summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2000-12-15 17:30:15 +0000
committerNiels Provos <provos@cvs.openbsd.org>2000-12-15 17:30:15 +0000
commitff201a9607d44edb8ef7548f2a0ebbebbc3dda40 (patch)
treec84b208cc41f013aee1c4746d0dfc5a0885b8a0c
parentcd83a6e1bbd09519513c994e3b80678bd38c21b1 (diff)
compute diffie-hellman in parallel between server and client. okay markus@
-rw-r--r--usr.bin/ssh/kex.c14
-rw-r--r--usr.bin/ssh/kex.h1
-rw-r--r--usr.bin/ssh/sshconnect2.c5
-rw-r--r--usr.bin/ssh/sshd.c13
4 files changed, 23 insertions, 10 deletions
diff --git a/usr.bin/ssh/kex.c b/usr.bin/ssh/kex.c
index 2dbac9b13bd..3a74fdac420 100644
--- a/usr.bin/ssh/kex.c
+++ b/usr.bin/ssh/kex.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.13 2000/11/12 19:50:37 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.14 2000/12/15 17:30:14 provos Exp $");
#include "ssh.h"
#include "ssh2.h"
@@ -139,7 +139,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
return 0;
}
-DH *
+void
dh_gen_key(DH *dh)
{
int tries = 0;
@@ -150,7 +150,6 @@ dh_gen_key(DH *dh)
if (tries++ > 10)
fatal("dh_new_group1: too many bad keys: giving up");
} while (!dh_pub_is_valid(dh, dh->pub_key));
- return dh;
}
DH *
@@ -168,9 +167,14 @@ dh_new_group_asc(const char *gen, const char *modulus)
if ((ret = BN_hex2bn(&dh->g, gen)) < 0)
fatal("BN_hex2bn g");
- return (dh_gen_key(dh));
+ return (dh);
}
+/*
+ * This just returns the group, we still need to generate the exchange
+ * value.
+ */
+
DH *
dh_new_group(BIGNUM *gen, BIGNUM *modulus)
{
@@ -182,7 +186,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus)
dh->p = modulus;
dh->g = gen;
- return (dh_gen_key(dh));
+ return (dh);
}
DH *
diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h
index 1890fc025e1..b445cee6387 100644
--- a/usr.bin/ssh/kex.h
+++ b/usr.bin/ssh/kex.h
@@ -102,6 +102,7 @@ void packet_set_kex(Kex *k);
int dh_pub_is_valid(DH *dh, BIGNUM *dh_pub);
DH *dh_new_group_asc(const char *, const char *);
DH *dh_new_group(BIGNUM *, BIGNUM *);
+void dh_gen_key();
DH *dh_new_group1();
unsigned char *
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 036519fadf7..ea03622f46a 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.30 2000/12/03 11:15:04 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.31 2000/12/15 17:30:14 provos Exp $");
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -166,6 +166,7 @@ ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr,
debug("Sending SSH2_MSG_KEXDH_INIT.");
/* generate and send 'e', client DH public key */
dh = dh_new_group1();
+ dh_gen_key(dh);
packet_start(SSH2_MSG_KEXDH_INIT);
packet_put_bignum2(dh->pub_key);
packet_send();
@@ -334,6 +335,8 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr,
if ((dh = dh_new_group(g, p)) == NULL)
fatal("dh_new_group");
+ dh_gen_key(dh);
+
#ifdef DEBUG_KEXDH
fprintf(stderr, "\np= ");
BN_print_fp(stderr, dh->p);
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 15ee05b6642..7e89dd057ba 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.138 2000/12/12 22:30:02 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.139 2000/12/15 17:30:14 provos Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -1428,6 +1428,10 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
/* KEXDH */
+ /* generate DH key */
+ dh = dh_new_group1(); /* XXX depends on 'kex' */
+ dh_gen_key(dh);
+
debug("Wait SSH2_MSG_KEXDH_INIT.");
packet_read_expect(&payload_len, SSH2_MSG_KEXDH_INIT);
@@ -1444,9 +1448,6 @@ ssh_dh1_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
debug("bits %d", BN_num_bits(dh_client_pub));
#endif
- /* generate DH key */
- dh = dh_new_group1(); /* XXX depends on 'kex' */
-
#ifdef DEBUG_KEXDH
fprintf(stderr, "\np= ");
BN_print_fp(stderr, dh->p);
@@ -1568,6 +1569,10 @@ ssh_dhgex_server(Kex *kex, Buffer *client_kexinit, Buffer *server_kexinit)
packet_send();
packet_write_wait();
+ /* Compute our exchange value in parallel with the client */
+
+ dh_gen_key(dh);
+
debug("Wait SSH2_MSG_KEX_DH_GEX_INIT.");
packet_read_expect(&payload_len, SSH2_MSG_KEX_DH_GEX_INIT);