if (tries++ > 10)
+ fatal("dh_new_group1: too many bad keys: giving up");
+ } while (!dh_pub_is_valid(dh, dh->pub_key));
return dh;
}
-void
-bignum_print(BIGNUM *b)
-{
- BN_print_fp(stderr,b);
-}
-
void
dump_digest(unsigned char *digest, int len)
{
int i;
- for (i = 0; i< len; i++){
- fprintf(stderr, "%02x", digest[i]);
+ for (i = 0; i< len; i++){
+ fprintf(stderr, "%02x", digest[i]);
if(i%2!=0)
fprintf(stderr, " ");
}
- fprintf(stderr, "\n");
+ fprintf(stderr, "\n");
}
unsigned char *
buffer_free(&b);
#ifdef DEBUG_KEX
- dump_digest(digest, evp_md->md_size);
+ dump_digest(digest, evp_md->md_size);
#endif
return digest;
}
get_match(char *client, char *server)
{
char *sproposals[MAX_PROP];
- char *p;
+ char *c, *s, *p, *ret, *cp, *sp;
int i, j, nproposals;
- for ((p = strtok(server, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) {
+ c = cp = xstrdup(client);
+ s = sp = xstrdup(server);
+
+ for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
+ (p = strsep(&sp, SEP)), i++) {
if (i < MAX_PROP)
sproposals[i] = p;
else
}
nproposals = i;
- for ((p = strtok(client, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) {
- for (j = 0; j < nproposals; j++)
- if (strcmp(p, sproposals[j]) == 0)
- return xstrdup(p);
+ for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
+ (p = strsep(&cp, SEP)), i++) {
+ for (j = 0; j < nproposals; j++) {
+ if (strcmp(p, sproposals[j]) == 0) {
+ ret = xstrdup(p);
+ xfree(c);
+ xfree(s);
+ return ret;
+ }
+ }
}
+ xfree(c);
+ xfree(s);
return NULL;
}
void
}
mac->name = name;
mac->mac_len = mac->md->md_size;
- mac->key_len = datafellows ? 16 : mac->mac_len;
+ mac->key_len = (datafellows & SSH_BUG_HMAC) ? 16 : mac->mac_len;
mac->key = NULL;
mac->enabled = 0;
}
k->name = get_match(client, server);
if (k->name == NULL)
fatal("no kex alg");
- if (strcmp(k->name, KEX_DH1) != 0)
+ if (strcmp(k->name, KEX_DH1) != 0)
fatal("bad kex alg %s", k->name);
}
void
Kex *
kex_choose_conf(char *cprop[PROPOSAL_MAX], char *sprop[PROPOSAL_MAX], int server)
{
- int i;
int mode;
int ctos; /* direction: if true client-to-server */
int need;
choose_enc (&k->enc [mode], cprop[nenc], sprop[nenc]);
choose_mac (&k->mac [mode], cprop[nmac], sprop[nmac]);
choose_comp(&k->comp[mode], cprop[ncomp], sprop[ncomp]);
- log("kex: %s %s %s %s",
+ debug("kex: %s %s %s %s",
ctos ? "client->server" : "server->client",
k->enc[mode].name,
k->mac[mode].name,
choose_kex(k, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
choose_hostkeyalg(k, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);
- for (i = 0; i < PROPOSAL_MAX; i++) {
- xfree(cprop[i]);
- xfree(sprop[i]);
- }
need = 0;
for (mode = 0; mode < MODE_MAX; mode++) {
if (need < k->enc[mode].key_len)
if (need < k->mac[mode].key_len)
need = k->mac[mode].key_len;
}
- /* need runden? */
-#define WE_NEED 32
- k->we_need = WE_NEED;
+ /* XXX need runden? */
k->we_need = need;
return k;
}
andersk / openssh.git / blobdiff