Lines 36-41
Link Here
|
36 |
#include <openssl/md5.h> |
36 |
#include <openssl/md5.h> |
37 |
#include <zlib.h> |
37 |
#include <zlib.h> |
38 |
|
38 |
|
|
|
39 |
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
40 |
#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ |
41 |
#endif |
42 |
|
39 |
#define SMSG_PUBLIC_KEY 2 |
43 |
#define SMSG_PUBLIC_KEY 2 |
40 |
#define CMSG_SESSION_KEY 3 |
44 |
#define CMSG_SESSION_KEY 3 |
41 |
#define CMSG_USER 4 |
45 |
#define CMSG_USER 4 |
Lines 138-143
Link Here
|
138 |
char tmp[MAX_ASCII_ADDR_LEN]; |
142 |
char tmp[MAX_ASCII_ADDR_LEN]; |
139 |
u_int32 ssh_len, ssh_mod; |
143 |
u_int32 ssh_len, ssh_mod; |
140 |
u_char ssh_packet_type, *ptr, *key_to_put; |
144 |
u_char ssh_packet_type, *ptr, *key_to_put; |
|
|
145 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
146 |
BIGNUM *h_n, *s_n, *m_h_n, *m_s_n; |
147 |
BIGNUM *h_e, *s_e, *m_h_e, *m_s_e; |
148 |
BIGNUM *h_d, *s_d, *m_h_d, *m_s_d; |
149 |
#endif |
141 |
|
150 |
|
142 |
/* don't complain about unused var */ |
151 |
/* don't complain about unused var */ |
143 |
(void) DECODE_DATA; |
152 |
(void) DECODE_DATA; |
Lines 383-394
Link Here
|
383 |
if (session_data->ptrkey == NULL) { |
392 |
if (session_data->ptrkey == NULL) { |
384 |
/* Initialize RSA key structures (other fileds are set to 0) */ |
393 |
/* Initialize RSA key structures (other fileds are set to 0) */ |
385 |
session_data->serverkey = RSA_new(); |
394 |
session_data->serverkey = RSA_new(); |
|
|
395 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
396 |
s_n = BN_new(); |
397 |
s_e = BN_new(); |
398 |
RSA_set0_key(session_data->serverkey, s_n, s_e, s_d); |
399 |
#else |
386 |
session_data->serverkey->n = BN_new(); |
400 |
session_data->serverkey->n = BN_new(); |
387 |
session_data->serverkey->e = BN_new(); |
401 |
session_data->serverkey->e = BN_new(); |
|
|
402 |
#endif |
388 |
|
403 |
|
389 |
session_data->hostkey = RSA_new(); |
404 |
session_data->hostkey = RSA_new(); |
|
|
405 |
|
406 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
407 |
h_n = BN_new(); |
408 |
h_e = BN_new(); |
409 |
RSA_set0_key(session_data->hostkey, h_n, h_e, h_d); |
410 |
#else |
390 |
session_data->hostkey->n = BN_new(); |
411 |
session_data->hostkey->n = BN_new(); |
391 |
session_data->hostkey->e = BN_new(); |
412 |
session_data->hostkey->e = BN_new(); |
|
|
413 |
#endif |
392 |
|
414 |
|
393 |
/* Get the RSA Key from the packet */ |
415 |
/* Get the RSA Key from the packet */ |
394 |
NS_GET32(server_mod,ptr); |
416 |
NS_GET32(server_mod,ptr); |
Lines 396-414
Link Here
|
396 |
DEBUG_MSG("Dissector_ssh Bougs Server_Mod"); |
418 |
DEBUG_MSG("Dissector_ssh Bougs Server_Mod"); |
397 |
return NULL; |
419 |
return NULL; |
398 |
} |
420 |
} |
|
|
421 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
422 |
RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d); |
423 |
get_bn(s_e, &ptr); |
424 |
get_bn(s_n, &ptr); |
425 |
#else |
399 |
get_bn(session_data->serverkey->e, &ptr); |
426 |
get_bn(session_data->serverkey->e, &ptr); |
400 |
get_bn(session_data->serverkey->n, &ptr); |
427 |
get_bn(session_data->serverkey->n, &ptr); |
|
|
428 |
#endif |
401 |
|
429 |
|
402 |
NS_GET32(host_mod,ptr); |
430 |
NS_GET32(host_mod,ptr); |
403 |
if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) { |
431 |
if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) { |
404 |
DEBUG_MSG("Dissector_ssh Bougs Host_Mod"); |
432 |
DEBUG_MSG("Dissector_ssh Bougs Host_Mod"); |
405 |
return NULL; |
433 |
return NULL; |
406 |
} |
434 |
} |
|
|
435 |
|
436 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
437 |
RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d); |
438 |
get_bn(h_e, &ptr); |
439 |
get_bn(h_n, &ptr); |
440 |
#else |
407 |
get_bn(session_data->hostkey->e, &ptr); |
441 |
get_bn(session_data->hostkey->e, &ptr); |
408 |
get_bn(session_data->hostkey->n, &ptr); |
442 |
get_bn(session_data->hostkey->n, &ptr); |
|
|
443 |
#endif |
409 |
|
444 |
|
|
|
445 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
446 |
server_exp = BN_get_word(s_e); |
447 |
host_exp = BN_get_word(h_e); |
448 |
#else |
410 |
server_exp = *(session_data->serverkey->e->d); |
449 |
server_exp = *(session_data->serverkey->e->d); |
411 |
host_exp = *(session_data->hostkey->e->d); |
450 |
host_exp = *(session_data->hostkey->e->d); |
|
|
451 |
#endif |
412 |
|
452 |
|
413 |
/* Check if we already have a suitable RSA key to substitute */ |
453 |
/* Check if we already have a suitable RSA key to substitute */ |
414 |
index_ssl = &ssh_conn_key; |
454 |
index_ssl = &ssh_conn_key; |
Lines 424-430
Link Here
|
424 |
SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key)); |
464 |
SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key)); |
425 |
|
465 |
|
426 |
/* Generate the new key */ |
466 |
/* Generate the new key */ |
427 |
(*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL); |
467 |
(*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL); |
428 |
(*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL); |
468 |
(*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL); |
429 |
(*index_ssl)->server_mod = server_mod; |
469 |
(*index_ssl)->server_mod = server_mod; |
430 |
(*index_ssl)->host_mod = host_mod; |
470 |
(*index_ssl)->host_mod = host_mod; |
Lines 443-453
Link Here
|
443 |
|
483 |
|
444 |
/* Put our RSA key in the packet */ |
484 |
/* Put our RSA key in the packet */ |
445 |
key_to_put+=4; |
485 |
key_to_put+=4; |
|
|
486 |
|
487 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
488 |
RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d); |
489 |
put_bn(m_s_e, &key_to_put); |
490 |
put_bn(m_s_n, &key_to_put); |
491 |
#else |
446 |
put_bn(session_data->ptrkey->myserverkey->e, &key_to_put); |
492 |
put_bn(session_data->ptrkey->myserverkey->e, &key_to_put); |
447 |
put_bn(session_data->ptrkey->myserverkey->n, &key_to_put); |
493 |
put_bn(session_data->ptrkey->myserverkey->n, &key_to_put); |
|
|
494 |
#endif |
448 |
key_to_put+=4; |
495 |
key_to_put+=4; |
|
|
496 |
|
497 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
498 |
RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d); |
499 |
put_bn(m_h_e, &key_to_put); |
500 |
put_bn(m_h_n, &key_to_put); |
501 |
#else |
449 |
put_bn(session_data->ptrkey->myhostkey->e, &key_to_put); |
502 |
put_bn(session_data->ptrkey->myhostkey->e, &key_to_put); |
450 |
put_bn(session_data->ptrkey->myhostkey->n, &key_to_put); |
503 |
put_bn(session_data->ptrkey->myhostkey->n, &key_to_put); |
|
|
504 |
#endif |
451 |
|
505 |
|
452 |
/* Recalculate SSH crc */ |
506 |
/* Recalculate SSH crc */ |
453 |
*(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO)); |
507 |
*(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO)); |
Lines 482-500
Link Here
|
482 |
key_to_put = ptr; |
536 |
key_to_put = ptr; |
483 |
|
537 |
|
484 |
/* Calculate real session id and our fake session id */ |
538 |
/* Calculate real session id and our fake session id */ |
|
|
539 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
540 |
temp_session_id = ssh_session_id(cookie, h_n, s_n); |
541 |
#else |
485 |
temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n); |
542 |
temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n); |
|
|
543 |
#endif |
486 |
if (temp_session_id) |
544 |
if (temp_session_id) |
487 |
memcpy(session_id1, temp_session_id, 16); |
545 |
memcpy(session_id1, temp_session_id, 16); |
|
|
546 |
|
547 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
548 |
temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n); |
549 |
#else |
488 |
temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n); |
550 |
temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n); |
|
|
551 |
#endif |
552 |
|
489 |
if (temp_session_id) |
553 |
if (temp_session_id) |
490 |
memcpy(session_id2, temp_session_id, 16); |
554 |
memcpy(session_id2, temp_session_id, 16); |
491 |
|
555 |
|
492 |
/* Get the session key */ |
556 |
/* Get the session key */ |
493 |
enckey = BN_new(); |
557 |
enckey = BN_new(); |
|
|
558 |
|
494 |
get_bn(enckey, &ptr); |
559 |
get_bn(enckey, &ptr); |
495 |
|
560 |
|
496 |
/* Decrypt session key */ |
561 |
/* Decrypt session key */ |
|
|
562 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
563 |
if (BN_cmp(m_s_n, m_h_n) > 0) { |
564 |
#else |
497 |
if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) { |
565 |
if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) { |
|
|
566 |
#endif |
498 |
rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey); |
567 |
rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey); |
499 |
rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey); |
568 |
rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey); |
500 |
} else { |
569 |
} else { |
Lines 534-540
Link Here
|
534 |
BN_add_word(bn, sesskey[i]); |
603 |
BN_add_word(bn, sesskey[i]); |
535 |
} |
604 |
} |
536 |
|
605 |
|
|
|
606 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
607 |
if (BN_cmp(s_n, h_n) < 0) { |
608 |
#else |
537 |
if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) { |
609 |
if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) { |
|
|
610 |
#endif |
538 |
rsa_public_encrypt(bn, bn, session_data->serverkey); |
611 |
rsa_public_encrypt(bn, bn, session_data->serverkey); |
539 |
rsa_public_encrypt(bn, bn, session_data->hostkey); |
612 |
rsa_public_encrypt(bn, bn, session_data->hostkey); |
540 |
} else { |
613 |
} else { |
Lines 716-722
Link Here
|
716 |
u_char *inbuf, *outbuf; |
789 |
u_char *inbuf, *outbuf; |
717 |
int32 len, ilen, olen; |
790 |
int32 len, ilen, olen; |
718 |
|
791 |
|
|
|
792 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
793 |
BIGNUM *n; |
794 |
BIGNUM *e; |
795 |
BIGNUM *d; |
796 |
RSA_get0_key(key, &n, &e, &d); |
797 |
olen = BN_num_bytes(n); |
798 |
#else |
719 |
olen = BN_num_bytes(key->n); |
799 |
olen = BN_num_bytes(key->n); |
|
|
800 |
#endif |
801 |
|
720 |
outbuf = malloc(olen); |
802 |
outbuf = malloc(olen); |
721 |
if (outbuf == NULL) /* oops, couldn't allocate memory */ |
803 |
if (outbuf == NULL) /* oops, couldn't allocate memory */ |
722 |
return; |
804 |
return; |
Lines 744-750
Link Here
|
744 |
u_char *inbuf, *outbuf; |
826 |
u_char *inbuf, *outbuf; |
745 |
int32 len, ilen, olen; |
827 |
int32 len, ilen, olen; |
746 |
|
828 |
|
|
|
829 |
#ifdef HAVE_OPAQUE_RSA_DSA_DH |
830 |
BIGNUM *n; |
831 |
BIGNUM *e; |
832 |
BIGNUM *d; |
833 |
RSA_get0_key(key, &n, &e, &d); |
834 |
olen = BN_num_bytes(n); |
835 |
#else |
747 |
olen = BN_num_bytes(key->n); |
836 |
olen = BN_num_bytes(key->n); |
|
|
837 |
#endif |
838 |
|
748 |
outbuf = malloc(olen); |
839 |
outbuf = malloc(olen); |
749 |
if (outbuf == NULL) /* oops, couldn't allocate memory */ |
840 |
if (outbuf == NULL) /* oops, couldn't allocate memory */ |
750 |
return; |
841 |
return; |