1 /* 2 * Dropbear - a SSH2 server 3 * 4 * Copyright (c) 2002,2003 Matt Johnston 5 * Copyright (c) 2004 by Mihnea Stoenescu 6 * All rights reserved. 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 24 * SOFTWARE. */ 25 26 #include "includes.h" 27 #include "dbutil.h" 28 #include "algo.h" 29 #include "buffer.h" 30 #include "session.h" 31 #include "kex.h" 32 #include "ssh.h" 33 #include "packet.h" 34 #include "bignum.h" 35 #include "random.h" 36 #include "runopts.h" 37 38 39 static void send_msg_kexdh_reply(mp_int *dh_e); 40 41 /* Handle a diffie-hellman key exchange initialisation. This involves 42 * calculating a session key reply value, and corresponding hash. These 43 * are carried out by send_msg_kexdh_reply(). recv_msg_kexdh_init() calls 44 * that function, then brings the new keys into use */ 45 void recv_msg_kexdh_init() { 46 47 DEF_MP_INT(dh_e); 48 49 TRACE(("enter recv_msg_kexdh_init")) 50 if (!ses.kexstate.recvkexinit) { 51 dropbear_exit("Premature kexdh_init message received"); 52 } 53 54 m_mp_init(&dh_e); 55 if (buf_getmpint(ses.payload, &dh_e) != DROPBEAR_SUCCESS) { 56 dropbear_exit("Failed to get kex value"); 57 } 58 59 send_msg_kexdh_reply(&dh_e); 60 61 mp_clear(&dh_e); 62 63 send_msg_newkeys(); 64 ses.requirenext = SSH_MSG_NEWKEYS; 65 TRACE(("leave recv_msg_kexdh_init")) 66 } 67 68 /* Generate our side of the diffie-hellman key exchange value (dh_f), and 69 * calculate the session key using the diffie-hellman algorithm. Following 70 * that, the session hash is calculated, and signed with RSA or DSS. The 71 * result is sent to the client. 72 * 73 * See the ietf-secsh-transport draft, section 6, for details */ 74 static void send_msg_kexdh_reply(mp_int *dh_e) { 75 76 DEF_MP_INT(dh_y); 77 DEF_MP_INT(dh_f); 78 79 TRACE(("enter send_msg_kexdh_reply")) 80 m_mp_init_multi(&dh_y, &dh_f, NULL); 81 82 gen_kexdh_vals(&dh_f, &dh_y); 83 84 kexdh_comb_key(&dh_f, &dh_y, dh_e, svr_opts.hostkey); 85 mp_clear(&dh_y); 86 87 /* we can start creating the kexdh_reply packet */ 88 CHECKCLEARTOWRITE(); 89 buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_REPLY); 90 buf_put_pub_key(ses.writepayload, svr_opts.hostkey, 91 ses.newkeys->algo_hostkey); 92 93 /* put f */ 94 buf_putmpint(ses.writepayload, &dh_f); 95 mp_clear(&dh_f); 96 97 /* calc the signature */ 98 buf_put_sign(ses.writepayload, svr_opts.hostkey, 99 ses.newkeys->algo_hostkey, ses.hash, SHA1_HASH_SIZE); 100 101 /* the SSH_MSG_KEXDH_REPLY is done */ 102 encrypt_packet(); 103 104 TRACE(("leave send_msg_kexdh_reply")) 105 } 106 107