summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--dh.c109
-rw-r--r--dh.h10
-rw-r--r--kex.c110
-rw-r--r--kex.h7
5 files changed, 122 insertions, 119 deletions
diff --git a/ChangeLog b/ChangeLog
index 16be5f953..b3a259a70 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,9 @@
16 - stevesk@cvs.openbsd.org 2001/03/29 21:06:21 16 - stevesk@cvs.openbsd.org 2001/03/29 21:06:21
17 [sshconnect2.c sshd.c] 17 [sshconnect2.c sshd.c]
18 need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@ 18 need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
19 - markus@cvs.openbsd.org 2001/03/29 21:17:40
20 [dh.c dh.h kex.c kex.h]
21 prepare for rekeying: move DH code to dh.c
19 22
2020010329 2320010329
21 - OpenBSD CVS Sync 24 - OpenBSD CVS Sync
@@ -4786,4 +4789,4 @@
4786 - Wrote replacements for strlcpy and mkdtemp 4789 - Wrote replacements for strlcpy and mkdtemp
4787 - Released 1.0pre1 4790 - Released 1.0pre1
4788 4791
4789$Id: ChangeLog,v 1.1040 2001/03/30 00:49:35 djm Exp $ 4792$Id: ChangeLog,v 1.1041 2001/03/30 00:50:10 djm Exp $
diff --git a/dh.c b/dh.c
index 636758fa8..6c53b0038 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: dh.c,v 1.10 2001/03/28 22:04:57 provos Exp $"); 26RCSID("$OpenBSD: dh.c,v 1.11 2001/03/29 21:17:39 markus Exp $");
27 27
28#include "xmalloc.h" 28#include "xmalloc.h"
29 29
@@ -166,3 +166,110 @@ choose_dh(int min, int wantbits, int max)
166 166
167 return (dh_new_group(dhg.g, dhg.p)); 167 return (dh_new_group(dhg.g, dhg.p));
168} 168}
169
170/* diffie-hellman-group1-sha1 */
171
172int
173dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
174{
175 int i;
176 int n = BN_num_bits(dh_pub);
177 int bits_set = 0;
178
179 if (dh_pub->neg) {
180 log("invalid public DH value: negativ");
181 return 0;
182 }
183 for (i = 0; i <= n; i++)
184 if (BN_is_bit_set(dh_pub, i))
185 bits_set++;
186 debug("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
187
188 /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
189 if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
190 return 1;
191 log("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
192 return 0;
193}
194
195void
196dh_gen_key(DH *dh, int need)
197{
198 int i, bits_set = 0, tries = 0;
199
200 if (dh->p == NULL)
201 fatal("dh_gen_key: dh->p == NULL");
202 if (2*need >= BN_num_bits(dh->p))
203 fatal("dh_gen_key: group too small: %d (2*need %d)",
204 BN_num_bits(dh->p), 2*need);
205 do {
206 if (dh->priv_key != NULL)
207 BN_free(dh->priv_key);
208 dh->priv_key = BN_new();
209 if (dh->priv_key == NULL)
210 fatal("dh_gen_key: BN_new failed");
211 /* generate a 2*need bits random private exponent */
212 if (!BN_rand(dh->priv_key, 2*need, 0, 0))
213 fatal("dh_gen_key: BN_rand failed");
214 if (DH_generate_key(dh) == 0)
215 fatal("DH_generate_key");
216 for (i = 0; i <= BN_num_bits(dh->priv_key); i++)
217 if (BN_is_bit_set(dh->priv_key, i))
218 bits_set++;
219 debug("dh_gen_key: priv key bits set: %d/%d",
220 bits_set, BN_num_bits(dh->priv_key));
221 if (tries++ > 10)
222 fatal("dh_gen_key: too many bad keys: giving up");
223 } while (!dh_pub_is_valid(dh, dh->pub_key));
224}
225
226DH *
227dh_new_group_asc(const char *gen, const char *modulus)
228{
229 DH *dh;
230 int ret;
231
232 dh = DH_new();
233 if (dh == NULL)
234 fatal("DH_new");
235
236 if ((ret = BN_hex2bn(&dh->p, modulus)) < 0)
237 fatal("BN_hex2bn p");
238 if ((ret = BN_hex2bn(&dh->g, gen)) < 0)
239 fatal("BN_hex2bn g");
240
241 return (dh);
242}
243
244/*
245 * This just returns the group, we still need to generate the exchange
246 * value.
247 */
248
249DH *
250dh_new_group(BIGNUM *gen, BIGNUM *modulus)
251{
252 DH *dh;
253
254 dh = DH_new();
255 if (dh == NULL)
256 fatal("DH_new");
257 dh->p = modulus;
258 dh->g = gen;
259
260 return (dh);
261}
262
263DH *
264dh_new_group1(void)
265{
266 static char *gen = "2", *group1 =
267 "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
268 "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
269 "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
270 "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
271 "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
272 "FFFFFFFF" "FFFFFFFF";
273
274 return (dh_new_group_asc(gen, group1));
275}
diff --git a/dh.h b/dh.h
index 70b326e9f..13d2fa162 100644
--- a/dh.h
+++ b/dh.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh.h,v 1.3 2001/03/27 17:46:49 provos Exp $ */ 1/* $OpenBSD: dh.h,v 1.4 2001/03/29 21:17:39 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Niels Provos. All rights reserved. 4 * Copyright (c) 2000 Niels Provos. All rights reserved.
@@ -32,7 +32,13 @@ struct dhgroup {
32 BIGNUM *p; 32 BIGNUM *p;
33}; 33};
34 34
35DH *choose_dh(int min, int nbits, int max); 35DH *choose_dh(int min, int nbits, int max);
36DH *dh_new_group_asc(const char *, const char *);
37DH *dh_new_group(BIGNUM *, BIGNUM *);
38DH *dh_new_group1(void);
39
40void dh_gen_key(DH *, int);
41int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub);
36 42
37#define DH_GRP_MIN 1024 43#define DH_GRP_MIN 1024
38#define DH_GRP_MAX 8192 44#define DH_GRP_MAX 8192
diff --git a/kex.c b/kex.c
index 38c813d8b..576d4b56e 100644
--- a/kex.c
+++ b/kex.c
@@ -23,12 +23,11 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kex.c,v 1.24 2001/03/28 21:59:40 provos Exp $"); 26RCSID("$OpenBSD: kex.c,v 1.25 2001/03/29 21:17:39 markus Exp $");
27 27
28#include <openssl/crypto.h> 28#include <openssl/crypto.h>
29#include <openssl/bio.h> 29#include <openssl/bio.h>
30#include <openssl/bn.h> 30#include <openssl/bn.h>
31#include <openssl/dh.h>
32#include <openssl/pem.h> 31#include <openssl/pem.h>
33 32
34#include "ssh2.h" 33#include "ssh2.h"
@@ -113,113 +112,6 @@ kex_exchange_kexinit(
113 debug("done"); 112 debug("done");
114} 113}
115 114
116/* diffie-hellman-group1-sha1 */
117
118int
119dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
120{
121 int i;
122 int n = BN_num_bits(dh_pub);
123 int bits_set = 0;
124
125 if (dh_pub->neg) {
126 log("invalid public DH value: negativ");
127 return 0;
128 }
129 for (i = 0; i <= n; i++)
130 if (BN_is_bit_set(dh_pub, i))
131 bits_set++;
132 debug("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
133
134 /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
135 if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
136 return 1;
137 log("invalid public DH value (%d/%d)", bits_set, BN_num_bits(dh->p));
138 return 0;
139}
140
141void
142dh_gen_key(DH *dh, int need)
143{
144 int i, bits_set = 0, tries = 0;
145
146 if (dh->p == NULL)
147 fatal("dh_gen_key: dh->p == NULL");
148 if (2*need >= BN_num_bits(dh->p))
149 fatal("dh_gen_key: group too small: %d (2*need %d)",
150 BN_num_bits(dh->p), 2*need);
151 do {
152 if (dh->priv_key != NULL)
153 BN_free(dh->priv_key);
154 dh->priv_key = BN_new();
155 if (dh->priv_key == NULL)
156 fatal("dh_gen_key: BN_new failed");
157 /* generate a 2*need bits random private exponent */
158 if (!BN_rand(dh->priv_key, 2*need, 0, 0))
159 fatal("dh_gen_key: BN_rand failed");
160 if (DH_generate_key(dh) == 0)
161 fatal("DH_generate_key");
162 for (i = 0; i <= BN_num_bits(dh->priv_key); i++)
163 if (BN_is_bit_set(dh->priv_key, i))
164 bits_set++;
165 debug("dh_gen_key: priv key bits set: %d/%d",
166 bits_set, BN_num_bits(dh->priv_key));
167 if (tries++ > 10)
168 fatal("dh_gen_key: too many bad keys: giving up");
169 } while (!dh_pub_is_valid(dh, dh->pub_key));
170}
171
172DH *
173dh_new_group_asc(const char *gen, const char *modulus)
174{
175 DH *dh;
176 int ret;
177
178 dh = DH_new();
179 if (dh == NULL)
180 fatal("DH_new");
181
182 if ((ret = BN_hex2bn(&dh->p, modulus)) < 0)
183 fatal("BN_hex2bn p");
184 if ((ret = BN_hex2bn(&dh->g, gen)) < 0)
185 fatal("BN_hex2bn g");
186
187 return (dh);
188}
189
190/*
191 * This just returns the group, we still need to generate the exchange
192 * value.
193 */
194
195DH *
196dh_new_group(BIGNUM *gen, BIGNUM *modulus)
197{
198 DH *dh;
199
200 dh = DH_new();
201 if (dh == NULL)
202 fatal("DH_new");
203 dh->p = modulus;
204 dh->g = gen;
205
206 return (dh);
207}
208
209DH *
210dh_new_group1(void)
211{
212 static char *gen = "2", *group1 =
213 "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
214 "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
215 "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
216 "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
217 "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
218 "FFFFFFFF" "FFFFFFFF";
219
220 return (dh_new_group_asc(gen, group1));
221}
222
223#ifdef DEBUG_KEX 115#ifdef DEBUG_KEX
224void 116void
225dump_digest(u_char *digest, int len) 117dump_digest(u_char *digest, int len)
diff --git a/kex.h b/kex.h
index 41337680a..4cc87d527 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.16 2001/03/28 21:59:40 provos Exp $ */ 1/* $OpenBSD: kex.h,v 1.17 2001/03/29 21:17:40 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -103,11 +103,6 @@ kex_choose_conf(char *cprop[PROPOSAL_MAX],
103 char *sprop[PROPOSAL_MAX], int server); 103 char *sprop[PROPOSAL_MAX], int server);
104int kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret); 104int kex_derive_keys(Kex *k, u_char *hash, BIGNUM *shared_secret);
105void packet_set_kex(Kex *k); 105void packet_set_kex(Kex *k);
106int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub);
107DH *dh_new_group_asc(const char *, const char *);
108DH *dh_new_group(BIGNUM *, BIGNUM *);
109void dh_gen_key(DH *, int);
110DH *dh_new_group1(void);
111 106
112u_char * 107u_char *
113kex_hash( 108kex_hash(