summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2019-03-25 16:42:19 +0100
committerAndreas Schneider <asn@cryptomilk.org>2019-04-29 13:18:09 +0200
commit104c696bca84525de1ad98fac5287f473bc1ed1e (patch)
treef0492f75f0ad3d9cab7e296aff7ec35bc2154d8b
parente4465073527b12b8efef338b212b78e3434959ee (diff)
downloadlibssh-104c696bca84525de1ad98fac5287f473bc1ed1e.tar.gz
libssh-104c696bca84525de1ad98fac5287f473bc1ed1e.tar.xz
libssh-104c696bca84525de1ad98fac5287f473bc1ed1e.zip
dh-gex: Verify received primes in FIPS mode to match one of the known groups
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--include/libssh/dh.h1
-rw-r--r--src/dh-gex.c14
-rw-r--r--src/dh.c27
3 files changed, 42 insertions, 0 deletions
diff --git a/include/libssh/dh.h b/include/libssh/dh.h
index 02c99760..48d8c46a 100644
--- a/include/libssh/dh.h
+++ b/include/libssh/dh.h
@@ -68,5 +68,6 @@ void ssh_server_dh_init(ssh_session session);
#endif /* WITH_SERVER */
int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet);
int ssh_fallback_group(uint32_t pmax, bignum *p, bignum *g);
+bool ssh_dh_is_known_group(bignum modulus, bignum generator);
#endif /* DH_H_ */
diff --git a/src/dh-gex.c b/src/dh-gex.c
index 1a4c3395..26c4f9d8 100644
--- a/src/dh-gex.c
+++ b/src/dh-gex.c
@@ -139,6 +139,13 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
goto error;
}
/* basic checks */
+ if (ssh_fips_mode() &&
+ !ssh_dh_is_known_group(modulus, generator)) {
+ ssh_set_error(session,
+ SSH_FATAL,
+ "The received DH group is not FIPS approved");
+ goto error;
+ }
rc = bignum_set_word(one, 1);
if (rc != 1) {
goto error;
@@ -474,6 +481,13 @@ static int ssh_retrieve_dhgroup(uint32_t pmin,
char *modulus = NULL;
int rc;
+ /* In FIPS mode, we can not negotiate arbitrary primes,
+ * but just the approved ones */
+ if (ssh_fips_mode()) {
+ SSH_LOG(SSH_LOG_TRACE, "In FIPS mode, using built-in primes");
+ return ssh_fallback_group(pmax, p, g);
+ }
+
moduli = fopen(MODULI_FILE, "r");
if (moduli == NULL) {
SSH_LOG(SSH_LOG_WARNING,
diff --git a/src/dh.c b/src/dh.c
index e6c2cfd9..10830441 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -590,6 +590,33 @@ int ssh_fallback_group(uint32_t pmax,
* @{
*/
+bool ssh_dh_is_known_group(bignum modulus, bignum generator)
+{
+ int cmp, bits;
+ bignum m = NULL;
+
+ bits = bignum_num_bits(modulus);
+ if (bits < 3072) {
+ m = ssh_dh_group14;
+ } else if (bits < 6144) {
+ m = ssh_dh_group16;
+ } else {
+ m = ssh_dh_group18;
+ }
+
+ cmp = bignum_cmp(m, modulus);
+ if (cmp != 0) {
+ return false;
+ }
+
+ cmp = bignum_cmp(ssh_dh_generator, generator);
+ if (cmp != 0) {
+ return false;
+ }
+
+ SSH_LOG(SSH_LOG_TRACE, "The received primes in FIPS are known");
+ return true;
+}
ssh_key ssh_dh_get_current_server_publickey(ssh_session session)
{