dh: Add ssh_dh_debug_crypto()

We should call it where we have access to the crypto structure.

Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>

include/libssh/dh.h

@@ -48,6 +48,8 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
 int ssh_dh_compute_shared_secret(struct dh_ctx *ctx, int local, int remote,
                                  bignum *dest);
 
+void ssh_dh_debug_crypto(struct ssh_crypto_struct *c);
+
 /* common functions */
 int ssh_dh_init(void);
 void ssh_dh_finalize(void);

src/dh-gex.c

@@ -267,6 +267,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
     rc = ssh_dh_compute_shared_secret(session->next_crypto->dh_ctx,
                                       DH_CLIENT_KEYPAIR, DH_SERVER_KEYPAIR,
                                       &session->next_crypto->shared_secret);
+    ssh_dh_debug_crypto(session->next_crypto);
     if (rc == SSH_ERROR) {
         ssh_set_error(session, SSH_FATAL, "Could not generate shared secret");
         goto error;

src/dh.c

@@ -373,6 +373,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
   rc = ssh_dh_compute_shared_secret(session->next_crypto->dh_ctx,
                                     DH_CLIENT_KEYPAIR, DH_SERVER_KEYPAIR,
                                     &session->next_crypto->shared_secret);
+  ssh_dh_debug_crypto(session->next_crypto);
   if (rc == SSH_ERROR){
     ssh_set_error(session, SSH_FATAL, "Could not generate shared secret");
     goto error;
@@ -462,6 +463,7 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
     rc = ssh_dh_compute_shared_secret(crypto->dh_ctx,
                                       DH_SERVER_KEYPAIR, DH_CLIENT_KEYPAIR,
                                       &crypto->shared_secret);
+    ssh_dh_debug_crypto(crypto);
     if (rc == SSH_ERROR) {
         ssh_set_error(session, SSH_FATAL, "Could not generate shared secret");
         goto error;

src/dh_crypto.c

@@ -41,6 +41,27 @@ struct dh_ctx {
     DH *keypair[2];
 };
 
+void ssh_dh_debug_crypto(struct ssh_crypto_struct *c)
+{
+#ifdef DEBUG_CRYPTO
+    const_bignum x = NULL, y = NULL, e = NULL, f = NULL;
+
+    ssh_dh_keypair_get_keys(c->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e);
+    ssh_dh_keypair_get_keys(c->dh_ctx, DH_SERVER_KEYPAIR, &y, &f);
+    ssh_print_bignum("x", x);
+    ssh_print_bignum("y", y);
+    ssh_print_bignum("e", e);
+    ssh_print_bignum("f", f);
+
+    ssh_log_hexdump("Session server cookie", c->server_kex.cookie, 16);
+    ssh_log_hexdump("Session client cookie", c->client_kex.cookie, 16);
+    ssh_print_bignum("k", c->shared_secret);
+
+#else
+    (void)c; /* UNUSED_PARAM */
+#endif
+}
+
 int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
                             const_bignum *priv, const_bignum *pub)
 {

src/dh_key.c

@@ -60,6 +60,28 @@ struct dh_ctx {
     bignum modulus;
 };
 
+void ssh_dh_debug_crypto(struct ssh_crypto_struct *c)
+{
+#ifdef DEBUG_CRYPTO
+    const_bignum x = NULL, y = NULL, e = NULL, f = NULL;
+
+    ssh_dh_keypair_get_keys(c->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e);
+    ssh_dh_keypair_get_keys(c->dh_ctx, DH_SERVER_KEYPAIR, &y, &f);
+    ssh_print_bignum("p", c->dh_ctx->modulus);
+    ssh_print_bignum("g", c->dh_ctx->generator);
+    ssh_print_bignum("x", x);
+    ssh_print_bignum("y", y);
+    ssh_print_bignum("e", e);
+    ssh_print_bignum("f", f);
+
+    ssh_log_hexdump("Session server cookie", c->server_kex.cookie, 16);
+    ssh_log_hexdump("Session client cookie", c->client_kex.cookie, 16);
+    ssh_print_bignum("k", c->shared_secret);
+#else
+    (void)c; /* UNUSED_PARAM */
+#endif
+}
+
 static void ssh_dh_free_modulus(struct dh_ctx *ctx)
 {
     if ((ctx->modulus != ssh_dh_group1) &&
@@ -263,30 +285,6 @@ void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
     crypto->dh_ctx = NULL;
 }
 
-#ifdef DEBUG_CRYPTO
-static void ssh_dh_debug(ssh_session session)
-{
-    struct ssh_crypto_struct *crypto = session->next_crypto;
-    const_bignum x, y, e, f;
-    ssh_dh_keypair_get_keys(crypto->dh_ctx, DH_CLIENT_KEYPAIR, &x, &e);
-    ssh_dh_keypair_get_keys(crypto->dh_ctx, DH_SERVER_KEYPAIR, &y, &f);
-    ssh_print_bignum("p", crypto->dh_ctx->modulus);
-    ssh_print_bignum("g", crypto->dh_ctx->generator);
-    ssh_print_bignum("x", x);
-    ssh_print_bignum("y", y);
-    ssh_print_bignum("e", e);
-    ssh_print_bignum("f", f);
-
-    ssh_log_hexdump("Session server cookie",
-                   session->next_crypto->server_kex.cookie, 16);
-    ssh_log_hexdump("Session client cookie",
-                   session->next_crypto->client_kex.cookie, 16);
-    ssh_print_bignum("k", session->next_crypto->shared_secret);
-}
-#else
-#define ssh_dh_debug(session)
-#endif
-
 /** @internal
  * @brief generates a secret DH parameter of at least DH_SECURITY_BITS
  *        security as well as the corresponding public key.
@@ -370,7 +368,6 @@ int ssh_dh_compute_shared_secret(struct dh_ctx *dh_ctx, int local, int remote,
 
 done:
     bignum_ctx_free(ctx);
-    ssh_dh_debug(session);
     if (rc != 1) {
         return SSH_ERROR;
     }