summaryrefslogtreecommitdiff
path: root/kex.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-01-12 19:21:22 +1100
committerDamien Miller <djm@mindrot.org>2014-01-12 19:21:22 +1100
commit91b580e4bec55118bf96ab3cdbe5a50839e75d0a (patch)
tree32e4083c5a8cd285e1b0b13f9b77992db535cba4 /kex.c
parentaf5d4481f4c7c8c3c746e68b961bb85ef907800e (diff)
- djm@cvs.openbsd.org 2014/01/12 08:13:13
[bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c] [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c] avoid use of OpenSSL BIGNUM type and functions for KEX with Curve25519 by adding a buffer_put_bignum2_from_string() that stores a string using the bignum encoding rules. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in the future; ok markus@
Diffstat (limited to 'kex.c')
-rw-r--r--kex.c23
1 files changed, 18 insertions, 5 deletions
diff --git a/kex.c b/kex.c
index dbb1a9816..7d054cdcb 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.c,v 1.94 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: kex.c,v 1.95 2014/01/12 08:13:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -534,7 +534,7 @@ kex_choose_conf(Kex *kex)
534 534
535static u_char * 535static u_char *
536derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen, 536derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
537 BIGNUM *shared_secret) 537 const u_char *shared_secret, u_int slen)
538{ 538{
539 Buffer b; 539 Buffer b;
540 struct ssh_digest_ctx *hashctx; 540 struct ssh_digest_ctx *hashctx;
@@ -548,7 +548,7 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
548 digest = xmalloc(roundup(need, mdsz)); 548 digest = xmalloc(roundup(need, mdsz));
549 549
550 buffer_init(&b); 550 buffer_init(&b);
551 buffer_put_bignum2(&b, shared_secret); 551 buffer_append(&b, shared_secret, slen);
552 552
553 /* K1 = HASH(K || H || "A" || session_id) */ 553 /* K1 = HASH(K || H || "A" || session_id) */
554 if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL) 554 if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL)
@@ -591,14 +591,15 @@ Newkeys *current_keys[MODE_MAX];
591 591
592#define NKEYS 6 592#define NKEYS 6
593void 593void
594kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret) 594kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen,
595 const u_char *shared_secret, u_int slen)
595{ 596{
596 u_char *keys[NKEYS]; 597 u_char *keys[NKEYS];
597 u_int i, mode, ctos; 598 u_int i, mode, ctos;
598 599
599 for (i = 0; i < NKEYS; i++) { 600 for (i = 0; i < NKEYS; i++) {
600 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen, 601 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen,
601 shared_secret); 602 shared_secret, slen);
602 } 603 }
603 604
604 debug2("kex_derive_keys"); 605 debug2("kex_derive_keys");
@@ -613,6 +614,18 @@ kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret)
613 } 614 }
614} 615}
615 616
617void
618kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret)
619{
620 Buffer shared_secret;
621
622 buffer_init(&shared_secret);
623 buffer_put_bignum2(&shared_secret, secret);
624 kex_derive_keys(kex, hash, hashlen,
625 buffer_ptr(&shared_secret), buffer_len(&shared_secret));
626 buffer_free(&shared_secret);
627}
628
616Newkeys * 629Newkeys *
617kex_get_newkeys(int mode) 630kex_get_newkeys(int mode)
618{ 631{
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 17:47:17 +0000