dhgex WIP

7 files changed, 49 insertions, 1 deletions

diff --git a/examples/sample.c b/examples/sample.c
index 53f7f6c4..f14733f9 100644
--- a/examples/sample.c
+++ b/examples/sample.c
@@ -340,6 +340,7 @@ int main(int argc, char **argv){
           ssh_get_error(session));
       usage();
     }
+    ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha256");
     opts(argc,argv);
     signal(SIGTERM, do_exit);
 
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index bdb31d87..201feaf2 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -81,6 +81,7 @@ struct ssh_crypto_struct {
     bignum g, p;
     int dh_group_is_mutable; /* do free group parameters */
     int dh_group_bits; /* size of p in bits */
+    int pmin; int pn; int pmax; /* preferred group parameters */
 #ifdef HAVE_ECDH
 #ifdef HAVE_OPENSSL_ECC
     EC_KEY *ecdh_privkey;
diff --git a/include/libssh/dh-gex.h b/include/libssh/dh-gex.h
index 3b3c4f89..6f82bcff 100644
--- a/include/libssh/dh-gex.h
+++ b/include/libssh/dh-gex.h
@@ -29,6 +29,7 @@ int ssh_client_dhgex_init(ssh_session session);
 
 #ifdef WITH_SERVER
 void ssh_server_dhgex_init(ssh_session session);
+
 #endif /* WITH_SERVER */
 
 
diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h
index 02b2b512..5c1ede82 100644
--- a/include/libssh/libgcrypt.h
+++ b/include/libssh/libgcrypt.h
@@ -76,7 +76,7 @@ char *ssh_gcry_bn2dec(bignum bn);
 #define bignum_bn2dec(num) ssh_gcry_bn2dec(num)
 #define bignum_dec2bn(num, data) ssh_gcry_dec2bn(data, num)
 #define bignum_bn2hex(num,data) gcry_mpi_aprint(GCRYMPI_FMT_HEX,data,NULL,num)
-#define bignum_hex2bn(data, num) gcry_mpi_scan(num,GCRYMPI_FMT_HEX,data,strlen(data),NULL)
+#define bignum_hex2bn(data, num) gcry_mpi_scan(num,GCRYMPI_FMT_HEX,data,0,NULL)
 #define bignum_rand(num,bits) gcry_mpi_randomize(num,bits,GCRY_STRONG_RANDOM),gcry_mpi_set_bit(num,bits-1),gcry_mpi_set_bit(num,0)
 #define bignum_mod_exp(dest,generator,exp,modulo, ctx) gcry_mpi_powm(dest,generator,exp,modulo)
 #define bignum_num_bits(num) gcry_mpi_get_nbits(num)
diff --git a/src/dh-gex.c b/src/dh-gex.c
index 35d7ec97..1bd1b49a 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -378,4 +378,34 @@ error:
     return SSH_ERROR;
 }
 
+static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request);
+
+static ssh_packet_callback dhgex_server_callbacks[]= {
+    NULL, /* SSH_MSG_KEX_DH_GEX_REQUEST_OLD */
+    NULL, /* SSH_MSG_KEX_DH_GEX_GROUP */
+    NULL, /* SSH_MSG_KEX_DH_GEX_INIT */
+    NULL, /* SSH_MSG_KEX_DH_GEX_REPLY */
+    ssh_packet_server_dhgex_request
+};
+
+static struct ssh_packet_callbacks_struct ssh_dhgex_server_callbacks = {
+    .start = SSH2_MSG_KEX_DH_GEX_REQUEST_OLD,
+    .n_callbacks = 5,
+    .callbacks = dhgex_server_callbacks,
+    .user = NULL
+};
+
+/** @internal
+ * @brief sets up the diffie-hellman-groupx kex callbacks
+ */
+void ssh_server_dhgex_init(ssh_session session){
+    /* register the packet callbacks */
+    ssh_packet_set_callbacks(session, &ssh_dhgex_server_callbacks);
+    ssh_dh_init_common(session);
+}
+
+static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request){
+    return SSH_PACKET_USED;
+}
+
 #endif /* WITH_SERVER */
diff --git a/src/wrapper.c b/src/wrapper.c
index a5df9ab5..951016ee 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -48,6 +48,7 @@
 #include "libssh/wrapper.h"
 #include "libssh/pki.h"
 #include "libssh/dh.h"
+#include "libssh/dh-gex.h"
 #include "libssh/ecdh.h"
 #include "libssh/curve25519.h"
 
@@ -485,6 +486,10 @@ int crypt_set_algorithms_server(ssh_session session){
     case SSH_KEX_DH_GROUP14_SHA1:
       ssh_server_dh_init(session);
       break;
+    case SSH_KEX_DH_GEX_SHA1:
+    case SSH_KEX_DH_GEX_SHA256:
+      ssh_server_dhgex_init(session);
+      break;
 #ifdef HAVE_ECDH
     case SSH_KEX_ECDH_SHA2_NISTP256:
       ssh_server_ecdh_init(session);
diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c
index 3ea96ff0..5be65838 100644
--- a/tests/pkd/pkd_hello.c
+++ b/tests/pkd/pkd_hello.c
@@ -183,22 +183,32 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     /* Kex algorithms. */ \
     f(client, rsa_curve25519_sha256,                  kexcmd("curve25519-sha256@libssh.org"),  setup_rsa,        teardown) \
     f(client, rsa_ecdh_sha2_nistp256,                 kexcmd("ecdh-sha2-nistp256 "),           setup_rsa,        teardown) \
+    f(client, rsa_diffie_hellman_group_exchange_sha256,kexcmd("diffie-hellman-group-exchange-sha256"),setup_rsa, teardown) \
+    f(client, rsa_diffie_hellman_group_exchange_sha1, kexcmd("diffie-hellman-group-exchange-sha1"),setup_rsa,    teardown) \
     f(client, rsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),   setup_rsa,        teardown) \
     f(client, rsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),    setup_rsa,        teardown) \
 /*  f(client, dsa_curve25519_sha256,                  kexcmd("curve25519-sha256@libssh.org"),  setup_dsa,        teardown) \
     f(client, dsa_ecdh_sha2_nistp256,                 kexcmd("ecdh-sha2-nistp256 "),           setup_dsa,        teardown) \
+    f(client, dsa_diffie_hellman_group_exchange_sha256,kexcmd("diffie-hellman-group-exchange-sha256"),setup_dsa, teardown) \
+    f(client, dsa_diffie_hellman_group_exchange_sha1, kexcmd("diffie-hellman-group-exchange-sha1"),setup_dsa,    teardown) \
     f(client, dsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),   setup_dsa,        teardown) \
     f(client, dsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),    setup_dsa,        teardown)*/ \
     f(client, ecdsa_256_curve25519_sha256,            kexcmd("curve25519-sha256@libssh.org"),  setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),           setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_256_diffie_hellman_group_exchange_sha256,kexcmd("diffie-hellman-group-exchange-sha256"),setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_256_diffie_hellman_group_exchange_sha1,kexcmd("diffie-hellman-group-exchange-sha1"),setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),   setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),    setup_ecdsa_256,  teardown) \
     f(client, ecdsa_384_curve25519_sha256,            kexcmd("curve25519-sha256@libssh.org"),  setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),           setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_384_diffie_hellman_group_exchange_sha256,kexcmd("diffie-hellman-group-exchange-sha256"),setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_384_diffie_hellman_group_exchange_sha1,kexcmd("diffie-hellman-group-exchange-sha1"),setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),   setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),    setup_ecdsa_384,  teardown) \
     f(client, ecdsa_521_curve25519_sha256,            kexcmd("curve25519-sha256@libssh.org"),  setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),           setup_ecdsa_521,  teardown) \
+    f(client, ecdsa_521_diffie_hellman_group_exchange_sha256,kexcmd("diffie-hellman-group-exchange-sha256"),setup_ecdsa_521,  teardown) \
+    f(client, ecdsa_521_diffie_hellman_group_exchange_sha1,kexcmd("diffie-hellman-group-exchange-sha1"),setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),   setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),    setup_ecdsa_521,  teardown)