From 92d3efec8184a22ed214ba95ba692041377bb93c Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 6 Aug 2019 20:29:01 +0200 Subject: [PATCH] dh: Add ssh_dh_debug_crypto() We should call it where we have access to the crypto structure. Pair-Programmed-With: Jakub Jelen Signed-off-by: Jakub Jelen Signed-off-by: Andreas Schneider Reviewed-by: Jakub Jelen --- include/libssh/dh.h | 2 ++ src/dh-gex.c | 1 + src/dh.c | 2 ++ src/dh_crypto.c | 21 ++++++++++++++++++++ src/dh_key.c | 47 +++++++++++++++++++++------------------------ 5 files changed, 48 insertions(+), 25 deletions(-) diff --git a/include/libssh/dh.h b/include/libssh/dh.h index 48d8c46a..390b30da 100644 --- a/include/libssh/dh.h +++ b/include/libssh/dh.h @@ -48,6 +48,8 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer, int ssh_dh_compute_shared_secret(struct dh_ctx *ctx, int local, int remote, bignum *dest); +void ssh_dh_debug_crypto(struct ssh_crypto_struct *c); + /* common functions */ int ssh_dh_init(void); void ssh_dh_finalize(void); diff --git a/src/dh-gex.c b/src/dh-gex.c index b20bf2b6..bbd59c75 100644 --- a/src/dh-gex.c +++ b/src/dh-gex.c @@ -267,6 +267,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply) rc = ssh_dh_compute_shared_secret(session->next_crypto->dh_ctx, DH_CLIENT_KEYPAIR, DH_SERVER_KEYPAIR, &session->next_crypto->shared_secret); + ssh_dh_debug_crypto(session->next_crypto); if (rc == SSH_ERROR) { ssh_set_error(session, SSH_FATAL, "Could not generate shared secret"); goto error; diff --git a/src/dh.c b/src/dh.c index 6c698139..2f63bafa 100644 --- a/src/dh.c +++ b/src/dh.c @@ -373,6 +373,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){ rc = ssh_dh_compute_shared_secret(session->next_crypto->dh_ctx, DH_CLIENT_KEYPAIR, DH_SERVER_KEYPAIR, &session->next_crypto->shared_secret); + ssh_dh_debug_crypto(session->next_crypto); if (rc == SSH_ERROR){ ssh_set_error(session, SSH_FATAL, "Could not generate shared secret"); goto error; @@ -462,6 +463,7 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet) rc = ssh_dh_compute_shared_secret(crypto->dh_ctx, DH_SERVER_KEYPAIR, DH_CLIENT_KEYPAIR, &crypto->shared_secret); + ssh_dh_debug_crypto(crypto); if (rc == SSH_ERROR) { ssh_set_error(session, SSH_FATAL, "Could not generate shared secret"); goto error; diff --git a/src/dh_crypto.c b/src/dh_crypto.c index 0ccc3641..d72e757a 100644 --- a/src/dh_crypto.c +++ b/src/dh_crypto.c @@ -41,6 +41,27 @@ struct dh_ctx { DH *keypair[2]; }; +void ssh_dh_debug_crypto(struct ssh_crypto_struct *c) +{ +#ifdef DEBUG_CRYPTO + const_bignum x = NULL, y = NULL, e = NULL, f = NULL; + + ssh_dh_keypair_get_keys(c->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e); + ssh_dh_keypair_get_keys(c->dh_ctx, DH_SERVER_KEYPAIR, &y, &f); + ssh_print_bignum("x", x); + ssh_print_bignum("y", y); + ssh_print_bignum("e", e); + ssh_print_bignum("f", f); + + ssh_log_hexdump("Session server cookie", c->server_kex.cookie, 16); + ssh_log_hexdump("Session client cookie", c->client_kex.cookie, 16); + ssh_print_bignum("k", c->shared_secret); + +#else + (void)c; /* UNUSED_PARAM */ +#endif +} + int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer, const_bignum *priv, const_bignum *pub) { diff --git a/src/dh_key.c b/src/dh_key.c index 32c4af2e..58161c14 100644 --- a/src/dh_key.c +++ b/src/dh_key.c @@ -60,6 +60,28 @@ struct dh_ctx { bignum modulus; }; +void ssh_dh_debug_crypto(struct ssh_crypto_struct *c) +{ +#ifdef DEBUG_CRYPTO + const_bignum x = NULL, y = NULL, e = NULL, f = NULL; + + ssh_dh_keypair_get_keys(c->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e); + ssh_dh_keypair_get_keys(c->dh_ctx, DH_SERVER_KEYPAIR, &y, &f); + ssh_print_bignum("p", c->dh_ctx->modulus); + ssh_print_bignum("g", c->dh_ctx->generator); + ssh_print_bignum("x", x); + ssh_print_bignum("y", y); + ssh_print_bignum("e", e); + ssh_print_bignum("f", f); + + ssh_log_hexdump("Session server cookie", c->server_kex.cookie, 16); + ssh_log_hexdump("Session client cookie", c->client_kex.cookie, 16); + ssh_print_bignum("k", c->shared_secret); +#else + (void)c; /* UNUSED_PARAM */ +#endif +} + static void ssh_dh_free_modulus(struct dh_ctx *ctx) { if ((ctx->modulus != ssh_dh_group1) && @@ -263,30 +285,6 @@ void ssh_dh_cleanup(struct ssh_crypto_struct *crypto) crypto->dh_ctx = NULL; } -#ifdef DEBUG_CRYPTO -static void ssh_dh_debug(ssh_session session) -{ - struct ssh_crypto_struct *crypto = session->next_crypto; - const_bignum x, y, e, f; - ssh_dh_keypair_get_keys(crypto->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e); - ssh_dh_keypair_get_keys(crypto->dh_ctx, DH_SERVER_KEYPAIR, &y, &f); - ssh_print_bignum("p", crypto->dh_ctx->modulus); - ssh_print_bignum("g", crypto->dh_ctx->generator); - ssh_print_bignum("x", x); - ssh_print_bignum("y", y); - ssh_print_bignum("e", e); - ssh_print_bignum("f", f); - - ssh_log_hexdump("Session server cookie", - session->next_crypto->server_kex.cookie, 16); - ssh_log_hexdump("Session client cookie", - session->next_crypto->client_kex.cookie, 16); - ssh_print_bignum("k", session->next_crypto->shared_secret); -} -#else -#define ssh_dh_debug(session) -#endif - /** @internal * @brief generates a secret DH parameter of at least DH_SECURITY_BITS * security as well as the corresponding public key. @@ -370,7 +368,6 @@ int ssh_dh_compute_shared_secret(struct dh_ctx *dh_ctx, int local, int remote, done: bignum_ctx_free(ctx); - ssh_dh_debug(session); if (rc != 1) { return SSH_ERROR; }