diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2019-01-21 10:00:24 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2019-01-21 10:00:24 +0000 |
| commit | d1fc3b454d47ad5060b574a3e34949016f525a4d (patch) | |
| tree | 34cff2b8a8106aeed4b0f5e588e45d9d49af795a | |
| parent | f0d3283515c5a439ab21c1c8d9881a9f98a8bc30 (diff) | |
factor out DH keygen; it's identical between the client and the server
from markus@ ok djm@
| -rw-r--r-- | usr.bin/ssh/kex.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/kexdh.c | 28 | ||||
| -rw-r--r-- | usr.bin/ssh/kexdhc.c | 28 | ||||
| -rw-r--r-- | usr.bin/ssh/kexdhs.c | 35 |
4 files changed, 37 insertions, 57 deletions
diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h index 7847aa2568a..b4bf804f9d0 100644 --- a/usr.bin/ssh/kex.h +++ b/usr.bin/ssh/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.94 2019/01/19 21:43:56 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.95 2019/01/21 10:00:23 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -186,6 +186,7 @@ int kexecdh_server(struct ssh *); int kexc25519_client(struct ssh *); int kexc25519_server(struct ssh *); +int kex_dh_keygen(struct kex *); int kex_dh_hash(int, const struct sshbuf *, const struct sshbuf *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); diff --git a/usr.bin/ssh/kexdh.c b/usr.bin/ssh/kexdh.c index a069d51647d..af7088b40f0 100644 --- a/usr.bin/ssh/kexdh.c +++ b/usr.bin/ssh/kexdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdh.c,v 1.27 2018/12/27 03:25:25 djm Exp $ */ +/* $OpenBSD: kexdh.c,v 1.28 2019/01/21 10:00:23 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -33,11 +33,37 @@ #include "sshkey.h" #include "cipher.h" #include "kex.h" +#include "dh.h" #include "ssherr.h" #include "sshbuf.h" #include "digest.h" int +kex_dh_keygen(struct kex *kex) +{ + switch (kex->kex_type) { + case KEX_DH_GRP1_SHA1: + kex->dh = dh_new_group1(); + break; + case KEX_DH_GRP14_SHA1: + case KEX_DH_GRP14_SHA256: + kex->dh = dh_new_group14(); + break; + case KEX_DH_GRP16_SHA512: + kex->dh = dh_new_group16(); + break; + case KEX_DH_GRP18_SHA512: + kex->dh = dh_new_group18(); + break; + default: + return SSH_ERR_INVALID_ARGUMENT; + } + if (kex->dh == NULL) + return SSH_ERR_ALLOC_FAIL; + return (dh_gen_key(kex->dh, kex->we_need * 8)); +} + +int kex_dh_hash( int hash_alg, const struct sshbuf *client_version, diff --git a/usr.bin/ssh/kexdhc.c b/usr.bin/ssh/kexdhc.c index d2989cb3fc6..7ee51772719 100644 --- a/usr.bin/ssh/kexdhc.c +++ b/usr.bin/ssh/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.26 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.27 2019/01/21 10:00:23 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -34,10 +34,10 @@ #include "sshkey.h" #include "cipher.h" #include "digest.h" +#include "dh.h" #include "kex.h" #include "log.h" #include "packet.h" -#include "dh.h" #include "ssh2.h" #include "dispatch.h" #include "compat.h" @@ -54,31 +54,9 @@ kexdh_client(struct ssh *ssh) const BIGNUM *pub_key; /* generate and send 'e', client DH public key */ - switch (kex->kex_type) { - case KEX_DH_GRP1_SHA1: - kex->dh = dh_new_group1(); - break; - case KEX_DH_GRP14_SHA1: - case KEX_DH_GRP14_SHA256: - kex->dh = dh_new_group14(); - break; - case KEX_DH_GRP16_SHA512: - kex->dh = dh_new_group16(); - break; - case KEX_DH_GRP18_SHA512: - kex->dh = dh_new_group18(); - break; - default: - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if (kex->dh == NULL) { - r = SSH_ERR_ALLOC_FAIL; + if ((r = kex_dh_keygen(kex)) != 0) goto out; - } debug("sending SSH2_MSG_KEXDH_INIT"); - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) - goto out; DH_get0_key(kex->dh, &pub_key, NULL); if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || diff --git a/usr.bin/ssh/kexdhs.c b/usr.bin/ssh/kexdhs.c index dd8aa19d41c..c0fd63f79af 100644 --- a/usr.bin/ssh/kexdhs.c +++ b/usr.bin/ssh/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.32 2019/01/21 09:55:52 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.33 2019/01/21 10:00:23 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -33,10 +33,10 @@ #include "sshkey.h" #include "cipher.h" #include "digest.h" +#include "dh.h" #include "kex.h" #include "log.h" #include "packet.h" -#include "dh.h" #include "ssh2.h" #include "dispatch.h" @@ -53,36 +53,11 @@ kexdh_server(struct ssh *ssh) int r; /* generate server DH public key */ - switch (kex->kex_type) { - case KEX_DH_GRP1_SHA1: - kex->dh = dh_new_group1(); - break; - case KEX_DH_GRP14_SHA1: - case KEX_DH_GRP14_SHA256: - kex->dh = dh_new_group14(); - break; - case KEX_DH_GRP16_SHA512: - kex->dh = dh_new_group16(); - break; - case KEX_DH_GRP18_SHA512: - kex->dh = dh_new_group18(); - break; - default: - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } - if (kex->dh == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) - goto out; - + if ((r = kex_dh_keygen(kex)) != 0) + return r; debug("expecting SSH2_MSG_KEXDH_INIT"); ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init); - r = 0; - out: - return r; + return 0; } int |