void XTS_Decryption::set_key(const SymmetricKey& key)
{
u32bit key_half = key.length() / 2;
if(key.length() % 2 == 1 || !cipher->valid_keylength(key_half))
throw Invalid_Key_Length(name(), key.length());
cipher->set_key(key.begin(), key_half);
cipher2->set_key(key.begin() + key_half, key_half);
}
void SshKeyExchange::sendNewKeysPacket(const SshIncomingPacket &dhReply,
const QByteArray &clientId)
{
const SshKeyExchangeReply &reply
= dhReply.extractKeyExchangeReply(m_serverHostKeyAlgo);
if (reply.f <= 0 || reply.f >= m_dhKey->group_p()) {
throw SSH_SERVER_EXCEPTION(SSH_DISCONNECT_KEY_EXCHANGE_FAILED,
"Server sent invalid f.");
}
QByteArray concatenatedData = AbstractSshPacket::encodeString(clientId);
concatenatedData += AbstractSshPacket::encodeString(m_serverId);
concatenatedData += AbstractSshPacket::encodeString(m_clientKexInitPayload);
concatenatedData += AbstractSshPacket::encodeString(m_serverKexInitPayload);
concatenatedData += reply.k_s;
concatenatedData += AbstractSshPacket::encodeMpInt(m_dhKey->get_y());
concatenatedData += AbstractSshPacket::encodeMpInt(reply.f);
SymmetricKey k = m_dhKey->derive_key(reply.f);
m_k = AbstractSshPacket::encodeMpInt(BigInt(k.begin(), k.length()));
concatenatedData += m_k;
m_hash.reset(get_hash(botanSha1Name()));
const SecureVector<byte> &hashResult
= m_hash->process(convertByteArray(concatenatedData),
concatenatedData.size());
m_h = convertByteArray(hashResult);
QScopedPointer<Public_Key> sigKey;
QScopedPointer<PK_Verifier> verifier;
if (m_serverHostKeyAlgo == SshCapabilities::PubKeyDss) {
const DL_Group group(reply.parameters.at(0), reply.parameters.at(1),
reply.parameters.at(2));
DSA_PublicKey * const dsaKey
= new DSA_PublicKey(group, reply.parameters.at(3));
sigKey.reset(dsaKey);
verifier.reset(get_pk_verifier(*dsaKey,
botanEmsaAlgoName(SshCapabilities::PubKeyDss)));
} else if (m_serverHostKeyAlgo == SshCapabilities::PubKeyRsa) {
RSA_PublicKey * const rsaKey
= new RSA_PublicKey(reply.parameters.at(1), reply.parameters.at(0));
sigKey.reset(rsaKey);
verifier.reset(get_pk_verifier(*rsaKey,
botanEmsaAlgoName(SshCapabilities::PubKeyRsa)));
} else {
Q_ASSERT(!"Impossible: Neither DSS nor RSA!");
}
const byte * const botanH = convertByteArray(m_h);
const Botan::byte * const botanSig
= convertByteArray(reply.signatureBlob);
if (!verifier->verify_message(botanH, m_h.size(), botanSig,
reply.signatureBlob.size())) {
throw SSH_SERVER_EXCEPTION(SSH_DISCONNECT_KEY_EXCHANGE_FAILED,
"Invalid signature in SSH_MSG_KEXDH_REPLY packet.");
}
m_sendFacility.sendNewKeysPacket();
}
bool ne7ssh_crypt::makeKexSecret (Botan::SecureVector<Botan::byte> &result, Botan::BigInt &f)
{
PK_Key_Agreement key_agreement(*privKexKey, "Raw");
SymmetricKey negotiated = key_agreement.derive_key(32, (byte*)f.data(), f.bytes(), "");
// SymmetricKey negotiated = privKexKey->derive_key (f);
if (!negotiated.length()) return false;
BigInt Kint (negotiated.begin(), negotiated.length());
ne7ssh_string::bn2vector(result, Kint);
K = Botan::SecureVector<Botan::byte>(result);
delete privKexKey;
privKexKey = 0;
return true;
}