questions about SSH1_SMSG_PUBLIC_KEY packet

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
In SSH v1, the first binary packet sent out is of the type
SSH_SMSG_PUBLIC_KEY.  The protocol docs describe the packet thusly:


        8 bytes      anti_spoofing_cookie
        32-bit int   server_key_bits
        mp-int       server_key_public_exponent
        mp-int       server_key_public_modulus
        32-bit int   host_key_bits
        mp-int       host_key_public_exponent
        mp-int       host_key_public_modulus
        32-bit int   protocol_flags
        32-bit int   supported_ciphers_mask
        32-bit int   supported_authentications_mask

        Sent as the first message by the server.  This message gives
        server's host key, server key, protocol flags (intended for
        patible protocol extension), supported_ciphers_mask (which is
        the bitwise or of (1 << cipher_number), where << is the left
        shift operator, for all supported ciphers), and
        supported_authentications_mask (which is the bitwise or of (1
        authentication_type) for all supported authentication types).
        The anti_spoofing_cookie is 64 random bits, and must be sent
        back verbatim by the client in its reply.  It is used to make
        IP-spoofing more difficult (encryption and host keys are the
        real defense against spoofing).

My question is...  what's the point of server_key_bits and
host_key_bits?  At first, I thought it might be to specify the size of
the multiple-precission integer field, but looking back at the
description of the multiple-precission integer field, I see that the
length is already taken care of:

   Multiple-precision integer
        First 2 bytes are the number of bits in the integer, msb first
        (for example, the value 0x00012345 would have 17 bits).  The
        value zero has zero bits.  It is permissible that the number of
        bits be larger than the real number of bits.

        The number of bits is followed by (bits + 7) / 8 bytes of
        data, msb first, giving the value of the integer.

So...  my question would still seem to stand.  What's the point of
server_key_bits and host_key_bits?

The SSH v1 documentation (from which the above quotations are made) can
be found here:

Re: questions about SSH1_SMSG_PUBLIC_KEY packet

yawnmoth wrote:

Quoted text here. Click to load it
You just need to put it there. it's done because it may be easier to parse
than reading right into the mpint.
also, don't forget there is a trick in the response you must send :
depending which is the largest key (host or server) you must encrypt with
the biggest (or smaller) first. It is illegal to have |host - server| < 128
if I remember well.

Re: questions about SSH1_SMSG_PUBLIC_KEY packet

Aris wrote:
Quoted text here. Click to load it
Thanks for the heads up! :)

Re: questions about SSH1_SMSG_PUBLIC_KEY packet

On Tue, 17 Jan 2006 00:31:39 -0800, yawnmoth wrote:

Quoted text here. Click to load it

    Thinking in terms of the server key, I think that what happens is that
the server_key_bits gives the size, in bits, of the server key, whereas
the first two bytes of the multiple precision integer that represents the
modulus of the server key gives the position of the most significant bit
set in that modulus.

    These two quantities are not the same, in general - a 1024-bit modulus
may be such that its most significant bit set is in position 1022, rather
than 1023 (counting from the right, starting at the zeroth bit).

    Analogously foe host_key_bits.

Site Timeline