Branch data Line data Source code
1 : : /* $OpenBSD: kexc25519c.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
2 : : /*
3 : : * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 : : * Copyright (c) 2010 Damien Miller. All rights reserved.
5 : : * Copyright (c) 2013 Aris Adamantiadis. All rights reserved.
6 : : *
7 : : * Redistribution and use in source and binary forms, with or without
8 : : * modification, are permitted provided that the following conditions
9 : : * are met:
10 : : * 1. Redistributions of source code must retain the above copyright
11 : : * notice, this list of conditions and the following disclaimer.
12 : : * 2. Redistributions in binary form must reproduce the above copyright
13 : : * notice, this list of conditions and the following disclaimer in the
14 : : * documentation and/or other materials provided with the distribution.
15 : : *
16 : : * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 : : * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 : : * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 : : * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 : : * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 : : * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 : : * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 : : * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 : : * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 : : * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 : : */
27 : :
28 : : #include "includes.h"
29 : :
30 : : #include <sys/types.h>
31 : :
32 : : #include <stdio.h>
33 : : #include <string.h>
34 : : #include <signal.h>
35 : :
36 : : #include "xmalloc.h"
37 : : #include "buffer.h"
38 : : #include "key.h"
39 : : #include "cipher.h"
40 : : #include "kex.h"
41 : : #include "log.h"
42 : : #include "packet.h"
43 : : #include "ssh2.h"
44 : :
45 : : void
46 : 949 : kexc25519_client(Kex *kex)
47 : : {
48 : : Key *server_host_key;
49 : : u_char client_key[CURVE25519_SIZE];
50 : : u_char client_pubkey[CURVE25519_SIZE];
51 : 949 : u_char *server_pubkey = NULL;
52 : 949 : u_char *server_host_key_blob = NULL, *signature = NULL;
53 : : u_char *hash;
54 : : u_int slen, sbloblen, hashlen;
55 : : Buffer shared_secret;
56 : :
57 : 949 : kexc25519_keygen(client_key, client_pubkey);
58 : :
59 : 949 : packet_start(SSH2_MSG_KEX_ECDH_INIT);
60 : 949 : packet_put_string(client_pubkey, sizeof(client_pubkey));
61 : 949 : packet_send();
62 : 949 : debug("sending SSH2_MSG_KEX_ECDH_INIT");
63 : :
64 : : #ifdef DEBUG_KEXECDH
65 : : dump_digest("client private key:", client_key, sizeof(client_key));
66 : : #endif
67 : :
68 : 949 : debug("expecting SSH2_MSG_KEX_ECDH_REPLY");
69 : 949 : packet_read_expect(SSH2_MSG_KEX_ECDH_REPLY);
70 : :
71 : : /* hostkey */
72 : 949 : server_host_key_blob = packet_get_string(&sbloblen);
73 : 949 : server_host_key = key_from_blob(server_host_key_blob, sbloblen);
74 [ - + ]: 949 : if (server_host_key == NULL)
75 : 0 : fatal("cannot decode server_host_key_blob");
76 [ - + ]: 949 : if (server_host_key->type != kex->hostkey_type)
77 : 0 : fatal("type mismatch for decoded server_host_key_blob");
78 [ - + ]: 949 : if (kex->verify_host_key == NULL)
79 : 0 : fatal("cannot verify server_host_key");
80 [ - + ]: 949 : if (kex->verify_host_key(server_host_key) == -1)
81 : 0 : fatal("server_host_key verification failed");
82 : :
83 : : /* Q_S, server public key */
84 : 946 : server_pubkey = packet_get_string(&slen);
85 [ - + ]: 946 : if (slen != CURVE25519_SIZE)
86 : 0 : fatal("Incorrect size for server Curve25519 pubkey: %d", slen);
87 : :
88 : : #ifdef DEBUG_KEXECDH
89 : : dump_digest("server public key:", server_pubkey, CURVE25519_SIZE);
90 : : #endif
91 : :
92 : : /* signed H */
93 : 946 : signature = packet_get_string(&slen);
94 [ - + ]: 946 : packet_check_eom();
95 : :
96 : 946 : buffer_init(&shared_secret);
97 : 946 : kexc25519_shared_key(client_key, server_pubkey, &shared_secret);
98 : :
99 : : /* calc and verify H */
100 : 1892 : kex_c25519_hash(
101 : : kex->hash_alg,
102 : : kex->client_version_string,
103 : : kex->server_version_string,
104 : 946 : buffer_ptr(&kex->my), buffer_len(&kex->my),
105 : 946 : buffer_ptr(&kex->peer), buffer_len(&kex->peer),
106 : : server_host_key_blob, sbloblen,
107 : : client_pubkey,
108 : : server_pubkey,
109 : 946 : buffer_ptr(&shared_secret), buffer_len(&shared_secret),
110 : : &hash, &hashlen
111 : : );
112 : 946 : free(server_host_key_blob);
113 : 946 : free(server_pubkey);
114 [ - + ]: 946 : if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
115 : 0 : fatal("key_verify failed for server_host_key");
116 : 946 : key_free(server_host_key);
117 : 946 : free(signature);
118 : :
119 : : /* save session id */
120 [ + + ]: 946 : if (kex->session_id == NULL) {
121 : 624 : kex->session_id_len = hashlen;
122 : 624 : kex->session_id = xmalloc(kex->session_id_len);
123 : 624 : memcpy(kex->session_id, hash, kex->session_id_len);
124 : : }
125 : 1892 : kex_derive_keys(kex, hash, hashlen,
126 : 946 : buffer_ptr(&shared_secret), buffer_len(&shared_secret));
127 : 946 : buffer_free(&shared_secret);
128 : 946 : kex_finish(kex);
129 : 946 : }
|