First of all, many thanks to those of you who helped me out with the
disparity between the spec and the implementation in the dss
algorithm. It's working great now!
My next question is in regards to the derivation of keys. According to
the spec (at least the only revision I've been able to find), says:
[SSH-TRANS] sect. 5.2:
Encryption keys MUST be computed as HASH of a known value and K as
follows:
Encryption key client to server: HASH(K || "C" || session_id)
..and so on for all the keys.
I'm looking at the code for the key derivation in the ssh2d (file is
trkex.c, function is ssh_kex_derive_key, line 524:
/* Compute the first part of the key. */
ssh_hash_reset(tr->hash);
if (! tr->ssh_old_keygen_bug_compat)
{
ssh_buffer_init(&buffer);
buffer_put_mp_int_ssh2style(&buffer, tr->dh_k);
ssh_hash_update(tr->hash,
ssh_buffer_ptr(&buffer),
ssh_buffer_len(&buffer));
}
ssh_hash_update(tr->hash, tr->exchange_hash, tr->exchange_hash_len);
ssh_hash_update(tr->hash, &id, 1);
ssh_hash_update(tr->hash,
tr->session_identifier,
tr->session_identifier_len);
ssh_hash_final(tr->hash, buf);
First of all, what is the deal with tr->ssh_old_keygen_bug_compat? Is this
something I should be overly concerned about?
Secondly, it appears that the buffer is being constructed as:
HASH( K || exchange_hash || "C" || session_id )
instead of
HASH( K || "C" || session_id )
Am I reading this correctly?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Rich Unger | "The only 'intuitive' interface
[EMAIL PROTECTED] | is the nipple. After that, it's
http://ungerware.dhs.org/ | all learned."
ICQ: 19120017 | -- Bruce Ediger
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
