Use signature-verification code; correct exchange-hash-info block construction for servers.

2011-10-20 14:19:50 -04:00 · 2011-10-20 14:19:50 -04:00 · 09eb765b65
parent 8676d74702
commit 09eb765b65
1 changed files with 24 additions and 20 deletions
--- a/ssh-transport.rkt
+++ b/ssh-transport.rkt
@ -574,11 +574,6 @@
     ((memq (car client-list) server-list) (car client-list))
     (else (loop (cdr client-list))))))

-(define (check-host-key! host-key)
-  ;; TODO: If we are *re*keying, worth checking here that the key hasn't *changed* either.
-  (write `(TODO check-host-key! ,(hex (bit-string->bytes host-key)))) (newline) (flush-output)
-  (void))
-
 ;; ExchangeHashInfo Bytes Natural Natural Natural -> Bytes
 ;; Computes the session ID as defined by SSH's DH key exchange method.
 (define (dh-exchange-hash hash-info host-key e f k)
@ -657,17 +652,19 @@
 			(define f-as-bytes (integer->bit-string f (* 8 f-width) #t))
 			(define shared-secret (compute-key private-key f-as-bytes))
 			(define hash-alg sha1)
+			(define host-key-bytes (ssh-msg-kexdh-reply-host-key message))
+			(define host-public-key
+			  (pieces->public-key (ssh-host-key->pieces host-key-bytes)))
 			(define exchange-hash
 			  (dh-exchange-hash hash-info
-					    (ssh-msg-kexdh-reply-host-key message)
+					    host-key-bytes
 					    public-key-as-integer
 					    f
 					    (bit-string->integer shared-secret #t #f)))
-			;; (pretty-print `((public-key ,(hex public-key))
-			;; 		(f-as-bytes ,(hex f-as-bytes))
-			;; 		(shared-secret ,(hex shared-secret))
-			;; 		(exchange-hash ,(hex exchange-hash))))
-			(check-host-key! (ssh-msg-kexdh-reply-host-key message))
+			(verify-host-key-signature! host-public-key
+						    host-key-alg
+						    exchange-hash
+						    (ssh-msg-kexdh-reply-h-signature message))
 			(finish shared-secret exchange-hash hash-alg conn))))
    (else (disconnect-with-error SSH_DISCONNECT_KEY_EXCHANGE_FAILED
 				 "Bad key-exchange algorithm ~v" kex-alg))))
@ -709,7 +706,7 @@
  (define hmac ((supported-hmac-factory hmac-description)
 		(derive-key (if c2s #"E" #"F") (supported-hmac-key-length hmac-description))))

-  (pretty-print `(,is-server? ,(if c2s 'c2s 's2c) ,enc ,mac))
+  ;;(pretty-print `(,is-server? ,(if c2s 'c2s 's2c) ,enc ,mac))
  (struct-copy stream-state state
 	       [cipher cipher]
 	       [cipher-description cipher-description]
@ -770,12 +767,18 @@
 	       (guess-matches? s2c-zip ssh-msg-kexinit-compression_algorithms_server_to_client)))))

  (define (continue-after-discard conn)
-    (define hash-info (exchange-hash-info (connection-local-id conn)
-					  (connection-remote-id conn)
-					  encoded-local-algs
-					  encoded-remote-algs))
-    ((if is-server? perform-server-key-exchange perform-client-key-exchange)
-     hash-info
+    ((if is-server?
+	 perform-server-key-exchange
+	 perform-client-key-exchange)
+     (if is-server?
+	 (exchange-hash-info (connection-remote-id conn)
+			     (connection-local-id conn)
+			     encoded-remote-algs
+			     encoded-local-algs)
+	 (exchange-hash-info (connection-local-id conn)
+			     (connection-remote-id conn)
+			     encoded-local-algs
+			     encoded-remote-algs))
     kex-alg
     host-key-alg
     conn
@ -1004,5 +1007,6 @@
    (let-values (((i o) (tcp-accept s)))
      (ssh-session 'server i o))))

-;;(t-client)
-(t-server)
+(if (getenv "servermode")
+    (t-server)
+    (t-client))