d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
30700bc80e
freebsd-nq/crypto/openssh/kexecdh.c
Ed Maste 317a38ab65 openssh: update to OpenSSH v8.7p1 
Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
  fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
  key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
  (RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
  support to provide address-space isolation for token middleware
  libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
  conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
  (e.g. "scp host-a:/path host-b:") to transfer through the local host
  by default.
- scp(1): experimental support for transfers using the SFTP protocol as
  a replacement for the venerable SCP/RCP protocol that it has
  traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by:	imp
MFC after:	1 month
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29985

(cherry picked from commit 19261079b7)
(cherry picked from commit f448c3ed4a)
(cherry picked from commit 1f290c707a)
(cherry picked from commit 0f9bafdfc3)
(cherry picked from commit adb56e58e8)
(cherry picked from commit 576b58108c)
(cherry picked from commit 1c99af1ebe)
(cherry picked from commit 87152f3405)
(cherry picked from commit 172fa4aa75)
2022-02-09 14:53:11 -05:00

240 lines
6.1 KiB
C
Raw Blame History

/* $OpenBSD: kexecdh.c,v 1.10 2019/01/21 10:40:11 djm Exp $ */
/*
* Copyright (c) 2010 Damien Miller. All rights reserved.
* Copyright (c) 2019 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
#include <sys/types.h>
#include <stdio.h>
#include <string.h>
#include <signal.h>
#include <openssl/ecdh.h>
#include "sshkey.h"
#include "kex.h"
#include "sshbuf.h"
#include "digest.h"
#include "ssherr.h"
static int
kex_ecdh_dec_key_group(struct kex *, const struct sshbuf *, EC_KEY *key,
const EC_GROUP *, struct sshbuf **);
int
kex_ecdh_keypair(struct kex *kex)
{
EC_KEY *client_key = NULL;
const EC_GROUP *group;
const EC_POINT *public_key;
struct sshbuf *buf = NULL;
int r;
if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if (EC_KEY_generate_key(client_key) != 1) {
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
group = EC_KEY_get0_group(client_key);
public_key = EC_KEY_get0_public_key(client_key);
if ((buf = sshbuf_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((r = sshbuf_put_ec(buf, public_key, group)) != 0 ||
(r = sshbuf_get_u32(buf, NULL)) != 0)
goto out;
#ifdef DEBUG_KEXECDH
fputs("client private key:\n", stderr);
sshkey_dump_ec_key(client_key);
#endif
kex->ec_client_key = client_key;
kex->ec_group = group;
client_key = NULL; /* owned by the kex */
kex->client_pub = buf;
buf = NULL;
out:
EC_KEY_free(client_key);
sshbuf_free(buf);
return r;
}
int
kex_ecdh_enc(struct kex *kex, const struct sshbuf *client_blob,
struct sshbuf **server_blobp, struct sshbuf **shared_secretp)
{
const EC_GROUP *group;
const EC_POINT *pub_key;
EC_KEY *server_key = NULL;
struct sshbuf *server_blob = NULL;
int r;
*server_blobp = NULL;
*shared_secretp = NULL;
if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if (EC_KEY_generate_key(server_key) != 1) {
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
group = EC_KEY_get0_group(server_key);
#ifdef DEBUG_KEXECDH
fputs("server private key:\n", stderr);
sshkey_dump_ec_key(server_key);
#endif
pub_key = EC_KEY_get0_public_key(server_key);
if ((server_blob = sshbuf_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((r = sshbuf_put_ec(server_blob, pub_key, group)) != 0 ||
(r = sshbuf_get_u32(server_blob, NULL)) != 0)
goto out;
if ((r = kex_ecdh_dec_key_group(kex, client_blob, server_key, group,
shared_secretp)) != 0)
goto out;
*server_blobp = server_blob;
server_blob = NULL;
out:
EC_KEY_free(server_key);
sshbuf_free(server_blob);
return r;
}
static int
kex_ecdh_dec_key_group(struct kex *kex, const struct sshbuf *ec_blob,
EC_KEY *key, const EC_GROUP *group, struct sshbuf **shared_secretp)
{
struct sshbuf *buf = NULL;
BIGNUM *shared_secret = NULL;
EC_POINT *dh_pub = NULL;
u_char *kbuf = NULL;
size_t klen = 0;
int r;
*shared_secretp = NULL;
if ((buf = sshbuf_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((r = sshbuf_put_stringb(buf, ec_blob)) != 0)
goto out;
if ((dh_pub = EC_POINT_new(group)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((r = sshbuf_get_ec(buf, dh_pub, group)) != 0) {
goto out;
}
sshbuf_reset(buf);
#ifdef DEBUG_KEXECDH
fputs("public key:\n", stderr);
sshkey_dump_ec_point(group, dh_pub);
#endif
if (sshkey_ec_validate_public(group, dh_pub) != 0) {
r = SSH_ERR_MESSAGE_INCOMPLETE;
goto out;
}
klen = (EC_GROUP_get_degree(group) + 7) / 8;
if ((kbuf = malloc(klen)) == NULL ||
(shared_secret = BN_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if (ECDH_compute_key(kbuf, klen, dh_pub, key, NULL) != (int)klen ||
BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
#ifdef DEBUG_KEXECDH
dump_digest("shared secret", kbuf, klen);
#endif
if ((r = sshbuf_put_bignum2(buf, shared_secret)) != 0)
goto out;
*shared_secretp = buf;
buf = NULL;
out:
EC_POINT_clear_free(dh_pub);
BN_clear_free(shared_secret);
freezero(kbuf, klen);
sshbuf_free(buf);
return r;
}
int
kex_ecdh_dec(struct kex *kex, const struct sshbuf *server_blob,
struct sshbuf **shared_secretp)
{
int r;
r = kex_ecdh_dec_key_group(kex, server_blob, kex->ec_client_key,
kex->ec_group, shared_secretp);
EC_KEY_free(kex->ec_client_key);
kex->ec_client_key = NULL;
return r;
}
#else
#include "ssherr.h"
struct kex;
struct sshbuf;
struct sshkey;
int
kex_ecdh_keypair(struct kex *kex)
{
return SSH_ERR_SIGN_ALG_UNSUPPORTED;
}
int
kex_ecdh_enc(struct kex *kex, const struct sshbuf *client_blob,
struct sshbuf **server_blobp, struct sshbuf **shared_secretp)
{
return SSH_ERR_SIGN_ALG_UNSUPPORTED;
}
int
kex_ecdh_dec(struct kex *kex, const struct sshbuf *server_blob,
struct sshbuf **shared_secretp)
{
return SSH_ERR_SIGN_ALG_UNSUPPORTED;
}
#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
Reference in New Issue View Git Blame Copy Permalink