changeset 257:63601217f5ab

* options.h, common-kex.c: fix support of 4096 byte host keys
author Matt Johnston <matt@ucc.asn.au>
date Wed, 30 Nov 2005 10:11:24 +0000
parents ac890087b8c1
children 306499676384
files common-kex.c options.h
diffstat 2 files changed, 32 insertions(+), 24 deletions(-) [+]
line wrap: on
line diff
--- a/common-kex.c	Wed Nov 30 06:32:26 2005 +0000
+++ b/common-kex.c	Wed Nov 30 10:11:24 2005 +0000
@@ -394,18 +394,28 @@
 /* Belongs in common_kex.c where it should be moved after review */
 void recv_msg_kexinit() {
 	
+	unsigned int kexhashbuf_len = 0;
+	unsigned int remote_ident_len = 0;
+	unsigned int local_ident_len = 0;
+
 	TRACE(("<- KEXINIT"))
 	TRACE(("enter recv_msg_kexinit"))
 	
-	/* start the kex hash */
-	ses.kexhashbuf = buf_new(MAX_KEXHASHBUF);
-
 	if (!ses.kexstate.sentkexinit) {
 		/* we need to send a kex packet */
 		send_msg_kexinit();
 		TRACE(("continue recv_msg_kexinit: sent kexinit"))
 	}
 
+	/* start the kex hash */
+	local_ident_len = strlen(LOCAL_IDENT);
+	remote_ident_len = strlen((char*)ses.remoteident);
+
+	kexhashbuf_len = local_ident_len + remote_ident_len
+		+ ses.transkexinit->len + ses.payload->len
+		+ KEXHASHBUF_MAX_INTS;
+
+	ses.kexhashbuf = buf_new(kexhashbuf_len);
 
 	if (IS_DROPBEAR_CLIENT) {
 
@@ -414,20 +424,16 @@
 
 		/* V_C, the client's version string (CR and NL excluded) */
 	    buf_putstring(ses.kexhashbuf,
-			(unsigned char*)LOCAL_IDENT, strlen(LOCAL_IDENT));
+			(unsigned char*)LOCAL_IDENT, local_ident_len);
 		/* V_S, the server's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf, 
-			ses.remoteident, strlen((char*)ses.remoteident));
+	    buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
 
 		/* I_C, the payload of the client's SSH_MSG_KEXINIT */
 	    buf_putstring(ses.kexhashbuf,
-			buf_getptr(ses.transkexinit, ses.transkexinit->len),
-			ses.transkexinit->len);
+			ses.transkexinit->data, ses.transkexinit->len);
 		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
 	    buf_setpos(ses.payload, 0);
-	    buf_putstring(ses.kexhashbuf,
-			buf_getptr(ses.payload, ses.payload->len),
-			ses.payload->len);
+	    buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len);
 
 	} else {
 		/* SERVER */
@@ -435,21 +441,19 @@
 		/* read the peer's choice of algos */
 		read_kex_algos();
 		/* V_C, the client's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf, 
-			ses.remoteident, strlen((char*)ses.remoteident));
+	    buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
 		/* V_S, the server's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf,
-			(unsigned char*)LOCAL_IDENT, strlen(LOCAL_IDENT));
+	    buf_putstring(ses.kexhashbuf, 
+				(unsigned char*)LOCAL_IDENT, local_ident_len);
 
 		/* I_C, the payload of the client's SSH_MSG_KEXINIT */
 	    buf_setpos(ses.payload, 0);
-	    buf_putstring(ses.kexhashbuf,
-			buf_getptr(ses.payload, ses.payload->len),
-			ses.payload->len);
+	    buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len);
+
 		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
 	    buf_putstring(ses.kexhashbuf,
-			buf_getptr(ses.transkexinit, ses.transkexinit->len),
-			ses.transkexinit->len);
+			ses.transkexinit->data, ses.transkexinit->len);
+
 		ses.requirenext = SSH_MSG_KEXDH_INIT;
 	}
 
--- a/options.h	Wed Nov 30 06:32:26 2005 +0000
+++ b/options.h	Wed Nov 30 10:11:24 2005 +0000
@@ -306,10 +306,14 @@
 #define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also
 							   is the max length for a password etc */
 
-/* For a 4096 bit DSS key, empirically determined to be 1590 bytes */
-#define MAX_PUBKEY_SIZE 1600
-/* For a 4096 bit DSS key, empirically determined to be 1590 bytes */
-#define MAX_PRIVKEY_SIZE 1600
+/* For a 4096 bit DSS key, empirically determined */
+#define MAX_PUBKEY_SIZE 1700
+/* For a 4096 bit DSS key, empirically determined */
+#define MAX_PRIVKEY_SIZE 1700
+
+/* The maximum size of the bignum portion of the kexhash buffer */
+/* Sect. 8 of the transport draft, K_S + e + f + K */
+#define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130)
 
 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
 								in a few years time.... */