Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | #include "includes.h" | - |
28 | | - |
29 | #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) | - |
30 | | - |
31 | #include <sys/types.h> | - |
32 | #include <string.h> | - |
33 | #include <signal.h> | - |
34 | | - |
35 | #include <openssl/ecdh.h> | - |
36 | | - |
37 | #include "sshkey.h" | - |
38 | #include "cipher.h" | - |
39 | #include "digest.h" | - |
40 | #include "kex.h" | - |
41 | #include "log.h" | - |
42 | #include "packet.h" | - |
43 | #include "ssh2.h" | - |
44 | | - |
45 | #include "dispatch.h" | - |
46 | #include "compat.h" | - |
47 | #include "ssherr.h" | - |
48 | #include "sshbuf.h" | - |
49 | | - |
50 | static int input_kex_ecdh_init(int, u_int32_t, struct ssh *); | - |
51 | | - |
52 | int | - |
53 | kexecdh_server(struct ssh *ssh) | - |
54 | { | - |
55 | debug("expecting SSH2_MSG_KEX_ECDH_INIT"); | - |
56 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &input_kex_ecdh_init); | - |
57 | return 0;executed 60 times by 1 test: return 0; | 60 |
58 | } | - |
59 | | - |
60 | static int | - |
61 | input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) | - |
62 | { | - |
63 | struct kex *kex = ssh->kex; | - |
64 | EC_POINT *client_public; | - |
65 | EC_KEY *server_key = NULL; | - |
66 | const EC_GROUP *group; | - |
67 | const EC_POINT *public_key; | - |
68 | BIGNUM *shared_secret = NULL; | - |
69 | struct sshkey *server_host_private, *server_host_public; | - |
70 | u_char *server_host_key_blob = NULL, *signature = NULL; | - |
71 | u_char *kbuf = NULL; | - |
72 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | - |
73 | size_t slen, sbloblen; | - |
74 | size_t klen = 0, hashlen; | - |
75 | int r; | - |
76 | | - |
77 | if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
78 | r = SSH_ERR_ALLOC_FAIL; | - |
79 | goto out; never executed: goto out; | 0 |
80 | } | - |
81 | if (EC_KEY_generate_key(server_key) != 1) {TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
82 | r = SSH_ERR_LIBCRYPTO_ERROR; | - |
83 | goto out; never executed: goto out; | 0 |
84 | } | - |
85 | group = EC_KEY_get0_group(server_key); | - |
86 | | - |
87 | #ifdef DEBUG_KEXECDH | - |
88 | fputs("server private key:\n", stderr); | - |
89 | sshkey_dump_ec_key(server_key); | - |
90 | #endif | - |
91 | | - |
92 | if (kex->load_host_public_key == NULL ||TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
93 | kex->load_host_private_key == NULL) {TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
94 | r = SSH_ERR_INVALID_ARGUMENT; | - |
95 | goto out; never executed: goto out; | 0 |
96 | } | - |
97 | server_host_public = kex->load_host_public_key(kex->hostkey_type, | - |
98 | kex->hostkey_nid, ssh); | - |
99 | server_host_private = kex->load_host_private_key(kex->hostkey_type, | - |
100 | kex->hostkey_nid, ssh); | - |
101 | if (server_host_public == NULL) {TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
102 | r = SSH_ERR_NO_HOSTKEY_LOADED; | - |
103 | goto out; never executed: goto out; | 0 |
104 | } | - |
105 | if ((client_public = EC_POINT_new(group)) == NULL) {TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
106 | r = SSH_ERR_ALLOC_FAIL; | - |
107 | goto out; never executed: goto out; | 0 |
108 | } | - |
109 | if ((r = sshpkt_get_ec(ssh, client_public, group)) != 0 ||TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
110 | (r = sshpkt_get_end(ssh)) != 0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
111 | goto out; never executed: goto out; | 0 |
112 | | - |
113 | #ifdef DEBUG_KEXECDH | - |
114 | fputs("client public key:\n", stderr); | - |
115 | sshkey_dump_ec_point(group, client_public); | - |
116 | #endif | - |
117 | if (sshkey_ec_validate_public(group, client_public) != 0) {TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
118 | sshpkt_disconnect(ssh, "invalid client public key"); | - |
119 | r = SSH_ERR_MESSAGE_INCOMPLETE; | - |
120 | goto out; never executed: goto out; | 0 |
121 | } | - |
122 | | - |
123 | | - |
124 | klen = (EC_GROUP_get_degree(group) + 7) / 8; | - |
125 | if ((kbuf = malloc(klen)) == NULL ||TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
126 | (shared_secret = BN_new()) == NULL) {TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
127 | r = SSH_ERR_ALLOC_FAIL; | - |
128 | goto out; never executed: goto out; | 0 |
129 | } | - |
130 | if (ECDH_compute_key(kbuf, klen, client_public,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
131 | server_key, NULL) != (int)klen ||TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
132 | BN_bin2bn(kbuf, klen, shared_secret) == NULL) {TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
133 | r = SSH_ERR_LIBCRYPTO_ERROR; | - |
134 | goto out; never executed: goto out; | 0 |
135 | } | - |
136 | | - |
137 | #ifdef DEBUG_KEXECDH | - |
138 | dump_digest("shared secret", kbuf, klen); | - |
139 | #endif | - |
140 | | - |
141 | if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
142 | &sbloblen)) != 0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
143 | goto out; never executed: goto out; | 0 |
144 | hashlen = sizeof(hash); | - |
145 | if ((r = kex_ecdh_hash(TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
146 | kex->hash_alg,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
147 | group,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
148 | kex->client_version_string,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
149 | kex->server_version_string,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
150 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
151 | sshbuf_ptr(kex->my), sshbuf_len(kex->my),TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
152 | server_host_key_blob, sbloblen,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
153 | client_public,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
154 | EC_KEY_get0_public_key(server_key),TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
155 | shared_secret,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
156 | hash, &hashlen)) != 0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
157 | goto out; never executed: goto out; | 0 |
158 | | - |
159 | | - |
160 | if (kex->session_id == NULL) {TRUE | evaluated 12 times by 1 test | FALSE | evaluated 48 times by 1 test |
| 12-48 |
161 | kex->session_id_len = hashlen; | - |
162 | kex->session_id = malloc(kex->session_id_len); | - |
163 | if (kex->session_id == NULL) {TRUE | never evaluated | FALSE | evaluated 12 times by 1 test |
| 0-12 |
164 | r = SSH_ERR_ALLOC_FAIL; | - |
165 | goto out; never executed: goto out; | 0 |
166 | } | - |
167 | memcpy(kex->session_id, hash, kex->session_id_len); | - |
168 | }executed 12 times by 1 test: end of block | 12 |
169 | | - |
170 | | - |
171 | if ((r = kex->sign(server_host_private, server_host_public, &signature,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
172 | &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
173 | goto out; never executed: goto out; | 0 |
174 | | - |
175 | | - |
176 | | - |
177 | public_key = EC_KEY_get0_public_key(server_key); | - |
178 | | - |
179 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 ||TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
180 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
181 | (r = sshpkt_put_ec(ssh, public_key, group)) != 0 ||TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
182 | (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
183 | (r = sshpkt_send(ssh)) != 0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
184 | goto out; never executed: goto out; | 0 |
185 | | - |
186 | if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)TRUE | evaluated 60 times by 1 test | FALSE | never evaluated |
| 0-60 |
187 | r = kex_send_newkeys(ssh);executed 60 times by 1 test: r = kex_send_newkeys(ssh); | 60 |
188 | out:code before this statement executed 60 times by 1 test: out: | 60 |
189 | explicit_bzero(hash, sizeof(hash)); | - |
190 | EC_KEY_free(kex->ec_client_key); | - |
191 | kex->ec_client_key = NULL; | - |
192 | EC_KEY_free(server_key); | - |
193 | if (kbuf) {TRUE | evaluated 60 times by 1 test | FALSE | never evaluated |
| 0-60 |
194 | explicit_bzero(kbuf, klen); | - |
195 | free(kbuf); | - |
196 | }executed 60 times by 1 test: end of block | 60 |
197 | BN_clear_free(shared_secret); | - |
198 | free(server_host_key_blob); | - |
199 | free(signature); | - |
200 | return r;executed 60 times by 1 test: return r; | 60 |
201 | } | - |
202 | #endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ | - |
203 | | - |
| | |