[u/mdw/putty] / sshdh.c

#include "ssh.h"

struct ssh_kex ssh_diffiehellman = {
    "diffie-hellman-group1-sha1"
};

/*
 * The prime p used in the key exchange. 
 */
static unsigned char P[] = {
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
    0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
    0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
    0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
    0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
    0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
    0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
    0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
    0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
    0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};

/*
 * The generator g = 2.
 */
static unsigned char G[] = { 2 };

/*
 * Variables.
 */
static Bignum x, e, p, q, qmask, g;
static int need_to_free_pg;

/*
 * Common DH initialisation.
 */
static void dh_init(void) {
    q = bignum_rshift(p, 1);
    qmask = bignum_bitmask(q);
}

/*
 * Initialise DH for the standard group1.
 */
void dh_setup_group1(void) {
    p = bignum_from_bytes(P, sizeof(P));
    g = bignum_from_bytes(G, sizeof(G));
    dh_init();
}

/*
 * Clean up.
 */
void dh_cleanup(void) {
    freebn(p);
    freebn(g);
    freebn(q);
    freebn(qmask);
}

/*
 * DH stage 1: invent a number x between 1 and q, and compute e =
 * g^x mod p. Return e.
 */
Bignum dh_create_e(void) {
    int i;

    int nbytes;
    unsigned char *buf;

    nbytes = ssh1_bignum_length(qmask);
    buf = smalloc(nbytes);

    do {
	/*
	 * Create a potential x, by ANDing a string of random bytes
	 * with qmask.
	 */
        if (x) freebn(x);
        ssh1_write_bignum(buf, qmask);
	for (i = 2; i < nbytes; i++)
            buf[i] &= random_byte();
        ssh1_read_bignum(buf, &x);
    } while (bignum_cmp(x, One) <= 0 || bignum_cmp(x, q) >= 0);

    /*
     * Done. Now compute e = g^x mod p.
     */
    e = modpow(g, x, p);

    return e;
}

/*
 * DH stage 2: given a number f, compute K = f^x mod p.
 */
Bignum dh_find_K(Bignum f) {
    return modpow(f, x, p);
}
Commit	Line	Data
e5574168	1	#include "ssh.h"
	2
	3	struct ssh_kex ssh_diffiehellman = {
	4	"diffie-hellman-group1-sha1"
	5	};
	6
	7	/*
	8	* The prime p used in the key exchange.
	9	*/
3709bfe9	10	static unsigned char P[] = {
	11	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
	12	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
	13	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
	14	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
	15	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
	16	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
	17	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
	18	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
	19	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
	20	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
	21	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
e5574168	22	};
	23
	24	/*
3709bfe9	25	* The generator g = 2.
e5574168	26	*/
3709bfe9	27	static unsigned char G[] = { 2 };
e5574168	28
e5574168	29	/*
3709bfe9	30	* Variables.
e5574168	31	*/
3709bfe9	32	static Bignum x, e, p, q, qmask, g;
3709bfe9	33	static int need_to_free_pg;
e5574168	34
e5574168	35	/*
3709bfe9	36	* Common DH initialisation.
e5574168	37	*/
3709bfe9	38	static void dh_init(void) {
	39	q = bignum_rshift(p, 1);
	40	qmask = bignum_bitmask(q);
	41	}
e5574168	42
e5574168	43	/*
3709bfe9	44	* Initialise DH for the standard group1.
e5574168	45	*/
3709bfe9	46	void dh_setup_group1(void) {
	47	p = bignum_from_bytes(P, sizeof(P));
	48	g = bignum_from_bytes(G, sizeof(G));
	49	dh_init();
	50	}
	51
	52	/*
	53	* Clean up.
	54	*/
	55	void dh_cleanup(void) {
	56	freebn(p);
	57	freebn(g);
	58	freebn(q);
	59	freebn(qmask);
	60	}
e5574168	61
	62	/*
	63	* DH stage 1: invent a number x between 1 and q, and compute e =
	64	* g^x mod p. Return e.
	65	*/
	66	Bignum dh_create_e(void) {
	67	int i;
	68
3709bfe9	69	int nbytes;
	70	unsigned char *buf;
	71
	72	nbytes = ssh1_bignum_length(qmask);
	73	buf = smalloc(nbytes);
e5574168	74
a71540b9	75	do {
	76	/*
	77	* Create a potential x, by ANDing a string of random bytes
3709bfe9	78	* with qmask.
a71540b9	79	*/
3709bfe9	80	if (x) freebn(x);
	81	ssh1_write_bignum(buf, qmask);
	82	for (i = 2; i < nbytes; i++)
	83	buf[i] &= random_byte();
	84	ssh1_read_bignum(buf, &x);
	85	} while (bignum_cmp(x, One) <= 0 \|\| bignum_cmp(x, q) >= 0);
e5574168	86
	87	/*
	88	* Done. Now compute e = g^x mod p.
	89	*/
3709bfe9	90	e = modpow(g, x, p);
e5574168	91
	92	return e;
	93	}
	94
	95	/*
	96	* DH stage 2: given a number f, compute K = f^x mod p.
	97	*/
	98	Bignum dh_find_K(Bignum f) {
3709bfe9	99	return modpow(f, x, p);
e5574168	100	}