src/libs/utils/ssh/sshkeyexchange.cpp

/**************************************************************************
**
** This file is part of Qt Creator
**
** Copyright (c) 2012 Nokia Corporation and/or its subsidiary(-ies).
**
** Contact: Nokia Corporation (qt-info@nokia.com)
**
**
** GNU Lesser General Public License Usage
**
** This file may be used under the terms of the GNU Lesser General Public
** License version 2.1 as published by the Free Software Foundation and
** appearing in the file LICENSE.LGPL included in the packaging of this file.
** Please review the following information to ensure the GNU Lesser General
** Public License version 2.1 requirements will be met:
** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
**
** In addition, as a special exception, Nokia gives you certain additional
** rights. These rights are described in the Nokia Qt LGPL Exception
** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
**
** Other Usage
**
** Alternatively, this file may be used in accordance with the terms and
** conditions contained in a signed written agreement between you and Nokia.
**
** If you have questions regarding the use of this file, please contact
** Nokia at qt-info@nokia.com.
**
**************************************************************************/

#include "sshkeyexchange_p.h"

#include "sshbotanconversions_p.h"
#include "sshcapabilities_p.h"
#include "sshsendfacility_p.h"
#include "sshexception_p.h"
#include "sshincomingpacket_p.h"

#include <botan/botan.h>
#include <botan/dsa.h>
#include <botan/look_pk.h>
#include <botan/pubkey.h>
#include <botan/rsa.h>

#ifdef CREATOR_SSH_DEBUG
#include <iostream>
#endif
#include <string>

using namespace Botan;

namespace Utils {
namespace Internal {

namespace {

    // For debugging
    void printNameList(const char *listName, const SshNameList &list)
    {
#ifdef CREATOR_SSH_DEBUG
        qDebug("%s:", listName);
        foreach (const QByteArray &name, list.names)
            qDebug("%s", name.constData());
#else
        Q_UNUSED(listName);
        Q_UNUSED(list);
#endif
    }

#ifdef CREATOR_SSH_DEBUG
    void printData(const char *name, const QByteArray &data)
    {
        std::cerr << std::hex;
        qDebug("The client thinks the %s has length %d and is:", name, data.count());
        for (int i = 0; i < data.count(); ++i)
            std::cerr << (static_cast<unsigned int>(data.at(i)) & 0xff) << ' ';
        std::cerr << std::endl;
    }
#endif

} // anonymous namespace

SshKeyExchange::SshKeyExchange(SshSendFacility &sendFacility)
    : m_sendFacility(sendFacility)
{
}

SshKeyExchange::~SshKeyExchange() {}

void SshKeyExchange::sendKexInitPacket(const QByteArray &serverId)
{
    m_serverId = serverId;
    m_clientKexInitPayload = m_sendFacility.sendKeyExchangeInitPacket();
}

bool SshKeyExchange::sendDhInitPacket(const SshIncomingPacket &serverKexInit)
{
#ifdef CREATOR_SSH_DEBUG
    qDebug("server requests key exchange");
#endif
    serverKexInit.printRawBytes();
    SshKeyExchangeInit kexInitParams
            = serverKexInit.extractKeyExchangeInitData();

    printNameList("Key Algorithms", kexInitParams.keyAlgorithms);
    printNameList("Server Host Key Algorithms", kexInitParams.serverHostKeyAlgorithms);
    printNameList("Encryption algorithms client to server", kexInitParams.encryptionAlgorithmsClientToServer);
    printNameList("Encryption algorithms server to client", kexInitParams.encryptionAlgorithmsServerToClient);
    printNameList("MAC algorithms client to server", kexInitParams.macAlgorithmsClientToServer);
    printNameList("MAC algorithms server to client", kexInitParams.macAlgorithmsServerToClient);
    printNameList("Compression algorithms client to server", kexInitParams.compressionAlgorithmsClientToServer);
    printNameList("Compression algorithms client to server", kexInitParams.compressionAlgorithmsClientToServer);
    printNameList("Languages client to server", kexInitParams.languagesClientToServer);
    printNameList("Languages server to client", kexInitParams.languagesServerToClient);
#ifdef CREATOR_SSH_DEBUG
    qDebug("First packet follows: %d", kexInitParams.firstKexPacketFollows);
#endif

    const QByteArray &keyAlgo
        = SshCapabilities::findBestMatch(SshCapabilities::KeyExchangeMethods,
              kexInitParams.keyAlgorithms.names);
    m_serverHostKeyAlgo
        = SshCapabilities::findBestMatch(SshCapabilities::PublicKeyAlgorithms,
              kexInitParams.serverHostKeyAlgorithms.names);
    m_encryptionAlgo
        = SshCapabilities::findBestMatch(SshCapabilities::EncryptionAlgorithms,
              kexInitParams.encryptionAlgorithmsClientToServer.names);
    m_decryptionAlgo
        = SshCapabilities::findBestMatch(SshCapabilities::EncryptionAlgorithms,
              kexInitParams.encryptionAlgorithmsServerToClient.names);
    m_c2sHMacAlgo
        = SshCapabilities::findBestMatch(SshCapabilities::MacAlgorithms,
              kexInitParams.macAlgorithmsClientToServer.names);
    m_s2cHMacAlgo
        = SshCapabilities::findBestMatch(SshCapabilities::MacAlgorithms,
              kexInitParams.macAlgorithmsServerToClient.names);
    SshCapabilities::findBestMatch(SshCapabilities::CompressionAlgorithms,
        kexInitParams.compressionAlgorithmsClientToServer.names);
    SshCapabilities::findBestMatch(SshCapabilities::CompressionAlgorithms,
        kexInitParams.compressionAlgorithmsServerToClient.names);

    AutoSeeded_RNG rng;
    m_dhKey.reset(new DH_PrivateKey(rng,
        DL_Group(botanKeyExchangeAlgoName(keyAlgo))));

    m_serverKexInitPayload = serverKexInit.payLoad();
    m_sendFacility.sendKeyDhInitPacket(m_dhKey->get_y());
    return kexInitParams.firstKexPacketFollows;
}

void SshKeyExchange::sendNewKeysPacket(const SshIncomingPacket &dhReply,
    const QByteArray &clientId)
{
    const SshKeyExchangeReply &reply
        = dhReply.extractKeyExchangeReply(m_serverHostKeyAlgo);
    if (reply.f <= 0 || reply.f >= m_dhKey->group_p()) {
        throw SSH_SERVER_EXCEPTION(SSH_DISCONNECT_KEY_EXCHANGE_FAILED,
            "Server sent invalid f.");
    }

    QByteArray concatenatedData = AbstractSshPacket::encodeString(clientId);
    concatenatedData += AbstractSshPacket::encodeString(m_serverId);
    concatenatedData += AbstractSshPacket::encodeString(m_clientKexInitPayload);
    concatenatedData += AbstractSshPacket::encodeString(m_serverKexInitPayload);
    concatenatedData += reply.k_s;
    concatenatedData += AbstractSshPacket::encodeMpInt(m_dhKey->get_y());
    concatenatedData += AbstractSshPacket::encodeMpInt(reply.f);
    SymmetricKey k = m_dhKey->derive_key(reply.f);
    m_k = AbstractSshPacket::encodeMpInt(BigInt(k.begin(), k.length()));
    concatenatedData += m_k;

    m_hash.reset(get_hash(botanSha1Name()));
    const SecureVector<byte> &hashResult
        = m_hash->process(convertByteArray(concatenatedData),
                        concatenatedData.size());
    m_h = convertByteArray(hashResult);

#ifdef CREATOR_SSH_DEBUG
    printData("Client Id", AbstractSshPacket::encodeString(clientId));
    printData("Server Id", AbstractSshPacket::encodeString(m_serverId));
    printData("Client Payload", AbstractSshPacket::encodeString(m_clientKexInitPayload));
    printData("Server payload", AbstractSshPacket::encodeString(m_serverKexInitPayload));
    printData("K_S", reply.k_s);
    printData("y", AbstractSshPacket::encodeMpInt(m_dhKey->get_y()));
    printData("f", AbstractSshPacket::encodeMpInt(reply.f));
    printData("K", m_k);
    printData("Concatenated data", concatenatedData);
    printData("H", m_h);
#endif // CREATOR_SSH_DEBUG

    QScopedPointer<Public_Key> sigKey;
    QScopedPointer<PK_Verifier> verifier;
    if (m_serverHostKeyAlgo == SshCapabilities::PubKeyDss) {
        const DL_Group group(reply.parameters.at(0), reply.parameters.at(1),
            reply.parameters.at(2));
        DSA_PublicKey * const dsaKey
            = new DSA_PublicKey(group, reply.parameters.at(3));
        sigKey.reset(dsaKey);
        verifier.reset(get_pk_verifier(*dsaKey,
            botanEmsaAlgoName(SshCapabilities::PubKeyDss)));
    } else if (m_serverHostKeyAlgo == SshCapabilities::PubKeyRsa) {
        RSA_PublicKey * const rsaKey
            = new RSA_PublicKey(reply.parameters.at(1), reply.parameters.at(0));
        sigKey.reset(rsaKey);
        verifier.reset(get_pk_verifier(*rsaKey,
            botanEmsaAlgoName(SshCapabilities::PubKeyRsa)));
    } else {
        Q_ASSERT(!"Impossible: Neither DSS nor RSA!");
    }
    const byte * const botanH = convertByteArray(m_h);
    const Botan::byte * const botanSig
        = convertByteArray(reply.signatureBlob);
    if (!verifier->verify_message(botanH, m_h.size(), botanSig,
        reply.signatureBlob.size())) {
        throw SSH_SERVER_EXCEPTION(SSH_DISCONNECT_KEY_EXCHANGE_FAILED,
            "Invalid signature in SSH_MSG_KEXDH_REPLY packet.");
    }

    m_sendFacility.sendNewKeysPacket();
}

} // namespace Internal
} // namespace Utils
Replace SSH library. 2010-07-12 09:33:22 +02:00			`/**************************************************************************`
			`**`
			`** This file is part of Qt Creator`
			`**`
Long live the king! Change-Id: I2b72b34c0cfeafc8bdbaf49b83ff723544f2b6e2 Reviewed-by: Daniel Teske <daniel.teske@nokia.com> 2012-01-26 18:33:46 +01:00			`** Copyright (c) 2012 Nokia Corporation and/or its subsidiary(-ies).`
Replace SSH library. 2010-07-12 09:33:22 +02:00			`**`
all: s/info@qt.nokia.com/qt-info@nokia.com/ Change-Id: If18afb5d4665924e7d9250dccbc60a65e6daa75e Reviewed-by: Eike Ziller <eike.ziller@nokia.com> 2011-11-02 15:59:12 +01:00			`** Contact: Nokia Corporation (qt-info@nokia.com)`
Replace SSH library. 2010-07-12 09:33:22 +02:00			`**`
			`**`
			`** GNU Lesser General Public License Usage`
			`**`
Update license. 2011-04-13 08:42:33 +02:00			`** This file may be used under the terms of the GNU Lesser General Public`
			`** License version 2.1 as published by the Free Software Foundation and`
			`** appearing in the file LICENSE.LGPL included in the packaging of this file.`
			`** Please review the following information to ensure the GNU Lesser General`
			`** Public License version 2.1 requirements will be met:`
			`** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.`
Replace SSH library. 2010-07-12 09:33:22 +02:00			`**`
License headers. 2010-12-17 16:01:08 +01:00			`** In addition, as a special exception, Nokia gives you certain additional`
Update license. 2011-04-13 08:42:33 +02:00			`** rights. These rights are described in the Nokia Qt LGPL Exception`
License headers. 2010-12-17 16:01:08 +01:00			`** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.`
			`**`
Update license. 2011-04-13 08:42:33 +02:00			`** Other Usage`
			`**`
			`** Alternatively, this file may be used in accordance with the terms and`
			`** conditions contained in a signed written agreement between you and Nokia.`
			`**`
License headers. 2010-12-17 16:01:08 +01:00			`** If you have questions regarding the use of this file, please contact`
all: s/info@qt.nokia.com/qt-info@nokia.com/ Change-Id: If18afb5d4665924e7d9250dccbc60a65e6daa75e Reviewed-by: Eike Ziller <eike.ziller@nokia.com> 2011-11-02 15:59:12 +01:00			`** Nokia at qt-info@nokia.com.`
Replace SSH library. 2010-07-12 09:33:22 +02:00			`**`
			`**************************************************************************/`

			`#include "sshkeyexchange_p.h"`

			`#include "sshbotanconversions_p.h"`
			`#include "sshcapabilities_p.h"`
			`#include "sshsendfacility_p.h"`
			`#include "sshexception_p.h"`
			`#include "sshincomingpacket_p.h"`

			`#include <botan/botan.h>`
			`#include <botan/dsa.h>`
			`#include <botan/look_pk.h>`
			`#include <botan/pubkey.h>`
			`#include <botan/rsa.h>`

SSH: Fix key re-exchange bug. We used the encrypted client payload by mistake. The bug only manifests itself from the second key exchange on, because during the first one, no encryption is active, so the "encrypted" payload is the same as the non-encrypted one. 2011-04-28 10:57:17 +02:00			`#ifdef CREATOR_SSH_DEBUG`
			`#include <iostream>`
			`#endif`
Replace SSH library. 2010-07-12 09:33:22 +02:00			`#include <string>`

			`using namespace Botan;`

move src/plugins/coreplugin/ssh to src/lib/utils/ssh Merge-request: 253 Reviewed-by: hjk <qtc-committer@nokia.com> 2011-02-14 16:34:17 +01:00			`namespace Utils {`
Replace SSH library. 2010-07-12 09:33:22 +02:00			`namespace Internal {`

			`namespace {`

			`// For debugging`
			`void printNameList(const char *listName, const SshNameList &list)`
			`{`
			`#ifdef CREATOR_SSH_DEBUG`
			`qDebug("%s:", listName);`
			`foreach (const QByteArray &name, list.names)`
			`qDebug("%s", name.constData());`
			`#else`
			`Q_UNUSED(listName);`
			`Q_UNUSED(list);`
			`#endif`
			`}`
SSH: Fix key re-exchange bug. We used the encrypted client payload by mistake. The bug only manifests itself from the second key exchange on, because during the first one, no encryption is active, so the "encrypted" payload is the same as the non-encrypted one. 2011-04-28 10:57:17 +02:00
			`#ifdef CREATOR_SSH_DEBUG`
			`void printData(const char *name, const QByteArray &data)`
			`{`
			`std::cerr << std::hex;`
			`qDebug("The client thinks the %s has length %d and is:", name, data.count());`
			`for (int i = 0; i < data.count(); ++i)`
			`std::cerr << (static_cast<unsigned int>(data.at(i)) & 0xff) << ' ';`
			`std::cerr << std::endl;`
			`}`
			`#endif`

Replace SSH library. 2010-07-12 09:33:22 +02:00			`} // anonymous namespace`

			`SshKeyExchange::SshKeyExchange(SshSendFacility &sendFacility)`
			`: m_sendFacility(sendFacility)`
			`{`
			`}`

			`SshKeyExchange::~SshKeyExchange() {}`

			`void SshKeyExchange::sendKexInitPacket(const QByteArray &serverId)`
			`{`
			`m_serverId = serverId;`
SSH: Fix key re-exchange bug. We used the encrypted client payload by mistake. The bug only manifests itself from the second key exchange on, because during the first one, no encryption is active, so the "encrypted" payload is the same as the non-encrypted one. 2011-04-28 10:57:17 +02:00			`m_clientKexInitPayload = m_sendFacility.sendKeyExchangeInitPacket();`
Replace SSH library. 2010-07-12 09:33:22 +02:00			`}`

			`bool SshKeyExchange::sendDhInitPacket(const SshIncomingPacket &serverKexInit)`
			`{`
			`#ifdef CREATOR_SSH_DEBUG`
			`qDebug("server requests key exchange");`
			`#endif`
			`serverKexInit.printRawBytes();`
			`SshKeyExchangeInit kexInitParams`
			`= serverKexInit.extractKeyExchangeInitData();`

			`printNameList("Key Algorithms", kexInitParams.keyAlgorithms);`
			`printNameList("Server Host Key Algorithms", kexInitParams.serverHostKeyAlgorithms);`
			`printNameList("Encryption algorithms client to server", kexInitParams.encryptionAlgorithmsClientToServer);`
			`printNameList("Encryption algorithms server to client", kexInitParams.encryptionAlgorithmsServerToClient);`
			`printNameList("MAC algorithms client to server", kexInitParams.macAlgorithmsClientToServer);`
			`printNameList("MAC algorithms server to client", kexInitParams.macAlgorithmsServerToClient);`
			`printNameList("Compression algorithms client to server", kexInitParams.compressionAlgorithmsClientToServer);`
			`printNameList("Compression algorithms client to server", kexInitParams.compressionAlgorithmsClientToServer);`
			`printNameList("Languages client to server", kexInitParams.languagesClientToServer);`
			`printNameList("Languages server to client", kexInitParams.languagesServerToClient);`
			`#ifdef CREATOR_SSH_DEBUG`
			`qDebug("First packet follows: %d", kexInitParams.firstKexPacketFollows);`
			`#endif`

			`const QByteArray &keyAlgo`
			`= SshCapabilities::findBestMatch(SshCapabilities::KeyExchangeMethods,`
			`kexInitParams.keyAlgorithms.names);`
			`m_serverHostKeyAlgo`
			`= SshCapabilities::findBestMatch(SshCapabilities::PublicKeyAlgorithms,`
			`kexInitParams.serverHostKeyAlgorithms.names);`
			`m_encryptionAlgo`
			`= SshCapabilities::findBestMatch(SshCapabilities::EncryptionAlgorithms,`
			`kexInitParams.encryptionAlgorithmsClientToServer.names);`
			`m_decryptionAlgo`
			`= SshCapabilities::findBestMatch(SshCapabilities::EncryptionAlgorithms,`
			`kexInitParams.encryptionAlgorithmsServerToClient.names);`
			`m_c2sHMacAlgo`
			`= SshCapabilities::findBestMatch(SshCapabilities::MacAlgorithms,`
			`kexInitParams.macAlgorithmsClientToServer.names);`
			`m_s2cHMacAlgo`
			`= SshCapabilities::findBestMatch(SshCapabilities::MacAlgorithms,`
			`kexInitParams.macAlgorithmsServerToClient.names);`
			`SshCapabilities::findBestMatch(SshCapabilities::CompressionAlgorithms,`
			`kexInitParams.compressionAlgorithmsClientToServer.names);`
			`SshCapabilities::findBestMatch(SshCapabilities::CompressionAlgorithms,`
			`kexInitParams.compressionAlgorithmsServerToClient.names);`

			`AutoSeeded_RNG rng;`
			`m_dhKey.reset(new DH_PrivateKey(rng,`
			`DL_Group(botanKeyExchangeAlgoName(keyAlgo))));`

SSH: Fix key re-exchange bug. We used the encrypted client payload by mistake. The bug only manifests itself from the second key exchange on, because during the first one, no encryption is active, so the "encrypted" payload is the same as the non-encrypted one. 2011-04-28 10:57:17 +02:00			`m_serverKexInitPayload = serverKexInit.payLoad();`
Replace SSH library. 2010-07-12 09:33:22 +02:00			`m_sendFacility.sendKeyDhInitPacket(m_dhKey->get_y());`
			`return kexInitParams.firstKexPacketFollows;`
			`}`

			`void SshKeyExchange::sendNewKeysPacket(const SshIncomingPacket &dhReply,`
			`const QByteArray &clientId)`
			`{`
			`const SshKeyExchangeReply &reply`
			`= dhReply.extractKeyExchangeReply(m_serverHostKeyAlgo);`
			`if (reply.f <= 0 \|\| reply.f >= m_dhKey->group_p()) {`
			`throw SSH_SERVER_EXCEPTION(SSH_DISCONNECT_KEY_EXCHANGE_FAILED,`
			`"Server sent invalid f.");`
			`}`

			`QByteArray concatenatedData = AbstractSshPacket::encodeString(clientId);`
			`concatenatedData += AbstractSshPacket::encodeString(m_serverId);`
			`concatenatedData += AbstractSshPacket::encodeString(m_clientKexInitPayload);`
			`concatenatedData += AbstractSshPacket::encodeString(m_serverKexInitPayload);`
			`concatenatedData += reply.k_s;`
			`concatenatedData += AbstractSshPacket::encodeMpInt(m_dhKey->get_y());`
			`concatenatedData += AbstractSshPacket::encodeMpInt(reply.f);`
			`SymmetricKey k = m_dhKey->derive_key(reply.f);`
			`m_k = AbstractSshPacket::encodeMpInt(BigInt(k.begin(), k.length()));`
			`concatenatedData += m_k;`

			`m_hash.reset(get_hash(botanSha1Name()));`
			`const SecureVector<byte> &hashResult`
			`= m_hash->process(convertByteArray(concatenatedData),`
			`concatenatedData.size());`
			`m_h = convertByteArray(hashResult);`

SSH: Fix key re-exchange bug. We used the encrypted client payload by mistake. The bug only manifests itself from the second key exchange on, because during the first one, no encryption is active, so the "encrypted" payload is the same as the non-encrypted one. 2011-04-28 10:57:17 +02:00			`#ifdef CREATOR_SSH_DEBUG`
			`printData("Client Id", AbstractSshPacket::encodeString(clientId));`
			`printData("Server Id", AbstractSshPacket::encodeString(m_serverId));`
			`printData("Client Payload", AbstractSshPacket::encodeString(m_clientKexInitPayload));`
			`printData("Server payload", AbstractSshPacket::encodeString(m_serverKexInitPayload));`
			`printData("K_S", reply.k_s);`
			`printData("y", AbstractSshPacket::encodeMpInt(m_dhKey->get_y()));`
			`printData("f", AbstractSshPacket::encodeMpInt(reply.f));`
			`printData("K", m_k);`
			`printData("Concatenated data", concatenatedData);`
			`printData("H", m_h);`
			`#endif // CREATOR_SSH_DEBUG`

Replace SSH library. 2010-07-12 09:33:22 +02:00			`QScopedPointer<Public_Key> sigKey;`
			`QScopedPointer<PK_Verifier> verifier;`
			`if (m_serverHostKeyAlgo == SshCapabilities::PubKeyDss) {`
			`const DL_Group group(reply.parameters.at(0), reply.parameters.at(1),`
			`reply.parameters.at(2));`
			`DSA_PublicKey * const dsaKey`
			`= new DSA_PublicKey(group, reply.parameters.at(3));`
			`sigKey.reset(dsaKey);`
			`verifier.reset(get_pk_verifier(*dsaKey,`
			`botanEmsaAlgoName(SshCapabilities::PubKeyDss)));`
			`} else if (m_serverHostKeyAlgo == SshCapabilities::PubKeyRsa) {`
			`RSA_PublicKey * const rsaKey`
			`= new RSA_PublicKey(reply.parameters.at(1), reply.parameters.at(0));`
			`sigKey.reset(rsaKey);`
			`verifier.reset(get_pk_verifier(*rsaKey,`
			`botanEmsaAlgoName(SshCapabilities::PubKeyRsa)));`
			`} else {`
			`Q_ASSERT(!"Impossible: Neither DSS nor RSA!");`
			`}`
			`const byte * const botanH = convertByteArray(m_h);`
			`const Botan::byte * const botanSig`
			`= convertByteArray(reply.signatureBlob);`
			`if (!verifier->verify_message(botanH, m_h.size(), botanSig,`
			`reply.signatureBlob.size())) {`
			`throw SSH_SERVER_EXCEPTION(SSH_DISCONNECT_KEY_EXCHANGE_FAILED,`
			`"Invalid signature in SSH_MSG_KEXDH_REPLY packet.");`
			`}`

			`m_sendFacility.sendNewKeysPacket();`
			`}`

			`} // namespace Internal`
move src/plugins/coreplugin/ssh to src/lib/utils/ssh Merge-request: 253 Reviewed-by: hjk <qtc-committer@nokia.com> 2011-02-14 16:34:17 +01:00			`} // namespace Utils`