kexdhc.c

   1 /* $OpenBSD: kexdhc.c,v 1.7 2006/07/22 20:48:23 stevesk Exp $ */
   2 /*
   3  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  * 1. Redistributions of source code must retain the above copyright
   9  *    notice, this list of conditions and the following disclaimer.
  10  * 2. Redistributions in binary form must reproduce the above copyright
  11  *    notice, this list of conditions and the following disclaimer in the
  12  *    documentation and/or other materials provided with the distribution.
  13  *
  14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  24  */
  25
  26 #include "includes.h"
  27
  28 #include <string.h>
  29
  30 #include "xmalloc.h"
  31 #include "key.h"
  32 #include "kex.h"
  33 #include "log.h"
  34 #include "packet.h"
  35 #include "dh.h"
  36 #include "ssh2.h"
  37
  38 void
  39 kexdh_client(Kex *kex)
  40 {
  41         BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
  42         DH *dh;
  43         Key *server_host_key;
  44         u_char *server_host_key_blob = NULL, *signature = NULL;
  45         u_char *kbuf, *hash;
  46         u_int klen, kout, slen, sbloblen, hashlen;
  47
  48         /* generate and send 'e', client DH public key */
  49         switch (kex->kex_type) {
  50         case KEX_DH_GRP1_SHA1:
  51                 dh = dh_new_group1();
  52                 break;
  53         case KEX_DH_GRP14_SHA1:
  54                 dh = dh_new_group14();
  55                 break;
  56         default:
  57                 fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
  58         }
  59         dh_gen_key(dh, kex->we_need * 8);
  60         packet_start(SSH2_MSG_KEXDH_INIT);
  61         packet_put_bignum2(dh->pub_key);
  62         packet_send();
  63
  64         debug("sending SSH2_MSG_KEXDH_INIT");
  65 #ifdef DEBUG_KEXDH
  66         DHparams_print_fp(stderr, dh);
  67         fprintf(stderr, "pub= ");
  68         BN_print_fp(stderr, dh->pub_key);
  69         fprintf(stderr, "\n");
  70 #endif
  71
  72         debug("expecting SSH2_MSG_KEXDH_REPLY");
  73         packet_read_expect(SSH2_MSG_KEXDH_REPLY);
  74
  75         /* key, cert */
  76         server_host_key_blob = packet_get_string(&sbloblen);
  77         server_host_key = key_from_blob(server_host_key_blob, sbloblen);
  78         if (server_host_key == NULL)
  79                 fatal("cannot decode server_host_key_blob");
  80         if (server_host_key->type != kex->hostkey_type)
  81                 fatal("type mismatch for decoded server_host_key_blob");
  82         if (kex->verify_host_key == NULL)
  83                 fatal("cannot verify server_host_key");
  84         if (kex->verify_host_key(server_host_key) == -1)
  85                 fatal("server_host_key verification failed");
  86
  87         /* DH parameter f, server public DH key */
  88         if ((dh_server_pub = BN_new()) == NULL)
  89                 fatal("dh_server_pub == NULL");
  90         packet_get_bignum2(dh_server_pub);
  91
  92 #ifdef DEBUG_KEXDH
  93         fprintf(stderr, "dh_server_pub= ");
  94         BN_print_fp(stderr, dh_server_pub);
  95         fprintf(stderr, "\n");
  96         debug("bits %d", BN_num_bits(dh_server_pub));
  97 #endif
  98
  99         /* signed H */
 100         signature = packet_get_string(&slen);
 101         packet_check_eom();
 102
 103         if (!dh_pub_is_valid(dh, dh_server_pub))
 104                 packet_disconnect("bad server public DH value");
 105
 106         klen = DH_size(dh);
 107         kbuf = xmalloc(klen);
 108         kout = DH_compute_key(kbuf, dh_server_pub, dh);
 109 #ifdef DEBUG_KEXDH
 110         dump_digest("shared secret", kbuf, kout);
 111 #endif
 112         if ((shared_secret = BN_new()) == NULL)
 113                 fatal("kexdh_client: BN_new failed");
 114         BN_bin2bn(kbuf, kout, shared_secret);
 115         memset(kbuf, 0, klen);
 116         xfree(kbuf);
 117
 118         /* calc and verify H */
 119         kex_dh_hash(
 120             kex->client_version_string,
 121             kex->server_version_string,
 122             buffer_ptr(&kex->my), buffer_len(&kex->my),
 123             buffer_ptr(&kex->peer), buffer_len(&kex->peer),
 124             server_host_key_blob, sbloblen,
 125             dh->pub_key,
 126             dh_server_pub,
 127             shared_secret,
 128             &hash, &hashlen
 129         );
 130         xfree(server_host_key_blob);
 131         BN_clear_free(dh_server_pub);
 132         DH_free(dh);
 133
 134         if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
 135                 fatal("key_verify failed for server_host_key");
 136         key_free(server_host_key);
 137         xfree(signature);
 138
 139         /* save session id */
 140         if (kex->session_id == NULL) {
 141                 kex->session_id_len = hashlen;
 142                 kex->session_id = xmalloc(kex->session_id_len);
 143                 memcpy(kex->session_id, hash, kex->session_id_len);
 144         }
 145
 146         kex_derive_keys(kex, hash, hashlen, shared_secret);
 147         BN_clear_free(shared_secret);
 148         kex_finish(kex);
 149 }