Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | static int input_kex_ecdh_init(int, u_int32_t, struct ssh *); | - |
12 | | - |
13 | int | - |
14 | kexecdh_server(struct ssh *ssh) | - |
15 | { | - |
16 | debug("expecting SSH2_MSG_KEX_ECDH_INIT"); | - |
17 | ssh_dispatch_set(ssh, 30, &input_kex_ecdh_init); | - |
18 | returnexecuted 60 times by 1 test: return 0; 0;executed 60 times by 1 test: return 0; | 60 |
19 | } | - |
20 | | - |
21 | static int | - |
22 | input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh) | - |
23 | { | - |
24 | struct kex *kex = ssh->kex; | - |
25 | EC_POINT *client_public; | - |
26 | EC_KEY *server_key = | - |
27 | ((void *)0) | - |
28 | ; | - |
29 | const EC_GROUP *group; | - |
30 | const EC_POINT *public_key; | - |
31 | BIGNUM *shared_secret = | - |
32 | ((void *)0) | - |
33 | ; | - |
34 | struct sshkey *server_host_private, *server_host_public; | - |
35 | u_char *server_host_key_blob = | - |
36 | ((void *)0) | - |
37 | , *signature = | - |
38 | ((void *)0) | - |
39 | ; | - |
40 | u_char *kbuf = | - |
41 | ((void *)0) | - |
42 | ; | - |
43 | u_char hash[64]; | - |
44 | size_t slen, sbloblen; | - |
45 | size_t klen = 0, hashlen; | - |
46 | int r; | - |
47 | | - |
48 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
49 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
50 | ) { | - |
51 | r = -2; | - |
52 | goto never executed: goto out; out;never executed: goto out; | 0 |
53 | } | - |
54 | if (EC_KEY_generate_key(server_key) != 1TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) { | 0-60 |
55 | r = -22; | - |
56 | goto never executed: goto out; out;never executed: goto out; | 0 |
57 | } | - |
58 | group = EC_KEY_get0_group(server_key); | - |
59 | | - |
60 | | - |
61 | | - |
62 | | - |
63 | | - |
64 | | - |
65 | if (kex->load_host_public_key == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
66 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
67 | || | - |
68 | kex->load_host_private_key == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
69 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
70 | ) { | - |
71 | r = -10; | - |
72 | goto never executed: goto out; out;never executed: goto out; | 0 |
73 | } | - |
74 | server_host_public = kex->load_host_public_key(kex->hostkey_type, | - |
75 | kex->hostkey_nid, ssh); | - |
76 | server_host_private = kex->load_host_private_key(kex->hostkey_type, | - |
77 | kex->hostkey_nid, ssh); | - |
78 | if (server_host_public == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
79 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
80 | ) { | - |
81 | r = -36; | - |
82 | goto never executed: goto out; out;never executed: goto out; | 0 |
83 | } | - |
84 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
client_public = EC_POINT_new(group)) == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
85 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
86 | ) { | - |
87 | r = -2; | - |
88 | goto never executed: goto out; out;never executed: goto out; | 0 |
89 | } | - |
90 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_get_ec(ssh, client_public, group)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
91 | (TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_get_end(ssh)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) | 0-60 |
92 | goto never executed: goto out; out;never executed: goto out; | 0 |
93 | | - |
94 | | - |
95 | | - |
96 | | - |
97 | | - |
98 | if (sshkey_ec_validate_public(group, client_public) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) { | 0-60 |
99 | sshpkt_disconnect(ssh, "invalid client public key"); | - |
100 | r = -3; | - |
101 | goto never executed: goto out; out;never executed: goto out; | 0 |
102 | } | - |
103 | | - |
104 | | - |
105 | klen = (EC_GROUP_get_degree(group) + 7) / 8; | - |
106 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
kbuf = malloc(klen)) == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
107 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
108 | || | - |
109 | (TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
shared_secret = BN_new()) == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
110 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
111 | ) { | - |
112 | r = -2; | - |
113 | goto never executed: goto out; out;never executed: goto out; | 0 |
114 | } | - |
115 | if (ECDH_compute_key(kbuf, klen, client_public,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
116 | server_key, TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
117 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
118 | ) != (int)klenTRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
119 | BN_bin2bn(kbuf, klen, shared_secret) == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
120 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
121 | ) { | - |
122 | r = -22; | - |
123 | goto never executed: goto out; out;never executed: goto out; | 0 |
124 | } | - |
125 | | - |
126 | | - |
127 | | - |
128 | | - |
129 | | - |
130 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshkey_to_blob(server_host_public, &server_host_key_blob,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
131 | &sbloblen)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) | 0-60 |
132 | goto never executed: goto out; out;never executed: goto out; | 0 |
133 | hashlen = sizeof(hash); | - |
134 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = kex_ecdh_hash(TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
135 | kex->hash_alg,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
136 | group,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
137 | kex->client_version_string,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
138 | kex->server_version_string,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
139 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
140 | sshbuf_ptr(kex->my), sshbuf_len(kex->my),TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
141 | server_host_key_blob, sbloblen,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
142 | client_public,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
143 | EC_KEY_get0_public_key(server_key),TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
144 | shared_secret,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
145 | hash, &hashlen)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) | 0-60 |
146 | goto never executed: goto out; out;never executed: goto out; | 0 |
147 | | - |
148 | | - |
149 | if (kex->session_id == TRUE | evaluated 12 times by 1 test | FALSE | evaluated 48 times by 1 test |
| 12-48 |
150 | ((void *)0)TRUE | evaluated 12 times by 1 test | FALSE | evaluated 48 times by 1 test |
| 12-48 |
151 | ) { | - |
152 | kex->session_id_len = hashlen; | - |
153 | kex->session_id = malloc(kex->session_id_len); | - |
154 | if (kex->session_id == TRUE | never evaluated | FALSE | evaluated 12 times by 1 test |
| 0-12 |
155 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 12 times by 1 test |
| 0-12 |
156 | ) { | - |
157 | r = -2; | - |
158 | goto never executed: goto out; out;never executed: goto out; | 0 |
159 | } | - |
160 | memcpy(kex->session_id, hash, kex->session_id_len); | - |
161 | }executed 12 times by 1 test: end of block | 12 |
162 | | - |
163 | | - |
164 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = kex->sign(server_host_private, server_host_public, &signature,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
165 | &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) | 0-60 |
166 | goto never executed: goto out; out;never executed: goto out; | 0 |
167 | | - |
168 | | - |
169 | | - |
170 | public_key = EC_KEY_get0_public_key(server_key); | - |
171 | | - |
172 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_start(ssh, 31)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
173 | (TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
174 | (TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_put_ec(ssh, public_key, group)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
175 | (TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_put_string(ssh, signature, slen)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
176 | (TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_send(ssh)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) | 0-60 |
177 | goto never executed: goto out; out;never executed: goto out; | 0 |
178 | | - |
179 | if ((TRUE | evaluated 60 times by 1 test | FALSE | never evaluated |
r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0TRUE | evaluated 60 times by 1 test | FALSE | never evaluated |
) | 0-60 |
180 | r = kex_send_newkeys(ssh);executed 60 times by 1 test: r = kex_send_newkeys(ssh); | 60 |
181 | out:code before this statement executed 60 times by 1 test: out: | 60 |
182 | explicit_bzero(hash, sizeof(hash)); | - |
183 | EC_KEY_free(kex->ec_client_key); | - |
184 | kex->ec_client_key = | - |
185 | ((void *)0) | - |
186 | ; | - |
187 | EC_KEY_free(server_key); | - |
188 | if (kbufTRUE | evaluated 60 times by 1 test | FALSE | never evaluated |
) { | 0-60 |
189 | explicit_bzero(kbuf, klen); | - |
190 | free(kbuf); | - |
191 | }executed 60 times by 1 test: end of block | 60 |
192 | BN_clear_free(shared_secret); | - |
193 | free(server_host_key_blob); | - |
194 | free(signature); | - |
195 | returnexecuted 60 times by 1 test: return r; r;executed 60 times by 1 test: return r; | 60 |
196 | } | - |
| | |