diff options
-rw-r--r-- | lib/debug.c | 24 | ||||
-rw-r--r-- | lib/debug.h | 1 | ||||
-rw-r--r-- | lib/gnutls_dh.c | 194 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 51 | ||||
-rw-r--r-- | src/port.h | 2 |
5 files changed, 152 insertions, 120 deletions
diff --git a/lib/debug.c b/lib/debug.c index a696e1f8ea..6eeffabb8f 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -7,7 +7,18 @@ static char hexconvtab[] = "0123456789abcdef"; -char * bin2hex(const unsigned char *old, const size_t oldlen) +void dump_mpi(char* prefix, MPI a) +{ + char buf[400]; + size_t n = sizeof buf; + + if (gcry_mpi_print(GCRYMPI_FMT_HEX, buf, &n, a)) + strcpy(buf, "[can't print value]"); + fprintf(stderr, "MPI: %s%s\n", prefix, buf); +} + + +char *bin2hex(const unsigned char *old, const size_t oldlen) { unsigned char *new = NULL; int i, j; @@ -59,7 +70,8 @@ void _print_TLSCompressed(GNUTLSCompressed * compressed) fprintf(stderr, "version: %d,%d\n", compressed->version.major, compressed->version.minor); fprintf(stderr, "length: %d\n", compressed->length); - fprintf(stderr, "fragment: %s\n", bin2hex(compressed->fragment, compressed->length)); + fprintf(stderr, "fragment: %s\n", + bin2hex(compressed->fragment, compressed->length)); fprintf(stderr, "\n"); } @@ -71,12 +83,13 @@ void _print_TLSPlaintext(GNUTLSPlaintext * plaintext) fprintf(stderr, "version: %d,%d\n", plaintext->version.major, plaintext->version.minor); fprintf(stderr, "length: %d\n", plaintext->length); - fprintf(stderr, "fragment: %s\n", bin2hex(plaintext->fragment, plaintext->length)); + fprintf(stderr, "fragment: %s\n", + bin2hex(plaintext->fragment, plaintext->length)); fprintf(stderr, "\n"); } -void _print_TLSCiphertext( GNUTLSCiphertext * ciphertext) +void _print_TLSCiphertext(GNUTLSCiphertext * ciphertext) { fprintf(stderr, "TLSCiphertext packet:\n"); @@ -85,6 +98,7 @@ void _print_TLSCiphertext( GNUTLSCiphertext * ciphertext) ciphertext->version.minor); fprintf(stderr, "length: %d\n", ciphertext->length); - fprintf(stderr, "fragment: %s\n", bin2hex(ciphertext->fragment, ciphertext->length)); + fprintf(stderr, "fragment: %s\n", + bin2hex(ciphertext->fragment, ciphertext->length)); fprintf(stderr, "\n"); } diff --git a/lib/debug.h b/lib/debug.h index 3c19e39e8d..6d14eff9f0 100644 --- a/lib/debug.h +++ b/lib/debug.h @@ -3,3 +3,4 @@ void _print_TLSCompressed(GNUTLSCompressed * compressed); void _print_TLSPlaintext(GNUTLSPlaintext * plaintext); void _print_TLSCiphertext( GNUTLSCiphertext *); char * bin2hex(const unsigned char *old, const size_t oldlen); +void dump_mpi(char* prefix,MPI a); diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c index f7718dff40..c44c29110f 100644 --- a/lib/gnutls_dh.c +++ b/lib/gnutls_dh.c @@ -4,127 +4,137 @@ /* Taken from gsti */ static const uint8 diffie_hellman_group1_prime[130] = { 0x04, 0x00, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, - 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, - 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, - 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, - 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, - 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; - -#if 0 - --Example-- - you: X = g^x mod p; - peer: Y = g^y mod p; - - your_key = Y^x mod p; - his_key = X^y mod p; - - /* generate our secret and the public value for it */ - X = _gnutls_calc_dh_secret( &x ); - /* now we can calculate the shared secret */ - key = _gnutls_calc_dh_key( Y, x); - mpi_release( x ); - mpi_release( g ); -#endif + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, + 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, + 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, + 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, + 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, + 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, + 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, + 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, + 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, + 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, + 0x81, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF +}; + +/* + --Example-- + you: X = g ^ x mod p; + peer:Y = g ^ y mod p; + + your_key = Y ^ x mod p; + his_key = X ^ y mod p; + +// generate our secret and the public value for it + X = _gnutls_calc_dh_secret(&x); +// now we can calculate the shared secret + key = _gnutls_calc_dh_key(Y, x); + mpi_release(x); + mpi_release(g); +*/ /**************** * Choose a random value x and calculate e = g^x mod p. * Return: e and if ret_x is not NULL x. * It also returns g and p. */ -MPI _gnutls_calc_dh_secret( MPI *ret_x ) +MPI _gnutls_calc_dh_secret(MPI * ret_x) { - MPI e, g, x, prime; - size_t n = sizeof diffie_hellman_group1_prime; - - if( gcry_mpi_scan( &prime, GCRYMPI_FMT_STD, - diffie_hellman_group1_prime, &n ) ) - abort(); - /*dump_mpi(stderr, "prime=", prime );*/ - - g = mpi_set_ui( NULL, 2 ); - x = mpi_new( 200 ); /* FIXME: allocate in secure memory */ - gcry_mpi_randomize( x, 200, GCRY_STRONG_RANDOM ); - /* fixme: set high bit of x and select a larger one */ - - e = mpi_new(1024); - mpi_powm( e, g, x, prime ); - - if( ret_x ) - *ret_x = x; - else - mpi_release(x); + MPI e, g, x, prime; + size_t n = sizeof diffie_hellman_group1_prime; + + if (gcry_mpi_scan(&prime, GCRYMPI_FMT_STD, + diffie_hellman_group1_prime, &n)) + abort(); + /*dump_mpi(stderr, "prime=", prime ); */ + + g = mpi_set_ui(NULL, 2); + x = mpi_new(200); /* FIXME: allocate in secure memory */ + gcry_mpi_randomize(x, 200, GCRY_STRONG_RANDOM); + /* fixme: set high bit of x and select a larger one */ + + e = mpi_new(1024); + mpi_powm(e, g, x, prime); + + if (ret_x) + *ret_x = x; + else + mpi_release(x); mpi_release(g); mpi_release(prime); - return e; + return e; } -MPI __gnutls_calc_dh_secret( MPI *ret_x, MPI g, MPI prime ) +MPI __gnutls_calc_dh_secret(MPI * ret_x, MPI g, MPI prime) { - MPI e, x; + MPI e, x; - x = mpi_new( 200 ); /* FIXME: allocate in secure memory */ - gcry_mpi_randomize( x, 200, GCRY_STRONG_RANDOM ); - /* fixme: set high bit of x and select a larger one */ + x = mpi_new(200); /* FIXME: allocate in secure memory */ + gcry_mpi_randomize(x, 200, GCRY_STRONG_RANDOM); + /* fixme: set high bit of x and select a larger one */ - e = mpi_new(1024); - mpi_powm( e, g, x, prime ); + e = mpi_new(1024); + mpi_powm(e, g, x, prime); - if( ret_x ) - *ret_x = x; - else - mpi_release(x); - return e; + if (ret_x) + *ret_x = x; + else + mpi_release(x); + return e; } /* returns g and p */ -MPI _gnutls_get_dh_params( MPI *ret_p ) +MPI _gnutls_get_dh_params(MPI * ret_p) { - MPI g, prime; - size_t n = sizeof diffie_hellman_group1_prime; + MPI g, prime; + size_t n = sizeof diffie_hellman_group1_prime; - if( gcry_mpi_scan( &prime, GCRYMPI_FMT_STD, - diffie_hellman_group1_prime, &n ) ) - abort(); + if (gcry_mpi_scan(&prime, GCRYMPI_FMT_STD, + diffie_hellman_group1_prime, &n)) + abort(); - g = mpi_set_ui( NULL, 2 ); + g = mpi_set_ui(NULL, 2); - if( ret_p ) - *ret_p = prime; - else - mpi_release(prime); - return g; + if (ret_p) + *ret_p = prime; + else + mpi_release(prime); + return g; } -MPI _gnutls_calc_dh_key( MPI f, MPI x ) +MPI _gnutls_calc_dh_key(MPI f, MPI x) { - MPI k, prime; - size_t n = sizeof diffie_hellman_group1_prime; - - k = mpi_new( 1024 ); /* FIXME: allocate in secure memory */ - if( gcry_mpi_scan( &prime, GCRYMPI_FMT_STD, - diffie_hellman_group1_prime, &n ) ) - abort(); - /*dump_mpi(stderr, "prime=", prime );*/ - - mpi_powm( k, f, x, prime ); - mpi_release(prime); - return k; + MPI k, prime; + size_t n = sizeof diffie_hellman_group1_prime; + + k = mpi_new(1024); /* FIXME: allocate in secure memory */ + if (gcry_mpi_scan(&prime, GCRYMPI_FMT_STD, + diffie_hellman_group1_prime, &n)) + abort(); + /*dump_mpi(stderr, "prime=", prime ); */ + + mpi_powm(k, f, x, prime); + mpi_release(prime); + return k; } -MPI __gnutls_calc_dh_key( MPI f, MPI x, MPI prime ) +MPI __gnutls_calc_dh_key(MPI f, MPI x, MPI prime) { - MPI k; + MPI k; - k = mpi_new( 1024 ); /* FIXME: allocate in secure memory */ + k = mpi_new(1024); /* FIXME: allocate in secure memory */ - mpi_powm( k, f, x, prime ); - return k; + mpi_powm(k, f, x, prime); + return k; } - diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 35af059d7a..7d0ac12593 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -24,17 +24,17 @@ int _gnutls_send_server_kx_message(int cd, GNUTLS_STATE state) { KX_Algorithm algorithm; - MPI x, Y, g, p; - int n_Y, n_g, n_p; - uint16 _n_Y, _n_g, _n_p; + MPI x, X, g, p; + int n_X, n_g, n_p; + uint16 _n_X, _n_g, _n_p; uint8 data[1536]; /* 3*512 */ uint8 *data_p; uint8 *data_g; - uint8 *data_Y; + uint8 *data_X; int ret=0; - n_Y = n_g = n_p = 512 - 2; + n_X = n_g = n_p = 512 - 2; algorithm = _gnutls_cipher_suite_get_kx_algo(state-> @@ -44,8 +44,10 @@ int _gnutls_send_server_kx_message(int cd, GNUTLS_STATE state) if (_gnutls_kx_algo_server_key_exchange(algorithm) != 0) { if ( _gnutls_cipher_suite_get_kx_algo(state->gnutls_internals.current_cipher_suite) == KX_ANON_DH) { - Y = _gnutls_calc_dh_secret(&x); + X = _gnutls_calc_dh_secret(&x); + state->gnutls_internals.dh_secret = x; + g = _gnutls_get_dh_params(&p); @@ -74,21 +76,20 @@ int _gnutls_send_server_kx_message(int cd, GNUTLS_STATE state) memmove(data_g, &_n_g, 2); #endif - data_Y = &data_g[2+n_g]; - gcry_mpi_print(GCRYMPI_FMT_STD, &data_Y[2], - &n_Y, Y); - _n_Y = n_Y; + data_X = &data_g[2+n_g]; + gcry_mpi_print(GCRYMPI_FMT_STD, &data_X[2], + &n_X, X); + _n_X = n_X; #ifndef WORDS_BIGENDIAN - _n_Y = byteswap16(_n_Y); - memmove(data_Y, &_n_Y, 2); + _n_X = byteswap16(_n_X); + memmove(data_X, &_n_X, 2); #else - memmove(data_Y, &_n_Y, 2); + memmove(data_X, &_n_X, 2); #endif - ret = _gnutls_send_handshake(cd, state, data, - n_p + n_g + n_Y + 6, + n_p + n_g + n_X + 6, GNUTLS_SERVER_KEY_EXCHANGE); } else { ret = GNUTLS_E_UNKNOWN_KX_ALGORITHM; @@ -130,6 +131,7 @@ int _gnutls_send_client_kx_message(int cd, GNUTLS_STATE state) &n_X, X); + _n_X = n_X; #ifndef WORDS_BIGENDIAN _n_X = byteswap16(_n_X); @@ -145,11 +147,11 @@ int _gnutls_send_client_kx_message(int cd, GNUTLS_STATE state) /* calculate the key after sending the message */ state->gnutls_internals.KEY = __gnutls_calc_dh_key( state->gnutls_internals.client_Y, x, state->gnutls_internals.client_p); - gcry_mpi_print(GCRYMPI_FMT_STD, premaster, &premaster_size, state->gnutls_internals.KEY); - fprintf(stderr, "premaster: %s || %d\n", bin2hex(premaster, premaster_size), premaster_size); + /* THIS SHOULD BE DISCARDED */ + mpi_release(state->gnutls_internals.KEY); } else { ret = GNUTLS_E_UNKNOWN_KX_ALGORITHM; @@ -157,7 +159,9 @@ int _gnutls_send_client_kx_message(int cd, GNUTLS_STATE state) master = gnutls_PRF( premaster, premaster_size, "master secret", strlen("master secret"), random, 64 ,48); + fprintf(stderr, "master: %s\n", bin2hex(master, 48)); memmove( state->security_parameters.master_secret, master, 48); + secure_free(master); gnutls_free(random); @@ -198,7 +202,7 @@ int _gnutls_recv_server_kx_message(int cd, GNUTLS_STATE state) n_p = byteswap16(n_p); #endif data_p = &data[i]; - i+=n_p; + i+=n_p; memmove( &n_g, &data[i], 2); #ifndef WORDS_BIGENDIAN @@ -213,9 +217,9 @@ int _gnutls_recv_server_kx_message(int cd, GNUTLS_STATE state) #ifndef WORDS_BIGENDIAN n_Y = byteswap16(n_Y); #endif - i+=n_Y; data_Y = &data[i]; - + i+=n_Y; + _n_Y = n_Y; _n_g = n_g; _n_p = n_p; @@ -276,7 +280,8 @@ int _gnutls_recv_client_kx_message(int cd, GNUTLS_STATE state) gcry_mpi_print(GCRYMPI_FMT_STD, premaster, &premaster_size, state->gnutls_internals.KEY); - fprintf(stderr, "premaster: %s\n", bin2hex(premaster, premaster_size)); + /* THIS SHOULD BE DISCARDED */ + mpi_release(state->gnutls_internals.KEY); } else { ret = GNUTLS_E_UNKNOWN_KX_ALGORITHM; } @@ -284,11 +289,13 @@ int _gnutls_recv_client_kx_message(int cd, GNUTLS_STATE state) master = gnutls_PRF( premaster, premaster_size, "master secret", strlen("master secret"), random, 64 ,48); + fprintf(stderr, "master: %s\n", bin2hex(master, 48)); + memmove( state->security_parameters.master_secret, master, 48); + secure_free(master); gnutls_free(random); - return ret; } diff --git a/src/port.h b/src/port.h index ec050bd006..d5e2efd0d9 100644 --- a/src/port.h +++ b/src/port.h @@ -1 +1 @@ -#define PORT 5556
\ No newline at end of file +#define PORT 5557
\ No newline at end of file |