Hello,
I'm currently running tests on my early implementation of known_hosts checks,
but I've crashed into a problem I thought I'd ask you lot for advice about
before I go to bed and try further tomorrow.
It's about the sha1 hash checks. My code fails to get the same hash output as
the openssh code does! The openssh does (using OpenSSL functions):
md = EVP_sha1();
HMAC_Init(&mac_ctx, salt, len, md);
HMAC_Update(&mac_ctx, host, strlen(host));
HMAC_Final(&mac_ctx, result, NULL);
HMAC_cleanup(&mac_ctx);
while we have a "generic" crypto layer that is slightly different so my code
does:
libssh2_sha1_init(&ctx);
libssh2_sha1_update(ctx, node->salt, node->salt_len);
libssh2_sha1_update(ctx, host, strlen(host));
libssh2_sha1_final(ctx, hash);
Outputting the 'salt' and the 'host' buffers at these points in both
functions, show them to be identical. Thus the code flow is not the right one
as the final hashes are different.
I figure HMAC_Init() + HMAC_Update() simply isn't the same as
libssh2_sha1_init() + libssh2_sha1_update() + libssh2_sha1_update(). Does
anyone around here know this stuff?
I'm planning to post an early version of my work tomorrow or so.
-- / daniel.haxx.se ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ libssh2-devel mailing list libssh2-devel_at_lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libssh2-develReceived on 2009-05-07