merge 5.7p1

author: Colin Watson <cjwatson@debian.org> 2011-01-24 11:46:57 +0000
committer: Colin Watson <cjwatson@debian.org> 2011-01-24 11:46:57 +0000
commit: 0970072c89b079b022538e3c366fbfa2c53fc821 (patch)
tree: b7024712d74234bb5a8b036ccbc9109e2e211296 /kexecdhc.c
parent: 4e8aa4da57000c7bba8e5c49163bc0c0ca383f78 (diff)
parent: 478ff799463ca926a8dfbabf058f4e84aaffc65a (diff)
1 files changed, 168 insertions, 0 deletions
diff --git a/kexecdhc.c b/kexecdhc.c
new file mode 100644
index 000000000..115d4bf83
--- /dev/null
+++ b/kexecdhc.c
@@ -0,0 +1,168 @@
+/* $OpenBSD: kexecdhc.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */
+/*
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2010 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+#include <sys/types.h>
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+#include "xmalloc.h"
+#include "buffer.h"
+#include "key.h"
+#include "cipher.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh2.h"
+#ifdef OPENSSL_HAS_ECC
+#include <openssl/ecdh.h>
+void
+kexecdh_client(Kex *kex)
+{
+        EC_KEY *client_key;
+        EC_POINT *server_public;
+        const EC_GROUP *group;
+        BIGNUM *shared_secret;
+        Key *server_host_key;
+        u_char *server_host_key_blob = NULL, *signature = NULL;
+        u_char *kbuf, *hash;
+        u_int klen, slen, sbloblen, hashlen;
+        int curve_nid;
+        if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1)
+                fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
+        if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
+                fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
+        if (EC_KEY_generate_key(client_key) != 1)
+                fatal("%s: EC_KEY_generate_key failed", __func__);
+        group = EC_KEY_get0_group(client_key);
+        packet_start(SSH2_MSG_KEX_ECDH_INIT);
+        packet_put_ecpoint(group, EC_KEY_get0_public_key(client_key));
+        packet_send();
+        debug("sending SSH2_MSG_KEX_ECDH_INIT");
+#ifdef DEBUG_KEXECDH
+        fputs("client private key:\n", stderr);
+        key_dump_ec_key(client_key);
+#endif
+        debug("expecting SSH2_MSG_KEX_ECDH_REPLY");
+        packet_read_expect(SSH2_MSG_KEX_ECDH_REPLY);
+        /* hostkey */
+        server_host_key_blob = packet_get_string(&sbloblen);
+        server_host_key = key_from_blob(server_host_key_blob, sbloblen);
+        if (server_host_key == NULL)
+                fatal("cannot decode server_host_key_blob");
+        if (server_host_key->type != kex->hostkey_type)
+                fatal("type mismatch for decoded server_host_key_blob");
+        if (kex->verify_host_key == NULL)
+                fatal("cannot verify server_host_key");
+        if (kex->verify_host_key(server_host_key) == -1)
+                fatal("server_host_key verification failed");
+        /* Q_S, server public key */
+        if ((server_public = EC_POINT_new(group)) == NULL)
+                fatal("%s: EC_POINT_new failed", __func__);
+        packet_get_ecpoint(group, server_public);
+        if (key_ec_validate_public(group, server_public) != 0)
+                fatal("%s: invalid server public key", __func__);
+#ifdef DEBUG_KEXECDH
+        fputs("server public key:\n", stderr);
+        key_dump_ec_point(group, server_public);
+#endif
+        /* signed H */
+        signature = packet_get_string(&slen);
+        packet_check_eom();
+        klen = (EC_GROUP_get_degree(group) + 7) / 8;
+        kbuf = xmalloc(klen);
+        if (ECDH_compute_key(kbuf, klen, server_public,
+            client_key, NULL) != (int)klen)
+                fatal("%s: ECDH_compute_key failed", __func__);
+#ifdef DEBUG_KEXECDH
+        dump_digest("shared secret", kbuf, klen);
+#endif
+        if ((shared_secret = BN_new()) == NULL)
+                fatal("%s: BN_new failed", __func__);
+        if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
+                fatal("%s: BN_bin2bn failed", __func__);
+        memset(kbuf, 0, klen);
+        xfree(kbuf);
+        /* calc and verify H */
+        kex_ecdh_hash(
+            kex->evp_md,
+            group,
+            kex->client_version_string,
+            kex->server_version_string,
+            buffer_ptr(&kex->my), buffer_len(&kex->my),
+            buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+            server_host_key_blob, sbloblen,
+            EC_KEY_get0_public_key(client_key),
+            server_public,
+            shared_secret,
+            &hash, &hashlen
+        );
+        xfree(server_host_key_blob);
+        EC_POINT_clear_free(server_public);
+        EC_KEY_free(client_key);
+        if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
+                fatal("key_verify failed for server_host_key");
+        key_free(server_host_key);
+        xfree(signature);
+        /* save session id */
+        if (kex->session_id == NULL) {
+                kex->session_id_len = hashlen;
+                kex->session_id = xmalloc(kex->session_id_len);
+                memcpy(kex->session_id, hash, kex->session_id_len);
+        }
+        kex_derive_keys(kex, hash, hashlen, shared_secret);
+        BN_clear_free(shared_secret);
+        kex_finish(kex);
+}
+#else /* OPENSSL_HAS_ECC */
+void
+kexecdh_client(Kex *kex)
+{
+        fatal("ECC support is not enabled");
+}
+#endif /* OPENSSL_HAS_ECC */
author	Colin Watson <cjwatson@debian.org>	2011-01-24 11:46:57 +0000
committer	Colin Watson <cjwatson@debian.org>	2011-01-24 11:46:57 +0000
commit	0970072c89b079b022538e3c366fbfa2c53fc821 (patch)
tree	b7024712d74234bb5a8b036ccbc9109e2e211296 /kexecdhc.c
parent	4e8aa4da57000c7bba8e5c49163bc0c0ca383f78 (diff)
parent	478ff799463ca926a8dfbabf058f4e84aaffc65a (diff)

diff --git a/kexecdhc.c b/kexecdhc.c new file mode 100644 index 000000000..115d4bf83 --- /dev/null +++ b/kexecdhc.c
@@ -0,0 +1,168 @@
	1	/* $OpenBSD: kexecdhc.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */
	2	/*
	3	* Copyright (c) 2001 Markus Friedl. All rights reserved.
	4	* Copyright (c) 2010 Damien Miller. All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	* 1. Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	* 2. Redistributions in binary form must reproduce the above copyright
	12	* notice, this list of conditions and the following disclaimer in the
	13	* documentation and/or other materials provided with the distribution.
	14	*
	15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	25	*/
	26
	27	#include "includes.h"
	28
	29	#include <sys/types.h>
	30
	31	#include <stdio.h>
	32	#include <string.h>
	33	#include <signal.h>
	34
	35	#include "xmalloc.h"
	36	#include "buffer.h"
	37	#include "key.h"
	38	#include "cipher.h"
	39	#include "kex.h"
	40	#include "log.h"
	41	#include "packet.h"
	42	#include "dh.h"
	43	#include "ssh2.h"
	44
	45	#ifdef OPENSSL_HAS_ECC
	46
	47	#include <openssl/ecdh.h>
	48
	49	void
	50	kexecdh_client(Kex *kex)
	51	{
	52	EC_KEY *client_key;
	53	EC_POINT *server_public;
	54	const EC_GROUP *group;
	55	BIGNUM *shared_secret;
	56	Key *server_host_key;
	57	u_char server_host_key_blob = NULL, signature = NULL;
	58	u_char kbuf, hash;
	59	u_int klen, slen, sbloblen, hashlen;
	60	int curve_nid;
	61
	62	if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1)
	63	fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
	64	if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
	65	fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
	66	if (EC_KEY_generate_key(client_key) != 1)
	67	fatal("%s: EC_KEY_generate_key failed", __func__);
	68	group = EC_KEY_get0_group(client_key);
	69
	70	packet_start(SSH2_MSG_KEX_ECDH_INIT);
	71	packet_put_ecpoint(group, EC_KEY_get0_public_key(client_key));
	72	packet_send();
	73	debug("sending SSH2_MSG_KEX_ECDH_INIT");
	74
	75	#ifdef DEBUG_KEXECDH
	76	fputs("client private key:\n", stderr);
	77	key_dump_ec_key(client_key);
	78	#endif
	79
	80	debug("expecting SSH2_MSG_KEX_ECDH_REPLY");
	81	packet_read_expect(SSH2_MSG_KEX_ECDH_REPLY);
	82
	83	/* hostkey */
	84	server_host_key_blob = packet_get_string(&sbloblen);
	85	server_host_key = key_from_blob(server_host_key_blob, sbloblen);
	86	if (server_host_key == NULL)
	87	fatal("cannot decode server_host_key_blob");
	88	if (server_host_key->type != kex->hostkey_type)
	89	fatal("type mismatch for decoded server_host_key_blob");
	90	if (kex->verify_host_key == NULL)
	91	fatal("cannot verify server_host_key");
	92	if (kex->verify_host_key(server_host_key) == -1)
	93	fatal("server_host_key verification failed");
	94
	95	/* Q_S, server public key */
	96	if ((server_public = EC_POINT_new(group)) == NULL)
	97	fatal("%s: EC_POINT_new failed", __func__);
	98	packet_get_ecpoint(group, server_public);
	99
	100	if (key_ec_validate_public(group, server_public) != 0)
	101	fatal("%s: invalid server public key", __func__);
	102
	103	#ifdef DEBUG_KEXECDH
	104	fputs("server public key:\n", stderr);
	105	key_dump_ec_point(group, server_public);
	106	#endif
	107
	108	/* signed H */
	109	signature = packet_get_string(&slen);
	110	packet_check_eom();
	111
	112	klen = (EC_GROUP_get_degree(group) + 7) / 8;
	113	kbuf = xmalloc(klen);
	114	if (ECDH_compute_key(kbuf, klen, server_public,
	115	client_key, NULL) != (int)klen)
	116	fatal("%s: ECDH_compute_key failed", __func__);
	117
	118	#ifdef DEBUG_KEXECDH
	119	dump_digest("shared secret", kbuf, klen);
	120	#endif
	121	if ((shared_secret = BN_new()) == NULL)
	122	fatal("%s: BN_new failed", __func__);
	123	if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
	124	fatal("%s: BN_bin2bn failed", __func__);
	125	memset(kbuf, 0, klen);
	126	xfree(kbuf);
	127
	128	/* calc and verify H */
	129	kex_ecdh_hash(
	130	kex->evp_md,
	131	group,
	132	kex->client_version_string,
	133	kex->server_version_string,
	134	buffer_ptr(&kex->my), buffer_len(&kex->my),
	135	buffer_ptr(&kex->peer), buffer_len(&kex->peer),
	136	server_host_key_blob, sbloblen,
	137	EC_KEY_get0_public_key(client_key),
	138	server_public,
	139	shared_secret,
	140	&hash, &hashlen
	141	);
	142	xfree(server_host_key_blob);
	143	EC_POINT_clear_free(server_public);
	144	EC_KEY_free(client_key);
	145
	146	if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
	147	fatal("key_verify failed for server_host_key");
	148	key_free(server_host_key);
	149	xfree(signature);
	150
	151	/* save session id */
	152	if (kex->session_id == NULL) {
	153	kex->session_id_len = hashlen;
	154	kex->session_id = xmalloc(kex->session_id_len);
	155	memcpy(kex->session_id, hash, kex->session_id_len);
	156	}
	157
	158	kex_derive_keys(kex, hash, hashlen, shared_secret);
	159	BN_clear_free(shared_secret);
	160	kex_finish(kex);
	161	}
	162	#else /* OPENSSL_HAS_ECC */
	163	void
	164	kexecdh_client(Kex *kex)
	165	{
	166	fatal("ECC support is not enabled");
	167	}
	168	#endif /* OPENSSL_HAS_ECC */