diff options
| author | Kevin Steves <stevesk@pobox.com> | 2000-12-15 23:31:01 +0000 |
|---|---|---|
| committer | Kevin Steves <stevesk@pobox.com> | 2000-12-15 23:31:01 +0000 |
| commit | 6b875869654af5b5f83f9e360a4d91010b624728 (patch) | |
| tree | eea2082a8def6a7fddee7dd21c76dde573d6165d | |
| parent | 48d0d257220f4ef1ce9c916d76ae56860b7dddda (diff) | |
- provos@cvs.openbsd.org 2000/12/15 10:30:15
[kex.c kex.h sshconnect2.c sshd.c]
compute diffie-hellman in parallel between server and client. okay markus@
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | kex.c | 14 | ||||
| -rw-r--r-- | kex.h | 1 | ||||
| -rw-r--r-- | sshconnect2.c | 5 | ||||
| -rw-r--r-- | sshd.c | 13 |
5 files changed, 26 insertions, 10 deletions
| @@ -27,6 +27,9 @@ | |||
| 27 | - deraadt@cvs.openbsd.org 2000/12/11 10:27:33 | 27 | - deraadt@cvs.openbsd.org 2000/12/11 10:27:33 |
| 28 | [scp.c] | 28 | [scp.c] |
| 29 | when copying 0-sized files, do not re-print ETA time at completion | 29 | when copying 0-sized files, do not re-print ETA time at completion |
| 30 | - provos@cvs.openbsd.org 2000/12/15 10:30:15 | ||
| 31 | [kex.c kex.h sshconnect2.c sshd.c] | ||
| 32 | compute diffie-hellman in parallel between server and client. okay markus@ | ||
| 30 | 33 | ||
| 31 | 20001213 | 34 | 20001213 |
| 32 | - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report | 35 | - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report |
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: kex.c,v 1.13 2000/11/12 19:50:37 markus Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.14 2000/12/15 17:30:14 provos Exp $"); |
| 27 | 27 | ||
| 28 | #include "ssh.h" | 28 | #include "ssh.h" |
| 29 | #include "ssh2.h" | 29 | #include "ssh2.h" |
| @@ -139,7 +139,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) | |||
| 139 | return 0; | 139 | return 0; |
| 140 | } | 140 | } |
| 141 | 141 | ||
| 142 | DH * | 142 | void |
| 143 | dh_gen_key(DH *dh) | 143 | dh_gen_key(DH *dh) |
| 144 | { | 144 | { |
| 145 | int tries = 0; | 145 | int tries = 0; |
| @@ -150,7 +150,6 @@ dh_gen_key(DH *dh) | |||
| 150 | if (tries++ > 10) | 150 | if (tries++ > 10) |
| 151 | fatal("dh_new_group1: too many bad keys: giving up"); | 151 | fatal("dh_new_group1: too many bad keys: giving up"); |
| 152 | } while (!dh_pub_is_valid(dh, dh->pub_key)); | 152 | } while (!dh_pub_is_valid(dh, dh->pub_key)); |
| 153 | return dh; | ||
| 154 | } | 153 | } |
| 155 | 154 | ||
| 156 | DH * | 155 | DH * |
| @@ -168,9 +167,14 @@ dh_new_group_asc(const char *gen, const char *modulus) | |||
| 168 | if ((ret = BN_hex2bn(&dh->g, gen)) < 0) | 167 | if ((ret = BN_hex2bn(&dh->g, gen)) < 0) |
| 169 | fatal("BN_hex2bn g"); | 168 | fatal("BN_hex2bn g"); |
| 170 | 169 | ||
| 171 | return (dh_gen_key(dh)); | 170 | return (dh); |
| 172 | } | 171 | } |
| 173 | 172 | ||
| 173 | /* | ||
| 174 | * This just returns the group, we still need to generate the exchange | ||
| 175 | * value. | ||
| 176 | */ | ||
| 177 | |||
| 174 | DH * | 178 | DH * |
| 175 | dh_new_group(BIGNUM *gen, BIGNUM *modulus) | 179 | dh_new_group(BIGNUM *gen, BIGNUM *modulus) |
| 176 | { | 180 | { |
| @@ -182,7 +186,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus) | |||
| 182 | dh->p = modulus; | 186 | dh->p = modulus; |
| 183 | dh->g = gen; | 187 | dh->g = gen; |
| 184 | 188 | ||
| 185 | return (dh_gen_key(dh)); | 189 | return (dh); |
| 186 | } | 190 | } |
| 187 | 191 | ||
| 188 | DH * | 192 | DH * |
| @@ -102,6 +102,7 @@ void packet_set_kex(Kex *k); | |||
| 102 | int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub); | 102 | int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub); |
| 103 | DH *dh_new_group_asc(const char *, const char *); | 103 | DH *dh_new_group_asc(const char *, const char *); |
| 104 | DH *dh_new_group(BIGNUM *, BIGNUM *); | 104 | DH *dh_new_group(BIGNUM *, BIGNUM *); |
| 105 | void dh_gen_key(); | ||
| 105 | DH *dh_new_group1(); | 106 | DH *dh_new_group1(); |
| 106 | 107 | ||
| 107 | unsigned char * | 108 | unsigned char * |
diff --git a/sshconnect2.c b/sshconnect2.c index 036519fad..ea03622f4 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.30 2000/12/03 11:15:04 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.31 2000/12/15 17:30:14 provos Exp $"); |
| 27 | 27 | ||
| 28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
| 29 | #include <openssl/rsa.h> | 29 | #include <openssl/rsa.h> |
| @@ -166,6 +166,7 @@ ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
| 166 | debug("Sending SSH2_MSG_KEXDH_INIT."); | 166 | debug("Sending SSH2_MSG_KEXDH_INIT."); |
| 167 | /* generate and send 'e', client DH public key */ | 167 | /* generate and send 'e', client DH public key */ |
| 168 | dh = dh_new_group1(); | 168 | dh = dh_new_group1(); |
| 169 | dh_gen_key(dh); | ||
| 169 | packet_start(SSH2_MSG_KEXDH_INIT); | 170 | packet_start(SSH2_MSG_KEXDH_INIT); |
| 170 | packet_put_bignum2(dh->pub_key); | 171 | packet_put_bignum2(dh->pub_key); |
| 171 | packet_send(); | 172 | packet_send(); |
| @@ -334,6 +335,8 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
| 334 | if ((dh = dh_new_group(g, p)) == NULL) | 335 | if ((dh = dh_new_group(g, p)) == NULL) |
| 335 | fatal("dh_new_group"); | 336 | fatal("dh_new_group"); |
| 336 | 337 | ||
| 338 | dh_gen_key(dh); | ||
| 339 | |||
| 337 | #ifdef DEBUG_KEXDH | 340 | #ifdef DEBUG_KEXDH |
| 338 | fprintf(stderr, "\np= "); | 341 | fprintf(stderr, "\np= "); |
| 339 | BN_print_fp(stderr, dh->p); | 342 | BN_print_fp(stderr, dh->p); |
| @@ -40,7 +40,7 @@ | |||
| 40 | */ | 40 | */ |
| 41 | 41 | ||
| 42 | #include "includes.h" | 42 | #include "includes.h" |
| 43 | RCSID("$OpenBSD: sshd.c,v 1.137 2000/12/12 21:45:21 markus Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.139 2000/12/15 17:30:14 provos Exp $"); |
| 44 | 44 | ||
| 45 | #include "xmalloc.h" | 45 | #include "xmalloc.h" |
| 46 | #include "rsa.h" | 46 | #include "rsa.h" |
| @@ -1452,6 +1452,10 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) | |||
| 1452 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | 1452 | fatal("Unsupported hostkey type %d", kex->hostkey_type); |
| 1453 | 1453 | ||
| 1454 | /* KEXDH */ | 1454 | /* KEXDH */ |
| 1455 | /* generate DH key */ | ||
| 1456 | dh = dh_new_group1(); /* XXX depends on 'kex' */ | ||
| 1457 | dh_gen_key(dh); | ||
| 1458 | |||
| 1455 | debug("Wait SSH2_MSG_KEXDH_INIT."); | 1459 | debug("Wait SSH2_MSG_KEXDH_INIT."); |
| 1456 | packet_read_expect(&payload_len, SSH2_MSG_KEXDH_INIT); | 1460 | packet_read_expect(&payload_len, SSH2_MSG_KEXDH_INIT); |
| 1457 | 1461 | ||
| @@ -1468,9 +1472,6 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) | |||
| 1468 | debug("bits %d", BN_num_bits(dh_client_pub)); | 1472 | debug("bits %d", BN_num_bits(dh_client_pub)); |
| 1469 | #endif | 1473 | #endif |
| 1470 | 1474 | ||
| 1471 | /* generate DH key */ | ||
| 1472 | dh = dh_new_group1(); /* XXX depends on 'kex' */ | ||
| 1473 | |||
| 1474 | #ifdef DEBUG_KEXDH | 1475 | #ifdef DEBUG_KEXDH |
| 1475 | fprintf(stderr, "\np= "); | 1476 | fprintf(stderr, "\np= "); |
| 1476 | BN_print_fp(stderr, dh->p); | 1477 | BN_print_fp(stderr, dh->p); |
| @@ -1592,6 +1593,10 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) | |||
| 1592 | packet_send(); | 1593 | packet_send(); |
| 1593 | packet_write_wait(); | 1594 | packet_write_wait(); |
| 1594 | 1595 | ||
| 1596 | /* Compute our exchange value in parallel with the client */ | ||
| 1597 | |||
| 1598 | dh_gen_key(dh); | ||
| 1599 | |||
| 1595 | debug("Wait SSH2_MSG_KEX_DH_GEX_INIT."); | 1600 | debug("Wait SSH2_MSG_KEX_DH_GEX_INIT."); |
| 1596 | packet_read_expect(&payload_len, SSH2_MSG_KEX_DH_GEX_INIT); | 1601 | packet_read_expect(&payload_len, SSH2_MSG_KEX_DH_GEX_INIT); |
| 1597 | 1602 | ||