kexecdh.c revision 218767
1218767Sdes/* $OpenBSD: kexecdh.c,v 1.3 2010/09/22 05:01:29 djm Exp $ */ 2218767Sdes/* 3218767Sdes * Copyright (c) 2001 Markus Friedl. All rights reserved. 4218767Sdes * Copyright (c) 2010 Damien Miller. All rights reserved. 5218767Sdes * 6218767Sdes * Redistribution and use in source and binary forms, with or without 7218767Sdes * modification, are permitted provided that the following conditions 8218767Sdes * are met: 9218767Sdes * 1. Redistributions of source code must retain the above copyright 10218767Sdes * notice, this list of conditions and the following disclaimer. 11218767Sdes * 2. Redistributions in binary form must reproduce the above copyright 12218767Sdes * notice, this list of conditions and the following disclaimer in the 13218767Sdes * documentation and/or other materials provided with the distribution. 14218767Sdes * 15218767Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16218767Sdes * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17218767Sdes * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18218767Sdes * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19218767Sdes * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20218767Sdes * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21218767Sdes * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22218767Sdes * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23218767Sdes * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24218767Sdes * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25218767Sdes */ 26218767Sdes 27218767Sdes#include "includes.h" 28218767Sdes 29218767Sdes#ifdef OPENSSL_HAS_ECC 30218767Sdes 31218767Sdes#include <sys/types.h> 32218767Sdes 33218767Sdes#include <signal.h> 34218767Sdes#include <string.h> 35218767Sdes 36218767Sdes#include <openssl/bn.h> 37218767Sdes#include <openssl/evp.h> 38218767Sdes#include <openssl/ec.h> 39218767Sdes#include <openssl/ecdh.h> 40218767Sdes 41218767Sdes#include "buffer.h" 42218767Sdes#include "ssh2.h" 43218767Sdes#include "key.h" 44218767Sdes#include "cipher.h" 45218767Sdes#include "kex.h" 46218767Sdes#include "log.h" 47218767Sdes 48218767Sdesint 49218767Sdeskex_ecdh_name_to_nid(const char *kexname) 50218767Sdes{ 51218767Sdes if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1) 52218767Sdes fatal("%s: kexname too short \"%s\"", __func__, kexname); 53218767Sdes return key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1); 54218767Sdes} 55218767Sdes 56218767Sdesconst EVP_MD * 57218767Sdeskex_ecdh_name_to_evpmd(const char *kexname) 58218767Sdes{ 59218767Sdes int nid = kex_ecdh_name_to_nid(kexname); 60218767Sdes 61218767Sdes if (nid == -1) 62218767Sdes fatal("%s: unsupported ECDH curve \"%s\"", __func__, kexname); 63218767Sdes return key_ec_nid_to_evpmd(nid); 64218767Sdes} 65218767Sdes 66218767Sdesvoid 67218767Sdeskex_ecdh_hash( 68218767Sdes const EVP_MD *evp_md, 69218767Sdes const EC_GROUP *ec_group, 70218767Sdes char *client_version_string, 71218767Sdes char *server_version_string, 72218767Sdes char *ckexinit, int ckexinitlen, 73218767Sdes char *skexinit, int skexinitlen, 74218767Sdes u_char *serverhostkeyblob, int sbloblen, 75218767Sdes const EC_POINT *client_dh_pub, 76218767Sdes const EC_POINT *server_dh_pub, 77218767Sdes const BIGNUM *shared_secret, 78218767Sdes u_char **hash, u_int *hashlen) 79218767Sdes{ 80218767Sdes Buffer b; 81218767Sdes EVP_MD_CTX md; 82218767Sdes static u_char digest[EVP_MAX_MD_SIZE]; 83218767Sdes 84218767Sdes buffer_init(&b); 85218767Sdes buffer_put_cstring(&b, client_version_string); 86218767Sdes buffer_put_cstring(&b, server_version_string); 87218767Sdes 88218767Sdes /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ 89218767Sdes buffer_put_int(&b, ckexinitlen+1); 90218767Sdes buffer_put_char(&b, SSH2_MSG_KEXINIT); 91218767Sdes buffer_append(&b, ckexinit, ckexinitlen); 92218767Sdes buffer_put_int(&b, skexinitlen+1); 93218767Sdes buffer_put_char(&b, SSH2_MSG_KEXINIT); 94218767Sdes buffer_append(&b, skexinit, skexinitlen); 95218767Sdes 96218767Sdes buffer_put_string(&b, serverhostkeyblob, sbloblen); 97218767Sdes buffer_put_ecpoint(&b, ec_group, client_dh_pub); 98218767Sdes buffer_put_ecpoint(&b, ec_group, server_dh_pub); 99218767Sdes buffer_put_bignum2(&b, shared_secret); 100218767Sdes 101218767Sdes#ifdef DEBUG_KEX 102218767Sdes buffer_dump(&b); 103218767Sdes#endif 104218767Sdes EVP_DigestInit(&md, evp_md); 105218767Sdes EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); 106218767Sdes EVP_DigestFinal(&md, digest, NULL); 107218767Sdes 108218767Sdes buffer_free(&b); 109218767Sdes 110218767Sdes#ifdef DEBUG_KEX 111218767Sdes dump_digest("hash", digest, EVP_MD_size(evp_md)); 112218767Sdes#endif 113218767Sdes *hash = digest; 114218767Sdes *hashlen = EVP_MD_size(evp_md); 115218767Sdes} 116218767Sdes 117218767Sdes#endif /* OPENSSL_HAS_ECC */ 118