diff options
Diffstat (limited to 'kexc25519c.c')
-rw-r--r-- | kexc25519c.c | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/kexc25519c.c b/kexc25519c.c new file mode 100644 index 000000000..f741566cc --- /dev/null +++ b/kexc25519c.c | |||
@@ -0,0 +1,128 @@ | |||
1 | /* $OpenBSD: kexc25519c.c,v 1.2 2013/11/02 22:02:14 markus Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | ||
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | ||
5 | * Copyright (c) 2013 Aris Adamantiadis. All rights reserved. | ||
6 | * | ||
7 | * Redistribution and use in source and binary forms, with or without | ||
8 | * modification, are permitted provided that the following conditions | ||
9 | * are met: | ||
10 | * 1. Redistributions of source code must retain the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer. | ||
12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer in the | ||
14 | * documentation and/or other materials provided with the distribution. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | #include "includes.h" | ||
29 | |||
30 | #include <sys/types.h> | ||
31 | |||
32 | #include <stdio.h> | ||
33 | #include <string.h> | ||
34 | #include <signal.h> | ||
35 | |||
36 | #include "xmalloc.h" | ||
37 | #include "buffer.h" | ||
38 | #include "key.h" | ||
39 | #include "cipher.h" | ||
40 | #include "kex.h" | ||
41 | #include "log.h" | ||
42 | #include "packet.h" | ||
43 | #include "ssh2.h" | ||
44 | |||
45 | void | ||
46 | kexc25519_client(Kex *kex) | ||
47 | { | ||
48 | BIGNUM *shared_secret; | ||
49 | Key *server_host_key; | ||
50 | u_char client_key[CURVE25519_SIZE]; | ||
51 | u_char client_pubkey[CURVE25519_SIZE]; | ||
52 | u_char *server_pubkey = NULL; | ||
53 | u_char *server_host_key_blob = NULL, *signature = NULL; | ||
54 | u_char *hash; | ||
55 | u_int slen, sbloblen, hashlen; | ||
56 | |||
57 | kexc25519_keygen(client_key, client_pubkey); | ||
58 | |||
59 | packet_start(SSH2_MSG_KEX_ECDH_INIT); | ||
60 | packet_put_string(client_pubkey, sizeof(client_pubkey)); | ||
61 | packet_send(); | ||
62 | debug("sending SSH2_MSG_KEX_ECDH_INIT"); | ||
63 | |||
64 | #ifdef DEBUG_KEXECDH | ||
65 | dump_digest("client private key:", client_key, sizeof(client_key)); | ||
66 | #endif | ||
67 | |||
68 | debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); | ||
69 | packet_read_expect(SSH2_MSG_KEX_ECDH_REPLY); | ||
70 | |||
71 | /* hostkey */ | ||
72 | server_host_key_blob = packet_get_string(&sbloblen); | ||
73 | server_host_key = key_from_blob(server_host_key_blob, sbloblen); | ||
74 | if (server_host_key == NULL) | ||
75 | fatal("cannot decode server_host_key_blob"); | ||
76 | if (server_host_key->type != kex->hostkey_type) | ||
77 | fatal("type mismatch for decoded server_host_key_blob"); | ||
78 | if (kex->verify_host_key == NULL) | ||
79 | fatal("cannot verify server_host_key"); | ||
80 | if (kex->verify_host_key(server_host_key) == -1) | ||
81 | fatal("server_host_key verification failed"); | ||
82 | |||
83 | /* Q_S, server public key */ | ||
84 | server_pubkey = packet_get_string(&slen); | ||
85 | if (slen != CURVE25519_SIZE) | ||
86 | fatal("Incorrect size for server Curve25519 pubkey: %d", slen); | ||
87 | |||
88 | #ifdef DEBUG_KEXECDH | ||
89 | dump_digest("server public key:", server_pubkey, CURVE25519_SIZE); | ||
90 | #endif | ||
91 | |||
92 | /* signed H */ | ||
93 | signature = packet_get_string(&slen); | ||
94 | packet_check_eom(); | ||
95 | |||
96 | shared_secret = kexc25519_shared_key(client_key, server_pubkey); | ||
97 | |||
98 | /* calc and verify H */ | ||
99 | kex_c25519_hash( | ||
100 | kex->evp_md, | ||
101 | kex->client_version_string, | ||
102 | kex->server_version_string, | ||
103 | buffer_ptr(&kex->my), buffer_len(&kex->my), | ||
104 | buffer_ptr(&kex->peer), buffer_len(&kex->peer), | ||
105 | server_host_key_blob, sbloblen, | ||
106 | client_pubkey, | ||
107 | server_pubkey, | ||
108 | shared_secret, | ||
109 | &hash, &hashlen | ||
110 | ); | ||
111 | free(server_host_key_blob); | ||
112 | free(server_pubkey); | ||
113 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) | ||
114 | fatal("key_verify failed for server_host_key"); | ||
115 | key_free(server_host_key); | ||
116 | free(signature); | ||
117 | |||
118 | /* save session id */ | ||
119 | if (kex->session_id == NULL) { | ||
120 | kex->session_id_len = hashlen; | ||
121 | kex->session_id = xmalloc(kex->session_id_len); | ||
122 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
123 | } | ||
124 | |||
125 | kex_derive_keys(kex, hash, hashlen, shared_secret); | ||
126 | BN_clear_free(shared_secret); | ||
127 | kex_finish(kex); | ||
128 | } | ||