Annotation of src/usr.bin/ssh/kexgexc.c, Revision 1.7
1.7 ! stevesk 1: /* $OpenBSD: kexgexc.c,v 1.6 2006/05/18 21:27:25 miod Exp $ */
1.1 markus 2: /*
3: * Copyright (c) 2000 Niels Provos. All rights reserved.
4: * Copyright (c) 2001 Markus Friedl. All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions
8: * are met:
9: * 1. Redistributions of source code must retain the above copyright
10: * notice, this list of conditions and the following disclaimer.
11: * 2. Redistributions in binary form must reproduce the above copyright
12: * notice, this list of conditions and the following disclaimer in the
13: * documentation and/or other materials provided with the distribution.
14: *
15: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25: */
26:
27: #include "includes.h"
1.7 ! stevesk 28:
! 29: #include <string.h>
1.1 markus 30:
31: #include "xmalloc.h"
32: #include "key.h"
33: #include "kex.h"
34: #include "log.h"
35: #include "packet.h"
36: #include "dh.h"
37: #include "ssh2.h"
38: #include "compat.h"
39:
40: void
41: kexgex_client(Kex *kex)
42: {
43: BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
44: BIGNUM *p = NULL, *g = NULL;
45: Key *server_host_key;
46: u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
1.3 djm 47: u_int klen, kout, slen, sbloblen, hashlen;
1.1 markus 48: int min, max, nbits;
49: DH *dh;
50:
51: nbits = dh_estimate(kex->we_need * 8);
52:
53: if (datafellows & SSH_OLD_DHGEX) {
54: /* Old GEX request */
55: packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
56: packet_put_int(nbits);
57: min = DH_GRP_MIN;
58: max = DH_GRP_MAX;
1.2 markus 59:
60: debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD(%u) sent", nbits);
1.1 markus 61: } else {
62: /* New GEX request */
63: min = DH_GRP_MIN;
64: max = DH_GRP_MAX;
65: packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
66: packet_put_int(min);
67: packet_put_int(nbits);
68: packet_put_int(max);
1.2 markus 69:
70: debug("SSH2_MSG_KEX_DH_GEX_REQUEST(%u<%u<%u) sent",
71: min, nbits, max);
1.1 markus 72: }
73: #ifdef DEBUG_KEXDH
74: fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
75: min, nbits, max);
76: #endif
77: packet_send();
78:
79: debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP");
80: packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP);
81:
82: if ((p = BN_new()) == NULL)
83: fatal("BN_new");
84: packet_get_bignum2(p);
85: if ((g = BN_new()) == NULL)
86: fatal("BN_new");
87: packet_get_bignum2(g);
88: packet_check_eom();
89:
90: if (BN_num_bits(p) < min || BN_num_bits(p) > max)
91: fatal("DH_GEX group out of range: %d !< %d !< %d",
92: min, BN_num_bits(p), max);
93:
94: dh = dh_new_group(g, p);
95: dh_gen_key(dh, kex->we_need * 8);
96:
97: #ifdef DEBUG_KEXDH
98: DHparams_print_fp(stderr, dh);
99: fprintf(stderr, "pub= ");
100: BN_print_fp(stderr, dh->pub_key);
101: fprintf(stderr, "\n");
102: #endif
103:
104: debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
105: /* generate and send 'e', client DH public key */
106: packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
107: packet_put_bignum2(dh->pub_key);
108: packet_send();
109:
110: debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY");
111: packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY);
112:
113: /* key, cert */
114: server_host_key_blob = packet_get_string(&sbloblen);
115: server_host_key = key_from_blob(server_host_key_blob, sbloblen);
116: if (server_host_key == NULL)
117: fatal("cannot decode server_host_key_blob");
118: if (server_host_key->type != kex->hostkey_type)
119: fatal("type mismatch for decoded server_host_key_blob");
120: if (kex->verify_host_key == NULL)
121: fatal("cannot verify server_host_key");
122: if (kex->verify_host_key(server_host_key) == -1)
123: fatal("server_host_key verification failed");
124:
1.6 miod 125: /* DH parameter f, server public DH key */
1.1 markus 126: if ((dh_server_pub = BN_new()) == NULL)
127: fatal("dh_server_pub == NULL");
128: packet_get_bignum2(dh_server_pub);
129:
130: #ifdef DEBUG_KEXDH
131: fprintf(stderr, "dh_server_pub= ");
132: BN_print_fp(stderr, dh_server_pub);
133: fprintf(stderr, "\n");
134: debug("bits %d", BN_num_bits(dh_server_pub));
135: #endif
136:
137: /* signed H */
138: signature = packet_get_string(&slen);
139: packet_check_eom();
140:
141: if (!dh_pub_is_valid(dh, dh_server_pub))
142: packet_disconnect("bad server public DH value");
143:
144: klen = DH_size(dh);
145: kbuf = xmalloc(klen);
146: kout = DH_compute_key(kbuf, dh_server_pub, dh);
147: #ifdef DEBUG_KEXDH
148: dump_digest("shared secret", kbuf, kout);
149: #endif
150: if ((shared_secret = BN_new()) == NULL)
151: fatal("kexgex_client: BN_new failed");
152: BN_bin2bn(kbuf, kout, shared_secret);
153: memset(kbuf, 0, klen);
154: xfree(kbuf);
155:
156: if (datafellows & SSH_OLD_DHGEX)
157: min = max = -1;
158:
159: /* calc and verify H */
1.3 djm 160: kexgex_hash(
161: kex->evp_md,
1.1 markus 162: kex->client_version_string,
163: kex->server_version_string,
164: buffer_ptr(&kex->my), buffer_len(&kex->my),
165: buffer_ptr(&kex->peer), buffer_len(&kex->peer),
166: server_host_key_blob, sbloblen,
167: min, nbits, max,
168: dh->p, dh->g,
169: dh->pub_key,
170: dh_server_pub,
1.3 djm 171: shared_secret,
172: &hash, &hashlen
1.1 markus 173: );
1.3 djm 174:
1.1 markus 175: /* have keys, free DH */
176: DH_free(dh);
177: xfree(server_host_key_blob);
178: BN_clear_free(dh_server_pub);
179:
1.3 djm 180: if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
1.1 markus 181: fatal("key_verify failed for server_host_key");
182: key_free(server_host_key);
183: xfree(signature);
184:
185: /* save session id */
186: if (kex->session_id == NULL) {
1.3 djm 187: kex->session_id_len = hashlen;
1.1 markus 188: kex->session_id = xmalloc(kex->session_id_len);
189: memcpy(kex->session_id, hash, kex->session_id_len);
190: }
1.3 djm 191: kex_derive_keys(kex, hash, hashlen, shared_secret);
1.1 markus 192: BN_clear_free(shared_secret);
193:
194: kex_finish(kex);
195: }