version 1.14, 2019/01/21 10:24:09 |
version 1.15, 2019/01/21 10:35:09 |
|
|
const u_char *ckexinit, size_t ckexinitlen, |
const u_char *ckexinit, size_t ckexinitlen, |
const u_char *skexinit, size_t skexinitlen, |
const u_char *skexinit, size_t skexinitlen, |
const u_char *serverhostkeyblob, size_t sbloblen, |
const u_char *serverhostkeyblob, size_t sbloblen, |
const u_char *client_pub, size_t client_pub_len, |
const struct sshbuf *client_pub, |
const u_char *server_pub, size_t server_pub_len, |
const struct sshbuf *server_pub, |
const u_char *shared_secret, size_t secretlen, |
const struct sshbuf *shared_secret, |
u_char *hash, size_t *hashlen) |
u_char *hash, size_t *hashlen) |
{ |
{ |
struct sshbuf *b; |
struct sshbuf *b; |
|
|
(r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || |
(r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || |
(r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || |
(r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || |
(r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || |
(r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || |
(r = sshbuf_put_string(b, client_pub, client_pub_len)) != 0 || |
(r = sshbuf_put_stringb(b, client_pub)) != 0 || |
(r = sshbuf_put_string(b, server_pub, server_pub_len)) != 0 || |
(r = sshbuf_put_stringb(b, server_pub)) != 0 || |
(r = sshbuf_put(b, shared_secret, secretlen)) != 0) { |
(r = sshbuf_putb(b, shared_secret)) != 0) { |
sshbuf_free(b); |
sshbuf_free(b); |
return r; |
return r; |
} |
} |
|
|
} |
} |
|
|
int |
int |
kex_c25519_enc(struct kex *kex, const u_char *pkblob, |
kex_c25519_enc(struct kex *kex, const struct sshbuf *client_blob, |
size_t pklen, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) |
struct sshbuf **server_blobp, struct sshbuf **shared_secretp) |
{ |
{ |
struct sshbuf *server_blob = NULL; |
struct sshbuf *server_blob = NULL; |
struct sshbuf *buf = NULL; |
struct sshbuf *buf = NULL; |
|
const u_char *client_pub; |
u_char *server_pub; |
u_char *server_pub; |
u_char server_key[CURVE25519_SIZE]; |
u_char server_key[CURVE25519_SIZE]; |
int r; |
int r; |
|
|
*server_blobp = NULL; |
*server_blobp = NULL; |
*shared_secretp = NULL; |
*shared_secretp = NULL; |
|
|
if (pklen != CURVE25519_SIZE) { |
if (sshbuf_len(client_blob) != CURVE25519_SIZE) { |
r = SSH_ERR_SIGNATURE_INVALID; |
r = SSH_ERR_SIGNATURE_INVALID; |
goto out; |
goto out; |
} |
} |
|
client_pub = sshbuf_ptr(client_blob); |
#ifdef DEBUG_KEXECDH |
#ifdef DEBUG_KEXECDH |
dump_digest("client public key 25519:", pkblob, CURVE25519_SIZE); |
dump_digest("client public key 25519:", client_pub, CURVE25519_SIZE); |
#endif |
#endif |
/* allocate space for encrypted KEM key and ECDH pub key */ |
/* allocate space for encrypted KEM key and ECDH pub key */ |
if ((server_blob = sshbuf_new()) == NULL) { |
if ((server_blob = sshbuf_new()) == NULL) { |
|
|
r = SSH_ERR_ALLOC_FAIL; |
r = SSH_ERR_ALLOC_FAIL; |
goto out; |
goto out; |
} |
} |
if ((r = kexc25519_shared_key_ext(server_key, pkblob, buf, 0)) < 0) |
if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 0)) < 0) |
goto out; |
goto out; |
#ifdef DEBUG_KEXECDH |
#ifdef DEBUG_KEXECDH |
dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE); |
dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE); |
|
|
} |
} |
|
|
int |
int |
kex_c25519_dec(struct kex *kex, const u_char *pkblob, |
kex_c25519_dec(struct kex *kex, const struct sshbuf *server_blob, |
size_t pklen, struct sshbuf **shared_secretp) |
struct sshbuf **shared_secretp) |
{ |
{ |
struct sshbuf *buf = NULL; |
struct sshbuf *buf = NULL; |
|
const u_char *server_pub; |
int r; |
int r; |
|
|
*shared_secretp = NULL; |
*shared_secretp = NULL; |
|
|
if (pklen != CURVE25519_SIZE) { |
if (sshbuf_len(server_blob) != CURVE25519_SIZE) { |
r = SSH_ERR_SIGNATURE_INVALID; |
r = SSH_ERR_SIGNATURE_INVALID; |
goto out; |
goto out; |
} |
} |
|
server_pub = sshbuf_ptr(server_blob); |
#ifdef DEBUG_KEXECDH |
#ifdef DEBUG_KEXECDH |
dump_digest("server public key c25519:", pkblob, CURVE25519_SIZE); |
dump_digest("server public key c25519:", server_pub, CURVE25519_SIZE); |
#endif |
#endif |
/* shared secret */ |
/* shared secret */ |
if ((buf = sshbuf_new()) == NULL) { |
if ((buf = sshbuf_new()) == NULL) { |
r = SSH_ERR_ALLOC_FAIL; |
r = SSH_ERR_ALLOC_FAIL; |
goto out; |
goto out; |
} |
} |
if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, pkblob, |
if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, server_pub, |
buf, 0)) < 0) |
buf, 0)) < 0) |
goto out; |
goto out; |
#ifdef DEBUG_KEXECDH |
#ifdef DEBUG_KEXECDH |