From b42c61d6840d16ef392ed0f365e8c000734669aa Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sun, 19 Dec 2021 22:08:06 +0000 Subject: [PATCH] upstream: Record session ID, host key and sig at intital KEX These will be used later for agent session ID / hostkey binding ok markus@ OpenBSD-Commit-ID: a9af29e33772b18e3e867c6fa8ab35e1694a81fe --- kex.c | 4 +++- kex.h | 5 ++++- kexgen.c | 35 ++++++++++++++++++++++++++++++----- kexgexc.c | 24 +++++++++++++++++++++--- kexgexs.c | 14 +++++++++++--- 5 files changed, 69 insertions(+), 13 deletions(-) diff --git a/kex.c b/kex.c index 709a0ec63..55babbcec 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.168 2021/04/03 06:18:40 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.169 2021/12/19 22:08:06 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -699,6 +699,8 @@ kex_free(struct kex *kex) sshbuf_free(kex->server_version); sshbuf_free(kex->client_pub); sshbuf_free(kex->session_id); + sshbuf_free(kex->initial_sig); + sshkey_free(kex->initial_hostkey); free(kex->failed_choice); free(kex->hostkey_alg); free(kex->name); diff --git a/kex.h b/kex.h index 9605ed528..70b8909bc 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.114 2021/01/31 22:55:29 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.115 2021/12/19 22:08:06 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -130,6 +130,7 @@ struct newkeys { }; struct ssh; +struct sshbuf; struct kex { struct newkeys *newkeys[MODE_MAX]; @@ -148,6 +149,8 @@ struct kex { struct sshbuf *client_version; struct sshbuf *server_version; struct sshbuf *session_id; + struct sshbuf *initial_sig; + struct sshkey *initial_hostkey; sig_atomic_t done; u_int flags; int hash_alg; diff --git a/kexgen.c b/kexgen.c index bde28053d..20f3c5711 100644 --- a/kexgen.c +++ b/kexgen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgen.c,v 1.7 2021/04/03 06:18:40 djm Exp $ */ +/* $OpenBSD: kexgen.c,v 1.8 2021/12/19 22:08:06 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -218,8 +218,26 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh) kex->hostkey_alg, ssh->compat, NULL)) != 0) goto out; - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) != 0 || + (r = kex_send_newkeys(ssh)) != 0) + goto out; + + /* save initial signature and hostkey */ + if ((kex->flags & KEX_INITIAL) != 0) { + if (kex->initial_hostkey != NULL || kex->initial_sig != NULL) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + if ((kex->initial_sig = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put(kex->initial_sig, signature, slen)) != 0) + goto out; + kex->initial_hostkey = server_host_key; + server_host_key = NULL; + } + /* success */ out: explicit_bzero(hash, sizeof(hash)); explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key)); @@ -333,8 +351,15 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) (r = sshpkt_send(ssh)) != 0) goto out; - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) != 0 || + (r = kex_send_newkeys(ssh)) != 0) + goto out; + /* retain copy of hostkey used at initial KEX */ + if (kex->initial_hostkey == NULL && + (r = sshkey_from_private(server_host_public, + &kex->initial_hostkey)) != 0) + goto out; + /* success */ out: explicit_bzero(hash, sizeof(hash)); sshbuf_free(server_host_key_blob); diff --git a/kexgexc.c b/kexgexc.c index 4a2e741d8..e99e0cf21 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.37 2021/01/31 22:55:29 djm Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.38 2021/12/19 22:08:06 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -206,8 +206,26 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) hashlen, kex->hostkey_alg, ssh->compat, NULL)) != 0) goto out; - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) != 0 || + (r = kex_send_newkeys(ssh)) != 0) + goto out; + + /* save initial signature and hostkey */ + if ((kex->flags & KEX_INITIAL) != 0) { + if (kex->initial_hostkey != NULL || kex->initial_sig != NULL) { + r = SSH_ERR_INTERNAL_ERROR; + goto out; + } + if ((kex->initial_sig = sshbuf_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshbuf_put(kex->initial_sig, signature, slen)) != 0) + goto out; + kex->initial_hostkey = server_host_key; + server_host_key = NULL; + } + /* success */ out: explicit_bzero(hash, sizeof(hash)); DH_free(kex->dh); diff --git a/kexgexs.c b/kexgexs.c index f0fbcb912..72b444f69 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.43 2021/01/31 22:55:29 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.44 2021/12/19 22:08:06 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -194,8 +194,16 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh) (r = sshpkt_send(ssh)) != 0) goto out; - if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0) - r = kex_send_newkeys(ssh); + if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) != 0 || + (r = kex_send_newkeys(ssh)) != 0) + goto out; + + /* retain copy of hostkey used at initial KEX */ + if (kex->initial_hostkey == NULL && + (r = sshkey_from_private(server_host_public, + &kex->initial_hostkey)) != 0) + goto out; + /* success */ out: explicit_bzero(hash, sizeof(hash)); DH_free(kex->dh);