1 /* 2 * Copyright (c) 2019 Google LLC 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <stdio.h> 18 #include <stdlib.h> 19 #include <stdarg.h> 20 #include <errno.h> 21 #include <string.h> 22 #include <unistd.h> 23 24 #include "authfd.h" 25 #include "authfile.h" 26 #include "log.h" 27 #include "misc.h" 28 #include "sshbuf.h" 29 #include "sshsig.h" 30 #include "ssherr.h" 31 #include "sshkey.h" 32 #include "match.h" 33 #include "digest.h" 34 35 #define SIG_VERSION 0x01 36 #define MAGIC_PREAMBLE "SSHSIG" 37 #define MAGIC_PREAMBLE_LEN (sizeof(MAGIC_PREAMBLE) - 1) 38 #define BEGIN_SIGNATURE "-----BEGIN SSH SIGNATURE-----\n" 39 #define END_SIGNATURE "-----END SSH SIGNATURE-----" 40 #define RSA_SIGN_ALG "rsa-sha2-512" /* XXX maybe make configurable */ 41 #define RSA_SIGN_ALLOWED "rsa-sha2-512,rsa-sha2-256" 42 #define HASHALG_DEFAULT "sha512" /* XXX maybe make configurable */ 43 #define HASHALG_ALLOWED "sha256,sha512" 44 45 int 46 sshsig_armor(const struct sshbuf *blob, struct sshbuf **out) 47 { 48 struct sshbuf *buf = NULL; 49 int r = SSH_ERR_INTERNAL_ERROR; 50 51 *out = NULL; 52 53 if ((buf = sshbuf_new()) == NULL) { 54 error("%s: sshbuf_new failed", __func__); 55 r = SSH_ERR_ALLOC_FAIL; 56 goto out; 57 } 58 59 if ((r = sshbuf_put(buf, BEGIN_SIGNATURE, 60 sizeof(BEGIN_SIGNATURE)-1)) != 0) { 61 error("%s: sshbuf_putf failed: %s", __func__, ssh_err(r)); 62 goto out; 63 } 64 65 if ((r = sshbuf_dtob64(blob, buf, 1)) != 0) { 66 error("%s: Couldn't base64 encode signature blob: %s", 67 __func__, ssh_err(r)); 68 goto out; 69 } 70 71 if ((r = sshbuf_put(buf, END_SIGNATURE, 72 sizeof(END_SIGNATURE)-1)) != 0 || 73 (r = sshbuf_put_u8(buf, '\n')) != 0) { 74 error("%s: sshbuf_put failed: %s", __func__, ssh_err(r)); 75 goto out; 76 } 77 /* success */ 78 *out = buf; 79 buf = NULL; /* transferred */ 80 r = 0; 81 out: 82 sshbuf_free(buf); 83 return r; 84 } 85 86 int 87 sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out) 88 { 89 int r; 90 size_t eoffset = 0; 91 struct sshbuf *buf = NULL; 92 struct sshbuf *sbuf = NULL; 93 char *b64 = NULL; 94 95 if ((sbuf = sshbuf_fromb(sig)) == NULL) { 96 error("%s: sshbuf_fromb failed", __func__); 97 return SSH_ERR_ALLOC_FAIL; 98 } 99 100 if ((r = sshbuf_cmp(sbuf, 0, 101 BEGIN_SIGNATURE, sizeof(BEGIN_SIGNATURE)-1)) != 0) { 102 error("Couldn't parse signature: missing header"); 103 goto done; 104 } 105 106 if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) { 107 error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r)); 108 goto done; 109 } 110 111 if ((r = sshbuf_find(sbuf, 0, "\n" END_SIGNATURE, 112 sizeof("\n" END_SIGNATURE)-1, &eoffset)) != 0) { 113 error("Couldn't parse signature: missing footer"); 114 goto done; 115 } 116 117 if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) { 118 error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r)); 119 goto done; 120 } 121 122 if ((b64 = sshbuf_dup_string(sbuf)) == NULL) { 123 error("%s: sshbuf_dup_string failed", __func__); 124 r = SSH_ERR_ALLOC_FAIL; 125 goto done; 126 } 127 128 if ((buf = sshbuf_new()) == NULL) { 129 error("%s: sshbuf_new() failed", __func__); 130 r = SSH_ERR_ALLOC_FAIL; 131 goto done; 132 } 133 134 if ((r = sshbuf_b64tod(buf, b64)) != 0) { 135 error("Couldn't decode signature: %s", ssh_err(r)); 136 goto done; 137 } 138 139 /* success */ 140 *out = buf; 141 r = 0; 142 buf = NULL; /* transferred */ 143 done: 144 sshbuf_free(buf); 145 sshbuf_free(sbuf); 146 free(b64); 147 return r; 148 } 149 150 static int 151 sshsig_wrap_sign(struct sshkey *key, const char *hashalg, 152 const char *sk_provider, const struct sshbuf *h_message, 153 const char *sig_namespace, struct sshbuf **out, 154 sshsig_signer *signer, void *signer_ctx) 155 { 156 int r; 157 size_t slen = 0; 158 u_char *sig = NULL; 159 struct sshbuf *blob = NULL; 160 struct sshbuf *tosign = NULL; 161 const char *sign_alg = NULL; 162 163 if ((tosign = sshbuf_new()) == NULL || 164 (blob = sshbuf_new()) == NULL) { 165 error("%s: sshbuf_new failed", __func__); 166 r = SSH_ERR_ALLOC_FAIL; 167 goto done; 168 } 169 170 if ((r = sshbuf_put(tosign, MAGIC_PREAMBLE, MAGIC_PREAMBLE_LEN)) != 0 || 171 (r = sshbuf_put_cstring(tosign, sig_namespace)) != 0 || 172 (r = sshbuf_put_string(tosign, NULL, 0)) != 0 || /* reserved */ 173 (r = sshbuf_put_cstring(tosign, hashalg)) != 0 || 174 (r = sshbuf_put_stringb(tosign, h_message)) != 0) { 175 error("Couldn't construct message to sign: %s", ssh_err(r)); 176 goto done; 177 } 178 179 /* If using RSA keys then default to a good signature algorithm */ 180 if (sshkey_type_plain(key->type) == KEY_RSA) 181 sign_alg = RSA_SIGN_ALG; 182 183 if (signer != NULL) { 184 if ((r = signer(key, &sig, &slen, 185 sshbuf_ptr(tosign), sshbuf_len(tosign), 186 sign_alg, sk_provider, 0, signer_ctx)) != 0) { 187 error("Couldn't sign message: %s", ssh_err(r)); 188 goto done; 189 } 190 } else { 191 if ((r = sshkey_sign(key, &sig, &slen, 192 sshbuf_ptr(tosign), sshbuf_len(tosign), 193 sign_alg, sk_provider, 0)) != 0) { 194 error("Couldn't sign message: %s", ssh_err(r)); 195 goto done; 196 } 197 } 198 199 if ((r = sshbuf_put(blob, MAGIC_PREAMBLE, MAGIC_PREAMBLE_LEN)) != 0 || 200 (r = sshbuf_put_u32(blob, SIG_VERSION)) != 0 || 201 (r = sshkey_puts(key, blob)) != 0 || 202 (r = sshbuf_put_cstring(blob, sig_namespace)) != 0 || 203 (r = sshbuf_put_string(blob, NULL, 0)) != 0 || /* reserved */ 204 (r = sshbuf_put_cstring(blob, hashalg)) != 0 || 205 (r = sshbuf_put_string(blob, sig, slen)) != 0) { 206 error("Couldn't populate blob: %s", ssh_err(r)); 207 goto done; 208 } 209 210 if (out != NULL) { 211 *out = blob; 212 blob = NULL; 213 } 214 r = 0; 215 done: 216 free(sig); 217 sshbuf_free(blob); 218 sshbuf_free(tosign); 219 return r; 220 } 221 222 /* Check preamble and version. */ 223 static int 224 sshsig_parse_preamble(struct sshbuf *buf) 225 { 226 int r = SSH_ERR_INTERNAL_ERROR; 227 uint32_t sversion; 228 229 if ((r = sshbuf_cmp(buf, 0, MAGIC_PREAMBLE, MAGIC_PREAMBLE_LEN)) != 0 || 230 (r = sshbuf_consume(buf, (sizeof(MAGIC_PREAMBLE)-1))) != 0 || 231 (r = sshbuf_get_u32(buf, &sversion)) != 0) { 232 error("Couldn't verify signature: invalid format"); 233 return r; 234 } 235 236 if (sversion > SIG_VERSION) { 237 error("Signature version %lu is larger than supported " 238 "version %u", (unsigned long)sversion, SIG_VERSION); 239 return SSH_ERR_INVALID_FORMAT; 240 } 241 return 0; 242 } 243 244 static int 245 sshsig_check_hashalg(const char *hashalg) 246 { 247 if (hashalg == NULL || 248 match_pattern_list(hashalg, HASHALG_ALLOWED, 0) == 1) 249 return 0; 250 error("%s: unsupported hash algorithm \"%.100s\"", __func__, hashalg); 251 return SSH_ERR_SIGN_ALG_UNSUPPORTED; 252 } 253 254 static int 255 sshsig_peek_hashalg(struct sshbuf *signature, char **hashalgp) 256 { 257 struct sshbuf *buf = NULL; 258 char *hashalg = NULL; 259 int r = SSH_ERR_INTERNAL_ERROR; 260 261 if (hashalgp != NULL) 262 *hashalgp = NULL; 263 if ((buf = sshbuf_fromb(signature)) == NULL) 264 return SSH_ERR_ALLOC_FAIL; 265 if ((r = sshsig_parse_preamble(buf)) != 0) 266 goto done; 267 if ((r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0 || 268 (r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0 || 269 (r = sshbuf_get_string(buf, NULL, NULL)) != 0 || 270 (r = sshbuf_get_cstring(buf, &hashalg, NULL)) != 0 || 271 (r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0) { 272 error("Couldn't parse signature blob: %s", ssh_err(r)); 273 goto done; 274 } 275 276 /* success */ 277 r = 0; 278 *hashalgp = hashalg; 279 hashalg = NULL; 280 done: 281 free(hashalg); 282 sshbuf_free(buf); 283 return r; 284 } 285 286 static int 287 sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, 288 const struct sshbuf *h_message, const char *expect_namespace, 289 struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details) 290 { 291 int r = SSH_ERR_INTERNAL_ERROR; 292 struct sshbuf *buf = NULL, *toverify = NULL; 293 struct sshkey *key = NULL; 294 const u_char *sig; 295 char *got_namespace = NULL, *sigtype = NULL, *sig_hashalg = NULL; 296 size_t siglen; 297 298 debug("%s: verify message length %zu", __func__, sshbuf_len(h_message)); 299 if (sig_details != NULL) 300 *sig_details = NULL; 301 if (sign_keyp != NULL) 302 *sign_keyp = NULL; 303 304 if ((toverify = sshbuf_new()) == NULL) { 305 error("%s: sshbuf_new failed", __func__); 306 r = SSH_ERR_ALLOC_FAIL; 307 goto done; 308 } 309 if ((r = sshbuf_put(toverify, MAGIC_PREAMBLE, 310 MAGIC_PREAMBLE_LEN)) != 0 || 311 (r = sshbuf_put_cstring(toverify, expect_namespace)) != 0 || 312 (r = sshbuf_put_string(toverify, NULL, 0)) != 0 || /* reserved */ 313 (r = sshbuf_put_cstring(toverify, hashalg)) != 0 || 314 (r = sshbuf_put_stringb(toverify, h_message)) != 0) { 315 error("Couldn't construct message to verify: %s", ssh_err(r)); 316 goto done; 317 } 318 319 if ((r = sshsig_parse_preamble(signature)) != 0) 320 goto done; 321 322 if ((r = sshkey_froms(signature, &key)) != 0 || 323 (r = sshbuf_get_cstring(signature, &got_namespace, NULL)) != 0 || 324 (r = sshbuf_get_string(signature, NULL, NULL)) != 0 || 325 (r = sshbuf_get_cstring(signature, &sig_hashalg, NULL)) != 0 || 326 (r = sshbuf_get_string_direct(signature, &sig, &siglen)) != 0) { 327 error("Couldn't parse signature blob: %s", ssh_err(r)); 328 goto done; 329 } 330 331 if (sshbuf_len(signature) != 0) { 332 error("Signature contains trailing data"); 333 r = SSH_ERR_INVALID_FORMAT; 334 goto done; 335 } 336 337 if (strcmp(expect_namespace, got_namespace) != 0) { 338 error("Couldn't verify signature: namespace does not match"); 339 debug("%s: expected namespace \"%s\" received \"%s\"", 340 __func__, expect_namespace, got_namespace); 341 r = SSH_ERR_SIGNATURE_INVALID; 342 goto done; 343 } 344 if (strcmp(hashalg, sig_hashalg) != 0) { 345 error("Couldn't verify signature: hash algorithm mismatch"); 346 debug("%s: expected algorithm \"%s\" received \"%s\"", 347 __func__, hashalg, sig_hashalg); 348 r = SSH_ERR_SIGNATURE_INVALID; 349 goto done; 350 } 351 /* Ensure that RSA keys use an acceptable signature algorithm */ 352 if (sshkey_type_plain(key->type) == KEY_RSA) { 353 if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) { 354 error("Couldn't verify signature: unable to get " 355 "signature type: %s", ssh_err(r)); 356 goto done; 357 } 358 if (match_pattern_list(sigtype, RSA_SIGN_ALLOWED, 0) != 1) { 359 error("Couldn't verify signature: unsupported RSA " 360 "signature algorithm %s", sigtype); 361 r = SSH_ERR_SIGN_ALG_UNSUPPORTED; 362 goto done; 363 } 364 } 365 if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), 366 sshbuf_len(toverify), NULL, 0, sig_details)) != 0) { 367 error("Signature verification failed: %s", ssh_err(r)); 368 goto done; 369 } 370 371 /* success */ 372 r = 0; 373 if (sign_keyp != NULL) { 374 *sign_keyp = key; 375 key = NULL; /* transferred */ 376 } 377 done: 378 free(got_namespace); 379 free(sigtype); 380 free(sig_hashalg); 381 sshbuf_free(buf); 382 sshbuf_free(toverify); 383 sshkey_free(key); 384 return r; 385 } 386 387 static int 388 hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp) 389 { 390 char *hex, hash[SSH_DIGEST_MAX_LENGTH]; 391 int alg, r = SSH_ERR_INTERNAL_ERROR; 392 struct sshbuf *b = NULL; 393 394 *bp = NULL; 395 memset(hash, 0, sizeof(hash)); 396 397 if ((r = sshsig_check_hashalg(hashalg)) != 0) 398 return r; 399 if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { 400 error("%s: can't look up hash algorithm %s", 401 __func__, hashalg); 402 return SSH_ERR_INTERNAL_ERROR; 403 } 404 if ((r = ssh_digest_buffer(alg, m, hash, sizeof(hash))) != 0) { 405 error("%s: ssh_digest_buffer failed: %s", __func__, ssh_err(r)); 406 return r; 407 } 408 if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) { 409 debug3("%s: final hash: %s", __func__, hex); 410 freezero(hex, strlen(hex)); 411 } 412 if ((b = sshbuf_new()) == NULL) { 413 r = SSH_ERR_ALLOC_FAIL; 414 goto out; 415 } 416 if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) { 417 error("%s: sshbuf_put: %s", __func__, ssh_err(r)); 418 goto out; 419 } 420 *bp = b; 421 b = NULL; /* transferred */ 422 /* success */ 423 r = 0; 424 out: 425 sshbuf_free(b); 426 explicit_bzero(hash, sizeof(hash)); 427 return r; 428 } 429 430 int 431 sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider, 432 const struct sshbuf *message, const char *sig_namespace, 433 struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) 434 { 435 struct sshbuf *b = NULL; 436 int r = SSH_ERR_INTERNAL_ERROR; 437 438 if (hashalg == NULL) 439 hashalg = HASHALG_DEFAULT; 440 if (out != NULL) 441 *out = NULL; 442 if ((r = hash_buffer(message, hashalg, &b)) != 0) { 443 error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); 444 goto out; 445 } 446 if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, 447 sig_namespace, out, signer, signer_ctx)) != 0) 448 goto out; 449 /* success */ 450 r = 0; 451 out: 452 sshbuf_free(b); 453 return r; 454 } 455 456 int 457 sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, 458 const char *expect_namespace, struct sshkey **sign_keyp, 459 struct sshkey_sig_details **sig_details) 460 { 461 struct sshbuf *b = NULL; 462 int r = SSH_ERR_INTERNAL_ERROR; 463 char *hashalg = NULL; 464 465 if (sig_details != NULL) 466 *sig_details = NULL; 467 if (sign_keyp != NULL) 468 *sign_keyp = NULL; 469 if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) 470 return r; 471 debug("%s: signature made with hash \"%s\"", __func__, hashalg); 472 if ((r = hash_buffer(message, hashalg, &b)) != 0) { 473 error("%s: hash_buffer failed: %s", __func__, ssh_err(r)); 474 goto out; 475 } 476 if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, 477 sign_keyp, sig_details)) != 0) 478 goto out; 479 /* success */ 480 r = 0; 481 out: 482 sshbuf_free(b); 483 free(hashalg); 484 return r; 485 } 486 487 static int 488 hash_file(int fd, const char *hashalg, struct sshbuf **bp) 489 { 490 char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH]; 491 ssize_t n, total = 0; 492 struct ssh_digest_ctx *ctx; 493 int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR; 494 struct sshbuf *b = NULL; 495 496 *bp = NULL; 497 memset(hash, 0, sizeof(hash)); 498 499 if ((r = sshsig_check_hashalg(hashalg)) != 0) 500 return r; 501 if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { 502 error("%s: can't look up hash algorithm %s", 503 __func__, hashalg); 504 return SSH_ERR_INTERNAL_ERROR; 505 } 506 if ((ctx = ssh_digest_start(alg)) == NULL) { 507 error("%s: ssh_digest_start failed", __func__); 508 return SSH_ERR_INTERNAL_ERROR; 509 } 510 for (;;) { 511 if ((n = read(fd, rbuf, sizeof(rbuf))) == -1) { 512 if (errno == EINTR || errno == EAGAIN) 513 continue; 514 oerrno = errno; 515 error("%s: read: %s", __func__, strerror(errno)); 516 ssh_digest_free(ctx); 517 errno = oerrno; 518 r = SSH_ERR_SYSTEM_ERROR; 519 goto out; 520 } else if (n == 0) { 521 debug2("%s: hashed %zu bytes", __func__, total); 522 break; /* EOF */ 523 } 524 total += (size_t)n; 525 if ((r = ssh_digest_update(ctx, rbuf, (size_t)n)) != 0) { 526 error("%s: ssh_digest_update: %s", 527 __func__, ssh_err(r)); 528 goto out; 529 } 530 } 531 if ((r = ssh_digest_final(ctx, hash, sizeof(hash))) != 0) { 532 error("%s: ssh_digest_final: %s", __func__, ssh_err(r)); 533 goto out; 534 } 535 if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) { 536 debug3("%s: final hash: %s", __func__, hex); 537 freezero(hex, strlen(hex)); 538 } 539 if ((b = sshbuf_new()) == NULL) { 540 r = SSH_ERR_ALLOC_FAIL; 541 goto out; 542 } 543 if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) { 544 error("%s: sshbuf_put: %s", __func__, ssh_err(r)); 545 goto out; 546 } 547 *bp = b; 548 b = NULL; /* transferred */ 549 /* success */ 550 r = 0; 551 out: 552 sshbuf_free(b); 553 ssh_digest_free(ctx); 554 explicit_bzero(hash, sizeof(hash)); 555 return r; 556 } 557 558 int 559 sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider, 560 int fd, const char *sig_namespace, struct sshbuf **out, 561 sshsig_signer *signer, void *signer_ctx) 562 { 563 struct sshbuf *b = NULL; 564 int r = SSH_ERR_INTERNAL_ERROR; 565 566 if (hashalg == NULL) 567 hashalg = HASHALG_DEFAULT; 568 if (out != NULL) 569 *out = NULL; 570 if ((r = hash_file(fd, hashalg, &b)) != 0) { 571 error("%s: hash_file failed: %s", __func__, ssh_err(r)); 572 return r; 573 } 574 if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b, 575 sig_namespace, out, signer, signer_ctx)) != 0) 576 goto out; 577 /* success */ 578 r = 0; 579 out: 580 sshbuf_free(b); 581 return r; 582 } 583 584 int 585 sshsig_verify_fd(struct sshbuf *signature, int fd, 586 const char *expect_namespace, struct sshkey **sign_keyp, 587 struct sshkey_sig_details **sig_details) 588 { 589 struct sshbuf *b = NULL; 590 int r = SSH_ERR_INTERNAL_ERROR; 591 char *hashalg = NULL; 592 593 if (sig_details != NULL) 594 *sig_details = NULL; 595 if (sign_keyp != NULL) 596 *sign_keyp = NULL; 597 if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) 598 return r; 599 debug("%s: signature made with hash \"%s\"", __func__, hashalg); 600 if ((r = hash_file(fd, hashalg, &b)) != 0) { 601 error("%s: hash_file failed: %s", __func__, ssh_err(r)); 602 goto out; 603 } 604 if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, 605 sign_keyp, sig_details)) != 0) 606 goto out; 607 /* success */ 608 r = 0; 609 out: 610 sshbuf_free(b); 611 free(hashalg); 612 return r; 613 } 614 615 struct sshsigopt { 616 int ca; 617 char *namespaces; 618 }; 619 620 struct sshsigopt * 621 sshsigopt_parse(const char *opts, const char *path, u_long linenum, 622 const char **errstrp) 623 { 624 struct sshsigopt *ret; 625 int r; 626 const char *errstr = NULL; 627 628 if ((ret = calloc(1, sizeof(*ret))) == NULL) 629 return NULL; 630 if (opts == NULL || *opts == '\0') 631 return ret; /* Empty options yields empty options :) */ 632 633 while (*opts && *opts != ' ' && *opts != '\t') { 634 /* flag options */ 635 if ((r = opt_flag("cert-authority", 0, &opts)) != -1) { 636 ret->ca = 1; 637 } else if (opt_match(&opts, "namespaces")) { 638 if (ret->namespaces != NULL) { 639 errstr = "multiple \"namespaces\" clauses"; 640 goto fail; 641 } 642 ret->namespaces = opt_dequote(&opts, &errstr); 643 if (ret->namespaces == NULL) 644 goto fail; 645 } 646 /* 647 * Skip the comma, and move to the next option 648 * (or break out if there are no more). 649 */ 650 if (*opts == '\0' || *opts == ' ' || *opts == '\t') 651 break; /* End of options. */ 652 /* Anything other than a comma is an unknown option */ 653 if (*opts != ',') { 654 errstr = "unknown key option"; 655 goto fail; 656 } 657 opts++; 658 if (*opts == '\0') { 659 errstr = "unexpected end-of-options"; 660 goto fail; 661 } 662 } 663 /* success */ 664 return ret; 665 fail: 666 if (errstrp != NULL) 667 *errstrp = errstr; 668 sshsigopt_free(ret); 669 return NULL; 670 } 671 672 void 673 sshsigopt_free(struct sshsigopt *opts) 674 { 675 if (opts == NULL) 676 return; 677 free(opts->namespaces); 678 free(opts); 679 } 680 681 static int 682 parse_principals_key_and_options(const char *path, u_long linenum, char *line, 683 const char *required_principal, char **principalsp, struct sshkey **keyp, 684 struct sshsigopt **sigoptsp) 685 { 686 char *opts = NULL, *tmp, *cp, *principals = NULL; 687 const char *reason = NULL; 688 struct sshsigopt *sigopts = NULL; 689 struct sshkey *key = NULL; 690 int r = SSH_ERR_INTERNAL_ERROR; 691 692 if (principalsp != NULL) 693 *principalsp = NULL; 694 if (sigoptsp != NULL) 695 *sigoptsp = NULL; 696 if (keyp != NULL) 697 *keyp = NULL; 698 699 cp = line; 700 cp = cp + strspn(cp, " \t"); /* skip leading whitespace */ 701 if (*cp == '#' || *cp == '\0') 702 return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */ 703 704 /* format: identity[,identity...] [option[,option...]] key */ 705 if ((tmp = strdelimw(&cp)) == NULL) { 706 error("%s:%lu: invalid line", path, linenum); 707 r = SSH_ERR_INVALID_FORMAT; 708 goto out; 709 } 710 if ((principals = strdup(tmp)) == NULL) { 711 error("%s: strdup failed", __func__); 712 r = SSH_ERR_ALLOC_FAIL; 713 goto out; 714 } 715 /* 716 * Bail out early if we're looking for a particular principal and this 717 * line does not list it. 718 */ 719 if (required_principal != NULL) { 720 if (match_pattern_list(required_principal, 721 principals, 0) != 1) { 722 /* principal didn't match */ 723 r = SSH_ERR_KEY_NOT_FOUND; 724 goto out; 725 } 726 debug("%s: %s:%lu: matched principal \"%s\"", 727 __func__, path, linenum, required_principal); 728 } 729 730 if ((key = sshkey_new(KEY_UNSPEC)) == NULL) { 731 error("%s: sshkey_new failed", __func__); 732 r = SSH_ERR_ALLOC_FAIL; 733 goto out; 734 } 735 if (sshkey_read(key, &cp) != 0) { 736 /* no key? Check for options */ 737 opts = cp; 738 if (sshkey_advance_past_options(&cp) != 0) { 739 error("%s:%lu: invalid options", path, linenum); 740 r = SSH_ERR_INVALID_FORMAT; 741 goto out; 742 } 743 *cp++ = '\0'; 744 skip_space(&cp); 745 if (sshkey_read(key, &cp) != 0) { 746 error("%s:%lu: invalid key", path, linenum); 747 r = SSH_ERR_INVALID_FORMAT; 748 goto out; 749 } 750 } 751 debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts); 752 if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) { 753 error("%s:%lu: bad options: %s", path, linenum, reason); 754 r = SSH_ERR_INVALID_FORMAT; 755 goto out; 756 } 757 /* success */ 758 if (principalsp != NULL) { 759 *principalsp = principals; 760 principals = NULL; /* transferred */ 761 } 762 if (sigoptsp != NULL) { 763 *sigoptsp = sigopts; 764 sigopts = NULL; /* transferred */ 765 } 766 if (keyp != NULL) { 767 *keyp = key; 768 key = NULL; /* transferred */ 769 } 770 r = 0; 771 out: 772 free(principals); 773 sshsigopt_free(sigopts); 774 sshkey_free(key); 775 return r; 776 } 777 778 static int 779 check_allowed_keys_line(const char *path, u_long linenum, char *line, 780 const struct sshkey *sign_key, const char *principal, 781 const char *sig_namespace) 782 { 783 struct sshkey *found_key = NULL; 784 int r, found = 0; 785 const char *reason = NULL; 786 struct sshsigopt *sigopts = NULL; 787 788 /* Parse the line */ 789 if ((r = parse_principals_key_and_options(path, linenum, line, 790 principal, NULL, &found_key, &sigopts)) != 0) { 791 /* error already logged */ 792 goto done; 793 } 794 795 /* Check whether options preclude the use of this key */ 796 if (sigopts->namespaces != NULL && 797 match_pattern_list(sig_namespace, sigopts->namespaces, 0) != 1) { 798 error("%s:%lu: key is not permitted for use in signature " 799 "namespace \"%s\"", path, linenum, sig_namespace); 800 goto done; 801 } 802 803 if (!sigopts->ca && sshkey_equal(found_key, sign_key)) { 804 /* Exact match of key */ 805 debug("%s:%lu: matched key and principal", path, linenum); 806 /* success */ 807 found = 1; 808 } else if (sigopts->ca && sshkey_is_cert(sign_key) && 809 sshkey_equal_public(sign_key->cert->signature_key, found_key)) { 810 /* Match of certificate's CA key */ 811 if ((r = sshkey_cert_check_authority(sign_key, 0, 1, 812 principal, &reason)) != 0) { 813 error("%s:%lu: certificate not authorized: %s", 814 path, linenum, reason); 815 goto done; 816 } 817 debug("%s:%lu: matched certificate CA key", path, linenum); 818 /* success */ 819 found = 1; 820 } else { 821 /* Principal matched but key didn't */ 822 goto done; 823 } 824 done: 825 sshkey_free(found_key); 826 sshsigopt_free(sigopts); 827 return found ? 0 : SSH_ERR_KEY_NOT_FOUND; 828 } 829 830 int 831 sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, 832 const char *principal, const char *sig_namespace) 833 { 834 FILE *f = NULL; 835 char *line = NULL; 836 size_t linesize = 0; 837 u_long linenum = 0; 838 int r = SSH_ERR_INTERNAL_ERROR, oerrno; 839 840 /* Check key and principal against file */ 841 if ((f = fopen(path, "r")) == NULL) { 842 oerrno = errno; 843 error("Unable to open allowed keys file \"%s\": %s", 844 path, strerror(errno)); 845 errno = oerrno; 846 return SSH_ERR_SYSTEM_ERROR; 847 } 848 849 while (getline(&line, &linesize, f) != -1) { 850 linenum++; 851 r = check_allowed_keys_line(path, linenum, line, sign_key, 852 principal, sig_namespace); 853 free(line); 854 line = NULL; 855 if (r == SSH_ERR_KEY_NOT_FOUND) 856 continue; 857 else if (r == 0) { 858 /* success */ 859 fclose(f); 860 return 0; 861 } else 862 break; 863 } 864 /* Either we hit an error parsing or we simply didn't find the key */ 865 fclose(f); 866 free(line); 867 return r == 0 ? SSH_ERR_KEY_NOT_FOUND : r; 868 } 869 870 static int 871 cert_filter_principals(const char *path, u_long linenum, 872 char **principalsp, const struct sshkey *cert) 873 { 874 char *cp, *oprincipals, *principals; 875 const char *reason; 876 struct sshbuf *nprincipals; 877 int r = SSH_ERR_INTERNAL_ERROR, success = 0; 878 879 oprincipals = principals = *principalsp; 880 *principalsp = NULL; 881 882 if ((nprincipals = sshbuf_new()) == NULL) { 883 r = SSH_ERR_ALLOC_FAIL; 884 goto out; 885 } 886 887 while ((cp = strsep(&principals, ",")) != NULL && *cp != '\0') { 888 if (strcspn(cp, "!?*") != strlen(cp)) { 889 debug("%s:%lu: principal \"%s\" not authorized: " 890 "contains wildcards", path, linenum, cp); 891 continue; 892 } 893 /* Check against principals list in certificate */ 894 if ((r = sshkey_cert_check_authority(cert, 0, 1, 895 cp, &reason)) != 0) { 896 debug("%s:%lu: principal \"%s\" not authorized: %s", 897 path, linenum, cp, reason); 898 continue; 899 } 900 if ((r = sshbuf_putf(nprincipals, "%s%s", 901 sshbuf_len(nprincipals) != 0 ? "," : "", cp)) != 0) { 902 error("%s: buffer error", __func__); 903 goto out; 904 } 905 } 906 if (sshbuf_len(nprincipals) == 0) { 907 error("%s:%lu: no valid principals found", path, linenum); 908 r = SSH_ERR_KEY_CERT_INVALID; 909 goto out; 910 } 911 if ((principals = sshbuf_dup_string(nprincipals)) == NULL) { 912 error("%s: buffer error", __func__); 913 goto out; 914 } 915 /* success */ 916 success = 1; 917 *principalsp = principals; 918 out: 919 sshbuf_free(nprincipals); 920 free(oprincipals); 921 return success ? 0 : r; 922 } 923 924 static int 925 get_matching_principals_from_line(const char *path, u_long linenum, char *line, 926 const struct sshkey *sign_key, char **principalsp) 927 { 928 struct sshkey *found_key = NULL; 929 char *principals = NULL; 930 int r, found = 0; 931 struct sshsigopt *sigopts = NULL; 932 933 if (principalsp != NULL) 934 *principalsp = NULL; 935 936 /* Parse the line */ 937 if ((r = parse_principals_key_and_options(path, linenum, line, 938 NULL, &principals, &found_key, &sigopts)) != 0) { 939 /* error already logged */ 940 goto done; 941 } 942 943 if (!sigopts->ca && sshkey_equal(found_key, sign_key)) { 944 /* Exact match of key */ 945 debug("%s:%lu: matched key", path, linenum); 946 /* success */ 947 found = 1; 948 } else if (sigopts->ca && sshkey_is_cert(sign_key) && 949 sshkey_equal_public(sign_key->cert->signature_key, found_key)) { 950 /* Remove principals listed in file but not allowed by cert */ 951 if ((r = cert_filter_principals(path, linenum, 952 &principals, sign_key)) != 0) { 953 /* error already displayed */ 954 debug("%s:%lu: cert_filter_principals: %s", 955 path, linenum, ssh_err(r)); 956 goto done; 957 } 958 debug("%s:%lu: matched certificate CA key", path, linenum); 959 /* success */ 960 found = 1; 961 } else { 962 /* Key didn't match */ 963 goto done; 964 } 965 done: 966 if (found && principalsp != NULL) { 967 *principalsp = principals; 968 principals = NULL; /* transferred */ 969 } 970 free(principals); 971 sshkey_free(found_key); 972 sshsigopt_free(sigopts); 973 return found ? 0 : SSH_ERR_KEY_NOT_FOUND; 974 } 975 976 int 977 sshsig_find_principals(const char *path, const struct sshkey *sign_key, 978 char **principals) 979 { 980 FILE *f = NULL; 981 char *line = NULL; 982 size_t linesize = 0; 983 u_long linenum = 0; 984 int r = SSH_ERR_INTERNAL_ERROR, oerrno; 985 986 if ((f = fopen(path, "r")) == NULL) { 987 oerrno = errno; 988 error("Unable to open allowed keys file \"%s\": %s", 989 path, strerror(errno)); 990 errno = oerrno; 991 return SSH_ERR_SYSTEM_ERROR; 992 } 993 994 while (getline(&line, &linesize, f) != -1) { 995 linenum++; 996 r = get_matching_principals_from_line(path, linenum, line, 997 sign_key, principals); 998 free(line); 999 line = NULL; 1000 if (r == SSH_ERR_KEY_NOT_FOUND) 1001 continue; 1002 else if (r == 0) { 1003 /* success */ 1004 fclose(f); 1005 return 0; 1006 } else 1007 break; 1008 } 1009 free(line); 1010 /* Either we hit an error parsing or we simply didn't find the key */ 1011 if (ferror(f) != 0) { 1012 oerrno = errno; 1013 fclose(f); 1014 error("Unable to read allowed keys file \"%s\": %s", 1015 path, strerror(errno)); 1016 errno = oerrno; 1017 return SSH_ERR_SYSTEM_ERROR; 1018 } 1019 fclose(f); 1020 return r == 0 ? SSH_ERR_KEY_NOT_FOUND : r; 1021 } 1022 1023 int 1024 sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey) 1025 { 1026 struct sshkey *pk = NULL; 1027 int r = SSH_ERR_SIGNATURE_INVALID; 1028 1029 if (pubkey == NULL) 1030 return SSH_ERR_INTERNAL_ERROR; 1031 if ((r = sshsig_parse_preamble(signature)) != 0) 1032 return r; 1033 if ((r = sshkey_froms(signature, &pk)) != 0) 1034 return r; 1035 1036 *pubkey = pk; 1037 pk = NULL; 1038 return 0; 1039 } 1040