Annotation of src/usr.bin/ssh/kexecdh.c, Revision 1.1
1.1 ! djm 1: /* $OpenBSD$ */
! 2: /*
! 3: * Copyright (c) 2001 Markus Friedl. All rights reserved.
! 4: * Copyright (c) 2010 Damien Miller. All rights reserved.
! 5: *
! 6: * Redistribution and use in source and binary forms, with or without
! 7: * modification, are permitted provided that the following conditions
! 8: * are met:
! 9: * 1. Redistributions of source code must retain the above copyright
! 10: * notice, this list of conditions and the following disclaimer.
! 11: * 2. Redistributions in binary form must reproduce the above copyright
! 12: * notice, this list of conditions and the following disclaimer in the
! 13: * documentation and/or other materials provided with the distribution.
! 14: *
! 15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
! 16: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
! 17: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
! 18: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
! 19: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
! 20: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
! 21: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
! 22: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
! 23: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
! 24: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
! 25: */
! 26:
! 27: #include <sys/types.h>
! 28:
! 29: #include <signal.h>
! 30: #include <string.h>
! 31:
! 32: #include <openssl/bn.h>
! 33: #include <openssl/evp.h>
! 34: #include <openssl/ec.h>
! 35: #include <openssl/ecdh.h>
! 36:
! 37: #include "buffer.h"
! 38: #include "ssh2.h"
! 39: #include "key.h"
! 40: #include "cipher.h"
! 41: #include "kex.h"
! 42: #include "log.h"
! 43:
! 44: int
! 45: kex_ecdh_name_to_nid(const char *kexname)
! 46: {
! 47: int ret;
! 48:
! 49: if (strlen(kexname) < sizeof(KEX_ECDH_SHA256) - 1)
! 50: fatal("%s: kexname too short \"%s\"", __func__, kexname);
! 51: ret = key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA256) - 1);
! 52: if (ret == -1)
! 53: fatal("%s: unsupported curve negotiated \"%s\"", __func__,
! 54: kexname);
! 55: return ret;
! 56: }
! 57:
! 58: void
! 59: kex_ecdh_hash(
! 60: const EVP_MD *evp_md,
! 61: const EC_GROUP *ec_group,
! 62: char *client_version_string,
! 63: char *server_version_string,
! 64: char *ckexinit, int ckexinitlen,
! 65: char *skexinit, int skexinitlen,
! 66: u_char *serverhostkeyblob, int sbloblen,
! 67: const EC_POINT *client_dh_pub,
! 68: const EC_POINT *server_dh_pub,
! 69: const BIGNUM *shared_secret,
! 70: u_char **hash, u_int *hashlen)
! 71: {
! 72: Buffer b;
! 73: EVP_MD_CTX md;
! 74: static u_char digest[EVP_MAX_MD_SIZE];
! 75:
! 76: buffer_init(&b);
! 77: buffer_put_cstring(&b, client_version_string);
! 78: buffer_put_cstring(&b, server_version_string);
! 79:
! 80: /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
! 81: buffer_put_int(&b, ckexinitlen+1);
! 82: buffer_put_char(&b, SSH2_MSG_KEXINIT);
! 83: buffer_append(&b, ckexinit, ckexinitlen);
! 84: buffer_put_int(&b, skexinitlen+1);
! 85: buffer_put_char(&b, SSH2_MSG_KEXINIT);
! 86: buffer_append(&b, skexinit, skexinitlen);
! 87:
! 88: buffer_put_string(&b, serverhostkeyblob, sbloblen);
! 89: buffer_put_ecpoint(&b, ec_group, client_dh_pub);
! 90: buffer_put_ecpoint(&b, ec_group, server_dh_pub);
! 91: buffer_put_bignum2(&b, shared_secret);
! 92:
! 93: #ifdef DEBUG_KEX
! 94: buffer_dump(&b);
! 95: #endif
! 96: EVP_DigestInit(&md, evp_md);
! 97: EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
! 98: EVP_DigestFinal(&md, digest, NULL);
! 99:
! 100: buffer_free(&b);
! 101:
! 102: #ifdef DEBUG_KEX
! 103: dump_digest("hash", digest, EVP_MD_size(evp_md));
! 104: #endif
! 105: *hash = digest;
! 106: *hashlen = EVP_MD_size(evp_md);
! 107: }
! 108: