1 /* 2 * Copyright (c) 2019 Google LLC 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include "includes.h" 18 19 #include <stdio.h> 20 #include <stdlib.h> 21 #include <stdarg.h> 22 #include <errno.h> 23 #include <string.h> 24 #include <unistd.h> 25 26 #include "authfd.h" 27 #include "authfile.h" 28 #include "log.h" 29 #include "misc.h" 30 #include "sshbuf.h" 31 #include "sshsig.h" 32 #include "ssherr.h" 33 #include "sshkey.h" 34 #include "match.h" 35 #include "digest.h" 36 37 #define SIG_VERSION 0x01 38 #define MAGIC_PREAMBLE "SSHSIG" 39 #define MAGIC_PREAMBLE_LEN (sizeof(MAGIC_PREAMBLE) - 1) 40 #define BEGIN_SIGNATURE "-----BEGIN SSH SIGNATURE-----\n" 41 #define END_SIGNATURE "-----END SSH SIGNATURE-----" 42 #define RSA_SIGN_ALG "rsa-sha2-512" /* XXX maybe make configurable */ 43 #define RSA_SIGN_ALLOWED "rsa-sha2-512,rsa-sha2-256" 44 #define HASHALG_DEFAULT "sha512" /* XXX maybe make configurable */ 45 #define HASHALG_ALLOWED "sha256,sha512" 46 47 int 48 sshsig_armor(const struct sshbuf *blob, struct sshbuf **out) 49 { 50 struct sshbuf *buf = NULL; 51 int r = SSH_ERR_INTERNAL_ERROR; 52 53 *out = NULL; 54 55 if ((buf = sshbuf_new()) == NULL) { 56 error("%s: sshbuf_new failed", __func__); 57 r = SSH_ERR_ALLOC_FAIL; 58 goto out; 59 } 60 61 if ((r = sshbuf_put(buf, BEGIN_SIGNATURE, 62 sizeof(BEGIN_SIGNATURE)-1)) != 0) { 63 error("%s: sshbuf_putf failed: %s", __func__, ssh_err(r)); 64 goto out; 65 } 66 67 if ((r = sshbuf_dtob64(blob, buf, 1)) != 0) { 68 error("%s: Couldn't base64 encode signature blob: %s", 69 __func__, ssh_err(r)); 70 goto out; 71 } 72 73 if ((r = sshbuf_put(buf, END_SIGNATURE, 74 sizeof(END_SIGNATURE)-1)) != 0 || 75 (r = sshbuf_put_u8(buf, '\n')) != 0) { 76 error("%s: sshbuf_put failed: %s", __func__, ssh_err(r)); 77 goto out; 78 } 79 /* success */ 80 *out = buf; 81 buf = NULL; /* transferred */ 82 r = 0; 83 out: 84 sshbuf_free(buf); 85 return r; 86 } 87 88 int 89 sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out) 90 { 91 int r; 92 size_t eoffset = 0; 93 struct sshbuf *buf = NULL; 94 struct sshbuf *sbuf = NULL; 95 char *b64 = NULL; 96 97 if ((sbuf = sshbuf_fromb(sig)) == NULL) { 98 error("%s: sshbuf_fromb failed", __func__); 99 return SSH_ERR_ALLOC_FAIL; 100 } 101 102 if ((r = sshbuf_cmp(sbuf, 0, 103 BEGIN_SIGNATURE, sizeof(BEGIN_SIGNATURE)-1)) != 0) { 104 error("Couldn't parse signature: missing header"); 105 goto done; 106 } 107 108 if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) { 109 error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r)); 110 goto done; 111 } 112 113 if ((r = sshbuf_find(sbuf, 0, "\n" END_SIGNATURE, 114 sizeof("\n" END_SIGNATURE)-1, &eoffset)) != 0) { 115 error("Couldn't parse signature: missing footer"); 116 goto done; 117 } 118 119 if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) { 120 error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r)); 121 goto done; 122 } 123 124 if ((b64 = sshbuf_dup_string(sbuf)) == NULL) { 125 error("%s: sshbuf_dup_string failed", __func__); 126 r = SSH_ERR_ALLOC_FAIL; 127 goto done; 128 } 129 130 if ((buf = sshbuf_new()) == NULL) { 131 error("%s: sshbuf_new() failed", __func__); 132 r = SSH_ERR_ALLOC_FAIL; 133 goto done; 134 } 135 136 if ((r = sshbuf_b64tod(buf, b64)) != 0) { 137 error("Couldn't decode signature: %s", ssh_err(r)); 138 goto done; 139 } 140 141 /* success */ 142 *out = buf; 143 r = 0; 144 buf = NULL; /* transferred */ 145 done: 146 sshbuf_free(buf); 147 sshbuf_free(sbuf); 148 free(b64); 149 return r; 150 } 151 152 static int 153 sshsig_wrap_sign(struct sshkey *key, const char *hashalg, 154 const char *sk_provider, const struct sshbuf *h_message, 155 const char *sig_namespace, struct sshbuf **out, 156 sshsig_signer *signer, void *signer_ctx) 157 { 158 int r; 159 size_t slen = 0; 160 u_char *sig = NULL; 161 struct sshbuf *blob = NULL; 162 struct sshbuf *tosign = NULL; 163 const char *sign_alg = NULL; 164 165 if ((tosign = sshbuf_new()) == NULL || 166 (blob = sshbuf_new()) == NULL) { 167 error("%s: sshbuf_new failed", __func__); 168 r = SSH_ERR_ALLOC_FAIL; 169 goto done; 170 } 171 172 if ((r = sshbuf_put(tosign, MAGIC_PREAMBLE, MAGIC_PREAMBLE_LEN)) != 0 || 173 (r = sshbuf_put_cstring(tosign, sig_namespace)) != 0 || 174 (r = sshbuf_put_string(tosign, NULL, 0)) != 0 || /* reserved */ 175 (r = sshbuf_put_cstring(tosign, hashalg)) != 0 || 176 (r = sshbuf_put_stringb(tosign, h_message)) != 0) { 177 error("Couldn't construct message to sign: %s", ssh_err(r)); 178 goto done; 179 } 180 181 /* If using RSA keys then default to a good signature algorithm */ 182 if (sshkey_type_plain(key->type) == KEY_RSA) 183 sign_alg = RSA_SIGN_ALG; 184 185 if (signer != NULL) { 186 if ((r = signer(key, &sig, &slen, 187 sshbuf_ptr(tosign), sshbuf_len(tosign), 188 sign_alg, sk_provider, 0, signer_ctx)) != 0) { 189 error("Couldn't sign message: %s", ssh_err(r)); 190 goto done; 191 } 192 } else { 193 if ((r = sshkey_sign(key, &sig, &slen, 194 sshbuf_ptr(tosign), sshbuf_len(tosign), 195 sign_alg, sk_provider, 0)) != 0) { 196 error("Couldn't sign message: %s", ssh_err(r)); 197 goto done; 198 } 199 } 200 201 if ((r = sshbuf_put(blob, MAGIC_PREAMBLE, MAGIC_PREAMBLE_LEN)) != 0 || 202 (r = sshbuf_put_u32(blob, SIG_VERSION)) != 0 || 203 (r = sshkey_puts(key, blob)) != 0 || 204 (r = sshbuf_put_cstring(blob, sig_namespace)) != 0 || 205 (r = sshbuf_put_string(blob, NULL, 0)) != 0 || /* reserved */ 206 (r = sshbuf_put_cstring(blob, hashalg)) != 0 || 207 (r = sshbuf_put_string(blob, sig, slen)) != 0) { 208 error("Couldn't populate blob: %s", ssh_err(r)); 209 goto done; 210 } 211 212 if (out != NULL) { 213 *out = blob; 214 blob = NULL; 215 } 216 r = 0; 217 done: 218 free(sig); 219 sshbuf_free(blob); 220 sshbuf_free(tosign); 221 return r; 222 } 223 224 /* Check preamble and version. */ 225 static int 226 sshsig_parse_preamble(struct sshbuf *buf) 227 { 228 int r = SSH_ERR_INTERNAL_ERROR; 229 uint32_t sversion; 230 231 if ((r = sshbuf_cmp(buf, 0, MAGIC_PREAMBLE, MAGIC_PREAMBLE_LEN)) != 0 || 232 (r = sshbuf_consume(buf, (sizeof(MAGIC_PREAMBLE)-1))) != 0 || 233 (r = sshbuf_get_u32(buf, &sversion)) != 0) { 234 error("Couldn't verify signature: invalid format"); 235 return r; 236 } 237 238 if (sversion > SIG_VERSION) { 239 error("Signature version %lu is larger than supported " 240 "version %u", (unsigned long)sversion, SIG_VERSION); 241 return SSH_ERR_INVALID_FORMAT; 242 } 243 return 0; 244 } 245 246 static int 247 sshsig_check_hashalg(const char *hashalg) 248 { 249 if (hashalg == NULL || 250 match_pattern_list(hashalg, HASHALG_ALLOWED, 0) == 1) 251 return 0; 252 error("%s: unsupported hash algorithm \"%.100s\"", __func__, hashalg); 253 return SSH_ERR_SIGN_ALG_UNSUPPORTED; 254 } 255 256 static int 257 sshsig_peek_hashalg(struct sshbuf *signature, char **hashalgp) 258 { 259 struct sshbuf *buf = NULL; 260 char *hashalg = NULL; 261 int r = SSH_ERR_INTERNAL_ERROR; 262 263 if (hashalgp != NULL) 264 *hashalgp = NULL; 265 if ((buf = sshbuf_fromb(signature)) == NULL) 266 return SSH_ERR_ALLOC_FAIL; 267 if ((r = sshsig_parse_preamble(buf)) != 0) 268 goto done; 269 if ((r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0 || 270 (r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0 || 271 (r = sshbuf_get_string(buf, NULL, NULL)) != 0 || 272 (r = sshbuf_get_cstring(buf, &hashalg, NULL)) != 0 || 273 (r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0) { 274 error("Couldn't parse signature blob: %s", ssh_err(r)); 275 goto done; 276 } 277 278 /* success */ 279 r = 0; 280 *hashalgp = hashalg; 281 hashalg = NULL; 282 done: 283 free(hashalg); 284 sshbuf_free(buf); 285 return r; 286 } 287 288 static int 289 sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, 290 const struct sshbuf *h_message, const char *expect_namespace, 291 struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details) 292 { 293 int r = SSH_ERR_INTERNAL_ERROR; 294 struct sshbuf *buf = NULL, *toverify = NULL; 295 struct sshkey *key = NULL; 296 const u_char *sig; 297 char *got_namespace = NULL, *sigtype = NULL, *sig_hashalg = NULL; 298 size_t siglen; 299 300 debug("%s: verify message length %zu", __func__, sshbuf_len(h_message)); 301 if (sig_details != NULL) 302 *sig_details = NULL; 303 if (sign_keyp != NULL) 304 *sign_keyp = NULL; 305 306 if ((toverify = sshbuf_new()) == NULL) { 307 error("%s: sshbuf_new failed", __func__); 308 r = SSH_ERR_ALLOC_FAIL; 309 goto done; 310 } 311 if ((r = sshbuf_put(toverify, MAGIC_PREAMBLE, 312 MAGIC_PREAMBLE_LEN)) != 0 || 313 (r = sshbuf_put_cstring(toverify, expect_namespace)) != 0 || 314 (r = sshbuf_put_string(toverify, NULL, 0)) != 0 || /* reserved */ 315 (r = sshbuf_put_cstring(toverify, hashalg)) != 0 || 316 (r = sshbuf_put_stringb(toverify, h_message)) != 0) { 317 error("Couldn't construct message to verify: %s", ssh_err(r)); 318 goto done; 319 } 320 321 if ((r = sshsig_parse_preamble(signature)) != 0) 322 goto done; 323 324 if ((r = sshkey_froms(signature, &key)) != 0 || 325 (r = sshbuf_get_cstring(signature, &got_namespace, NULL)) != 0 || 326 (r = sshbuf_get_string(signature, NULL, NULL)) != 0 || 327 (r = sshbuf_get_cstring(signature, &sig_hashalg, NULL)) != 0 || 328 (r = sshbuf_get_string_direct(signature, &sig, &siglen)) != 0) { 329 error("Couldn't parse signature blob: %s", ssh_err(r)); 330 goto done; 331 } 332 333 if (sshbuf_len(signature) != 0) { 334 error("Signature contains trailing data"); 335 r = SSH_ERR_INVALID_FORMAT; 336 goto done; 337 } 338 339 if (strcmp(expect_namespace, got_namespace) != 0) { 340 error("Couldn't verify signature: namespace does not match"); 341 debug("%s: expected namespace \"%s\" received \"%s\"", 342 __func__, expect_namespace, got_namespace); 343 r = SSH_ERR_SIGNATURE_INVALID; 344 goto done; 345 } 346 if (strcmp(hashalg, sig_hashalg) != 0) { 347 error("Couldn't verify signature: hash algorithm mismatch"); 348 debug("%s: expected algorithm \"%s\" received \"%s\"", 349 __func__, hashalg, sig_hashalg); 350 r = SSH_ERR_SIGNATURE_INVALID; 351 goto done; 352 } 353 /* Ensure that RSA keys use an acceptable signature algorithm */ 354 if (sshkey_type_plain(key->type) == KEY_RSA) { 355 if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) { 356 error("Couldn't verify signature: unable to get " 357 "signature type: %s", ssh_err(r)); 358 goto done; 359 } 360 if (match_pattern_list(sigtype, RSA_SIGN_ALLOWED, 0) != 1) { 361 error("Couldn't verify signature: unsupported RSA " 362 "signature algorithm %s", sigtype); 363 r = SSH_ERR_SIGN_ALG_UNSUPPORTED; 364 goto done; 365 } 366 } 367 if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), 368 sshbuf_len(toverify), NULL, 0, sig_details)) != 0) { 369 error("Signature verification failed: %s", ssh_err(r)); 370 goto done; 371 } 372 373 /* success */ 374 r = 0; 375 if (sign_keyp != NULL) { 376 *sign_keyp = key; 377 key = NULL; /* transferred */ 378 } 379 done: 380 free(got_namespace); 381 free(sigtype); 382 free(sig_hashalg); 383 sshbuf_free(buf); 384 sshbuf_free(toverify); 385 sshkey_free(key); 386 return r; 387 } 388 389 static int 390 hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp) 391 { 392 char *hex, hash[SSH_DIGEST_MAX_LENGTH]; 393 int alg, r = SSH_ERR_INTERNAL_ERROR; 394 struct sshbuf *b = NULL; 395 396 *bp = NULL; 397 memset(hash, 0, sizeof(hash)); 398 399 if ((r = sshsig_check_hashalg(hashalg)) != 0) 400 return r; 401 if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { 402 error("%s: can't look up hash algorithm %s", 403 __func__, hashalg); 404 return SSH_ERR_INTERNAL_ERROR; 405 } 406 if ((r = ssh_digest_buffer(alg, m, hash, sizeof(hash))) != 0) { 407 error("%s: ssh_digest_buffer failed: %s", __func__, ssh_err(r)); 408 return r; 409 } 410 if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) { 411 debug3("%s: final hash: %s", __func__, hex); 412 freezero(hex, strlen(hex)); 413 } 414 if ((b = sshbuf_new()) == NULL) { 415 r = SSH_ERR_ALLOC_FAIL; 416 goto out; 417 } 418 if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) { 419 error("%s: sshbuf_put: %s", __func__, ssh_err(r)); 420 goto out; 421 } 422 *bp = b; 423 b = NULL; /* transferred */ 424 /* success */ 425 r = 0; 426 out: 427 sshbuf_free(b); 428 explicit_bzero(hash, sizeof(hash)); 429 return r; 430 } 431 432 int 433 sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider, 434 const struct sshbuf *message, const char *sig_namespace, 435 struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) 436 { 437 struct sshbuf *b = NULL; 438 int r = SSH_ERR_INTERNAL_ERROR; 439 440 if (hashalg == NULL) 441 hashalg = HASHALG_DEFAULT; 442 if (out != NULL) 443 *out = NULL; 444 if ((r = hash_buffer(message, hashalg, &b)) != 0) { 445 error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); 446 goto out; 447 } 448 if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, 449 sig_namespace, out, signer, signer_ctx)) != 0) 450 goto out; 451 /* success */ 452 r = 0; 453 out: 454 sshbuf_free(b); 455 return r; 456 } 457 458 int 459 sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, 460 const char *expect_namespace, struct sshkey **sign_keyp, 461 struct sshkey_sig_details **sig_details) 462 { 463 struct sshbuf *b = NULL; 464 int r = SSH_ERR_INTERNAL_ERROR; 465 char *hashalg = NULL; 466 467 if (sig_details != NULL) 468 *sig_details = NULL; 469 if (sign_keyp != NULL) 470 *sign_keyp = NULL; 471 if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) 472 return r; 473 debug("%s: signature made with hash \"%s\"", __func__, hashalg); 474 if ((r = hash_buffer(message, hashalg, &b)) != 0) { 475 error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); 476 goto out; 477 } 478 if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, 479 sign_keyp, sig_details)) != 0) 480 goto out; 481 /* success */ 482 r = 0; 483 out: 484 sshbuf_free(b); 485 free(hashalg); 486 return r; 487 } 488 489 static int 490 hash_file(int fd, const char *hashalg, struct sshbuf **bp) 491 { 492 char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH]; 493 ssize_t n, total = 0; 494 struct ssh_digest_ctx *ctx; 495 int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR; 496 struct sshbuf *b = NULL; 497 498 *bp = NULL; 499 memset(hash, 0, sizeof(hash)); 500 501 if ((r = sshsig_check_hashalg(hashalg)) != 0) 502 return r; 503 if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { 504 error("%s: can't look up hash algorithm %s", 505 __func__, hashalg); 506 return SSH_ERR_INTERNAL_ERROR; 507 } 508 if ((ctx = ssh_digest_start(alg)) == NULL) { 509 error("%s: ssh_digest_start failed", __func__); 510 return SSH_ERR_INTERNAL_ERROR; 511 } 512 for (;;) { 513 if ((n = read(fd, rbuf, sizeof(rbuf))) == -1) { 514 if (errno == EINTR || errno == EAGAIN) 515 continue; 516 oerrno = errno; 517 error("%s: read: %s", __func__, strerror(errno)); 518 ssh_digest_free(ctx); 519 errno = oerrno; 520 r = SSH_ERR_SYSTEM_ERROR; 521 goto out; 522 } else if (n == 0) { 523 debug2("%s: hashed %zu bytes", __func__, total); 524 break; /* EOF */ 525 } 526 total += (size_t)n; 527 if ((r = ssh_digest_update(ctx, rbuf, (size_t)n)) != 0) { 528 error("%s: ssh_digest_update: %s", 529 __func__, ssh_err(r)); 530 goto out; 531 } 532 } 533 if ((r = ssh_digest_final(ctx, hash, sizeof(hash))) != 0) { 534 error("%s: ssh_digest_final: %s", __func__, ssh_err(r)); 535 goto out; 536 } 537 if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) { 538 debug3("%s: final hash: %s", __func__, hex); 539 freezero(hex, strlen(hex)); 540 } 541 if ((b = sshbuf_new()) == NULL) { 542 r = SSH_ERR_ALLOC_FAIL; 543 goto out; 544 } 545 if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) { 546 error("%s: sshbuf_put: %s", __func__, ssh_err(r)); 547 goto out; 548 } 549 *bp = b; 550 b = NULL; /* transferred */ 551 /* success */ 552 r = 0; 553 out: 554 sshbuf_free(b); 555 ssh_digest_free(ctx); 556 explicit_bzero(hash, sizeof(hash)); 557 return r; 558 } 559 560 int 561 sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider, 562 int fd, const char *sig_namespace, struct sshbuf **out, 563 sshsig_signer *signer, void *signer_ctx) 564 { 565 struct sshbuf *b = NULL; 566 int r = SSH_ERR_INTERNAL_ERROR; 567 568 if (hashalg == NULL) 569 hashalg = HASHALG_DEFAULT; 570 if (out != NULL) 571 *out = NULL; 572 if ((r = hash_file(fd, hashalg, &b)) != 0) { 573 error("%s: hash_file failed: %s", __func__, ssh_err(r)); 574 return r; 575 } 576 if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, 577 sig_namespace, out, signer, signer_ctx)) != 0) 578 goto out; 579 /* success */ 580 r = 0; 581 out: 582 sshbuf_free(b); 583 return r; 584 } 585 586 int 587 sshsig_verify_fd(struct sshbuf *signature, int fd, 588 const char *expect_namespace, struct sshkey **sign_keyp, 589 struct sshkey_sig_details **sig_details) 590 { 591 struct sshbuf *b = NULL; 592 int r = SSH_ERR_INTERNAL_ERROR; 593 char *hashalg = NULL; 594 595 if (sig_details != NULL) 596 *sig_details = NULL; 597 if (sign_keyp != NULL) 598 *sign_keyp = NULL; 599 if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) 600 return r; 601 debug("%s: signature made with hash \"%s\"", __func__, hashalg); 602 if ((r = hash_file(fd, hashalg, &b)) != 0) { 603 error("%s: hash_file failed: %s", __func__, ssh_err(r)); 604 goto out; 605 } 606 if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, 607 sign_keyp, sig_details)) != 0) 608 goto out; 609 /* success */ 610 r = 0; 611 out: 612 sshbuf_free(b); 613 free(hashalg); 614 return r; 615 } 616 617 struct sshsigopt { 618 int ca; 619 char *namespaces; 620 }; 621 622 struct sshsigopt * 623 sshsigopt_parse(const char *opts, const char *path, u_long linenum, 624 const char **errstrp) 625 { 626 struct sshsigopt *ret; 627 int r; 628 const char *errstr = NULL; 629 630 if ((ret = calloc(1, sizeof(*ret))) == NULL) 631 return NULL; 632 if (opts == NULL || *opts == '\0') 633 return ret; /* Empty options yields empty options :) */ 634 635 while (*opts && *opts != ' ' && *opts != '\t') { 636 /* flag options */ 637 if ((r = opt_flag("cert-authority", 0, &opts)) != -1) { 638 ret->ca = 1; 639 } else if (opt_match(&opts, "namespaces")) { 640 if (ret->namespaces != NULL) { 641 errstr = "multiple \"namespaces\" clauses"; 642 goto fail; 643 } 644 ret->namespaces = opt_dequote(&opts, &errstr); 645 if (ret->namespaces == NULL) 646 goto fail; 647 } 648 /* 649 * Skip the comma, and move to the next option 650 * (or break out if there are no more). 651 */ 652 if (*opts == '\0' || *opts == ' ' || *opts == '\t') 653 break; /* End of options. */ 654 /* Anything other than a comma is an unknown option */ 655 if (*opts != ',') { 656 errstr = "unknown key option"; 657 goto fail; 658 } 659 opts++; 660 if (*opts == '\0') { 661 errstr = "unexpected end-of-options"; 662 goto fail; 663 } 664 } 665 /* success */ 666 return ret; 667 fail: 668 if (errstrp != NULL) 669 *errstrp = errstr; 670 sshsigopt_free(ret); 671 return NULL; 672 } 673 674 void 675 sshsigopt_free(struct sshsigopt *opts) 676 { 677 if (opts == NULL) 678 return; 679 free(opts->namespaces); 680 free(opts); 681 } 682 683 static int 684 parse_principals_key_and_options(const char *path, u_long linenum, char *line, 685 const char *required_principal, char **principalsp, struct sshkey **keyp, 686 struct sshsigopt **sigoptsp) 687 { 688 char *opts = NULL, *tmp, *cp, *principals = NULL; 689 const char *reason = NULL; 690 struct sshsigopt *sigopts = NULL; 691 struct sshkey *key = NULL; 692 int r = SSH_ERR_INTERNAL_ERROR; 693 694 if (principalsp != NULL) 695 *principalsp = NULL; 696 if (sigoptsp != NULL) 697 *sigoptsp = NULL; 698 if (keyp != NULL) 699 *keyp = NULL; 700 701 cp = line; 702 cp = cp + strspn(cp, " \t"); /* skip leading whitespace */ 703 if (*cp == '#' || *cp == '\0') 704 return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */ 705 706 /* format: identity[,identity...] [option[,option...]] key */ 707 if ((tmp = strdelimw(&cp)) == NULL) { 708 error("%s:%lu: invalid line", path, linenum); 709 r = SSH_ERR_INVALID_FORMAT; 710 goto out; 711 } 712 if ((principals = strdup(tmp)) == NULL) { 713 error("%s: strdup failed", __func__); 714 r = SSH_ERR_ALLOC_FAIL; 715 goto out; 716 } 717 /* 718 * Bail out early if we're looking for a particular principal and this 719 * line does not list it. 720 */ 721 if (required_principal != NULL) { 722 if (match_pattern_list(required_principal, 723 principals, 0) != 1) { 724 /* principal didn't match */ 725 r = SSH_ERR_KEY_NOT_FOUND; 726 goto out; 727 } 728 debug("%s: %s:%lu: matched principal \"%s\"", 729 __func__, path, linenum, required_principal); 730 } 731 732 if ((key = sshkey_new(KEY_UNSPEC)) == NULL) { 733 error("%s: sshkey_new failed", __func__); 734 r = SSH_ERR_ALLOC_FAIL; 735 goto out; 736 } 737 if (sshkey_read(key, &cp) != 0) { 738 /* no key? Check for options */ 739 opts = cp; 740 if (sshkey_advance_past_options(&cp) != 0) { 741 error("%s:%lu: invalid options", path, linenum); 742 r = SSH_ERR_INVALID_FORMAT; 743 goto out; 744 } 745 *cp++ = '\0'; 746 skip_space(&cp); 747 if (sshkey_read(key, &cp) != 0) { 748 error("%s:%lu: invalid key", path, linenum); 749 r = SSH_ERR_INVALID_FORMAT; 750 goto out; 751 } 752 } 753 debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts); 754 if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) { 755 error("%s:%lu: bad options: %s", path, linenum, reason); 756 r = SSH_ERR_INVALID_FORMAT; 757 goto out; 758 } 759 /* success */ 760 if (principalsp != NULL) { 761 *principalsp = principals; 762 principals = NULL; /* transferred */ 763 } 764 if (sigoptsp != NULL) { 765 *sigoptsp = sigopts; 766 sigopts = NULL; /* transferred */ 767 } 768 if (keyp != NULL) { 769 *keyp = key; 770 key = NULL; /* transferred */ 771 } 772 r = 0; 773 out: 774 free(principals); 775 sshsigopt_free(sigopts); 776 sshkey_free(key); 777 return r; 778 } 779 780 static int 781 check_allowed_keys_line(const char *path, u_long linenum, char *line, 782 const struct sshkey *sign_key, const char *principal, 783 const char *sig_namespace) 784 { 785 struct sshkey *found_key = NULL; 786 int r, found = 0; 787 const char *reason = NULL; 788 struct sshsigopt *sigopts = NULL; 789 790 /* Parse the line */ 791 if ((r = parse_principals_key_and_options(path, linenum, line, 792 principal, NULL, &found_key, &sigopts)) != 0) { 793 /* error already logged */ 794 goto done; 795 } 796 797 /* Check whether options preclude the use of this key */ 798 if (sigopts->namespaces != NULL && 799 match_pattern_list(sig_namespace, sigopts->namespaces, 0) != 1) { 800 error("%s:%lu: key is not permitted for use in signature " 801 "namespace \"%s\"", path, linenum, sig_namespace); 802 goto done; 803 } 804 805 if (!sigopts->ca && sshkey_equal(found_key, sign_key)) { 806 /* Exact match of key */ 807 debug("%s:%lu: matched key and principal", path, linenum); 808 /* success */ 809 found = 1; 810 } else if (sigopts->ca && sshkey_is_cert(sign_key) && 811 sshkey_equal_public(sign_key->cert->signature_key, found_key)) { 812 /* Match of certificate's CA key */ 813 if ((r = sshkey_cert_check_authority(sign_key, 0, 1, 814 principal, &reason)) != 0) { 815 error("%s:%lu: certificate not authorized: %s", 816 path, linenum, reason); 817 goto done; 818 } 819 debug("%s:%lu: matched certificate CA key", path, linenum); 820 /* success */ 821 found = 1; 822 } else { 823 /* Principal matched but key didn't */ 824 goto done; 825 } 826 done: 827 sshkey_free(found_key); 828 sshsigopt_free(sigopts); 829 return found ? 0 : SSH_ERR_KEY_NOT_FOUND; 830 } 831 832 int 833 sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, 834 const char *principal, const char *sig_namespace) 835 { 836 FILE *f = NULL; 837 char *line = NULL; 838 size_t linesize = 0; 839 u_long linenum = 0; 840 int r = SSH_ERR_INTERNAL_ERROR, oerrno; 841 842 /* Check key and principal against file */ 843 if ((f = fopen(path, "r")) == NULL) { 844 oerrno = errno; 845 error("Unable to open allowed keys file \"%s\": %s", 846 path, strerror(errno)); 847 errno = oerrno; 848 return SSH_ERR_SYSTEM_ERROR; 849 } 850 851 while (getline(&line, &linesize, f) != -1) { 852 linenum++; 853 r = check_allowed_keys_line(path, linenum, line, sign_key, 854 principal, sig_namespace); 855 free(line); 856 line = NULL; 857 if (r == SSH_ERR_KEY_NOT_FOUND) 858 continue; 859 else if (r == 0) { 860 /* success */ 861 fclose(f); 862 return 0; 863 } else 864 break; 865 } 866 /* Either we hit an error parsing or we simply didn't find the key */ 867 fclose(f); 868 free(line); 869 return r == 0 ? SSH_ERR_KEY_NOT_FOUND : r; 870 } 871 872 static int 873 cert_filter_principals(const char *path, u_long linenum, 874 char **principalsp, const struct sshkey *cert) 875 { 876 char *cp, *oprincipals, *principals; 877 const char *reason; 878 struct sshbuf *nprincipals; 879 int r = SSH_ERR_INTERNAL_ERROR, success = 0; 880 881 oprincipals = principals = *principalsp; 882 *principalsp = NULL; 883 884 if ((nprincipals = sshbuf_new()) == NULL) { 885 r = SSH_ERR_ALLOC_FAIL; 886 goto out; 887 } 888 889 while ((cp = strsep(&principals, ",")) != NULL && *cp != '\0') { 890 if (strcspn(cp, "!?*") != strlen(cp)) { 891 debug("%s:%lu: principal \"%s\" not authorized: " 892 "contains wildcards", path, linenum, cp); 893 continue; 894 } 895 /* Check against principals list in certificate */ 896 if ((r = sshkey_cert_check_authority(cert, 0, 1, 897 cp, &reason)) != 0) { 898 debug("%s:%lu: principal \"%s\" not authorized: %s", 899 path, linenum, cp, reason); 900 continue; 901 } 902 if ((r = sshbuf_putf(nprincipals, "%s%s", 903 sshbuf_len(nprincipals) != 0 ? "," : "", cp)) != 0) { 904 error("%s: buffer error", __func__); 905 goto out; 906 } 907 } 908 if (sshbuf_len(nprincipals) == 0) { 909 error("%s:%lu: no valid principals found", path, linenum); 910 r = SSH_ERR_KEY_CERT_INVALID; 911 goto out; 912 } 913 if ((principals = sshbuf_dup_string(nprincipals)) == NULL) { 914 error("%s: buffer error", __func__); 915 goto out; 916 } 917 /* success */ 918 success = 1; 919 *principalsp = principals; 920 out: 921 sshbuf_free(nprincipals); 922 free(oprincipals); 923 return success ? 0 : r; 924 } 925 926 static int 927 get_matching_principals_from_line(const char *path, u_long linenum, char *line, 928 const struct sshkey *sign_key, char **principalsp) 929 { 930 struct sshkey *found_key = NULL; 931 char *principals = NULL; 932 int r, found = 0; 933 struct sshsigopt *sigopts = NULL; 934 935 if (principalsp != NULL) 936 *principalsp = NULL; 937 938 /* Parse the line */ 939 if ((r = parse_principals_key_and_options(path, linenum, line, 940 NULL, &principals, &found_key, &sigopts)) != 0) { 941 /* error already logged */ 942 goto done; 943 } 944 945 if (!sigopts->ca && sshkey_equal(found_key, sign_key)) { 946 /* Exact match of key */ 947 debug("%s:%lu: matched key", path, linenum); 948 /* success */ 949 found = 1; 950 } else if (sigopts->ca && sshkey_is_cert(sign_key) && 951 sshkey_equal_public(sign_key->cert->signature_key, found_key)) { 952 /* Remove principals listed in file but not allowed by cert */ 953 if ((r = cert_filter_principals(path, linenum, 954 &principals, sign_key)) != 0) { 955 /* error already displayed */ 956 debug("%s:%lu: cert_filter_principals: %s", 957 path, linenum, ssh_err(r)); 958 goto done; 959 } 960 debug("%s:%lu: matched certificate CA key", path, linenum); 961 /* success */ 962 found = 1; 963 } else { 964 /* Key didn't match */ 965 goto done; 966 } 967 done: 968 if (found && principalsp != NULL) { 969 *principalsp = principals; 970 principals = NULL; /* transferred */ 971 } 972 free(principals); 973 sshkey_free(found_key); 974 sshsigopt_free(sigopts); 975 return found ? 0 : SSH_ERR_KEY_NOT_FOUND; 976 } 977 978 int 979 sshsig_find_principals(const char *path, const struct sshkey *sign_key, 980 char **principals) 981 { 982 FILE *f = NULL; 983 char *line = NULL; 984 size_t linesize = 0; 985 u_long linenum = 0; 986 int r = SSH_ERR_INTERNAL_ERROR, oerrno; 987 988 if ((f = fopen(path, "r")) == NULL) { 989 oerrno = errno; 990 error("Unable to open allowed keys file \"%s\": %s", 991 path, strerror(errno)); 992 errno = oerrno; 993 return SSH_ERR_SYSTEM_ERROR; 994 } 995 996 while (getline(&line, &linesize, f) != -1) { 997 linenum++; 998 r = get_matching_principals_from_line(path, linenum, line, 999 sign_key, principals); 1000 free(line); 1001 line = NULL; 1002 if (r == SSH_ERR_KEY_NOT_FOUND) 1003 continue; 1004 else if (r == 0) { 1005 /* success */ 1006 fclose(f); 1007 return 0; 1008 } else 1009 break; 1010 } 1011 free(line); 1012 /* Either we hit an error parsing or we simply didn't find the key */ 1013 if (ferror(f) != 0) { 1014 oerrno = errno; 1015 fclose(f); 1016 error("Unable to read allowed keys file \"%s\": %s", 1017 path, strerror(errno)); 1018 errno = oerrno; 1019 return SSH_ERR_SYSTEM_ERROR; 1020 } 1021 fclose(f); 1022 return r == 0 ? SSH_ERR_KEY_NOT_FOUND : r; 1023 } 1024 1025 int 1026 sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey) 1027 { 1028 struct sshkey *pk = NULL; 1029 int r = SSH_ERR_SIGNATURE_INVALID; 1030 1031 if (pubkey == NULL) 1032 return SSH_ERR_INTERNAL_ERROR; 1033 if ((r = sshsig_parse_preamble(signature)) != 0) 1034 return r; 1035 if ((r = sshkey_froms(signature, &pk)) != 0) 1036 return r; 1037 1038 *pubkey = pk; 1039 pk = NULL; 1040 return 0; 1041 } 1042