1 /* Copyright (C) 2009, 2010 Simon Josefsson
2 * Copyright (C) 2006, 2007 The Written Word, Inc. All rights reserved.
3 * Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
4 *
5 * Author: Simon Josefsson
6 *
7 * Redistribution and use in source and binary forms,
8 * with or without modification, are permitted provided
9 * that the following conditions are met:
10 *
11 * Redistributions of source code must retain the above
12 * copyright notice, this list of conditions and the
13 * following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above
16 * copyright notice, this list of conditions and the following
17 * disclaimer in the documentation and/or other materials
18 * provided with the distribution.
19 *
20 * Neither the name of the copyright holder nor the names
21 * of any other contributors may be used to endorse or
22 * promote products derived from this software without
23 * specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
26 * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
27 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
30 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
31 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
32 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
33 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
34 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
35 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
36 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
38 * OF SUCH DAMAGE.
39 */
40
41 #include "libssh2_priv.h"
42
43 #ifdef LIBSSH2_OPENSSL /* compile only if we build with openssl */
44
45 #include <string.h>
46
47 #ifndef EVP_MAX_BLOCK_LENGTH
48 #define EVP_MAX_BLOCK_LENGTH 32
49 #endif
50
51 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
52 static void *
OPENSSL_zalloc(size_t num)53 OPENSSL_zalloc(size_t num)
54 {
55 void *ret = OPENSSL_malloc(num);
56
57 if (ret != NULL)
58 memset(ret, 0, num);
59 return ret;
60 }
61
62 #ifndef LIBRESSL_VERSION_NUMBER
63 HMAC_CTX *
HMAC_CTX_new(void)64 HMAC_CTX_new(void)
65 {
66 HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
67
68 if (ctx != NULL) {
69 HMAC_CTX_init(ctx);
70 }
71 return ctx;
72 }
73
74 void
HMAC_CTX_free(HMAC_CTX * ctx)75 HMAC_CTX_free(HMAC_CTX *ctx)
76 {
77 if (ctx != NULL) {
78 HMAC_CTX_cleanup(ctx);
79 OPENSSL_free(ctx);
80 }
81 }
82
83 static EVP_MD_CTX *
EVP_MD_CTX_new(void)84 EVP_MD_CTX_new(void)
85 {
86 return EVP_MD_CTX_create();
87 }
88
89 static void
EVP_MD_CTX_free(EVP_MD_CTX * ctx)90 EVP_MD_CTX_free(EVP_MD_CTX *ctx)
91 {
92 EVP_MD_CTX_destroy(ctx);
93 }
94
95 static void
RSA_get0_key(const RSA * r,const BIGNUM ** n,const BIGNUM ** e,const BIGNUM ** d)96 RSA_get0_key(const RSA *r,
97 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
98 {
99 if (n != NULL)
100 *n = r->n;
101 if (e != NULL)
102 *e = r->e;
103 if (d != NULL)
104 *d = r->d;
105 }
106
107 static int
RSA_set0_key(RSA * r,BIGNUM * n,BIGNUM * e,BIGNUM * d)108 RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
109 {
110 /* If the fields n and e in r are NULL, the corresponding input
111 * parameters MUST be non-NULL for n and e. d may be
112 * left NULL (in case only the public key is used).
113 */
114 if ((r->n == NULL && n == NULL)
115 || (r->e == NULL && e == NULL))
116 return 0;
117
118 if (n != NULL) {
119 BN_free(r->n);
120 r->n = n;
121 }
122 if (e != NULL) {
123 BN_free(r->e);
124 r->e = e;
125 }
126 if (d != NULL) {
127 BN_free(r->d);
128 r->d = d;
129 }
130
131 return 1;
132 }
133
134 static int
RSA_set0_factors(RSA * r,BIGNUM * p,BIGNUM * q)135 RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
136 {
137 /* If the fields p and q in r are NULL, the corresponding input
138 * parameters MUST be non-NULL.
139 */
140 if ((r->p == NULL && p == NULL)
141 || (r->q == NULL && q == NULL))
142 return 0;
143
144 if (p != NULL) {
145 BN_free(r->p);
146 r->p = p;
147 }
148 if (q != NULL) {
149 BN_free(r->q);
150 r->q = q;
151 }
152
153 return 1;
154 }
155
156 static int
RSA_set0_crt_params(RSA * r,BIGNUM * dmp1,BIGNUM * dmq1,BIGNUM * iqmp)157 RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
158 {
159 /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
160 * parameters MUST be non-NULL.
161 */
162 if ((r->dmp1 == NULL && dmp1 == NULL)
163 || (r->dmq1 == NULL && dmq1 == NULL)
164 || (r->iqmp == NULL && iqmp == NULL))
165 return 0;
166
167 if (dmp1 != NULL) {
168 BN_free(r->dmp1);
169 r->dmp1 = dmp1;
170 }
171 if (dmq1 != NULL) {
172 BN_free(r->dmq1);
173 r->dmq1 = dmq1;
174 }
175 if (iqmp != NULL) {
176 BN_free(r->iqmp);
177 r->iqmp = iqmp;
178 }
179
180 return 1;
181 }
182
183 static void
DSA_get0_pqg(const DSA * d,const BIGNUM ** p,const BIGNUM ** q,const BIGNUM ** g)184 DSA_get0_pqg(const DSA *d,
185 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
186 {
187 if (p != NULL)
188 *p = d->p;
189 if (q != NULL)
190 *q = d->q;
191 if (g != NULL)
192 *g = d->g;
193 }
194
195 static int
DSA_set0_pqg(DSA * d,BIGNUM * p,BIGNUM * q,BIGNUM * g)196 DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
197 {
198 /* If the fields p, q and g in d are NULL, the corresponding input
199 * parameters MUST be non-NULL.
200 */
201 if ((d->p == NULL && p == NULL)
202 || (d->q == NULL && q == NULL)
203 || (d->g == NULL && g == NULL))
204 return 0;
205
206 if (p != NULL) {
207 BN_free(d->p);
208 d->p = p;
209 }
210 if (q != NULL) {
211 BN_free(d->q);
212 d->q = q;
213 }
214 if (g != NULL) {
215 BN_free(d->g);
216 d->g = g;
217 }
218
219 return 1;
220 }
221
222 static void
DSA_get0_key(const DSA * d,const BIGNUM ** pub_key,const BIGNUM ** priv_key)223 DSA_get0_key(const DSA *d,
224 const BIGNUM **pub_key, const BIGNUM **priv_key)
225 {
226 if (pub_key != NULL)
227 *pub_key = d->pub_key;
228 if (priv_key != NULL)
229 *priv_key = d->priv_key;
230 }
231
232 static int
DSA_set0_key(DSA * d,BIGNUM * pub_key,BIGNUM * priv_key)233 DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
234 {
235 /* If the field pub_key in d is NULL, the corresponding input
236 * parameters MUST be non-NULL. The priv_key field may
237 * be left NULL.
238 */
239 if (d->pub_key == NULL && pub_key == NULL)
240 return 0;
241
242 if (pub_key != NULL) {
243 BN_free(d->pub_key);
244 d->pub_key = pub_key;
245 }
246 if (priv_key != NULL) {
247 BN_free(d->priv_key);
248 d->priv_key = priv_key;
249 }
250
251 return 1;
252 }
253
254 static int
DSA_SIG_set0(DSA_SIG * sig,BIGNUM * r,BIGNUM * s)255 DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
256 {
257 if (r == NULL || s == NULL)
258 return 0;
259 BN_clear_free(sig->r);
260 BN_clear_free(sig->s);
261 sig->r = r;
262 sig->s = s;
263 return 1;
264 }
265
266 static void
DSA_SIG_get0(const DSA_SIG * sig,const BIGNUM ** pr,const BIGNUM ** ps)267 DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
268 {
269 if (pr != NULL)
270 *pr = sig->r;
271 if (ps != NULL)
272 *ps = sig->s;
273 }
274 #endif /* !LIBRESSL_VERSION */
275
276 static EVP_CIPHER *
EVP_CIPHER_meth_new(int cipher_type,int block_size,int key_len)277 EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
278 {
279 EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
280
281 if (cipher != NULL) {
282 cipher->nid = cipher_type;
283 cipher->block_size = block_size;
284 cipher->key_len = key_len;
285 }
286 return cipher;
287 }
288
289 static int
EVP_CIPHER_meth_set_iv_length(EVP_CIPHER * cipher,int iv_len)290 EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
291 {
292 cipher->iv_len = iv_len;
293 return 1;
294 }
295
296 static int
EVP_CIPHER_meth_set_init(EVP_CIPHER * cipher,int (* init)(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc))297 EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
298 int (*init) (EVP_CIPHER_CTX *ctx,
299 const unsigned char *key,
300 const unsigned char *iv,
301 int enc))
302 {
303 cipher->init = init;
304 return 1;
305 }
306
307 static int
EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER * cipher,int (* do_cipher)(EVP_CIPHER_CTX * ctx,unsigned char * out,const unsigned char * in,size_t inl))308 EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
309 int (*do_cipher) (EVP_CIPHER_CTX *ctx,
310 unsigned char *out,
311 const unsigned char *in,
312 size_t inl))
313 {
314 cipher->do_cipher = do_cipher;
315 return 1;
316 }
317
318 static int
EVP_CIPHER_meth_set_cleanup(EVP_CIPHER * cipher,int (* cleanup)(EVP_CIPHER_CTX *))319 EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
320 int (*cleanup) (EVP_CIPHER_CTX *))
321 {
322 cipher->cleanup = cleanup;
323 return 1;
324 }
325 #endif
326
327 int
_libssh2_rsa_new(libssh2_rsa_ctx ** rsa,const unsigned char * edata,unsigned long elen,const unsigned char * ndata,unsigned long nlen,const unsigned char * ddata,unsigned long dlen,const unsigned char * pdata,unsigned long plen,const unsigned char * qdata,unsigned long qlen,const unsigned char * e1data,unsigned long e1len,const unsigned char * e2data,unsigned long e2len,const unsigned char * coeffdata,unsigned long coefflen)328 _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
329 const unsigned char *edata,
330 unsigned long elen,
331 const unsigned char *ndata,
332 unsigned long nlen,
333 const unsigned char *ddata,
334 unsigned long dlen,
335 const unsigned char *pdata,
336 unsigned long plen,
337 const unsigned char *qdata,
338 unsigned long qlen,
339 const unsigned char *e1data,
340 unsigned long e1len,
341 const unsigned char *e2data,
342 unsigned long e2len,
343 const unsigned char *coeffdata, unsigned long coefflen)
344 {
345 *rsa = RSA_new();
346 BIGNUM *e, *n;
347
348 e = BN_new();
349 BN_bin2bn(edata, elen, e);
350
351 n = BN_new();
352 BN_bin2bn(ndata, nlen, n);
353
354 RSA_set0_key(*rsa, n, e, NULL);
355
356 if (ddata) {
357 BIGNUM *d;
358 BIGNUM *p, *q, *dmp1, *dmq1, *iqmp;
359
360 d = BN_new();
361 BN_bin2bn(ddata, dlen, d);
362
363 RSA_set0_key(*rsa, 0, 0, d);
364
365 p = BN_new();
366 BN_bin2bn(pdata, plen, p);
367
368 q = BN_new();
369 BN_bin2bn(qdata, qlen, q);
370
371 RSA_set0_factors(*rsa, p, q);
372
373 dmp1 = BN_new();
374 BN_bin2bn(e1data, e1len, dmp1);
375
376 dmq1 = BN_new();
377 BN_bin2bn(e2data, e2len, dmq1);
378
379 iqmp = BN_new();
380 BN_bin2bn(coeffdata, coefflen, iqmp);
381
382 RSA_set0_crt_params(*rsa, dmp1, dmq1, iqmp);
383 }
384 return 0;
385 }
386
387 int
_libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsactx,const unsigned char * sig,unsigned long sig_len,const unsigned char * m,unsigned long m_len)388 _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsactx,
389 const unsigned char *sig,
390 unsigned long sig_len,
391 const unsigned char *m, unsigned long m_len)
392 {
393 unsigned char hash[SHA_DIGEST_LENGTH];
394 int ret;
395
396 if (_libssh2_sha1(m, m_len, hash))
397 return -1; /* failure */
398 ret = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
399 (unsigned char *) sig, sig_len, rsactx);
400 return (ret == 1) ? 0 : -1;
401 }
402
403 #if LIBSSH2_DSA
404 int
_libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,const unsigned char * p,unsigned long p_len,const unsigned char * q,unsigned long q_len,const unsigned char * g,unsigned long g_len,const unsigned char * y,unsigned long y_len,const unsigned char * x,unsigned long x_len)405 _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,
406 const unsigned char *p,
407 unsigned long p_len,
408 const unsigned char *q,
409 unsigned long q_len,
410 const unsigned char *g,
411 unsigned long g_len,
412 const unsigned char *y,
413 unsigned long y_len,
414 const unsigned char *x, unsigned long x_len)
415 {
416 BIGNUM *pn, *qn, *gn;
417 BIGNUM *pub_key, *priv_key;
418
419 *dsactx = DSA_new();
420
421 pn = BN_new();
422 BN_bin2bn(p, p_len, pn);
423
424 qn = BN_new();
425 BN_bin2bn(q, q_len, qn);
426
427 gn = BN_new();
428 BN_bin2bn(g, g_len, gn);
429
430 DSA_set0_pqg(*dsactx, pn, qn, gn);
431
432 pub_key = BN_new();
433 BN_bin2bn(y, y_len, pub_key);
434
435 if (x_len) {
436 priv_key = BN_new();
437 BN_bin2bn(x, x_len, priv_key);
438 } else {
439 priv_key = NULL;
440 }
441
442 DSA_set0_key(*dsactx, pub_key, priv_key);
443
444 return 0;
445 }
446
447 int
_libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,const unsigned char * sig,const unsigned char * m,unsigned long m_len)448 _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,
449 const unsigned char *sig,
450 const unsigned char *m, unsigned long m_len)
451 {
452 unsigned char hash[SHA_DIGEST_LENGTH];
453 DSA_SIG *dsasig;
454 BIGNUM *r, *s;
455 int ret = -1;
456
457 dsasig = DSA_SIG_new();
458 r = BN_new();
459 BN_bin2bn(sig, 20, r);
460 s = BN_new();
461 BN_bin2bn(sig + 20, 20, s);
462 DSA_SIG_set0(dsasig, r, s);
463
464 if (!_libssh2_sha1(m, m_len, hash))
465 /* _libssh2_sha1() succeeded */
466 ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, dsasig, dsactx);
467
468 DSA_SIG_free(dsasig);
469
470 return (ret == 1) ? 0 : -1;
471 }
472 #endif /* LIBSSH_DSA */
473
474 int
_libssh2_cipher_init(_libssh2_cipher_ctx * h,_libssh2_cipher_type (algo),unsigned char * iv,unsigned char * secret,int encrypt)475 _libssh2_cipher_init(_libssh2_cipher_ctx * h,
476 _libssh2_cipher_type(algo),
477 unsigned char *iv, unsigned char *secret, int encrypt)
478 {
479 *h = EVP_CIPHER_CTX_new();
480 return !EVP_CipherInit(*h, algo(), secret, iv, encrypt);
481 }
482
483 int
_libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,_libssh2_cipher_type (algo),int encrypt,unsigned char * block,size_t blocksize)484 _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
485 _libssh2_cipher_type(algo),
486 int encrypt, unsigned char *block, size_t blocksize)
487 {
488 unsigned char buf[EVP_MAX_BLOCK_LENGTH];
489 int ret;
490 (void) algo;
491 (void) encrypt;
492
493 ret = EVP_Cipher(*ctx, buf, block, blocksize);
494 if (ret == 1) {
495 memcpy(block, buf, blocksize);
496 }
497 return ret == 1 ? 0 : 1;
498 }
499
500 #if LIBSSH2_AES_CTR
501
502 #include <openssl/aes.h>
503 #include <openssl/evp.h>
504
505 typedef struct
506 {
507 AES_KEY key;
508 EVP_CIPHER_CTX *aes_ctx;
509 unsigned char ctr[AES_BLOCK_SIZE];
510 } aes_ctr_ctx;
511
512 static int
aes_ctr_init(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc)513 aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
514 const unsigned char *iv, int enc) /* init key */
515 {
516 /*
517 * variable "c" is leaked from this scope, but is later freed
518 * in aes_ctr_cleanup
519 */
520 aes_ctr_ctx *c;
521 const EVP_CIPHER *aes_cipher;
522 (void) enc;
523
524 switch (EVP_CIPHER_CTX_key_length(ctx)) {
525 case 16:
526 aes_cipher = EVP_aes_128_ecb();
527 break;
528 case 24:
529 aes_cipher = EVP_aes_192_ecb();
530 break;
531 case 32:
532 aes_cipher = EVP_aes_256_ecb();
533 break;
534 default:
535 return 0;
536 }
537
538 c = malloc(sizeof(*c));
539 if (c == NULL)
540 return 0;
541
542 c->aes_ctx = EVP_CIPHER_CTX_new();
543 if (c->aes_ctx == NULL) {
544 free(c);
545 return 0;
546 }
547
548 if (EVP_EncryptInit(c->aes_ctx, aes_cipher, key, NULL) != 1) {
549 free(c->aes_ctx);
550 free(c);
551 return 0;
552 }
553
554 EVP_CIPHER_CTX_set_padding(c->aes_ctx, 0);
555
556 memcpy(c->ctr, iv, AES_BLOCK_SIZE);
557
558 EVP_CIPHER_CTX_set_app_data(ctx, c);
559
560 return 1;
561 }
562
563 static int
aes_ctr_do_cipher(EVP_CIPHER_CTX * ctx,unsigned char * out,const unsigned char * in,size_t inl)564 aes_ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
565 const unsigned char *in,
566 size_t inl) /* encrypt/decrypt data */
567 {
568 aes_ctr_ctx *c = EVP_CIPHER_CTX_get_app_data(ctx);
569 unsigned char b1[AES_BLOCK_SIZE];
570 size_t i = 0;
571 int outlen = 0;
572
573 if (inl != 16) /* libssh2 only ever encrypt one block */
574 return 0;
575
576 if (c == NULL) {
577 return 0;
578 }
579
580 /*
581 To encrypt a packet P=P1||P2||...||Pn (where P1, P2, ..., Pn are each
582 blocks of length L), the encryptor first encrypts <X> with <cipher>
583 to obtain a block B1. The block B1 is then XORed with P1 to generate
584 the ciphertext block C1. The counter X is then incremented
585 */
586
587 if (EVP_EncryptUpdate(c->aes_ctx, b1, &outlen, c->ctr, AES_BLOCK_SIZE) != 1) {
588 return 0;
589 }
590
591 for (i = 0; i < 16; i++)
592 *out++ = *in++ ^ b1[i];
593
594 i = 15;
595 while (c->ctr[i]++ == 0xFF) {
596 if (i == 0)
597 break;
598 i--;
599 }
600
601 return 1;
602 }
603
604 static int
aes_ctr_cleanup(EVP_CIPHER_CTX * ctx)605 aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) /* cleanup ctx */
606 {
607 aes_ctr_ctx *c = EVP_CIPHER_CTX_get_app_data(ctx);
608
609 if (c == NULL) {
610 return 1;
611 }
612
613 if (c->aes_ctx != NULL) {
614 _libssh2_cipher_dtor(&(c->aes_ctx));
615 free(c->aes_ctx);
616 }
617
618 free(c);
619
620 return 1;
621 }
622
623 static const EVP_CIPHER *
make_ctr_evp(size_t keylen,EVP_CIPHER ** aes_ctr_cipher)624 make_ctr_evp (size_t keylen, EVP_CIPHER **aes_ctr_cipher)
625 {
626 if (*aes_ctr_cipher == NULL) {
627 *aes_ctr_cipher = EVP_CIPHER_meth_new(0, 16, keylen);
628 if (*aes_ctr_cipher != NULL) {
629 EVP_CIPHER_meth_set_iv_length(*aes_ctr_cipher, 16);
630 EVP_CIPHER_meth_set_init(*aes_ctr_cipher, aes_ctr_init);
631 EVP_CIPHER_meth_set_do_cipher(*aes_ctr_cipher, aes_ctr_do_cipher);
632 EVP_CIPHER_meth_set_cleanup(*aes_ctr_cipher, aes_ctr_cleanup);
633 }
634 }
635
636 return *aes_ctr_cipher;
637 }
638
639 const EVP_CIPHER *
_libssh2_EVP_aes_128_ctr(void)640 _libssh2_EVP_aes_128_ctr(void)
641 {
642 static EVP_CIPHER *aes_ctr_cipher;
643 return make_ctr_evp(16, &aes_ctr_cipher);
644 }
645
646 const EVP_CIPHER *
_libssh2_EVP_aes_192_ctr(void)647 _libssh2_EVP_aes_192_ctr(void)
648 {
649 static EVP_CIPHER *aes_ctr_cipher;
650 return make_ctr_evp(24, &aes_ctr_cipher);
651 }
652
653 const EVP_CIPHER *
_libssh2_EVP_aes_256_ctr(void)654 _libssh2_EVP_aes_256_ctr(void)
655 {
656 static EVP_CIPHER *aes_ctr_cipher;
657 return make_ctr_evp(32, &aes_ctr_cipher);
658 }
659
_libssh2_init_aes_ctr(void)660 void _libssh2_init_aes_ctr(void)
661 {
662 _libssh2_EVP_aes_128_ctr();
663 _libssh2_EVP_aes_192_ctr();
664 _libssh2_EVP_aes_256_ctr();
665 }
666
667 #else
_libssh2_init_aes_ctr(void)668 void _libssh2_init_aes_ctr(void) {}
669 #endif /* LIBSSH2_AES_CTR */
670
671 /* TODO: Optionally call a passphrase callback specified by the
672 * calling program
673 */
674 static int
passphrase_cb(char * buf,int size,int rwflag,char * passphrase)675 passphrase_cb(char *buf, int size, int rwflag, char *passphrase)
676 {
677 int passphrase_len = strlen(passphrase);
678 (void) rwflag;
679
680 if (passphrase_len > (size - 1)) {
681 passphrase_len = size - 1;
682 }
683 memcpy(buf, passphrase, passphrase_len);
684 buf[passphrase_len] = '\0';
685
686 return passphrase_len;
687 }
688
689 typedef void * (*pem_read_bio_func)(BIO *, void **, pem_password_cb *,
690 void * u);
691
692 static int
read_private_key_from_memory(void ** key_ctx,pem_read_bio_func read_private_key,const char * filedata,size_t filedata_len,unsigned const char * passphrase)693 read_private_key_from_memory(void ** key_ctx,
694 pem_read_bio_func read_private_key,
695 const char * filedata,
696 size_t filedata_len,
697 unsigned const char *passphrase)
698 {
699 BIO * bp;
700
701 *key_ctx = NULL;
702
703 bp = BIO_new_mem_buf((char *)filedata, filedata_len);
704 if (!bp) {
705 return -1;
706 }
707 *key_ctx = read_private_key(bp, NULL, (pem_password_cb *) passphrase_cb,
708 (void *) passphrase);
709
710 BIO_free(bp);
711 return (*key_ctx) ? 0 : -1;
712 }
713
714 static int
read_private_key_from_file(void ** key_ctx,pem_read_bio_func read_private_key,const char * filename,unsigned const char * passphrase)715 read_private_key_from_file(void ** key_ctx,
716 pem_read_bio_func read_private_key,
717 const char * filename,
718 unsigned const char *passphrase)
719 {
720 BIO * bp;
721
722 *key_ctx = NULL;
723
724 bp = BIO_new_file(filename, "r");
725 if (!bp) {
726 return -1;
727 }
728
729 *key_ctx = read_private_key(bp, NULL, (pem_password_cb *) passphrase_cb,
730 (void *) passphrase);
731
732 BIO_free(bp);
733 return (*key_ctx) ? 0 : -1;
734 }
735
736 int
_libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa,LIBSSH2_SESSION * session,const char * filedata,size_t filedata_len,unsigned const char * passphrase)737 _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa,
738 LIBSSH2_SESSION * session,
739 const char *filedata, size_t filedata_len,
740 unsigned const char *passphrase)
741 {
742 pem_read_bio_func read_rsa =
743 (pem_read_bio_func) &PEM_read_bio_RSAPrivateKey;
744 (void) session;
745
746 _libssh2_init_if_needed();
747
748 return read_private_key_from_memory((void **) rsa, read_rsa,
749 filedata, filedata_len, passphrase);
750 }
751
752 int
_libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,LIBSSH2_SESSION * session,const char * filename,unsigned const char * passphrase)753 _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
754 LIBSSH2_SESSION * session,
755 const char *filename, unsigned const char *passphrase)
756 {
757 pem_read_bio_func read_rsa =
758 (pem_read_bio_func) &PEM_read_bio_RSAPrivateKey;
759 (void) session;
760
761 _libssh2_init_if_needed ();
762
763 return read_private_key_from_file((void **) rsa, read_rsa,
764 filename, passphrase);
765 }
766
767 #if LIBSSH2_DSA
768 int
_libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa,LIBSSH2_SESSION * session,const char * filedata,size_t filedata_len,unsigned const char * passphrase)769 _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa,
770 LIBSSH2_SESSION * session,
771 const char *filedata, size_t filedata_len,
772 unsigned const char *passphrase)
773 {
774 pem_read_bio_func read_dsa =
775 (pem_read_bio_func) &PEM_read_bio_DSAPrivateKey;
776 (void) session;
777
778 _libssh2_init_if_needed();
779
780 return read_private_key_from_memory((void **) dsa, read_dsa,
781 filedata, filedata_len, passphrase);
782 }
783
784 int
_libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,LIBSSH2_SESSION * session,const char * filename,unsigned const char * passphrase)785 _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
786 LIBSSH2_SESSION * session,
787 const char *filename, unsigned const char *passphrase)
788 {
789 pem_read_bio_func read_dsa =
790 (pem_read_bio_func) &PEM_read_bio_DSAPrivateKey;
791 (void) session;
792
793 _libssh2_init_if_needed ();
794
795 return read_private_key_from_file((void **) dsa, read_dsa,
796 filename, passphrase);
797 }
798 #endif /* LIBSSH_DSA */
799
800 int
_libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session,libssh2_rsa_ctx * rsactx,const unsigned char * hash,size_t hash_len,unsigned char ** signature,size_t * signature_len)801 _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session,
802 libssh2_rsa_ctx * rsactx,
803 const unsigned char *hash,
804 size_t hash_len,
805 unsigned char **signature, size_t *signature_len)
806 {
807 int ret;
808 unsigned char *sig;
809 unsigned int sig_len;
810
811 sig_len = RSA_size(rsactx);
812 sig = LIBSSH2_ALLOC(session, sig_len);
813
814 if (!sig) {
815 return -1;
816 }
817
818 ret = RSA_sign(NID_sha1, hash, hash_len, sig, &sig_len, rsactx);
819
820 if (!ret) {
821 LIBSSH2_FREE(session, sig);
822 return -1;
823 }
824
825 *signature = sig;
826 *signature_len = sig_len;
827
828 return 0;
829 }
830
831 #if LIBSSH2_DSA
832 int
_libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,const unsigned char * hash,unsigned long hash_len,unsigned char * signature)833 _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
834 const unsigned char *hash,
835 unsigned long hash_len, unsigned char *signature)
836 {
837 DSA_SIG *sig;
838 const BIGNUM *r, *s;
839 int r_len, s_len;
840 (void) hash_len;
841
842 sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx);
843 if (!sig) {
844 return -1;
845 }
846
847 DSA_SIG_get0(sig, &r, &s);
848 r_len = BN_num_bytes(r);
849 if (r_len < 1 || r_len > 20) {
850 DSA_SIG_free(sig);
851 return -1;
852 }
853 s_len = BN_num_bytes(s);
854 if (s_len < 1 || s_len > 20) {
855 DSA_SIG_free(sig);
856 return -1;
857 }
858
859 memset(signature, 0, 40);
860
861 BN_bn2bin(r, signature + (20 - r_len));
862 BN_bn2bin(s, signature + 20 + (20 - s_len));
863
864 DSA_SIG_free(sig);
865
866 return 0;
867 }
868 #endif /* LIBSSH_DSA */
869
870 void
_libssh2_digest_final(libssh2_md5_ctx ctx,unsigned char * out)871 _libssh2_digest_final(libssh2_md5_ctx ctx, unsigned char *out)
872 {
873 EVP_DigestFinal(ctx, out, NULL);
874 EVP_MD_CTX_free(ctx);
875 }
876
877 int
_libssh2_sha1_init(libssh2_sha1_ctx * ctx)878 _libssh2_sha1_init(libssh2_sha1_ctx *ctx)
879 {
880 EVP_MD_CTX_init(*ctx);
881 return EVP_DigestInit(*ctx, EVP_get_digestbyname("sha1"));
882 }
883
884 int
_libssh2_sha1(const unsigned char * message,unsigned long len,unsigned char * out)885 _libssh2_sha1(const unsigned char *message, unsigned long len,
886 unsigned char *out)
887 {
888 EVP_MD_CTX *ctx;
889
890 ctx = EVP_MD_CTX_new();
891 if (EVP_DigestInit(ctx, EVP_get_digestbyname("sha1"))) {
892 EVP_DigestUpdate(ctx, message, len);
893 EVP_DigestFinal(ctx, out, NULL);
894 EVP_MD_CTX_free(ctx);
895 return 0; /* success */
896 }
897 EVP_MD_CTX_free(ctx);
898 return 1; /* error */
899 }
900
901 int
_libssh2_sha256_init(libssh2_sha256_ctx * ctx)902 _libssh2_sha256_init(libssh2_sha256_ctx *ctx)
903 {
904 EVP_MD_CTX_init(*ctx);
905 return EVP_DigestInit(*ctx, EVP_get_digestbyname("sha256"));
906 }
907
908 int
_libssh2_sha256(const unsigned char * message,unsigned long len,unsigned char * out)909 _libssh2_sha256(const unsigned char *message, unsigned long len,
910 unsigned char *out)
911 {
912 EVP_MD_CTX *ctx;
913
914 ctx = EVP_MD_CTX_new();
915 if(EVP_DigestInit(ctx, EVP_get_digestbyname("sha256"))) {
916 EVP_DigestUpdate(ctx, message, len);
917 EVP_DigestFinal(ctx, out, NULL);
918 EVP_MD_CTX_free(ctx);
919 return 0; /* success */
920 }
921 EVP_MD_CTX_free(ctx);
922 return 1; /* error */
923 }
924
925 int
_libssh2_md5_init(libssh2_md5_ctx * ctx)926 _libssh2_md5_init(libssh2_md5_ctx *ctx)
927 {
928 EVP_MD_CTX_init(*ctx);
929 return EVP_DigestInit(*ctx, EVP_get_digestbyname("md5"));
930 }
931
932 static unsigned char *
write_bn(unsigned char * buf,const BIGNUM * bn,int bn_bytes)933 write_bn(unsigned char *buf, const BIGNUM *bn, int bn_bytes)
934 {
935 unsigned char *p = buf;
936
937 /* Left space for bn size which will be written below. */
938 p += 4;
939
940 *p = 0;
941 BN_bn2bin(bn, p + 1);
942 if (!(*(p + 1) & 0x80)) {
943 memmove(p, p + 1, --bn_bytes);
944 }
945 _libssh2_htonu32(p - 4, bn_bytes); /* Post write bn size. */
946
947 return p + bn_bytes;
948 }
949
950 static unsigned char *
gen_publickey_from_rsa(LIBSSH2_SESSION * session,RSA * rsa,size_t * key_len)951 gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
952 size_t *key_len)
953 {
954 const BIGNUM *e, *n;
955 int e_bytes, n_bytes;
956 unsigned long len;
957 unsigned char* key;
958 unsigned char* p;
959
960 RSA_get0_key(rsa, &n, &e, NULL);
961 e_bytes = BN_num_bytes(e) + 1;
962 n_bytes = BN_num_bytes(n) + 1;
963
964 /* Key form is "ssh-rsa" + e + n. */
965 len = 4 + 7 + 4 + e_bytes + 4 + n_bytes;
966
967 key = LIBSSH2_ALLOC(session, len);
968 if (key == NULL) {
969 return NULL;
970 }
971
972 /* Process key encoding. */
973 p = key;
974
975 _libssh2_htonu32(p, 7); /* Key type. */
976 p += 4;
977 memcpy(p, "ssh-rsa", 7);
978 p += 7;
979
980 p = write_bn(p, e, e_bytes);
981 p = write_bn(p, n, n_bytes);
982
983 *key_len = (size_t)(p - key);
984 return key;
985 }
986
987 #if LIBSSH2_DSA
988 static unsigned char *
gen_publickey_from_dsa(LIBSSH2_SESSION * session,DSA * dsa,size_t * key_len)989 gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
990 size_t *key_len)
991 {
992 const BIGNUM *pn, *qn, *gn, *pub_key;
993 int p_bytes, q_bytes, g_bytes, k_bytes;
994 unsigned long len;
995 unsigned char* key;
996 unsigned char* p;
997
998 DSA_get0_pqg(dsa, &pn, &qn, &gn);
999 p_bytes = BN_num_bytes(pn) + 1;
1000 q_bytes = BN_num_bytes(qn) + 1;
1001 g_bytes = BN_num_bytes(gn) + 1;
1002 DSA_get0_key(dsa, &pub_key, NULL);
1003 k_bytes = BN_num_bytes(pub_key) + 1;
1004
1005 /* Key form is "ssh-dss" + p + q + g + pub_key. */
1006 len = 4 + 7 + 4 + p_bytes + 4 + q_bytes + 4 + g_bytes + 4 + k_bytes;
1007
1008 key = LIBSSH2_ALLOC(session, len);
1009 if (key == NULL) {
1010 return NULL;
1011 }
1012
1013 /* Process key encoding. */
1014 p = key;
1015
1016 _libssh2_htonu32(p, 7); /* Key type. */
1017 p += 4;
1018 memcpy(p, "ssh-dss", 7);
1019 p += 7;
1020
1021 p = write_bn(p, pn, p_bytes);
1022 p = write_bn(p, qn, q_bytes);
1023 p = write_bn(p, gn, g_bytes);
1024 p = write_bn(p, pub_key, k_bytes);
1025
1026 *key_len = (size_t)(p - key);
1027 return key;
1028 }
1029 #endif /* LIBSSH_DSA */
1030
1031 static int
gen_publickey_from_rsa_evp(LIBSSH2_SESSION * session,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,EVP_PKEY * pk)1032 gen_publickey_from_rsa_evp(LIBSSH2_SESSION *session,
1033 unsigned char **method,
1034 size_t *method_len,
1035 unsigned char **pubkeydata,
1036 size_t *pubkeydata_len,
1037 EVP_PKEY *pk)
1038 {
1039 RSA* rsa = NULL;
1040 unsigned char* key;
1041 unsigned char* method_buf = NULL;
1042 size_t key_len;
1043
1044 _libssh2_debug(session,
1045 LIBSSH2_TRACE_AUTH,
1046 "Computing public key from RSA private key envelop");
1047
1048 rsa = EVP_PKEY_get1_RSA(pk);
1049 if (rsa == NULL) {
1050 /* Assume memory allocation error... what else could it be ? */
1051 goto __alloc_error;
1052 }
1053
1054 method_buf = LIBSSH2_ALLOC(session, 7); /* ssh-rsa. */
1055 if (method_buf == NULL) {
1056 goto __alloc_error;
1057 }
1058
1059 key = gen_publickey_from_rsa(session, rsa, &key_len);
1060 if (key == NULL) {
1061 goto __alloc_error;
1062 }
1063 RSA_free(rsa);
1064
1065 memcpy(method_buf, "ssh-rsa", 7);
1066 *method = method_buf;
1067 *method_len = 7;
1068 *pubkeydata = key;
1069 *pubkeydata_len = key_len;
1070 return 0;
1071
1072 __alloc_error:
1073 if (rsa != NULL) {
1074 RSA_free(rsa);
1075 }
1076 if (method_buf != NULL) {
1077 LIBSSH2_FREE(session, method_buf);
1078 }
1079
1080 return _libssh2_error(session,
1081 LIBSSH2_ERROR_ALLOC,
1082 "Unable to allocate memory for private key data");
1083 }
1084
1085 #if LIBSSH2_DSA
1086 static int
gen_publickey_from_dsa_evp(LIBSSH2_SESSION * session,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,EVP_PKEY * pk)1087 gen_publickey_from_dsa_evp(LIBSSH2_SESSION *session,
1088 unsigned char **method,
1089 size_t *method_len,
1090 unsigned char **pubkeydata,
1091 size_t *pubkeydata_len,
1092 EVP_PKEY *pk)
1093 {
1094 DSA* dsa = NULL;
1095 unsigned char* key;
1096 unsigned char* method_buf = NULL;
1097 size_t key_len;
1098
1099 _libssh2_debug(session,
1100 LIBSSH2_TRACE_AUTH,
1101 "Computing public key from DSA private key envelop");
1102
1103 dsa = EVP_PKEY_get1_DSA(pk);
1104 if (dsa == NULL) {
1105 /* Assume memory allocation error... what else could it be ? */
1106 goto __alloc_error;
1107 }
1108
1109 method_buf = LIBSSH2_ALLOC(session, 7); /* ssh-dss. */
1110 if (method_buf == NULL) {
1111 goto __alloc_error;
1112 }
1113
1114 key = gen_publickey_from_dsa(session, dsa, &key_len);
1115 if (key == NULL) {
1116 goto __alloc_error;
1117 }
1118 DSA_free(dsa);
1119
1120 memcpy(method_buf, "ssh-dss", 7);
1121 *method = method_buf;
1122 *method_len = 7;
1123 *pubkeydata = key;
1124 *pubkeydata_len = key_len;
1125 return 0;
1126
1127 __alloc_error:
1128 if (dsa != NULL) {
1129 DSA_free(dsa);
1130 }
1131 if (method_buf != NULL) {
1132 LIBSSH2_FREE(session, method_buf);
1133 }
1134
1135 return _libssh2_error(session,
1136 LIBSSH2_ERROR_ALLOC,
1137 "Unable to allocate memory for private key data");
1138 }
1139 #endif /* LIBSSH_DSA */
1140
1141 int
_libssh2_pub_priv_keyfile(LIBSSH2_SESSION * session,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,const char * privatekey,const char * passphrase)1142 _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
1143 unsigned char **method,
1144 size_t *method_len,
1145 unsigned char **pubkeydata,
1146 size_t *pubkeydata_len,
1147 const char *privatekey,
1148 const char *passphrase)
1149 {
1150 int st;
1151 BIO* bp;
1152 EVP_PKEY* pk;
1153
1154 _libssh2_debug(session,
1155 LIBSSH2_TRACE_AUTH,
1156 "Computing public key from private key file: %s",
1157 privatekey);
1158
1159 bp = BIO_new_file(privatekey, "r");
1160 if (bp == NULL) {
1161 return _libssh2_error(session,
1162 LIBSSH2_ERROR_FILE,
1163 "Unable to extract public key from private key "
1164 "file: Unable to open private key file");
1165 }
1166 if (!EVP_get_cipherbyname("des")) {
1167 /* If this cipher isn't loaded it's a pretty good indication that none
1168 * are. I have *NO DOUBT* that there's a better way to deal with this
1169 * ($#&%#$(%$#( Someone buy me an OpenSSL manual and I'll read up on
1170 * it.
1171 */
1172 OpenSSL_add_all_ciphers();
1173 }
1174 BIO_reset(bp);
1175 pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void*)passphrase);
1176 BIO_free(bp);
1177
1178 if (pk == NULL) {
1179 return _libssh2_error(session,
1180 LIBSSH2_ERROR_FILE,
1181 "Unable to extract public key "
1182 "from private key file: "
1183 "Wrong passphrase or invalid/unrecognized "
1184 "private key file format");
1185 }
1186
1187 switch (EVP_PKEY_base_id(pk)) {
1188 case EVP_PKEY_RSA :
1189 st = gen_publickey_from_rsa_evp(
1190 session, method, method_len, pubkeydata, pubkeydata_len, pk);
1191 break;
1192
1193 #if LIBSSH2_DSA
1194 case EVP_PKEY_DSA :
1195 st = gen_publickey_from_dsa_evp(
1196 session, method, method_len, pubkeydata, pubkeydata_len, pk);
1197 break;
1198 #endif /* LIBSSH_DSA */
1199
1200 default :
1201 st = _libssh2_error(session,
1202 LIBSSH2_ERROR_FILE,
1203 "Unable to extract public key "
1204 "from private key file: "
1205 "Unsupported private key file format");
1206 break;
1207 }
1208
1209 EVP_PKEY_free(pk);
1210 return st;
1211 }
1212
1213 int
_libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION * session,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,const char * privatekeydata,size_t privatekeydata_len,const char * passphrase)1214 _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
1215 unsigned char **method,
1216 size_t *method_len,
1217 unsigned char **pubkeydata,
1218 size_t *pubkeydata_len,
1219 const char *privatekeydata,
1220 size_t privatekeydata_len,
1221 const char *passphrase)
1222 {
1223 int st;
1224 BIO* bp;
1225 EVP_PKEY* pk;
1226
1227 _libssh2_debug(session,
1228 LIBSSH2_TRACE_AUTH,
1229 "Computing public key from private key.");
1230
1231 bp = BIO_new_mem_buf((char *)privatekeydata, privatekeydata_len);
1232 if (!bp) {
1233 return -1;
1234 }
1235 if (!EVP_get_cipherbyname("des")) {
1236 /* If this cipher isn't loaded it's a pretty good indication that none
1237 * are. I have *NO DOUBT* that there's a better way to deal with this
1238 * ($#&%#$(%$#( Someone buy me an OpenSSL manual and I'll read up on
1239 * it.
1240 */
1241 OpenSSL_add_all_ciphers();
1242 }
1243 BIO_reset(bp);
1244 pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void*)passphrase);
1245 BIO_free(bp);
1246
1247 if (pk == NULL) {
1248 return _libssh2_error(session,
1249 LIBSSH2_ERROR_FILE,
1250 "Unable to extract public key "
1251 "from private key file: "
1252 "Wrong passphrase or invalid/unrecognized "
1253 "private key file format");
1254 }
1255
1256 switch (EVP_PKEY_base_id(pk)) {
1257 case EVP_PKEY_RSA :
1258 st = gen_publickey_from_rsa_evp(session, method, method_len,
1259 pubkeydata, pubkeydata_len, pk);
1260 break;
1261 #if LIBSSH2_DSA
1262 case EVP_PKEY_DSA :
1263 st = gen_publickey_from_dsa_evp(session, method, method_len,
1264 pubkeydata, pubkeydata_len, pk);
1265 break;
1266 #endif /* LIBSSH_DSA */
1267 default :
1268 st = _libssh2_error(session,
1269 LIBSSH2_ERROR_FILE,
1270 "Unable to extract public key "
1271 "from private key file: "
1272 "Unsupported private key file format");
1273 break;
1274 }
1275
1276 EVP_PKEY_free(pk);
1277 return st;
1278 }
1279
1280 #endif /* LIBSSH2_OPENSSL */
1281