- djm@cvs.openbsd.org 2014/01/10 05:59:19
[sshd_config]
the /etc/ssh/ssh_host_ed25519_key is loaded by default too
+ - djm@cvs.openbsd.org 2014/01/12 08:13:13
+ [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
+ [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
+ avoid use of OpenSSL BIGNUM type and functions for KEX with
+ Curve25519 by adding a buffer_put_bignum2_from_string() that stores
+ a string using the bignum encoding rules. Will make it easier to
+ build a reduced-feature OpenSSH without OpenSSL in the future;
+ ok markus@
20140110
- (djm) OpenBSD CVS Sync
-/* $OpenBSD: bufaux.c,v 1.53 2013/11/08 11:15:19 dtucker Exp $ */
+/* $OpenBSD: bufaux.c,v 1.54 2014/01/12 08:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
buffer_append(buffer, &ch, 1);
}
+
+/* Pseudo bignum functions */
+
+void *
+buffer_get_bignum2_as_string_ret(Buffer *buffer, u_int *length_ptr)
+{
+ u_int len;
+ u_char *bin, *p, *ret;
+
+ if ((p = bin = buffer_get_string_ret(buffer, &len)) == NULL) {
+ error("%s: invalid bignum", __func__);
+ return NULL;
+ }
+
+ if (len > 0 && (bin[0] & 0x80)) {
+ error("%s: negative numbers not supported", __func__);
+ free(bin);
+ return NULL;
+ }
+ if (len > 8 * 1024) {
+ error("%s: cannot handle BN of size %d", __func__, len);
+ free(bin);
+ return NULL;
+ }
+ /* Skip zero prefix on numbers with the MSB set */
+ if (len > 1 && bin[0] == 0x00 && (bin[1] & 0x80) != 0) {
+ p++;
+ len--;
+ }
+ ret = xmalloc(len);
+ memcpy(ret, p, len);
+ memset(p, '\0', len);
+ free(bin);
+ return ret;
+}
+
+void *
+buffer_get_bignum2_as_string(Buffer *buffer, u_int *l)
+{
+ void *ret = buffer_get_bignum2_as_string_ret(buffer, l);
+
+ if (ret == NULL)
+ fatal("%s: buffer error", __func__);
+ return ret;
+}
+
+/*
+ * Stores a string using the bignum encoding rules (\0 pad if MSB set).
+ */
+void
+buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
+{
+ u_char *buf, *p;
+ int pad = 0;
+
+ if (l > 8 * 1024)
+ fatal("%s: length %u too long", __func__, l);
+ p = buf = xmalloc(l + 1);
+ /*
+ * If most significant bit is set then prepend a zero byte to
+ * avoid interpretation as a negative number.
+ */
+ if (l > 0 && (s[0] & 0x80) != 0) {
+ *p++ = '\0';
+ pad = 1;
+ }
+ memcpy(p, s, l);
+ buffer_put_string(buffer, buf, l + pad);
+ memset(buf, '\0', l + pad);
+ free(buf);
+}
+
+
-/* $OpenBSD: buffer.h,v 1.22 2013/07/12 00:19:58 djm Exp $ */
+/* $OpenBSD: buffer.h,v 1.23 2014/01/12 08:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
void *buffer_get_string_ptr_ret(Buffer *, u_int *);
int buffer_get_char_ret(u_char *, Buffer *);
+void *buffer_get_bignum2_as_string_ret(Buffer *, u_int *);
+void *buffer_get_bignum2_as_string(Buffer *, u_int *);
+void buffer_put_bignum2_from_string(Buffer *, const u_char *, u_int);
+
#ifdef OPENSSL_HAS_ECC
#include <openssl/ec.h>
-/* $OpenBSD: kex.c,v 1.94 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.95 2014/01/12 08:13:13 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
static u_char *
derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
- BIGNUM *shared_secret)
+ const u_char *shared_secret, u_int slen)
{
Buffer b;
struct ssh_digest_ctx *hashctx;
digest = xmalloc(roundup(need, mdsz));
buffer_init(&b);
- buffer_put_bignum2(&b, shared_secret);
+ buffer_append(&b, shared_secret, slen);
/* K1 = HASH(K || H || "A" || session_id) */
if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL)
#define NKEYS 6
void
-kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret)
+kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen,
+ const u_char *shared_secret, u_int slen)
{
u_char *keys[NKEYS];
u_int i, mode, ctos;
for (i = 0; i < NKEYS; i++) {
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen,
- shared_secret);
+ shared_secret, slen);
}
debug2("kex_derive_keys");
}
}
+void
+kex_derive_keys_bn(Kex *kex, u_char *hash, u_int hashlen, const BIGNUM *secret)
+{
+ Buffer shared_secret;
+
+ buffer_init(&shared_secret);
+ buffer_put_bignum2(&shared_secret, secret);
+ kex_derive_keys(kex, hash, hashlen,
+ buffer_ptr(&shared_secret), buffer_len(&shared_secret));
+ buffer_free(&shared_secret);
+}
+
Newkeys *
kex_get_newkeys(int mode)
{
-/* $OpenBSD: kex.h,v 1.59 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.60 2014/01/12 08:13:13 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
void kex_send_kexinit(Kex *);
void kex_input_kexinit(int, u_int32_t, void *);
-void kex_derive_keys(Kex *, u_char *, u_int, BIGNUM *);
+void kex_derive_keys(Kex *, u_char *, u_int, const u_char *, u_int);
+void kex_derive_keys_bn(Kex *, u_char *, u_int, const BIGNUM *);
Newkeys *kex_get_newkeys(int);
void
kex_c25519_hash(int, char *, char *, char *, int,
char *, int, u_char *, int, const u_char *, const u_char *,
- const BIGNUM *, u_char **, u_int *);
+ const u_char *, u_int, u_char **, u_int *);
#define CURVE25519_SIZE 32
void kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE])
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
-BIGNUM *kexc25519_shared_key(const u_char[CURVE25519_SIZE],
- const u_char[CURVE25519_SIZE])
+void kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
+ const u_char pub[CURVE25519_SIZE], Buffer *out)
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
-/* $OpenBSD: kexc25519.c,v 1.3 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: kexc25519.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
/*
* Copyright (c) 2001, 2013 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
crypto_scalarmult_curve25519(pub, key, basepoint);
}
-BIGNUM *
+void
kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
- const u_char pub[CURVE25519_SIZE])
+ const u_char pub[CURVE25519_SIZE], Buffer *out)
{
u_char shared_key[CURVE25519_SIZE];
- BIGNUM *shared_secret;
crypto_scalarmult_curve25519(shared_key, key, pub);
#ifdef DEBUG_KEXECDH
dump_digest("shared secret", shared_key, CURVE25519_SIZE);
#endif
- if ((shared_secret = BN_new()) == NULL)
- fatal("%s: BN_new failed", __func__);
- if (BN_bin2bn(shared_key, sizeof(shared_key), shared_secret) == NULL)
- fatal("%s: BN_bin2bn failed", __func__);
+ buffer_clear(out);
+ buffer_put_bignum2_from_string(out, shared_key, CURVE25519_SIZE);
memset(shared_key, 0, CURVE25519_SIZE); /* XXX explicit_bzero() */
- return (shared_secret);
}
void
u_char *serverhostkeyblob, int sbloblen,
const u_char client_dh_pub[CURVE25519_SIZE],
const u_char server_dh_pub[CURVE25519_SIZE],
- const BIGNUM *shared_secret,
+ const u_char *shared_secret, u_int secretlen,
u_char **hash, u_int *hashlen)
{
Buffer b;
buffer_put_string(&b, serverhostkeyblob, sbloblen);
buffer_put_string(&b, client_dh_pub, CURVE25519_SIZE);
buffer_put_string(&b, server_dh_pub, CURVE25519_SIZE);
- buffer_put_bignum2(&b, shared_secret);
+ buffer_append(&b, shared_secret, secretlen);
#ifdef DEBUG_KEX
buffer_dump(&b);
-/* $OpenBSD: kexc25519c.c,v 1.3 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: kexc25519c.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
void
kexc25519_client(Kex *kex)
{
- BIGNUM *shared_secret;
Key *server_host_key;
u_char client_key[CURVE25519_SIZE];
u_char client_pubkey[CURVE25519_SIZE];
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *hash;
u_int slen, sbloblen, hashlen;
+ Buffer shared_secret;
kexc25519_keygen(client_key, client_pubkey);
signature = packet_get_string(&slen);
packet_check_eom();
- shared_secret = kexc25519_shared_key(client_key, server_pubkey);
+ buffer_init(&shared_secret);
+ kexc25519_shared_key(client_key, server_pubkey, &shared_secret);
/* calc and verify H */
kex_c25519_hash(
server_host_key_blob, sbloblen,
client_pubkey,
server_pubkey,
- shared_secret,
+ buffer_ptr(&shared_secret), buffer_len(&shared_secret),
&hash, &hashlen
);
free(server_host_key_blob);
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
-
- kex_derive_keys(kex, hash, hashlen, shared_secret);
- BN_clear_free(shared_secret);
+ kex_derive_keys(kex, hash, hashlen,
+ buffer_ptr(&shared_secret), buffer_len(&shared_secret));
+ buffer_free(&shared_secret);
kex_finish(kex);
}
-/* $OpenBSD: kexc25519s.c,v 1.3 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: kexc25519s.c,v 1.4 2014/01/12 08:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
void
kexc25519_server(Kex *kex)
{
- BIGNUM *shared_secret;
Key *server_host_private, *server_host_public;
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char server_key[CURVE25519_SIZE];
u_char server_pubkey[CURVE25519_SIZE];
u_char *hash;
u_int slen, sbloblen, hashlen;
+ Buffer shared_secret;
/* generate private key */
kexc25519_keygen(server_key, server_pubkey);
dump_digest("client public key:", client_pubkey, CURVE25519_SIZE);
#endif
- shared_secret = kexc25519_shared_key(server_key, client_pubkey);
+ buffer_init(&shared_secret);
+ kexc25519_shared_key(server_key, client_pubkey, &shared_secret);
/* calc H */
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
server_host_key_blob, sbloblen,
client_pubkey,
server_pubkey,
- shared_secret,
+ buffer_ptr(&shared_secret), buffer_len(&shared_secret),
&hash, &hashlen
);
free(server_host_key_blob);
/* have keys, free server key */
free(client_pubkey);
- kex_derive_keys(kex, hash, hashlen, shared_secret);
- BN_clear_free(shared_secret);
+
+ kex_derive_keys(kex, hash, hashlen,
+ buffer_ptr(&shared_secret), buffer_len(&shared_secret));
+ buffer_free(&shared_secret);
kex_finish(kex);
}
-/* $OpenBSD: kexdhc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
+/* $OpenBSD: kexdhc.c,v 1.14 2014/01/12 08:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
memcpy(kex->session_id, hash, kex->session_id_len);
}
- kex_derive_keys(kex, hash, hashlen, shared_secret);
+ kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
-/* $OpenBSD: kexdhs.c,v 1.16 2013/11/02 22:24:24 markus Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.17 2014/01/12 08:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
/* have keys, free DH */
DH_free(dh);
- kex_derive_keys(kex, hash, hashlen, shared_secret);
+ kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
-/* $OpenBSD: kexecdhc.c,v 1.5 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: kexecdhc.c,v 1.6 2014/01/12 08:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
memcpy(kex->session_id, hash, kex->session_id_len);
}
- kex_derive_keys(kex, hash, hashlen, shared_secret);
+ kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
-/* $OpenBSD: kexecdhs.c,v 1.8 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: kexecdhs.c,v 1.9 2014/01/12 08:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
/* have keys, free server key */
EC_KEY_free(server_key);
- kex_derive_keys(kex, hash, hashlen, shared_secret);
+ kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
-/* $OpenBSD: kexgexc.c,v 1.14 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.15 2014/01/12 08:13:13 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
- kex_derive_keys(kex, hash, hashlen, shared_secret);
+ kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
-/* $OpenBSD: kexgexs.c,v 1.17 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.18 2014/01/12 08:13:13 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
/* have keys, free DH */
DH_free(dh);
- kex_derive_keys(kex, hash, hashlen, shared_secret);
+ kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
projects / thirdparty / openssh-portable.git / commitdiff
