1 files changed, 173 insertions, 0 deletions
diff --git a/kexecdhs.c b/kexecdhs.c
new file mode 100644
index 000000000..8c515dfa6
--- /dev/null
+++ b/kexecdhs.c
@@ -0,0 +1,173 @@
+/* $OpenBSD: kexecdhs.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */
+/*
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2010 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+#include <sys/types.h>
+#include <string.h>
+#include <signal.h>
+#include "xmalloc.h"
+#include "buffer.h"
+#include "key.h"
+#include "cipher.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh2.h"
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#include "monitor_wrap.h"
+#ifdef OPENSSL_HAS_ECC
+#include <openssl/ecdh.h>
+void
+kexecdh_server(Kex *kex)
+{
+        EC_POINT *client_public;
+        EC_KEY *server_key;
+        const EC_GROUP *group;
+        BIGNUM *shared_secret;
+        Key *server_host_private, *server_host_public;
+        u_char *server_host_key_blob = NULL, *signature = NULL;
+        u_char *kbuf, *hash;
+        u_int klen, slen, sbloblen, hashlen;
+        int curve_nid;
+        if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1)
+                fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
+        if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
+                fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
+        if (EC_KEY_generate_key(server_key) != 1)
+                fatal("%s: EC_KEY_generate_key failed", __func__);
+        group = EC_KEY_get0_group(server_key);
+#ifdef DEBUG_KEXECDH
+        fputs("server private key:\n", stderr);
+        key_dump_ec_key(server_key);
+#endif
+        if (kex->load_host_public_key == NULL ||
+            kex->load_host_private_key == NULL)
+                fatal("Cannot load hostkey");
+        server_host_public = kex->load_host_public_key(kex->hostkey_type);
+        if (server_host_public == NULL)
+                fatal("Unsupported hostkey type %d", kex->hostkey_type);
+        server_host_private = kex->load_host_private_key(kex->hostkey_type);
+        if (server_host_private == NULL)
+                fatal("Missing private key for hostkey type %d",
+                    kex->hostkey_type);
+        debug("expecting SSH2_MSG_KEX_ECDH_INIT");
+        packet_read_expect(SSH2_MSG_KEX_ECDH_INIT);
+        if ((client_public = EC_POINT_new(group)) == NULL)
+                fatal("%s: EC_POINT_new failed", __func__);
+        packet_get_ecpoint(group, client_public);
+        packet_check_eom();
+        if (key_ec_validate_public(group, client_public) != 0)
+                fatal("%s: invalid client public key", __func__);
+#ifdef DEBUG_KEXECDH
+        fputs("client public key:\n", stderr);
+        key_dump_ec_point(group, client_public);
+#endif
+        /* Calculate shared_secret */
+        klen = (EC_GROUP_get_degree(group) + 7) / 8;
+        kbuf = xmalloc(klen);
+        if (ECDH_compute_key(kbuf, klen, client_public,
+            server_key, NULL) != (int)klen)
+                fatal("%s: ECDH_compute_key failed", __func__);
+#ifdef DEBUG_KEXDH
+        dump_digest("shared secret", kbuf, klen);
+#endif
+        if ((shared_secret = BN_new()) == NULL)
+                fatal("%s: BN_new failed", __func__);
+        if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
+                fatal("%s: BN_bin2bn failed", __func__);
+        memset(kbuf, 0, klen);
+        xfree(kbuf);
+        /* calc H */
+        key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
+        kex_ecdh_hash(
+            kex->evp_md,
+            group,
+            kex->client_version_string,
+            kex->server_version_string,
+            buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+            buffer_ptr(&kex->my), buffer_len(&kex->my),
+            server_host_key_blob, sbloblen,
+            client_public,
+            EC_KEY_get0_public_key(server_key),
+            shared_secret,
+            &hash, &hashlen
+        );
+        EC_POINT_clear_free(client_public);
+        /* save session id := H */
+        if (kex->session_id == NULL) {
+                kex->session_id_len = hashlen;
+                kex->session_id = xmalloc(kex->session_id_len);
+                memcpy(kex->session_id, hash, kex->session_id_len);
+        }
+        /* sign H */
+        if (PRIVSEP(key_sign(server_host_private, &signature, &slen,
+            hash, hashlen)) < 0)
+                fatal("kexdh_server: key_sign failed");
+        /* destroy_sensitive_data(); */
+        /* send server hostkey, ECDH pubkey 'Q_S' and signed H */
+        packet_start(SSH2_MSG_KEX_ECDH_REPLY);
+        packet_put_string(server_host_key_blob, sbloblen);
+        packet_put_ecpoint(group, EC_KEY_get0_public_key(server_key));
+        packet_put_string(signature, slen);
+        packet_send();
+        xfree(signature);
+        xfree(server_host_key_blob);
+        /* have keys, free server key */
+        EC_KEY_free(server_key);
+        kex_derive_keys(kex, hash, hashlen, shared_secret);
+        BN_clear_free(shared_secret);
+        kex_finish(kex);
+}
+#else /* OPENSSL_HAS_ECC */
+void
+kexecdh_server(Kex *kex)
+{
+        fatal("ECC support is not enabled");
+}
+#endif /* OPENSSL_HAS_ECC */

diff --git a/kexecdhs.c b/kexecdhs.c new file mode 100644 index 000000000..8c515dfa6 --- /dev/null +++ b/kexecdhs.c
@@ -0,0 +1,173 @@
	1	/* $OpenBSD: kexecdhs.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */
	2	/*
	3	* Copyright (c) 2001 Markus Friedl. All rights reserved.
	4	* Copyright (c) 2010 Damien Miller. All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	* 1. Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	* 2. Redistributions in binary form must reproduce the above copyright
	12	* notice, this list of conditions and the following disclaimer in the
	13	* documentation and/or other materials provided with the distribution.
	14	*
	15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	25	*/
	26
	27	#include "includes.h"
	28
	29	#include <sys/types.h>
	30	#include <string.h>
	31	#include <signal.h>
	32
	33	#include "xmalloc.h"
	34	#include "buffer.h"
	35	#include "key.h"
	36	#include "cipher.h"
	37	#include "kex.h"
	38	#include "log.h"
	39	#include "packet.h"
	40	#include "dh.h"
	41	#include "ssh2.h"
	42	#ifdef GSSAPI
	43	#include "ssh-gss.h"
	44	#endif
	45	#include "monitor_wrap.h"
	46
	47	#ifdef OPENSSL_HAS_ECC
	48
	49	#include <openssl/ecdh.h>
	50
	51	void
	52	kexecdh_server(Kex *kex)
	53	{
	54	EC_POINT *client_public;
	55	EC_KEY *server_key;
	56	const EC_GROUP *group;
	57	BIGNUM *shared_secret;
	58	Key server_host_private, server_host_public;
	59	u_char server_host_key_blob = NULL, signature = NULL;
	60	u_char kbuf, hash;
	61	u_int klen, slen, sbloblen, hashlen;
	62	int curve_nid;
	63
	64	if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1)
	65	fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
	66	if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
	67	fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
	68	if (EC_KEY_generate_key(server_key) != 1)
	69	fatal("%s: EC_KEY_generate_key failed", __func__);
	70	group = EC_KEY_get0_group(server_key);
	71
	72	#ifdef DEBUG_KEXECDH
	73	fputs("server private key:\n", stderr);
	74	key_dump_ec_key(server_key);
	75	#endif
	76
	77	if (kex->load_host_public_key == NULL \|\|
	78	kex->load_host_private_key == NULL)
	79	fatal("Cannot load hostkey");
	80	server_host_public = kex->load_host_public_key(kex->hostkey_type);
	81	if (server_host_public == NULL)
	82	fatal("Unsupported hostkey type %d", kex->hostkey_type);
	83	server_host_private = kex->load_host_private_key(kex->hostkey_type);
	84	if (server_host_private == NULL)
	85	fatal("Missing private key for hostkey type %d",
	86	kex->hostkey_type);
	87
	88	debug("expecting SSH2_MSG_KEX_ECDH_INIT");
	89	packet_read_expect(SSH2_MSG_KEX_ECDH_INIT);
	90	if ((client_public = EC_POINT_new(group)) == NULL)
	91	fatal("%s: EC_POINT_new failed", __func__);
	92	packet_get_ecpoint(group, client_public);
	93	packet_check_eom();
	94
	95	if (key_ec_validate_public(group, client_public) != 0)
	96	fatal("%s: invalid client public key", __func__);
	97
	98	#ifdef DEBUG_KEXECDH
	99	fputs("client public key:\n", stderr);
	100	key_dump_ec_point(group, client_public);
	101	#endif
	102
	103	/* Calculate shared_secret */
	104	klen = (EC_GROUP_get_degree(group) + 7) / 8;
	105	kbuf = xmalloc(klen);
	106	if (ECDH_compute_key(kbuf, klen, client_public,
	107	server_key, NULL) != (int)klen)
	108	fatal("%s: ECDH_compute_key failed", __func__);
	109
	110	#ifdef DEBUG_KEXDH
	111	dump_digest("shared secret", kbuf, klen);
	112	#endif
	113	if ((shared_secret = BN_new()) == NULL)
	114	fatal("%s: BN_new failed", __func__);
	115	if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
	116	fatal("%s: BN_bin2bn failed", __func__);
	117	memset(kbuf, 0, klen);
	118	xfree(kbuf);
	119
	120	/* calc H */
	121	key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
	122	kex_ecdh_hash(
	123	kex->evp_md,
	124	group,
	125	kex->client_version_string,
	126	kex->server_version_string,
	127	buffer_ptr(&kex->peer), buffer_len(&kex->peer),
	128	buffer_ptr(&kex->my), buffer_len(&kex->my),
	129	server_host_key_blob, sbloblen,
	130	client_public,
	131	EC_KEY_get0_public_key(server_key),
	132	shared_secret,
	133	&hash, &hashlen
	134	);
	135	EC_POINT_clear_free(client_public);
	136
	137	/* save session id := H */
	138	if (kex->session_id == NULL) {
	139	kex->session_id_len = hashlen;
	140	kex->session_id = xmalloc(kex->session_id_len);
	141	memcpy(kex->session_id, hash, kex->session_id_len);
	142	}
	143
	144	/* sign H */
	145	if (PRIVSEP(key_sign(server_host_private, &signature, &slen,
	146	hash, hashlen)) < 0)
	147	fatal("kexdh_server: key_sign failed");
	148
	149	/* destroy_sensitive_data(); */
	150
	151	/* send server hostkey, ECDH pubkey 'Q_S' and signed H */
	152	packet_start(SSH2_MSG_KEX_ECDH_REPLY);
	153	packet_put_string(server_host_key_blob, sbloblen);
	154	packet_put_ecpoint(group, EC_KEY_get0_public_key(server_key));
	155	packet_put_string(signature, slen);
	156	packet_send();
	157
	158	xfree(signature);
	159	xfree(server_host_key_blob);
	160	/* have keys, free server key */
	161	EC_KEY_free(server_key);
	162
	163	kex_derive_keys(kex, hash, hashlen, shared_secret);
	164	BN_clear_free(shared_secret);
	165	kex_finish(kex);
	166	}
	167	#else /* OPENSSL_HAS_ECC */
	168	void
	169	kexecdh_server(Kex *kex)
	170	{
	171	fatal("ECC support is not enabled");
	172	}
	173	#endif /* OPENSSL_HAS_ECC */