diff options
Diffstat (limited to 'kexc25519c.c')
-rw-r--r-- | kexc25519c.c | 169 |
1 files changed, 0 insertions, 169 deletions
diff --git a/kexc25519c.c b/kexc25519c.c deleted file mode 100644 index a8d92149c..000000000 --- a/kexc25519c.c +++ /dev/null | |||
@@ -1,169 +0,0 @@ | |||
1 | /* $OpenBSD: kexc25519c.c,v 1.9 2017/12/18 02:25:15 djm Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | ||
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | ||
5 | * Copyright (c) 2013 Aris Adamantiadis. All rights reserved. | ||
6 | * | ||
7 | * Redistribution and use in source and binary forms, with or without | ||
8 | * modification, are permitted provided that the following conditions | ||
9 | * are met: | ||
10 | * 1. Redistributions of source code must retain the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer. | ||
12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer in the | ||
14 | * documentation and/or other materials provided with the distribution. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | #include "includes.h" | ||
29 | |||
30 | #include <sys/types.h> | ||
31 | |||
32 | #include <stdio.h> | ||
33 | #include <string.h> | ||
34 | #include <signal.h> | ||
35 | |||
36 | #include "sshkey.h" | ||
37 | #include "cipher.h" | ||
38 | #include "kex.h" | ||
39 | #include "log.h" | ||
40 | #include "packet.h" | ||
41 | #include "ssh2.h" | ||
42 | #include "sshbuf.h" | ||
43 | #include "digest.h" | ||
44 | #include "ssherr.h" | ||
45 | |||
46 | static int | ||
47 | input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh); | ||
48 | |||
49 | int | ||
50 | kexc25519_client(struct ssh *ssh) | ||
51 | { | ||
52 | struct kex *kex = ssh->kex; | ||
53 | int r; | ||
54 | |||
55 | kexc25519_keygen(kex->c25519_client_key, kex->c25519_client_pubkey); | ||
56 | #ifdef DEBUG_KEXECDH | ||
57 | dump_digest("client private key:", kex->c25519_client_key, | ||
58 | sizeof(kex->c25519_client_key)); | ||
59 | #endif | ||
60 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 || | ||
61 | (r = sshpkt_put_string(ssh, kex->c25519_client_pubkey, | ||
62 | sizeof(kex->c25519_client_pubkey))) != 0 || | ||
63 | (r = sshpkt_send(ssh)) != 0) | ||
64 | return r; | ||
65 | |||
66 | debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); | ||
67 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_c25519_reply); | ||
68 | return 0; | ||
69 | } | ||
70 | |||
71 | static int | ||
72 | input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) | ||
73 | { | ||
74 | struct kex *kex = ssh->kex; | ||
75 | struct sshkey *server_host_key = NULL; | ||
76 | struct sshbuf *shared_secret = NULL; | ||
77 | u_char *server_pubkey = NULL; | ||
78 | u_char *server_host_key_blob = NULL, *signature = NULL; | ||
79 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | ||
80 | size_t slen, pklen, sbloblen, hashlen; | ||
81 | int r; | ||
82 | |||
83 | if (kex->verify_host_key == NULL) { | ||
84 | r = SSH_ERR_INVALID_ARGUMENT; | ||
85 | goto out; | ||
86 | } | ||
87 | |||
88 | /* hostkey */ | ||
89 | if ((r = sshpkt_get_string(ssh, &server_host_key_blob, | ||
90 | &sbloblen)) != 0 || | ||
91 | (r = sshkey_from_blob(server_host_key_blob, sbloblen, | ||
92 | &server_host_key)) != 0) | ||
93 | goto out; | ||
94 | if (server_host_key->type != kex->hostkey_type || | ||
95 | (kex->hostkey_type == KEY_ECDSA && | ||
96 | server_host_key->ecdsa_nid != kex->hostkey_nid)) { | ||
97 | r = SSH_ERR_KEY_TYPE_MISMATCH; | ||
98 | goto out; | ||
99 | } | ||
100 | if (kex->verify_host_key(server_host_key, ssh) == -1) { | ||
101 | r = SSH_ERR_SIGNATURE_INVALID; | ||
102 | goto out; | ||
103 | } | ||
104 | |||
105 | /* Q_S, server public key */ | ||
106 | /* signed H */ | ||
107 | if ((r = sshpkt_get_string(ssh, &server_pubkey, &pklen)) != 0 || | ||
108 | (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || | ||
109 | (r = sshpkt_get_end(ssh)) != 0) | ||
110 | goto out; | ||
111 | if (pklen != CURVE25519_SIZE) { | ||
112 | r = SSH_ERR_SIGNATURE_INVALID; | ||
113 | goto out; | ||
114 | } | ||
115 | |||
116 | #ifdef DEBUG_KEXECDH | ||
117 | dump_digest("server public key:", server_pubkey, CURVE25519_SIZE); | ||
118 | #endif | ||
119 | |||
120 | if ((shared_secret = sshbuf_new()) == NULL) { | ||
121 | r = SSH_ERR_ALLOC_FAIL; | ||
122 | goto out; | ||
123 | } | ||
124 | if ((r = kexc25519_shared_key(kex->c25519_client_key, server_pubkey, | ||
125 | shared_secret)) < 0) | ||
126 | goto out; | ||
127 | |||
128 | /* calc and verify H */ | ||
129 | hashlen = sizeof(hash); | ||
130 | if ((r = kex_c25519_hash( | ||
131 | kex->hash_alg, | ||
132 | kex->client_version_string, | ||
133 | kex->server_version_string, | ||
134 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), | ||
135 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), | ||
136 | server_host_key_blob, sbloblen, | ||
137 | kex->c25519_client_pubkey, | ||
138 | server_pubkey, | ||
139 | sshbuf_ptr(shared_secret), sshbuf_len(shared_secret), | ||
140 | hash, &hashlen)) < 0) | ||
141 | goto out; | ||
142 | |||
143 | if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, | ||
144 | kex->hostkey_alg, ssh->compat)) != 0) | ||
145 | goto out; | ||
146 | |||
147 | /* save session id */ | ||
148 | if (kex->session_id == NULL) { | ||
149 | kex->session_id_len = hashlen; | ||
150 | kex->session_id = malloc(kex->session_id_len); | ||
151 | if (kex->session_id == NULL) { | ||
152 | r = SSH_ERR_ALLOC_FAIL; | ||
153 | goto out; | ||
154 | } | ||
155 | memcpy(kex->session_id, hash, kex->session_id_len); | ||
156 | } | ||
157 | |||
158 | if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) | ||
159 | r = kex_send_newkeys(ssh); | ||
160 | out: | ||
161 | explicit_bzero(hash, sizeof(hash)); | ||
162 | explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key)); | ||
163 | free(server_host_key_blob); | ||
164 | free(server_pubkey); | ||
165 | free(signature); | ||
166 | sshkey_free(server_host_key); | ||
167 | sshbuf_free(shared_secret); | ||
168 | return r; | ||
169 | } | ||