Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | #include "includes.h" | - |
28 | | - |
29 | #ifdef WITH_OPENSSL | - |
30 | | - |
31 | #include <sys/types.h> | - |
32 | | - |
33 | #include <openssl/dh.h> | - |
34 | | - |
35 | #include <stdarg.h> | - |
36 | #include <stdio.h> | - |
37 | #include <string.h> | - |
38 | #include <signal.h> | - |
39 | | - |
40 | #include "openbsd-compat/openssl-compat.h" | - |
41 | | - |
42 | #include "sshkey.h" | - |
43 | #include "cipher.h" | - |
44 | #include "digest.h" | - |
45 | #include "kex.h" | - |
46 | #include "log.h" | - |
47 | #include "packet.h" | - |
48 | #include "dh.h" | - |
49 | #include "ssh2.h" | - |
50 | #include "compat.h" | - |
51 | #include "dispatch.h" | - |
52 | #include "ssherr.h" | - |
53 | #include "sshbuf.h" | - |
54 | #include "misc.h" | - |
55 | | - |
56 | static int input_kex_dh_gex_group(int, u_int32_t, struct ssh *); | - |
57 | static int input_kex_dh_gex_reply(int, u_int32_t, struct ssh *); | - |
58 | | - |
59 | int | - |
60 | kexgex_client(struct ssh *ssh) | - |
61 | { | - |
62 | struct kex *kex = ssh->kex; | - |
63 | int r; | - |
64 | u_int nbits; | - |
65 | | - |
66 | nbits = dh_estimate(kex->dh_need * 8); | - |
67 | | - |
68 | kex->min = DH_GRP_MIN; | - |
69 | kex->max = DH_GRP_MAX; | - |
70 | kex->nbits = nbits; | - |
71 | if (datafellows & SSH_BUG_DHGEX_LARGE)TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
72 | kex->nbits = MINIMUM(kex->nbits, 4096); never executed: kex->nbits = (((kex->nbits) < (4096)) ? (kex->nbits) : (4096)); TRUE | never evaluated | FALSE | never evaluated |
| 0 |
73 | | - |
74 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
75 | (r = sshpkt_put_u32(ssh, kex->min)) != 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
76 | (r = sshpkt_put_u32(ssh, kex->nbits)) != 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
77 | (r = sshpkt_put_u32(ssh, kex->max)) != 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
78 | (r = sshpkt_send(ssh)) != 0)TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
79 | goto out; never executed: goto out; | 0 |
80 | debug("SSH2_MSG_KEX_DH_GEX_REQUEST(%u<%u<%u) sent", | - |
81 | kex->min, kex->nbits, kex->max); | - |
82 | #ifdef DEBUG_KEXDH | - |
83 | fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n", | - |
84 | kex->min, kex->nbits, kex->max); | - |
85 | #endif | - |
86 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, | - |
87 | &input_kex_dh_gex_group); | - |
88 | r = 0; | - |
89 | out:code before this statement executed 40 times by 1 test: out: | 40 |
90 | return r;executed 40 times by 1 test: return r; | 40 |
91 | } | - |
92 | | - |
93 | static int | - |
94 | input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh) | - |
95 | { | - |
96 | struct kex *kex = ssh->kex; | - |
97 | BIGNUM *p = NULL, *g = NULL; | - |
98 | const BIGNUM *pub_key; | - |
99 | int r, bits; | - |
100 | | - |
101 | debug("got SSH2_MSG_KEX_DH_GEX_GROUP"); | - |
102 | | - |
103 | if ((p = BN_new()) == NULL ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
104 | (g = BN_new()) == NULL) {TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
105 | r = SSH_ERR_ALLOC_FAIL; | - |
106 | goto out; never executed: goto out; | 0 |
107 | } | - |
108 | if ((r = sshpkt_get_bignum2(ssh, p)) != 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
109 | (r = sshpkt_get_bignum2(ssh, g)) != 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
110 | (r = sshpkt_get_end(ssh)) != 0)TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
111 | goto out; never executed: goto out; | 0 |
112 | if ((bits = BN_num_bits(p)) < 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
113 | (u_int)bits < kex->min || (u_int)bits > kex->max) {TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
114 | r = SSH_ERR_DH_GEX_OUT_OF_RANGE; | - |
115 | goto out; never executed: goto out; | 0 |
116 | } | - |
117 | if ((kex->dh = dh_new_group(g, p)) == NULL) {TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
118 | r = SSH_ERR_ALLOC_FAIL; | - |
119 | goto out; never executed: goto out; | 0 |
120 | } | - |
121 | p = g = NULL; | - |
122 | | - |
123 | | - |
124 | if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
125 | goto out; never executed: goto out; | 0 |
126 | DH_get0_key(kex->dh, &pub_key, NULL); | - |
127 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
128 | (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
129 | (r = sshpkt_send(ssh)) != 0)TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
130 | goto out; never executed: goto out; | 0 |
131 | debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); | - |
132 | #ifdef DEBUG_KEXDH | - |
133 | DHparams_print_fp(stderr, kex->dh); | - |
134 | fprintf(stderr, "pub= "); | - |
135 | BN_print_fp(stderr, pub_key); | - |
136 | fprintf(stderr, "\n"); | - |
137 | #endif | - |
138 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL); | - |
139 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply); | - |
140 | r = 0; | - |
141 | out:code before this statement executed 40 times by 1 test: out: | 40 |
142 | BN_clear_free(p); | - |
143 | BN_clear_free(g); | - |
144 | return r;executed 40 times by 1 test: return r; | 40 |
145 | } | - |
146 | | - |
147 | static int | - |
148 | input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) | - |
149 | { | - |
150 | struct kex *kex = ssh->kex; | - |
151 | BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; | - |
152 | const BIGNUM *pub_key, *dh_p, *dh_g; | - |
153 | struct sshkey *server_host_key = NULL; | - |
154 | u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; | - |
155 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | - |
156 | size_t klen = 0, slen, sbloblen, hashlen; | - |
157 | int kout, r; | - |
158 | | - |
159 | debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); | - |
160 | if (kex->verify_host_key == NULL) {TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
161 | r = SSH_ERR_INVALID_ARGUMENT; | - |
162 | goto out; never executed: goto out; | 0 |
163 | } | - |
164 | | - |
165 | if ((r = sshpkt_get_string(ssh, &server_host_key_blob,TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
166 | &sbloblen)) != 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
167 | (r = sshkey_from_blob(server_host_key_blob, sbloblen,TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
168 | &server_host_key)) != 0)TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
169 | goto out; never executed: goto out; | 0 |
170 | if (server_host_key->type != kex->hostkey_type ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
171 | (kex->hostkey_type == KEY_ECDSA &&TRUE | evaluated 10 times by 1 test | FALSE | evaluated 30 times by 1 test |
| 10-30 |
172 | server_host_key->ecdsa_nid != kex->hostkey_nid)) {TRUE | never evaluated | FALSE | evaluated 10 times by 1 test |
| 0-10 |
173 | r = SSH_ERR_KEY_TYPE_MISMATCH; | - |
174 | goto out; never executed: goto out; | 0 |
175 | } | - |
176 | if (kex->verify_host_key(server_host_key, ssh) == -1) {TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
177 | r = SSH_ERR_SIGNATURE_INVALID; | - |
178 | goto out; never executed: goto out; | 0 |
179 | } | - |
180 | | - |
181 | if ((dh_server_pub = BN_new()) == NULL) {TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
182 | r = SSH_ERR_ALLOC_FAIL; | - |
183 | goto out; never executed: goto out; | 0 |
184 | } | - |
185 | | - |
186 | if ((r = sshpkt_get_bignum2(ssh, dh_server_pub)) != 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
187 | (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
188 | (r = sshpkt_get_end(ssh)) != 0)TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
189 | goto out; never executed: goto out; | 0 |
190 | #ifdef DEBUG_KEXDH | - |
191 | fprintf(stderr, "dh_server_pub= "); | - |
192 | BN_print_fp(stderr, dh_server_pub); | - |
193 | fprintf(stderr, "\n"); | - |
194 | debug("bits %d", BN_num_bits(dh_server_pub)); | - |
195 | #endif | - |
196 | if (!dh_pub_is_valid(kex->dh, dh_server_pub)) {TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
197 | sshpkt_disconnect(ssh, "bad server public DH value"); | - |
198 | r = SSH_ERR_MESSAGE_INCOMPLETE; | - |
199 | goto out; never executed: goto out; | 0 |
200 | } | - |
201 | | - |
202 | klen = DH_size(kex->dh); | - |
203 | if ((kbuf = malloc(klen)) == NULL ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
204 | (shared_secret = BN_new()) == NULL) {TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
205 | r = SSH_ERR_ALLOC_FAIL; | - |
206 | goto out; never executed: goto out; | 0 |
207 | } | - |
208 | if ((kout = DH_compute_key(kbuf, dh_server_pub, kex->dh)) < 0 ||TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
209 | BN_bin2bn(kbuf, kout, shared_secret) == NULL) {TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
210 | r = SSH_ERR_LIBCRYPTO_ERROR; | - |
211 | goto out; never executed: goto out; | 0 |
212 | } | - |
213 | #ifdef DEBUG_KEXDH | - |
214 | dump_digest("shared secret", kbuf, kout); | - |
215 | #endif | - |
216 | if (ssh->compat & SSH_OLD_DHGEX)TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
217 | kex->min = kex->max = -1; never executed: kex->min = kex->max = -1; | 0 |
218 | | - |
219 | | - |
220 | DH_get0_key(kex->dh, &pub_key, NULL); | - |
221 | DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g); | - |
222 | hashlen = sizeof(hash); | - |
223 | if ((r = kexgex_hash(TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
224 | kex->hash_alg,TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
225 | kex->client_version_string,TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
226 | kex->server_version_string,TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
227 | sshbuf_ptr(kex->my), sshbuf_len(kex->my),TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
228 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
229 | server_host_key_blob, sbloblen,TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
230 | kex->min, kex->nbits, kex->max,TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
231 | dh_p, dh_g,TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
232 | pub_key,TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
233 | dh_server_pub,TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
234 | shared_secret,TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
235 | hash, &hashlen)) != 0)TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
236 | goto out; never executed: goto out; | 0 |
237 | | - |
238 | if ((r = sshkey_verify(server_host_key, signature, slen, hash,TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
239 | hashlen, kex->hostkey_alg, ssh->compat)) != 0)TRUE | never evaluated | FALSE | evaluated 40 times by 1 test |
| 0-40 |
240 | goto out; never executed: goto out; | 0 |
241 | | - |
242 | | - |
243 | if (kex->session_id == NULL) {TRUE | evaluated 8 times by 1 test | FALSE | evaluated 32 times by 1 test |
| 8-32 |
244 | kex->session_id_len = hashlen; | - |
245 | kex->session_id = malloc(kex->session_id_len); | - |
246 | if (kex->session_id == NULL) {TRUE | never evaluated | FALSE | evaluated 8 times by 1 test |
| 0-8 |
247 | r = SSH_ERR_ALLOC_FAIL; | - |
248 | goto out; never executed: goto out; | 0 |
249 | } | - |
250 | memcpy(kex->session_id, hash, kex->session_id_len); | - |
251 | }executed 8 times by 1 test: end of block | 8 |
252 | | - |
253 | if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)TRUE | evaluated 40 times by 1 test | FALSE | never evaluated |
| 0-40 |
254 | r = kex_send_newkeys(ssh);executed 40 times by 1 test: r = kex_send_newkeys(ssh); | 40 |
255 | out:code before this statement executed 40 times by 1 test: out: | 40 |
256 | explicit_bzero(hash, sizeof(hash)); | - |
257 | DH_free(kex->dh); | - |
258 | kex->dh = NULL; | - |
259 | BN_clear_free(dh_server_pub); | - |
260 | if (kbuf) {TRUE | evaluated 40 times by 1 test | FALSE | never evaluated |
| 0-40 |
261 | explicit_bzero(kbuf, klen); | - |
262 | free(kbuf); | - |
263 | }executed 40 times by 1 test: end of block | 40 |
264 | BN_clear_free(shared_secret); | - |
265 | sshkey_free(server_host_key); | - |
266 | free(server_host_key_blob); | - |
267 | free(signature); | - |
268 | return r;executed 40 times by 1 test: return r; | 40 |
269 | } | - |
270 | #endif /* WITH_OPENSSL */ | - |
| | |