upstream commit

adapt kex to sshbuf and struct ssh; ok djm@
author: markus@openbsd.org <markus@openbsd.org> 2015-01-19 20:16:15 +0000
committer: Damien Miller <djm@mindrot.org> 2015-01-20 09:19:39 +1100
commit: 57d10cbe861a235dd269c74fb2fe248469ecee9d (patch)
tree: c65deed24700490bd3b20300c4829d4d5466ff6d /kexecdhc.c
parent: 3fdc88a0def4f86aa88a5846ac079dc964c0546a (diff)
1 files changed, 137 insertions, 70 deletions
diff --git a/kexecdhc.c b/kexecdhc.c
index df811c1c8..3f362c5b1 100644
--- a/kexecdhc.c
+++ b/kexecdhc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhc.c,v 1.8 2015/01/19 19:52:16 markus Exp $ */
+/* $OpenBSD: kexecdhc.c,v 1.9 2015/01/19 20:16:15 markus Exp $ */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -34,126 +34,193 @@
 #include <string.h>
 #include <signal.h>
-#include "xmalloc.h"
+#include <openssl/ecdh.h>
-#include "buffer.h"
-#include "key.h"
+#include "sshkey.h"
 #include "cipher.h"
+#include "digest.h"
 #include "kex.h"
 #include "log.h"
 #include "packet.h"
 #include "dh.h"
 #include "ssh2.h"
+#include "dispatch.h"
+#include "compat.h"
+#include "ssherr.h"
+#include "sshbuf.h"
-#include <openssl/ecdh.h>
+static int input_kex_ecdh_reply(int, u_int32_t, void *);
-void
+int
-kexecdh_client(Kex *kex)
+kexecdh_client(struct ssh *ssh)
 {
-        EC_KEY *client_key;
+        struct kex *kex = ssh->kex;
-        EC_POINT *server_public;
+        EC_KEY *client_key = NULL;
        const EC_GROUP *group;
-        BIGNUM *shared_secret;
+        const EC_POINT *public_key;
-        Key *server_host_key;
+        int r;
-        u_char *server_host_key_blob = NULL, *signature = NULL;
-        u_char *kbuf, *hash;
-        u_int klen, slen, sbloblen, hashlen;
-        if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)
+        if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
-                fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
+                r = SSH_ERR_ALLOC_FAIL;
-        if (EC_KEY_generate_key(client_key) != 1)
+                goto out;
-                fatal("%s: EC_KEY_generate_key failed", __func__);
+        }
+        if (EC_KEY_generate_key(client_key) != 1) {
+                r = SSH_ERR_LIBCRYPTO_ERROR;
+                goto out;
+        }
        group = EC_KEY_get0_group(client_key);
+        public_key = EC_KEY_get0_public_key(client_key);
-        packet_start(SSH2_MSG_KEX_ECDH_INIT);
+        if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 ||
-        packet_put_ecpoint(group, EC_KEY_get0_public_key(client_key));
+            (r = sshpkt_put_ec(ssh, public_key, group)) != 0 ||
-        packet_send();
+            (r = sshpkt_send(ssh)) != 0)
+                goto out;
        debug("sending SSH2_MSG_KEX_ECDH_INIT");
 #ifdef DEBUG_KEXECDH
        fputs("client private key:\n", stderr);
-        key_dump_ec_key(client_key);
+        sshkey_dump_ec_key(client_key);
 #endif
+        kex->ec_client_key = client_key;
+        kex->ec_group = group;
+        client_key = NULL;      /* owned by the kex */
        debug("expecting SSH2_MSG_KEX_ECDH_REPLY");
-        packet_read_expect(SSH2_MSG_KEX_ECDH_REPLY);
+        ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_ecdh_reply);
+        r = 0;
+ out:
+        if (client_key)
+                EC_KEY_free(client_key);
+        return r;
+}
+static int
+input_kex_ecdh_reply(int type, u_int32_t seq, void *ctxt)
+{
+        struct ssh *ssh = ctxt;
+        struct kex *kex = ssh->kex;
+        const EC_GROUP *group;
+        EC_POINT *server_public = NULL;
+        EC_KEY *client_key;
+        BIGNUM *shared_secret = NULL;
+        struct sshkey *server_host_key = NULL;
+        u_char *server_host_key_blob = NULL, *signature = NULL;
+        u_char *kbuf = NULL;
+        u_char hash[SSH_DIGEST_MAX_LENGTH];
+        size_t slen, sbloblen;
+        size_t klen = 0, hashlen;
+        int r;
+        if (kex->verify_host_key == NULL) {
+                r = SSH_ERR_INVALID_ARGUMENT;
+                goto out;
+        }
+        group = kex->ec_group;
+        client_key = kex->ec_client_key;
        /* hostkey */
-        server_host_key_blob = packet_get_string(&sbloblen);
+        if ((r = sshpkt_get_string(ssh, &server_host_key_blob,
-        server_host_key = key_from_blob(server_host_key_blob, sbloblen);
+            &sbloblen)) != 0 ||
-        if (server_host_key == NULL)
+            (r = sshkey_from_blob(server_host_key_blob, sbloblen,
-                fatal("cannot decode server_host_key_blob");
+            &server_host_key)) != 0)
-        if (server_host_key->type != kex->hostkey_type)
+                goto out;
-                fatal("type mismatch for decoded server_host_key_blob");
+        if (server_host_key->type != kex->hostkey_type) {
-        if (kex->verify_host_key == NULL)
+                r = SSH_ERR_KEY_TYPE_MISMATCH;
-                fatal("cannot verify server_host_key");
+                goto out;
-        if (kex->verify_host_key(server_host_key) == -1)
+        }
-                fatal("server_host_key verification failed");
+        if (kex->verify_host_key(server_host_key, ssh) == -1) {
+                r = SSH_ERR_SIGNATURE_INVALID;
+                goto out;
+        }
        /* Q_S, server public key */
-        if ((server_public = EC_POINT_new(group)) == NULL)
+        /* signed H */
-                fatal("%s: EC_POINT_new failed", __func__);
+        if ((server_public = EC_POINT_new(group)) == NULL) {
-        packet_get_ecpoint(group, server_public);
+                r = SSH_ERR_ALLOC_FAIL;
+                goto out;
-        if (key_ec_validate_public(group, server_public) != 0)
+        }
-                fatal("%s: invalid server public key", __func__);
+        if ((r = sshpkt_get_ec(ssh, server_public, group)) != 0 ||
+            (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||
+            (r = sshpkt_get_end(ssh)) != 0)
+                goto out;
 #ifdef DEBUG_KEXECDH
        fputs("server public key:\n", stderr);
-        key_dump_ec_point(group, server_public);
+        sshkey_dump_ec_point(group, server_public);
 #endif
+        if (sshkey_ec_validate_public(group, server_public) != 0) {
-        /* signed H */
+                sshpkt_disconnect(ssh, "invalid server public key");
-        signature = packet_get_string(&slen);
+                r = SSH_ERR_MESSAGE_INCOMPLETE;
-        packet_check_eom();
+                goto out;
+        }
        klen = (EC_GROUP_get_degree(group) + 7) / 8;
-        kbuf = xmalloc(klen);
+        if ((kbuf = malloc(klen)) == NULL ||
+            (shared_secret = BN_new()) == NULL) {
+                r = SSH_ERR_ALLOC_FAIL;
+                goto out;
+        }
        if (ECDH_compute_key(kbuf, klen, server_public,
-            client_key, NULL) != (int)klen)
+            client_key, NULL) != (int)klen ||
-                fatal("%s: ECDH_compute_key failed", __func__);
+            BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
+                r = SSH_ERR_LIBCRYPTO_ERROR;
+                goto out;
+        }
 #ifdef DEBUG_KEXECDH
        dump_digest("shared secret", kbuf, klen);
 #endif
-        if ((shared_secret = BN_new()) == NULL)
-                fatal("%s: BN_new failed", __func__);
-        if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
-                fatal("%s: BN_bin2bn failed", __func__);
-        explicit_bzero(kbuf, klen);
-        free(kbuf);
        /* calc and verify H */
-        kex_ecdh_hash(
+        hashlen = sizeof(hash);
+        if ((r = kex_ecdh_hash(
            kex->hash_alg,
            group,
            kex->client_version_string,
            kex->server_version_string,
-            buffer_ptr(kex->my), buffer_len(kex->my),
+            sshbuf_ptr(kex->my), sshbuf_len(kex->my),
-            buffer_ptr(kex->peer), buffer_len(kex->peer),
+            sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
            server_host_key_blob, sbloblen,
            EC_KEY_get0_public_key(client_key),
            server_public,
            shared_secret,
-            &hash, &hashlen
+            hash, &hashlen)) != 0)
-        );
+                goto out;
-        free(server_host_key_blob);
-        EC_POINT_clear_free(server_public);
-        EC_KEY_free(client_key);
-        if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
+        if ((r = sshkey_verify(server_host_key, signature, slen, hash,
-                fatal("key_verify failed for server_host_key");
+            hashlen, ssh->compat)) != 0)
-        key_free(server_host_key);
+                goto out;
-        free(signature);
        /* save session id */
        if (kex->session_id == NULL) {
                kex->session_id_len = hashlen;
-                kex->session_id = xmalloc(kex->session_id_len);
+                kex->session_id = malloc(kex->session_id_len);
+                if (kex->session_id == NULL) {
+                        r = SSH_ERR_ALLOC_FAIL;
+                        goto out;
+                }
                memcpy(kex->session_id, hash, kex->session_id_len);
        }
-        kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
+        if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
-        BN_clear_free(shared_secret);
+                r = kex_send_newkeys(ssh);
-        kex_finish(kex);
+ out:
+        explicit_bzero(hash, sizeof(hash));
+        if (kex->ec_client_key) {
+                EC_KEY_free(kex->ec_client_key);
+                kex->ec_client_key = NULL;
+        }
+        if (server_public)
+                EC_POINT_clear_free(server_public);
+        if (kbuf) {
+                explicit_bzero(kbuf, klen);
+                free(kbuf);
+        }
+        if (shared_secret)
+                BN_clear_free(shared_secret);
+        sshkey_free(server_host_key);
+        free(server_host_key_blob);
+        free(signature);
+        return r;
 }
 #endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
author	markus@openbsd.org <markus@openbsd.org>	2015-01-19 20:16:15 +0000
committer	Damien Miller <djm@mindrot.org>	2015-01-20 09:19:39 +1100
commit	57d10cbe861a235dd269c74fb2fe248469ecee9d (patch)
tree	c65deed24700490bd3b20300c4829d4d5466ff6d /kexecdhc.c
parent	3fdc88a0def4f86aa88a5846ac079dc964c0546a (diff)

diff --git a/kexecdhc.c b/kexecdhc.c index df811c1c8..3f362c5b1 100644 --- a/kexecdhc.c +++ b/kexecdhc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: kexecdhc.c,v 1.8 2015/01/19 19:52:16 markus Exp $ */	1	/* $OpenBSD: kexecdhc.c,v 1.9 2015/01/19 20:16:15 markus Exp $ */
2	/*	2	/*
3	* Copyright (c) 2001 Markus Friedl. All rights reserved.	3	* Copyright (c) 2001 Markus Friedl. All rights reserved.
4	* Copyright (c) 2010 Damien Miller. All rights reserved.	4	* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -34,126 +34,193 @@
34	#include <string.h>	34	#include <string.h>
35	#include <signal.h>	35	#include <signal.h>
36		36
37	#include "xmalloc.h"	37	#include <openssl/ecdh.h>
38	#include "buffer.h"	38
39	#include "key.h"	39	#include "sshkey.h"
40	#include "cipher.h"	40	#include "cipher.h"
		41	#include "digest.h"
41	#include "kex.h"	42	#include "kex.h"
42	#include "log.h"	43	#include "log.h"
43	#include "packet.h"	44	#include "packet.h"
44	#include "dh.h"	45	#include "dh.h"
45	#include "ssh2.h"	46	#include "ssh2.h"
		47	#include "dispatch.h"
		48	#include "compat.h"
		49	#include "ssherr.h"
		50	#include "sshbuf.h"
46		51
47	#include <openssl/ecdh.h>	52	static int input_kex_ecdh_reply(int, u_int32_t, void *);
48		53
49	void	54	int
50	kexecdh_client(Kex *kex)	55	kexecdh_client(struct ssh *ssh)
51	{	56	{
52	EC_KEY *client_key;	57	struct kex *kex = ssh->kex;
53	EC_POINT *server_public;	58	EC_KEY *client_key = NULL;
54	const EC_GROUP *group;	59	const EC_GROUP *group;
55	BIGNUM *shared_secret;	60	const EC_POINT *public_key;
56	Key *server_host_key;	61	int r;
57	u_char server_host_key_blob = NULL, signature = NULL;
58	u_char kbuf, hash;
59	u_int klen, slen, sbloblen, hashlen;
60		62
61	if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)	63	if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
62	fatal("%s: EC_KEY_new_by_curve_name failed", __func__);	64	r = SSH_ERR_ALLOC_FAIL;
63	if (EC_KEY_generate_key(client_key) != 1)	65	goto out;
64	fatal("%s: EC_KEY_generate_key failed", __func__);	66	}
		67	if (EC_KEY_generate_key(client_key) != 1) {
		68	r = SSH_ERR_LIBCRYPTO_ERROR;
		69	goto out;
		70	}
65	group = EC_KEY_get0_group(client_key);	71	group = EC_KEY_get0_group(client_key);
		72	public_key = EC_KEY_get0_public_key(client_key);
66		73
67	packet_start(SSH2_MSG_KEX_ECDH_INIT);	74	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 \|\|
68	packet_put_ecpoint(group, EC_KEY_get0_public_key(client_key));	75	(r = sshpkt_put_ec(ssh, public_key, group)) != 0 \|\|
69	packet_send();	76	(r = sshpkt_send(ssh)) != 0)
		77	goto out;
70	debug("sending SSH2_MSG_KEX_ECDH_INIT");	78	debug("sending SSH2_MSG_KEX_ECDH_INIT");
71		79
72	#ifdef DEBUG_KEXECDH	80	#ifdef DEBUG_KEXECDH
73	fputs("client private key:\n", stderr);	81	fputs("client private key:\n", stderr);
74	key_dump_ec_key(client_key);	82	sshkey_dump_ec_key(client_key);
75	#endif	83	#endif
		84	kex->ec_client_key = client_key;
		85	kex->ec_group = group;
		86	client_key = NULL; /* owned by the kex */
76		87
77	debug("expecting SSH2_MSG_KEX_ECDH_REPLY");	88	debug("expecting SSH2_MSG_KEX_ECDH_REPLY");
78	packet_read_expect(SSH2_MSG_KEX_ECDH_REPLY);	89	ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_ecdh_reply);
		90	r = 0;
		91	out:
		92	if (client_key)
		93	EC_KEY_free(client_key);
		94	return r;
		95	}
		96
		97	static int
		98	input_kex_ecdh_reply(int type, u_int32_t seq, void *ctxt)
		99	{
		100	struct ssh *ssh = ctxt;
		101	struct kex *kex = ssh->kex;
		102	const EC_GROUP *group;
		103	EC_POINT *server_public = NULL;
		104	EC_KEY *client_key;
		105	BIGNUM *shared_secret = NULL;
		106	struct sshkey *server_host_key = NULL;
		107	u_char server_host_key_blob = NULL, signature = NULL;
		108	u_char *kbuf = NULL;
		109	u_char hash[SSH_DIGEST_MAX_LENGTH];
		110	size_t slen, sbloblen;
		111	size_t klen = 0, hashlen;
		112	int r;
		113
		114	if (kex->verify_host_key == NULL) {
		115	r = SSH_ERR_INVALID_ARGUMENT;
		116	goto out;
		117	}
		118	group = kex->ec_group;
		119	client_key = kex->ec_client_key;
79		120
80	/* hostkey */	121	/* hostkey */
81	server_host_key_blob = packet_get_string(&sbloblen);	122	if ((r = sshpkt_get_string(ssh, &server_host_key_blob,
82	server_host_key = key_from_blob(server_host_key_blob, sbloblen);	123	&sbloblen)) != 0 \|\|
83	if (server_host_key == NULL)	124	(r = sshkey_from_blob(server_host_key_blob, sbloblen,
84	fatal("cannot decode server_host_key_blob");	125	&server_host_key)) != 0)
85	if (server_host_key->type != kex->hostkey_type)	126	goto out;
86	fatal("type mismatch for decoded server_host_key_blob");	127	if (server_host_key->type != kex->hostkey_type) {
87	if (kex->verify_host_key == NULL)	128	r = SSH_ERR_KEY_TYPE_MISMATCH;
88	fatal("cannot verify server_host_key");	129	goto out;
89	if (kex->verify_host_key(server_host_key) == -1)	130	}
90	fatal("server_host_key verification failed");	131	if (kex->verify_host_key(server_host_key, ssh) == -1) {
		132	r = SSH_ERR_SIGNATURE_INVALID;
		133	goto out;
		134	}
91		135
92	/* Q_S, server public key */	136	/* Q_S, server public key */
93	if ((server_public = EC_POINT_new(group)) == NULL)	137	/* signed H */
94	fatal("%s: EC_POINT_new failed", __func__);	138	if ((server_public = EC_POINT_new(group)) == NULL) {
95	packet_get_ecpoint(group, server_public);	139	r = SSH_ERR_ALLOC_FAIL;
96		140	goto out;
97	if (key_ec_validate_public(group, server_public) != 0)	141	}
98	fatal("%s: invalid server public key", __func__);	142	if ((r = sshpkt_get_ec(ssh, server_public, group)) != 0 \|\|
		143	(r = sshpkt_get_string(ssh, &signature, &slen)) != 0 \|\|
		144	(r = sshpkt_get_end(ssh)) != 0)
		145	goto out;
99		146
100	#ifdef DEBUG_KEXECDH	147	#ifdef DEBUG_KEXECDH
101	fputs("server public key:\n", stderr);	148	fputs("server public key:\n", stderr);
102	key_dump_ec_point(group, server_public);	149	sshkey_dump_ec_point(group, server_public);
103	#endif	150	#endif
104		151	if (sshkey_ec_validate_public(group, server_public) != 0) {
105	/* signed H */	152	sshpkt_disconnect(ssh, "invalid server public key");
106	signature = packet_get_string(&slen);	153	r = SSH_ERR_MESSAGE_INCOMPLETE;
107	packet_check_eom();	154	goto out;
		155	}
108		156
109	klen = (EC_GROUP_get_degree(group) + 7) / 8;	157	klen = (EC_GROUP_get_degree(group) + 7) / 8;
110	kbuf = xmalloc(klen);	158	if ((kbuf = malloc(klen)) == NULL \|\|
		159	(shared_secret = BN_new()) == NULL) {
		160	r = SSH_ERR_ALLOC_FAIL;
		161	goto out;
		162	}
111	if (ECDH_compute_key(kbuf, klen, server_public,	163	if (ECDH_compute_key(kbuf, klen, server_public,
112	client_key, NULL) != (int)klen)	164	client_key, NULL) != (int)klen \|\|
113	fatal("%s: ECDH_compute_key failed", __func__);	165	BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
		166	r = SSH_ERR_LIBCRYPTO_ERROR;
		167	goto out;
		168	}
114		169
115	#ifdef DEBUG_KEXECDH	170	#ifdef DEBUG_KEXECDH
116	dump_digest("shared secret", kbuf, klen);	171	dump_digest("shared secret", kbuf, klen);
117	#endif	172	#endif
118	if ((shared_secret = BN_new()) == NULL)
119	fatal("%s: BN_new failed", __func__);
120	if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
121	fatal("%s: BN_bin2bn failed", __func__);
122	explicit_bzero(kbuf, klen);
123	free(kbuf);
124
125	/* calc and verify H */	173	/* calc and verify H */
126	kex_ecdh_hash(	174	hashlen = sizeof(hash);
		175	if ((r = kex_ecdh_hash(
127	kex->hash_alg,	176	kex->hash_alg,
128	group,	177	group,
129	kex->client_version_string,	178	kex->client_version_string,
130	kex->server_version_string,	179	kex->server_version_string,
131	buffer_ptr(kex->my), buffer_len(kex->my),	180	sshbuf_ptr(kex->my), sshbuf_len(kex->my),
132	buffer_ptr(kex->peer), buffer_len(kex->peer),	181	sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
133	server_host_key_blob, sbloblen,	182	server_host_key_blob, sbloblen,
134	EC_KEY_get0_public_key(client_key),	183	EC_KEY_get0_public_key(client_key),
135	server_public,	184	server_public,
136	shared_secret,	185	shared_secret,
137	&hash, &hashlen	186	hash, &hashlen)) != 0)
138	);	187	goto out;
139	free(server_host_key_blob);
140	EC_POINT_clear_free(server_public);
141	EC_KEY_free(client_key);
142		188
143	if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)	189	if ((r = sshkey_verify(server_host_key, signature, slen, hash,
144	fatal("key_verify failed for server_host_key");	190	hashlen, ssh->compat)) != 0)
145	key_free(server_host_key);	191	goto out;
146	free(signature);
147		192
148	/* save session id */	193	/* save session id */
149	if (kex->session_id == NULL) {	194	if (kex->session_id == NULL) {
150	kex->session_id_len = hashlen;	195	kex->session_id_len = hashlen;
151	kex->session_id = xmalloc(kex->session_id_len);	196	kex->session_id = malloc(kex->session_id_len);
		197	if (kex->session_id == NULL) {
		198	r = SSH_ERR_ALLOC_FAIL;
		199	goto out;
		200	}
152	memcpy(kex->session_id, hash, kex->session_id_len);	201	memcpy(kex->session_id, hash, kex->session_id_len);
153	}	202	}
154		203
155	kex_derive_keys_bn(kex, hash, hashlen, shared_secret);	204	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
156	BN_clear_free(shared_secret);	205	r = kex_send_newkeys(ssh);
157	kex_finish(kex);	206	out:
		207	explicit_bzero(hash, sizeof(hash));
		208	if (kex->ec_client_key) {
		209	EC_KEY_free(kex->ec_client_key);
		210	kex->ec_client_key = NULL;
		211	}
		212	if (server_public)
		213	EC_POINT_clear_free(server_public);
		214	if (kbuf) {
		215	explicit_bzero(kbuf, klen);
		216	free(kbuf);
		217	}
		218	if (shared_secret)
		219	BN_clear_free(shared_secret);
		220	sshkey_free(server_host_key);
		221	free(server_host_key_blob);
		222	free(signature);
		223	return r;
158	}	224	}
159	#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */	225	#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
		226