diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2019-08-06 20:29:01 +0200 |
---|---|---|
committer | Jakub Jelen <jjelen@redhat.com> | 2019-08-08 09:45:38 +0200 |
commit | 9ffaa12012b036e58d419ce4ddd3839bba14fecd (patch) | |
tree | 95c126240a2cc432234ec532b5f36b4a7382a3b1 | |
parent | ae5146f7ba6b19b3814d25115f988f6193fb346d (diff) | |
download | libssh-9ffaa12012b036e58d419ce4ddd3839bba14fecd.tar.gz libssh-9ffaa12012b036e58d419ce4ddd3839bba14fecd.tar.xz libssh-9ffaa12012b036e58d419ce4ddd3839bba14fecd.zip |
dh: Add ssh_dh_debug_crypto()
We should call it where we have access to the crypto structure.
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 92d3efec8184a22ed214ba95ba692041377bb93c)
-rw-r--r-- | include/libssh/dh.h | 2 | ||||
-rw-r--r-- | src/dh-gex.c | 1 | ||||
-rw-r--r-- | src/dh.c | 2 | ||||
-rw-r--r-- | src/dh_crypto.c | 21 | ||||
-rw-r--r-- | src/dh_key.c | 47 |
5 files changed, 48 insertions, 25 deletions
diff --git a/include/libssh/dh.h b/include/libssh/dh.h index 48d8c46a..390b30da 100644 --- a/include/libssh/dh.h +++ b/include/libssh/dh.h @@ -48,6 +48,8 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer, int ssh_dh_compute_shared_secret(struct dh_ctx *ctx, int local, int remote, bignum *dest); +void ssh_dh_debug_crypto(struct ssh_crypto_struct *c); + /* common functions */ int ssh_dh_init(void); void ssh_dh_finalize(void); diff --git a/src/dh-gex.c b/src/dh-gex.c index b20bf2b6..bbd59c75 100644 --- a/src/dh-gex.c +++ b/src/dh-gex.c @@ -267,6 +267,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply) rc = ssh_dh_compute_shared_secret(session->next_crypto->dh_ctx, DH_CLIENT_KEYPAIR, DH_SERVER_KEYPAIR, &session->next_crypto->shared_secret); + ssh_dh_debug_crypto(session->next_crypto); if (rc == SSH_ERROR) { ssh_set_error(session, SSH_FATAL, "Could not generate shared secret"); goto error; @@ -373,6 +373,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){ rc = ssh_dh_compute_shared_secret(session->next_crypto->dh_ctx, DH_CLIENT_KEYPAIR, DH_SERVER_KEYPAIR, &session->next_crypto->shared_secret); + ssh_dh_debug_crypto(session->next_crypto); if (rc == SSH_ERROR){ ssh_set_error(session, SSH_FATAL, "Could not generate shared secret"); goto error; @@ -462,6 +463,7 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet) rc = ssh_dh_compute_shared_secret(crypto->dh_ctx, DH_SERVER_KEYPAIR, DH_CLIENT_KEYPAIR, &crypto->shared_secret); + ssh_dh_debug_crypto(crypto); if (rc == SSH_ERROR) { ssh_set_error(session, SSH_FATAL, "Could not generate shared secret"); goto error; diff --git a/src/dh_crypto.c b/src/dh_crypto.c index 0ccc3641..d72e757a 100644 --- a/src/dh_crypto.c +++ b/src/dh_crypto.c @@ -41,6 +41,27 @@ struct dh_ctx { DH *keypair[2]; }; +void ssh_dh_debug_crypto(struct ssh_crypto_struct *c) +{ +#ifdef DEBUG_CRYPTO + const_bignum x = NULL, y = NULL, e = NULL, f = NULL; + + ssh_dh_keypair_get_keys(c->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e); + ssh_dh_keypair_get_keys(c->dh_ctx, DH_SERVER_KEYPAIR, &y, &f); + ssh_print_bignum("x", x); + ssh_print_bignum("y", y); + ssh_print_bignum("e", e); + ssh_print_bignum("f", f); + + ssh_log_hexdump("Session server cookie", c->server_kex.cookie, 16); + ssh_log_hexdump("Session client cookie", c->client_kex.cookie, 16); + ssh_print_bignum("k", c->shared_secret); + +#else + (void)c; /* UNUSED_PARAM */ +#endif +} + int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer, const_bignum *priv, const_bignum *pub) { diff --git a/src/dh_key.c b/src/dh_key.c index 32c4af2e..58161c14 100644 --- a/src/dh_key.c +++ b/src/dh_key.c @@ -60,6 +60,28 @@ struct dh_ctx { bignum modulus; }; +void ssh_dh_debug_crypto(struct ssh_crypto_struct *c) +{ +#ifdef DEBUG_CRYPTO + const_bignum x = NULL, y = NULL, e = NULL, f = NULL; + + ssh_dh_keypair_get_keys(c->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e); + ssh_dh_keypair_get_keys(c->dh_ctx, DH_SERVER_KEYPAIR, &y, &f); + ssh_print_bignum("p", c->dh_ctx->modulus); + ssh_print_bignum("g", c->dh_ctx->generator); + ssh_print_bignum("x", x); + ssh_print_bignum("y", y); + ssh_print_bignum("e", e); + ssh_print_bignum("f", f); + + ssh_log_hexdump("Session server cookie", c->server_kex.cookie, 16); + ssh_log_hexdump("Session client cookie", c->client_kex.cookie, 16); + ssh_print_bignum("k", c->shared_secret); +#else + (void)c; /* UNUSED_PARAM */ +#endif +} + static void ssh_dh_free_modulus(struct dh_ctx *ctx) { if ((ctx->modulus != ssh_dh_group1) && @@ -263,30 +285,6 @@ void ssh_dh_cleanup(struct ssh_crypto_struct *crypto) crypto->dh_ctx = NULL; } -#ifdef DEBUG_CRYPTO -static void ssh_dh_debug(ssh_session session) -{ - struct ssh_crypto_struct *crypto = session->next_crypto; - const_bignum x, y, e, f; - ssh_dh_keypair_get_keys(crypto->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e); - ssh_dh_keypair_get_keys(crypto->dh_ctx, DH_SERVER_KEYPAIR, &y, &f); - ssh_print_bignum("p", crypto->dh_ctx->modulus); - ssh_print_bignum("g", crypto->dh_ctx->generator); - ssh_print_bignum("x", x); - ssh_print_bignum("y", y); - ssh_print_bignum("e", e); - ssh_print_bignum("f", f); - - ssh_log_hexdump("Session server cookie", - session->next_crypto->server_kex.cookie, 16); - ssh_log_hexdump("Session client cookie", - session->next_crypto->client_kex.cookie, 16); - ssh_print_bignum("k", session->next_crypto->shared_secret); -} -#else -#define ssh_dh_debug(session) -#endif - /** @internal * @brief generates a secret DH parameter of at least DH_SECURITY_BITS * security as well as the corresponding public key. @@ -370,7 +368,6 @@ int ssh_dh_compute_shared_secret(struct dh_ctx *dh_ctx, int local, int remote, done: bignum_ctx_free(ctx); - ssh_dh_debug(session); if (rc != 1) { return SSH_ERROR; } |