diff options
author | Niels Provos <provos@cvs.openbsd.org> | 2000-12-15 17:30:15 +0000 |
---|---|---|
committer | Niels Provos <provos@cvs.openbsd.org> | 2000-12-15 17:30:15 +0000 |
commit | ff201a9607d44edb8ef7548f2a0ebbebbc3dda40 (patch) | |
tree | c84b208cc41f013aee1c4746d0dfc5a0885b8a0c | |
parent | cd83a6e1bbd09519513c994e3b80678bd38c21b1 (diff) |
compute diffie-hellman in parallel between server and client. okay markus@
-rw-r--r-- | usr.bin/ssh/kex.c | 14 | ||||
-rw-r--r-- | usr.bin/ssh/kex.h | 1 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect2.c | 5 | ||||
-rw-r--r-- | usr.bin/ssh/sshd.c | 13 |
4 files changed, 23 insertions, 10 deletions
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c index 2dbac9b13bd..3a74fdac420 100644 --- a/usr.bin/ssh/kex.c +++ b/usr.bin/ssh/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.13 2000/11/12 19:50:37 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.14 2000/12/15 17:30:14 provos Exp $"); #include "ssh.h" #include "ssh2.h" @@ -139,7 +139,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) return 0; } -DH * +void dh_gen_key(DH *dh) { int tries = 0; @@ -150,7 +150,6 @@ dh_gen_key(DH *dh) if (tries++ > 10) fatal("dh_new_group1: too many bad keys: giving up"); } while (!dh_pub_is_valid(dh, dh->pub_key)); - return dh; } DH * @@ -168,9 +167,14 @@ dh_new_group_asc(const char *gen, const char *modulus) if ((ret = BN_hex2bn(&dh->g, gen)) < 0) fatal("BN_hex2bn g"); - return (dh_gen_key(dh)); + return (dh); } +/* + * This just returns the group, we still need to generate the exchange + * value. + */ + DH * dh_new_group(BIGNUM *gen, BIGNUM *modulus) { @@ -182,7 +186,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus) dh->p = modulus; dh->g = gen; - return (dh_gen_key(dh)); + return (dh); } DH * diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h index 1890fc025e1..b445cee6387 100644 --- a/usr.bin/ssh/kex.h +++ b/usr.bin/ssh/kex.h @@ -102,6 +102,7 @@ void packet_set_kex(Kex *k); int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub); DH *dh_new_group_asc(const char *, const char *); DH *dh_new_group(BIGNUM *, BIGNUM *); +void dh_gen_key(); DH *dh_new_group1(); unsigned char * diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 036519fadf7..ea03622f46a 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.30 2000/12/03 11:15:04 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.31 2000/12/15 17:30:14 provos Exp $"); #include <openssl/bn.h> #include <openssl/rsa.h> @@ -166,6 +166,7 @@ ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr, debug("Sending SSH2_MSG_KEXDH_INIT."); /* generate and send 'e', client DH public key */ dh = dh_new_group1(); + dh_gen_key(dh); packet_start(SSH2_MSG_KEXDH_INIT); packet_put_bignum2(dh->pub_key); packet_send(); @@ -334,6 +335,8 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, if ((dh = dh_new_group(g, p)) == NULL) fatal("dh_new_group"); + dh_gen_key(dh); + #ifdef DEBUG_KEXDH fprintf(stderr, "\np= "); BN_print_fp(stderr, dh->p); diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 15ee05b6642..7e89dd057ba 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.138 2000/12/12 22:30:02 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.139 2000/12/15 17:30:14 provos Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -1428,6 +1428,10 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) fatal("Unsupported hostkey type %d", kex->hostkey_type); /* KEXDH */ + /* generate DH key */ + dh = dh_new_group1(); /* XXX depends on 'kex' */ + dh_gen_key(dh); + debug("Wait SSH2_MSG_KEXDH_INIT."); packet_read_expect(&payload_len, SSH2_MSG_KEXDH_INIT); @@ -1444,9 +1448,6 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) debug("bits %d", BN_num_bits(dh_client_pub)); #endif - /* generate DH key */ - dh = dh_new_group1(); /* XXX depends on 'kex' */ - #ifdef DEBUG_KEXDH fprintf(stderr, "\np= "); BN_print_fp(stderr, dh->p); @@ -1568,6 +1569,10 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit) packet_send(); packet_write_wait(); + /* Compute our exchange value in parallel with the client */ + + dh_gen_key(dh); + debug("Wait SSH2_MSG_KEX_DH_GEX_INIT."); packet_read_expect(&payload_len, SSH2_MSG_KEX_DH_GEX_INIT); |