1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc@NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 #include "config.h" 30 31 #ifdef HAVE_SYS_CDEFS_H 32 #include <sys/cdefs.h> 33 #endif 34 35 #include <sys/types.h> 36 #include <sys/stat.h> 37 #include <sys/param.h> 38 39 #include <arpa/inet.h> 40 41 #include <inttypes.h> 42 #include <stdio.h> 43 44 #include <stdlib.h> 45 #include <string.h> 46 47 #ifdef HAVE_UNISTD_H 48 #include <unistd.h> 49 #endif 50 51 #ifdef HAVE_LIMITS_H 52 #include <limits.h> 53 #endif 54 55 #ifdef HAVE_OPENSSL_CAST_H 56 #include <openssl/cast.h> 57 #endif 58 59 #include <openssl/pem.h> 60 61 #include "bufgap.h" 62 #include "fastctype.h" 63 64 #include "packet-parse.h" 65 #include "netpgpdefs.h" 66 #include "netpgpsdk.h" 67 #include "crypto.h" 68 #include "netpgpdigest.h" 69 #include "ops-ssh.h" 70 71 /* structure for earching for constant strings */ 72 typedef struct str_t { 73 const char *s; /* string */ 74 size_t len; /* its length */ 75 int type; /* return type */ 76 } str_t; 77 78 #ifndef USE_ARG 79 #define USE_ARG(x) /*LINTED*/(void)&x 80 #endif 81 82 static const uint8_t base64s[] = 83 /* 000 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 84 /* 016 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 85 /* 032 */ "\0\0\0\0\0\0\0\0\0\0\0?\0\0\0@" 86 /* 048 */ "56789:;<=>\0\0\0\0\0\0" 87 /* 064 */ "\0\1\2\3\4\5\6\7\10\11\12\13\14\15\16\17" 88 /* 080 */ "\20\21\22\23\24\25\26\27\30\31\32\0\0\0\0\0" 89 /* 096 */ "\0\33\34\35\36\37 !\"#$%&'()" 90 /* 112 */ "*+,-./01234\0\0\0\0\0" 91 /* 128 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 92 /* 144 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 93 /* 160 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 94 /* 176 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 95 /* 192 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 96 /* 208 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 97 /* 224 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 98 /* 240 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; 99 100 101 /* short function to decode from base64 */ 102 /* inspired by an ancient copy of b64.c, then rewritten, the bugs are all mine */ 103 static int 104 frombase64(char *dst, const char *src, size_t size, int flag) 105 { 106 uint8_t out[3]; 107 uint8_t in[4]; 108 uint8_t b; 109 size_t srcc; 110 int dstc; 111 int gotc; 112 int i; 113 114 USE_ARG(flag); 115 for (dstc = 0, srcc = 0 ; srcc < size; ) { 116 for (gotc = 0, i = 0; i < 4 && srcc < size; i++) { 117 for (b = 0x0; srcc < size && b == 0x0 ; ) { 118 b = base64s[(unsigned)src[srcc++]]; 119 } 120 if (srcc < size) { 121 gotc += 1; 122 if (b) { 123 in[i] = (uint8_t)(b - 1); 124 } 125 } else { 126 in[i] = 0x0; 127 } 128 } 129 if (gotc) { 130 out[0] = (uint8_t)((unsigned)in[0] << 2 | 131 (unsigned)in[1] >> 4); 132 out[1] = (uint8_t)((unsigned)in[1] << 4 | 133 (unsigned)in[2] >> 2); 134 out[2] = (uint8_t)(((in[2] << 6) & 0xc0) | in[3]); 135 for (i = 0; i < gotc - 1; i++) { 136 *dst++ = out[i]; 137 } 138 dstc += gotc - 1; 139 } 140 } 141 return dstc; 142 } 143 144 /* get a bignum from the buffer gap */ 145 static BIGNUM * 146 getbignum(bufgap_t *bg, char *buf, const char *header) 147 { 148 uint32_t len; 149 BIGNUM *bignum; 150 151 (void) bufgap_getbin(bg, &len, sizeof(len)); 152 len = ntohl(len); 153 (void) bufgap_seek(bg, sizeof(len), BGFromHere, BGByte); 154 (void) bufgap_getbin(bg, buf, len); 155 bignum = BN_bin2bn((const uint8_t *)buf, (int)len, NULL); 156 if (__ops_get_debug_level(__FILE__)) { 157 hexdump(stderr, header, (const uint8_t *)(void *)buf, len); 158 } 159 (void) bufgap_seek(bg, len, BGFromHere, BGByte); 160 return bignum; 161 } 162 163 #if 0 164 static int 165 putbignum(bufgap_t *bg, BIGNUM *bignum) 166 { 167 uint32_t len; 168 169 len = BN_num_bytes(bignum); 170 (void) bufgap_insert(bg, &len, sizeof(len)); 171 (void) bufgap_insert(bg, buf, len); 172 bignum = BN_bin2bn((const uint8_t *)buf, (int)len, NULL); 173 if (__ops_get_debug_level(__FILE__)) { 174 hexdump(stderr, header, buf, (int)len); 175 } 176 (void) bufgap_seek(bg, len, BGFromHere, BGByte); 177 return bignum; 178 } 179 #endif 180 181 static str_t pkatypes[] = { 182 { "ssh-rsa", 7, OPS_PKA_RSA }, 183 { "ssh-dss", 7, OPS_PKA_DSA }, 184 { "ssh-dsa", 7, OPS_PKA_DSA }, 185 { NULL, 0, 0 } 186 }; 187 188 /* look for a string in the given array */ 189 static int 190 findstr(str_t *array, const char *name) 191 { 192 str_t *sp; 193 194 for (sp = array ; sp->s ; sp++) { 195 if (strncmp(name, sp->s, sp->len) == 0) { 196 return sp->type; 197 } 198 } 199 return -1; 200 } 201 202 /* convert an ssh (host) pubkey to a pgp pubkey */ 203 int 204 __ops_ssh2pubkey(__ops_io_t *io, const char *f, __ops_key_t *key, __ops_hash_alg_t hashtype) 205 { 206 __ops_pubkey_t *pubkey; 207 struct stat st; 208 bufgap_t bg; 209 uint32_t len; 210 int64_t off; 211 uint8_t *userid; 212 char hostname[256]; 213 char owner[256]; 214 char *space; 215 char *buf; 216 char *bin; 217 int ok; 218 int cc; 219 220 (void) memset(&bg, 0x0, sizeof(bg)); 221 if (!bufgap_open(&bg, f)) { 222 (void) fprintf(stderr, "__ops_ssh2pubkey: can't open '%s'\n", f); 223 return 0; 224 } 225 (void)stat(f, &st); 226 if ((buf = calloc(1, (size_t)st.st_size)) == NULL) { 227 (void) fprintf(stderr, "can't calloc %zu bytes for '%s'\n", (size_t)st.st_size, f); 228 bufgap_close(&bg); 229 return 0; 230 } 231 if ((bin = calloc(1, (size_t)st.st_size)) == NULL) { 232 (void) fprintf(stderr, "can't calloc %zu bytes for '%s'\n", (size_t)st.st_size, f); 233 (void) free(buf); 234 bufgap_close(&bg); 235 return 0; 236 } 237 238 /* move past ascii type of key */ 239 while (bufgap_peek(&bg, 0) != ' ') { 240 bufgap_seek(&bg, 1, BGFromHere, BGByte); 241 } 242 bufgap_seek(&bg, 1, BGFromHere, BGByte); 243 off = bufgap_tell(&bg, BGFromBOF, BGByte); 244 245 if (bufgap_size(&bg, BGByte) - off < 10) { 246 (void) fprintf(stderr, "bad key file '%s'\n", f); 247 (void) free(buf); 248 bufgap_close(&bg); 249 return 0; 250 } 251 252 /* convert from base64 to binary */ 253 cc = bufgap_getbin(&bg, buf, (size_t)st.st_size); 254 if ((space = strchr(buf, ' ')) != NULL) { 255 cc = (int)(space - buf); 256 } 257 if (__ops_get_debug_level(__FILE__)) { 258 hexdump(stderr, NULL, (const uint8_t *)(const void *)buf, (size_t)cc); 259 } 260 cc = frombase64(bin, buf, (size_t)cc, 0); 261 if (__ops_get_debug_level(__FILE__)) { 262 hexdump(stderr, "decoded base64:", (const uint8_t *)(const void *)bin, (size_t)cc); 263 } 264 bufgap_delete(&bg, (uint64_t)bufgap_tell(&bg, BGFromEOF, BGByte)); 265 bufgap_insert(&bg, bin, cc); 266 bufgap_seek(&bg, off, BGFromBOF, BGByte); 267 268 /* get the type of key */ 269 (void) bufgap_getbin(&bg, &len, sizeof(len)); 270 len = ntohl(len); 271 (void) bufgap_seek(&bg, sizeof(len), BGFromHere, BGByte); 272 (void) bufgap_getbin(&bg, buf, len); 273 (void) bufgap_seek(&bg, len, BGFromHere, BGByte); 274 275 (void) memset(key, 0x0, sizeof(*key)); 276 pubkey = &key->key.seckey.pubkey; 277 pubkey->version = OPS_V4; 278 pubkey->birthtime = st.st_mtime; 279 /* get key type */ 280 ok = 1; 281 switch (pubkey->alg = findstr(pkatypes, buf)) { 282 case OPS_PKA_RSA: 283 /* get the 'e' param of the key */ 284 pubkey->key.rsa.e = getbignum(&bg, buf, "RSA E"); 285 /* get the 'n' param of the key */ 286 pubkey->key.rsa.n = getbignum(&bg, buf, "RSA N"); 287 break; 288 case OPS_PKA_DSA: 289 /* get the 'p' param of the key */ 290 pubkey->key.dsa.p = getbignum(&bg, buf, "DSA P"); 291 /* get the 'q' param of the key */ 292 pubkey->key.dsa.q = getbignum(&bg, buf, "DSA Q"); 293 /* get the 'g' param of the key */ 294 pubkey->key.dsa.g = getbignum(&bg, buf, "DSA G"); 295 /* get the 'y' param of the key */ 296 pubkey->key.dsa.y = getbignum(&bg, buf, "DSA Y"); 297 break; 298 default: 299 (void) fprintf(stderr, "Unrecognised pubkey type %d for '%s'\n", 300 pubkey->alg, f); 301 ok = 0; 302 break; 303 } 304 305 /* check for stragglers */ 306 if (ok && bufgap_tell(&bg, BGFromEOF, BGByte) > 0) { 307 printf("%"PRIi64" bytes left\n", bufgap_tell(&bg, BGFromEOF, BGByte)); 308 printf("[%s]\n", bufgap_getstr(&bg)); 309 ok = 0; 310 } 311 if (ok) { 312 (void) memset(&userid, 0x0, sizeof(userid)); 313 (void) gethostname(hostname, sizeof(hostname)); 314 if (strlen(space + 1) - 1 == 0) { 315 (void) snprintf(owner, sizeof(owner), "<root@%s>", 316 hostname); 317 } else { 318 (void) snprintf(owner, sizeof(owner), "<%.*s>", 319 (int)strlen(space + 1) - 1, 320 space + 1); 321 } 322 (void) __ops_asprintf((char **)(void *)&userid, 323 "%s (%s) %s", 324 hostname, 325 f, 326 owner); 327 __ops_keyid(key->sigid, sizeof(key->sigid), pubkey, hashtype); 328 __ops_add_userid(key, userid); 329 __ops_fingerprint(&key->sigfingerprint, pubkey, hashtype); 330 free(userid); 331 if (__ops_get_debug_level(__FILE__)) { 332 /*__ops_print_keydata(io, keyring, key, "pub", pubkey, 0);*/ 333 __OPS_USED(io); /* XXX */ 334 } 335 } 336 (void) free(bin); 337 (void) free(buf); 338 bufgap_close(&bg); 339 return ok; 340 } 341 342 /* convert an ssh (host) seckey to a pgp seckey */ 343 int 344 __ops_ssh2seckey(__ops_io_t *io, const char *f, __ops_key_t *key, __ops_pubkey_t *pubkey, __ops_hash_alg_t hashtype) 345 { 346 __ops_crypt_t crypted; 347 __ops_hash_t hash; 348 unsigned done = 0; 349 unsigned i = 0; 350 uint8_t sesskey[CAST_KEY_LENGTH]; 351 uint8_t hashed[OPS_SHA1_HASH_SIZE]; 352 BIGNUM *tmp; 353 354 __OPS_USED(io); 355 /* XXX - check for rsa/dsa */ 356 if (!openssl_read_pem_seckey(f, key, "ssh-rsa", 0)) { 357 return 0; 358 } 359 if (__ops_get_debug_level(__FILE__)) { 360 /*__ops_print_keydata(io, key, "sec", &key->key.seckey.pubkey, 0);*/ 361 /* XXX */ 362 } 363 /* let's add some sane defaults */ 364 (void) memcpy(&key->key.seckey.pubkey, pubkey, sizeof(*pubkey)); 365 key->key.seckey.s2k_usage = OPS_S2KU_ENCRYPTED_AND_HASHED; 366 key->key.seckey.alg = OPS_SA_CAST5; 367 key->key.seckey.s2k_specifier = OPS_S2KS_SALTED; 368 key->key.seckey.hash_alg = OPS_HASH_SHA1; 369 if (key->key.seckey.pubkey.alg == OPS_PKA_RSA) { 370 /* openssh and openssl have p and q swapped */ 371 tmp = key->key.seckey.key.rsa.p; 372 key->key.seckey.key.rsa.p = key->key.seckey.key.rsa.q; 373 key->key.seckey.key.rsa.q = tmp; 374 } 375 for (done = 0, i = 0; done < CAST_KEY_LENGTH; i++) { 376 unsigned j; 377 uint8_t zero = 0; 378 int needed; 379 int size; 380 381 needed = CAST_KEY_LENGTH - done; 382 size = MIN(needed, OPS_SHA1_HASH_SIZE); 383 384 __ops_hash_any(&hash, key->key.seckey.hash_alg); 385 if (!hash.init(&hash)) { 386 (void) fprintf(stderr, "write_seckey_body: bad alloc\n"); 387 return 0; 388 } 389 390 /* preload if iterating */ 391 for (j = 0; j < i; j++) { 392 /* 393 * Coverity shows a DEADCODE error on this 394 * line. This is expected since the hardcoded 395 * use of SHA1 and CAST5 means that it will 396 * not used. This will change however when 397 * other algorithms are supported. 398 */ 399 hash.add(&hash, &zero, 1); 400 } 401 402 if (key->key.seckey.s2k_specifier == OPS_S2KS_SALTED) { 403 hash.add(&hash, key->key.seckey.salt, OPS_SALT_SIZE); 404 } 405 hash.finish(&hash, hashed); 406 407 /* 408 * if more in hash than is needed by session key, use 409 * the leftmost octets 410 */ 411 (void) memcpy(&sesskey[i * OPS_SHA1_HASH_SIZE], 412 hashed, (unsigned)size); 413 done += (unsigned)size; 414 if (done > CAST_KEY_LENGTH) { 415 (void) fprintf(stderr, 416 "write_seckey_body: short add\n"); 417 return 0; 418 } 419 } 420 __ops_crypt_any(&crypted, key->key.seckey.alg); 421 crypted.set_iv(&crypted, key->key.seckey.iv); 422 crypted.set_crypt_key(&crypted, sesskey); 423 __ops_encrypt_init(&crypted); 424 key->key.seckey.pubkey.alg = OPS_PKA_RSA; 425 __ops_fingerprint(&key->sigfingerprint, pubkey, hashtype); 426 __ops_keyid(key->sigid, sizeof(key->sigid), pubkey, hashtype); 427 return 1; 428 } 429 430 /* read a key from the ssh file, and add it to a keyring */ 431 int 432 __ops_ssh2_readkeys(__ops_io_t *io, __ops_keyring_t *pubring, 433 __ops_keyring_t *secring, const char *pubfile, 434 const char *secfile, unsigned hashtype) 435 { 436 __ops_key_t *pubkey; 437 __ops_key_t *seckey; 438 __ops_key_t key; 439 440 pubkey = NULL; 441 (void) memset(&key, 0x0, sizeof(key)); 442 if (pubfile) { 443 if (__ops_get_debug_level(__FILE__)) { 444 (void) fprintf(io->errs, "__ops_ssh2_readkeys: pubfile '%s'\n", pubfile); 445 } 446 if (!__ops_ssh2pubkey(io, pubfile, &key, (__ops_hash_alg_t)hashtype)) { 447 (void) fprintf(io->errs, "__ops_ssh2_readkeys: can't read pubkeys '%s'\n", pubfile); 448 return 0; 449 } 450 EXPAND_ARRAY(pubring, key); 451 pubkey = &pubring->keys[pubring->keyc++]; 452 (void) memcpy(pubkey, &key, sizeof(key)); 453 pubkey->type = OPS_PTAG_CT_PUBLIC_KEY; 454 } 455 if (secfile) { 456 if (__ops_get_debug_level(__FILE__)) { 457 (void) fprintf(io->errs, "__ops_ssh2_readkeys: secfile '%s'\n", secfile); 458 } 459 if (pubkey == NULL) { 460 pubkey = &pubring->keys[0]; 461 } 462 if (!__ops_ssh2seckey(io, secfile, &key, &pubkey->key.pubkey, (__ops_hash_alg_t)hashtype)) { 463 (void) fprintf(io->errs, "__ops_ssh2_readkeys: can't read seckeys '%s'\n", secfile); 464 return 0; 465 } 466 EXPAND_ARRAY(secring, key); 467 seckey = &secring->keys[secring->keyc++]; 468 (void) memcpy(seckey, &key, sizeof(key)); 469 seckey->type = OPS_PTAG_CT_SECRET_KEY; 470 } 471 return 1; 472 } 473