summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2019-08-06 20:29:01 +0200
committerJakub Jelen <jjelen@redhat.com>2019-08-08 09:30:03 +0200
commit92d3efec8184a22ed214ba95ba692041377bb93c (patch)
tree7d6dc1e15faf4b2ffd1c4894a40f5d2777dd18a4
parent4e25ee6124f23a727a9e430b738fad3124ae8ecc (diff)
downloadlibssh-92d3efec8184a22ed214ba95ba692041377bb93c.tar.gz
libssh-92d3efec8184a22ed214ba95ba692041377bb93c.tar.xz
libssh-92d3efec8184a22ed214ba95ba692041377bb93c.zip
dh: Add ssh_dh_debug_crypto()
We should call it where we have access to the crypto structure. Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r--include/libssh/dh.h2
-rw-r--r--src/dh-gex.c1
-rw-r--r--src/dh.c2
-rw-r--r--src/dh_crypto.c21
-rw-r--r--src/dh_key.c47
5 files changed, 48 insertions, 25 deletions
diff --git a/include/libssh/dh.h b/include/libssh/dh.h
index 48d8c46a..390b30da 100644
--- a/include/libssh/dh.h
+++ b/include/libssh/dh.h
@@ -48,6 +48,8 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
int ssh_dh_compute_shared_secret(struct dh_ctx *ctx, int local, int remote,
bignum *dest);
+void ssh_dh_debug_crypto(struct ssh_crypto_struct *c);
+
/* common functions */
int ssh_dh_init(void);
void ssh_dh_finalize(void);
diff --git a/src/dh-gex.c b/src/dh-gex.c
index b20bf2b6..bbd59c75 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -267,6 +267,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
rc = ssh_dh_compute_shared_secret(session->next_crypto->dh_ctx,
DH_CLIENT_KEYPAIR, DH_SERVER_KEYPAIR,
&session->next_crypto->shared_secret);
+ ssh_dh_debug_crypto(session->next_crypto);
if (rc == SSH_ERROR) {
ssh_set_error(session, SSH_FATAL, "Could not generate shared secret");
goto error;
diff --git a/src/dh.c b/src/dh.c
index 6c698139..2f63bafa 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -373,6 +373,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
rc = ssh_dh_compute_shared_secret(session->next_crypto->dh_ctx,
DH_CLIENT_KEYPAIR, DH_SERVER_KEYPAIR,
&session->next_crypto->shared_secret);
+ ssh_dh_debug_crypto(session->next_crypto);
if (rc == SSH_ERROR){
ssh_set_error(session, SSH_FATAL, "Could not generate shared secret");
goto error;
@@ -462,6 +463,7 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
rc = ssh_dh_compute_shared_secret(crypto->dh_ctx,
DH_SERVER_KEYPAIR, DH_CLIENT_KEYPAIR,
&crypto->shared_secret);
+ ssh_dh_debug_crypto(crypto);
if (rc == SSH_ERROR) {
ssh_set_error(session, SSH_FATAL, "Could not generate shared secret");
goto error;
diff --git a/src/dh_crypto.c b/src/dh_crypto.c
index 0ccc3641..d72e757a 100644
--- a/src/dh_crypto.c
+++ b/src/dh_crypto.c
@@ -41,6 +41,27 @@ struct dh_ctx {
DH *keypair[2];
};
+void ssh_dh_debug_crypto(struct ssh_crypto_struct *c)
+{
+#ifdef DEBUG_CRYPTO
+ const_bignum x = NULL, y = NULL, e = NULL, f = NULL;
+
+ ssh_dh_keypair_get_keys(c->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e);
+ ssh_dh_keypair_get_keys(c->dh_ctx, DH_SERVER_KEYPAIR, &y, &f);
+ ssh_print_bignum("x", x);
+ ssh_print_bignum("y", y);
+ ssh_print_bignum("e", e);
+ ssh_print_bignum("f", f);
+
+ ssh_log_hexdump("Session server cookie", c->server_kex.cookie, 16);
+ ssh_log_hexdump("Session client cookie", c->client_kex.cookie, 16);
+ ssh_print_bignum("k", c->shared_secret);
+
+#else
+ (void)c; /* UNUSED_PARAM */
+#endif
+}
+
int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
const_bignum *priv, const_bignum *pub)
{
diff --git a/src/dh_key.c b/src/dh_key.c
index 32c4af2e..58161c14 100644
--- a/src/dh_key.c
+++ b/src/dh_key.c
@@ -60,6 +60,28 @@ struct dh_ctx {
bignum modulus;
};
+void ssh_dh_debug_crypto(struct ssh_crypto_struct *c)
+{
+#ifdef DEBUG_CRYPTO
+ const_bignum x = NULL, y = NULL, e = NULL, f = NULL;
+
+ ssh_dh_keypair_get_keys(c->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e);
+ ssh_dh_keypair_get_keys(c->dh_ctx, DH_SERVER_KEYPAIR, &y, &f);
+ ssh_print_bignum("p", c->dh_ctx->modulus);
+ ssh_print_bignum("g", c->dh_ctx->generator);
+ ssh_print_bignum("x", x);
+ ssh_print_bignum("y", y);
+ ssh_print_bignum("e", e);
+ ssh_print_bignum("f", f);
+
+ ssh_log_hexdump("Session server cookie", c->server_kex.cookie, 16);
+ ssh_log_hexdump("Session client cookie", c->client_kex.cookie, 16);
+ ssh_print_bignum("k", c->shared_secret);
+#else
+ (void)c; /* UNUSED_PARAM */
+#endif
+}
+
static void ssh_dh_free_modulus(struct dh_ctx *ctx)
{
if ((ctx->modulus != ssh_dh_group1) &&
@@ -263,30 +285,6 @@ void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
crypto->dh_ctx = NULL;
}
-#ifdef DEBUG_CRYPTO
-static void ssh_dh_debug(ssh_session session)
-{
- struct ssh_crypto_struct *crypto = session->next_crypto;
- const_bignum x, y, e, f;
- ssh_dh_keypair_get_keys(crypto->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e);
- ssh_dh_keypair_get_keys(crypto->dh_ctx, DH_SERVER_KEYPAIR, &y, &f);
- ssh_print_bignum("p", crypto->dh_ctx->modulus);
- ssh_print_bignum("g", crypto->dh_ctx->generator);
- ssh_print_bignum("x", x);
- ssh_print_bignum("y", y);
- ssh_print_bignum("e", e);
- ssh_print_bignum("f", f);
-
- ssh_log_hexdump("Session server cookie",
- session->next_crypto->server_kex.cookie, 16);
- ssh_log_hexdump("Session client cookie",
- session->next_crypto->client_kex.cookie, 16);
- ssh_print_bignum("k", session->next_crypto->shared_secret);
-}
-#else
-#define ssh_dh_debug(session)
-#endif
-
/** @internal
* @brief generates a secret DH parameter of at least DH_SECURITY_BITS
* security as well as the corresponding public key.
@@ -370,7 +368,6 @@ int ssh_dh_compute_shared_secret(struct dh_ctx *dh_ctx, int local, int remote,
done:
bignum_ctx_free(ctx);
- ssh_dh_debug(session);
if (rc != 1) {
return SSH_ERROR;
}