Mercurial > dropbear

comparison cli-kex.c @ 755:b07eb3dc23ec ecc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
refactor kexdh code a bit, start working on ecdh etc
author Matt Johnston <matt@ucc.asn.au>
date Tue, 26 Mar 2013 01:35:22 +0800
parents 0fd32a552ea5
children bf9dc2d9c2b1
comparison
equal deleted inserted replaced
725:49f68a7b7a55 755:b07eb3dc23ec
40 40
41 static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen); 41 static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen);
42 #define MAX_KNOWNHOSTS_LINE 4500 42 #define MAX_KNOWNHOSTS_LINE 4500
43 43
44 void send_msg_kexdh_init() { 44 void send_msg_kexdh_init() {
45
46 cli_ses.dh_e = (mp_int*)m_malloc(sizeof(mp_int));
47 cli_ses.dh_x = (mp_int*)m_malloc(sizeof(mp_int));
48 m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
49
50 gen_kexdh_vals(cli_ses.dh_e, cli_ses.dh_x);
51
52 CHECKCLEARTOWRITE(); 45 CHECKCLEARTOWRITE();
53 buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT); 46 buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
54 buf_putmpint(ses.writepayload, cli_ses.dh_e); 47 if (IS_NORMAL_DH(ses.newkeys->algo_kex)) {
48 cli_ses.dh_param = gen_kexdh_param();
49 buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub);
50 } else {
51 #ifdef DROPBEAR_ECDH
52 cli_ses.ecdh_param =
53 #endif
54 }
55 encrypt_packet(); 55 encrypt_packet();
56 ses.requirenext = SSH_MSG_KEXDH_REPLY; 56 ses.requirenext = SSH_MSG_KEXDH_REPLY;
57 } 57 }
58 58
59 /* Handle a diffie-hellman key exchange reply. */ 59 /* Handle a diffie-hellman key exchange reply. */
60 void recv_msg_kexdh_reply() { 60 void recv_msg_kexdh_reply() {
61 61
62 DEF_MP_INT(dh_f);
63 sign_key *hostkey = NULL; 62 sign_key *hostkey = NULL;
64 unsigned int type, keybloblen; 63 unsigned int type, keybloblen;
65 unsigned char* keyblob = NULL; 64 unsigned char* keyblob = NULL;
66 65
67
68 TRACE(("enter recv_msg_kexdh_reply")) 66 TRACE(("enter recv_msg_kexdh_reply"))
69 67
70 if (cli_ses.kex_state != KEXDH_INIT_SENT) { 68 if (cli_ses.kex_state != KEXDH_INIT_SENT) {
71 dropbear_exit("Received out-of-order kexdhreply"); 69 dropbear_exit("Received out-of-order kexdhreply");
72 } 70 }
73 m_mp_init(&dh_f);
74 type = ses.newkeys->algo_hostkey; 71 type = ses.newkeys->algo_hostkey;
75 TRACE(("type is %d", type)) 72 TRACE(("type is %d", type))
76 73
77 hostkey = new_sign_key(); 74 hostkey = new_sign_key();
78 keybloblen = buf_getint(ses.payload); 75 keybloblen = buf_getint(ses.payload);
86 if (buf_get_pub_key(ses.payload, hostkey, &type) != DROPBEAR_SUCCESS) { 83 if (buf_get_pub_key(ses.payload, hostkey, &type) != DROPBEAR_SUCCESS) {
87 TRACE(("failed getting pubkey")) 84 TRACE(("failed getting pubkey"))
88 dropbear_exit("Bad KEX packet"); 85 dropbear_exit("Bad KEX packet");
89 } 86 }
90 87
91 if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) { 88 if (IS_NORMAL_DH(ses.newkeys->algo_kex)) {
92 TRACE(("failed getting mpint")) 89 // Normal diffie-hellman
93 dropbear_exit("Bad KEX packet"); 90 DEF_MP_INT(dh_f);
94 } 91 m_mp_init(&dh_f);
95 92 if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) {
96 kexdh_comb_key(cli_ses.dh_e, cli_ses.dh_x, &dh_f, hostkey); 93 TRACE(("failed getting mpint"))
97 mp_clear(&dh_f); 94 dropbear_exit("Bad KEX packet");
98 mp_clear_multi(cli_ses.dh_e, cli_ses.dh_x, NULL); 95 }
99 m_free(cli_ses.dh_e); 96
100 m_free(cli_ses.dh_x); 97 kexdh_comb_key(cli_ses.dh_param, &dh_f, hostkey);
98 mp_clear(&dh_f);
99 free_kexdh_param(cli_ses.dh_param);
100 cli_ses.dh_param = NULL;
101 } else {
102 #ifdef DROPBEAR_ECDH
103 #endif
104 }
101 105
102 if (buf_verify(ses.payload, hostkey, ses.hash, SHA1_HASH_SIZE) 106 if (buf_verify(ses.payload, hostkey, ses.hash, SHA1_HASH_SIZE)
103 != DROPBEAR_SUCCESS) { 107 != DROPBEAR_SUCCESS) {
104 dropbear_exit("Bad hostkey signature"); 108 dropbear_exit("Bad hostkey signature");
105 } 109 }