Mercurial > dropbear
comparison svr-kex.c @ 1733:d529a52b2f7c coverity coverity
merge coverity from main
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 26 Jun 2020 21:07:34 +0800 |
parents | 435cfb9ec96e |
children | 284c3837891c |
comparison
equal
deleted
inserted
replaced
1643:b59623a64678 | 1733:d529a52b2f7c |
---|---|
36 #include "runopts.h" | 36 #include "runopts.h" |
37 #include "ecc.h" | 37 #include "ecc.h" |
38 #include "gensignkey.h" | 38 #include "gensignkey.h" |
39 | 39 |
40 static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs); | 40 static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs); |
41 #if DROPBEAR_EXT_INFO | |
42 static void send_msg_ext_info(void); | |
43 #endif | |
41 | 44 |
42 /* Handle a diffie-hellman key exchange initialisation. This involves | 45 /* Handle a diffie-hellman key exchange initialisation. This involves |
43 * calculating a session key reply value, and corresponding hash. These | 46 * calculating a session key reply value, and corresponding hash. These |
44 * are carried out by send_msg_kexdh_reply(). recv_msg_kexdh_init() calls | 47 * are carried out by send_msg_kexdh_reply(). recv_msg_kexdh_init() calls |
45 * that function, then brings the new keys into use */ | 48 * that function, then brings the new keys into use */ |
46 void recv_msg_kexdh_init() { | 49 void recv_msg_kexdh_init() { |
47 | |
48 DEF_MP_INT(dh_e); | 50 DEF_MP_INT(dh_e); |
49 buffer *ecdh_qs = NULL; | 51 buffer *ecdh_qs = NULL; |
50 | 52 |
51 TRACE(("enter recv_msg_kexdh_init")) | 53 TRACE(("enter recv_msg_kexdh_init")) |
52 if (!ses.kexstate.recvkexinit) { | 54 if (!ses.kexstate.recvkexinit) { |
84 buf_free(ecdh_qs); | 86 buf_free(ecdh_qs); |
85 ecdh_qs = NULL; | 87 ecdh_qs = NULL; |
86 } | 88 } |
87 | 89 |
88 send_msg_newkeys(); | 90 send_msg_newkeys(); |
91 | |
92 #if DROPBEAR_EXT_INFO | |
93 /* Only send it following the first newkeys */ | |
94 if (!ses.kexstate.donesecondkex && ses.allow_ext_info) { | |
95 send_msg_ext_info(); | |
96 } | |
97 #endif | |
98 | |
89 ses.requirenext = SSH_MSG_NEWKEYS; | 99 ses.requirenext = SSH_MSG_NEWKEYS; |
90 TRACE(("leave recv_msg_kexdh_init")) | 100 TRACE(("leave recv_msg_kexdh_init")) |
91 } | 101 } |
92 | 102 |
93 | 103 |
119 #if DROPBEAR_ECDSA | 129 #if DROPBEAR_ECDSA |
120 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: | 130 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: |
121 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: | 131 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: |
122 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: | 132 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: |
123 fn = ECDSA_PRIV_FILENAME; | 133 fn = ECDSA_PRIV_FILENAME; |
134 break; | |
135 #endif | |
136 #if DROPBEAR_ED25519 | |
137 case DROPBEAR_SIGNKEY_ED25519: | |
138 fn = ED25519_PRIV_FILENAME; | |
124 break; | 139 break; |
125 #endif | 140 #endif |
126 default: | 141 default: |
127 dropbear_assert(0); | 142 dropbear_assert(0); |
128 } | 143 } |
217 #if DROPBEAR_CURVE25519 | 232 #if DROPBEAR_CURVE25519 |
218 case DROPBEAR_KEX_CURVE25519: | 233 case DROPBEAR_KEX_CURVE25519: |
219 { | 234 { |
220 struct kex_curve25519_param *param = gen_kexcurve25519_param(); | 235 struct kex_curve25519_param *param = gen_kexcurve25519_param(); |
221 kexcurve25519_comb_key(param, ecdh_qs, svr_opts.hostkey); | 236 kexcurve25519_comb_key(param, ecdh_qs, svr_opts.hostkey); |
222 buf_putstring(ses.writepayload, (const char*)param->pub, CURVE25519_LEN); | 237 |
238 buf_putstring(ses.writepayload, param->pub, CURVE25519_LEN); | |
223 free_kexcurve25519_param(param); | 239 free_kexcurve25519_param(param); |
224 } | 240 } |
225 break; | 241 break; |
226 #endif | 242 #endif |
227 } | 243 } |
228 | 244 |
229 /* calc the signature */ | 245 /* calc the signature */ |
230 buf_put_sign(ses.writepayload, svr_opts.hostkey, | 246 buf_put_sign(ses.writepayload, svr_opts.hostkey, |
231 ses.newkeys->algo_hostkey, ses.hash); | 247 ses.newkeys->algo_signature, ses.hash); |
232 | 248 |
233 /* the SSH_MSG_KEXDH_REPLY is done */ | 249 /* the SSH_MSG_KEXDH_REPLY is done */ |
234 encrypt_packet(); | 250 encrypt_packet(); |
235 | 251 |
236 TRACE(("leave send_msg_kexdh_reply")) | 252 TRACE(("leave send_msg_kexdh_reply")) |
237 } | 253 } |
238 | 254 |
255 #if DROPBEAR_EXT_INFO | |
256 /* Only used for server-sig-algs on the server side */ | |
257 static void send_msg_ext_info(void) { | |
258 TRACE(("enter send_msg_ext_info")) | |
259 | |
260 buf_putbyte(ses.writepayload, SSH_MSG_EXT_INFO); | |
261 /* nr-extensions */ | |
262 buf_putint(ses.writepayload, 1); | |
263 | |
264 buf_putstring(ses.writepayload, SSH_SERVER_SIG_ALGS, strlen(SSH_SERVER_SIG_ALGS)); | |
265 buf_put_algolist_all(ses.writepayload, sigalgs, 1); | |
266 | |
267 encrypt_packet(); | |
268 | |
269 TRACE(("leave send_msg_ext_info")) | |
270 } | |
271 #endif |