aboutsummaryrefslogtreecommitdiff
path: root/src/ecdh_crypto.c
diff options
context:
space:
mode:
authorJustus Winter <justus@g10code.com>2016-05-02 16:00:26 +0200
committerAndreas Schneider <asn@cryptomilk.org>2016-11-03 15:20:36 +0100
commite3a866b8c19601803d1f8aaea40573c738d4acfd (patch)
treed5c130d2830d24651505dc5be67efdc835b1afe3 /src/ecdh_crypto.c
parentf62cded9f0bc2d08afe0ef2d79e247951f193559 (diff)
downloadlibssh-e3a866b8c19601803d1f8aaea40573c738d4acfd.tar.gz
libssh-e3a866b8c19601803d1f8aaea40573c738d4acfd.tar.xz
libssh-e3a866b8c19601803d1f8aaea40573c738d4acfd.zip
ecdh: Implement ECDH using libgcrypt
* include/libssh/crypto.h (struct ssh_crypto_struct): Provide a suitable 'ecdh_privkey'. * include/libssh/ecdh.h: Also define 'HAVE_ECDH' if we do ECC using libgcrypt. (ecdh_build_k): New prototype. * src/CMakeLists.txt (libssh_SRCS): Add backend-specific files. * src/ecdh.c: Move backend-specific parts to... * src/ecdh_crypto.c: ... this file. * src/ecdh_gcrypt.c: New file. * src/wrapper.c (crypto_free): Free 'ecdh_privkey'. Signed-off-by: Justus Winter <justus@g10code.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/ecdh_crypto.c')
-rw-r--r--src/ecdh_crypto.c298
1 files changed, 298 insertions, 0 deletions
diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c
new file mode 100644
index 00000000..e774e560
--- /dev/null
+++ b/src/ecdh_crypto.c
@@ -0,0 +1,298 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2011-2013 by Aris Adamantiadis
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+#include "libssh/session.h"
+#include "libssh/ecdh.h"
+#include "libssh/dh.h"
+#include "libssh/buffer.h"
+#include "libssh/ssh2.h"
+#include "libssh/pki.h"
+#include "libssh/bignum.h"
+
+#ifdef HAVE_ECDH
+#include <openssl/ecdh.h>
+
+#define NISTP256 NID_X9_62_prime256v1
+#define NISTP384 NID_secp384r1
+#define NISTP521 NID_secp521r1
+
+/** @internal
+ * @brief Starts ecdh-sha2-nistp256 key exchange
+ */
+int ssh_client_ecdh_init(ssh_session session){
+ EC_KEY *key;
+ const EC_GROUP *group;
+ const EC_POINT *pubkey;
+ ssh_string client_pubkey;
+ int len;
+ int rc;
+ bignum_CTX ctx = BN_CTX_new();
+
+ rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_KEX_ECDH_INIT);
+ if (rc < 0) {
+ BN_CTX_free(ctx);
+ return SSH_ERROR;
+ }
+
+ key = EC_KEY_new_by_curve_name(NISTP256);
+ if (key == NULL) {
+ BN_CTX_free(ctx);
+ return SSH_ERROR;
+ }
+ group = EC_KEY_get0_group(key);
+
+ EC_KEY_generate_key(key);
+
+ pubkey=EC_KEY_get0_public_key(key);
+ len = EC_POINT_point2oct(group,pubkey,POINT_CONVERSION_UNCOMPRESSED,
+ NULL,0,ctx);
+
+ client_pubkey = ssh_string_new(len);
+ if (client_pubkey == NULL) {
+ BN_CTX_free(ctx);
+ EC_KEY_free(key);
+ return SSH_ERROR;
+ }
+
+ EC_POINT_point2oct(group,pubkey,POINT_CONVERSION_UNCOMPRESSED,
+ ssh_string_data(client_pubkey),len,ctx);
+ BN_CTX_free(ctx);
+
+ rc = ssh_buffer_add_ssh_string(session->out_buffer,client_pubkey);
+ if (rc < 0) {
+ EC_KEY_free(key);
+ ssh_string_free(client_pubkey);
+ return SSH_ERROR;
+ }
+
+ session->next_crypto->ecdh_privkey = key;
+ session->next_crypto->ecdh_client_pubkey = client_pubkey;
+
+ rc = ssh_packet_send(session);
+
+ return rc;
+}
+
+int ecdh_build_k(ssh_session session) {
+ const EC_GROUP *group = EC_KEY_get0_group(session->next_crypto->ecdh_privkey);
+ EC_POINT *pubkey;
+ void *buffer;
+ int rc;
+ int len = (EC_GROUP_get_degree(group) + 7) / 8;
+ bignum_CTX ctx = bignum_ctx_new();
+ if (ctx == NULL) {
+ return -1;
+ }
+
+ session->next_crypto->k = bignum_new();
+ if (session->next_crypto->k == NULL) {
+ bignum_ctx_free(ctx);
+ return -1;
+ }
+
+ pubkey = EC_POINT_new(group);
+ if (pubkey == NULL) {
+ bignum_ctx_free(ctx);
+ return -1;
+ }
+
+ if (session->server) {
+ rc = EC_POINT_oct2point(group,
+ pubkey,
+ ssh_string_data(session->next_crypto->ecdh_client_pubkey),
+ ssh_string_len(session->next_crypto->ecdh_client_pubkey),
+ ctx);
+ } else {
+ rc = EC_POINT_oct2point(group,
+ pubkey,
+ ssh_string_data(session->next_crypto->ecdh_server_pubkey),
+ ssh_string_len(session->next_crypto->ecdh_server_pubkey),
+ ctx);
+ }
+ bignum_ctx_free(ctx);
+ if (rc <= 0) {
+ EC_POINT_clear_free(pubkey);
+ return -1;
+ }
+
+ buffer = malloc(len);
+ if (buffer == NULL) {
+ EC_POINT_clear_free(pubkey);
+ return -1;
+ }
+
+ rc = ECDH_compute_key(buffer,
+ len,
+ pubkey,
+ session->next_crypto->ecdh_privkey,
+ NULL);
+ EC_POINT_clear_free(pubkey);
+ if (rc <= 0) {
+ free(buffer);
+ return -1;
+ }
+
+ bignum_bin2bn(buffer, len, session->next_crypto->k);
+ free(buffer);
+
+ EC_KEY_free(session->next_crypto->ecdh_privkey);
+ session->next_crypto->ecdh_privkey = NULL;
+
+#ifdef DEBUG_CRYPTO
+ ssh_print_hexa("Session server cookie",
+ session->next_crypto->server_kex.cookie, 16);
+ ssh_print_hexa("Session client cookie",
+ session->next_crypto->client_kex.cookie, 16);
+ ssh_print_bignum("Shared secret key", session->next_crypto->k);
+#endif
+
+ return 0;
+}
+
+#ifdef WITH_SERVER
+
+/** @brief Parse a SSH_MSG_KEXDH_INIT packet (server) and send a
+ * SSH_MSG_KEXDH_REPLY
+ */
+
+int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet){
+ /* ECDH keys */
+ ssh_string q_c_string;
+ ssh_string q_s_string;
+ EC_KEY *ecdh_key;
+ const EC_GROUP *group;
+ const EC_POINT *ecdh_pubkey;
+ bignum_CTX ctx;
+ /* SSH host keys (rsa,dsa,ecdsa) */
+ ssh_key privkey;
+ ssh_string sig_blob = NULL;
+ int len;
+ int rc;
+
+ /* Extract the client pubkey from the init packet */
+ q_c_string = ssh_buffer_get_ssh_string(packet);
+ if (q_c_string == NULL) {
+ ssh_set_error(session,SSH_FATAL, "No Q_C ECC point in packet");
+ return SSH_ERROR;
+ }
+ session->next_crypto->ecdh_client_pubkey = q_c_string;
+
+ /* Build server's keypair */
+
+ ctx = BN_CTX_new();
+ ecdh_key = EC_KEY_new_by_curve_name(NISTP256);
+ if (ecdh_key == NULL) {
+ ssh_set_error_oom(session);
+ BN_CTX_free(ctx);
+ return SSH_ERROR;
+ }
+
+ group = EC_KEY_get0_group(ecdh_key);
+ EC_KEY_generate_key(ecdh_key);
+
+ ecdh_pubkey = EC_KEY_get0_public_key(ecdh_key);
+ len = EC_POINT_point2oct(group,
+ ecdh_pubkey,
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL,
+ 0,
+ ctx);
+
+ q_s_string = ssh_string_new(len);
+ if (q_s_string == NULL) {
+ EC_KEY_free(ecdh_key);
+ BN_CTX_free(ctx);
+ return SSH_ERROR;
+ }
+
+ EC_POINT_point2oct(group,
+ ecdh_pubkey,
+ POINT_CONVERSION_UNCOMPRESSED,
+ ssh_string_data(q_s_string),
+ len,
+ ctx);
+ BN_CTX_free(ctx);
+
+ session->next_crypto->ecdh_privkey = ecdh_key;
+ session->next_crypto->ecdh_server_pubkey = q_s_string;
+
+ /* build k and session_id */
+ rc = ecdh_build_k(session);
+ if (rc < 0) {
+ ssh_set_error(session, SSH_FATAL, "Cannot build k number");
+ return SSH_ERROR;
+ }
+
+ /* privkey is not allocated */
+ rc = ssh_get_key_params(session, &privkey);
+ if (rc == SSH_ERROR) {
+ return SSH_ERROR;
+ }
+
+ rc = ssh_make_sessionid(session);
+ if (rc != SSH_OK) {
+ ssh_set_error(session, SSH_FATAL, "Could not create a session id");
+ return SSH_ERROR;
+ }
+
+ sig_blob = ssh_srv_pki_do_sign_sessionid(session, privkey);
+ if (sig_blob == NULL) {
+ ssh_set_error(session, SSH_FATAL, "Could not sign the session id");
+ return SSH_ERROR;
+ }
+
+ rc = ssh_buffer_pack(session->out_buffer,
+ "bSSS",
+ SSH2_MSG_KEXDH_REPLY,
+ session->next_crypto->server_pubkey, /* host's pubkey */
+ q_s_string, /* ecdh public key */
+ sig_blob); /* signature blob */
+
+ ssh_string_free(sig_blob);
+
+ if (rc != SSH_OK) {
+ ssh_set_error_oom(session);
+ return SSH_ERROR;
+ }
+
+ SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEXDH_REPLY sent");
+ rc = ssh_packet_send(session);
+ if (rc == SSH_ERROR) {
+ return SSH_ERROR;
+ }
+
+ /* Send the MSG_NEWKEYS */
+ rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+ if (rc < 0) {
+ return SSH_ERROR;;
+ }
+
+ session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+ rc = ssh_packet_send(session);
+ SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+
+ return rc;
+}
+
+#endif /* WITH_SERVER */
+
+#endif /* HAVE_ECDH */