Use signature-verification code; correct exchange-hash-info block construction for servers.
This commit is contained in:
parent
8676d74702
commit
09eb765b65
|
@ -574,11 +574,6 @@
|
|||
((memq (car client-list) server-list) (car client-list))
|
||||
(else (loop (cdr client-list))))))
|
||||
|
||||
(define (check-host-key! host-key)
|
||||
;; TODO: If we are *re*keying, worth checking here that the key hasn't *changed* either.
|
||||
(write `(TODO check-host-key! ,(hex (bit-string->bytes host-key)))) (newline) (flush-output)
|
||||
(void))
|
||||
|
||||
;; ExchangeHashInfo Bytes Natural Natural Natural -> Bytes
|
||||
;; Computes the session ID as defined by SSH's DH key exchange method.
|
||||
(define (dh-exchange-hash hash-info host-key e f k)
|
||||
|
@ -657,17 +652,19 @@
|
|||
(define f-as-bytes (integer->bit-string f (* 8 f-width) #t))
|
||||
(define shared-secret (compute-key private-key f-as-bytes))
|
||||
(define hash-alg sha1)
|
||||
(define host-key-bytes (ssh-msg-kexdh-reply-host-key message))
|
||||
(define host-public-key
|
||||
(pieces->public-key (ssh-host-key->pieces host-key-bytes)))
|
||||
(define exchange-hash
|
||||
(dh-exchange-hash hash-info
|
||||
(ssh-msg-kexdh-reply-host-key message)
|
||||
host-key-bytes
|
||||
public-key-as-integer
|
||||
f
|
||||
(bit-string->integer shared-secret #t #f)))
|
||||
;; (pretty-print `((public-key ,(hex public-key))
|
||||
;; (f-as-bytes ,(hex f-as-bytes))
|
||||
;; (shared-secret ,(hex shared-secret))
|
||||
;; (exchange-hash ,(hex exchange-hash))))
|
||||
(check-host-key! (ssh-msg-kexdh-reply-host-key message))
|
||||
(verify-host-key-signature! host-public-key
|
||||
host-key-alg
|
||||
exchange-hash
|
||||
(ssh-msg-kexdh-reply-h-signature message))
|
||||
(finish shared-secret exchange-hash hash-alg conn))))
|
||||
(else (disconnect-with-error SSH_DISCONNECT_KEY_EXCHANGE_FAILED
|
||||
"Bad key-exchange algorithm ~v" kex-alg))))
|
||||
|
@ -709,7 +706,7 @@
|
|||
(define hmac ((supported-hmac-factory hmac-description)
|
||||
(derive-key (if c2s #"E" #"F") (supported-hmac-key-length hmac-description))))
|
||||
|
||||
(pretty-print `(,is-server? ,(if c2s 'c2s 's2c) ,enc ,mac))
|
||||
;;(pretty-print `(,is-server? ,(if c2s 'c2s 's2c) ,enc ,mac))
|
||||
(struct-copy stream-state state
|
||||
[cipher cipher]
|
||||
[cipher-description cipher-description]
|
||||
|
@ -770,12 +767,18 @@
|
|||
(guess-matches? s2c-zip ssh-msg-kexinit-compression_algorithms_server_to_client)))))
|
||||
|
||||
(define (continue-after-discard conn)
|
||||
(define hash-info (exchange-hash-info (connection-local-id conn)
|
||||
(connection-remote-id conn)
|
||||
encoded-local-algs
|
||||
encoded-remote-algs))
|
||||
((if is-server? perform-server-key-exchange perform-client-key-exchange)
|
||||
hash-info
|
||||
((if is-server?
|
||||
perform-server-key-exchange
|
||||
perform-client-key-exchange)
|
||||
(if is-server?
|
||||
(exchange-hash-info (connection-remote-id conn)
|
||||
(connection-local-id conn)
|
||||
encoded-remote-algs
|
||||
encoded-local-algs)
|
||||
(exchange-hash-info (connection-local-id conn)
|
||||
(connection-remote-id conn)
|
||||
encoded-local-algs
|
||||
encoded-remote-algs))
|
||||
kex-alg
|
||||
host-key-alg
|
||||
conn
|
||||
|
@ -1004,5 +1007,6 @@
|
|||
(let-values (((i o) (tcp-accept s)))
|
||||
(ssh-session 'server i o))))
|
||||
|
||||
;;(t-client)
|
||||
(t-server)
|
||||
(if (getenv "servermode")
|
||||
(t-server)
|
||||
(t-client))
|
||||
|
|
Loading…
Reference in New Issue