- (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
[openssh-git.git] / kexgexs.c
bloba5e3df7bcc3ba58931f3d1e42ff658061d459b2a
1 /* $OpenBSD: kexgexs.c,v 1.14 2010/11/10 01:33:07 djm Exp $ */
2 /*
3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #include "includes.h"
29 #include <sys/param.h>
31 #include <stdarg.h>
32 #include <stdio.h>
33 #include <string.h>
34 #include <signal.h>
36 #include <openssl/dh.h>
38 #include "xmalloc.h"
39 #include "buffer.h"
40 #include "key.h"
41 #include "cipher.h"
42 #include "kex.h"
43 #include "log.h"
44 #include "packet.h"
45 #include "dh.h"
46 #include "ssh2.h"
47 #include "compat.h"
48 #ifdef GSSAPI
49 #include "ssh-gss.h"
50 #endif
51 #include "monitor_wrap.h"
53 void
54 kexgex_server(Kex *kex)
56 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
57 Key *server_host_public, *server_host_private;
58 DH *dh;
59 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
60 u_int sbloblen, klen, slen, hashlen;
61 int omin = -1, min = -1, omax = -1, max = -1, onbits = -1, nbits = -1;
62 int type, kout;
64 if (kex->load_host_public_key == NULL ||
65 kex->load_host_private_key == NULL)
66 fatal("Cannot load hostkey");
67 server_host_public = kex->load_host_public_key(kex->hostkey_type);
68 if (server_host_public == NULL)
69 fatal("Unsupported hostkey type %d", kex->hostkey_type);
70 server_host_private = kex->load_host_private_key(kex->hostkey_type);
71 if (server_host_private == NULL)
72 fatal("Missing private key for hostkey type %d",
73 kex->hostkey_type);
76 type = packet_read();
77 switch (type) {
78 case SSH2_MSG_KEX_DH_GEX_REQUEST:
79 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
80 omin = min = packet_get_int();
81 onbits = nbits = packet_get_int();
82 omax = max = packet_get_int();
83 min = MAX(DH_GRP_MIN, min);
84 max = MIN(DH_GRP_MAX, max);
85 nbits = MAX(DH_GRP_MIN, nbits);
86 nbits = MIN(DH_GRP_MAX, nbits);
87 break;
88 case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
89 debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
90 onbits = nbits = packet_get_int();
91 /* unused for old GEX */
92 omin = min = DH_GRP_MIN;
93 omax = max = DH_GRP_MAX;
94 break;
95 default:
96 fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
98 packet_check_eom();
100 if (omax < omin || onbits < omin || omax < onbits)
101 fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
102 omin, onbits, omax);
104 /* Contact privileged parent */
105 dh = PRIVSEP(choose_dh(min, nbits, max));
106 if (dh == NULL)
107 packet_disconnect("Protocol error: no matching DH grp found");
109 debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
110 packet_start(SSH2_MSG_KEX_DH_GEX_GROUP);
111 packet_put_bignum2(dh->p);
112 packet_put_bignum2(dh->g);
113 packet_send();
115 /* flush */
116 packet_write_wait();
118 /* Compute our exchange value in parallel with the client */
119 dh_gen_key(dh, kex->we_need * 8);
121 debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
122 packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT);
124 /* key, cert */
125 if ((dh_client_pub = BN_new()) == NULL)
126 fatal("dh_client_pub == NULL");
127 packet_get_bignum2(dh_client_pub);
128 packet_check_eom();
130 #ifdef DEBUG_KEXDH
131 fprintf(stderr, "dh_client_pub= ");
132 BN_print_fp(stderr, dh_client_pub);
133 fprintf(stderr, "\n");
134 debug("bits %d", BN_num_bits(dh_client_pub));
135 #endif
137 #ifdef DEBUG_KEXDH
138 DHparams_print_fp(stderr, dh);
139 fprintf(stderr, "pub= ");
140 BN_print_fp(stderr, dh->pub_key);
141 fprintf(stderr, "\n");
142 #endif
143 if (!dh_pub_is_valid(dh, dh_client_pub))
144 packet_disconnect("bad client public DH value");
146 klen = DH_size(dh);
147 kbuf = xmalloc(klen);
148 if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
149 fatal("DH_compute_key: failed");
150 #ifdef DEBUG_KEXDH
151 dump_digest("shared secret", kbuf, kout);
152 #endif
153 if ((shared_secret = BN_new()) == NULL)
154 fatal("kexgex_server: BN_new failed");
155 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
156 fatal("kexgex_server: BN_bin2bn failed");
157 memset(kbuf, 0, klen);
158 xfree(kbuf);
160 key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
162 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
163 omin = min = omax = max = -1;
165 /* calc H */
166 kexgex_hash(
167 kex->evp_md,
168 kex->client_version_string,
169 kex->server_version_string,
170 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
171 buffer_ptr(&kex->my), buffer_len(&kex->my),
172 server_host_key_blob, sbloblen,
173 omin, onbits, omax,
174 dh->p, dh->g,
175 dh_client_pub,
176 dh->pub_key,
177 shared_secret,
178 &hash, &hashlen
180 BN_clear_free(dh_client_pub);
182 /* save session id := H */
183 if (kex->session_id == NULL) {
184 kex->session_id_len = hashlen;
185 kex->session_id = xmalloc(kex->session_id_len);
186 memcpy(kex->session_id, hash, kex->session_id_len);
189 /* sign H */
190 if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash,
191 hashlen)) < 0)
192 fatal("kexgex_server: key_sign failed");
194 /* destroy_sensitive_data(); */
196 /* send server hostkey, DH pubkey 'f' and singed H */
197 debug("SSH2_MSG_KEX_DH_GEX_REPLY sent");
198 packet_start(SSH2_MSG_KEX_DH_GEX_REPLY);
199 packet_put_string(server_host_key_blob, sbloblen);
200 packet_put_bignum2(dh->pub_key); /* f */
201 packet_put_string(signature, slen);
202 packet_send();
204 xfree(signature);
205 xfree(server_host_key_blob);
206 /* have keys, free DH */
207 DH_free(dh);
209 kex_derive_keys(kex, hash, hashlen, shared_secret);
210 BN_clear_free(shared_secret);
212 kex_finish(kex);