From e055a386af9c83d4a04e72f7c58805f1197df8be Mon Sep 17 00:00:00 2001 From: simon Date: Sat, 2 Dec 2000 12:48:15 +0000 Subject: [PATCH] Improve SSH2 host key abstraction into a generic `signing key' abstraction, so as to be able to re-use the same abstraction for user authentication keys and probably in the SSH2 agent (when that happens) as well. git-svn-id: svn://svn.tartarus.org/sgt/putty@815 cda61777-01e9-0310-a592-d414129be87e --- ssh.c | 16 +++++----- ssh.h | 14 ++++++--- sshdss.c | 108 ++++++++++++++++++++++++++++++++++++++++----------------------- 3 files changed, 86 insertions(+), 52 deletions(-) diff --git a/ssh.c b/ssh.c index e7518b6a..92afd085 100644 --- a/ssh.c +++ b/ssh.c @@ -171,8 +171,8 @@ const static struct ssh_cipher *ciphers[] = { &ssh_blowfish_ssh2, &ssh_3des_ssh2 extern const struct ssh_kex ssh_diffiehellman; const static struct ssh_kex *kex_algs[] = { &ssh_diffiehellman }; -extern const struct ssh_hostkey ssh_dss; -const static struct ssh_hostkey *hostkey_algs[] = { &ssh_dss }; +extern const struct ssh_signkey ssh_dss; +const static struct ssh_signkey *hostkey_algs[] = { &ssh_dss }; extern const struct ssh_mac ssh_md5, ssh_sha1, ssh_sha1_buggy; @@ -246,7 +246,7 @@ static const struct ssh_mac *scmac = NULL; static const struct ssh_compress *cscomp = NULL; static const struct ssh_compress *sccomp = NULL; static const struct ssh_kex *kex = NULL; -static const struct ssh_hostkey *hostkey = NULL; +static const struct ssh_signkey *hostkey = NULL; int (*ssh_get_password)(const char *prompt, char *str, int maxlen) = NULL; static char *savedhost; @@ -1987,6 +1987,7 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) static const struct ssh_compress *sccomp_tobe = NULL; static char *hostkeydata, *sigdata, *keystr, *fingerprint; static int hostkeylen, siglen; + static void *hkey; /* actual host key */ static unsigned char exchange_hash[20]; static unsigned char keyspace[40]; static const struct ssh_cipher *preferred_cipher; @@ -2216,8 +2217,8 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) debug(("\r\n")); #endif - hostkey->setkey(hostkeydata, hostkeylen); - if (!hostkey->verifysig(sigdata, siglen, exchange_hash, 20)) { + hkey = hostkey->newkey(hostkeydata, hostkeylen); + if (!hostkey->verifysig(hkey, sigdata, siglen, exchange_hash, 20)) { bombout(("Server failed host key check")); crReturn(0); } @@ -2235,14 +2236,15 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) * Authenticate remote host: verify host key. (We've already * checked the signature of the exchange hash.) */ - keystr = hostkey->fmtkey(); - fingerprint = hostkey->fingerprint(); + keystr = hostkey->fmtkey(hkey); + fingerprint = hostkey->fingerprint(hkey); verify_ssh_host_key(savedhost, savedport, hostkey->keytype, keystr, fingerprint); logevent("Host key fingerprint is:"); logevent(fingerprint); free(fingerprint); free(keystr); + hostkey->freekey(hkey); /* * Send SSH2_MSG_NEWKEYS. diff --git a/ssh.h b/ssh.h index 3d89dee0..b999c665 100644 --- a/ssh.h +++ b/ssh.h @@ -126,11 +126,15 @@ struct ssh_kex { char *name; }; -struct ssh_hostkey { - void (*setkey)(char *data, int len); - char *(*fmtkey)(void); - char *(*fingerprint)(void); - int (*verifysig)(char *sig, int siglen, char *data, int datalen); +struct ssh_signkey { + void *(*newkey)(char *data, int len); + void (*freekey)(void *key); + char *(*fmtkey)(void *key); + char *(*fingerprint)(void *key); + int (*verifysig)(void *key, char *sig, int siglen, + char *data, int datalen); + int (*sign)(void *key, char *sig, int siglen, + char *data, int datalen); char *name; char *keytype; /* for host key cache */ }; diff --git a/sshdss.c b/sshdss.c index 15b97ba1..656fa689 100644 --- a/sshdss.c +++ b/sshdss.c @@ -93,11 +93,17 @@ static Bignum get160(char **data, int *datalen) { return b; } -static Bignum dss_p, dss_q, dss_g, dss_y; +struct dss_key { + Bignum p, q, g, y; +}; -static void dss_setkey(char *data, int len) { +static void *dss_newkey(char *data, int len) { char *p; int slen; + struct dss_key *dss; + + dss = malloc(sizeof(struct dss_key)); + if (!dss) return NULL; getstring(&data, &len, &p, &slen); #ifdef DEBUG_DSS @@ -111,48 +117,61 @@ static void dss_setkey(char *data, int len) { #endif if (!p || memcmp(p, "ssh-dss", 7)) { - dss_p = NULL; - return; + free(dss); + return NULL; } - dss_p = getmp(&data, &len); - dss_q = getmp(&data, &len); - dss_g = getmp(&data, &len); - dss_y = getmp(&data, &len); + dss->p = getmp(&data, &len); + dss->q = getmp(&data, &len); + dss->g = getmp(&data, &len); + dss->y = getmp(&data, &len); + + return dss; } -static char *dss_fmtkey(void) { +static void dss_freekey(void *key) { + struct dss_key *dss = (struct dss_key *)key; + freebn(dss->p); + freebn(dss->q); + freebn(dss->g); + freebn(dss->y); + free(dss); +} + +static char *dss_fmtkey(void *key) { + struct dss_key *dss = (struct dss_key *)key; char *p; int len, i, pos, nibbles; static const char hex[] = "0123456789abcdef"; - if (!dss_p) + if (!dss->p) return NULL; len = 8 + 4 + 1; /* 4 x "0x", punctuation, \0 */ - len += 4 * (dss_p[0] + dss_q[0] + dss_g[0] + dss_y[0]); /* digits */ + len += 4 * (dss->p[0] + dss->q[0] + dss->g[0] + dss->y[0]); /* digits */ p = malloc(len); if (!p) return NULL; pos = 0; pos += sprintf(p+pos, "0x"); - nibbles = (3 + ssh1_bignum_bitcount(dss_p))/4; if (nibbles<1) nibbles=1; + nibbles = (3 + ssh1_bignum_bitcount(dss->p))/4; if (nibbles<1) nibbles=1; for (i=nibbles; i-- ;) - p[pos++] = hex[(bignum_byte(dss_p, i/2) >> (4*(i%2))) & 0xF]; + p[pos++] = hex[(bignum_byte(dss->p, i/2) >> (4*(i%2))) & 0xF]; pos += sprintf(p+pos, ",0x"); - nibbles = (3 + ssh1_bignum_bitcount(dss_q))/4; if (nibbles<1) nibbles=1; + nibbles = (3 + ssh1_bignum_bitcount(dss->q))/4; if (nibbles<1) nibbles=1; for (i=nibbles; i-- ;) - p[pos++] = hex[(bignum_byte(dss_q, i/2) >> (4*(i%2))) & 0xF]; + p[pos++] = hex[(bignum_byte(dss->q, i/2) >> (4*(i%2))) & 0xF]; pos += sprintf(p+pos, ",0x"); - nibbles = (3 + ssh1_bignum_bitcount(dss_g))/4; if (nibbles<1) nibbles=1; + nibbles = (3 + ssh1_bignum_bitcount(dss->g))/4; if (nibbles<1) nibbles=1; for (i=nibbles; i-- ;) - p[pos++] = hex[(bignum_byte(dss_g, i/2) >> (4*(i%2))) & 0xF]; + p[pos++] = hex[(bignum_byte(dss->g, i/2) >> (4*(i%2))) & 0xF]; pos += sprintf(p+pos, ",0x"); - nibbles = (3 + ssh1_bignum_bitcount(dss_y))/4; if (nibbles<1) nibbles=1; + nibbles = (3 + ssh1_bignum_bitcount(dss->y))/4; if (nibbles<1) nibbles=1; for (i=nibbles; i-- ;) - p[pos++] = hex[(bignum_byte(dss_y, i/2) >> (4*(i%2))) & 0xF]; + p[pos++] = hex[(bignum_byte(dss->y, i/2) >> (4*(i%2))) & 0xF]; p[pos] = '\0'; return p; } -static char *dss_fingerprint(void) { +static char *dss_fingerprint(void *key) { + struct dss_key *dss = (struct dss_key *)key; struct MD5Context md5c; unsigned char digest[16], lenbuf[4]; char buffer[16*3+40]; @@ -169,15 +188,15 @@ static char *dss_fingerprint(void) { unsigned char c = bignum_byte(bignum, i); \ MD5Update(&md5c, &c, 1); \ } - ADD_BIGNUM(dss_p); - ADD_BIGNUM(dss_q); - ADD_BIGNUM(dss_g); - ADD_BIGNUM(dss_y); + ADD_BIGNUM(dss->p); + ADD_BIGNUM(dss->q); + ADD_BIGNUM(dss->g); + ADD_BIGNUM(dss->y); #undef ADD_BIGNUM MD5Final(digest, &md5c); - sprintf(buffer, "%d ", ssh1_bignum_bitcount(dss_p)); + sprintf(buffer, "%d ", ssh1_bignum_bitcount(dss->p)); for (i = 0; i < 16; i++) sprintf(buffer+strlen(buffer), "%s%02x", i?":":"", digest[i]); ret = malloc(strlen(buffer)+1); @@ -186,14 +205,16 @@ static char *dss_fingerprint(void) { return ret; } -static int dss_verifysig(char *sig, int siglen, char *data, int datalen) { +static int dss_verifysig(void *key, char *sig, int siglen, + char *data, int datalen) { + struct dss_key *dss = (struct dss_key *)key; char *p; int slen; char hash[20]; Bignum r, s, w, gu1p, yu2p, gu1yu2p, u1, u2, sha, v; int ret; - if (!dss_p) + if (!dss->p) return 0; #ifdef DEBUG_DSS @@ -223,10 +244,10 @@ static int dss_verifysig(char *sig, int siglen, char *data, int datalen) { } sig += 4, siglen -= 4; /* skip yet another length field */ } - diagbn("p=", dss_p); - diagbn("q=", dss_q); - diagbn("g=", dss_g); - diagbn("y=", dss_y); + diagbn("p=", dss->p); + diagbn("q=", dss->q); + diagbn("g=", dss->g); + diagbn("y=", dss->y); r = get160(&sig, &siglen); diagbn("r=", r); s = get160(&sig, &siglen); @@ -237,7 +258,7 @@ static int dss_verifysig(char *sig, int siglen, char *data, int datalen) { /* * Step 1. w <- s^-1 mod q. */ - w = modinv(s, dss_q); + w = modinv(s, dss->q); diagbn("w=", w); /* @@ -246,25 +267,25 @@ static int dss_verifysig(char *sig, int siglen, char *data, int datalen) { SHA_Simple(data, datalen, hash); p = hash; slen = 20; sha = get160(&p, &slen); diagbn("sha=", sha); - u1 = modmul(sha, w, dss_q); + u1 = modmul(sha, w, dss->q); diagbn("u1=", u1); /* * Step 3. u2 <- r * w mod q. */ - u2 = modmul(r, w, dss_q); + u2 = modmul(r, w, dss->q); diagbn("u2=", u2); /* * Step 4. v <- (g^u1 * y^u2 mod p) mod q. */ - gu1p = modpow(dss_g, u1, dss_p); + gu1p = modpow(dss->g, u1, dss->p); diagbn("gu1p=", gu1p); - yu2p = modpow(dss_y, u2, dss_p); + yu2p = modpow(dss->y, u2, dss->p); diagbn("yu2p=", yu2p); - gu1yu2p = modmul(gu1p, yu2p, dss_p); + gu1yu2p = modmul(gu1p, yu2p, dss->p); diagbn("gu1yu2p=", gu1yu2p); - v = modmul(gu1yu2p, One, dss_q); + v = modmul(gu1yu2p, One, dss->q); diagbn("gu1yu2q=v=", v); diagbn("r=", r); @@ -286,11 +307,18 @@ static int dss_verifysig(char *sig, int siglen, char *data, int datalen) { return ret; } -struct ssh_hostkey ssh_dss = { - dss_setkey, +int dss_sign(void *key, char *sig, int siglen, + char *data, int datalen) { + return 0; /* do nothing */ +} + +struct ssh_signkey ssh_dss = { + dss_newkey, + dss_freekey, dss_fmtkey, dss_fingerprint, dss_verifysig, + dss_sign, "ssh-dss", "dss" }; -- 2.11.0