diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | dh.c | 109 | ||||
-rw-r--r-- | dh.h | 10 | ||||
-rw-r--r-- | kex.c | 110 | ||||
-rw-r--r-- | kex.h | 7 |
5 files changed, 122 insertions, 119 deletions
@@ -16,6 +16,9 @@ | |||
16 | - stevesk@cvs.openbsd.org 2001/03/29 21:06:21 | 16 | - stevesk@cvs.openbsd.org 2001/03/29 21:06:21 |
17 | [sshconnect2.c sshd.c] | 17 | [sshconnect2.c sshd.c] |
18 | need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@ | 18 | need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@ |
19 | - markus@cvs.openbsd.org 2001/03/29 21:17:40 | ||
20 | [dh.c dh.h kex.c kex.h] | ||
21 | prepare for rekeying: move DH code to dh.c | ||
19 | 22 | ||
20 | 20010329 | 23 | 20010329 |
21 | - OpenBSD CVS Sync | 24 | - OpenBSD CVS Sync |
@@ -4786,4 +4789,4 @@ | |||
4786 | - Wrote replacements for strlcpy and mkdtemp | 4789 | - Wrote replacements for strlcpy and mkdtemp |
4787 | - Released 1.0pre1 | 4790 | - Released 1.0pre1 |
4788 | 4791 | ||
4789 | $Id: ChangeLog,v 1.1040 2001/03/30 00:49:35 djm Exp $ | 4792 | $Id: ChangeLog,v 1.1041 2001/03/30 00:50:10 djm Exp $ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: dh.c,v 1.10 2001/03/28 22:04:57 provos Exp $"); | 26 | RCSID("$OpenBSD: dh.c,v 1.11 2001/03/29 21:17:39 markus Exp $"); |
27 | 27 | ||
28 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
29 | 29 | ||
@@ -166,3 +166,110 @@ choose_dh(int min, int wantbits, int max) | |||
166 | 166 | ||
167 | return (dh_new_group(dhg.g, dhg.p)); | 167 | return (dh_new_group(dhg.g, dhg.p)); |
168 | } | 168 | } |
169 | |||
170 | /* diffie-hellman-group1-sha1 */ | ||
171 | |||
172 | int | ||
173 | dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) | ||
174 | { | ||
175 | int i; | ||
176 | int n = BN_num_bits(dh_pub); | ||
177 | int bits_set = 0; | ||
178 | |||
179 | if (dh_pub->neg) { | ||
180 | log("invalid public DH value: negativ"); | ||
181 | return 0; | ||
182 | } | ||
183 | for (i = 0; i <= n; i++) | ||
184 | if (BN_is_bit_set(dh_pub, i)) | ||
185 | bits_set++; | ||
186 | debug("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); | ||
187 | |||
188 | /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ | ||
189 | if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1)) | ||
190 | return 1; | ||
191 | log("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p)); | ||
192 | return 0; | ||
193 | } | ||
194 | |||
195 | void | ||
196 | dh_gen_key(DH *dh, int need) | ||
197 | { | ||
198 | int i, bits_set = 0, tries = 0; | ||
199 | |||
200 | if (dh->p == NULL) | ||
201 | fatal("dh_gen_key: dh->p == NULL"); | ||
202 | if (2*need >= BN_num_bits(dh->p)) | ||
203 | fatal("dh_gen_key: group too small: %d (2*need %d)", | ||
204 | BN_num_bits(dh->p), 2*need); | ||
205 | do { | ||
206 | if (dh->priv_key != NULL) | ||
207 | BN_free(dh->priv_key); | ||
208 | dh->priv_key = BN_new(); | ||
209 | if (dh->priv_key == NULL) | ||
210 | fatal("dh_gen_key: BN_new failed"); | ||
211 | /* generate a 2*need bits random private exponent */ | ||
212 | if (!BN_rand(dh->priv_key, 2*need, 0, 0)) | ||
213 | fatal("dh_gen_key: BN_rand failed"); | ||
214 | if (DH_generate_key(dh) == 0) | ||
215 | fatal("DH_generate_key"); | ||
216 | for (i = 0; i <= BN_num_bits(dh->priv_key); i++) | ||
217 | if (BN_is_bit_set(dh->priv_key, i)) | ||
218 | bits_set++; | ||
219 | debug("dh_gen_key: priv key bits set: %d/%d", | ||
220 | bits_set, BN_num_bits(dh->priv_key)); | ||
221 | if (tries++ > 10) | ||
222 | fatal("dh_gen_key: too many bad keys: giving up"); | ||
223 | } while (!dh_pub_is_valid(dh, dh->pub_key)); | ||
224 | } | ||
225 | |||
226 | DH * | ||
227 | dh_new_group_asc(const char *gen, const char *modulus) | ||
228 | { | ||
229 | DH *dh; | ||
230 | int ret; | ||
231 | |||
232 | dh = DH_new(); | ||
233 | if (dh == NULL) | ||
234 | fatal("DH_new"); | ||
235 | |||
236 | if ((ret = BN_hex2bn(&dh->p, modulus)) < 0) | ||
237 | fatal("BN_hex2bn p"); | ||
238 | if ((ret = BN_hex2bn(&dh->g, gen)) < 0) | ||
239 | fatal("BN_hex2bn g"); | ||
240 | |||
241 | return (dh); | ||
242 | } | ||
243 | |||
244 | /* | ||
245 | * This just returns the group, we still need to generate the exchange | ||
246 | * value. | ||
247 | */ | ||
248 | |||
249 | DH * | ||
250 | dh_new_group(BIGNUM *gen, BIGNUM *modulus) | ||
251 | { | ||
252 | DH *dh; | ||
253 | |||
254 | dh = DH_new(); | ||
255 | if (dh == NULL) | ||
256 | fatal("DH_new"); | ||
257 | dh->p = modulus; | ||
258 | dh->g = gen; | ||
259 | |||
260 | return (dh); | ||
261 | } | ||
262 | |||
263 | DH * | ||
264 | dh_new_group1(void) | ||
265 | { | ||
266 | static char *gen = "2", *group1 = | ||
267 | "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" | ||
268 | "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" | ||
269 | "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" | ||
270 | "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" | ||
271 | "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381" | ||
272 | "FFFFFFFF" "FFFFFFFF"; | ||
273 | |||
274 | return (dh_new_group_asc(gen, group1)); | ||
275 | } | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dh.h,v 1.3 2001/03/27 17:46:49 provos Exp $ */ | 1 | /* $OpenBSD: dh.h,v 1.4 2001/03/29 21:17:39 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 4 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
@@ -32,7 +32,13 @@ struct dhgroup { | |||
32 | BIGNUM *p; | 32 | BIGNUM *p; |
33 | }; | 33 | }; |
34 | 34 | ||
35 | DH *choose_dh(int min, int nbits, int max); | 35 | DH *choose_dh(int min, int nbits, int max); |
36 | DH *dh_new_group_asc(const char *, const char *); | ||
37 | DH *dh_new_group(BIGNUM *, BIGNUM *); | ||
38 | DH *dh_new_group1(void); | ||
39 | |||
40 | void dh_gen_key(DH *, int); | ||
41 | int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub); | ||
36 | 42 | ||
37 | #define DH_GRP_MIN 1024 | 43 | #define DH_GRP_MIN 1024 |
38 | #define DH_GRP_MAX 8192 | 44 | #define DH_GRP_MAX 8192 |
@@ -23,12 +23,11 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: kex.c,v 1.24 2001/03/28 21:59:40 provos Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.25 2001/03/29 21:17:39 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
29 | #include <openssl/bio.h> | 29 | #include <openssl/bio.h> |
30 | #include <openssl/bn.h> | 30 | #include <openssl/bn.h> |
31 | #include <openssl/dh.h> | ||
32 | #include <openssl/pem.h> | 31 | #include <openssl/pem.h> |
33 | 32 | ||
34 | #include "ssh2.h" | 33 | #include "ssh2.h" |
@@ -113,113 +112,6 @@ kex_exchange_kexinit( | |||
113 | debug("done"); | 112 | debug("done"); |
114 | } | 113 | } |
115 | 114 | ||
116 | /* diffie-hellman-group1-sha1 */ | ||
117 | |||
118 | int | ||
119 | dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) | ||
120 | { | ||
121 | int i; | ||
122 | int n = BN_num_bits(dh_pub); | ||
123 | int bits_set = 0; | ||
124 | |||
125 | if (dh_pub->neg) { | ||
126 | log("invalid public DH value: negativ"); | ||
127 | return 0; | ||
128 | } | ||
129 | for (i = 0; i <= n; i++) | ||
130 | if (BN_is_bit_set(dh_pub, i)) | ||
131 | bits_set++; | ||
132 | debug("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); | ||
133 | |||
134 | /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ | ||
135 | if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1)) | ||
136 | return 1; | ||
137 | log("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p)); | ||
138 | return 0; | ||
139 | } | ||
140 | |||
141 | void | ||
142 | dh_gen_key(DH *dh, int need) | ||
143 | { | ||
144 | int i, bits_set = 0, tries = 0; | ||
145 | |||
146 | if (dh->p == NULL) | ||
147 | fatal("dh_gen_key: dh->p == NULL"); | ||
148 | if (2*need >= BN_num_bits(dh->p)) | ||
149 | fatal("dh_gen_key: group too small: %d (2*need %d)", | ||
150 | BN_num_bits(dh->p), 2*need); | ||
151 | do { | ||
152 | if (dh->priv_key != NULL) | ||
153 | BN_free(dh->priv_key); | ||
154 | dh->priv_key = BN_new(); | ||
155 | if (dh->priv_key == NULL) | ||
156 | fatal("dh_gen_key: BN_new failed"); | ||
157 | /* generate a 2*need bits random private exponent */ | ||
158 | if (!BN_rand(dh->priv_key, 2*need, 0, 0)) | ||
159 | fatal("dh_gen_key: BN_rand failed"); | ||
160 | if (DH_generate_key(dh) == 0) | ||
161 | fatal("DH_generate_key"); | ||
162 | for (i = 0; i <= BN_num_bits(dh->priv_key); i++) | ||
163 | if (BN_is_bit_set(dh->priv_key, i)) | ||
164 | bits_set++; | ||
165 | debug("dh_gen_key: priv key bits set: %d/%d", | ||
166 | bits_set, BN_num_bits(dh->priv_key)); | ||
167 | if (tries++ > 10) | ||
168 | fatal("dh_gen_key: too many bad keys: giving up"); | ||
169 | } while (!dh_pub_is_valid(dh, dh->pub_key)); | ||
170 | } | ||
171 | |||
172 | DH * | ||
173 | dh_new_group_asc(const char *gen, const char *modulus) | ||
174 | { | ||
175 | DH *dh; | ||
176 | int ret; | ||
177 | |||
178 | dh = DH_new(); | ||
179 | if (dh == NULL) | ||
180 | fatal("DH_new"); | ||
181 | |||
182 | if ((ret = BN_hex2bn(&dh->p, modulus)) < 0) | ||
183 | fatal("BN_hex2bn p"); | ||
184 | if ((ret = BN_hex2bn(&dh->g, gen)) < 0) | ||
185 | fatal("BN_hex2bn g"); | ||
186 | |||
187 | return (dh); | ||
188 | } | ||
189 | |||
190 | /* | ||
191 | * This just returns the group, we still need to generate the exchange | ||
192 | * value. | ||
193 | */ | ||
194 | |||
195 | DH * | ||
196 | dh_new_group(BIGNUM *gen, BIGNUM *modulus) | ||
197 | { | ||
198 | DH *dh; | ||
199 | |||
200 | dh = DH_new(); | ||
201 | if (dh == NULL) | ||
202 | fatal("DH_new"); | ||
203 | dh->p = modulus; | ||
204 | dh->g = gen; | ||
205 | |||
206 | return (dh); | ||
207 | } | ||
208 | |||
209 | DH * | ||
210 | dh_new_group1(void) | ||
211 | { | ||
212 | static char *gen = "2", *group1 = | ||
213 | "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" | ||
214 | "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" | ||
215 | "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" | ||
216 | "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" | ||
217 | "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381" | ||
218 | "FFFFFFFF" "FFFFFFFF"; | ||
219 | |||
220 | return (dh_new_group_asc(gen, group1)); | ||
221 | } | ||
222 | |||
223 | #ifdef DEBUG_KEX | 115 | #ifdef DEBUG_KEX |
224 | void | 116 | void |
225 | dump_digest(u_char *digest, int len) | 117 | dump_digest(u_char *digest, int len) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.16 2001/03/28 21:59:40 provos Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.17 2001/03/29 21:17:40 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -103,11 +103,6 @@ kex_choose_conf(char *cprop[PROPOSAL_MAX], | |||
103 | char *sprop[PROPOSAL_MAX], int server); | 103 | char *sprop[PROPOSAL_MAX], int server); |
104 | int kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret); | 104 | int kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret); |
105 | void packet_set_kex(Kex *k); | 105 | void packet_set_kex(Kex *k); |
106 | int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub); | ||
107 | DH *dh_new_group_asc(const char *, const char *); | ||
108 | DH *dh_new_group(BIGNUM *, BIGNUM *); | ||
109 | void dh_gen_key(DH *, int); | ||
110 | DH *dh_new_group1(void); | ||
111 | 106 | ||
112 | u_char * | 107 | u_char * |
113 | kex_hash( | 108 | kex_hash( |