| version 1.8, 2015/01/19 19:52:16 |
version 1.9, 2015/01/19 20:16:15 |
|
|
| |
|
| #include <openssl/ecdh.h> |
#include <openssl/ecdh.h> |
| |
|
| #include "xmalloc.h" |
#include "sshkey.h" |
| #include "buffer.h" |
|
| #include "key.h" |
|
| #include "cipher.h" |
#include "cipher.h" |
| |
#include "digest.h" |
| #include "kex.h" |
#include "kex.h" |
| #include "log.h" |
#include "log.h" |
| #include "packet.h" |
#include "packet.h" |
| #include "dh.h" |
#include "dh.h" |
| #include "ssh2.h" |
#include "ssh2.h" |
| |
#include "dispatch.h" |
| |
#include "compat.h" |
| |
#include "ssherr.h" |
| |
#include "sshbuf.h" |
| |
|
| void |
static int input_kex_ecdh_reply(int, u_int32_t, void *); |
| kexecdh_client(Kex *kex) |
|
| |
int |
| |
kexecdh_client(struct ssh *ssh) |
| { |
{ |
| EC_KEY *client_key; |
struct kex *kex = ssh->kex; |
| EC_POINT *server_public; |
EC_KEY *client_key = NULL; |
| const EC_GROUP *group; |
const EC_GROUP *group; |
| BIGNUM *shared_secret; |
const EC_POINT *public_key; |
| Key *server_host_key; |
int r; |
| u_char *server_host_key_blob = NULL, *signature = NULL; |
|
| u_char *kbuf, *hash; |
|
| u_int klen, slen, sbloblen, hashlen; |
|
| |
|
| if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) |
if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) { |
| fatal("%s: EC_KEY_new_by_curve_name failed", __func__); |
r = SSH_ERR_ALLOC_FAIL; |
| if (EC_KEY_generate_key(client_key) != 1) |
goto out; |
| fatal("%s: EC_KEY_generate_key failed", __func__); |
} |
| |
if (EC_KEY_generate_key(client_key) != 1) { |
| |
r = SSH_ERR_LIBCRYPTO_ERROR; |
| |
goto out; |
| |
} |
| group = EC_KEY_get0_group(client_key); |
group = EC_KEY_get0_group(client_key); |
| |
public_key = EC_KEY_get0_public_key(client_key); |
| |
|
| packet_start(SSH2_MSG_KEX_ECDH_INIT); |
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 || |
| packet_put_ecpoint(group, EC_KEY_get0_public_key(client_key)); |
(r = sshpkt_put_ec(ssh, public_key, group)) != 0 || |
| packet_send(); |
(r = sshpkt_send(ssh)) != 0) |
| |
goto out; |
| debug("sending SSH2_MSG_KEX_ECDH_INIT"); |
debug("sending SSH2_MSG_KEX_ECDH_INIT"); |
| |
|
| #ifdef DEBUG_KEXECDH |
#ifdef DEBUG_KEXECDH |
| fputs("client private key:\n", stderr); |
fputs("client private key:\n", stderr); |
| key_dump_ec_key(client_key); |
sshkey_dump_ec_key(client_key); |
| #endif |
#endif |
| |
kex->ec_client_key = client_key; |
| |
kex->ec_group = group; |
| |
client_key = NULL; /* owned by the kex */ |
| |
|
| debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); |
debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); |
| packet_read_expect(SSH2_MSG_KEX_ECDH_REPLY); |
ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_ecdh_reply); |
| |
r = 0; |
| |
out: |
| |
if (client_key) |
| |
EC_KEY_free(client_key); |
| |
return r; |
| |
} |
| |
|
| |
static int |
| |
input_kex_ecdh_reply(int type, u_int32_t seq, void *ctxt) |
| |
{ |
| |
struct ssh *ssh = ctxt; |
| |
struct kex *kex = ssh->kex; |
| |
const EC_GROUP *group; |
| |
EC_POINT *server_public = NULL; |
| |
EC_KEY *client_key; |
| |
BIGNUM *shared_secret = NULL; |
| |
struct sshkey *server_host_key = NULL; |
| |
u_char *server_host_key_blob = NULL, *signature = NULL; |
| |
u_char *kbuf = NULL; |
| |
u_char hash[SSH_DIGEST_MAX_LENGTH]; |
| |
size_t slen, sbloblen; |
| |
size_t klen = 0, hashlen; |
| |
int r; |
| |
|
| |
if (kex->verify_host_key == NULL) { |
| |
r = SSH_ERR_INVALID_ARGUMENT; |
| |
goto out; |
| |
} |
| |
group = kex->ec_group; |
| |
client_key = kex->ec_client_key; |
| |
|
| /* hostkey */ |
/* hostkey */ |
| server_host_key_blob = packet_get_string(&sbloblen); |
if ((r = sshpkt_get_string(ssh, &server_host_key_blob, |
| server_host_key = key_from_blob(server_host_key_blob, sbloblen); |
&sbloblen)) != 0 || |
| if (server_host_key == NULL) |
(r = sshkey_from_blob(server_host_key_blob, sbloblen, |
| fatal("cannot decode server_host_key_blob"); |
&server_host_key)) != 0) |
| if (server_host_key->type != kex->hostkey_type) |
goto out; |
| fatal("type mismatch for decoded server_host_key_blob"); |
if (server_host_key->type != kex->hostkey_type) { |
| if (kex->verify_host_key == NULL) |
r = SSH_ERR_KEY_TYPE_MISMATCH; |
| fatal("cannot verify server_host_key"); |
goto out; |
| if (kex->verify_host_key(server_host_key) == -1) |
} |
| fatal("server_host_key verification failed"); |
if (kex->verify_host_key(server_host_key, ssh) == -1) { |
| |
r = SSH_ERR_SIGNATURE_INVALID; |
| |
goto out; |
| |
} |
| |
|
| /* Q_S, server public key */ |
/* Q_S, server public key */ |
| if ((server_public = EC_POINT_new(group)) == NULL) |
/* signed H */ |
| fatal("%s: EC_POINT_new failed", __func__); |
if ((server_public = EC_POINT_new(group)) == NULL) { |
| packet_get_ecpoint(group, server_public); |
r = SSH_ERR_ALLOC_FAIL; |
| |
goto out; |
| |
} |
| |
if ((r = sshpkt_get_ec(ssh, server_public, group)) != 0 || |
| |
(r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || |
| |
(r = sshpkt_get_end(ssh)) != 0) |
| |
goto out; |
| |
|
| if (key_ec_validate_public(group, server_public) != 0) |
|
| fatal("%s: invalid server public key", __func__); |
|
| |
|
| #ifdef DEBUG_KEXECDH |
#ifdef DEBUG_KEXECDH |
| fputs("server public key:\n", stderr); |
fputs("server public key:\n", stderr); |
| key_dump_ec_point(group, server_public); |
sshkey_dump_ec_point(group, server_public); |
| #endif |
#endif |
| |
if (sshkey_ec_validate_public(group, server_public) != 0) { |
| |
sshpkt_disconnect(ssh, "invalid server public key"); |
| |
r = SSH_ERR_MESSAGE_INCOMPLETE; |
| |
goto out; |
| |
} |
| |
|
| /* signed H */ |
|
| signature = packet_get_string(&slen); |
|
| packet_check_eom(); |
|
| |
|
| klen = (EC_GROUP_get_degree(group) + 7) / 8; |
klen = (EC_GROUP_get_degree(group) + 7) / 8; |
| kbuf = xmalloc(klen); |
if ((kbuf = malloc(klen)) == NULL || |
| |
(shared_secret = BN_new()) == NULL) { |
| |
r = SSH_ERR_ALLOC_FAIL; |
| |
goto out; |
| |
} |
| if (ECDH_compute_key(kbuf, klen, server_public, |
if (ECDH_compute_key(kbuf, klen, server_public, |
| client_key, NULL) != (int)klen) |
client_key, NULL) != (int)klen || |
| fatal("%s: ECDH_compute_key failed", __func__); |
BN_bin2bn(kbuf, klen, shared_secret) == NULL) { |
| |
r = SSH_ERR_LIBCRYPTO_ERROR; |
| |
goto out; |
| |
} |
| |
|
| #ifdef DEBUG_KEXECDH |
#ifdef DEBUG_KEXECDH |
| dump_digest("shared secret", kbuf, klen); |
dump_digest("shared secret", kbuf, klen); |
| #endif |
#endif |
| if ((shared_secret = BN_new()) == NULL) |
|
| fatal("%s: BN_new failed", __func__); |
|
| if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) |
|
| fatal("%s: BN_bin2bn failed", __func__); |
|
| explicit_bzero(kbuf, klen); |
|
| free(kbuf); |
|
| |
|
| /* calc and verify H */ |
/* calc and verify H */ |
| kex_ecdh_hash( |
hashlen = sizeof(hash); |
| |
if ((r = kex_ecdh_hash( |
| kex->hash_alg, |
kex->hash_alg, |
| group, |
group, |
| kex->client_version_string, |
kex->client_version_string, |
| kex->server_version_string, |
kex->server_version_string, |
| buffer_ptr(kex->my), buffer_len(kex->my), |
sshbuf_ptr(kex->my), sshbuf_len(kex->my), |
| buffer_ptr(kex->peer), buffer_len(kex->peer), |
sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), |
| server_host_key_blob, sbloblen, |
server_host_key_blob, sbloblen, |
| EC_KEY_get0_public_key(client_key), |
EC_KEY_get0_public_key(client_key), |
| server_public, |
server_public, |
| shared_secret, |
shared_secret, |
| &hash, &hashlen |
hash, &hashlen)) != 0) |
| ); |
goto out; |
| free(server_host_key_blob); |
|
| EC_POINT_clear_free(server_public); |
|
| EC_KEY_free(client_key); |
|
| |
|
| if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) |
if ((r = sshkey_verify(server_host_key, signature, slen, hash, |
| fatal("key_verify failed for server_host_key"); |
hashlen, ssh->compat)) != 0) |
| key_free(server_host_key); |
goto out; |
| free(signature); |
|
| |
|
| /* save session id */ |
/* save session id */ |
| if (kex->session_id == NULL) { |
if (kex->session_id == NULL) { |
| kex->session_id_len = hashlen; |
kex->session_id_len = hashlen; |
| kex->session_id = xmalloc(kex->session_id_len); |
kex->session_id = malloc(kex->session_id_len); |
| |
if (kex->session_id == NULL) { |
| |
r = SSH_ERR_ALLOC_FAIL; |
| |
goto out; |
| |
} |
| memcpy(kex->session_id, hash, kex->session_id_len); |
memcpy(kex->session_id, hash, kex->session_id_len); |
| } |
} |
| |
|
| kex_derive_keys_bn(kex, hash, hashlen, shared_secret); |
if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) |
| BN_clear_free(shared_secret); |
r = kex_send_newkeys(ssh); |
| kex_finish(kex); |
out: |
| |
explicit_bzero(hash, sizeof(hash)); |
| |
if (kex->ec_client_key) { |
| |
EC_KEY_free(kex->ec_client_key); |
| |
kex->ec_client_key = NULL; |
| |
} |
| |
if (server_public) |
| |
EC_POINT_clear_free(server_public); |
| |
if (kbuf) { |
| |
explicit_bzero(kbuf, klen); |
| |
free(kbuf); |
| |
} |
| |
if (shared_secret) |
| |
BN_clear_free(shared_secret); |
| |
sshkey_free(server_host_key); |
| |
free(server_host_key_blob); |
| |
free(signature); |
| |
return r; |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to kexecdhc.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh