aboutsummaryrefslogtreecommitdiff
path: root/src/ecdh_mbedcrypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/ecdh_mbedcrypto.c')
-rw-r--r--src/ecdh_mbedcrypto.c295
1 files changed, 295 insertions, 0 deletions
diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c
new file mode 100644
index 00000000..d4e7a774
--- /dev/null
+++ b/src/ecdh_mbedcrypto.c
@@ -0,0 +1,295 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2017 Sartura d.o.o.
+ *
+ * Author: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#include "libssh/session.h"
+#include "libssh/ecdh.h"
+#include "libssh/buffer.h"
+#include "libssh/ssh2.h"
+#include "libssh/dh.h"
+#include "libssh/pki.h"
+#include "libssh/bignum.h"
+#include "libssh/libmbedcrypto.h"
+
+#include <mbedtls/ecdh.h>
+#include <mbedtls/ecp.h>
+
+#ifdef HAVE_ECDH
+
+static mbedtls_ecp_group_id ecdh_kex_type_to_curve(enum ssh_key_exchange_e kex_type) {
+ if (kex_type == SSH_KEX_ECDH_SHA2_NISTP256) {
+ return MBEDTLS_ECP_DP_SECP256R1;
+ } else if (kex_type == SSH_KEX_ECDH_SHA2_NISTP384) {
+ return MBEDTLS_ECP_DP_SECP384R1;
+ } else if (kex_type == SSH_KEX_ECDH_SHA2_NISTP521) {
+ return MBEDTLS_ECP_DP_SECP521R1;
+ }
+
+ return MBEDTLS_ECP_DP_NONE;
+}
+int ssh_client_ecdh_init(ssh_session session)
+{
+ ssh_string client_pubkey = NULL;
+ mbedtls_ecp_group grp;
+ int rc;
+ mbedtls_ecp_group_id curve;
+
+ curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type);
+ if (curve == MBEDTLS_ECP_DP_NONE) {
+ return SSH_ERROR;
+ }
+
+ rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_KEX_ECDH_INIT);
+ if (rc < 0) {
+ return SSH_ERROR;
+ }
+
+ session->next_crypto->ecdh_privkey = malloc(sizeof(mbedtls_ecp_keypair));
+ if (session->next_crypto->ecdh_privkey == NULL) {
+ return SSH_ERROR;
+ }
+
+ mbedtls_ecp_keypair_init(session->next_crypto->ecdh_privkey);
+ mbedtls_ecp_group_init(&grp);
+
+ rc = mbedtls_ecp_group_load(&grp, curve);
+ if (rc != 0) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ rc = mbedtls_ecp_gen_keypair(&grp, &session->next_crypto->ecdh_privkey->d,
+ &session->next_crypto->ecdh_privkey->Q, mbedtls_ctr_drbg_random,
+ &ssh_mbedtls_ctr_drbg);
+
+ if (rc != 0) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ client_pubkey = make_ecpoint_string(&grp,
+ &session->next_crypto->ecdh_privkey->Q);
+ if (client_pubkey == NULL) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ rc = ssh_buffer_add_ssh_string(session->out_buffer, client_pubkey);
+ if (rc < 0) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ session->next_crypto->ecdh_client_pubkey = client_pubkey;
+ client_pubkey = NULL;
+
+ rc = ssh_packet_send(session);
+
+out:
+ mbedtls_ecp_group_free(&grp);
+ ssh_string_free(client_pubkey);
+
+ return rc;
+}
+
+int ecdh_build_k(ssh_session session)
+{
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_point pubkey;
+ int rc;
+ mbedtls_ecp_group_id curve;
+
+ curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type);
+ if (curve == MBEDTLS_ECP_DP_NONE) {
+ return SSH_ERROR;
+ }
+
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_point_init(&pubkey);
+
+ rc = mbedtls_ecp_group_load(&grp, curve);
+ if (rc != 0) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ if (session->server) {
+ rc = mbedtls_ecp_point_read_binary(&grp, &pubkey,
+ ssh_string_data(session->next_crypto->ecdh_client_pubkey),
+ ssh_string_len(session->next_crypto->ecdh_client_pubkey));
+ } else {
+ rc = mbedtls_ecp_point_read_binary(&grp, &pubkey,
+ ssh_string_data(session->next_crypto->ecdh_server_pubkey),
+ ssh_string_len(session->next_crypto->ecdh_server_pubkey));
+ }
+
+ if (rc != 0) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ session->next_crypto->k = malloc(sizeof(mbedtls_mpi));
+ if (session->next_crypto->k == NULL) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ mbedtls_mpi_init(session->next_crypto->k);
+
+ rc = mbedtls_ecdh_compute_shared(&grp, session->next_crypto->k, &pubkey,
+ &session->next_crypto->ecdh_privkey->d, mbedtls_ctr_drbg_random,
+ &ssh_mbedtls_ctr_drbg);
+ if (rc != 0) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+out:
+ mbedtls_ecp_keypair_free(session->next_crypto->ecdh_privkey);
+ SAFE_FREE(session->next_crypto->ecdh_privkey);
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_ecp_point_free(&pubkey);
+ return rc;
+}
+
+#ifdef WITH_SERVER
+int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet)
+{
+ ssh_string q_c_string = NULL;
+ ssh_string q_s_string = NULL;
+ mbedtls_ecp_group grp;
+ ssh_key privkey = NULL;
+ ssh_string sig_blob = NULL;
+ int rc;
+ mbedtls_ecp_group_id curve;
+
+ curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type);
+ if (curve == MBEDTLS_ECP_DP_NONE) {
+ return SSH_ERROR;
+ }
+
+ q_c_string = ssh_buffer_get_ssh_string(packet);
+ if (q_c_string == NULL) {
+ ssh_set_error(session, SSH_FATAL, "No Q_C ECC point in packet");
+ return SSH_ERROR;
+ }
+
+ session->next_crypto->ecdh_privkey = malloc(sizeof(mbedtls_ecp_keypair));
+ if (session->next_crypto->ecdh_privkey == NULL) {
+ ssh_set_error_oom(session);
+ return SSH_ERROR;
+ }
+
+ session->next_crypto->ecdh_client_pubkey = q_c_string;
+
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_ecp_keypair_init(session->next_crypto->ecdh_privkey);
+
+ rc = mbedtls_ecp_group_load(&grp, curve);
+ if (rc != 0) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ rc = mbedtls_ecp_gen_keypair(&grp, &session->next_crypto->ecdh_privkey->d,
+ &session->next_crypto->ecdh_privkey->Q, mbedtls_ctr_drbg_random,
+ &ssh_mbedtls_ctr_drbg);
+ if (rc != 0) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ q_s_string = make_ecpoint_string(&grp, &session->next_crypto->ecdh_privkey->Q);
+ if (q_s_string == NULL) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ session->next_crypto->ecdh_server_pubkey = q_s_string;
+
+ /* build k and session_id */
+ rc = ecdh_build_k(session);
+ if (rc != SSH_OK) {
+ ssh_set_error(session, SSH_FATAL, "Cannot build k number");
+ goto out;
+ }
+
+ /* privkey is not allocated */
+ rc = ssh_get_key_params(session, &privkey);
+ if (rc == SSH_ERROR) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ rc = ssh_make_sessionid(session);
+ if (rc != SSH_OK) {
+ ssh_set_error(session, SSH_FATAL, "Could not create a session id");
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ sig_blob = ssh_srv_pki_do_sign_sessionid(session, privkey);
+ if (sig_blob == NULL) {
+ ssh_set_error(session, SSH_FATAL, "Could not sign the session id");
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ rc = ssh_buffer_pack(session->out_buffer, "bSSS",
+ SSH2_MSG_KEXDH_REPLY, session->next_crypto->server_pubkey,
+ q_s_string,
+ sig_blob);
+
+ ssh_string_free(sig_blob);
+
+ if (rc != SSH_OK) {
+ ssh_set_error_oom(session);
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEXDH_REPLY sent");
+ rc = ssh_packet_send(session);
+ if (rc != SSH_OK) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+ if (rc < 0) {
+ rc = SSH_ERROR;
+ goto out;
+ }
+
+ session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+ rc = ssh_packet_send(session);
+ SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+
+out:
+ mbedtls_ecp_group_free(&grp);
+ return rc;
+}
+
+#endif /* WITH_SERVER */
+#endif