1 files changed, 117 insertions, 0 deletions
diff --git a/kexecdh.c b/kexecdh.c
new file mode 100644
index 000000000..f13f69d3b
--- /dev/null
+++ b/kexecdh.c
@@ -0,0 +1,117 @@
+/* $OpenBSD: kexecdh.c,v 1.3 2010/09/22 05:01:29 djm Exp $ */
+/*
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2010 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+#ifdef OPENSSL_HAS_ECC
+#include <sys/types.h>
+#include <signal.h>
+#include <string.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#include "buffer.h"
+#include "ssh2.h"
+#include "key.h"
+#include "cipher.h"
+#include "kex.h"
+#include "log.h"
+int
+kex_ecdh_name_to_nid(const char *kexname)
+{
+        if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1)
+                fatal("%s: kexname too short \"%s\"", __func__, kexname);
+        return key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1);
+}
+const EVP_MD *
+kex_ecdh_name_to_evpmd(const char *kexname)
+{
+        int nid = kex_ecdh_name_to_nid(kexname);
+        if (nid == -1)
+                fatal("%s: unsupported ECDH curve \"%s\"", __func__, kexname);
+        return key_ec_nid_to_evpmd(nid);
+}
+void
+kex_ecdh_hash(
+    const EVP_MD *evp_md,
+    const EC_GROUP *ec_group,
+    char *client_version_string,
+    char *server_version_string,
+    char *ckexinit, int ckexinitlen,
+    char *skexinit, int skexinitlen,
+    u_char *serverhostkeyblob, int sbloblen,
+    const EC_POINT *client_dh_pub,
+    const EC_POINT *server_dh_pub,
+    const BIGNUM *shared_secret,
+    u_char **hash, u_int *hashlen)
+{
+        Buffer b;
+        EVP_MD_CTX md;
+        static u_char digest[EVP_MAX_MD_SIZE];
+        buffer_init(&b);
+        buffer_put_cstring(&b, client_version_string);
+        buffer_put_cstring(&b, server_version_string);
+        /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
+        buffer_put_int(&b, ckexinitlen+1);
+        buffer_put_char(&b, SSH2_MSG_KEXINIT);
+        buffer_append(&b, ckexinit, ckexinitlen);
+        buffer_put_int(&b, skexinitlen+1);
+        buffer_put_char(&b, SSH2_MSG_KEXINIT);
+        buffer_append(&b, skexinit, skexinitlen);
+        buffer_put_string(&b, serverhostkeyblob, sbloblen);
+        buffer_put_ecpoint(&b, ec_group, client_dh_pub);
+        buffer_put_ecpoint(&b, ec_group, server_dh_pub);
+        buffer_put_bignum2(&b, shared_secret);
+#ifdef DEBUG_KEX
+        buffer_dump(&b);
+#endif
+        EVP_DigestInit(&md, evp_md);
+        EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
+        EVP_DigestFinal(&md, digest, NULL);
+        buffer_free(&b);
+#ifdef DEBUG_KEX
+        dump_digest("hash", digest, EVP_MD_size(evp_md));
+#endif
+        *hash = digest;
+        *hashlen = EVP_MD_size(evp_md);
+}
+#endif /* OPENSSL_HAS_ECC */

diff --git a/kexecdh.c b/kexecdh.c new file mode 100644 index 000000000..f13f69d3b --- /dev/null +++ b/kexecdh.c
@@ -0,0 +1,117 @@
	1	/* $OpenBSD: kexecdh.c,v 1.3 2010/09/22 05:01:29 djm Exp $ */
	2	/*
	3	* Copyright (c) 2001 Markus Friedl. All rights reserved.
	4	* Copyright (c) 2010 Damien Miller. All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	* 1. Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	* 2. Redistributions in binary form must reproduce the above copyright
	12	* notice, this list of conditions and the following disclaimer in the
	13	* documentation and/or other materials provided with the distribution.
	14	*
	15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	25	*/
	26
	27	#include "includes.h"
	28
	29	#ifdef OPENSSL_HAS_ECC
	30
	31	#include <sys/types.h>
	32
	33	#include <signal.h>
	34	#include <string.h>
	35
	36	#include <openssl/bn.h>
	37	#include <openssl/evp.h>
	38	#include <openssl/ec.h>
	39	#include <openssl/ecdh.h>
	40
	41	#include "buffer.h"
	42	#include "ssh2.h"
	43	#include "key.h"
	44	#include "cipher.h"
	45	#include "kex.h"
	46	#include "log.h"
	47
	48	int
	49	kex_ecdh_name_to_nid(const char *kexname)
	50	{
	51	if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1)
	52	fatal("%s: kexname too short \"%s\"", __func__, kexname);
	53	return key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1);
	54	}
	55
	56	const EVP_MD *
	57	kex_ecdh_name_to_evpmd(const char *kexname)
	58	{
	59	int nid = kex_ecdh_name_to_nid(kexname);
	60
	61	if (nid == -1)
	62	fatal("%s: unsupported ECDH curve \"%s\"", __func__, kexname);
	63	return key_ec_nid_to_evpmd(nid);
	64	}
	65
	66	void
	67	kex_ecdh_hash(
	68	const EVP_MD *evp_md,
	69	const EC_GROUP *ec_group,
	70	char *client_version_string,
	71	char *server_version_string,
	72	char *ckexinit, int ckexinitlen,
	73	char *skexinit, int skexinitlen,
	74	u_char *serverhostkeyblob, int sbloblen,
	75	const EC_POINT *client_dh_pub,
	76	const EC_POINT *server_dh_pub,
	77	const BIGNUM *shared_secret,
	78	u_char *hash, u_int hashlen)
	79	{
	80	Buffer b;
	81	EVP_MD_CTX md;
	82	static u_char digest[EVP_MAX_MD_SIZE];
	83
	84	buffer_init(&b);
	85	buffer_put_cstring(&b, client_version_string);
	86	buffer_put_cstring(&b, server_version_string);
	87
	88	/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
	89	buffer_put_int(&b, ckexinitlen+1);
	90	buffer_put_char(&b, SSH2_MSG_KEXINIT);
	91	buffer_append(&b, ckexinit, ckexinitlen);
	92	buffer_put_int(&b, skexinitlen+1);
	93	buffer_put_char(&b, SSH2_MSG_KEXINIT);
	94	buffer_append(&b, skexinit, skexinitlen);
	95
	96	buffer_put_string(&b, serverhostkeyblob, sbloblen);
	97	buffer_put_ecpoint(&b, ec_group, client_dh_pub);
	98	buffer_put_ecpoint(&b, ec_group, server_dh_pub);
	99	buffer_put_bignum2(&b, shared_secret);
	100
	101	#ifdef DEBUG_KEX
	102	buffer_dump(&b);
	103	#endif
	104	EVP_DigestInit(&md, evp_md);
	105	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
	106	EVP_DigestFinal(&md, digest, NULL);
	107
	108	buffer_free(&b);
	109
	110	#ifdef DEBUG_KEX
	111	dump_digest("hash", digest, EVP_MD_size(evp_md));
	112	#endif
	113	*hash = digest;
	114	*hashlen = EVP_MD_size(evp_md);
	115	}
	116
	117	#endif /* OPENSSL_HAS_ECC */