- (dtucker) [openbsd-compat/readpassphrase.c] Resync against OpenBSD's r1.18: ...
[openssh-git.git] / kexdhs.c
bloba6719f6722f6474334d04604c6e4f97d1c36279e
1 /* $OpenBSD: kexdhs.c,v 1.10 2009/06/21 07:37:15 dtucker Exp $ */
2 /*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 #include "includes.h"
28 #include <sys/types.h>
30 #include <stdarg.h>
31 #include <string.h>
32 #include <signal.h>
34 #include "xmalloc.h"
35 #include "buffer.h"
36 #include "key.h"
37 #include "cipher.h"
38 #include "kex.h"
39 #include "log.h"
40 #include "packet.h"
41 #include "dh.h"
42 #include "ssh2.h"
43 #ifdef GSSAPI
44 #include "ssh-gss.h"
45 #endif
46 #include "monitor_wrap.h"
48 void
49 kexdh_server(Kex *kex)
51 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
52 DH *dh;
53 Key *server_host_key;
54 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
55 u_int sbloblen, klen, hashlen, slen;
56 int kout;
58 /* generate server DH public key */
59 switch (kex->kex_type) {
60 case KEX_DH_GRP1_SHA1:
61 dh = dh_new_group1();
62 break;
63 case KEX_DH_GRP14_SHA1:
64 dh = dh_new_group14();
65 break;
66 default:
67 fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
69 dh_gen_key(dh, kex->we_need * 8);
71 debug("expecting SSH2_MSG_KEXDH_INIT");
72 packet_read_expect(SSH2_MSG_KEXDH_INIT);
74 if (kex->load_host_key == NULL)
75 fatal("Cannot load hostkey");
76 server_host_key = kex->load_host_key(kex->hostkey_type);
77 if (server_host_key == NULL)
78 fatal("Unsupported hostkey type %d", kex->hostkey_type);
80 /* key, cert */
81 if ((dh_client_pub = BN_new()) == NULL)
82 fatal("dh_client_pub == NULL");
83 packet_get_bignum2(dh_client_pub);
84 packet_check_eom();
86 #ifdef DEBUG_KEXDH
87 fprintf(stderr, "dh_client_pub= ");
88 BN_print_fp(stderr, dh_client_pub);
89 fprintf(stderr, "\n");
90 debug("bits %d", BN_num_bits(dh_client_pub));
91 #endif
93 #ifdef DEBUG_KEXDH
94 DHparams_print_fp(stderr, dh);
95 fprintf(stderr, "pub= ");
96 BN_print_fp(stderr, dh->pub_key);
97 fprintf(stderr, "\n");
98 #endif
99 if (!dh_pub_is_valid(dh, dh_client_pub))
100 packet_disconnect("bad client public DH value");
102 klen = DH_size(dh);
103 kbuf = xmalloc(klen);
104 if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
105 fatal("DH_compute_key: failed");
106 #ifdef DEBUG_KEXDH
107 dump_digest("shared secret", kbuf, kout);
108 #endif
109 if ((shared_secret = BN_new()) == NULL)
110 fatal("kexdh_server: BN_new failed");
111 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
112 fatal("kexdh_server: BN_bin2bn failed");
113 memset(kbuf, 0, klen);
114 xfree(kbuf);
116 key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
118 /* calc H */
119 kex_dh_hash(
120 kex->client_version_string,
121 kex->server_version_string,
122 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
123 buffer_ptr(&kex->my), buffer_len(&kex->my),
124 server_host_key_blob, sbloblen,
125 dh_client_pub,
126 dh->pub_key,
127 shared_secret,
128 &hash, &hashlen
130 BN_clear_free(dh_client_pub);
132 /* save session id := H */
133 if (kex->session_id == NULL) {
134 kex->session_id_len = hashlen;
135 kex->session_id = xmalloc(kex->session_id_len);
136 memcpy(kex->session_id, hash, kex->session_id_len);
139 /* sign H */
140 if (PRIVSEP(key_sign(server_host_key, &signature, &slen, hash,
141 hashlen)) < 0)
142 fatal("kexdh_server: key_sign failed");
144 /* destroy_sensitive_data(); */
146 /* send server hostkey, DH pubkey 'f' and singed H */
147 packet_start(SSH2_MSG_KEXDH_REPLY);
148 packet_put_string(server_host_key_blob, sbloblen);
149 packet_put_bignum2(dh->pub_key); /* f */
150 packet_put_string(signature, slen);
151 packet_send();
153 xfree(signature);
154 xfree(server_host_key_blob);
155 /* have keys, free DH */
156 DH_free(dh);
158 kex_derive_keys(kex, hash, hashlen, shared_secret);
159 BN_clear_free(shared_secret);
160 kex_finish(kex);