diff options
| author | Damien Miller <djm@mindrot.org> | 2005-11-05 15:19:35 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2005-11-05 15:19:35 +1100 |
| commit | 19bb3a57f88adc789d61964fcb8f50165026b322 (patch) | |
| tree | ba18e185c014c1da12ce4422a7e7bad9e71725f5 /kexdhs.c | |
| parent | 24ecf612614d83622d9777349b4ecd21ee22bb2a (diff) | |
- djm@cvs.openbsd.org 2005/11/04 05:15:59
[kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
remove hardcoded hash lengths in key exchange code, allowing
implementation of KEX methods with different hashes (e.g. SHA-256);
ok markus@ dtucker@ stevesk@
Diffstat (limited to 'kexdhs.c')
| -rw-r--r-- | kexdhs.c | 17 |
1 files changed, 8 insertions, 9 deletions
| @@ -23,7 +23,7 @@ | |||
| 23 | */ | 23 | */ |
| 24 | 24 | ||
| 25 | #include "includes.h" | 25 | #include "includes.h" |
| 26 | RCSID("$OpenBSD: kexdhs.c,v 1.2 2004/06/13 12:53:24 djm Exp $"); | 26 | RCSID("$OpenBSD: kexdhs.c,v 1.3 2005/11/04 05:15:59 djm Exp $"); |
| 27 | 27 | ||
| 28 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
| 29 | #include "key.h" | 29 | #include "key.h" |
| @@ -41,7 +41,7 @@ kexdh_server(Kex *kex) | |||
| 41 | DH *dh; | 41 | DH *dh; |
| 42 | Key *server_host_key; | 42 | Key *server_host_key; |
| 43 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; | 43 | u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; |
| 44 | u_int sbloblen, klen, kout; | 44 | u_int sbloblen, klen, kout, hashlen; |
| 45 | u_int slen; | 45 | u_int slen; |
| 46 | 46 | ||
| 47 | /* generate server DH public key */ | 47 | /* generate server DH public key */ |
| @@ -103,7 +103,7 @@ kexdh_server(Kex *kex) | |||
| 103 | key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); | 103 | key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); |
| 104 | 104 | ||
| 105 | /* calc H */ | 105 | /* calc H */ |
| 106 | hash = kex_dh_hash( | 106 | kex_dh_hash( |
| 107 | kex->client_version_string, | 107 | kex->client_version_string, |
| 108 | kex->server_version_string, | 108 | kex->server_version_string, |
| 109 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | 109 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), |
| @@ -111,21 +111,20 @@ kexdh_server(Kex *kex) | |||
| 111 | server_host_key_blob, sbloblen, | 111 | server_host_key_blob, sbloblen, |
| 112 | dh_client_pub, | 112 | dh_client_pub, |
| 113 | dh->pub_key, | 113 | dh->pub_key, |
| 114 | shared_secret | 114 | shared_secret, |
| 115 | &hash, &hashlen | ||
| 115 | ); | 116 | ); |
| 116 | BN_clear_free(dh_client_pub); | 117 | BN_clear_free(dh_client_pub); |
| 117 | 118 | ||
| 118 | /* save session id := H */ | 119 | /* save session id := H */ |
| 119 | /* XXX hashlen depends on KEX */ | ||
| 120 | if (kex->session_id == NULL) { | 120 | if (kex->session_id == NULL) { |
| 121 | kex->session_id_len = 20; | 121 | kex->session_id_len = hashlen; |
| 122 | kex->session_id = xmalloc(kex->session_id_len); | 122 | kex->session_id = xmalloc(kex->session_id_len); |
| 123 | memcpy(kex->session_id, hash, kex->session_id_len); | 123 | memcpy(kex->session_id, hash, kex->session_id_len); |
| 124 | } | 124 | } |
| 125 | 125 | ||
| 126 | /* sign H */ | 126 | /* sign H */ |
| 127 | /* XXX hashlen depends on KEX */ | 127 | PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen)); |
| 128 | PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); | ||
| 129 | 128 | ||
| 130 | /* destroy_sensitive_data(); */ | 129 | /* destroy_sensitive_data(); */ |
| 131 | 130 | ||
| @@ -141,7 +140,7 @@ kexdh_server(Kex *kex) | |||
| 141 | /* have keys, free DH */ | 140 | /* have keys, free DH */ |
| 142 | DH_free(dh); | 141 | DH_free(dh); |
| 143 | 142 | ||
| 144 | kex_derive_keys(kex, hash, shared_secret); | 143 | kex_derive_keys(kex, hash, hashlen, shared_secret); |
| 145 | BN_clear_free(shared_secret); | 144 | BN_clear_free(shared_secret); |
| 146 | kex_finish(kex); | 145 | kex_finish(kex); |
| 147 | } | 146 | } |