Prototype KEX crypto interface and kexdhc changes based on this interface

Author: manojampalam

contrib/win32/openssh/libssh.vcxproj

@@ -258,6 +258,7 @@
     <ClCompile Include="$(OpenSSH-Src-Path)uuencode.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)verify.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)xmalloc.c" />
+    <ClCompile Include="..\..\..\kexdh-openssl.c" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">

contrib/win32/openssh/libssh.vcxproj.filters

@@ -288,5 +288,8 @@
     <ClCompile Include="$(OpenSSH-Src-Path)xmalloc.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\kexdh-openssl.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
 </Project>

kex.h

@@ -121,6 +121,26 @@ struct newkeys {
 
 struct ssh;
 
+//KEX DH interface start
+struct sshbuf;
+typedef struct kexdhi_
+{
+	//consume p and g from "in"
+	int(*read_p_g)(struct kexdhi_*, struct sshbuf* in);
+	//encode p and g in "out"
+	int(*get_p_g)(struct kexdhi_*, struct sshbuf* out);
+	//encode public key in pub
+	int(*get_pub_key)(struct kexdhi_*, struct sshbuf* pub);
+	//read other public key from other_pub and encode secretagreement in secret
+	int(*get_secret)(struct kexdhi_*, struct sshbuf* other_pub, struct sshbuf* secret);
+	void(*done)(struct kexdhi_*);
+}kexdhi;
+
+kexdhi* kexdh_openssl_init(struct ssh* ssh);
+//KEX DH interface end
+
+
+
 struct kex {
 	u_char	*session_id;
 	size_t	session_id_len;
@@ -150,6 +170,8 @@ struct kex {
 	    u_char **, size_t *, const u_char *, size_t, u_int);
 	int	(*kex[KEX_MAX])(struct ssh *);
 	/* kex specific state */
+	kexdhi* kexdh;
+
 	DH	*dh;			/* DH */
 	u_int	min, max, nbits;	/* GEX */
 	EC_KEY	*ec_client_key;		/* ECDH */
@@ -191,6 +213,12 @@ int	 kex_dh_hash(const char *, const char *,
     const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
     const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
 
+//version of kex_dh_hash with public keys and secret passed as sshbuf instead of BIGNUM
+int kex_dh_hash_(
+	const char *, 	const char *,	const u_char *, size_t ,	const u_char *, size_t ,
+	const u_char *, size_t ,	const struct sshbuf *,	const struct sshbuf *,	const struct sshbuf *,
+	u_char *hash, size_t *);
+
 int	 kexgex_hash(int, const char *, const char *,
     const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
     int, int, int,

kexdh-openssl.c

@@ -0,0 +1,152 @@
+#include "includes.h"
+
+#ifdef WITH_OPENSSL
+
+#include <openssl/dh.h>
+
+#include <stdarg.h>
+#include <stdio.h>
+
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh2.h"
+#include "dispatch.h"
+#include "compat.h"
+#include "ssherr.h"
+#include "sshbuf.h"
+
+typedef struct kexdh_openssl_
+{
+	kexdhi dhi;
+	struct ssh* ssh;
+	DH* dh;
+}kexdh_openssl;
+
+
+static int kexdh_get_pub_key(kexdhi* dh_, struct sshbuf* pub)
+{
+	int r = 0;
+	kexdh_openssl* dh = (kexdh_openssl*)dh_;
+	struct kex* kex = dh->ssh->kex;
+	
+	/* generate and send 'e', client DH public key */
+	switch (kex->kex_type) {
+	case KEX_DH_GRP1_SHA1:
+		dh->dh = dh_new_group1();
+		break;
+	case KEX_DH_GRP14_SHA1:
+		dh->dh = dh_new_group14();
+		break;
+	default:
+		r = SSH_ERR_INVALID_ARGUMENT;
+		goto out;	
+	}
+
+	if ((r = dh_gen_key(dh->dh, kex->we_need * 8)) != 0 ||
+		(r = sshpkt_put_bignum2(pub, dh->dh->pub_key)) != 0)
+		goto out;
+#ifdef DEBUG_KEXDH
+	DHparams_print_fp(stderr, dh->dh);
+	fprintf(stderr, "pub= ");
+	BN_print_fp(stderr, dh->dh->pub_key);
+	fprintf(stderr, "\n");
+#endif
+	return 0;
+out:
+	return r;
+}
+
+static int kexdh_get_secret(kexdhi* dh_, struct sshbuf* other_pub, struct sshbuf* secret)
+{
+	int r = 0, kout;
+	BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
+	kexdh_openssl* dh = (kexdh_openssl*)dh_;
+	struct kex* kex = dh->ssh->kex;
+	size_t klen = 0;
+	u_char *kbuf = NULL;
+
+	/* DH parameter f, server public DH key */
+	if ((dh_server_pub = BN_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+
+	if ((r = sshbuf_get_bignum2(other_pub, dh_server_pub)) != 0) {
+		goto out;
+	}
+
+#ifdef DEBUG_KEXDH
+	fprintf(stderr, "dh_server_pub= ");
+	BN_print_fp(stderr, dh_server_pub);
+	fprintf(stderr, "\n");
+	debug("bits %d", BN_num_bits(dh_server_pub));
+#endif
+	if (!dh_pub_is_valid(dh->dh, dh_server_pub)) {
+		sshpkt_disconnect(dh->ssh, "bad server public DH value");
+		r = SSH_ERR_MESSAGE_INCOMPLETE;
+		goto out;
+	}
+
+	klen = DH_size(kex->dh);
+	if ((kbuf = malloc(klen)) == NULL ||
+		(shared_secret = BN_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((kout = DH_compute_key(kbuf, dh_server_pub, kex->dh)) < 0 ||
+		BN_bin2bn(kbuf, kout, shared_secret) == NULL) {
+		r = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+	}
+#ifdef DEBUG_KEXDH
+	dump_digest("shared secret", kbuf, kout);
+#endif
+
+	if ((r == sshbuf_put_bignum2(secret, shared_secret)) != 0) {
+		goto out;
+	}
+out:
+	if (dh_server_pub)
+		BN_clear_free(dh_server_pub);
+	if (kbuf) {
+		explicit_bzero(kbuf, klen);
+		free(kbuf);
+	}
+	if (shared_secret)
+		BN_clear_free(shared_secret);
+
+	return r;
+}
+
+static void kexdh_done(kexdhi* dh_)
+{
+	kexdh_openssl* dh = (kexdh_openssl*)dh_;
+	
+	if (dh->dh)
+		DH_free(dh->dh);
+	free(dh_);
+}
+
+
+kexdhi* kexdh_openssl_init(struct ssh* ssh) 
+{
+
+	kexdh_openssl *dh = malloc(sizeof(kexdh_openssl));
+
+	if (dh)
+	{		
+		dh->ssh = ssh;
+		dh->dhi.get_pub_key = kexdh_get_pub_key;
+		dh->dhi.get_secret = kexdh_get_secret;
+		dh->dhi.done = kexdh_done;
+		dh->dhi.get_p_g = NULL;
+		dh->dhi.read_p_g = NULL;
+	}
+	
+	return dh;
+}
+
+
+#endif

kexdh.c

@@ -90,4 +90,52 @@ kex_dh_hash(
 #endif
 	return 0;
 }
+kex_dh_hash_(
+	const char *client_version_string,
+	const char *server_version_string,
+	const u_char *ckexinit, size_t ckexinitlen,
+	const u_char *skexinit, size_t skexinitlen,
+	const u_char *serverhostkeyblob, size_t sbloblen,
+	const struct sshbuf *client_dh_pub,
+	const struct sshbuf *server_dh_pub,
+	const struct sshbuf *shared_secret,
+	u_char *hash, size_t *hashlen)
+{
+	struct sshbuf *b;
+	int r;
+
+	if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1))
+		return SSH_ERR_INVALID_ARGUMENT;
+	if ((b = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 ||
+		(r = sshbuf_put_cstring(b, server_version_string)) != 0 ||
+		/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
+		(r = sshbuf_put_u32(b, ckexinitlen + 1)) != 0 ||
+		(r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
+		(r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 ||
+		(r = sshbuf_put_u32(b, skexinitlen + 1)) != 0 ||
+		(r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
+		(r = sshbuf_put(b, skexinit, skexinitlen)) != 0 ||
+		(r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 ||
+		(r = sshbuf_put_b(b, client_dh_pub)) != 0 ||
+		(r = sshbuf_put_b(b, server_dh_pub)) != 0 ||
+		(r = sshbuf_put_b(b, shared_secret)) != 0) {
+		sshbuf_free(b);
+		return r;
+	}
+#ifdef DEBUG_KEX
+	sshbuf_dump(b, stderr);
+#endif
+	if (ssh_digest_buffer(SSH_DIGEST_SHA1, b, hash, *hashlen) != 0) {
+		sshbuf_free(b);
+		return SSH_ERR_LIBCRYPTO_ERROR;
+	}
+	sshbuf_free(b);
+	*hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
+#ifdef DEBUG_KEX
+	dump_digest("hash", hash, *hashlen);
+#endif
+	return 0;
+}
 #endif /* WITH_OPENSSL */