diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-01-21 10:35:09 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-01-21 23:13:03 +1100 |
| commit | 71e67fff946396caa110a7964da23480757258ff (patch) | |
| tree | 07cae7bce377241a7b61195d0810ec91d953685e /kexc25519.c | |
| parent | 4b83e2a2cc0c12e671a77eaba1c1245894f4e884 (diff) | |
upstream: pass values used in KEX hash computation as sshbuf
rather than pointer+len
suggested by me; implemented by markus@ ok me
OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0
Diffstat (limited to 'kexc25519.c')
| -rw-r--r-- | kexc25519.c | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/kexc25519.c b/kexc25519.c index a06c6e44b..ec5bb574f 100644 --- a/kexc25519.c +++ b/kexc25519.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexc25519.c,v 1.14 2019/01/21 10:24:09 djm Exp $ */ | 1 | /* $OpenBSD: kexc25519.c,v 1.15 2019/01/21 10:35:09 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
| @@ -96,9 +96,9 @@ kex_c25519_hash( | |||
| 96 | const u_char *ckexinit, size_t ckexinitlen, | 96 | const u_char *ckexinit, size_t ckexinitlen, |
| 97 | const u_char *skexinit, size_t skexinitlen, | 97 | const u_char *skexinit, size_t skexinitlen, |
| 98 | const u_char *serverhostkeyblob, size_t sbloblen, | 98 | const u_char *serverhostkeyblob, size_t sbloblen, |
| 99 | const u_char *client_pub, size_t client_pub_len, | 99 | const struct sshbuf *client_pub, |
| 100 | const u_char *server_pub, size_t server_pub_len, | 100 | const struct sshbuf *server_pub, |
| 101 | const u_char *shared_secret, size_t secretlen, | 101 | const struct sshbuf *shared_secret, |
| 102 | u_char *hash, size_t *hashlen) | 102 | u_char *hash, size_t *hashlen) |
| 103 | { | 103 | { |
| 104 | struct sshbuf *b; | 104 | struct sshbuf *b; |
| @@ -118,9 +118,9 @@ kex_c25519_hash( | |||
| 118 | (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || | 118 | (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || |
| 119 | (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || | 119 | (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || |
| 120 | (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || | 120 | (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || |
| 121 | (r = sshbuf_put_string(b, client_pub, client_pub_len)) != 0 || | 121 | (r = sshbuf_put_stringb(b, client_pub)) != 0 || |
| 122 | (r = sshbuf_put_string(b, server_pub, server_pub_len)) != 0 || | 122 | (r = sshbuf_put_stringb(b, server_pub)) != 0 || |
| 123 | (r = sshbuf_put(b, shared_secret, secretlen)) != 0) { | 123 | (r = sshbuf_putb(b, shared_secret)) != 0) { |
| 124 | sshbuf_free(b); | 124 | sshbuf_free(b); |
| 125 | return r; | 125 | return r; |
| 126 | } | 126 | } |
| @@ -162,11 +162,12 @@ kex_c25519_keypair(struct kex *kex) | |||
| 162 | } | 162 | } |
| 163 | 163 | ||
| 164 | int | 164 | int |
| 165 | kex_c25519_enc(struct kex *kex, const u_char *pkblob, | 165 | kex_c25519_enc(struct kex *kex, const struct sshbuf *client_blob, |
| 166 | size_t pklen, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) | 166 | struct sshbuf **server_blobp, struct sshbuf **shared_secretp) |
| 167 | { | 167 | { |
| 168 | struct sshbuf *server_blob = NULL; | 168 | struct sshbuf *server_blob = NULL; |
| 169 | struct sshbuf *buf = NULL; | 169 | struct sshbuf *buf = NULL; |
| 170 | const u_char *client_pub; | ||
| 170 | u_char *server_pub; | 171 | u_char *server_pub; |
| 171 | u_char server_key[CURVE25519_SIZE]; | 172 | u_char server_key[CURVE25519_SIZE]; |
| 172 | int r; | 173 | int r; |
| @@ -174,12 +175,13 @@ kex_c25519_enc(struct kex *kex, const u_char *pkblob, | |||
| 174 | *server_blobp = NULL; | 175 | *server_blobp = NULL; |
| 175 | *shared_secretp = NULL; | 176 | *shared_secretp = NULL; |
| 176 | 177 | ||
| 177 | if (pklen != CURVE25519_SIZE) { | 178 | if (sshbuf_len(client_blob) != CURVE25519_SIZE) { |
| 178 | r = SSH_ERR_SIGNATURE_INVALID; | 179 | r = SSH_ERR_SIGNATURE_INVALID; |
| 179 | goto out; | 180 | goto out; |
| 180 | } | 181 | } |
| 182 | client_pub = sshbuf_ptr(client_blob); | ||
| 181 | #ifdef DEBUG_KEXECDH | 183 | #ifdef DEBUG_KEXECDH |
| 182 | dump_digest("client public key 25519:", pkblob, CURVE25519_SIZE); | 184 | dump_digest("client public key 25519:", client_pub, CURVE25519_SIZE); |
| 183 | #endif | 185 | #endif |
| 184 | /* allocate space for encrypted KEM key and ECDH pub key */ | 186 | /* allocate space for encrypted KEM key and ECDH pub key */ |
| 185 | if ((server_blob = sshbuf_new()) == NULL) { | 187 | if ((server_blob = sshbuf_new()) == NULL) { |
| @@ -194,7 +196,7 @@ kex_c25519_enc(struct kex *kex, const u_char *pkblob, | |||
| 194 | r = SSH_ERR_ALLOC_FAIL; | 196 | r = SSH_ERR_ALLOC_FAIL; |
| 195 | goto out; | 197 | goto out; |
| 196 | } | 198 | } |
| 197 | if ((r = kexc25519_shared_key_ext(server_key, pkblob, buf, 0)) < 0) | 199 | if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 0)) < 0) |
| 198 | goto out; | 200 | goto out; |
| 199 | #ifdef DEBUG_KEXECDH | 201 | #ifdef DEBUG_KEXECDH |
| 200 | dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE); | 202 | dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE); |
| @@ -212,27 +214,29 @@ kex_c25519_enc(struct kex *kex, const u_char *pkblob, | |||
| 212 | } | 214 | } |
| 213 | 215 | ||
| 214 | int | 216 | int |
| 215 | kex_c25519_dec(struct kex *kex, const u_char *pkblob, | 217 | kex_c25519_dec(struct kex *kex, const struct sshbuf *server_blob, |
| 216 | size_t pklen, struct sshbuf **shared_secretp) | 218 | struct sshbuf **shared_secretp) |
| 217 | { | 219 | { |
| 218 | struct sshbuf *buf = NULL; | 220 | struct sshbuf *buf = NULL; |
| 221 | const u_char *server_pub; | ||
| 219 | int r; | 222 | int r; |
| 220 | 223 | ||
| 221 | *shared_secretp = NULL; | 224 | *shared_secretp = NULL; |
| 222 | 225 | ||
| 223 | if (pklen != CURVE25519_SIZE) { | 226 | if (sshbuf_len(server_blob) != CURVE25519_SIZE) { |
| 224 | r = SSH_ERR_SIGNATURE_INVALID; | 227 | r = SSH_ERR_SIGNATURE_INVALID; |
| 225 | goto out; | 228 | goto out; |
| 226 | } | 229 | } |
| 230 | server_pub = sshbuf_ptr(server_blob); | ||
| 227 | #ifdef DEBUG_KEXECDH | 231 | #ifdef DEBUG_KEXECDH |
| 228 | dump_digest("server public key c25519:", pkblob, CURVE25519_SIZE); | 232 | dump_digest("server public key c25519:", server_pub, CURVE25519_SIZE); |
| 229 | #endif | 233 | #endif |
| 230 | /* shared secret */ | 234 | /* shared secret */ |
| 231 | if ((buf = sshbuf_new()) == NULL) { | 235 | if ((buf = sshbuf_new()) == NULL) { |
| 232 | r = SSH_ERR_ALLOC_FAIL; | 236 | r = SSH_ERR_ALLOC_FAIL; |
| 233 | goto out; | 237 | goto out; |
| 234 | } | 238 | } |
| 235 | if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, pkblob, | 239 | if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, server_pub, |
| 236 | buf, 0)) < 0) | 240 | buf, 0)) < 0) |
| 237 | goto out; | 241 | goto out; |
| 238 | #ifdef DEBUG_KEXECDH | 242 | #ifdef DEBUG_KEXECDH |