aboutsummaryrefslogtreecommitdiff
path: root/src/server.c
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2011-08-22 14:29:39 +0200
committerAndreas Schneider <asn@cryptomilk.org>2011-08-22 14:29:39 +0200
commit4de452055952b89aa093f7b43d3a5e40c5f7bc68 (patch)
tree305a8c1a6f624fa3dede0b61296c40d18a59d434 /src/server.c
parent245a354187d6f743c511a2e64b2b5643f9b90e66 (diff)
downloadlibssh-4de452055952b89aa093f7b43d3a5e40c5f7bc68.tar.gz
libssh-4de452055952b89aa093f7b43d3a5e40c5f7bc68.tar.xz
libssh-4de452055952b89aa093f7b43d3a5e40c5f7bc68.zip
server: Use new pki infrastructure.
Diffstat (limited to 'src/server.c')
-rw-r--r--src/server.c59
1 files changed, 30 insertions, 29 deletions
diff --git a/src/server.c b/src/server.c
index 6ee16e0f..b189d561 100644
--- a/src/server.c
+++ b/src/server.c
@@ -54,7 +54,7 @@
#include "libssh/socket.h"
#include "libssh/session.h"
#include "libssh/misc.h"
-#include "libssh/keys.h"
+#include "libssh/pki.h"
#include "libssh/dh.h"
#include "libssh/messages.h"
@@ -89,12 +89,12 @@ static int server_set_kex(ssh_session session) {
ZERO_STRUCTP(server);
ssh_get_random(server->cookie, 16, 0);
- if (session->dsa_key != NULL && session->rsa_key != NULL) {
+ if (session->srv.dsa_key != NULL && session->srv.rsa_key != NULL) {
if (ssh_options_set_algo(session, SSH_HOSTKEYS,
"ssh-dss,ssh-rsa") < 0) {
return -1;
}
- } else if (session->dsa_key != NULL) {
+ } else if (session->srv.dsa_key != NULL) {
if (ssh_options_set_algo(session, SSH_HOSTKEYS, "ssh-dss") < 0) {
return -1;
}
@@ -155,11 +155,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){
}
static int dh_handshake_server(ssh_session session) {
+ ssh_key pubkey;
+ ssh_key privkey;
+ ssh_string pubkey_blob;
+ ssh_string sig_blob;
ssh_string f;
- ssh_string pubkey;
- ssh_string sign;
- ssh_public_key pub;
- ssh_private_key prv;
if (dh_generate_y(session) < 0) {
ssh_set_error(session, SSH_FATAL, "Could not create y number");
@@ -178,31 +178,32 @@ static int dh_handshake_server(ssh_session session) {
switch(session->hostkeys){
case SSH_KEYTYPE_DSS:
- prv = session->dsa_key;
+ privkey = session->srv.dsa_key;
break;
case SSH_KEYTYPE_RSA:
- prv = session->rsa_key;
+ privkey = session->srv.rsa_key;
break;
default:
- prv = NULL;
+ privkey = NULL;
}
- pub = publickey_from_privatekey(prv);
- if (pub == NULL) {
+ pubkey = ssh_pki_publickey_from_privatekey(privkey);
+ if (pubkey == NULL) {
ssh_set_error(session, SSH_FATAL,
"Could not get the public key from the private key");
ssh_string_free(f);
return -1;
}
- pubkey = publickey_to_string(pub);
- publickey_free(pub);
- if (pubkey == NULL) {
- ssh_set_error(session, SSH_FATAL, "Not enough space");
+
+ pubkey_blob = ssh_pki_export_pubkey_blob(pubkey);
+ ssh_key_free(pubkey);
+ if (pubkey_blob == NULL) {
+ ssh_set_error_oom(session);
ssh_string_free(f);
return -1;
}
- dh_import_pubkey(session, pubkey);
+ dh_import_pubkey(session, pubkey_blob);
if (dh_build_k(session) < 0) {
ssh_set_error(session, SSH_FATAL, "Could not import the public key");
ssh_string_free(f);
@@ -215,35 +216,35 @@ static int dh_handshake_server(ssh_session session) {
return -1;
}
- sign = ssh_sign_session_id(session, prv);
- if (sign == NULL) {
+ sig_blob = ssh_srv_pki_do_sign_sessionid(session, privkey);
+ if (sig_blob == NULL) {
ssh_set_error(session, SSH_FATAL, "Could not sign the session id");
ssh_string_free(f);
return -1;
}
/* Free private keys as they should not be readable after this point */
- if (session->rsa_key) {
- privatekey_free(session->rsa_key);
- session->rsa_key = NULL;
+ if (session->srv.rsa_key) {
+ ssh_key_free(session->srv.rsa_key);
+ session->srv.rsa_key = NULL;
}
- if (session->dsa_key) {
- privatekey_free(session->dsa_key);
- session->dsa_key = NULL;
+ if (session->srv.dsa_key) {
+ ssh_key_free(session->srv.dsa_key);
+ session->srv.dsa_key = NULL;
}
if (buffer_add_u8(session->out_buffer, SSH2_MSG_KEXDH_REPLY) < 0 ||
- buffer_add_ssh_string(session->out_buffer, pubkey) < 0 ||
+ buffer_add_ssh_string(session->out_buffer, pubkey_blob) < 0 ||
buffer_add_ssh_string(session->out_buffer, f) < 0 ||
- buffer_add_ssh_string(session->out_buffer, sign) < 0) {
+ buffer_add_ssh_string(session->out_buffer, sig_blob) < 0) {
ssh_set_error(session, SSH_FATAL, "Not enough space");
buffer_reinit(session->out_buffer);
ssh_string_free(f);
- ssh_string_free(sign);
+ ssh_string_free(sig_blob);
return -1;
}
ssh_string_free(f);
- ssh_string_free(sign);
+ ssh_string_free(sig_blob);
if (packet_send(session) == SSH_ERROR) {
return -1;
}