1 files changed, 124 insertions, 77 deletions
diff --git a/kexecdhs.c b/kexecdhs.c
index 2700b7219..0adb80e6a 100644
--- a/kexecdhs.c
+++ b/kexecdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhs.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: kexecdhs.c,v 1.14 2015/01/26 06:10:03 djm Exp $ */
 /*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -26,136 +26,183 @@
 #include "includes.h"
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
 #include <sys/types.h>
 #include <string.h>
 #include <signal.h>
-#include "xmalloc.h"
+#include <openssl/ecdh.h>
-#include "buffer.h"
-#include "key.h"
+#include "sshkey.h"
 #include "cipher.h"
+#include "digest.h"
 #include "kex.h"
 #include "log.h"
 #include "packet.h"
 #include "ssh2.h"
-#ifdef OPENSSL_HAS_ECC
+#include "dispatch.h"
+#include "compat.h"
+#include "ssherr.h"
+#include "sshbuf.h"
-#include <openssl/ecdh.h>
+static int input_kex_ecdh_init(int, u_int32_t, void *);
+int
+kexecdh_server(struct ssh *ssh)
+{
+        debug("expecting SSH2_MSG_KEX_ECDH_INIT");
+        ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &input_kex_ecdh_init);
+        return 0;
+}
-void
+static int
-kexecdh_server(Kex *kex)
+input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt)
 {
+        struct ssh *ssh = ctxt;
+        struct kex *kex = ssh->kex;
        EC_POINT *client_public;
-        EC_KEY *server_key;
+        EC_KEY *server_key = NULL;
        const EC_GROUP *group;
-        BIGNUM *shared_secret;
+        const EC_POINT *public_key;
-        Key *server_host_private, *server_host_public;
+        BIGNUM *shared_secret = NULL;
+        struct sshkey *server_host_private, *server_host_public;
        u_char *server_host_key_blob = NULL, *signature = NULL;
-        u_char *kbuf, *hash;
+        u_char *kbuf = NULL;
-        u_int klen, slen, sbloblen, hashlen;
+        u_char hash[SSH_DIGEST_MAX_LENGTH];
+        size_t slen, sbloblen;
-        if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)
+        size_t klen = 0, hashlen;
-                fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
+        int r;
-        if (EC_KEY_generate_key(server_key) != 1)
-                fatal("%s: EC_KEY_generate_key failed", __func__);
+        if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
+                r = SSH_ERR_ALLOC_FAIL;
+                goto out;
+        }
+        if (EC_KEY_generate_key(server_key) != 1) {
+                r = SSH_ERR_LIBCRYPTO_ERROR;
+                goto out;
+        }
        group = EC_KEY_get0_group(server_key);
 #ifdef DEBUG_KEXECDH
        fputs("server private key:\n", stderr);
-        key_dump_ec_key(server_key);
+        sshkey_dump_ec_key(server_key);
 #endif
        if (kex->load_host_public_key == NULL ||
-            kex->load_host_private_key == NULL)
+            kex->load_host_private_key == NULL) {
-                fatal("Cannot load hostkey");
+                r = SSH_ERR_INVALID_ARGUMENT;
-        server_host_public = kex->load_host_public_key(kex->hostkey_type);
+                goto out;
-        if (server_host_public == NULL)
+        }
-                fatal("Unsupported hostkey type %d", kex->hostkey_type);
+        server_host_public = kex->load_host_public_key(kex->hostkey_type,
-        server_host_private = kex->load_host_private_key(kex->hostkey_type);
+            kex->hostkey_nid, ssh);
+        server_host_private = kex->load_host_private_key(kex->hostkey_type,
-        debug("expecting SSH2_MSG_KEX_ECDH_INIT");
+            kex->hostkey_nid, ssh);
-        packet_read_expect(SSH2_MSG_KEX_ECDH_INIT);
+        if (server_host_public == NULL) {
-        if ((client_public = EC_POINT_new(group)) == NULL)
+                r = SSH_ERR_NO_HOSTKEY_LOADED;
-                fatal("%s: EC_POINT_new failed", __func__);
+                goto out;
-        packet_get_ecpoint(group, client_public);
+        }
-        packet_check_eom();
+        if ((client_public = EC_POINT_new(group)) == NULL) {
+                r = SSH_ERR_ALLOC_FAIL;
-        if (key_ec_validate_public(group, client_public) != 0)
+                goto out;
-                fatal("%s: invalid client public key", __func__);
+        }
+        if ((r = sshpkt_get_ec(ssh, client_public, group)) != 0 ||
+            (r = sshpkt_get_end(ssh)) != 0)
+                goto out;
 #ifdef DEBUG_KEXECDH
        fputs("client public key:\n", stderr);
-        key_dump_ec_point(group, client_public);
+        sshkey_dump_ec_point(group, client_public);
 #endif
+        if (sshkey_ec_validate_public(group, client_public) != 0) {
+                sshpkt_disconnect(ssh, "invalid client public key");
+                r = SSH_ERR_MESSAGE_INCOMPLETE;
+                goto out;
+        }
        /* Calculate shared_secret */
        klen = (EC_GROUP_get_degree(group) + 7) / 8;
-        kbuf = xmalloc(klen);
+        if ((kbuf = malloc(klen)) == NULL ||
+            (shared_secret = BN_new()) == NULL) {
+                r = SSH_ERR_ALLOC_FAIL;
+                goto out;
+        }
        if (ECDH_compute_key(kbuf, klen, client_public,
-            server_key, NULL) != (int)klen)
+            server_key, NULL) != (int)klen ||
-                fatal("%s: ECDH_compute_key failed", __func__);
+            BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
+                r = SSH_ERR_LIBCRYPTO_ERROR;
+                goto out;
+        }
-#ifdef DEBUG_KEXDH
+#ifdef DEBUG_KEXECDH
        dump_digest("shared secret", kbuf, klen);
 #endif
-        if ((shared_secret = BN_new()) == NULL)
-                fatal("%s: BN_new failed", __func__);
-        if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
-                fatal("%s: BN_bin2bn failed", __func__);
-        explicit_bzero(kbuf, klen);
-        free(kbuf);
        /* calc H */
-        key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
+        if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob,
-        kex_ecdh_hash(
+            &sbloblen)) != 0)
+                goto out;
+        hashlen = sizeof(hash);
+        if ((r = kex_ecdh_hash(
            kex->hash_alg,
            group,
            kex->client_version_string,
            kex->server_version_string,
-            buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+            sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
-            buffer_ptr(&kex->my), buffer_len(&kex->my),
+            sshbuf_ptr(kex->my), sshbuf_len(kex->my),
            server_host_key_blob, sbloblen,
            client_public,
            EC_KEY_get0_public_key(server_key),
            shared_secret,
-            &hash, &hashlen
+            hash, &hashlen)) != 0)
-        );
+                goto out;
-        EC_POINT_clear_free(client_public);
        /* save session id := H */
        if (kex->session_id == NULL) {
                kex->session_id_len = hashlen;
-                kex->session_id = xmalloc(kex->session_id_len);
+                kex->session_id = malloc(kex->session_id_len);
+                if (kex->session_id == NULL) {
+                        r = SSH_ERR_ALLOC_FAIL;
+                        goto out;
+                }
                memcpy(kex->session_id, hash, kex->session_id_len);
        }
        /* sign H */
-        kex->sign(server_host_private, server_host_public, &signature, &slen,
+        if ((r = kex->sign(server_host_private, server_host_public,
-            hash, hashlen);
+            &signature, &slen, hash, hashlen, ssh->compat)) < 0)
+                goto out;
        /* destroy_sensitive_data(); */
+        public_key = EC_KEY_get0_public_key(server_key);
        /* send server hostkey, ECDH pubkey 'Q_S' and signed H */
-        packet_start(SSH2_MSG_KEX_ECDH_REPLY);
+        if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 ||
-        packet_put_string(server_host_key_blob, sbloblen);
+            (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
-        packet_put_ecpoint(group, EC_KEY_get0_public_key(server_key));
+            (r = sshpkt_put_ec(ssh, public_key, group)) != 0 ||
-        packet_put_string(signature, slen);
+            (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
-        packet_send();
+            (r = sshpkt_send(ssh)) != 0)
+                goto out;
-        free(signature);
+        if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
+                r = kex_send_newkeys(ssh);
+ out:
+        explicit_bzero(hash, sizeof(hash));
+        if (kex->ec_client_key) {
+                EC_KEY_free(kex->ec_client_key);
+                kex->ec_client_key = NULL;
+        }
+        if (server_key)
+                EC_KEY_free(server_key);
+        if (kbuf) {
+                explicit_bzero(kbuf, klen);
+                free(kbuf);
+        }
+        if (shared_secret)
+                BN_clear_free(shared_secret);
        free(server_host_key_blob);
-        /* have keys, free server key */
+        free(signature);
-        EC_KEY_free(server_key);
+        return r;
-        kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
-        BN_clear_free(shared_secret);
-        kex_finish(kex);
-}
-#else /* OPENSSL_HAS_ECC */
-void
-kexecdh_server(Kex *kex)
-{
-        fatal("ECC support is not enabled");
 }
-#endif /* OPENSSL_HAS_ECC */
+#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */

diff --git a/kexecdhs.c b/kexecdhs.c index 2700b7219..0adb80e6a 100644 --- a/kexecdhs.c +++ b/kexecdhs.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: kexecdhs.c,v 1.10 2014/02/02 03:44:31 djm Exp $ */	1	/* $OpenBSD: kexecdhs.c,v 1.14 2015/01/26 06:10:03 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2001 Markus Friedl. All rights reserved.	3	* Copyright (c) 2001 Markus Friedl. All rights reserved.
4	* Copyright (c) 2010 Damien Miller. All rights reserved.	4	* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -26,136 +26,183 @@
26		26
27	#include "includes.h"	27	#include "includes.h"
28		28
		29	#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
		30
29	#include <sys/types.h>	31	#include <sys/types.h>
30	#include <string.h>	32	#include <string.h>
31	#include <signal.h>	33	#include <signal.h>
32		34
33	#include "xmalloc.h"	35	#include <openssl/ecdh.h>
34	#include "buffer.h"	36
35	#include "key.h"	37	#include "sshkey.h"
36	#include "cipher.h"	38	#include "cipher.h"
		39	#include "digest.h"
37	#include "kex.h"	40	#include "kex.h"
38	#include "log.h"	41	#include "log.h"
39	#include "packet.h"	42	#include "packet.h"
40	#include "ssh2.h"	43	#include "ssh2.h"
41		44
42	#ifdef OPENSSL_HAS_ECC	45	#include "dispatch.h"
		46	#include "compat.h"
		47	#include "ssherr.h"
		48	#include "sshbuf.h"
43		49
44	#include <openssl/ecdh.h>	50	static int input_kex_ecdh_init(int, u_int32_t, void *);
		51
		52	int
		53	kexecdh_server(struct ssh *ssh)
		54	{
		55	debug("expecting SSH2_MSG_KEX_ECDH_INIT");
		56	ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &input_kex_ecdh_init);
		57	return 0;
		58	}
45		59
46	void	60	static int
47	kexecdh_server(Kex *kex)	61	input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt)
48	{	62	{
		63	struct ssh *ssh = ctxt;
		64	struct kex *kex = ssh->kex;
49	EC_POINT *client_public;	65	EC_POINT *client_public;
50	EC_KEY *server_key;	66	EC_KEY *server_key = NULL;
51	const EC_GROUP *group;	67	const EC_GROUP *group;
52	BIGNUM *shared_secret;	68	const EC_POINT *public_key;
53	Key server_host_private, server_host_public;	69	BIGNUM *shared_secret = NULL;
		70	struct sshkey server_host_private, server_host_public;
54	u_char server_host_key_blob = NULL, signature = NULL;	71	u_char server_host_key_blob = NULL, signature = NULL;
55	u_char kbuf, hash;	72	u_char *kbuf = NULL;
56	u_int klen, slen, sbloblen, hashlen;	73	u_char hash[SSH_DIGEST_MAX_LENGTH];
57		74	size_t slen, sbloblen;
58	if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)	75	size_t klen = 0, hashlen;
59	fatal("%s: EC_KEY_new_by_curve_name failed", __func__);	76	int r;
60	if (EC_KEY_generate_key(server_key) != 1)	77
61	fatal("%s: EC_KEY_generate_key failed", __func__);	78	if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
		79	r = SSH_ERR_ALLOC_FAIL;
		80	goto out;
		81	}
		82	if (EC_KEY_generate_key(server_key) != 1) {
		83	r = SSH_ERR_LIBCRYPTO_ERROR;
		84	goto out;
		85	}
62	group = EC_KEY_get0_group(server_key);	86	group = EC_KEY_get0_group(server_key);
63		87
64	#ifdef DEBUG_KEXECDH	88	#ifdef DEBUG_KEXECDH
65	fputs("server private key:\n", stderr);	89	fputs("server private key:\n", stderr);
66	key_dump_ec_key(server_key);	90	sshkey_dump_ec_key(server_key);
67	#endif	91	#endif
68		92
69	if (kex->load_host_public_key == NULL \|\|	93	if (kex->load_host_public_key == NULL \|\|
70	kex->load_host_private_key == NULL)	94	kex->load_host_private_key == NULL) {
71	fatal("Cannot load hostkey");	95	r = SSH_ERR_INVALID_ARGUMENT;
72	server_host_public = kex->load_host_public_key(kex->hostkey_type);	96	goto out;
73	if (server_host_public == NULL)	97	}
74	fatal("Unsupported hostkey type %d", kex->hostkey_type);	98	server_host_public = kex->load_host_public_key(kex->hostkey_type,
75	server_host_private = kex->load_host_private_key(kex->hostkey_type);	99	kex->hostkey_nid, ssh);
76		100	server_host_private = kex->load_host_private_key(kex->hostkey_type,
77	debug("expecting SSH2_MSG_KEX_ECDH_INIT");	101	kex->hostkey_nid, ssh);
78	packet_read_expect(SSH2_MSG_KEX_ECDH_INIT);	102	if (server_host_public == NULL) {
79	if ((client_public = EC_POINT_new(group)) == NULL)	103	r = SSH_ERR_NO_HOSTKEY_LOADED;
80	fatal("%s: EC_POINT_new failed", __func__);	104	goto out;
81	packet_get_ecpoint(group, client_public);	105	}
82	packet_check_eom();	106	if ((client_public = EC_POINT_new(group)) == NULL) {
83		107	r = SSH_ERR_ALLOC_FAIL;
84	if (key_ec_validate_public(group, client_public) != 0)	108	goto out;
85	fatal("%s: invalid client public key", __func__);	109	}
		110	if ((r = sshpkt_get_ec(ssh, client_public, group)) != 0 \|\|
		111	(r = sshpkt_get_end(ssh)) != 0)
		112	goto out;
86		113
87	#ifdef DEBUG_KEXECDH	114	#ifdef DEBUG_KEXECDH
88	fputs("client public key:\n", stderr);	115	fputs("client public key:\n", stderr);
89	key_dump_ec_point(group, client_public);	116	sshkey_dump_ec_point(group, client_public);
90	#endif	117	#endif
		118	if (sshkey_ec_validate_public(group, client_public) != 0) {
		119	sshpkt_disconnect(ssh, "invalid client public key");
		120	r = SSH_ERR_MESSAGE_INCOMPLETE;
		121	goto out;
		122	}
91		123
92	/* Calculate shared_secret */	124	/* Calculate shared_secret */
93	klen = (EC_GROUP_get_degree(group) + 7) / 8;	125	klen = (EC_GROUP_get_degree(group) + 7) / 8;
94	kbuf = xmalloc(klen);	126	if ((kbuf = malloc(klen)) == NULL \|\|
		127	(shared_secret = BN_new()) == NULL) {
		128	r = SSH_ERR_ALLOC_FAIL;
		129	goto out;
		130	}
95	if (ECDH_compute_key(kbuf, klen, client_public,	131	if (ECDH_compute_key(kbuf, klen, client_public,
96	server_key, NULL) != (int)klen)	132	server_key, NULL) != (int)klen \|\|
97	fatal("%s: ECDH_compute_key failed", __func__);	133	BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
		134	r = SSH_ERR_LIBCRYPTO_ERROR;
		135	goto out;
		136	}
98		137
99	#ifdef DEBUG_KEXDH	138	#ifdef DEBUG_KEXECDH
100	dump_digest("shared secret", kbuf, klen);	139	dump_digest("shared secret", kbuf, klen);
101	#endif	140	#endif
102	if ((shared_secret = BN_new()) == NULL)
103	fatal("%s: BN_new failed", __func__);
104	if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
105	fatal("%s: BN_bin2bn failed", __func__);
106	explicit_bzero(kbuf, klen);
107	free(kbuf);
108
109	/* calc H */	141	/* calc H */
110	key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);	142	if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob,
111	kex_ecdh_hash(	143	&sbloblen)) != 0)
		144	goto out;
		145	hashlen = sizeof(hash);
		146	if ((r = kex_ecdh_hash(
112	kex->hash_alg,	147	kex->hash_alg,
113	group,	148	group,
114	kex->client_version_string,	149	kex->client_version_string,
115	kex->server_version_string,	150	kex->server_version_string,
116	buffer_ptr(&kex->peer), buffer_len(&kex->peer),	151	sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
117	buffer_ptr(&kex->my), buffer_len(&kex->my),	152	sshbuf_ptr(kex->my), sshbuf_len(kex->my),
118	server_host_key_blob, sbloblen,	153	server_host_key_blob, sbloblen,
119	client_public,	154	client_public,
120	EC_KEY_get0_public_key(server_key),	155	EC_KEY_get0_public_key(server_key),
121	shared_secret,	156	shared_secret,
122	&hash, &hashlen	157	hash, &hashlen)) != 0)
123	);	158	goto out;
124	EC_POINT_clear_free(client_public);
125		159
126	/* save session id := H */	160	/* save session id := H */
127	if (kex->session_id == NULL) {	161	if (kex->session_id == NULL) {
128	kex->session_id_len = hashlen;	162	kex->session_id_len = hashlen;
129	kex->session_id = xmalloc(kex->session_id_len);	163	kex->session_id = malloc(kex->session_id_len);
		164	if (kex->session_id == NULL) {
		165	r = SSH_ERR_ALLOC_FAIL;
		166	goto out;
		167	}
130	memcpy(kex->session_id, hash, kex->session_id_len);	168	memcpy(kex->session_id, hash, kex->session_id_len);
131	}	169	}
132		170
133	/* sign H */	171	/* sign H */
134	kex->sign(server_host_private, server_host_public, &signature, &slen,	172	if ((r = kex->sign(server_host_private, server_host_public,
135	hash, hashlen);	173	&signature, &slen, hash, hashlen, ssh->compat)) < 0)
		174	goto out;
136		175
137	/* destroy_sensitive_data(); */	176	/* destroy_sensitive_data(); */
138		177
		178	public_key = EC_KEY_get0_public_key(server_key);
139	/* send server hostkey, ECDH pubkey 'Q_S' and signed H */	179	/* send server hostkey, ECDH pubkey 'Q_S' and signed H */
140	packet_start(SSH2_MSG_KEX_ECDH_REPLY);	180	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 \|\|
141	packet_put_string(server_host_key_blob, sbloblen);	181	(r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 \|\|
142	packet_put_ecpoint(group, EC_KEY_get0_public_key(server_key));	182	(r = sshpkt_put_ec(ssh, public_key, group)) != 0 \|\|
143	packet_put_string(signature, slen);	183	(r = sshpkt_put_string(ssh, signature, slen)) != 0 \|\|
144	packet_send();	184	(r = sshpkt_send(ssh)) != 0)
145		185	goto out;
146	free(signature);	186
		187	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
		188	r = kex_send_newkeys(ssh);
		189	out:
		190	explicit_bzero(hash, sizeof(hash));
		191	if (kex->ec_client_key) {
		192	EC_KEY_free(kex->ec_client_key);
		193	kex->ec_client_key = NULL;
		194	}
		195	if (server_key)
		196	EC_KEY_free(server_key);
		197	if (kbuf) {
		198	explicit_bzero(kbuf, klen);
		199	free(kbuf);
		200	}
		201	if (shared_secret)
		202	BN_clear_free(shared_secret);
147	free(server_host_key_blob);	203	free(server_host_key_blob);
148	/* have keys, free server key */	204	free(signature);
149	EC_KEY_free(server_key);	205	return r;
150
151	kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
152	BN_clear_free(shared_secret);
153	kex_finish(kex);
154	}
155	#else /* OPENSSL_HAS_ECC */
156	void
157	kexecdh_server(Kex *kex)
158	{
159	fatal("ECC support is not enabled");
160	}	206	}
161	#endif /* OPENSSL_HAS_ECC */	207	#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
		208