1 /*
2 * authkeys.c - routines to manage the storage of authentication keys
3 */
4 #ifdef HAVE_CONFIG_H
5 # include <config.h>
6 #endif
7
8 #include <math.h>
9 #include <stdio.h>
10
11 #include "ntp.h"
12 #include "ntp_fp.h"
13 #include "ntpd.h"
14 #include "ntp_lists.h"
15 #include "ntp_string.h"
16 #include "ntp_malloc.h"
17 #include "ntp_stdlib.h"
18 #include "ntp_keyacc.h"
19
20 /*
21 * Structure to store keys in in the hash table.
22 */
23 typedef struct savekey symkey;
24
25 struct savekey {
26 symkey * hlink; /* next in hash bucket */
27 DECL_DLIST_LINK(symkey, llink); /* for overall & free lists */
28 u_char * secret; /* shared secret */
29 KeyAccT * keyacclist; /* Private key access list */
30 u_long lifetime; /* remaining lifetime */
31 keyid_t keyid; /* key identifier */
32 u_short type; /* OpenSSL digest NID */
33 size_t secretsize; /* secret octets */
34 u_short flags; /* KEY_ flags that wave */
35 };
36
37 /* define the payload region of symkey beyond the list pointers */
38 #define symkey_payload secret
39
40 #define KEY_TRUSTED 0x001 /* this key is trusted */
41
42 #ifdef DEBUG
43 typedef struct symkey_alloc_tag symkey_alloc;
44
45 struct symkey_alloc_tag {
46 symkey_alloc * link;
47 void * mem; /* enable free() atexit */
48 };
49
50 symkey_alloc * authallocs;
51 #endif /* DEBUG */
52
53 static u_short auth_log2(size_t);
54 static void auth_resize_hashtable(void);
55 static void allocsymkey(keyid_t, u_short,
56 u_short, u_long, size_t, u_char *, KeyAccT *);
57 static void freesymkey(symkey *);
58 #ifdef DEBUG
59 static void free_auth_mem(void);
60 #endif
61
62 symkey key_listhead; /* list of all in-use keys */;
63 /*
64 * The hash table. This is indexed by the low order bits of the
65 * keyid. We make this fairly big for potentially busy servers.
66 */
67 #define DEF_AUTHHASHSIZE 64
68 /*#define HASHMASK ((HASHSIZE)-1)*/
69 #define KEYHASH(keyid) ((keyid) & authhashmask)
70
71 int authhashdisabled;
72 u_short authhashbuckets = DEF_AUTHHASHSIZE;
73 u_short authhashmask = DEF_AUTHHASHSIZE - 1;
74 symkey **key_hash;
75
76 u_long authkeynotfound; /* keys not found */
77 u_long authkeylookups; /* calls to lookup keys */
78 u_long authnumkeys; /* number of active keys */
79 u_long authkeyexpired; /* key lifetime expirations */
80 u_long authkeyuncached; /* cache misses */
81 u_long authnokey; /* calls to encrypt with no key */
82 u_long authencryptions; /* calls to encrypt */
83 u_long authdecryptions; /* calls to decrypt */
84
85 /*
86 * Storage for free symkey structures. We malloc() such things but
87 * never free them.
88 */
89 symkey *authfreekeys;
90 int authnumfreekeys;
91
92 #define MEMINC 16 /* number of new free ones to get */
93
94 /*
95 * The key cache. We cache the last key we looked at here.
96 * Note: this should hold the last *trusted* key. Also the
97 * cache is only loaded when the digest type / MAC algorithm
98 * is valid.
99 */
100 keyid_t cache_keyid; /* key identifier */
101 u_char *cache_secret; /* secret */
102 size_t cache_secretsize; /* secret length */
103 int cache_type; /* OpenSSL digest NID */
104 u_short cache_flags; /* flags that wave */
105 KeyAccT *cache_keyacclist; /* key access list */
106
107 /* --------------------------------------------------------------------
108 * manage key access lists
109 * --------------------------------------------------------------------
110 */
111 /* allocate and populate new access node and pushes it on the list.
112 * Returns the new head.
113 */
114 KeyAccT*
keyacc_new_push(KeyAccT * head,const sockaddr_u * addr,unsigned int subnetbits)115 keyacc_new_push(
116 KeyAccT * head,
117 const sockaddr_u * addr,
118 unsigned int subnetbits
119 )
120 {
121 KeyAccT * node = emalloc(sizeof(KeyAccT));
122
123 memcpy(&node->addr, addr, sizeof(sockaddr_u));
124 node->subnetbits = subnetbits;
125 node->next = head;
126
127 return node;
128 }
129
130 /* ----------------------------------------------------------------- */
131 /* pop and deallocate the first node of a list of access nodes, if
132 * the list is not empty. Returns the tail of the list.
133 */
134 KeyAccT*
keyacc_pop_free(KeyAccT * head)135 keyacc_pop_free(
136 KeyAccT *head
137 )
138 {
139 KeyAccT * next = NULL;
140 if (head) {
141 next = head->next;
142 free(head);
143 }
144 return next;
145 }
146
147 /* ----------------------------------------------------------------- */
148 /* deallocate the list; returns an empty list. */
149 KeyAccT*
keyacc_all_free(KeyAccT * head)150 keyacc_all_free(
151 KeyAccT * head
152 )
153 {
154 while (head)
155 head = keyacc_pop_free(head);
156 return head;
157 }
158
159 /* ----------------------------------------------------------------- */
160 /* scan a list to see if it contains a given address. Return the
161 * default result value in case of an empty list.
162 */
163 int /*BOOL*/
keyacc_contains(const KeyAccT * head,const sockaddr_u * addr,int defv)164 keyacc_contains(
165 const KeyAccT *head,
166 const sockaddr_u *addr,
167 int defv)
168 {
169 if (head) {
170 do {
171 if (keyacc_amatch(&head->addr, addr,
172 head->subnetbits))
173 return TRUE;
174 } while (NULL != (head = head->next));
175 return FALSE;
176 } else {
177 return !!defv;
178 }
179 }
180
181 #if CHAR_BIT != 8
182 # error "don't know how to handle bytes with that bit size"
183 #endif
184
185 /* ----------------------------------------------------------------- */
186 /* check two addresses for a match, taking a prefix length into account
187 * when doing the compare.
188 *
189 * The ISC lib contains a similar function with not entirely specified
190 * semantics, so it seemed somewhat cleaner to do this from scratch.
191 *
192 * Note 1: It *is* assumed that the addresses are stored in network byte
193 * order, that is, most significant byte first!
194 *
195 * Note 2: "no address" compares unequal to all other addresses, even to
196 * itself. This has the same semantics as NaNs have for floats: *any*
197 * relational or equality operation involving a NaN returns FALSE, even
198 * equality with itself. "no address" is either a NULL pointer argument
199 * or an address of type AF_UNSPEC.
200 */
201 int/*BOOL*/
keyacc_amatch(const sockaddr_u * a1,const sockaddr_u * a2,unsigned int mbits)202 keyacc_amatch(
203 const sockaddr_u * a1,
204 const sockaddr_u * a2,
205 unsigned int mbits
206 )
207 {
208 const uint8_t * pm1;
209 const uint8_t * pm2;
210 uint8_t msk;
211 unsigned int len;
212
213 /* 1st check: If any address is not an address, it's inequal. */
214 if ( !a1 || (AF_UNSPEC == AF(a1)) ||
215 !a2 || (AF_UNSPEC == AF(a2)) )
216 return FALSE;
217
218 /* We could check pointers for equality here and shortcut the
219 * other checks if we find object identity. But that use case is
220 * too rare to care for it.
221 */
222
223 /* 2nd check: Address families must be the same. */
224 if (AF(a1) != AF(a2))
225 return FALSE;
226
227 /* type check: address family determines buffer & size */
228 switch (AF(a1)) {
229 case AF_INET:
230 /* IPv4 is easy: clamp size, get byte pointers */
231 if (mbits > sizeof(NSRCADR(a1)) * 8)
232 mbits = sizeof(NSRCADR(a1)) * 8;
233 pm1 = (const void*)&NSRCADR(a1);
234 pm2 = (const void*)&NSRCADR(a2);
235 break;
236
237 case AF_INET6:
238 /* IPv6 is slightly different: Both scopes must match,
239 * too, before we even consider doing a match!
240 */
241 if ( ! SCOPE_EQ(a1, a2))
242 return FALSE;
243 if (mbits > sizeof(NSRCADR6(a1)) * 8)
244 mbits = sizeof(NSRCADR6(a1)) * 8;
245 pm1 = (const void*)&NSRCADR6(a1);
246 pm2 = (const void*)&NSRCADR6(a2);
247 break;
248
249 default:
250 /* don't know how to compare that!?! */
251 return FALSE;
252 }
253
254 /* Split bit length into byte length and partial byte mask.
255 * Note that the byte mask extends from the MSB of a byte down,
256 * and that zero shift (--> mbits % 8 == 0) results in an
257 * all-zero mask.
258 */
259 msk = 0xFFu ^ (0xFFu >> (mbits & 7));
260 len = mbits >> 3;
261
262 /* 3rd check: Do memcmp() over full bytes, if any */
263 if (len && memcmp(pm1, pm2, len))
264 return FALSE;
265
266 /* 4th check: compare last incomplete byte, if any */
267 if (msk && ((pm1[len] ^ pm2[len]) & msk))
268 return FALSE;
269
270 /* If none of the above failed, we're successfully through. */
271 return TRUE;
272 }
273
274 /*
275 * init_auth - initialize internal data
276 */
277 void
init_auth(void)278 init_auth(void)
279 {
280 size_t newalloc;
281
282 /*
283 * Initialize hash table and free list
284 */
285 newalloc = authhashbuckets * sizeof(key_hash[0]);
286
287 key_hash = emalloc_zero(newalloc);
288
289 INIT_DLIST(key_listhead, llink);
290
291 #ifdef DEBUG
292 atexit(&free_auth_mem);
293 #endif
294 }
295
296
297 /*
298 * free_auth_mem - assist in leak detection by freeing all dynamic
299 * allocations from this module.
300 */
301 #ifdef DEBUG
302 static void
free_auth_mem(void)303 free_auth_mem(void)
304 {
305 symkey * sk;
306 symkey_alloc * alloc;
307 symkey_alloc * next_alloc;
308
309 while (NULL != (sk = HEAD_DLIST(key_listhead, llink))) {
310 freesymkey(sk);
311 }
312 free(key_hash);
313 key_hash = NULL;
314 cache_keyid = 0;
315 cache_flags = 0;
316 cache_keyacclist = NULL;
317 for (alloc = authallocs; alloc != NULL; alloc = next_alloc) {
318 next_alloc = alloc->link;
319 free(alloc->mem);
320 }
321 authfreekeys = NULL;
322 authnumfreekeys = 0;
323 }
324 #endif /* DEBUG */
325
326
327 /*
328 * auth_moremem - get some more free key structures
329 */
330 void
auth_moremem(int keycount)331 auth_moremem(
332 int keycount
333 )
334 {
335 symkey * sk;
336 int i;
337 #ifdef DEBUG
338 void * base;
339 symkey_alloc * allocrec;
340 # define MOREMEM_EXTRA_ALLOC (sizeof(*allocrec))
341 #else
342 # define MOREMEM_EXTRA_ALLOC (0)
343 #endif
344
345 i = (keycount > 0)
346 ? keycount
347 : MEMINC;
348 sk = eallocarrayxz(i, sizeof(*sk), MOREMEM_EXTRA_ALLOC);
349 #ifdef DEBUG
350 base = sk;
351 #endif
352 authnumfreekeys += i;
353
354 for (; i > 0; i--, sk++) {
355 LINK_SLIST(authfreekeys, sk, llink.f);
356 }
357
358 #ifdef DEBUG
359 allocrec = (void *)sk;
360 allocrec->mem = base;
361 LINK_SLIST(authallocs, allocrec, link);
362 #endif
363 }
364
365
366 /*
367 * auth_prealloc_symkeys
368 */
369 void
auth_prealloc_symkeys(int keycount)370 auth_prealloc_symkeys(
371 int keycount
372 )
373 {
374 int allocated;
375 int additional;
376
377 allocated = authnumkeys + authnumfreekeys;
378 additional = keycount - allocated;
379 if (additional > 0)
380 auth_moremem(additional);
381 auth_resize_hashtable();
382 }
383
384
385 static u_short
auth_log2(size_t x)386 auth_log2(size_t x)
387 {
388 /*
389 ** bithack to calculate floor(log2(x))
390 **
391 ** This assumes
392 ** - (sizeof(size_t) is a power of two
393 ** - CHAR_BITS is a power of two
394 ** - returning zero for arguments <= 0 is OK.
395 **
396 ** Does only shifts, masks and sums in integer arithmetic in
397 ** log2(CHAR_BIT*sizeof(size_t)) steps. (that is, 5/6 steps for
398 ** 32bit/64bit size_t)
399 */
400 int s;
401 int r = 0;
402 size_t m = ~(size_t)0;
403
404 for (s = sizeof(size_t) / 2 * CHAR_BIT; s != 0; s >>= 1) {
405 m <<= s;
406 if (x & m)
407 r += s;
408 else
409 x <<= s;
410 }
411 return (u_short)r;
412 }
413
414 int/*BOOL*/
415 ipaddr_match_masked(const sockaddr_u *,const sockaddr_u *,
416 unsigned int mbits);
417
418 static void
authcache_flush_id(keyid_t id)419 authcache_flush_id(
420 keyid_t id
421 )
422 {
423 if (cache_keyid == id) {
424 cache_keyid = 0;
425 cache_type = 0;
426 cache_flags = 0;
427 cache_secret = NULL;
428 cache_secretsize = 0;
429 cache_keyacclist = NULL;
430 }
431 }
432
433
434 /*
435 * auth_resize_hashtable
436 *
437 * Size hash table to average 4 or fewer entries per bucket initially,
438 * within the bounds of at least 4 and no more than 15 bits for the hash
439 * table index. Populate the hash table.
440 */
441 static void
auth_resize_hashtable(void)442 auth_resize_hashtable(void)
443 {
444 u_long totalkeys;
445 u_short hashbits;
446 u_short hash;
447 size_t newalloc;
448 symkey * sk;
449
450 totalkeys = authnumkeys + authnumfreekeys;
451 hashbits = auth_log2(totalkeys / 4) + 1;
452 hashbits = max(4, hashbits);
453 hashbits = min(15, hashbits);
454
455 authhashbuckets = 1 << hashbits;
456 authhashmask = authhashbuckets - 1;
457 newalloc = authhashbuckets * sizeof(key_hash[0]);
458
459 key_hash = erealloc(key_hash, newalloc);
460 zero_mem(key_hash, newalloc);
461
462 ITER_DLIST_BEGIN(key_listhead, sk, llink, symkey)
463 hash = KEYHASH(sk->keyid);
464 LINK_SLIST(key_hash[hash], sk, hlink);
465 ITER_DLIST_END()
466 }
467
468
469 /*
470 * allocsymkey - common code to allocate and link in symkey
471 *
472 * secret must be allocated with a free-compatible allocator. It is
473 * owned by the referring symkey structure, and will be free()d by
474 * freesymkey().
475 */
476 static void
allocsymkey(keyid_t id,u_short flags,u_short type,u_long lifetime,size_t secretsize,u_char * secret,KeyAccT * ka)477 allocsymkey(
478 keyid_t id,
479 u_short flags,
480 u_short type,
481 u_long lifetime,
482 size_t secretsize,
483 u_char * secret,
484 KeyAccT * ka
485 )
486 {
487 symkey * sk;
488 symkey ** bucket;
489
490 bucket = &key_hash[KEYHASH(id)];
491
492
493 if (authnumfreekeys < 1)
494 auth_moremem(-1);
495 UNLINK_HEAD_SLIST(sk, authfreekeys, llink.f);
496 DEBUG_ENSURE(sk != NULL);
497 sk->keyid = id;
498 sk->flags = flags;
499 sk->type = type;
500 sk->secretsize = secretsize;
501 sk->secret = secret;
502 sk->keyacclist = ka;
503 sk->lifetime = lifetime;
504 LINK_SLIST(*bucket, sk, hlink);
505 LINK_TAIL_DLIST(key_listhead, sk, llink);
506 authnumfreekeys--;
507 authnumkeys++;
508 }
509
510
511 /*
512 * freesymkey - common code to remove a symkey and recycle its entry.
513 */
514 static void
freesymkey(symkey * sk)515 freesymkey(
516 symkey * sk
517 )
518 {
519 symkey ** bucket;
520 symkey * unlinked;
521
522 if (NULL == sk)
523 return;
524
525 authcache_flush_id(sk->keyid);
526 keyacc_all_free(sk->keyacclist);
527
528 bucket = &key_hash[KEYHASH(sk->keyid)];
529 if (sk->secret != NULL) {
530 zero_mem(sk->secret, sk->secretsize);
531 free(sk->secret);
532 }
533 UNLINK_SLIST(unlinked, *bucket, sk, hlink, symkey);
534 DEBUG_ENSURE(sk == unlinked);
535 UNLINK_DLIST(sk, llink);
536 zero_mem((char *)sk + offsetof(symkey, symkey_payload),
537 sizeof(*sk) - offsetof(symkey, symkey_payload));
538 LINK_SLIST(authfreekeys, sk, llink.f);
539 authnumkeys--;
540 authnumfreekeys++;
541 }
542
543
544 /*
545 * auth_findkey - find a key in the hash table
546 */
547 struct savekey *
auth_findkey(keyid_t id)548 auth_findkey(
549 keyid_t id
550 )
551 {
552 symkey * sk;
553
554 for (sk = key_hash[KEYHASH(id)]; sk != NULL; sk = sk->hlink)
555 if (id == sk->keyid)
556 return sk;
557 return NULL;
558 }
559
560
561 /*
562 * auth_havekey - return TRUE if the key id is zero or known. The
563 * key needs not to be trusted.
564 */
565 int
auth_havekey(keyid_t id)566 auth_havekey(
567 keyid_t id
568 )
569 {
570 return
571 (0 == id) ||
572 (cache_keyid == id) ||
573 (NULL != auth_findkey(id));
574 }
575
576
577 /*
578 * authhavekey - return TRUE and cache the key, if zero or both known
579 * and trusted.
580 */
581 int
authhavekey(keyid_t id)582 authhavekey(
583 keyid_t id
584 )
585 {
586 symkey * sk;
587
588 authkeylookups++;
589 if (0 == id || cache_keyid == id)
590 return !!(KEY_TRUSTED & cache_flags);
591
592 /*
593 * Search the bin for the key. If not found, or found but the key
594 * type is zero, somebody marked it trusted without specifying a
595 * key or key type. In this case consider the key missing.
596 */
597 authkeyuncached++;
598 sk = auth_findkey(id);
599 if ((sk == NULL) || (sk->type == 0)) {
600 authkeynotfound++;
601 return FALSE;
602 }
603
604 /*
605 * If the key is not trusted, the key is not considered found.
606 */
607 if ( ! (KEY_TRUSTED & sk->flags)) {
608 authnokey++;
609 return FALSE;
610 }
611
612 /*
613 * The key is found and trusted. Initialize the key cache.
614 * The cache really should be a struct savekey to streamline
615 * this code. Using a sk pointer would be even faster but more
616 * fragile around pointing to freed memory.
617 */
618 cache_keyid = sk->keyid;
619 cache_type = sk->type;
620 cache_flags = sk->flags;
621 cache_secret = sk->secret;
622 cache_secretsize = sk->secretsize;
623 cache_keyacclist = sk->keyacclist;
624
625 return TRUE;
626 }
627
628
629 /*
630 * authtrust - declare a key to be trusted/untrusted
631 */
632 void
authtrust(keyid_t id,u_long trust)633 authtrust(
634 keyid_t id,
635 u_long trust
636 )
637 {
638 symkey * sk;
639 u_long lifetime;
640
641 /*
642 * Search bin for key; if it does not exist and is untrusted,
643 * forget it.
644 */
645
646 sk = auth_findkey(id);
647 if (!trust && sk == NULL)
648 return;
649
650 /*
651 * There are two conditions remaining. Either it does not
652 * exist and is to be trusted or it does exist and is or is
653 * not to be trusted.
654 */
655 if (sk != NULL) {
656 /*
657 * Key exists. If it is to be trusted, say so and update
658 * its lifetime. If no longer trusted, return it to the
659 * free list. Flush the cache first to be sure there are
660 * no discrepancies.
661 */
662 authcache_flush_id(id);
663 if (trust > 0) {
664 sk->flags |= KEY_TRUSTED;
665 if (trust > 1)
666 sk->lifetime = current_time + trust;
667 else
668 sk->lifetime = 0;
669 } else {
670 freesymkey(sk);
671 }
672 return;
673 }
674
675 /*
676 * keyid is not present, but the is to be trusted. We allocate
677 * a new key, but do not specify a key type or secret.
678 */
679 if (trust > 1) {
680 lifetime = current_time + trust;
681 } else {
682 lifetime = 0;
683 }
684 allocsymkey(id, KEY_TRUSTED, 0, lifetime, 0, NULL, NULL);
685 }
686
687
688 /*
689 * authistrusted - determine whether a key is trusted
690 */
691 int
authistrusted(keyid_t id)692 authistrusted(
693 keyid_t id
694 )
695 {
696 symkey * sk;
697
698 if (id == cache_keyid)
699 return !!(KEY_TRUSTED & cache_flags);
700
701 authkeyuncached++;
702 sk = auth_findkey(id);
703 if (sk == NULL || !(KEY_TRUSTED & sk->flags)) {
704 authkeynotfound++;
705 return FALSE;
706 }
707 return TRUE;
708 }
709
710
711 /*
712 * authistrustedip - determine if the IP is OK for the keyid
713 */
714 int
authistrustedip(keyid_t keyno,sockaddr_u * sau)715 authistrustedip(
716 keyid_t keyno,
717 sockaddr_u * sau
718 )
719 {
720 symkey * sk;
721
722 if (keyno == cache_keyid) {
723 return (KEY_TRUSTED & cache_flags) &&
724 keyacc_contains(cache_keyacclist, sau, TRUE);
725 }
726
727 if (NULL != (sk = auth_findkey(keyno))) {
728 authkeyuncached++;
729 return (KEY_TRUSTED & sk->flags) &&
730 keyacc_contains(sk->keyacclist, sau, TRUE);
731 }
732
733 authkeynotfound++;
734 return FALSE;
735 }
736
737 /* Note: There are two locations below where 'strncpy()' is used. While
738 * this function is a hazard by itself, it's essential that it is used
739 * here. Bug 1243 involved that the secret was filled with NUL bytes
740 * after the first NUL encountered, and 'strlcpy()' simply does NOT have
741 * this behaviour. So disabling the fix and reverting to the buggy
742 * behaviour due to compatibility issues MUST also fill with NUL and
743 * this needs 'strncpy'. Also, the secret is managed as a byte blob of a
744 * given size, and eventually truncating it and replacing the last byte
745 * with a NUL would be a bug.
746 * perlinger@ntp.org 2015-10-10
747 */
748 void
MD5auth_setkey(keyid_t keyno,int keytype,const u_char * key,size_t secretsize,KeyAccT * ka)749 MD5auth_setkey(
750 keyid_t keyno,
751 int keytype,
752 const u_char *key,
753 size_t secretsize,
754 KeyAccT *ka
755 )
756 {
757 symkey * sk;
758 u_char * secret;
759
760 DEBUG_ENSURE(keytype <= USHRT_MAX);
761 DEBUG_ENSURE(secretsize < 4 * 1024);
762 /*
763 * See if we already have the key. If so just stick in the
764 * new value.
765 */
766 sk = auth_findkey(keyno);
767 if (sk != NULL && keyno == sk->keyid) {
768 /* TALOS-CAN-0054: make sure we have a new buffer! */
769 if (NULL != sk->secret) {
770 memset(sk->secret, 0, sk->secretsize);
771 free(sk->secret);
772 }
773 sk->secret = emalloc(secretsize + 1);
774 sk->type = (u_short)keytype;
775 sk->secretsize = secretsize;
776 /* make sure access lists don't leak here! */
777 if (ka != sk->keyacclist) {
778 keyacc_all_free(sk->keyacclist);
779 sk->keyacclist = ka;
780 }
781 #ifndef DISABLE_BUG1243_FIX
782 memcpy(sk->secret, key, secretsize);
783 #else
784 /* >MUST< use 'strncpy()' here! See above! */
785 strncpy((char *)sk->secret, (const char *)key,
786 secretsize);
787 #endif
788 authcache_flush_id(keyno);
789 return;
790 }
791
792 /*
793 * Need to allocate new structure. Do it.
794 */
795 secret = emalloc(secretsize + 1);
796 #ifndef DISABLE_BUG1243_FIX
797 memcpy(secret, key, secretsize);
798 #else
799 /* >MUST< use 'strncpy()' here! See above! */
800 strncpy((char *)secret, (const char *)key, secretsize);
801 #endif
802 allocsymkey(keyno, 0, (u_short)keytype, 0,
803 secretsize, secret, ka);
804 #ifdef DEBUG
805 if (debug >= 1) {
806 size_t j;
807
808 printf("auth_setkey: key %d type %d len %d ", (int)keyno,
809 keytype, (int)secretsize);
810 for (j = 0; j < secretsize; j++) {
811 printf("%02x", secret[j]);
812 }
813 printf("\n");
814 }
815 #endif
816 }
817
818
819 /*
820 * auth_delkeys - delete non-autokey untrusted keys, and clear all info
821 * except the trusted bit of non-autokey trusted keys, in
822 * preparation for rereading the keys file.
823 */
824 void
auth_delkeys(void)825 auth_delkeys(void)
826 {
827 symkey * sk;
828
829 ITER_DLIST_BEGIN(key_listhead, sk, llink, symkey)
830 if (sk->keyid > NTP_MAXKEY) { /* autokey */
831 continue;
832 }
833
834 /*
835 * Don't lose info as to which keys are trusted. Make
836 * sure there are no dangling pointers!
837 */
838 if (KEY_TRUSTED & sk->flags) {
839 if (sk->secret != NULL) {
840 zero_mem(sk->secret, sk->secretsize);
841 free(sk->secret);
842 sk->secret = NULL; /* TALOS-CAN-0054 */
843 }
844 sk->keyacclist = keyacc_all_free(sk->keyacclist);
845 sk->secretsize = 0;
846 sk->lifetime = 0;
847 } else {
848 freesymkey(sk);
849 }
850 ITER_DLIST_END()
851 }
852
853
854 /*
855 * auth_agekeys - delete keys whose lifetimes have expired
856 */
857 void
auth_agekeys(void)858 auth_agekeys(void)
859 {
860 symkey * sk;
861
862 ITER_DLIST_BEGIN(key_listhead, sk, llink, symkey)
863 if (sk->lifetime > 0 && current_time > sk->lifetime) {
864 freesymkey(sk);
865 authkeyexpired++;
866 }
867 ITER_DLIST_END()
868 DPRINTF(1, ("auth_agekeys: at %lu keys %lu expired %lu\n",
869 current_time, authnumkeys, authkeyexpired));
870 }
871
872
873 /*
874 * authencrypt - generate message authenticator
875 *
876 * Returns length of authenticator field, zero if key not found.
877 */
878 size_t
authencrypt(keyid_t keyno,u_int32 * pkt,size_t length)879 authencrypt(
880 keyid_t keyno,
881 u_int32 * pkt,
882 size_t length
883 )
884 {
885 /*
886 * A zero key identifier means the sender has not verified
887 * the last message was correctly authenticated. The MAC
888 * consists of a single word with value zero.
889 */
890 authencryptions++;
891 pkt[length / KEY_MAC_LEN] = htonl(keyno);
892 if (0 == keyno) {
893 return KEY_MAC_LEN;
894 }
895 if (!authhavekey(keyno)) {
896 return 0;
897 }
898
899 return MD5authencrypt(cache_type,
900 cache_secret, cache_secretsize,
901 pkt, length);
902 }
903
904
905 /*
906 * authdecrypt - verify message authenticator
907 *
908 * Returns TRUE if authenticator valid, FALSE if invalid or not found.
909 */
910 int
authdecrypt(keyid_t keyno,u_int32 * pkt,size_t length,size_t size)911 authdecrypt(
912 keyid_t keyno,
913 u_int32 * pkt,
914 size_t length,
915 size_t size
916 )
917 {
918 /*
919 * A zero key identifier means the sender has not verified
920 * the last message was correctly authenticated. For our
921 * purpose this is an invalid authenticator.
922 */
923 authdecryptions++;
924 if (0 == keyno || !authhavekey(keyno) || size < 4) {
925 return FALSE;
926 }
927
928 return MD5authdecrypt(cache_type,
929 cache_secret, cache_secretsize,
930 pkt, length, size, keyno);
931 }
932
933
934 /* password decoding helpers */
935 static size_t
pwdecode_plain(u_char * dst,size_t dstlen,const char * src)936 pwdecode_plain(
937 u_char * dst,
938 size_t dstlen,
939 const char * src
940 )
941 {
942 size_t srclen = strlen(src);
943 if (srclen > dstlen) {
944 errno = ENOMEM;
945 return (size_t)-1;
946 }
947 memcpy(dst, src, srclen);
948 return srclen;
949 }
950
951 static size_t
pwdecode_hex(u_char * dst,size_t dstlen,const char * src)952 pwdecode_hex(
953 u_char * dst,
954 size_t dstlen,
955 const char * src
956 )
957 {
958 static const char hex[] = "00112233445566778899AaBbCcDdEeFf";
959
960 size_t srclen = strlen(src);
961 size_t reslen = (srclen >> 1) + (srclen & 1);
962 u_char tmp;
963 char *ptr;
964 size_t j;
965
966 if (reslen > dstlen) {
967 errno = ENOMEM;
968 reslen = (size_t)-1;
969 } else {
970 for (j = 0; j < srclen; ++j) {
971 tmp = *(const unsigned char*)(src + j);
972 ptr = strchr(hex, tmp);
973 if (ptr == NULL) {
974 errno = EINVAL;
975 reslen = (size_t)-1;
976 break;
977 }
978 tmp = (u_char)((ptr - hex) >> 1);
979 if (j & 1)
980 dst[j >> 1] |= tmp;
981 else
982 dst[j >> 1] = tmp << 4;
983 }
984 }
985 return reslen;
986 }
987 /*
988 * authdecodepw - decode plaintext or hex-encoded password to binary
989 * secret. Returns size of secret in bytes or -1 on error.
990 */
991 size_t
authdecodepw(u_char * dst,size_t dstlen,const char * src,enum AuthPwdEnc enc)992 authdecodepw(
993 u_char * dst,
994 size_t dstlen,
995 const char * src,
996 enum AuthPwdEnc enc
997 )
998 {
999 size_t reslen;
1000
1001 if ( !(dst && dstlen && src)) {
1002 errno = EINVAL;
1003 reslen = (size_t)-1;
1004 } else {
1005 switch (enc) {
1006 case AUTHPWD_UNSPEC:
1007 if (strlen(src) <= 20)
1008 reslen = pwdecode_plain(dst, dstlen, src);
1009 else
1010 reslen = pwdecode_hex(dst, dstlen, src);
1011 break;
1012 case AUTHPWD_PLAIN:
1013 reslen = pwdecode_plain(dst, dstlen, src);
1014 break;
1015 case AUTHPWD_HEX:
1016 reslen = pwdecode_hex(dst, dstlen, src);
1017 break;
1018 default:
1019 errno = EINVAL;
1020 reslen = (size_t)-1;
1021 }
1022 }
1023 return reslen;
1024 }
1025