Line | Source | Count |
1 | | - |
2 | | - |
3 | | - |
4 | | - |
5 | | - |
6 | | - |
7 | | - |
8 | | - |
9 | | - |
10 | | - |
11 | | - |
12 | | - |
13 | | - |
14 | | - |
15 | | - |
16 | | - |
17 | | - |
18 | | - |
19 | | - |
20 | | - |
21 | | - |
22 | | - |
23 | | - |
24 | | - |
25 | | - |
26 | | - |
27 | #include "includes.h" | - |
28 | | - |
29 | #include <sys/types.h> | - |
30 | #include <stdio.h> | - |
31 | #include <string.h> | - |
32 | #include <signal.h> | - |
33 | | - |
34 | #include "sshkey.h" | - |
35 | #include "cipher.h" | - |
36 | #include "digest.h" | - |
37 | #include "kex.h" | - |
38 | #include "log.h" | - |
39 | #include "packet.h" | - |
40 | #include "ssh2.h" | - |
41 | #include "sshbuf.h" | - |
42 | #include "ssherr.h" | - |
43 | | - |
44 | static int input_kex_c25519_init(int, u_int32_t, struct ssh *); | - |
45 | | - |
46 | int | - |
47 | kexc25519_server(struct ssh *ssh) | - |
48 | { | - |
49 | debug("expecting SSH2_MSG_KEX_ECDH_INIT"); | - |
50 | ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &input_kex_c25519_init); | - |
51 | return 0;executed 20 times by 1 test: return 0; | 20 |
52 | } | - |
53 | | - |
54 | static int | - |
55 | input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh) | - |
56 | { | - |
57 | struct kex *kex = ssh->kex; | - |
58 | struct sshkey *server_host_private, *server_host_public; | - |
59 | struct sshbuf *shared_secret = NULL; | - |
60 | u_char *server_host_key_blob = NULL, *signature = NULL; | - |
61 | u_char server_key[CURVE25519_SIZE]; | - |
62 | u_char *client_pubkey = NULL; | - |
63 | u_char server_pubkey[CURVE25519_SIZE]; | - |
64 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | - |
65 | size_t slen, pklen, sbloblen, hashlen; | - |
66 | int r; | - |
67 | | - |
68 | | - |
69 | kexc25519_keygen(server_key, server_pubkey); | - |
70 | #ifdef DEBUG_KEXECDH | - |
71 | dump_digest("server private key:", server_key, sizeof(server_key)); | - |
72 | #endif | - |
73 | if (kex->load_host_public_key == NULL ||TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
74 | kex->load_host_private_key == NULL) {TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
75 | r = SSH_ERR_INVALID_ARGUMENT; | - |
76 | goto out; never executed: goto out; | 0 |
77 | } | - |
78 | server_host_public = kex->load_host_public_key(kex->hostkey_type, | - |
79 | kex->hostkey_nid, ssh); | - |
80 | server_host_private = kex->load_host_private_key(kex->hostkey_type, | - |
81 | kex->hostkey_nid, ssh); | - |
82 | if (server_host_public == NULL) {TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
83 | r = SSH_ERR_NO_HOSTKEY_LOADED; | - |
84 | goto out; never executed: goto out; | 0 |
85 | } | - |
86 | | - |
87 | if ((r = sshpkt_get_string(ssh, &client_pubkey, &pklen)) != 0 ||TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
88 | (r = sshpkt_get_end(ssh)) != 0)TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
89 | goto out; never executed: goto out; | 0 |
90 | if (pklen != CURVE25519_SIZE) {TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
91 | r = SSH_ERR_SIGNATURE_INVALID; | - |
92 | goto out; never executed: goto out; | 0 |
93 | } | - |
94 | #ifdef DEBUG_KEXECDH | - |
95 | dump_digest("client public key:", client_pubkey, CURVE25519_SIZE); | - |
96 | #endif | - |
97 | | - |
98 | if ((shared_secret = sshbuf_new()) == NULL) {TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
99 | r = SSH_ERR_ALLOC_FAIL; | - |
100 | goto out; never executed: goto out; | 0 |
101 | } | - |
102 | if ((r = kexc25519_shared_key(server_key, client_pubkey,TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
103 | shared_secret)) < 0)TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
104 | goto out; never executed: goto out; | 0 |
105 | | - |
106 | | - |
107 | if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob,TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
108 | &sbloblen)) != 0)TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
109 | goto out; never executed: goto out; | 0 |
110 | hashlen = sizeof(hash); | - |
111 | if ((r = kex_c25519_hash(TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
112 | kex->hash_alg,TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
113 | kex->client_version_string,TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
114 | kex->server_version_string,TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
115 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
116 | sshbuf_ptr(kex->my), sshbuf_len(kex->my),TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
117 | server_host_key_blob, sbloblen,TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
118 | client_pubkey,TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
119 | server_pubkey,TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
120 | sshbuf_ptr(shared_secret), sshbuf_len(shared_secret),TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
121 | hash, &hashlen)) < 0)TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
122 | goto out; never executed: goto out; | 0 |
123 | | - |
124 | | - |
125 | if (kex->session_id == NULL) {TRUE | evaluated 4 times by 1 test | FALSE | evaluated 16 times by 1 test |
| 4-16 |
126 | kex->session_id_len = hashlen; | - |
127 | kex->session_id = malloc(kex->session_id_len); | - |
128 | if (kex->session_id == NULL) {TRUE | never evaluated | FALSE | evaluated 4 times by 1 test |
| 0-4 |
129 | r = SSH_ERR_ALLOC_FAIL; | - |
130 | goto out; never executed: goto out; | 0 |
131 | } | - |
132 | memcpy(kex->session_id, hash, kex->session_id_len); | - |
133 | }executed 4 times by 1 test: end of block | 4 |
134 | | - |
135 | | - |
136 | if ((r = kex->sign(server_host_private, server_host_public, &signature,TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
137 | &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
138 | goto out; never executed: goto out; | 0 |
139 | | - |
140 | | - |
141 | if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 ||TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
142 | (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
143 | (r = sshpkt_put_string(ssh, server_pubkey, sizeof(server_pubkey))) != 0 ||TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
144 | (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
145 | (r = sshpkt_send(ssh)) != 0)TRUE | never evaluated | FALSE | evaluated 20 times by 1 test |
| 0-20 |
146 | goto out; never executed: goto out; | 0 |
147 | | - |
148 | if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)TRUE | evaluated 20 times by 1 test | FALSE | never evaluated |
| 0-20 |
149 | r = kex_send_newkeys(ssh);executed 20 times by 1 test: r = kex_send_newkeys(ssh); | 20 |
150 | out:code before this statement executed 20 times by 1 test: out: | 20 |
151 | explicit_bzero(hash, sizeof(hash)); | - |
152 | explicit_bzero(server_key, sizeof(server_key)); | - |
153 | free(server_host_key_blob); | - |
154 | free(signature); | - |
155 | free(client_pubkey); | - |
156 | sshbuf_free(shared_secret); | - |
157 | return r;executed 20 times by 1 test: return r; | 20 |
158 | } | - |
| | |