summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2019-03-12 18:24:36 -0400
committerAndreas Schneider <asn@cryptomilk.org>2019-04-04 08:00:15 +0200
commit2f38af1559691e6151c60533848479e96e8965bb (patch)
tree4f2af76f29a1c0ff912458b0348f6bb8781999bb
parent997fe4d418eafff8ace27e07141bdb5e4dee1753 (diff)
downloadlibssh-2f38af1559691e6151c60533848479e96e8965bb.tar.gz
libssh-2f38af1559691e6151c60533848479e96e8965bb.tar.xz
libssh-2f38af1559691e6151c60533848479e96e8965bb.zip
dh: Rename variables for DH key exchange
Rename and refactor how some variables are held in ssh_crypto_struct. Refactor allocation of dh exchange public keys. This is in preparation for switching the code to use openssl native DH handling and allowed to better reason about the code and the overall API. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--include/libssh/crypto.h8
-rw-r--r--include/libssh/dh.h12
-rw-r--r--src/curve25519.c6
-rw-r--r--src/dh-gex.c45
-rw-r--r--src/dh.c209
-rw-r--r--src/ecdh_crypto.c6
-rw-r--r--src/ecdh_gcrypt.c9
-rw-r--r--src/ecdh_mbedcrypto.c8
-rw-r--r--src/kex.c16
-rw-r--r--src/wrapper.c2
-rw-r--r--tests/unittests/torture_session_keys.c2
11 files changed, 189 insertions, 134 deletions
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index 4cd0cecd..034b4f2e 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -45,6 +45,7 @@
#ifdef HAVE_OPENSSL_ECDH_H
#include <openssl/ecdh.h>
#endif
+#include "libssh/dh.h"
#include "libssh/ecdh.h"
#include "libssh/kex.h"
#include "libssh/curve25519.h"
@@ -98,10 +99,11 @@ enum ssh_cipher_e {
SSH_AEAD_CHACHA20_POLY1305
};
+struct dh_ctx;
+
struct ssh_crypto_struct {
- bignum e,f,x,k,y;
- bignum g, p;
- int dh_group_is_mutable; /* do free group parameters */
+ bignum shared_secret;
+ struct dh_ctx *dh_ctx;
#ifdef WITH_GEX
size_t dh_pmin; int dh_pn; int dh_pmax; /* preferred group parameters */
#endif /* WITH_GEX */
diff --git a/include/libssh/dh.h b/include/libssh/dh.h
index 25aad47e..2a9be714 100644
--- a/include/libssh/dh.h
+++ b/include/libssh/dh.h
@@ -25,6 +25,18 @@
#include "libssh/crypto.h"
+struct dh_keypair {
+ bignum priv_key;
+ bignum pub_key;
+};
+
+struct dh_ctx {
+ struct dh_keypair client;
+ struct dh_keypair server;
+ bignum generator;
+ bignum modulus;
+};
+
int ssh_dh_init(void);
void ssh_dh_finalize(void);
diff --git a/src/curve25519.c b/src/curve25519.c
index 3a914a41..92f603dd 100644
--- a/src/curve25519.c
+++ b/src/curve25519.c
@@ -95,8 +95,8 @@ static int ssh_curve25519_build_k(ssh_session session) {
crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
session->next_crypto->curve25519_server_pubkey);
- bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, &session->next_crypto->k);
- if (session->next_crypto->k == NULL) {
+ bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, &session->next_crypto->shared_secret);
+ if (session->next_crypto->shared_secret == NULL) {
return SSH_ERROR;
}
@@ -105,7 +105,7 @@ static int ssh_curve25519_build_k(ssh_session session) {
session->next_crypto->server_kex.cookie, 16);
ssh_print_hexa("Session client cookie",
session->next_crypto->client_kex.cookie, 16);
- ssh_print_bignum("Shared secret key", session->next_crypto->k);
+ ssh_print_bignum("Shared secret key", session->next_crypto->shared_secret);
#endif
return 0;
diff --git a/src/dh-gex.c b/src/dh-gex.c
index cbe7e02c..02494bb2 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -128,11 +128,10 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
ssh_set_error_oom(session);
goto error;
}
- session->next_crypto->dh_group_is_mutable = 1;
rc = ssh_buffer_unpack(packet,
"BB",
- &session->next_crypto->p,
- &session->next_crypto->g);
+ &session->next_crypto->dh_ctx->modulus,
+ &session->next_crypto->dh_ctx->generator);
if (rc != SSH_OK) {
ssh_set_error(session, SSH_FATAL, "Invalid DH_GEX_GROUP packet");
goto error;
@@ -142,7 +141,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
if (rc != 1) {
goto error;
}
- blen = bignum_num_bits(session->next_crypto->p);
+ blen = bignum_num_bits(session->next_crypto->dh_ctx->modulus);
if (blen < DH_PMIN || blen > DH_PMAX) {
ssh_set_error(session,
SSH_FATAL,
@@ -152,36 +151,31 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
DH_PMAX);
goto error;
}
- if (bignum_cmp(session->next_crypto->p, one) <= 0) {
+ if (bignum_cmp(session->next_crypto->dh_ctx->modulus, one) <= 0) {
/* p must be positive and preferably bigger than one */
ssh_set_error(session, SSH_FATAL, "Invalid dh group parameter p");
}
- if (!bignum_is_bit_set(session->next_crypto->p, 0)) {
+ if (!bignum_is_bit_set(session->next_crypto->dh_ctx->modulus, 0)) {
/* p must be a prime and therefore not divisible by 2 */
ssh_set_error(session, SSH_FATAL, "Invalid dh group parameter p");
goto error;
}
- bignum_sub(pmin1, session->next_crypto->p, one);
- if (bignum_cmp(session->next_crypto->g, one) <= 0 ||
- bignum_cmp(session->next_crypto->g, pmin1) > 0) {
+ bignum_sub(pmin1, session->next_crypto->dh_ctx->modulus, one);
+ if (bignum_cmp(session->next_crypto->dh_ctx->generator, one) <= 0 ||
+ bignum_cmp(session->next_crypto->dh_ctx->generator, pmin1) > 0) {
/* generator must be at least 2 and smaller than p-1*/
ssh_set_error(session, SSH_FATAL, "Invalid dh group parameter g");
goto error;
}
/* compute and send DH public parameter */
- rc = ssh_dh_generate_secret(session, session->next_crypto->x);
+ rc = ssh_dh_generate_secret(session, session->next_crypto->dh_ctx->client.priv_key);
if (rc == SSH_ERROR) {
goto error;
}
- session->next_crypto->e = bignum_new();
- if (session->next_crypto->e == NULL) {
- ssh_set_error_oom(session);
- goto error;
- }
- rc = bignum_mod_exp(session->next_crypto->e,
- session->next_crypto->g,
- session->next_crypto->x,
- session->next_crypto->p,
+ rc = bignum_mod_exp(session->next_crypto->dh_ctx->client.pub_key,
+ session->next_crypto->dh_ctx->generator,
+ session->next_crypto->dh_ctx->client.priv_key,
+ session->next_crypto->dh_ctx->modulus,
ctx);
if (rc != 1) {
goto error;
@@ -193,7 +187,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
rc = ssh_buffer_pack(session->out_buffer,
"bB",
SSH2_MSG_KEX_DH_GEX_INIT,
- session->next_crypto->e);
+ session->next_crypto->dh_ctx->client.pub_key);
if (rc != SSH_OK) {
goto error;
}
@@ -229,7 +223,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
ssh_packet_remove_callbacks(session, &ssh_dhgex_client_callbacks);
rc = ssh_buffer_unpack(packet,
"SBS",
- &pubkey_blob, &crypto->f,
+ &pubkey_blob, &crypto->dh_ctx->server.pub_key,
&crypto->dh_server_signature);
if (rc == SSH_ERROR) {
@@ -584,8 +578,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request)
pn,
pmax,
&size,
- &session->next_crypto->p,
- &session->next_crypto->g);
+ &session->next_crypto->dh_ctx->modulus,
+ &session->next_crypto->dh_ctx->generator);
if (rc == SSH_ERROR) {
ssh_set_error(session,
SSH_FATAL,
@@ -595,12 +589,11 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request)
pmax);
goto error;
}
- session->next_crypto->dh_group_is_mutable = 1;
rc = ssh_buffer_pack(session->out_buffer,
"bBB",
SSH2_MSG_KEX_DH_GEX_GROUP,
- session->next_crypto->p,
- session->next_crypto->g);
+ session->next_crypto->dh_ctx->modulus,
+ session->next_crypto->dh_ctx->generator);
if (rc != SSH_OK) {
ssh_set_error_invalid(session);
goto error;
diff --git a/src/dh.c b/src/dh.c
index 5bfa8b35..e997d583 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -294,65 +294,120 @@ void ssh_dh_finalize(void)
dh_crypto_initialized = 0;
}
+static void ssh_dh_free_dh_keypair(struct dh_keypair *keypair)
+{
+ bignum_safe_free(keypair->priv_key);
+ bignum_safe_free(keypair->pub_key);
+}
+
+static int ssh_dh_init_dh_keypair(struct dh_keypair *keypair)
+{
+ int rc;
+
+ keypair->priv_key = bignum_new();
+ if (keypair->priv_key == NULL) {
+ rc = SSH_ERROR;
+ goto done;
+ }
+ keypair->pub_key = bignum_new();
+ if (keypair->pub_key == NULL) {
+ rc = SSH_ERROR;
+ goto done;
+ }
+
+ rc = SSH_OK;
+done:
+ if (rc != SSH_OK) {
+ ssh_dh_free_dh_keypair(keypair);
+ }
+ return rc;
+}
+
/**
* @internal
* @brief allocate and initialize ephemeral values used in dh kex
*/
-int ssh_dh_init_common(ssh_session session){
- struct ssh_crypto_struct *crypto=session->next_crypto;
- crypto->x = bignum_new();
- crypto->y = bignum_new();
- crypto->e = NULL;
- crypto->f = NULL;
- crypto->k = bignum_new();
- crypto->g = NULL;
- crypto->p = NULL;
- crypto->dh_group_is_mutable = 0;
- switch(session->next_crypto->kex_type) {
- case SSH_KEX_DH_GROUP1_SHA1:
- session->next_crypto->p = p_group1;
- session->next_crypto->g = g;
- session->next_crypto->dh_group_is_mutable = 0;
+int ssh_dh_init_common(ssh_session session)
+{
+ struct ssh_crypto_struct *crypto = session->next_crypto;
+ struct dh_ctx *ctx = NULL;
+ int rc;
+
+ ctx = calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ return SSH_ERROR;
+ }
+
+ switch (crypto->kex_type) {
+ case SSH_KEX_DH_GROUP1_SHA1:
+ ctx->generator = g;
+ ctx->modulus = p_group1;
break;
- case SSH_KEX_DH_GROUP14_SHA1:
- session->next_crypto->p = p_group14;
- session->next_crypto->g = g;
- session->next_crypto->dh_group_is_mutable = 0;
+ case SSH_KEX_DH_GROUP14_SHA1:
+ ctx->generator = g;
+ ctx->modulus = p_group14;
break;
- case SSH_KEX_DH_GROUP16_SHA512:
- session->next_crypto->p = p_group16;
- session->next_crypto->g = g;
- session->next_crypto->dh_group_is_mutable = 0;
+ case SSH_KEX_DH_GROUP16_SHA512:
+ ctx->generator = g;
+ ctx->modulus = p_group16;
break;
- case SSH_KEX_DH_GROUP18_SHA512:
- session->next_crypto->p = p_group18;
- session->next_crypto->g = g;
- session->next_crypto->dh_group_is_mutable = 0;
+ case SSH_KEX_DH_GROUP18_SHA512:
+ ctx->generator = g;
+ ctx->modulus = p_group18;
break;
- default:
- /* fall through */
+ default:
break;
}
- if (crypto->x == NULL || crypto->y == NULL || crypto->k == NULL){
- bignum_safe_free(crypto->k);
- bignum_safe_free(crypto->y);
- bignum_safe_free(crypto->x);
+
+ rc = ssh_dh_init_dh_keypair(&ctx->client);
+ if (rc != SSH_OK) {
+ goto done;
+ }
+
+ rc = ssh_dh_init_dh_keypair(&ctx->server);
+ if (rc != SSH_OK) {
+ goto done;
+ }
+
+ crypto->shared_secret = bignum_new();
+ if (crypto->shared_secret == NULL) {
+ goto done;
+ }
+
+ crypto->dh_ctx = ctx;
+ rc = SSH_OK;
+done:
+ if (rc != SSH_OK) {
+ ssh_dh_free_dh_keypair(&ctx->client);
+ ssh_dh_free_dh_keypair(&ctx->server);
+ free(ctx);
ssh_set_error_oom(session);
- return SSH_ERROR;
- } else {
- return SSH_OK;
}
+ return rc;
}
-void ssh_dh_cleanup(struct ssh_crypto_struct *crypto){
- bignum_safe_free(crypto->x);
- bignum_safe_free(crypto->y);
- bignum_safe_free(crypto->e);
- bignum_safe_free(crypto->f);
- if (crypto->dh_group_is_mutable){
- bignum_safe_free(crypto->p);
- bignum_safe_free(crypto->g);
+void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
+{
+ struct dh_ctx *ctx = crypto->dh_ctx;
+
+ if (ctx == NULL) {
+ return;
+ }
+
+ ssh_dh_free_dh_keypair(&ctx->client);
+ ssh_dh_free_dh_keypair(&ctx->server);
+
+ if ((ctx->modulus != p_group1) &&
+ (ctx->modulus != p_group14) &&
+ (ctx->modulus != p_group16) &&
+ (ctx->modulus != p_group18)) {
+ bignum_safe_free(ctx->modulus);
+ }
+ if (ctx->generator != g) {
+ bignum_safe_free(ctx->generator);
}
+ free(ctx);
+ crypto->dh_ctx = NULL;
}
int ssh_dh_import_next_pubkey_blob(ssh_session session, ssh_string pubkey_blob)
@@ -365,18 +420,18 @@ int ssh_dh_import_next_pubkey_blob(ssh_session session, ssh_string pubkey_blob)
#ifdef DEBUG_CRYPTO
static void ssh_dh_debug(ssh_session session)
{
- ssh_print_bignum("p", session->next_crypto->p);
- ssh_print_bignum("g", session->next_crypto->g);
- ssh_print_bignum("x", session->next_crypto->x);
- ssh_print_bignum("y", session->next_crypto->y);
- ssh_print_bignum("e", session->next_crypto->e);
- ssh_print_bignum("f", session->next_crypto->f);
+ ssh_print_bignum("p", session->next_crypto->dh_ctx->modulus);
+ ssh_print_bignum("g", session->next_crypto->dh_ctx->generator);
+ ssh_print_bignum("x", session->next_crypto->dh_ctx->client.priv_key);
+ ssh_print_bignum("y", session->next_crypto->dh_ctx->server.priv_key);
+ ssh_print_bignum("e", session->next_crypto->dh_ctx->client.pub_key);
+ ssh_print_bignum("f", session->next_crypto->dh_ctx->server.pub_key);
ssh_print_hexa("Session server cookie",
session->next_crypto->server_kex.cookie, 16);
ssh_print_hexa("Session client cookie",
session->next_crypto->client_kex.cookie, 16);
- ssh_print_bignum("k", session->next_crypto->k);
+ ssh_print_bignum("k", session->next_crypto->shared_secret);
}
#else
#define ssh_dh_debug(session)
@@ -404,7 +459,7 @@ int ssh_dh_generate_secret(ssh_session session, bignum dest)
if (tmp == NULL) {
goto error;
}
- p_bits = bignum_num_bits(session->next_crypto->p);
+ p_bits = bignum_num_bits(session->next_crypto->dh_ctx->modulus);
/* we need at most DH_SECURITY_BITS */
bits = MIN(DH_SECURITY_BITS * 2, p_bits);
/* ensure we're not too close of p so rnd()%p stays uniform */
@@ -415,7 +470,7 @@ int ssh_dh_generate_secret(ssh_session session, bignum dest)
if (rc != 1) {
goto error;
}
- rc = bignum_mod(dest, tmp, session->next_crypto->p, ctx);
+ rc = bignum_mod(dest, tmp, session->next_crypto->dh_ctx->modulus, ctx);
if (rc != 1) {
goto error;
}
@@ -439,16 +494,16 @@ int ssh_dh_build_k(ssh_session session)
/* the server and clients don't use the same numbers */
if (session->client) {
- rc = bignum_mod_exp(session->next_crypto->k,
- session->next_crypto->f,
- session->next_crypto->x,
- session->next_crypto->p,
+ rc = bignum_mod_exp(session->next_crypto->shared_secret,
+ session->next_crypto->dh_ctx->server.pub_key,
+ session->next_crypto->dh_ctx->client.priv_key,
+ session->next_crypto->dh_ctx->modulus,
ctx);
} else {
- rc = bignum_mod_exp(session->next_crypto->k,
- session->next_crypto->e,
- session->next_crypto->y,
- session->next_crypto->p,
+ rc = bignum_mod_exp(session->next_crypto->shared_secret,
+ session->next_crypto->dh_ctx->client.pub_key,
+ session->next_crypto->dh_ctx->server.priv_key,
+ session->next_crypto->dh_ctx->modulus,
ctx);
}
@@ -488,22 +543,18 @@ int ssh_client_dh_init(ssh_session session){
goto error;
}
- rc = ssh_dh_generate_secret(session, session->next_crypto->x);
+ rc = ssh_dh_generate_secret(session, session->next_crypto->dh_ctx->client.priv_key);
if (rc == SSH_ERROR){
goto error;
}
- session->next_crypto->e = bignum_new();
- if (session->next_crypto->e == NULL){
- goto error;
- }
- rc = bignum_mod_exp(session->next_crypto->e, session->next_crypto->g, session->next_crypto->x,
- session->next_crypto->p, ctx);
+ rc = bignum_mod_exp(session->next_crypto->dh_ctx->client.pub_key, session->next_crypto->dh_ctx->generator, session->next_crypto->dh_ctx->client.priv_key,
+ session->next_crypto->dh_ctx->modulus, ctx);
bignum_ctx_free(ctx);
if (rc != 1) {
goto error;
}
- rc = ssh_buffer_pack(session->out_buffer, "bB", SSH2_MSG_KEXDH_INIT, session->next_crypto->e);
+ rc = ssh_buffer_pack(session->out_buffer, "bB", SSH2_MSG_KEXDH_INIT, session->next_crypto->dh_ctx->client.pub_key);
if (rc != SSH_OK) {
goto error;
}
@@ -529,7 +580,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
ssh_packet_remove_callbacks(session, &ssh_dh_client_callbacks);
- rc = ssh_buffer_unpack(packet, "SBS", &pubkey_blob, &crypto->f,
+ rc = ssh_buffer_unpack(packet, "SBS", &pubkey_blob, &crypto->dh_ctx->server.pub_key,
&crypto->dh_server_signature);
if (rc == SSH_ERROR) {
goto error;
@@ -606,25 +657,21 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
if (bignum_ctx_invalid(ctx)) {
goto error;
}
- rc = ssh_buffer_unpack(packet, "B", &session->next_crypto->e);
+ rc = ssh_buffer_unpack(packet, "B", &session->next_crypto->dh_ctx->client.pub_key);
if (rc == SSH_ERROR) {
ssh_set_error(session, SSH_FATAL, "No e number in client request");
goto error;
}
- rc = ssh_dh_generate_secret(session, session->next_crypto->y);
+ rc = ssh_dh_generate_secret(session, session->next_crypto->dh_ctx->server.priv_key);
if (rc == SSH_ERROR){
goto error;
}
- session->next_crypto->f = bignum_new();
- if (session->next_crypto->f == NULL){
- goto error;
- }
- rc = bignum_mod_exp(session->next_crypto->f,
- session->next_crypto->g,
- session->next_crypto->y,
- session->next_crypto->p, ctx);
+ rc = bignum_mod_exp(session->next_crypto->dh_ctx->server.pub_key,
+ session->next_crypto->dh_ctx->generator,
+ session->next_crypto->dh_ctx->server.priv_key,
+ session->next_crypto->dh_ctx->modulus, ctx);
bignum_ctx_free(ctx);
ctx = NULL;
if (rc != 1) {
@@ -677,7 +724,7 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
"bSBS",
packet_type,
pubkey_blob,
- session->next_crypto->f,
+ session->next_crypto->dh_ctx->server.pub_key,
sig_blob);
SSH_STRING_FREE(sig_blob);
SSH_STRING_FREE(pubkey_blob);
diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c
index 0078712e..86e4551c 100644
--- a/src/ecdh_crypto.c
+++ b/src/ecdh_crypto.c
@@ -170,9 +170,9 @@ int ecdh_build_k(ssh_session session) {
return -1;
}
- bignum_bin2bn(buffer, len, &session->next_crypto->k);
+ bignum_bin2bn(buffer, len, &session->next_crypto->shared_secret);
free(buffer);
- if (session->next_crypto->k == NULL) {
+ if (session->next_crypto->shared_secret == NULL) {
EC_KEY_free(session->next_crypto->ecdh_privkey);
session->next_crypto->ecdh_privkey = NULL;
return -1;
@@ -185,7 +185,7 @@ int ecdh_build_k(ssh_session session) {
session->next_crypto->server_kex.cookie, 16);
ssh_print_hexa("Session client cookie",
session->next_crypto->client_kex.cookie, 16);
- ssh_print_bignum("Shared secret key", session->next_crypto->k);
+ ssh_print_bignum("Shared secret key", session->next_crypto->shared_secret);
#endif
return 0;
diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
index 913855c0..473846b8 100644
--- a/src/ecdh_gcrypt.c
+++ b/src/ecdh_gcrypt.c
@@ -198,8 +198,9 @@ int ecdh_build_k(ssh_session session)
goto out;
}
- session->next_crypto->k = gcry_mpi_new(0);
- gcry_mpi_point_snatch_get(session->next_crypto->k, NULL, NULL, point);
+ session->next_crypto->shared_secret = gcry_mpi_new(0);
+ gcry_mpi_point_snatch_get(session->next_crypto->shared_secret,
+ NULL, NULL, point);
#else
s = ssh_sexp_extract_mpi(result, "s", GCRYMPI_FMT_USG, GCRYMPI_FMT_USG);
if (s == NULL) {
@@ -224,7 +225,7 @@ int ecdh_build_k(ssh_session session)
goto out;
}
- err = gcry_mpi_scan(&session->next_crypto->k,
+ err = gcry_mpi_scan(&session->next_crypto->shared_secret,
GCRYMPI_FMT_USG,
(const char *)ssh_string_data(s) + 1,
k_len / 2,
@@ -245,7 +246,7 @@ int ecdh_build_k(ssh_session session)
session->next_crypto->server_kex.cookie, 16);
ssh_print_hexa("Session client cookie",
session->next_crypto->client_kex.cookie, 16);
- ssh_print_bignum("Shared secret key", session->next_crypto->k);
+ ssh_print_bignum("Shared secret key", session->next_crypto->shared_secret);
#endif
out:
diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c
index 68033f7d..2c165aaa 100644
--- a/src/ecdh_mbedcrypto.c
+++ b/src/ecdh_mbedcrypto.c
@@ -154,16 +154,16 @@ int ecdh_build_k(ssh_session session)
goto out;
}
- session->next_crypto->k = malloc(sizeof(mbedtls_mpi));
- if (session->next_crypto->k == NULL) {
+ session->next_crypto->shared_secret = malloc(sizeof(mbedtls_mpi));
+ if (session->next_crypto->shared_secret == NULL) {
rc = SSH_ERROR;
goto out;
}
- mbedtls_mpi_init(session->next_crypto->k);
+ mbedtls_mpi_init(session->next_crypto->shared_secret);
rc = mbedtls_ecdh_compute_shared(&grp,
- session->next_crypto->k,
+ session->next_crypto->shared_secret,
&pubkey,
&session->next_crypto->ecdh_privkey->d,
mbedtls_ctr_drbg_random,
diff --git a/src/kex.c b/src/kex.c
index 750996b3..618ec88e 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -1123,8 +1123,8 @@ int ssh_make_sessionid(ssh_session session)
case SSH_KEX_DH_GROUP18_SHA512:
rc = ssh_buffer_pack(buf,
"BB",
- session->next_crypto->e,
- session->next_crypto->f);
+ session->next_crypto->dh_ctx->client.pub_key,
+ session->next_crypto->dh_ctx->server.pub_key);
if (rc != SSH_OK) {
goto error;
}
@@ -1137,10 +1137,10 @@ int ssh_make_sessionid(ssh_session session)
session->next_crypto->dh_pmin,
session->next_crypto->dh_pn,
session->next_crypto->dh_pmax,
- session->next_crypto->p,
- session->next_crypto->g,
- session->next_crypto->e,
- session->next_crypto->f);
+ session->next_crypto->dh_ctx->modulus,
+ session->next_crypto->dh_ctx->generator,
+ session->next_crypto->dh_ctx->client.pub_key,
+ session->next_crypto->dh_ctx->server.pub_key);
if (rc != SSH_OK) {
goto error;
}
@@ -1180,7 +1180,7 @@ int ssh_make_sessionid(ssh_session session)
break;
#endif
}
- rc = ssh_buffer_pack(buf, "B", session->next_crypto->k);
+ rc = ssh_buffer_pack(buf, "B", session->next_crypto->shared_secret);
if (rc != SSH_OK) {
goto error;
}
@@ -1365,7 +1365,7 @@ int ssh_generate_session_keys(ssh_session session)
size_t intkey_srv_to_cli_len = 0;
int rc = -1;
- k_string = ssh_make_bignum_string(crypto->k);
+ k_string = ssh_make_bignum_string(crypto->shared_secret);
if (k_string == NULL) {
ssh_set_error_oom(session);
goto error;
diff --git a/src/wrapper.c b/src/wrapper.c
index ca04f5b2..299d4f3f 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -169,7 +169,7 @@ void crypto_free(struct ssh_crypto_struct *crypto)
ssh_key_free(crypto->server_pubkey);
ssh_dh_cleanup(crypto);
- bignum_safe_free(crypto->k);
+ bignum_safe_free(crypto->shared_secret);
#ifdef HAVE_ECDH
SAFE_FREE(crypto->ecdh_client_pubkey);
SAFE_FREE(crypto->ecdh_server_pubkey);
diff --git a/tests/unittests/torture_session_keys.c b/tests/unittests/torture_session_keys.c
index 2a21e63b..e7ef2e44 100644
--- a/tests/unittests/torture_session_keys.c
+++ b/tests/unittests/torture_session_keys.c
@@ -69,7 +69,7 @@ static void torture_session_keys(UNUSED_PARAM(void **state))
k_string = ssh_string_new(32);
ssh_string_fill(k_string, key, 32);
- test_crypto.k = ssh_make_string_bn(k_string);
+ test_crypto.shared_secret = ssh_make_string_bn(k_string);
rc = ssh_generate_session_keys(&session);
assert_int_equal(rc, 0);