*/
#include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.3 2001/04/04 09:48:34 markus Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.9 2001/09/17 19:27:15 stevesk Exp $");
#include <openssl/bn.h>
#include "ssh2.h"
#include "compat.h"
-u_char *
+static u_char *
kexgex_hash(
char *client_version_string,
char *server_version_string,
char *ckexinit, int ckexinitlen,
char *skexinit, int skexinitlen,
- char *serverhostkeyblob, int sbloblen,
+ u_char *serverhostkeyblob, int sbloblen,
int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen,
BIGNUM *client_dh_pub,
BIGNUM *server_dh_pub,
EVP_MD_CTX md;
buffer_init(&b);
- buffer_put_string(&b, client_version_string, strlen(client_version_string));
- buffer_put_string(&b, server_version_string, strlen(server_version_string));
+ buffer_put_cstring(&b, client_version_string);
+ buffer_put_cstring(&b, server_version_string);
/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
buffer_put_int(&b, ckexinitlen+1);
buffer_append(&b, skexinit, skexinitlen);
buffer_put_string(&b, serverhostkeyblob, sbloblen);
- if (min == -1 || max == -1)
+ if (min == -1 || max == -1)
buffer_put_int(&b, wantbits);
else {
buffer_put_int(&b, min);
/* client */
-void
+static void
kexgex_client(Kex *kex)
{
BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob");
- if (kex->check_host_key == NULL)
- fatal("cannot check server_host_key");
- kex->check_host_key(server_host_key);
+ if (kex->verify_host_key == NULL)
+ fatal("cannot verify server_host_key");
+ if (kex->verify_host_key(server_host_key) == -1)
+ fatal("server_host_key verification failed");
/* DH paramter f, server public DH key */
dh_server_pub = BN_new();
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_server_pub, dh);
#ifdef DEBUG_KEXDH
- dump_digest("shared secret", kbuf, kout);
+ dump_digest("shared secret", kbuf, kout);
#endif
shared_secret = BN_new();
BN_bin2bn(kbuf, kout, shared_secret);
xfree(server_host_key_blob);
BN_free(dh_server_pub);
- if (key_verify(server_host_key, (u_char *)signature, slen, hash, 20) != 1)
+ if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
xfree(signature);
/* server */
-void
+static void
kexgex_server(Kex *kex)
{
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
/* unused for old GEX */
break;
default:
- fatal("protocol error during kex, no DH_GEX_REQUEST");
+ fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
}
packet_done();
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_client_pub, dh);
#ifdef DEBUG_KEXDH
- dump_digest("shared secret", kbuf, kout);
+ dump_digest("shared secret", kbuf, kout);
#endif
shared_secret = BN_new();
BN_bin2bn(kbuf, kout, shared_secret);
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
- (char *)server_host_key_blob, sbloblen,
+ server_host_key_blob, sbloblen,
min, nbits, max,
dh->p, dh->g,
dh_client_pub,
/* send server hostkey, DH pubkey 'f' and singed H */
debug("SSH2_MSG_KEX_DH_GEX_REPLY sent");
packet_start(SSH2_MSG_KEX_DH_GEX_REPLY);
- packet_put_string((char *)server_host_key_blob, sbloblen);
+ packet_put_string(server_host_key_blob, sbloblen);
packet_put_bignum2(dh->pub_key); /* f */
- packet_put_string((char *)signature, slen);
+ packet_put_string(signature, slen);
packet_send();
xfree(signature);
xfree(server_host_key_blob);