version 1.50, 2001/12/28 14:50:54 |
version 1.51, 2002/03/14 16:56:33 |
|
|
* description of the options. |
* description of the options. |
*/ |
*/ |
|
|
|
static BIGNUM * |
|
auth_rsa_generate_challenge(Key *key) |
|
{ |
|
BIGNUM *challenge; |
|
BN_CTX *ctx; |
|
|
|
if ((challenge = BN_new()) == NULL) |
|
fatal("auth_rsa_generate_challenge: BN_new() failed"); |
|
/* Generate a random challenge. */ |
|
BN_rand(challenge, 256, 0, 0); |
|
if ((ctx = BN_CTX_new()) == NULL) |
|
fatal("auth_rsa_generate_challenge: BN_CTX_new() failed"); |
|
BN_mod(challenge, challenge, key->rsa->n, ctx); |
|
BN_CTX_free(ctx); |
|
|
|
return challenge; |
|
} |
|
|
|
static int |
|
auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) |
|
{ |
|
u_char buf[32], mdbuf[16]; |
|
MD5_CTX md; |
|
int len; |
|
|
|
/* The response is MD5 of decrypted challenge plus session id. */ |
|
len = BN_num_bytes(challenge); |
|
if (len <= 0 || len > 32) |
|
fatal("auth_rsa_verify_response: bad challenge length %d", len); |
|
memset(buf, 0, 32); |
|
BN_bn2bin(challenge, buf + 32 - len); |
|
MD5_Init(&md); |
|
MD5_Update(&md, buf, 32); |
|
MD5_Update(&md, session_id, 16); |
|
MD5_Final(mdbuf, &md); |
|
|
|
/* Verify that the response is the original challenge. */ |
|
if (memcmp(response, mdbuf, 16) != 0) { |
|
/* Wrong answer. */ |
|
return (0); |
|
} |
|
/* Correct answer. */ |
|
return (1); |
|
} |
|
|
/* |
/* |
* Performs the RSA authentication challenge-response dialog with the client, |
* Performs the RSA authentication challenge-response dialog with the client, |
* and returns true (non-zero) if the client gave the correct answer to |
* and returns true (non-zero) if the client gave the correct answer to |
|
|
*/ |
*/ |
|
|
int |
int |
auth_rsa_challenge_dialog(RSA *pk) |
auth_rsa_challenge_dialog(Key *key) |
{ |
{ |
BIGNUM *challenge, *encrypted_challenge; |
BIGNUM *challenge, *encrypted_challenge; |
BN_CTX *ctx; |
u_char response[16]; |
u_char buf[32], mdbuf[16], response[16]; |
int i, success; |
MD5_CTX md; |
|
u_int i; |
|
int len; |
|
|
|
if ((encrypted_challenge = BN_new()) == NULL) |
if ((encrypted_challenge = BN_new()) == NULL) |
fatal("auth_rsa_challenge_dialog: BN_new() failed"); |
fatal("auth_rsa_challenge_dialog: BN_new() failed"); |
if ((challenge = BN_new()) == NULL) |
|
fatal("auth_rsa_challenge_dialog: BN_new() failed"); |
|
|
|
/* Generate a random challenge. */ |
challenge = auth_rsa_generate_challenge(key); |
BN_rand(challenge, 256, 0, 0); |
|
if ((ctx = BN_CTX_new()) == NULL) |
|
fatal("auth_rsa_challenge_dialog: BN_CTX_new() failed"); |
|
BN_mod(challenge, challenge, pk->n, ctx); |
|
BN_CTX_free(ctx); |
|
|
|
/* Encrypt the challenge with the public key. */ |
/* Encrypt the challenge with the public key. */ |
rsa_public_encrypt(encrypted_challenge, challenge, pk); |
rsa_public_encrypt(encrypted_challenge, challenge, key->rsa); |
|
|
/* Send the encrypted challenge to the client. */ |
/* Send the encrypted challenge to the client. */ |
packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); |
packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); |
|
|
response[i] = packet_get_char(); |
response[i] = packet_get_char(); |
packet_check_eom(); |
packet_check_eom(); |
|
|
/* The response is MD5 of decrypted challenge plus session id. */ |
success = auth_rsa_verify_response(key, challenge, response); |
len = BN_num_bytes(challenge); |
|
if (len <= 0 || len > 32) |
|
fatal("auth_rsa_challenge_dialog: bad challenge length %d", len); |
|
memset(buf, 0, 32); |
|
BN_bn2bin(challenge, buf + 32 - len); |
|
MD5_Init(&md); |
|
MD5_Update(&md, buf, 32); |
|
MD5_Update(&md, session_id, 16); |
|
MD5_Final(mdbuf, &md); |
|
BN_clear_free(challenge); |
BN_clear_free(challenge); |
|
return (success); |
/* Verify that the response is the original challenge. */ |
|
if (memcmp(response, mdbuf, 16) != 0) { |
|
/* Wrong answer. */ |
|
return 0; |
|
} |
|
/* Correct answer. */ |
|
return 1; |
|
} |
} |
|
|
/* |
/* |
* Performs the RSA authentication dialog with the client. This returns |
* check if there's user key matching client_n, |
* 0 if the client could not be authenticated, and 1 if authentication was |
* return key if login is allowed, NULL otherwise |
* successful. This may exit if there is a serious protocol violation. |
|
*/ |
*/ |
|
|
int |
static int |
auth_rsa(struct passwd *pw, BIGNUM *client_n) |
auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) |
{ |
{ |
char line[8192], *file; |
char line[8192], *file; |
int authenticated; |
int allowed; |
u_int bits; |
u_int bits; |
FILE *f; |
FILE *f; |
u_long linenum = 0; |
u_long linenum = 0; |
struct stat st; |
struct stat st; |
Key *key; |
Key *key; |
char *fp; |
|
|
|
/* no user given */ |
|
if (pw == NULL) |
|
return 0; |
|
|
|
/* Temporarily use the user's uid. */ |
/* Temporarily use the user's uid. */ |
temporarily_use_uid(pw); |
temporarily_use_uid(pw); |
|
|
|
|
/* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
restore_uid(); |
restore_uid(); |
xfree(file); |
xfree(file); |
return 0; |
return (NULL); |
} |
} |
/* Open the file containing the authorized keys. */ |
/* Open the file containing the authorized keys. */ |
f = fopen(file, "r"); |
f = fopen(file, "r"); |
if (!f) { |
if (!f) { |
/* Restore the privileged uid. */ |
/* Restore the privileged uid. */ |
restore_uid(); |
restore_uid(); |
packet_send_debug("Could not open %.900s for reading.", file); |
|
packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); |
|
xfree(file); |
xfree(file); |
return 0; |
return (NULL); |
} |
} |
if (options.strict_modes && |
if (options.strict_modes && |
secure_filename(f, file, pw, line, sizeof(line)) != 0) { |
secure_filename(f, file, pw, line, sizeof(line)) != 0) { |
xfree(file); |
xfree(file); |
fclose(f); |
fclose(f); |
log("Authentication refused: %s", line); |
log("Authentication refused: %s", line); |
packet_send_debug("Authentication refused: %s", line); |
|
restore_uid(); |
restore_uid(); |
return 0; |
return (NULL); |
} |
} |
/* Flag indicating whether authentication has succeeded. */ |
|
authenticated = 0; |
|
|
|
|
/* Flag indicating whether the key is allowed. */ |
|
allowed = 0; |
|
|
key = key_new(KEY_RSA1); |
key = key_new(KEY_RSA1); |
|
|
/* |
/* |
|
|
if (!auth_parse_options(pw, options, file, linenum)) |
if (!auth_parse_options(pw, options, file, linenum)) |
continue; |
continue; |
|
|
/* Perform the challenge-response dialog for this key. */ |
/* break out, this key is allowed */ |
if (!auth_rsa_challenge_dialog(key->rsa)) { |
allowed = 1; |
/* Wrong response. */ |
|
verbose("Wrong response to RSA authentication challenge."); |
|
packet_send_debug("Wrong response to RSA authentication challenge."); |
|
/* |
|
* Break out of the loop. Otherwise we might send |
|
* another challenge and break the protocol. |
|
*/ |
|
break; |
|
} |
|
/* |
|
* Correct response. The client has been successfully |
|
* authenticated. Note that we have not yet processed the |
|
* options; this will be reset if the options cause the |
|
* authentication to be rejected. |
|
* Break out of the loop if authentication was successful; |
|
* otherwise continue searching. |
|
*/ |
|
authenticated = 1; |
|
|
|
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
|
verbose("Found matching %s key: %s", |
|
key_type(key), fp); |
|
xfree(fp); |
|
|
|
break; |
break; |
} |
} |
|
|
|
|
xfree(file); |
xfree(file); |
fclose(f); |
fclose(f); |
|
|
key_free(key); |
/* return key if allowed */ |
|
if (allowed && rkey != NULL) |
if (authenticated) |
*rkey = key; |
packet_send_debug("RSA authentication accepted."); |
|
else |
else |
|
key_free(key); |
|
return (allowed); |
|
} |
|
|
|
/* |
|
* Performs the RSA authentication dialog with the client. This returns |
|
* 0 if the client could not be authenticated, and 1 if authentication was |
|
* successful. This may exit if there is a serious protocol violation. |
|
*/ |
|
int |
|
auth_rsa(struct passwd *pw, BIGNUM *client_n) |
|
{ |
|
Key *key; |
|
char *fp; |
|
|
|
/* no user given */ |
|
if (pw == NULL) |
|
return 0; |
|
|
|
if (auth_rsa_key_allowed(pw, client_n, &key) == 0) { |
auth_clear_options(); |
auth_clear_options(); |
|
return (0); |
|
} |
|
|
/* Return authentication result. */ |
/* Perform the challenge-response dialog for this key. */ |
return authenticated; |
if (!auth_rsa_challenge_dialog(key)) { |
|
/* Wrong response. */ |
|
verbose("Wrong response to RSA authentication challenge."); |
|
packet_send_debug("Wrong response to RSA authentication challenge."); |
|
/* |
|
* Break out of the loop. Otherwise we might send |
|
* another challenge and break the protocol. |
|
*/ |
|
key_free(key); |
|
return (0); |
|
} |
|
/* |
|
* Correct response. The client has been successfully |
|
* authenticated. Note that we have not yet processed the |
|
* options; this will be reset if the options cause the |
|
* authentication to be rejected. |
|
*/ |
|
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
|
verbose("Found matching %s key: %s", |
|
key_type(key), fp); |
|
xfree(fp); |
|
key_free(key); |
|
|
|
packet_send_debug("RSA authentication accepted."); |
|
return (1); |
} |
} |