HAMMER VFS - Add missing bqrelse() in last patch.
[dragonfly.git] / crypto / openssh-5 / kexgexs.c
bloba037f57f2814e2cc783239e42cea0aca1a114b58
1 /* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */
2 /*
3 * Copyright (c) 2000 Niels Provos. All rights reserved.
4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #include "includes.h"
29 #include <sys/param.h>
31 #include <stdarg.h>
32 #include <stdio.h>
33 #include <string.h>
34 #include <signal.h>
36 #include "xmalloc.h"
37 #include "buffer.h"
38 #include "key.h"
39 #include "cipher.h"
40 #include "kex.h"
41 #include "log.h"
42 #include "packet.h"
43 #include "dh.h"
44 #include "ssh2.h"
45 #include "compat.h"
46 #ifdef GSSAPI
47 #include "ssh-gss.h"
48 #endif
49 #include "monitor_wrap.h"
51 void
52 kexgex_server(Kex *kex)
54 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
55 Key *server_host_key;
56 DH *dh;
57 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
58 u_int sbloblen, klen, slen, hashlen;
59 int min = -1, max = -1, nbits = -1, type, kout;
61 if (kex->load_host_key == NULL)
62 fatal("Cannot load hostkey");
63 server_host_key = kex->load_host_key(kex->hostkey_type);
64 if (server_host_key == NULL)
65 fatal("Unsupported hostkey type %d", kex->hostkey_type);
67 type = packet_read();
68 switch (type) {
69 case SSH2_MSG_KEX_DH_GEX_REQUEST:
70 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
71 min = packet_get_int();
72 nbits = packet_get_int();
73 max = packet_get_int();
74 min = MAX(DH_GRP_MIN, min);
75 max = MIN(DH_GRP_MAX, max);
76 break;
77 case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
78 debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
79 nbits = packet_get_int();
80 min = DH_GRP_MIN;
81 max = DH_GRP_MAX;
82 /* unused for old GEX */
83 break;
84 default:
85 fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
87 packet_check_eom();
89 if (max < min || nbits < min || max < nbits)
90 fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
91 min, nbits, max);
93 /* Contact privileged parent */
94 dh = PRIVSEP(choose_dh(min, nbits, max));
95 if (dh == NULL)
96 packet_disconnect("Protocol error: no matching DH grp found");
98 debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
99 packet_start(SSH2_MSG_KEX_DH_GEX_GROUP);
100 packet_put_bignum2(dh->p);
101 packet_put_bignum2(dh->g);
102 packet_send();
104 /* flush */
105 packet_write_wait();
107 /* Compute our exchange value in parallel with the client */
108 dh_gen_key(dh, kex->we_need * 8);
110 debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
111 packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT);
113 /* key, cert */
114 if ((dh_client_pub = BN_new()) == NULL)
115 fatal("dh_client_pub == NULL");
116 packet_get_bignum2(dh_client_pub);
117 packet_check_eom();
119 #ifdef DEBUG_KEXDH
120 fprintf(stderr, "dh_client_pub= ");
121 BN_print_fp(stderr, dh_client_pub);
122 fprintf(stderr, "\n");
123 debug("bits %d", BN_num_bits(dh_client_pub));
124 #endif
126 #ifdef DEBUG_KEXDH
127 DHparams_print_fp(stderr, dh);
128 fprintf(stderr, "pub= ");
129 BN_print_fp(stderr, dh->pub_key);
130 fprintf(stderr, "\n");
131 #endif
132 if (!dh_pub_is_valid(dh, dh_client_pub))
133 packet_disconnect("bad client public DH value");
135 klen = DH_size(dh);
136 kbuf = xmalloc(klen);
137 if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0)
138 fatal("DH_compute_key: failed");
139 #ifdef DEBUG_KEXDH
140 dump_digest("shared secret", kbuf, kout);
141 #endif
142 if ((shared_secret = BN_new()) == NULL)
143 fatal("kexgex_server: BN_new failed");
144 if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
145 fatal("kexgex_server: BN_bin2bn failed");
146 memset(kbuf, 0, klen);
147 xfree(kbuf);
149 key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
151 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
152 min = max = -1;
154 /* calc H */
155 kexgex_hash(
156 kex->evp_md,
157 kex->client_version_string,
158 kex->server_version_string,
159 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
160 buffer_ptr(&kex->my), buffer_len(&kex->my),
161 server_host_key_blob, sbloblen,
162 min, nbits, max,
163 dh->p, dh->g,
164 dh_client_pub,
165 dh->pub_key,
166 shared_secret,
167 &hash, &hashlen
169 BN_clear_free(dh_client_pub);
171 /* save session id := H */
172 if (kex->session_id == NULL) {
173 kex->session_id_len = hashlen;
174 kex->session_id = xmalloc(kex->session_id_len);
175 memcpy(kex->session_id, hash, kex->session_id_len);
178 /* sign H */
179 PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
181 /* destroy_sensitive_data(); */
183 /* send server hostkey, DH pubkey 'f' and singed H */
184 debug("SSH2_MSG_KEX_DH_GEX_REPLY sent");
185 packet_start(SSH2_MSG_KEX_DH_GEX_REPLY);
186 packet_put_string(server_host_key_blob, sbloblen);
187 packet_put_bignum2(dh->pub_key); /* f */
188 packet_put_string(signature, slen);
189 packet_send();
191 xfree(signature);
192 xfree(server_host_key_blob);
193 /* have keys, free DH */
194 DH_free(dh);
196 kex_derive_keys(kex, hash, hashlen, shared_secret);
197 BN_clear_free(shared_secret);
199 kex_finish(kex);