SSH: Minor refactorings in key exchange code.

Change-Id: I107a61831ca7824c30dcc83b3a13f5765dd2da52 Reviewed-by: Joerg Bornemann <[email protected]> Reviewed-by: Christian Kandeler <[email protected]>
author: Christian Kandeler <[email protected]> 2015-05-22 17:12:38 +0200
committer: Christian Kandeler <[email protected]> 2015-05-27 15:39:37 +0000
commit: 66ccbcbb37f0f33a4be1abf69c668e90fd4a6eb3 (patch)
tree: 7137d055e9d146f189a5d12ba1f6787267323bde /src/libs/ssh/sshkeyexchange.cpp
parent: 9ec332afdd6c70fdeb41d48052efa88e4cbc84e8 (diff)
1 files changed, 7 insertions, 6 deletions
diff --git a/src/libs/ssh/sshkeyexchange.cpp b/src/libs/ssh/sshkeyexchange.cpp
index 12c26076482..1f90417c1f1 100644
--- a/src/libs/ssh/sshkeyexchange.cpp
+++ b/src/libs/ssh/sshkeyexchange.cpp
@@ -162,8 +162,11 @@ void SshKeyExchange::sendNewKeysPacket(const SshIncomingPacket &dhReply,
     concatenatedData += reply.k_s;
     concatenatedData += AbstractSshPacket::encodeMpInt(m_dhKey->get_y());
     concatenatedData += AbstractSshPacket::encodeMpInt(reply.f);
-    const BigInt k = power_mod(reply.f, m_dhKey->get_x(), m_dhKey->get_domain().get_p());
-    m_k = AbstractSshPacket::encodeMpInt(k);
+    DH_KA_Operation dhOp(*m_dhKey);
+    SecureVector<byte> encodedF = BigInt::encode(reply.f);
+    SecureVector<byte> encodedK = dhOp.agree(encodedF, encodedF.size());
+    const BigInt k = BigInt::decode(encodedK);
+    m_k = AbstractSshPacket::encodeMpInt(k); // Roundtrip, as Botan encodes BigInts somewhat differently.
     concatenatedData += m_k;
 
     m_hash.reset(get_hash(botanSha1Name()));
@@ -186,26 +189,24 @@ void SshKeyExchange::sendNewKeysPacket(const SshIncomingPacket &dhReply,
 #endif // CREATOR_SSH_DEBUG
 
     QScopedPointer<Public_Key> sigKey;
-    QScopedPointer<PK_Verifier> verifier;
     if (m_serverHostKeyAlgo == SshCapabilities::PubKeyDss) {
         const DL_Group group(reply.parameters.at(0), reply.parameters.at(1),
             reply.parameters.at(2));
         DSA_PublicKey * const dsaKey
             = new DSA_PublicKey(group, reply.parameters.at(3));
         sigKey.reset(dsaKey);
-        verifier.reset(new PK_Verifier(*dsaKey, botanEmsaAlgoName(SshCapabilities::PubKeyDss)));
     } else if (m_serverHostKeyAlgo == SshCapabilities::PubKeyRsa) {
         RSA_PublicKey * const rsaKey
             = new RSA_PublicKey(reply.parameters.at(1), reply.parameters.at(0));
         sigKey.reset(rsaKey);
-        verifier.reset(new PK_Verifier(*rsaKey, botanEmsaAlgoName(SshCapabilities::PubKeyRsa)));
     } else {
         Q_ASSERT(!"Impossible: Neither DSS nor RSA!");
     }
     const byte * const botanH = convertByteArray(m_h);
     const Botan::byte * const botanSig
         = convertByteArray(reply.signatureBlob);
-    if (!verifier->verify_message(botanH, m_h.size(), botanSig,
+    PK_Verifier verifier(*sigKey, botanEmsaAlgoName(m_serverHostKeyAlgo));
+    if (!verifier.verify_message(botanH, m_h.size(), botanSig,
         reply.signatureBlob.size())) {
         throw SSH_SERVER_EXCEPTION(SSH_DISCONNECT_KEY_EXCHANGE_FAILED,
             "Invalid signature in SSH_MSG_KEXDH_REPLY packet.");
author	Christian Kandeler <[email protected]>	2015-05-22 17:12:38 +0200
committer	Christian Kandeler <[email protected]>	2015-05-27 15:39:37 +0000
commit	66ccbcbb37f0f33a4be1abf69c668e90fd4a6eb3 (patch)
tree	7137d055e9d146f189a5d12ba1f6787267323bde /src/libs/ssh/sshkeyexchange.cpp
parent	9ec332afdd6c70fdeb41d48052efa88e4cbc84e8 (diff)