mirror of
git://anongit.mindrot.org/openssh.git
synced 2025-01-17 23:20:56 +00:00
- djm@cvs.openbsd.org 2004/06/13 12:53:24
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h] [ssh-keyscan.c sshconnect2.c sshd.c] implement diffie-hellman-group14-sha1 kex method (trivial extension to existing diffie-hellman-group1-sha1); ok markus@
This commit is contained in:
parent
7cf17eb78c
commit
f675fc4948
@ -15,6 +15,11 @@
|
||||
- pedro@cvs.openbsd.org 2004/06/03 12:22:20
|
||||
[sftp-client.c sftp.c]
|
||||
initialize pointers, ok markus@
|
||||
- djm@cvs.openbsd.org 2004/06/13 12:53:24
|
||||
[dh.c dh.h kex.c kex.h kexdhc.c kexdhs.c monitor.c myproposal.h]
|
||||
[ssh-keyscan.c sshconnect2.c sshd.c]
|
||||
implement diffie-hellman-group14-sha1 kex method (trivial extension to
|
||||
existing diffie-hellman-group1-sha1); ok markus@
|
||||
|
||||
20040603
|
||||
- (dtucker) [auth-pam.c] Don't use pam_* namespace for sshd's PAM functions.
|
||||
@ -1199,4 +1204,4 @@
|
||||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.3379 2004/06/15 00:28:56 djm Exp $
|
||||
$Id: ChangeLog,v 1.3380 2004/06/15 00:30:09 djm Exp $
|
||||
|
28
dh.c
28
dh.c
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: dh.c,v 1.29 2004/02/27 22:49:27 dtucker Exp $");
|
||||
RCSID("$OpenBSD: dh.c,v 1.30 2004/06/13 12:53:24 djm Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
|
||||
@ -115,8 +115,9 @@ choose_dh(int min, int wantbits, int max)
|
||||
|
||||
if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL &&
|
||||
(f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
|
||||
logit("WARNING: %s does not exist, using old modulus", _PATH_DH_MODULI);
|
||||
return (dh_new_group1());
|
||||
logit("WARNING: %s does not exist, using fixed modulus",
|
||||
_PATH_DH_MODULI);
|
||||
return (dh_new_group14());
|
||||
}
|
||||
|
||||
linenum = 0;
|
||||
@ -169,7 +170,7 @@ choose_dh(int min, int wantbits, int max)
|
||||
return (dh_new_group(dhg.g, dhg.p));
|
||||
}
|
||||
|
||||
/* diffie-hellman-group1-sha1 */
|
||||
/* diffie-hellman-groupN-sha1 */
|
||||
|
||||
int
|
||||
dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
|
||||
@ -272,6 +273,25 @@ dh_new_group1(void)
|
||||
return (dh_new_group_asc(gen, group1));
|
||||
}
|
||||
|
||||
DH *
|
||||
dh_new_group14(void)
|
||||
{
|
||||
static char *gen = "2", *group14 =
|
||||
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
|
||||
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
|
||||
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
|
||||
"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
|
||||
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
|
||||
"C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
|
||||
"83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
|
||||
"670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
|
||||
"E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
|
||||
"DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
|
||||
"15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF";
|
||||
|
||||
return (dh_new_group_asc(gen, group14));
|
||||
}
|
||||
|
||||
/*
|
||||
* Estimates the group order for a Diffie-Hellman group that has an
|
||||
* attack complexity approximately the same as O(2**bits). Estimate
|
||||
|
3
dh.h
3
dh.h
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: dh.h,v 1.7 2001/06/26 17:27:23 markus Exp $ */
|
||||
/* $OpenBSD: dh.h,v 1.8 2004/06/13 12:53:24 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
@ -36,6 +36,7 @@ DH *choose_dh(int, int, int);
|
||||
DH *dh_new_group_asc(const char *, const char *);
|
||||
DH *dh_new_group(BIGNUM *, BIGNUM *);
|
||||
DH *dh_new_group1(void);
|
||||
DH *dh_new_group14(void);
|
||||
|
||||
void dh_gen_key(DH *, int);
|
||||
int dh_pub_is_valid(DH *, BIGNUM *);
|
||||
|
4
kex.c
4
kex.c
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kex.c,v 1.58 2004/05/09 01:26:48 djm Exp $");
|
||||
RCSID("$OpenBSD: kex.c,v 1.59 2004/06/13 12:53:24 djm Exp $");
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
@ -293,6 +293,8 @@ choose_kex(Kex *k, char *client, char *server)
|
||||
fatal("no kex alg");
|
||||
if (strcmp(k->name, KEX_DH1) == 0) {
|
||||
k->kex_type = KEX_DH_GRP1_SHA1;
|
||||
} else if (strcmp(k->name, KEX_DH14) == 0) {
|
||||
k->kex_type = KEX_DH_GRP14_SHA1;
|
||||
} else if (strcmp(k->name, KEX_DHGEX) == 0) {
|
||||
k->kex_type = KEX_DH_GEX_SHA1;
|
||||
} else
|
||||
|
4
kex.h
4
kex.h
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kex.h,v 1.34 2004/05/21 08:43:03 markus Exp $ */
|
||||
/* $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
@ -32,6 +32,7 @@
|
||||
#include "key.h"
|
||||
|
||||
#define KEX_DH1 "diffie-hellman-group1-sha1"
|
||||
#define KEX_DH14 "diffie-hellman-group14-sha1"
|
||||
#define KEX_DHGEX "diffie-hellman-group-exchange-sha1"
|
||||
|
||||
enum kex_init_proposals {
|
||||
@ -56,6 +57,7 @@ enum kex_modes {
|
||||
|
||||
enum kex_exchange {
|
||||
KEX_DH_GRP1_SHA1,
|
||||
KEX_DH_GRP14_SHA1,
|
||||
KEX_DH_GEX_SHA1,
|
||||
KEX_MAX
|
||||
};
|
||||
|
13
kexdhc.c
13
kexdhc.c
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexdhc.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
|
||||
RCSID("$OpenBSD: kexdhc.c,v 1.2 2004/06/13 12:53:24 djm Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
@ -44,7 +44,16 @@ kexdh_client(Kex *kex)
|
||||
u_int klen, kout, slen, sbloblen;
|
||||
|
||||
/* generate and send 'e', client DH public key */
|
||||
dh = dh_new_group1();
|
||||
switch (kex->kex_type) {
|
||||
case KEX_DH_GRP1_SHA1:
|
||||
dh = dh_new_group1();
|
||||
break;
|
||||
case KEX_DH_GRP14_SHA1:
|
||||
dh = dh_new_group14();
|
||||
break;
|
||||
default:
|
||||
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
|
||||
}
|
||||
dh_gen_key(dh, kex->we_need * 8);
|
||||
packet_start(SSH2_MSG_KEXDH_INIT);
|
||||
packet_put_bignum2(dh->pub_key);
|
||||
|
13
kexdhs.c
13
kexdhs.c
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kexdhs.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
|
||||
RCSID("$OpenBSD: kexdhs.c,v 1.2 2004/06/13 12:53:24 djm Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
@ -45,7 +45,16 @@ kexdh_server(Kex *kex)
|
||||
u_int slen;
|
||||
|
||||
/* generate server DH public key */
|
||||
dh = dh_new_group1();
|
||||
switch (kex->kex_type) {
|
||||
case KEX_DH_GRP1_SHA1:
|
||||
dh = dh_new_group1();
|
||||
break;
|
||||
case KEX_DH_GRP14_SHA1:
|
||||
dh = dh_new_group14();
|
||||
break;
|
||||
default:
|
||||
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
|
||||
}
|
||||
dh_gen_key(dh, kex->we_need * 8);
|
||||
|
||||
debug("expecting SSH2_MSG_KEXDH_INIT");
|
||||
|
@ -25,7 +25,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor.c,v 1.57 2004/05/11 19:01:43 deraadt Exp $");
|
||||
RCSID("$OpenBSD: monitor.c,v 1.58 2004/06/13 12:53:24 djm Exp $");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
|
||||
@ -1546,6 +1546,7 @@ mm_get_kex(Buffer *m)
|
||||
fatal("mm_get_get: internal error: bad session id");
|
||||
kex->we_need = buffer_get_int(m);
|
||||
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
|
||||
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
|
||||
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
|
||||
kex->server = 1;
|
||||
kex->hostkey_type = buffer_get_int(m);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: myproposal.h,v 1.15 2003/05/17 04:27:52 markus Exp $ */
|
||||
/* $OpenBSD: myproposal.h,v 1.16 2004/06/13 12:53:24 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
@ -23,7 +23,9 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1"
|
||||
#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1," \
|
||||
"diffie-hellman-group14-sha1," \
|
||||
"diffie-hellman-group1-sha1"
|
||||
#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
|
||||
#define KEX_DEFAULT_ENCRYPT \
|
||||
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \
|
||||
|
@ -7,7 +7,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-keyscan.c,v 1.47 2004/03/08 09:38:05 djm Exp $");
|
||||
RCSID("$OpenBSD: ssh-keyscan.c,v 1.48 2004/06/13 12:53:24 djm Exp $");
|
||||
|
||||
#include "openbsd-compat/sys-queue.h"
|
||||
|
||||
@ -349,6 +349,7 @@ keygrab_ssh2(con *c)
|
||||
"ssh-dss": "ssh-rsa";
|
||||
c->c_kex = kex_setup(myproposal);
|
||||
c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
|
||||
c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
|
||||
c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
|
||||
c->c_kex->verify_host_key = hostjump;
|
||||
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.137 2004/05/08 00:21:31 djm Exp $");
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.138 2004/06/13 12:53:24 djm Exp $");
|
||||
|
||||
#include "openbsd-compat/sys-queue.h"
|
||||
|
||||
@ -120,6 +120,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
|
||||
/* start key exchange */
|
||||
kex = kex_setup(myproposal);
|
||||
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
|
||||
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
|
||||
kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
|
||||
kex->client_version_string=client_version_string;
|
||||
kex->server_version_string=server_version_string;
|
||||
|
3
sshd.c
3
sshd.c
@ -42,7 +42,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshd.c,v 1.291 2004/05/09 01:19:28 djm Exp $");
|
||||
RCSID("$OpenBSD: sshd.c,v 1.292 2004/06/13 12:53:24 djm Exp $");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/bn.h>
|
||||
@ -1774,6 +1774,7 @@ do_ssh2_kex(void)
|
||||
/* start key exchange */
|
||||
kex = kex_setup(myproposal);
|
||||
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
|
||||
kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
|
||||
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
|
||||
kex->server = 1;
|
||||
kex->client_version_string=client_version_string;
|
||||
|
Loading…
Reference in New Issue
Block a user