Bugfixes in the diffie hellman.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2000-04-10 17:12:47 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2000-04-10 17:12:47 +0000
commit: 88085ddad8320f6c7b632ea40e32b9628774294a (patch)
tree: 1890698afe6ff86626fcfb8633dc9917dab48c46
parent: 1f9db0b3c5877b9a3b545be65ae55c6fcd7fd82a (diff)
download: gnutls-88085ddad8320f6c7b632ea40e32b9628774294a.tar.gz
5 files changed, 152 insertions, 120 deletions
diff --git a/lib/debug.c b/lib/debug.c
index a696e1f8ea..6eeffabb8f 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -7,7 +7,18 @@
 
 static char hexconvtab[] = "0123456789abcdef";
 
-char * bin2hex(const unsigned char *old, const size_t oldlen)
+void dump_mpi(char* prefix, MPI a)
+{
+	char buf[400];
+	size_t n = sizeof buf;
+
+	if (gcry_mpi_print(GCRYMPI_FMT_HEX, buf, &n, a))
+		strcpy(buf, "[can't print value]");
+	fprintf(stderr, "MPI: %s%s\n", prefix, buf);
+}
+
+
+char *bin2hex(const unsigned char *old, const size_t oldlen)
 {
 	unsigned char *new = NULL;
 	int i, j;
@@ -59,7 +70,8 @@ void _print_TLSCompressed(GNUTLSCompressed * compressed)
 	fprintf(stderr, "version: %d,%d\n", compressed->version.major,
 		compressed->version.minor);
 	fprintf(stderr, "length: %d\n", compressed->length);
-	fprintf(stderr, "fragment: %s\n", bin2hex(compressed->fragment, compressed->length));
+	fprintf(stderr, "fragment: %s\n",
+		bin2hex(compressed->fragment, compressed->length));
 	fprintf(stderr, "\n");
 }
 
@@ -71,12 +83,13 @@ void _print_TLSPlaintext(GNUTLSPlaintext * plaintext)
 	fprintf(stderr, "version: %d,%d\n", plaintext->version.major,
 		plaintext->version.minor);
 	fprintf(stderr, "length: %d\n", plaintext->length);
-	fprintf(stderr, "fragment: %s\n", bin2hex(plaintext->fragment, plaintext->length));
+	fprintf(stderr, "fragment: %s\n",
+		bin2hex(plaintext->fragment, plaintext->length));
 	fprintf(stderr, "\n");
 }
 
 
-void _print_TLSCiphertext( GNUTLSCiphertext * ciphertext)
+void _print_TLSCiphertext(GNUTLSCiphertext * ciphertext)
 {
 
 	fprintf(stderr, "TLSCiphertext packet:\n");
@@ -85,6 +98,7 @@ void _print_TLSCiphertext( GNUTLSCiphertext * ciphertext)
 		ciphertext->version.minor);
 	fprintf(stderr, "length: %d\n", ciphertext->length);
 
-	fprintf(stderr, "fragment: %s\n", bin2hex(ciphertext->fragment, ciphertext->length));
+	fprintf(stderr, "fragment: %s\n",
+		bin2hex(ciphertext->fragment, ciphertext->length));
 	fprintf(stderr, "\n");
 }
diff --git a/lib/debug.h b/lib/debug.h
index 3c19e39e8d..6d14eff9f0 100644
--- a/lib/debug.h
+++ b/lib/debug.h
@@ -3,3 +3,4 @@ void _print_TLSCompressed(GNUTLSCompressed * compressed);
 void _print_TLSPlaintext(GNUTLSPlaintext * plaintext);
 void _print_TLSCiphertext( GNUTLSCiphertext *);
 char * bin2hex(const unsigned char *old, const size_t oldlen);
+void dump_mpi(char* prefix,MPI a);
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c
index f7718dff40..c44c29110f 100644
--- a/lib/gnutls_dh.c
+++ b/lib/gnutls_dh.c
@@ -4,127 +4,137 @@
 /* Taken from gsti */
 
 static const uint8 diffie_hellman_group1_prime[130] = { 0x04, 0x00,
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
-    0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
-    0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
-    0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
-    0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
-    0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
-    0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
-    0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
-    0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
-    0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF  };
-
-#if 0 
-        --Example--
-     you:  X = g^x mod p;
-     peer: Y = g^y mod p;
-     
-     your_key = Y^x mod p;
-     his_key  = X^y mod p;
-     
-     /* generate our secret and the public value for it */
-       X = _gnutls_calc_dh_secret( &x );
-     /* now we can calculate the shared secret */
-       key = _gnutls_calc_dh_key( Y, x);
-       mpi_release( x );
-       mpi_release( g );
-#endif
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA,
+	0xA2,
+	0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C,
+	0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE,
+	0xA6,
+	0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04,
+	0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A,
+	0x6D,
+	0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2,
+	0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42,
+	0xE9,
+	0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7,
+	0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24,
+	0x11,
+	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53,
+	0x81,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+
+/* 
+	--Example-- 
+	you: X = g ^ x mod p;
+	peer:Y = g ^ y mod p;
+
+	your_key = Y ^ x mod p;
+	his_key  = X ^ y mod p;
+
+//      generate our secret and the public value for it
+	X = _gnutls_calc_dh_secret(&x);
+//      now we can calculate the shared secret
+	key = _gnutls_calc_dh_key(Y, x);
+	mpi_release(x);
+	mpi_release(g);
+*/
 
 /****************
  * Choose a random value x and calculate e = g^x mod p.
  * Return: e and if ret_x is not NULL x.
  * It also returns g and p.
  */
-MPI _gnutls_calc_dh_secret( MPI *ret_x )
+MPI _gnutls_calc_dh_secret(MPI * ret_x)
 {
-    MPI e, g, x, prime;
-    size_t n = sizeof diffie_hellman_group1_prime;
-
-     if( gcry_mpi_scan( &prime, GCRYMPI_FMT_STD,
-		       diffie_hellman_group1_prime, &n ) )
-	abort();
-    /*dump_mpi(stderr, "prime=", prime );*/
-
-    g = mpi_set_ui( NULL, 2 );
-    x = mpi_new( 200 );  /* FIXME: allocate in secure memory */
-    gcry_mpi_randomize( x, 200, GCRY_STRONG_RANDOM );
-    /* fixme: set high bit of x and select a larger one */
-
-    e = mpi_new(1024);
-    mpi_powm( e, g, x, prime );
-
-    if( ret_x )
-	*ret_x = x;
-    else
-	mpi_release(x);
+	MPI e, g, x, prime;
+	size_t n = sizeof diffie_hellman_group1_prime;
+
+	if (gcry_mpi_scan(&prime, GCRYMPI_FMT_STD,
+			  diffie_hellman_group1_prime, &n))
+		abort();
+	/*dump_mpi(stderr, "prime=", prime ); */
+
+	g = mpi_set_ui(NULL, 2);
+	x = mpi_new(200);	/* FIXME: allocate in secure memory */
+	gcry_mpi_randomize(x, 200, GCRY_STRONG_RANDOM);
+	/* fixme: set high bit of x and select a larger one */
+
+	e = mpi_new(1024);
+	mpi_powm(e, g, x, prime);
+
+	if (ret_x)
+		*ret_x = x;
+	else
+		mpi_release(x);
 	mpi_release(g);
 	mpi_release(prime);
-    return e;
+	return e;
 }
 
-MPI __gnutls_calc_dh_secret( MPI *ret_x, MPI g, MPI prime )
+MPI __gnutls_calc_dh_secret(MPI * ret_x, MPI g, MPI prime)
 {
-    MPI e, x;
+	MPI e, x;
 
-    x = mpi_new( 200 );  /* FIXME: allocate in secure memory */
-    gcry_mpi_randomize( x, 200, GCRY_STRONG_RANDOM );
-    /* fixme: set high bit of x and select a larger one */
+	x = mpi_new(200);	/* FIXME: allocate in secure memory */
+	gcry_mpi_randomize(x, 200, GCRY_STRONG_RANDOM);
+	/* fixme: set high bit of x and select a larger one */
 
-    e = mpi_new(1024);
-    mpi_powm( e, g, x, prime );
+	e = mpi_new(1024);
+	mpi_powm(e, g, x, prime);
 
-    if( ret_x )
-	*ret_x = x;
-    else
-	mpi_release(x);
-    return e;
+	if (ret_x)
+		*ret_x = x;
+	else
+		mpi_release(x);
+	return e;
 }
 
 /* returns g and p */
-MPI _gnutls_get_dh_params( MPI *ret_p )
+MPI _gnutls_get_dh_params(MPI * ret_p)
 {
-    MPI g, prime;
-    size_t n = sizeof diffie_hellman_group1_prime;
+	MPI g, prime;
+	size_t n = sizeof diffie_hellman_group1_prime;
 
-     if( gcry_mpi_scan( &prime, GCRYMPI_FMT_STD,
-		       diffie_hellman_group1_prime, &n ) )
-	abort();
+	if (gcry_mpi_scan(&prime, GCRYMPI_FMT_STD,
+			  diffie_hellman_group1_prime, &n))
+		abort();
 
-    g = mpi_set_ui( NULL, 2 );
+	g = mpi_set_ui(NULL, 2);
 
-    if( ret_p )
-	*ret_p = prime;
-    else
-	mpi_release(prime);
-    return g;
+	if (ret_p)
+		*ret_p = prime;
+	else
+		mpi_release(prime);
+	return g;
 }
 
 
-MPI _gnutls_calc_dh_key( MPI f, MPI x )
+MPI _gnutls_calc_dh_key(MPI f, MPI x)
 {
-    MPI k, prime;
-    size_t n = sizeof diffie_hellman_group1_prime;
-
-    k = mpi_new( 1024 );  /* FIXME: allocate in secure memory */
-     if( gcry_mpi_scan( &prime, GCRYMPI_FMT_STD,
-		       diffie_hellman_group1_prime, &n ) )
-	abort();
-    /*dump_mpi(stderr, "prime=", prime );*/
-
-    mpi_powm( k, f, x, prime );
-    mpi_release(prime);
-    return k;
+	MPI k, prime;
+	size_t n = sizeof diffie_hellman_group1_prime;
+
+	k = mpi_new(1024);	/* FIXME: allocate in secure memory */
+	if (gcry_mpi_scan(&prime, GCRYMPI_FMT_STD,
+			  diffie_hellman_group1_prime, &n))
+		abort();
+	/*dump_mpi(stderr, "prime=", prime ); */
+
+	mpi_powm(k, f, x, prime);
+	mpi_release(prime);
+	return k;
 }
 
-MPI __gnutls_calc_dh_key( MPI f, MPI x, MPI prime )
+MPI __gnutls_calc_dh_key(MPI f, MPI x, MPI prime)
 {
-    MPI k;
+	MPI k;
 
-    k = mpi_new( 1024 );  /* FIXME: allocate in secure memory */
+	k = mpi_new(1024);	/* FIXME: allocate in secure memory */
 
-    mpi_powm( k, f, x, prime );
-    return k;
+	mpi_powm(k, f, x, prime);
+	return k;
 }
-
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 35af059d7a..7d0ac12593 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -24,17 +24,17 @@
 int _gnutls_send_server_kx_message(int cd, GNUTLS_STATE state)
 {
 	KX_Algorithm algorithm;
-	MPI x, Y, g, p;
-	int n_Y, n_g, n_p;
-	uint16 _n_Y, _n_g, _n_p;
+	MPI x, X, g, p;
+	int n_X, n_g, n_p;
+	uint16 _n_X, _n_g, _n_p;
 	uint8 data[1536];	/* 3*512 */
 	uint8 *data_p;
 	uint8 *data_g;
-	uint8 *data_Y;
+	uint8 *data_X;
 	int ret=0;
 
 
-	n_Y = n_g = n_p = 512 - 2;
+	n_X = n_g = n_p = 512 - 2;
 
 	algorithm =
 	    _gnutls_cipher_suite_get_kx_algo(state->
@@ -44,8 +44,10 @@ int _gnutls_send_server_kx_message(int cd, GNUTLS_STATE state)
 	if (_gnutls_kx_algo_server_key_exchange(algorithm) != 0) {
 
 		if ( _gnutls_cipher_suite_get_kx_algo(state->gnutls_internals.current_cipher_suite) == KX_ANON_DH) {
-			Y = _gnutls_calc_dh_secret(&x);
+			X = _gnutls_calc_dh_secret(&x);
+
 			state->gnutls_internals.dh_secret = x;
+
 			g = _gnutls_get_dh_params(&p);
 
 
@@ -74,21 +76,20 @@ int _gnutls_send_server_kx_message(int cd, GNUTLS_STATE state)
 			memmove(data_g, &_n_g, 2);
 #endif
 
-			data_Y = &data_g[2+n_g];
-			gcry_mpi_print(GCRYMPI_FMT_STD, &data_Y[2],
-				       &n_Y, Y);
-			_n_Y = n_Y;
+			data_X = &data_g[2+n_g];
+			gcry_mpi_print(GCRYMPI_FMT_STD, &data_X[2],
+				       &n_X, X);
+			_n_X = n_X;
 #ifndef WORDS_BIGENDIAN
-			_n_Y = byteswap16(_n_Y);
-			memmove(data_Y, &_n_Y, 2);
+			_n_X = byteswap16(_n_X);
+			memmove(data_X, &_n_X, 2);
 #else
-			memmove(data_Y, &_n_Y, 2);
+			memmove(data_X, &_n_X, 2);
 #endif
 
-
 			ret =
 			    _gnutls_send_handshake(cd, state, data,
-						   n_p + n_g + n_Y + 6,
+						   n_p + n_g + n_X + 6,
 						   GNUTLS_SERVER_KEY_EXCHANGE);
 		} else {
 			ret = GNUTLS_E_UNKNOWN_KX_ALGORITHM;
@@ -130,6 +131,7 @@ int _gnutls_send_client_kx_message(int cd, GNUTLS_STATE state)
 				       &n_X, X);
 
 
+			
 			_n_X = n_X;
 #ifndef WORDS_BIGENDIAN
 			_n_X = byteswap16(_n_X);
@@ -145,11 +147,11 @@ int _gnutls_send_client_kx_message(int cd, GNUTLS_STATE state)
 
 			/* calculate the key after sending the message */
 			state->gnutls_internals.KEY = __gnutls_calc_dh_key( state->gnutls_internals.client_Y, x, state->gnutls_internals.client_p);
-
 			gcry_mpi_print(GCRYMPI_FMT_STD, premaster,
 				       &premaster_size, state->gnutls_internals.KEY);
-			fprintf(stderr, "premaster: %s || %d\n", bin2hex(premaster, premaster_size), premaster_size);
 
+			/* THIS SHOULD BE DISCARDED */
+			mpi_release(state->gnutls_internals.KEY);
 			
 		} else {
 			ret = GNUTLS_E_UNKNOWN_KX_ALGORITHM;
@@ -157,7 +159,9 @@ int _gnutls_send_client_kx_message(int cd, GNUTLS_STATE state)
 
 	master = gnutls_PRF( premaster, premaster_size, "master secret", strlen("master secret"),
 						random, 64 ,48);
+	fprintf(stderr, "master: %s\n", bin2hex(master, 48));
 	memmove( state->security_parameters.master_secret, master, 48);
+
 	secure_free(master);
 	gnutls_free(random);
 	
@@ -198,7 +202,7 @@ int _gnutls_recv_server_kx_message(int cd, GNUTLS_STATE state)
 			n_p = byteswap16(n_p);
 #endif
 			data_p = &data[i];
-			i+=n_p;			
+			i+=n_p;	
 			
 			memmove( &n_g, &data[i], 2);
 #ifndef WORDS_BIGENDIAN
@@ -213,9 +217,9 @@ int _gnutls_recv_server_kx_message(int cd, GNUTLS_STATE state)
 #ifndef WORDS_BIGENDIAN
 			n_Y = byteswap16(n_Y);
 #endif
-			i+=n_Y;
 			data_Y = &data[i];
-
+			i+=n_Y;
+			
 			_n_Y = n_Y;
 			_n_g = n_g;
 			_n_p = n_p;
@@ -276,7 +280,8 @@ int _gnutls_recv_client_kx_message(int cd, GNUTLS_STATE state)
 
 			gcry_mpi_print(GCRYMPI_FMT_STD, premaster,
 				       &premaster_size, state->gnutls_internals.KEY);
-			fprintf(stderr, "premaster: %s\n", bin2hex(premaster, premaster_size));
+			/* THIS SHOULD BE DISCARDED */
+			mpi_release(state->gnutls_internals.KEY);
 		} else {
 			ret = GNUTLS_E_UNKNOWN_KX_ALGORITHM;
 		}
@@ -284,11 +289,13 @@ int _gnutls_recv_client_kx_message(int cd, GNUTLS_STATE state)
 
 	master = gnutls_PRF( premaster, premaster_size, "master secret", strlen("master secret"),
 						random, 64 ,48);
+	fprintf(stderr, "master: %s\n", bin2hex(master, 48));
+
 	memmove( state->security_parameters.master_secret, master, 48);
+
 	secure_free(master);
 	gnutls_free(random);
 
-
 	return ret;
 
 }
diff --git a/src/port.h b/src/port.h
index ec050bd006..d5e2efd0d9 100644
--- a/src/port.h
+++ b/src/port.h
@@ -1 +1 @@
-#define PORT 5556
-\ No newline at end of file
+#define PORT 5557
+\ No newline at end of file
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2000-04-10 17:12:47 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2000-04-10 17:12:47 +0000
commit	88085ddad8320f6c7b632ea40e32b9628774294a (patch)
tree	1890698afe6ff86626fcfb8633dc9917dab48c46
parent	1f9db0b3c5877b9a3b545be65ae55c6fcd7fd82a (diff)
download	gnutls-88085ddad8320f6c7b632ea40e32b9628774294a.tar.gz