nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Code Issues Projects Releases Wiki Activity

Expose the 'dh_ctx' struct tag used for Diffie-Hellman.

Browse Source
This commit is contained in:
Simon Tatham 2018-09-14 08:48:54 +01:00
parent 733fcca2cd
commit 03fb4423af
3 changed files with 29 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
ssh.c
View File

@ -691,7 +691,7 @@ struct ssh_tag {
int v2_session_id_len; int v2_session_id_len;
int v2_cbc_ignore_workaround; int v2_cbc_ignore_workaround;
int v2_out_cipherblksize; int v2_out_cipherblksize;
void *kex_ctx; struct dh_ctx *dh_ctx;
int bare_connection; int bare_connection;
int attempting_connshare; int attempting_connshare;
@ -5787,12 +5787,12 @@ static void do_ssh2_transport(void *vctx)
bombout(("unable to read mp-ints from incoming group packet")); bombout(("unable to read mp-ints from incoming group packet"));
crStopV; crStopV;
} }
ssh->kex_ctx = dh_setup_gex(s->p, s->g); ssh->dh_ctx = dh_setup_gex(s->p, s->g);
s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT; s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT;
s->kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY; s->kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY;
} else { } else {
ssh->pls.kctx = SSH2_PKTCTX_DHGROUP; ssh->pls.kctx = SSH2_PKTCTX_DHGROUP;
ssh->kex_ctx = dh_setup_group(ssh->kex); ssh->dh_ctx = dh_setup_group(ssh->kex);
s->kex_init_value = SSH2_MSG_KEXDH_INIT; s->kex_init_value = SSH2_MSG_KEXDH_INIT;
s->kex_reply_value = SSH2_MSG_KEXDH_REPLY; s->kex_reply_value = SSH2_MSG_KEXDH_REPLY;
logeventf(ssh, "Using Diffie-Hellman with standard group \"%s\"", logeventf(ssh, "Using Diffie-Hellman with standard group \"%s\"",
@ -5805,7 +5805,7 @@ static void do_ssh2_transport(void *vctx)
* Now generate and send e for Diffie-Hellman. * Now generate and send e for Diffie-Hellman.
*/ */
set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */ set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */
s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2); s->e = dh_create_e(ssh->dh_ctx, s->nbits * 2);
s->pktout = ssh_bpp_new_pktout(ssh->bpp, s->kex_init_value); s->pktout = ssh_bpp_new_pktout(ssh->bpp, s->kex_init_value);
put_mp_ssh2(s->pktout, s->e); put_mp_ssh2(s->pktout, s->e);
ssh_pkt_write(ssh, s->pktout); ssh_pkt_write(ssh, s->pktout);
@ -5827,13 +5827,13 @@ static void do_ssh2_transport(void *vctx)
} }
{ {
const char *err = dh_validate_f(ssh->kex_ctx, s->f); const char *err = dh_validate_f(ssh->dh_ctx, s->f);
if (err) { if (err) {
bombout(("key exchange reply failed validation: %s", err)); bombout(("key exchange reply failed validation: %s", err));
crStopV; crStopV;
} }
} }
s->K = dh_find_K(ssh->kex_ctx, s->f); s->K = dh_find_K(ssh->dh_ctx, s->f);
/* We assume everything from now on will be quick, and it might /* We assume everything from now on will be quick, and it might
* involve user interaction. */ * involve user interaction. */
@ -5852,7 +5852,7 @@ static void do_ssh2_transport(void *vctx)
put_mp_ssh2(ssh->exhash, s->e); put_mp_ssh2(ssh->exhash, s->e);
put_mp_ssh2(ssh->exhash, s->f); put_mp_ssh2(ssh->exhash, s->f);
dh_cleanup(ssh->kex_ctx); dh_cleanup(ssh->dh_ctx);
freebn(s->f); freebn(s->f);
if (dh_is_gex(ssh->kex)) { if (dh_is_gex(ssh->kex)) {
freebn(s->g); freebn(s->g);
@ -5972,9 +5972,9 @@ static void do_ssh2_transport(void *vctx)
bombout(("unable to read mp-ints from incoming group packet")); bombout(("unable to read mp-ints from incoming group packet"));
crStopV; crStopV;
} }
ssh->kex_ctx = dh_setup_gex(s->p, s->g); ssh->dh_ctx = dh_setup_gex(s->p, s->g);
} else { } else {
ssh->kex_ctx = dh_setup_group(ssh->kex); ssh->dh_ctx = dh_setup_group(ssh->kex);
logeventf(ssh, "Using GSSAPI (with Kerberos V5) Diffie-Hellman with standard group \"%s\"", logeventf(ssh, "Using GSSAPI (with Kerberos V5) Diffie-Hellman with standard group \"%s\"",
ssh->kex->groupname); ssh->kex->groupname);
} }
@ -5983,7 +5983,7 @@ static void do_ssh2_transport(void *vctx)
ssh->kex->hash->text_name); ssh->kex->hash->text_name);
/* Now generate e for Diffie-Hellman. */ /* Now generate e for Diffie-Hellman. */
set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */ set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */
s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2); s->e = dh_create_e(ssh->dh_ctx, s->nbits * 2);
if (ssh->gsslib->gsslogmsg) if (ssh->gsslib->gsslogmsg)
logevent(ssh->gsslib->gsslogmsg); logevent(ssh->gsslib->gsslogmsg);
@ -6137,7 +6137,7 @@ static void do_ssh2_transport(void *vctx)
s->gss_stat == SSH_GSS_S_CONTINUE_NEEDED || s->gss_stat == SSH_GSS_S_CONTINUE_NEEDED ||
!s->complete_rcvd); !s->complete_rcvd);
s->K = dh_find_K(ssh->kex_ctx, s->f); s->K = dh_find_K(ssh->dh_ctx, s->f);
/* We assume everything from now on will be quick, and it might /* We assume everything from now on will be quick, and it might
* involve user interaction. */ * involve user interaction. */
@ -6162,7 +6162,7 @@ static void do_ssh2_transport(void *vctx)
* used as the MIC input. * used as the MIC input.
*/ */
dh_cleanup(ssh->kex_ctx); dh_cleanup(ssh->dh_ctx);
freebn(s->f); freebn(s->f);
if (dh_is_gex(ssh->kex)) { if (dh_is_gex(ssh->kex)) {
freebn(s->g); freebn(s->g);
@ -6313,7 +6313,7 @@ static void do_ssh2_transport(void *vctx)
} }
#endif #endif
ssh->kex_ctx = NULL; ssh->dh_ctx = NULL;
#if 0 #if 0
debug(("Exchange hash is:\n")); debug(("Exchange hash is:\n"));
@ -10554,7 +10554,7 @@ static const char *ssh_init(Frontend *frontend, Backend **backend_handle,
ssh->version = 0; /* when not ready yet */ ssh->version = 0; /* when not ready yet */
ssh->s = NULL; ssh->s = NULL;
ssh->kex = NULL; ssh->kex = NULL;
ssh->kex_ctx = NULL; ssh->dh_ctx = NULL;
ssh->hostkey_alg = NULL; ssh->hostkey_alg = NULL;
ssh->hostkey_str = NULL; ssh->hostkey_str = NULL;
ssh->exitcode = -1; ssh->exitcode = -1;
@ -10711,8 +10711,8 @@ static void ssh_free(Backend *be)
struct X11FakeAuth *auth; struct X11FakeAuth *auth;
int need_random_unref; int need_random_unref;
if (ssh->kex_ctx) if (ssh->dh_ctx)
dh_cleanup(ssh->kex_ctx); dh_cleanup(ssh->dh_ctx);
sfree(ssh->savedhost); sfree(ssh->savedhost);
while (ssh->queuelen-- > 0) while (ssh->queuelen-- > 0)

13
ssh.h
View File

@ -874,12 +874,13 @@ void diagbn(char *prefix, Bignum md);
#endif #endif
int dh_is_gex(const struct ssh_kex *kex); int dh_is_gex(const struct ssh_kex *kex);
void *dh_setup_group(const struct ssh_kex *kex); struct dh_ctx;
void *dh_setup_gex(Bignum pval, Bignum gval); struct dh_ctx *dh_setup_group(const struct ssh_kex *kex);
void dh_cleanup(void *); struct dh_ctx *dh_setup_gex(Bignum pval, Bignum gval);
Bignum dh_create_e(void *, int nbits); void dh_cleanup(struct dh_ctx *);
const char *dh_validate_f(void *handle, Bignum f); Bignum dh_create_e(struct dh_ctx *, int nbits);
Bignum dh_find_K(void *, Bignum f); const char *dh_validate_f(struct dh_ctx *, Bignum f);
Bignum dh_find_K(struct dh_ctx *, Bignum f);
int rsa_ssh1_encrypted(const Filename *filename, char **comment); int rsa_ssh1_encrypted(const Filename *filename, char **comment);
int rsa_ssh1_loadpub(const Filename *filename, BinarySink *bs, int rsa_ssh1_loadpub(const Filename *filename, BinarySink *bs,

16
sshdh.c
View File

@ -187,7 +187,7 @@ int dh_is_gex(const struct ssh_kex *kex)
/* /*
* Initialise DH for a standard group. * Initialise DH for a standard group.
*/ */
void *dh_setup_group(const struct ssh_kex *kex) struct dh_ctx *dh_setup_group(const struct ssh_kex *kex)
{ {
const struct dh_extra *extra = (const struct dh_extra *)kex->extra; const struct dh_extra *extra = (const struct dh_extra *)kex->extra;
struct dh_ctx *ctx = snew(struct dh_ctx); struct dh_ctx *ctx = snew(struct dh_ctx);
@ -200,7 +200,7 @@ void *dh_setup_group(const struct ssh_kex *kex)
/* /*
* Initialise DH for a server-supplied group. * Initialise DH for a server-supplied group.
*/ */
void *dh_setup_gex(Bignum pval, Bignum gval) struct dh_ctx *dh_setup_gex(Bignum pval, Bignum gval)
{ {
struct dh_ctx *ctx = snew(struct dh_ctx); struct dh_ctx *ctx = snew(struct dh_ctx);
ctx->p = copybn(pval); ctx->p = copybn(pval);
@ -212,9 +212,8 @@ void *dh_setup_gex(Bignum pval, Bignum gval)
/* /*
* Clean up and free a context. * Clean up and free a context.
*/ */
void dh_cleanup(void *handle) void dh_cleanup(struct dh_ctx *ctx)
{ {
struct dh_ctx *ctx = (struct dh_ctx *)handle;
freebn(ctx->x); freebn(ctx->x);
freebn(ctx->e); freebn(ctx->e);
freebn(ctx->p); freebn(ctx->p);
@ -239,9 +238,8 @@ void dh_cleanup(void *handle)
* Advances in Cryptology: Proceedings of Eurocrypt '96 * Advances in Cryptology: Proceedings of Eurocrypt '96
* Springer-Verlag, May 1996. * Springer-Verlag, May 1996.
*/ */
Bignum dh_create_e(void *handle, int nbits) Bignum dh_create_e(struct dh_ctx *ctx, int nbits)
{ {
struct dh_ctx *ctx = (struct dh_ctx *)handle;
int i; int i;
int nbytes; int nbytes;
@ -295,9 +293,8 @@ Bignum dh_create_e(void *handle, int nbits)
* they lead to obviously weak keys that even a passive eavesdropper * they lead to obviously weak keys that even a passive eavesdropper
* can figure out.) * can figure out.)
*/ */
const char *dh_validate_f(void *handle, Bignum f) const char *dh_validate_f(struct dh_ctx *ctx, Bignum f)
{ {
struct dh_ctx *ctx = (struct dh_ctx *)handle;
if (bignum_cmp(f, One) <= 0) { if (bignum_cmp(f, One) <= 0) {
return "f value received is too small"; return "f value received is too small";
} else { } else {
@ -313,9 +310,8 @@ const char *dh_validate_f(void *handle, Bignum f)
/* /*
* DH stage 2: given a number f, compute K = f^x mod p. * DH stage 2: given a number f, compute K = f^x mod p.
*/ */
Bignum dh_find_K(void *handle, Bignum f) Bignum dh_find_K(struct dh_ctx *ctx, Bignum f)
{ {
struct dh_ctx *ctx = (struct dh_ctx *)handle;
Bignum ret; Bignum ret;
ret = modpow(f, ctx->x, ctx->p); ret = modpow(f, ctx->x, ctx->p);
return ret; return ret;