diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-10 00:18:28 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-02-10 00:18:28 +0000 |
commit | 9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch) | |
tree | 764a885ec9a963f6a8b15de6e1765f16b9ac4738 /kexc25519s.c | |
parent | ee196dab7c5f97f0b80c8099343a375bead92010 (diff) | |
parent | cdb6c90811caa5df2df856be9b0b16db020fe31d (diff) |
Import openssh_6.5p1.orig.tar.gz
Diffstat (limited to 'kexc25519s.c')
-rw-r--r-- | kexc25519s.c | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/kexc25519s.c b/kexc25519s.c new file mode 100644 index 000000000..2b8e8efa1 --- /dev/null +++ b/kexc25519s.c | |||
@@ -0,0 +1,126 @@ | |||
1 | /* $OpenBSD: kexc25519s.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | ||
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | ||
5 | * Copyright (c) 2013 Aris Adamantiadis. All rights reserved. | ||
6 | * | ||
7 | * modification, are permitted provided that the following conditions | ||
8 | * are met: | ||
9 | * 1. Redistributions of source code must retain the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer. | ||
11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer in the | ||
13 | * documentation and/or other materials provided with the distribution. | ||
14 | * | ||
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
25 | */ | ||
26 | |||
27 | #include "includes.h" | ||
28 | |||
29 | #include <sys/types.h> | ||
30 | #include <string.h> | ||
31 | #include <signal.h> | ||
32 | |||
33 | #include "xmalloc.h" | ||
34 | #include "buffer.h" | ||
35 | #include "key.h" | ||
36 | #include "cipher.h" | ||
37 | #include "kex.h" | ||
38 | #include "log.h" | ||
39 | #include "packet.h" | ||
40 | #include "ssh2.h" | ||
41 | |||
42 | void | ||
43 | kexc25519_server(Kex *kex) | ||
44 | { | ||
45 | Key *server_host_private, *server_host_public; | ||
46 | u_char *server_host_key_blob = NULL, *signature = NULL; | ||
47 | u_char server_key[CURVE25519_SIZE]; | ||
48 | u_char *client_pubkey = NULL; | ||
49 | u_char server_pubkey[CURVE25519_SIZE]; | ||
50 | u_char *hash; | ||
51 | u_int slen, sbloblen, hashlen; | ||
52 | Buffer shared_secret; | ||
53 | |||
54 | /* generate private key */ | ||
55 | kexc25519_keygen(server_key, server_pubkey); | ||
56 | #ifdef DEBUG_KEXECDH | ||
57 | dump_digest("server private key:", server_key, sizeof(server_key)); | ||
58 | #endif | ||
59 | |||
60 | if (kex->load_host_public_key == NULL || | ||
61 | kex->load_host_private_key == NULL) | ||
62 | fatal("Cannot load hostkey"); | ||
63 | server_host_public = kex->load_host_public_key(kex->hostkey_type); | ||
64 | if (server_host_public == NULL) | ||
65 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | ||
66 | server_host_private = kex->load_host_private_key(kex->hostkey_type); | ||
67 | |||
68 | debug("expecting SSH2_MSG_KEX_ECDH_INIT"); | ||
69 | packet_read_expect(SSH2_MSG_KEX_ECDH_INIT); | ||
70 | client_pubkey = packet_get_string(&slen); | ||
71 | if (slen != CURVE25519_SIZE) | ||
72 | fatal("Incorrect size for server Curve25519 pubkey: %d", slen); | ||
73 | packet_check_eom(); | ||
74 | |||
75 | #ifdef DEBUG_KEXECDH | ||
76 | dump_digest("client public key:", client_pubkey, CURVE25519_SIZE); | ||
77 | #endif | ||
78 | |||
79 | buffer_init(&shared_secret); | ||
80 | kexc25519_shared_key(server_key, client_pubkey, &shared_secret); | ||
81 | |||
82 | /* calc H */ | ||
83 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); | ||
84 | kex_c25519_hash( | ||
85 | kex->hash_alg, | ||
86 | kex->client_version_string, | ||
87 | kex->server_version_string, | ||
88 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | ||
89 | buffer_ptr(&kex->my), buffer_len(&kex->my), | ||
90 | server_host_key_blob, sbloblen, | ||
91 | client_pubkey, | ||
92 | server_pubkey, | ||
93 | buffer_ptr(&shared_secret), buffer_len(&shared_secret), | ||
94 | &hash, &hashlen | ||
95 | ); | ||
96 | |||
97 | /* save session id := H */ | ||
98 | if (kex->session_id == NULL) { | ||
99 | kex->session_id_len = hashlen; | ||
100 | kex->session_id = xmalloc(kex->session_id_len); | ||
101 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
102 | } | ||
103 | |||
104 | /* sign H */ | ||
105 | kex->sign(server_host_private, server_host_public, &signature, &slen, | ||
106 | hash, hashlen); | ||
107 | |||
108 | /* destroy_sensitive_data(); */ | ||
109 | |||
110 | /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ | ||
111 | packet_start(SSH2_MSG_KEX_ECDH_REPLY); | ||
112 | packet_put_string(server_host_key_blob, sbloblen); | ||
113 | packet_put_string(server_pubkey, sizeof(server_pubkey)); | ||
114 | packet_put_string(signature, slen); | ||
115 | packet_send(); | ||
116 | |||
117 | free(signature); | ||
118 | free(server_host_key_blob); | ||
119 | /* have keys, free server key */ | ||
120 | free(client_pubkey); | ||
121 | |||
122 | kex_derive_keys(kex, hash, hashlen, | ||
123 | buffer_ptr(&shared_secret), buffer_len(&shared_secret)); | ||
124 | buffer_free(&shared_secret); | ||
125 | kex_finish(kex); | ||
126 | } | ||