diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2016-12-30 21:54:49 +0100 |
---|---|---|
committer | Aris Adamantiadis <aris@0xbadc0de.be> | 2017-06-08 10:45:54 +0200 |
commit | 5446db7f0a6cc5f4d414060c3f2d636115772335 (patch) | |
tree | 201cf2d3d3986e3f38f7df8ef27ebdacabbec76e | |
parent | cc478ab8c0ce00219e14aed5eb0cce5a2c159293 (diff) | |
download | libssh-5446db7f0a6cc5f4d414060c3f2d636115772335.tar.gz libssh-5446db7f0a6cc5f4d414060c3f2d636115772335.tar.xz libssh-5446db7f0a6cc5f4d414060c3f2d636115772335.zip |
dhgex WIP
-rw-r--r-- | examples/sample.c | 1 | ||||
-rw-r--r-- | include/libssh/crypto.h | 1 | ||||
-rw-r--r-- | include/libssh/dh-gex.h | 1 | ||||
-rw-r--r-- | include/libssh/libgcrypt.h | 2 | ||||
-rw-r--r-- | src/dh-gex.c | 30 | ||||
-rw-r--r-- | src/wrapper.c | 5 | ||||
-rw-r--r-- | tests/pkd/pkd_hello.c | 10 |
7 files changed, 49 insertions, 1 deletions
diff --git a/examples/sample.c b/examples/sample.c index 53f7f6c4..f14733f9 100644 --- a/examples/sample.c +++ b/examples/sample.c @@ -340,6 +340,7 @@ int main(int argc, char **argv){ ssh_get_error(session)); usage(); } + ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group-exchange-sha256"); opts(argc,argv); signal(SIGTERM, do_exit); diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h index bdb31d87..201feaf2 100644 --- a/include/libssh/crypto.h +++ b/include/libssh/crypto.h @@ -81,6 +81,7 @@ struct ssh_crypto_struct { bignum g, p; int dh_group_is_mutable; /* do free group parameters */ int dh_group_bits; /* size of p in bits */ + int pmin; int pn; int pmax; /* preferred group parameters */ #ifdef HAVE_ECDH #ifdef HAVE_OPENSSL_ECC EC_KEY *ecdh_privkey; diff --git a/include/libssh/dh-gex.h b/include/libssh/dh-gex.h index 3b3c4f89..6f82bcff 100644 --- a/include/libssh/dh-gex.h +++ b/include/libssh/dh-gex.h @@ -29,6 +29,7 @@ int ssh_client_dhgex_init(ssh_session session); #ifdef WITH_SERVER void ssh_server_dhgex_init(ssh_session session); + #endif /* WITH_SERVER */ diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h index 02b2b512..5c1ede82 100644 --- a/include/libssh/libgcrypt.h +++ b/include/libssh/libgcrypt.h @@ -76,7 +76,7 @@ char *ssh_gcry_bn2dec(bignum bn); #define bignum_bn2dec(num) ssh_gcry_bn2dec(num) #define bignum_dec2bn(num, data) ssh_gcry_dec2bn(data, num) #define bignum_bn2hex(num,data) gcry_mpi_aprint(GCRYMPI_FMT_HEX,data,NULL,num) -#define bignum_hex2bn(data, num) gcry_mpi_scan(num,GCRYMPI_FMT_HEX,data,strlen(data),NULL) +#define bignum_hex2bn(data, num) gcry_mpi_scan(num,GCRYMPI_FMT_HEX,data,0,NULL) #define bignum_rand(num,bits) gcry_mpi_randomize(num,bits,GCRY_STRONG_RANDOM),gcry_mpi_set_bit(num,bits-1),gcry_mpi_set_bit(num,0) #define bignum_mod_exp(dest,generator,exp,modulo, ctx) gcry_mpi_powm(dest,generator,exp,modulo) #define bignum_num_bits(num) gcry_mpi_get_nbits(num) diff --git a/src/dh-gex.c b/src/dh-gex.c index 35d7ec97..1bd1b49a 100644 --- a/src/dh-gex.c +++ b/src/dh-gex.c @@ -378,4 +378,34 @@ error: return SSH_ERROR; } +static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request); + +static ssh_packet_callback dhgex_server_callbacks[]= { + NULL, /* SSH_MSG_KEX_DH_GEX_REQUEST_OLD */ + NULL, /* SSH_MSG_KEX_DH_GEX_GROUP */ + NULL, /* SSH_MSG_KEX_DH_GEX_INIT */ + NULL, /* SSH_MSG_KEX_DH_GEX_REPLY */ + ssh_packet_server_dhgex_request +}; + +static struct ssh_packet_callbacks_struct ssh_dhgex_server_callbacks = { + .start = SSH2_MSG_KEX_DH_GEX_REQUEST_OLD, + .n_callbacks = 5, + .callbacks = dhgex_server_callbacks, + .user = NULL +}; + +/** @internal + * @brief sets up the diffie-hellman-groupx kex callbacks + */ +void ssh_server_dhgex_init(ssh_session session){ + /* register the packet callbacks */ + ssh_packet_set_callbacks(session, &ssh_dhgex_server_callbacks); + ssh_dh_init_common(session); +} + +static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request){ + return SSH_PACKET_USED; +} + #endif /* WITH_SERVER */ diff --git a/src/wrapper.c b/src/wrapper.c index a5df9ab5..951016ee 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -48,6 +48,7 @@ #include "libssh/wrapper.h" #include "libssh/pki.h" #include "libssh/dh.h" +#include "libssh/dh-gex.h" #include "libssh/ecdh.h" #include "libssh/curve25519.h" @@ -485,6 +486,10 @@ int crypt_set_algorithms_server(ssh_session session){ case SSH_KEX_DH_GROUP14_SHA1: ssh_server_dh_init(session); break; + case SSH_KEX_DH_GEX_SHA1: + case SSH_KEX_DH_GEX_SHA256: + ssh_server_dhgex_init(session); + break; #ifdef HAVE_ECDH case SSH_KEX_ECDH_SHA2_NISTP256: ssh_server_ecdh_init(session); diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c index 3ea96ff0..5be65838 100644 --- a/tests/pkd/pkd_hello.c +++ b/tests/pkd/pkd_hello.c @@ -183,22 +183,32 @@ static int torture_pkd_setup_ecdsa_521(void **state) { /* Kex algorithms. */ \ f(client, rsa_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_rsa, teardown) \ f(client, rsa_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_rsa, teardown) \ + f(client, rsa_diffie_hellman_group_exchange_sha256,kexcmd("diffie-hellman-group-exchange-sha256"),setup_rsa, teardown) \ + f(client, rsa_diffie_hellman_group_exchange_sha1, kexcmd("diffie-hellman-group-exchange-sha1"),setup_rsa, teardown) \ f(client, rsa_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_rsa, teardown) \ f(client, rsa_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_rsa, teardown) \ /* f(client, dsa_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_dsa, teardown) \ f(client, dsa_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_dsa, teardown) \ + f(client, dsa_diffie_hellman_group_exchange_sha256,kexcmd("diffie-hellman-group-exchange-sha256"),setup_dsa, teardown) \ + f(client, dsa_diffie_hellman_group_exchange_sha1, kexcmd("diffie-hellman-group-exchange-sha1"),setup_dsa, teardown) \ f(client, dsa_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_dsa, teardown) \ f(client, dsa_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_dsa, teardown)*/ \ f(client, ecdsa_256_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_256, teardown) \ f(client, ecdsa_256_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_diffie_hellman_group_exchange_sha256,kexcmd("diffie-hellman-group-exchange-sha256"),setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_diffie_hellman_group_exchange_sha1,kexcmd("diffie-hellman-group-exchange-sha1"),setup_ecdsa_256, teardown) \ f(client, ecdsa_256_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_256, teardown) \ f(client, ecdsa_256_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_256, teardown) \ f(client, ecdsa_384_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_384, teardown) \ f(client, ecdsa_384_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_diffie_hellman_group_exchange_sha256,kexcmd("diffie-hellman-group-exchange-sha256"),setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_diffie_hellman_group_exchange_sha1,kexcmd("diffie-hellman-group-exchange-sha1"),setup_ecdsa_384, teardown) \ f(client, ecdsa_384_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_384, teardown) \ f(client, ecdsa_384_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_384, teardown) \ f(client, ecdsa_521_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_diffie_hellman_group_exchange_sha256,kexcmd("diffie-hellman-group-exchange-sha256"),setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_diffie_hellman_group_exchange_sha1,kexcmd("diffie-hellman-group-exchange-sha1"),setup_ecdsa_521, teardown) \ f(client, ecdsa_521_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_521, teardown) |