diff options
| author | Damien Miller <djm@mindrot.org> | 2005-11-05 15:19:35 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2005-11-05 15:19:35 +1100 |
| commit | 19bb3a57f88adc789d61964fcb8f50165026b322 (patch) | |
| tree | ba18e185c014c1da12ce4422a7e7bad9e71725f5 | |
| parent | 24ecf612614d83622d9777349b4ecd21ee22bb2a (diff) | |
- djm@cvs.openbsd.org 2005/11/04 05:15:59
[kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
remove hardcoded hash lengths in key exchange code, allowing
implementation of KEX methods with different hashes (e.g. SHA-256);
ok markus@ dtucker@ stevesk@
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | kex.c | 36 | ||||
| -rw-r--r-- | kex.h | 22 | ||||
| -rw-r--r-- | kexdh.c | 10 | ||||
| -rw-r--r-- | kexdhc.c | 15 | ||||
| -rw-r--r-- | kexdhs.c | 17 | ||||
| -rw-r--r-- | kexgex.c | 16 | ||||
| -rw-r--r-- | kexgexc.c | 17 | ||||
| -rw-r--r-- | kexgexs.c | 20 |
9 files changed, 90 insertions, 70 deletions
@@ -93,6 +93,11 @@ - dtucker@cvs.openbsd.org 2005/11/03 13:38:29 [canohost.c] Cache reverse lookups with and without DNS separately; ok markus@ + - djm@cvs.openbsd.org 2005/11/04 05:15:59 + [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c] + remove hardcoded hash lengths in key exchange code, allowing + implementation of KEX methods with different hashes (e.g. SHA-256); + ok markus@ dtucker@ stevesk@ 20051102 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup(). @@ -3226,4 +3231,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3950 2005/11/05 04:16:52 djm Exp $ +$Id: ChangeLog,v 1.3951 2005/11/05 04:19:35 djm Exp $ @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $"); #include <openssl/crypto.h> @@ -294,13 +294,17 @@ choose_kex(Kex *k, char *client, char *server) fatal("no kex alg"); if (strcmp(k->name, KEX_DH1) == 0) { k->kex_type = KEX_DH_GRP1_SHA1; + k->evp_md = EVP_sha1(); } else if (strcmp(k->name, KEX_DH14) == 0) { k->kex_type = KEX_DH_GRP14_SHA1; - } else if (strcmp(k->name, KEX_DHGEX) == 0) { + k->evp_md = EVP_sha1(); + } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) { k->kex_type = KEX_DH_GEX_SHA1; + k->evp_md = EVP_sha1(); } else fatal("bad kex alg %s", k->name); } + static void choose_hostkeyalg(Kex *k, char *client, char *server) { @@ -404,28 +408,28 @@ kex_choose_conf(Kex *kex) } static u_char * -derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) +derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen, + BIGNUM *shared_secret) { Buffer b; - const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; char c = id; u_int have; - int mdsz = EVP_MD_size(evp_md); + int mdsz; u_char *digest; - if (mdsz < 0) - fatal("derive_key: mdsz < 0"); - digest = xmalloc(roundup(need, mdsz)); + if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0) + fatal("bad kex md size %d", mdsz); + digest = xmalloc(roundup(need, mdsz)); buffer_init(&b); buffer_put_bignum2(&b, shared_secret); /* K1 = HASH(K || H || "A" || session_id) */ - EVP_DigestInit(&md, evp_md); + EVP_DigestInit(&md, kex->evp_md); if (!(datafellows & SSH_BUG_DERIVEKEY)) EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); - EVP_DigestUpdate(&md, hash, mdsz); + EVP_DigestUpdate(&md, hash, hashlen); EVP_DigestUpdate(&md, &c, 1); EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len); EVP_DigestFinal(&md, digest, NULL); @@ -436,10 +440,10 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) * Key = K1 || K2 || ... || Kn */ for (have = mdsz; need > have; have += mdsz) { - EVP_DigestInit(&md, evp_md); + EVP_DigestInit(&md, kex->evp_md); if (!(datafellows & SSH_BUG_DERIVEKEY)) EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); - EVP_DigestUpdate(&md, hash, mdsz); + EVP_DigestUpdate(&md, hash, hashlen); EVP_DigestUpdate(&md, digest, have); EVP_DigestFinal(&md, digest + have, NULL); } @@ -455,13 +459,15 @@ Newkeys *current_keys[MODE_MAX]; #define NKEYS 6 void -kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) +kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret) { u_char *keys[NKEYS]; u_int i, mode, ctos; - for (i = 0; i < NKEYS; i++) - keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); + for (i = 0; i < NKEYS; i++) { + keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen, + shared_secret); + } debug2("kex_derive_keys"); for (mode = 0; mode < MODE_MAX; mode++) { @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.37 2005/07/25 11:59:39 markus Exp $ */ +/* $OpenBSD: kex.h,v 1.38 2005/11/04 05:15:59 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -31,9 +31,9 @@ #include "cipher.h" #include "key.h" -#define KEX_DH1 "diffie-hellman-group1-sha1" -#define KEX_DH14 "diffie-hellman-group14-sha1" -#define KEX_DHGEX "diffie-hellman-group-exchange-sha1" +#define KEX_DH1 "diffie-hellman-group1-sha1" +#define KEX_DH14 "diffie-hellman-group14-sha1" +#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" #define COMP_NONE 0 #define COMP_ZLIB 1 @@ -114,6 +114,7 @@ struct Kex { Buffer peer; int done; int flags; + const EVP_MD *evp_md; char *client_version_string; char *server_version_string; int (*verify_host_key)(Key *); @@ -127,7 +128,7 @@ void kex_finish(Kex *); void kex_send_kexinit(Kex *); void kex_input_kexinit(int, u_int32_t, void *); -void kex_derive_keys(Kex *, u_char *, BIGNUM *); +void kex_derive_keys(Kex *, u_char *, u_int, BIGNUM *); Newkeys *kex_get_newkeys(int); @@ -136,12 +137,13 @@ void kexdh_server(Kex *); void kexgex_client(Kex *); void kexgex_server(Kex *); -u_char * +void kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, - BIGNUM *, BIGNUM *, BIGNUM *); -u_char * -kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int, - int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *); + BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); +void +kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *, + int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, + BIGNUM *, BIGNUM *, u_char **, u_int *); void derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $"); +RCSID("$OpenBSD: kexdh.c,v 1.20 2005/11/04 05:15:59 djm Exp $"); #include <openssl/evp.h> @@ -32,7 +32,7 @@ RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $"); #include "ssh2.h" #include "kex.h" -u_char * +void kex_dh_hash( char *client_version_string, char *server_version_string, @@ -41,7 +41,8 @@ kex_dh_hash( u_char *serverhostkeyblob, int sbloblen, BIGNUM *client_dh_pub, BIGNUM *server_dh_pub, - BIGNUM *shared_secret) + BIGNUM *shared_secret, + u_char **hash, u_int *hashlen) { Buffer b; static u_char digest[EVP_MAX_MD_SIZE]; @@ -77,5 +78,6 @@ kex_dh_hash( #ifdef DEBUG_KEX dump_digest("hash", digest, EVP_MD_size(evp_md)); #endif - return digest; + *hash = digest; + *hashlen = EVP_MD_size(evp_md); } @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdhc.c,v 1.2 2004/06/13 12:53:24 djm Exp $"); +RCSID("$OpenBSD: kexdhc.c,v 1.3 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" @@ -41,7 +41,7 @@ kexdh_client(Kex *kex) Key *server_host_key; u_char *server_host_key_blob = NULL, *signature = NULL; u_char *kbuf, *hash; - u_int klen, kout, slen, sbloblen; + u_int klen, kout, slen, sbloblen, hashlen; /* generate and send 'e', client DH public key */ switch (kex->kex_type) { @@ -114,7 +114,7 @@ kexdh_client(Kex *kex) xfree(kbuf); /* calc and verify H */ - hash = kex_dh_hash( + kex_dh_hash( kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->my), buffer_len(&kex->my), @@ -122,25 +122,26 @@ kexdh_client(Kex *kex) server_host_key_blob, sbloblen, dh->pub_key, dh_server_pub, - shared_secret + shared_secret, + &hash, &hashlen ); xfree(server_host_key_blob); BN_clear_free(dh_server_pub); DH_free(dh); - if (key_verify(server_host_key, signature, slen, hash, 20) != 1) + if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) fatal("key_verify failed for server_host_key"); key_free(server_host_key); xfree(signature); /* save session id */ if (kex->session_id == NULL) { - kex->session_id_len = 20; + kex->session_id_len = hashlen; kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } - kex_derive_keys(kex, hash, shared_secret); + kex_derive_keys(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); } @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexdhs.c,v 1.2 2004/06/13 12:53:24 djm Exp $"); +RCSID("$OpenBSD: kexdhs.c,v 1.3 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" @@ -41,7 +41,7 @@ kexdh_server(Kex *kex) DH *dh; Key *server_host_key; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int sbloblen, klen, kout; + u_int sbloblen, klen, kout, hashlen; u_int slen; /* generate server DH public key */ @@ -103,7 +103,7 @@ kexdh_server(Kex *kex) key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); /* calc H */ - hash = kex_dh_hash( + kex_dh_hash( kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->peer), buffer_len(&kex->peer), @@ -111,21 +111,20 @@ kexdh_server(Kex *kex) server_host_key_blob, sbloblen, dh_client_pub, dh->pub_key, - shared_secret + shared_secret, + &hash, &hashlen ); BN_clear_free(dh_client_pub); /* save session id := H */ - /* XXX hashlen depends on KEX */ if (kex->session_id == NULL) { - kex->session_id_len = 20; + kex->session_id_len = hashlen; kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } /* sign H */ - /* XXX hashlen depends on KEX */ - PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); + PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen)); /* destroy_sensitive_data(); */ @@ -141,7 +140,7 @@ kexdh_server(Kex *kex) /* have keys, free DH */ DH_free(dh); - kex_derive_keys(kex, hash, shared_secret); + kex_derive_keys(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); } @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $"); +RCSID("$OpenBSD: kexgex.c,v 1.24 2005/11/04 05:15:59 djm Exp $"); #include <openssl/evp.h> @@ -33,8 +33,9 @@ RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $"); #include "kex.h" #include "ssh2.h" -u_char * +void kexgex_hash( + const EVP_MD *evp_md, char *client_version_string, char *server_version_string, char *ckexinit, int ckexinitlen, @@ -43,11 +44,11 @@ kexgex_hash( int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen, BIGNUM *client_dh_pub, BIGNUM *server_dh_pub, - BIGNUM *shared_secret) + BIGNUM *shared_secret, + u_char **hash, u_int *hashlen) { Buffer b; static u_char digest[EVP_MAX_MD_SIZE]; - const EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; buffer_init(&b); @@ -79,14 +80,15 @@ kexgex_hash( #ifdef DEBUG_KEXDH buffer_dump(&b); #endif + EVP_DigestInit(&md, evp_md); EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); EVP_DigestFinal(&md, digest, NULL); buffer_free(&b); - + *hash = digest; + *hashlen = EVP_MD_size(evp_md); #ifdef DEBUG_KEXDH - dump_digest("hash", digest, EVP_MD_size(evp_md)); + dump_digest("hash", digest, *hashlen); #endif - return digest; } @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgexc.c,v 1.2 2003/12/08 11:00:47 markus Exp $"); +RCSID("$OpenBSD: kexgexc.c,v 1.3 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" @@ -42,7 +42,7 @@ kexgex_client(Kex *kex) BIGNUM *p = NULL, *g = NULL; Key *server_host_key; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int klen, kout, slen, sbloblen; + u_int klen, kout, slen, sbloblen, hashlen; int min, max, nbits; DH *dh; @@ -155,7 +155,8 @@ kexgex_client(Kex *kex) min = max = -1; /* calc and verify H */ - hash = kexgex_hash( + kexgex_hash( + kex->evp_md, kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->my), buffer_len(&kex->my), @@ -165,25 +166,27 @@ kexgex_client(Kex *kex) dh->p, dh->g, dh->pub_key, dh_server_pub, - shared_secret + shared_secret, + &hash, &hashlen ); + /* have keys, free DH */ DH_free(dh); xfree(server_host_key_blob); BN_clear_free(dh_server_pub); - if (key_verify(server_host_key, signature, slen, hash, 20) != 1) + if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) fatal("key_verify failed for server_host_key"); key_free(server_host_key); xfree(signature); /* save session id */ if (kex->session_id == NULL) { - kex->session_id_len = 20; + kex->session_id_len = hashlen; kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } - kex_derive_keys(kex, hash, shared_secret); + kex_derive_keys(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgexs.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); +RCSID("$OpenBSD: kexgexs.c,v 1.2 2005/11/04 05:15:59 djm Exp $"); #include "xmalloc.h" #include "key.h" @@ -43,7 +43,7 @@ kexgex_server(Kex *kex) Key *server_host_key; DH *dh; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int sbloblen, klen, kout, slen; + u_int sbloblen, klen, kout, slen, hashlen; int min = -1, max = -1, nbits = -1, type; if (kex->load_host_key == NULL) @@ -137,8 +137,9 @@ kexgex_server(Kex *kex) if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) min = max = -1; - /* calc H */ /* XXX depends on 'kex' */ - hash = kexgex_hash( + /* calc H */ + kexgex_hash( + kex->evp_md, kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->peer), buffer_len(&kex->peer), @@ -148,21 +149,20 @@ kexgex_server(Kex *kex) dh->p, dh->g, dh_client_pub, dh->pub_key, - shared_secret + shared_secret, + &hash, &hashlen ); BN_clear_free(dh_client_pub); /* save session id := H */ - /* XXX hashlen depends on KEX */ if (kex->session_id == NULL) { - kex->session_id_len = 20; + kex->session_id_len = hashlen; kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } /* sign H */ - /* XXX hashlen depends on KEX */ - PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20)); + PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen)); /* destroy_sensitive_data(); */ @@ -179,7 +179,7 @@ kexgex_server(Kex *kex) /* have keys, free DH */ DH_free(dh); - kex_derive_keys(kex, hash, shared_secret); + kex_derive_keys(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); |