Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | static int input_kex_ecdh_reply(int, u_int32_t, struct ssh *); | - |
13 | | - |
14 | int | - |
15 | kexecdh_client(struct ssh *ssh) | - |
16 | { | - |
17 | struct kex *kex = ssh->kex; | - |
18 | EC_KEY *client_key = | - |
19 | ((void *)0) | - |
20 | ; | - |
21 | const EC_GROUP *group; | - |
22 | const EC_POINT *public_key; | - |
23 | int r; | - |
24 | | - |
25 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
26 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
27 | ) { | - |
28 | r = -2; | - |
29 | goto never executed: goto out; out;never executed: goto out; | 0 |
30 | } | - |
31 | if (EC_KEY_generate_key(client_key) != 1TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) { | 0-60 |
32 | r = -22; | - |
33 | goto never executed: goto out; out;never executed: goto out; | 0 |
34 | } | - |
35 | group = EC_KEY_get0_group(client_key); | - |
36 | public_key = EC_KEY_get0_public_key(client_key); | - |
37 | | - |
38 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_start(ssh, 30)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
39 | (TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_put_ec(ssh, public_key, group)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
40 | (TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_send(ssh)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) | 0-60 |
41 | goto never executed: goto out; out;never executed: goto out; | 0 |
42 | debug("sending SSH2_MSG_KEX_ECDH_INIT"); | - |
43 | | - |
44 | | - |
45 | | - |
46 | | - |
47 | | - |
48 | kex->ec_client_key = client_key; | - |
49 | kex->ec_group = group; | - |
50 | client_key = | - |
51 | ((void *)0) | - |
52 | ; | - |
53 | | - |
54 | debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); | - |
55 | ssh_dispatch_set(ssh, 31, &input_kex_ecdh_reply); | - |
56 | r = 0; | - |
57 | out:code before this statement executed 60 times by 1 test: out: | 60 |
58 | EC_KEY_free(client_key); | - |
59 | returnexecuted 60 times by 1 test: return r; r;executed 60 times by 1 test: return r; | 60 |
60 | } | - |
61 | | - |
62 | static int | - |
63 | input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) | - |
64 | { | - |
65 | struct kex *kex = ssh->kex; | - |
66 | const EC_GROUP *group; | - |
67 | EC_POINT *server_public = | - |
68 | ((void *)0) | - |
69 | ; | - |
70 | EC_KEY *client_key; | - |
71 | BIGNUM *shared_secret = | - |
72 | ((void *)0) | - |
73 | ; | - |
74 | struct sshkey *server_host_key = | - |
75 | ((void *)0) | - |
76 | ; | - |
77 | u_char *server_host_key_blob = | - |
78 | ((void *)0) | - |
79 | , *signature = | - |
80 | ((void *)0) | - |
81 | ; | - |
82 | u_char *kbuf = | - |
83 | ((void *)0) | - |
84 | ; | - |
85 | u_char hash[64]; | - |
86 | size_t slen, sbloblen; | - |
87 | size_t klen = 0, hashlen; | - |
88 | int r; | - |
89 | | - |
90 | if (kex->verify_host_key == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
91 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
92 | ) { | - |
93 | r = -10; | - |
94 | goto never executed: goto out; out;never executed: goto out; | 0 |
95 | } | - |
96 | group = kex->ec_group; | - |
97 | client_key = kex->ec_client_key; | - |
98 | | - |
99 | | - |
100 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_get_string(ssh, &server_host_key_blob,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
101 | &sbloblen)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
102 | (TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshkey_from_blob(server_host_key_blob, sbloblen,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
103 | &server_host_key)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) | 0-60 |
104 | goto never executed: goto out; out;never executed: goto out; | 0 |
105 | if (server_host_key->type != kex->hostkey_typeTRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
106 | (kex->hostkey_type == KEY_ECDSATRUE | evaluated 15 times by 1 test | FALSE | evaluated 45 times by 1 test |
&& | 15-45 |
107 | server_host_key->ecdsa_nid != kex->hostkey_nidTRUE | never evaluated | FALSE | evaluated 15 times by 1 test |
)) { | 0-15 |
108 | r = -13; | - |
109 | goto never executed: goto out; out;never executed: goto out; | 0 |
110 | } | - |
111 | if (kex->verify_host_key(server_host_key, ssh) == -1TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) { | 0-60 |
112 | r = -21; | - |
113 | goto never executed: goto out; out;never executed: goto out; | 0 |
114 | } | - |
115 | | - |
116 | | - |
117 | | - |
118 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
server_public = EC_POINT_new(group)) == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
119 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
120 | ) { | - |
121 | r = -2; | - |
122 | goto never executed: goto out; out;never executed: goto out; | 0 |
123 | } | - |
124 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_get_ec(ssh, server_public, group)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
125 | (TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_get_string(ssh, &signature, &slen)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
126 | (TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshpkt_get_end(ssh)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) | 0-60 |
127 | goto never executed: goto out; out;never executed: goto out; | 0 |
128 | | - |
129 | | - |
130 | | - |
131 | | - |
132 | | - |
133 | if (sshkey_ec_validate_public(group, server_public) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) { | 0-60 |
134 | sshpkt_disconnect(ssh, "invalid server public key"); | - |
135 | r = -3; | - |
136 | goto never executed: goto out; out;never executed: goto out; | 0 |
137 | } | - |
138 | | - |
139 | klen = (EC_GROUP_get_degree(group) + 7) / 8; | - |
140 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
kbuf = malloc(klen)) == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
141 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
142 | || | - |
143 | (TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
shared_secret = BN_new()) == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
144 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
145 | ) { | - |
146 | r = -2; | - |
147 | goto never executed: goto out; out;never executed: goto out; | 0 |
148 | } | - |
149 | if (ECDH_compute_key(kbuf, klen, server_public,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
150 | client_key, TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
151 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
152 | ) != (int)klenTRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
|| | 0-60 |
153 | BN_bin2bn(kbuf, klen, shared_secret) == TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
154 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
155 | ) { | - |
156 | r = -22; | - |
157 | goto never executed: goto out; out;never executed: goto out; | 0 |
158 | } | - |
159 | | - |
160 | | - |
161 | | - |
162 | | - |
163 | | - |
164 | hashlen = sizeof(hash); | - |
165 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = kex_ecdh_hash(TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
166 | kex->hash_alg,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
167 | group,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
168 | kex->client_version_string,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
169 | kex->server_version_string,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
170 | sshbuf_ptr(kex->my), sshbuf_len(kex->my),TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
171 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
172 | server_host_key_blob, sbloblen,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
173 | EC_KEY_get0_public_key(client_key),TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
174 | server_public,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
175 | shared_secret,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
176 | hash, &hashlen)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) | 0-60 |
177 | goto never executed: goto out; out;never executed: goto out; | 0 |
178 | | - |
179 | if ((TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
r = sshkey_verify(server_host_key, signature, slen, hash,TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
| 0-60 |
180 | hashlen, kex->hostkey_alg, ssh->compat)) != 0TRUE | never evaluated | FALSE | evaluated 60 times by 1 test |
) | 0-60 |
181 | goto never executed: goto out; out;never executed: goto out; | 0 |
182 | | - |
183 | | - |
184 | if (kex->session_id == TRUE | evaluated 12 times by 1 test | FALSE | evaluated 48 times by 1 test |
| 12-48 |
185 | ((void *)0)TRUE | evaluated 12 times by 1 test | FALSE | evaluated 48 times by 1 test |
| 12-48 |
186 | ) { | - |
187 | kex->session_id_len = hashlen; | - |
188 | kex->session_id = malloc(kex->session_id_len); | - |
189 | if (kex->session_id == TRUE | never evaluated | FALSE | evaluated 12 times by 1 test |
| 0-12 |
190 | ((void *)0)TRUE | never evaluated | FALSE | evaluated 12 times by 1 test |
| 0-12 |
191 | ) { | - |
192 | r = -2; | - |
193 | goto never executed: goto out; out;never executed: goto out; | 0 |
194 | } | - |
195 | memcpy(kex->session_id, hash, kex->session_id_len); | - |
196 | }executed 12 times by 1 test: end of block | 12 |
197 | | - |
198 | if ((TRUE | evaluated 60 times by 1 test | FALSE | never evaluated |
r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0TRUE | evaluated 60 times by 1 test | FALSE | never evaluated |
) | 0-60 |
199 | r = kex_send_newkeys(ssh);executed 60 times by 1 test: r = kex_send_newkeys(ssh); | 60 |
200 | out:code before this statement executed 60 times by 1 test: out: | 60 |
201 | explicit_bzero(hash, sizeof(hash)); | - |
202 | EC_KEY_free(kex->ec_client_key); | - |
203 | kex->ec_client_key = | - |
204 | ((void *)0) | - |
205 | ; | - |
206 | EC_POINT_clear_free(server_public); | - |
207 | if (kbufTRUE | evaluated 60 times by 1 test | FALSE | never evaluated |
) { | 0-60 |
208 | explicit_bzero(kbuf, klen); | - |
209 | free(kbuf); | - |
210 | }executed 60 times by 1 test: end of block | 60 |
211 | BN_clear_free(shared_secret); | - |
212 | sshkey_free(server_host_key); | - |
213 | free(server_host_key_blob); | - |
214 | free(signature); | - |
215 | returnexecuted 60 times by 1 test: return r; r;executed 60 times by 1 test: return r; | 60 |
216 | } | - |
| | |