Annotation of src/usr.bin/ssh/authfile.c, Revision 1.106
1.106 ! markus 1: /* $OpenBSD: authfile.c,v 1.105 2014/04/28 03:09:18 djm Exp $ */
1.1 deraadt 2: /*
1.9 deraadt 3: * Author: Tatu Ylonen <ylo@cs.hut.fi>
4: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5: * All rights reserved
6: * This file contains functions for reading and writing identity files, and
7: * for reading the passphrase from the user.
1.14 markus 8: *
1.19 deraadt 9: * As far as I am concerned, the code I have written for this software
10: * can be used freely for any purpose. Any derived versions of this
11: * software must be clearly marked as such, and if the derived work is
12: * incompatible with the protocol description in the RFC file, it must be
13: * called by a name other than "ssh" or "Secure Shell".
14: *
15: *
1.99 markus 16: * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
1.19 deraadt 17: *
18: * Redistribution and use in source and binary forms, with or without
19: * modification, are permitted provided that the following conditions
20: * are met:
21: * 1. Redistributions of source code must retain the above copyright
22: * notice, this list of conditions and the following disclaimer.
23: * 2. Redistributions in binary form must reproduce the above copyright
24: * notice, this list of conditions and the following disclaimer in the
25: * documentation and/or other materials provided with the distribution.
26: *
27: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.9 deraadt 37: */
1.1 deraadt 38:
1.62 stevesk 39:
40: #include <sys/types.h>
41: #include <sys/stat.h>
1.72 stevesk 42: #include <sys/param.h>
1.76 deraadt 43: #include <sys/uio.h>
1.1 deraadt 44:
1.106 ! markus 45: #ifdef WITH_OPENSSL
1.21 markus 46: #include <openssl/err.h>
1.25 markus 47: #include <openssl/evp.h>
1.15 markus 48: #include <openssl/pem.h>
1.106 ! markus 49: #endif
1.68 stevesk 50:
1.100 markus 51: #include "crypto_api.h"
52:
1.69 stevesk 53: #include <errno.h>
1.68 stevesk 54: #include <fcntl.h>
1.74 stevesk 55: #include <stdio.h>
1.73 stevesk 56: #include <stdlib.h>
1.71 stevesk 57: #include <string.h>
1.70 stevesk 58: #include <unistd.h>
1.15 markus 59:
1.99 markus 60: #include <util.h>
61:
1.76 deraadt 62: #include "xmalloc.h"
1.25 markus 63: #include "cipher.h"
1.1 deraadt 64: #include "buffer.h"
1.25 markus 65: #include "key.h"
1.1 deraadt 66: #include "ssh.h"
1.25 markus 67: #include "log.h"
1.27 itojun 68: #include "authfile.h"
1.44 markus 69: #include "rsa.h"
1.60 dtucker 70: #include "misc.h"
1.61 djm 71: #include "atomicio.h"
1.99 markus 72: #include "uuencode.h"
73:
74: /* openssh private key file format */
75: #define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n"
76: #define MARK_END "-----END OPENSSH PRIVATE KEY-----\n"
77: #define KDFNAME "bcrypt"
78: #define AUTH_MAGIC "openssh-key-v1"
79: #define SALT_LEN 16
80: #define DEFAULT_CIPHERNAME "aes256-cbc"
81: #define DEFAULT_ROUNDS 16
1.1 deraadt 82:
1.88 djm 83: #define MAX_KEY_FILE_SIZE (1024 * 1024)
84:
1.29 markus 85: /* Version identification string for SSH v1 identity files. */
1.26 stevesk 86: static const char authfile_id_string[] =
87: "SSH PRIVATE KEY FILE FORMAT 1.1\n";
1.1 deraadt 88:
1.99 markus 89: static int
90: key_private_to_blob2(Key *prv, Buffer *blob, const char *passphrase,
91: const char *comment, const char *ciphername, int rounds)
92: {
93: u_char *key, *cp, salt[SALT_LEN];
94: size_t keylen, ivlen, blocksize, authlen;
95: u_int len, check;
96: int i, n;
97: const Cipher *c;
98: Buffer encoded, b, kdf;
99: CipherContext ctx;
100: const char *kdfname = KDFNAME;
101:
102: if (rounds <= 0)
103: rounds = DEFAULT_ROUNDS;
104: if (passphrase == NULL || !strlen(passphrase)) {
105: ciphername = "none";
106: kdfname = "none";
107: } else if (ciphername == NULL)
108: ciphername = DEFAULT_CIPHERNAME;
109: else if (cipher_number(ciphername) != SSH_CIPHER_SSH2)
110: fatal("invalid cipher");
111:
112: if ((c = cipher_by_name(ciphername)) == NULL)
113: fatal("unknown cipher name");
114: buffer_init(&kdf);
115: blocksize = cipher_blocksize(c);
116: keylen = cipher_keylen(c);
117: ivlen = cipher_ivlen(c);
118: authlen = cipher_authlen(c);
119: key = xcalloc(1, keylen + ivlen);
120: if (strcmp(kdfname, "none") != 0) {
121: arc4random_buf(salt, SALT_LEN);
122: if (bcrypt_pbkdf(passphrase, strlen(passphrase),
123: salt, SALT_LEN, key, keylen + ivlen, rounds) < 0)
124: fatal("bcrypt_pbkdf failed");
125: buffer_put_string(&kdf, salt, SALT_LEN);
126: buffer_put_int(&kdf, rounds);
127: }
128: cipher_init(&ctx, c, key, keylen, key + keylen , ivlen, 1);
1.103 djm 129: explicit_bzero(key, keylen + ivlen);
1.99 markus 130: free(key);
131:
132: buffer_init(&encoded);
133: buffer_append(&encoded, AUTH_MAGIC, sizeof(AUTH_MAGIC));
134: buffer_put_cstring(&encoded, ciphername);
135: buffer_put_cstring(&encoded, kdfname);
136: buffer_put_string(&encoded, buffer_ptr(&kdf), buffer_len(&kdf));
137: buffer_put_int(&encoded, 1); /* number of keys */
138: key_to_blob(prv, &cp, &len); /* public key */
139: buffer_put_string(&encoded, cp, len);
140:
1.103 djm 141: explicit_bzero(cp, len);
1.99 markus 142: free(cp);
143:
144: buffer_free(&kdf);
145:
146: /* set up the buffer that will be encrypted */
147: buffer_init(&b);
148:
149: /* Random check bytes */
150: check = arc4random();
151: buffer_put_int(&b, check);
152: buffer_put_int(&b, check);
153:
154: /* append private key and comment*/
155: key_private_serialize(prv, &b);
156: buffer_put_cstring(&b, comment);
157:
158: /* padding */
159: i = 0;
160: while (buffer_len(&b) % blocksize)
161: buffer_put_char(&b, ++i & 0xff);
162:
163: /* length */
164: buffer_put_int(&encoded, buffer_len(&b));
165:
166: /* encrypt */
167: cp = buffer_append_space(&encoded, buffer_len(&b) + authlen);
168: if (cipher_crypt(&ctx, 0, cp, buffer_ptr(&b), buffer_len(&b), 0,
169: authlen) != 0)
170: fatal("%s: cipher_crypt failed", __func__);
171: buffer_free(&b);
172: cipher_cleanup(&ctx);
173:
174: /* uuencode */
175: len = 2 * buffer_len(&encoded);
176: cp = xmalloc(len);
177: n = uuencode(buffer_ptr(&encoded), buffer_len(&encoded),
178: (char *)cp, len);
179: if (n < 0)
180: fatal("%s: uuencode", __func__);
181:
182: buffer_clear(blob);
183: buffer_append(blob, MARK_BEGIN, sizeof(MARK_BEGIN) - 1);
184: for (i = 0; i < n; i++) {
185: buffer_put_char(blob, cp[i]);
186: if (i % 70 == 69)
187: buffer_put_char(blob, '\n');
188: }
189: if (i % 70 != 69)
190: buffer_put_char(blob, '\n');
191: buffer_append(blob, MARK_END, sizeof(MARK_END) - 1);
192: free(cp);
193:
194: return buffer_len(blob);
195: }
196:
197: static Key *
198: key_parse_private2(Buffer *blob, int type, const char *passphrase,
199: char **commentp)
200: {
201: u_char *key = NULL, *cp, *salt = NULL, pad, last;
1.105 djm 202: char *comment = NULL, *ciphername = NULL, *kdfname = NULL;
203: const u_char *kdfp;
1.99 markus 204: u_int keylen = 0, ivlen, blocksize, slen, klen, len, rounds, nkeys;
205: u_int check1, check2, m1len, m2len;
206: size_t authlen;
207: const Cipher *c;
208: Buffer b, encoded, copy, kdf;
209: CipherContext ctx;
210: Key *k = NULL;
211: int dlen, ret, i;
212:
213: buffer_init(&b);
214: buffer_init(&kdf);
215: buffer_init(&encoded);
216: buffer_init(©);
217:
218: /* uudecode */
219: m1len = sizeof(MARK_BEGIN) - 1;
220: m2len = sizeof(MARK_END) - 1;
221: cp = buffer_ptr(blob);
222: len = buffer_len(blob);
223: if (len < m1len || memcmp(cp, MARK_BEGIN, m1len)) {
224: debug("%s: missing begin marker", __func__);
225: goto out;
226: }
227: cp += m1len;
228: len -= m1len;
229: while (len) {
230: if (*cp != '\n' && *cp != '\r')
231: buffer_put_char(&encoded, *cp);
232: last = *cp;
233: len--;
234: cp++;
235: if (last == '\n') {
236: if (len >= m2len && !memcmp(cp, MARK_END, m2len)) {
237: buffer_put_char(&encoded, '\0');
238: break;
239: }
240: }
241: }
242: if (!len) {
243: debug("%s: no end marker", __func__);
244: goto out;
245: }
246: len = buffer_len(&encoded);
247: if ((cp = buffer_append_space(©, len)) == NULL) {
248: error("%s: buffer_append_space", __func__);
249: goto out;
250: }
251: if ((dlen = uudecode(buffer_ptr(&encoded), cp, len)) < 0) {
252: error("%s: uudecode failed", __func__);
253: goto out;
254: }
255: if ((u_int)dlen > len) {
256: error("%s: crazy uudecode length %d > %u", __func__, dlen, len);
257: goto out;
258: }
259: buffer_consume_end(©, len - dlen);
260: if (buffer_len(©) < sizeof(AUTH_MAGIC) ||
261: memcmp(buffer_ptr(©), AUTH_MAGIC, sizeof(AUTH_MAGIC))) {
262: error("%s: bad magic", __func__);
263: goto out;
264: }
265: buffer_consume(©, sizeof(AUTH_MAGIC));
266:
267: ciphername = buffer_get_cstring_ret(©, NULL);
268: if (ciphername == NULL ||
269: (c = cipher_by_name(ciphername)) == NULL) {
270: error("%s: unknown cipher name", __func__);
271: goto out;
272: }
273: if ((passphrase == NULL || !strlen(passphrase)) &&
274: strcmp(ciphername, "none") != 0) {
275: /* passphrase required */
276: goto out;
277: }
278: kdfname = buffer_get_cstring_ret(©, NULL);
279: if (kdfname == NULL ||
1.104 djm 280: (strcmp(kdfname, "none") != 0 && strcmp(kdfname, "bcrypt") != 0)) {
1.99 markus 281: error("%s: unknown kdf name", __func__);
282: goto out;
283: }
284: if (!strcmp(kdfname, "none") && strcmp(ciphername, "none") != 0) {
285: error("%s: cipher %s requires kdf", __func__, ciphername);
286: goto out;
287: }
288: /* kdf options */
289: kdfp = buffer_get_string_ptr_ret(©, &klen);
290: if (kdfp == NULL) {
291: error("%s: kdf options not set", __func__);
292: goto out;
293: }
294: if (klen > 0) {
295: if ((cp = buffer_append_space(&kdf, klen)) == NULL) {
296: error("%s: kdf alloc failed", __func__);
297: goto out;
298: }
299: memcpy(cp, kdfp, klen);
300: }
301: /* number of keys */
302: if (buffer_get_int_ret(&nkeys, ©) < 0) {
303: error("%s: key counter missing", __func__);
304: goto out;
305: }
306: if (nkeys != 1) {
307: error("%s: only one key supported", __func__);
308: goto out;
309: }
310: /* pubkey */
311: if ((cp = buffer_get_string_ret(©, &len)) == NULL) {
312: error("%s: pubkey not found", __func__);
313: goto out;
314: }
315: free(cp); /* XXX check pubkey against decrypted private key */
316:
317: /* size of encrypted key blob */
318: len = buffer_get_int(©);
319: blocksize = cipher_blocksize(c);
320: authlen = cipher_authlen(c);
321: if (len < blocksize) {
322: error("%s: encrypted data too small", __func__);
323: goto out;
324: }
325: if (len % blocksize) {
326: error("%s: length not multiple of blocksize", __func__);
327: goto out;
328: }
329:
330: /* setup key */
331: keylen = cipher_keylen(c);
332: ivlen = cipher_ivlen(c);
333: key = xcalloc(1, keylen + ivlen);
334: if (!strcmp(kdfname, "bcrypt")) {
335: if ((salt = buffer_get_string_ret(&kdf, &slen)) == NULL) {
336: error("%s: salt not set", __func__);
337: goto out;
338: }
339: if (buffer_get_int_ret(&rounds, &kdf) < 0) {
340: error("%s: rounds not set", __func__);
341: goto out;
342: }
343: if (bcrypt_pbkdf(passphrase, strlen(passphrase), salt, slen,
344: key, keylen + ivlen, rounds) < 0) {
345: error("%s: bcrypt_pbkdf failed", __func__);
346: goto out;
347: }
348: }
349:
350: cp = buffer_append_space(&b, len);
351: cipher_init(&ctx, c, key, keylen, key + keylen, ivlen, 0);
352: ret = cipher_crypt(&ctx, 0, cp, buffer_ptr(©), len, 0, authlen);
353: cipher_cleanup(&ctx);
354: buffer_consume(©, len);
355:
356: /* fail silently on decryption errors */
357: if (ret != 0) {
358: debug("%s: decrypt failed", __func__);
359: goto out;
360: }
361:
362: if (buffer_len(©) != 0) {
363: error("%s: key blob has trailing data (len = %u)", __func__,
364: buffer_len(©));
365: goto out;
366: }
367:
368: /* check bytes */
369: if (buffer_get_int_ret(&check1, &b) < 0 ||
370: buffer_get_int_ret(&check2, &b) < 0) {
371: error("check bytes missing");
372: goto out;
373: }
374: if (check1 != check2) {
375: debug("%s: decrypt failed: 0x%08x != 0x%08x", __func__,
376: check1, check2);
377: goto out;
378: }
379:
380: k = key_private_deserialize(&b);
381:
382: /* comment */
383: comment = buffer_get_cstring_ret(&b, NULL);
384:
385: i = 0;
386: while (buffer_len(&b)) {
387: if (buffer_get_char_ret(&pad, &b) == -1 ||
388: pad != (++i & 0xff)) {
389: error("%s: bad padding", __func__);
390: key_free(k);
391: k = NULL;
392: goto out;
393: }
394: }
395:
396: if (k && commentp) {
397: *commentp = comment;
398: comment = NULL;
399: }
400:
401: /* XXX decode pubkey and check against private */
402: out:
403: free(ciphername);
404: free(kdfname);
405: free(salt);
406: free(comment);
407: if (key)
1.103 djm 408: explicit_bzero(key, keylen + ivlen);
1.99 markus 409: free(key);
410: buffer_free(&encoded);
411: buffer_free(©);
412: buffer_free(&kdf);
413: buffer_free(&b);
414: return k;
415: }
416:
1.106 ! markus 417: #ifdef WITH_SSH1
1.10 markus 418: /*
1.86 djm 419: * Serialises the authentication (private) key to a blob, encrypting it with
420: * passphrase. The identification of the blob (lowest 64 bits of n) will
1.10 markus 421: * precede the key to provide identification of the key without needing a
422: * passphrase.
423: */
1.37 itojun 424: static int
1.86 djm 425: key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
1.29 markus 426: const char *comment)
1.1 deraadt 427: {
1.8 markus 428: Buffer buffer, encrypted;
1.45 stevesk 429: u_char buf[100], *cp;
1.86 djm 430: int i, cipher_num;
1.20 markus 431: CipherContext ciphercontext;
1.96 djm 432: const Cipher *cipher;
1.57 avsm 433: u_int32_t rnd;
1.8 markus 434:
1.10 markus 435: /*
436: * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
437: * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
438: */
1.46 markus 439: cipher_num = (strcmp(passphrase, "") == 0) ?
440: SSH_CIPHER_NONE : SSH_AUTHFILE_CIPHER;
441: if ((cipher = cipher_by_number(cipher_num)) == NULL)
1.20 markus 442: fatal("save_private_key_rsa: bad cipher");
1.8 markus 443:
444: /* This buffer is used to built the secret part of the private key. */
445: buffer_init(&buffer);
446:
447: /* Put checkbytes for checking passphrase validity. */
1.57 avsm 448: rnd = arc4random();
449: buf[0] = rnd & 0xff;
450: buf[1] = (rnd >> 8) & 0xff;
1.8 markus 451: buf[2] = buf[0];
452: buf[3] = buf[1];
453: buffer_append(&buffer, buf, 4);
454:
1.10 markus 455: /*
456: * Store the private key (n and e will not be stored because they
457: * will be stored in plain text, and storing them also in encrypted
458: * format would just give known plaintext).
459: */
1.29 markus 460: buffer_put_bignum(&buffer, key->rsa->d);
461: buffer_put_bignum(&buffer, key->rsa->iqmp);
462: buffer_put_bignum(&buffer, key->rsa->q); /* reverse from SSL p */
463: buffer_put_bignum(&buffer, key->rsa->p); /* reverse from SSL q */
1.8 markus 464:
465: /* Pad the part to be encrypted until its size is a multiple of 8. */
466: while (buffer_len(&buffer) % 8 != 0)
467: buffer_put_char(&buffer, 0);
468:
469: /* This buffer will be used to contain the data in the file. */
470: buffer_init(&encrypted);
471:
472: /* First store keyfile id string. */
1.26 stevesk 473: for (i = 0; authfile_id_string[i]; i++)
474: buffer_put_char(&encrypted, authfile_id_string[i]);
1.8 markus 475: buffer_put_char(&encrypted, 0);
476:
477: /* Store cipher type. */
1.46 markus 478: buffer_put_char(&encrypted, cipher_num);
1.8 markus 479: buffer_put_int(&encrypted, 0); /* For future extension */
480:
481: /* Store public key. This will be in plain text. */
1.29 markus 482: buffer_put_int(&encrypted, BN_num_bits(key->rsa->n));
483: buffer_put_bignum(&encrypted, key->rsa->n);
484: buffer_put_bignum(&encrypted, key->rsa->e);
1.36 markus 485: buffer_put_cstring(&encrypted, comment);
1.8 markus 486:
487: /* Allocate space for the private part of the key in the buffer. */
1.42 stevesk 488: cp = buffer_append_space(&encrypted, buffer_len(&buffer));
1.8 markus 489:
1.46 markus 490: cipher_set_key_string(&ciphercontext, cipher, passphrase,
491: CIPHER_ENCRYPT);
1.99 markus 492: if (cipher_crypt(&ciphercontext, 0, cp,
493: buffer_ptr(&buffer), buffer_len(&buffer), 0, 0) != 0)
494: fatal("%s: cipher_crypt failed", __func__);
1.46 markus 495: cipher_cleanup(&ciphercontext);
1.103 djm 496: explicit_bzero(&ciphercontext, sizeof(ciphercontext));
1.8 markus 497:
498: /* Destroy temporary data. */
1.103 djm 499: explicit_bzero(buf, sizeof(buf));
1.8 markus 500: buffer_free(&buffer);
501:
1.86 djm 502: buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));
1.8 markus 503: buffer_free(&encrypted);
1.86 djm 504:
1.8 markus 505: return 1;
1.1 deraadt 506: }
1.106 ! markus 507: #endif
1.1 deraadt 508:
1.106 ! markus 509: #ifdef WITH_OPENSSL
1.86 djm 510: /* convert SSH v2 key in OpenSSL PEM format */
1.37 itojun 511: static int
1.86 djm 512: key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase,
1.29 markus 513: const char *comment)
1.15 markus 514: {
1.21 markus 515: int success = 0;
1.86 djm 516: int blen, len = strlen(_passphrase);
1.47 markus 517: u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL;
1.77 djm 518: const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
1.86 djm 519: const u_char *bptr;
520: BIO *bio;
1.15 markus 521:
522: if (len > 0 && len <= 4) {
1.31 markus 523: error("passphrase too short: have %d bytes, need > 4", len);
1.15 markus 524: return 0;
525: }
1.86 djm 526: if ((bio = BIO_new(BIO_s_mem())) == NULL) {
527: error("%s: BIO_new failed", __func__);
1.15 markus 528: return 0;
529: }
1.21 markus 530: switch (key->type) {
1.30 markus 531: case KEY_DSA:
1.86 djm 532: success = PEM_write_bio_DSAPrivateKey(bio, key->dsa,
1.30 markus 533: cipher, passphrase, len, NULL, NULL);
534: break;
1.83 djm 535: case KEY_ECDSA:
1.86 djm 536: success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa,
1.83 djm 537: cipher, passphrase, len, NULL, NULL);
538: break;
1.30 markus 539: case KEY_RSA:
1.86 djm 540: success = PEM_write_bio_RSAPrivateKey(bio, key->rsa,
1.30 markus 541: cipher, passphrase, len, NULL, NULL);
542: break;
1.15 markus 543: }
1.86 djm 544: if (success) {
545: if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0)
546: success = 0;
547: else
548: buffer_append(blob, bptr, blen);
549: }
550: BIO_free(bio);
1.15 markus 551: return success;
552: }
1.106 ! markus 553: #endif
1.15 markus 554:
1.86 djm 555: /* Save a key blob to a file */
556: static int
557: key_save_private_blob(Buffer *keybuf, const char *filename)
558: {
559: int fd;
560:
561: if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) {
562: error("open %s failed: %s.", filename, strerror(errno));
563: return 0;
564: }
565: if (atomicio(vwrite, fd, buffer_ptr(keybuf),
566: buffer_len(keybuf)) != buffer_len(keybuf)) {
567: error("write to key file %s failed: %s", filename,
568: strerror(errno));
569: close(fd);
570: unlink(filename);
571: return 0;
572: }
573: close(fd);
574: return 1;
575: }
576:
577: /* Serialise "key" to buffer "blob" */
578: static int
579: key_private_to_blob(Key *key, Buffer *blob, const char *passphrase,
1.99 markus 580: const char *comment, int force_new_format, const char *new_format_cipher,
581: int new_format_rounds)
1.15 markus 582: {
583: switch (key->type) {
1.106 ! markus 584: #ifdef WITH_SSH1
1.21 markus 585: case KEY_RSA1:
1.86 djm 586: return key_private_rsa1_to_blob(key, blob, passphrase, comment);
1.106 ! markus 587: #endif
! 588: #ifdef WITH_OPENSSL
1.15 markus 589: case KEY_DSA:
1.83 djm 590: case KEY_ECDSA:
1.21 markus 591: case KEY_RSA:
1.99 markus 592: if (force_new_format) {
593: return key_private_to_blob2(key, blob, passphrase,
594: comment, new_format_cipher, new_format_rounds);
595: }
1.86 djm 596: return key_private_pem_to_blob(key, blob, passphrase, comment);
1.106 ! markus 597: #endif
1.100 markus 598: case KEY_ED25519:
599: return key_private_to_blob2(key, blob, passphrase,
600: comment, new_format_cipher, new_format_rounds);
1.15 markus 601: default:
1.86 djm 602: error("%s: cannot save key type %d", __func__, key->type);
603: return 0;
1.15 markus 604: }
1.86 djm 605: }
606:
607: int
608: key_save_private(Key *key, const char *filename, const char *passphrase,
1.99 markus 609: const char *comment, int force_new_format, const char *new_format_cipher,
610: int new_format_rounds)
1.86 djm 611: {
612: Buffer keyblob;
613: int success = 0;
614:
615: buffer_init(&keyblob);
1.99 markus 616: if (!key_private_to_blob(key, &keyblob, passphrase, comment,
617: force_new_format, new_format_cipher, new_format_rounds))
1.86 djm 618: goto out;
619: if (!key_save_private_blob(&keyblob, filename))
620: goto out;
621: success = 1;
622: out:
623: buffer_free(&keyblob);
624: return success;
1.15 markus 625: }
626:
1.106 ! markus 627: #ifdef WITH_SSH1
1.10 markus 628: /*
1.86 djm 629: * Parse the public, unencrypted portion of a RSA1 key.
1.10 markus 630: */
1.37 itojun 631: static Key *
1.86 djm 632: key_parse_public_rsa1(Buffer *blob, char **commentp)
1.1 deraadt 633: {
1.29 markus 634: Key *pub;
1.92 markus 635: Buffer copy;
1.86 djm 636:
637: /* Check that it is at least big enough to contain the ID string. */
638: if (buffer_len(blob) < sizeof(authfile_id_string)) {
639: debug3("Truncated RSA1 identifier");
640: return NULL;
641: }
642:
643: /*
644: * Make sure it begins with the id string. Consume the id string
645: * from the buffer.
646: */
647: if (memcmp(buffer_ptr(blob), authfile_id_string,
648: sizeof(authfile_id_string)) != 0) {
649: debug3("Incorrect RSA1 identifier");
650: return NULL;
651: }
1.92 markus 652: buffer_init(©);
653: buffer_append(©, buffer_ptr(blob), buffer_len(blob));
654: buffer_consume(©, sizeof(authfile_id_string));
1.86 djm 655:
656: /* Skip cipher type and reserved data. */
1.92 markus 657: (void) buffer_get_char(©); /* cipher type */
658: (void) buffer_get_int(©); /* reserved */
1.86 djm 659:
660: /* Read the public key from the buffer. */
1.92 markus 661: (void) buffer_get_int(©);
1.86 djm 662: pub = key_new(KEY_RSA1);
1.92 markus 663: buffer_get_bignum(©, pub->rsa->n);
664: buffer_get_bignum(©, pub->rsa->e);
1.86 djm 665: if (commentp)
1.92 markus 666: *commentp = buffer_get_string(©, NULL);
1.86 djm 667: /* The encrypted private part is not parsed by this function. */
1.92 markus 668: buffer_free(©);
1.86 djm 669:
670: return pub;
671: }
1.106 ! markus 672: #endif
1.86 djm 673:
1.88 djm 674: /* Load a key from a fd into a buffer */
675: int
1.86 djm 676: key_load_file(int fd, const char *filename, Buffer *blob)
677: {
1.88 djm 678: u_char buf[1024];
1.86 djm 679: size_t len;
1.51 fgsch 680: struct stat st;
1.8 markus 681:
1.51 fgsch 682: if (fstat(fd, &st) < 0) {
1.86 djm 683: error("%s: fstat of key file %.200s%sfailed: %.100s", __func__,
684: filename == NULL ? "" : filename,
685: filename == NULL ? "" : " ",
686: strerror(errno));
687: return 0;
1.51 fgsch 688: }
1.88 djm 689: if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
690: st.st_size > MAX_KEY_FILE_SIZE) {
691: toobig:
1.86 djm 692: error("%s: key file %.200s%stoo large", __func__,
693: filename == NULL ? "" : filename,
694: filename == NULL ? "" : " ");
695: return 0;
1.58 djm 696: }
1.93 markus 697: buffer_clear(blob);
1.88 djm 698: for (;;) {
699: if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
700: if (errno == EPIPE)
701: break;
702: debug("%s: read from key file %.200s%sfailed: %.100s",
703: __func__, filename == NULL ? "" : filename,
704: filename == NULL ? "" : " ", strerror(errno));
705: buffer_clear(blob);
1.102 tedu 706: explicit_bzero(buf, sizeof(buf));
1.88 djm 707: return 0;
708: }
709: buffer_append(blob, buf, len);
710: if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
711: buffer_clear(blob);
1.102 tedu 712: explicit_bzero(buf, sizeof(buf));
1.88 djm 713: goto toobig;
714: }
715: }
1.102 tedu 716: explicit_bzero(buf, sizeof(buf));
1.88 djm 717: if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
718: st.st_size != buffer_len(blob)) {
719: debug("%s: key file %.200s%schanged size while reading",
720: __func__, filename == NULL ? "" : filename,
721: filename == NULL ? "" : " ");
1.86 djm 722: buffer_clear(blob);
723: return 0;
1.8 markus 724: }
1.88 djm 725:
1.86 djm 726: return 1;
727: }
1.8 markus 728:
1.106 ! markus 729: #ifdef WITH_SSH1
1.86 djm 730: /*
731: * Loads the public part of the ssh v1 key file. Returns NULL if an error was
732: * encountered (the file does not exist or is not readable), and the key
733: * otherwise.
734: */
735: static Key *
736: key_load_public_rsa1(int fd, const char *filename, char **commentp)
737: {
738: Buffer buffer;
739: Key *pub;
740:
741: buffer_init(&buffer);
742: if (!key_load_file(fd, filename, &buffer)) {
1.8 markus 743: buffer_free(&buffer);
1.29 markus 744: return NULL;
1.8 markus 745: }
746:
1.86 djm 747: pub = key_parse_public_rsa1(&buffer, commentp);
748: if (pub == NULL)
749: debug3("Could not load \"%s\" as a RSA1 public key", filename);
1.1 deraadt 750: buffer_free(&buffer);
1.29 markus 751: return pub;
1.1 deraadt 752: }
753:
1.29 markus 754: /* load public key from private-key file, works only for SSH v1 */
755: Key *
756: key_load_public_type(int type, const char *filename, char **commentp)
1.15 markus 757: {
1.29 markus 758: Key *pub;
759: int fd;
760:
761: if (type == KEY_RSA1) {
762: fd = open(filename, O_RDONLY);
763: if (fd < 0)
764: return NULL;
765: pub = key_load_public_rsa1(fd, filename, commentp);
766: close(fd);
767: return pub;
1.15 markus 768: }
1.29 markus 769: return NULL;
1.15 markus 770: }
771:
1.37 itojun 772: static Key *
1.86 djm 773: key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
1.1 deraadt 774: {
1.61 djm 775: int check1, check2, cipher_type;
1.86 djm 776: Buffer decrypted;
1.45 stevesk 777: u_char *cp;
1.20 markus 778: CipherContext ciphercontext;
1.96 djm 779: const Cipher *cipher;
1.29 markus 780: Key *prv = NULL;
1.92 markus 781: Buffer copy;
1.8 markus 782:
1.86 djm 783: /* Check that it is at least big enough to contain the ID string. */
784: if (buffer_len(blob) < sizeof(authfile_id_string)) {
785: debug3("Truncated RSA1 identifier");
1.51 fgsch 786: return NULL;
787: }
1.8 markus 788:
1.10 markus 789: /*
790: * Make sure it begins with the id string. Consume the id string
791: * from the buffer.
792: */
1.86 djm 793: if (memcmp(buffer_ptr(blob), authfile_id_string,
794: sizeof(authfile_id_string)) != 0) {
795: debug3("Incorrect RSA1 identifier");
796: return NULL;
797: }
1.92 markus 798: buffer_init(©);
799: buffer_append(©, buffer_ptr(blob), buffer_len(blob));
800: buffer_consume(©, sizeof(authfile_id_string));
1.28 deraadt 801:
1.8 markus 802: /* Read cipher type. */
1.92 markus 803: cipher_type = buffer_get_char(©);
804: (void) buffer_get_int(©); /* Reserved data. */
1.8 markus 805:
806: /* Read the public key from the buffer. */
1.92 markus 807: (void) buffer_get_int(©);
1.29 markus 808: prv = key_new_private(KEY_RSA1);
809:
1.92 markus 810: buffer_get_bignum(©, prv->rsa->n);
811: buffer_get_bignum(©, prv->rsa->e);
1.29 markus 812: if (commentp)
1.92 markus 813: *commentp = buffer_get_string(©, NULL);
1.8 markus 814: else
1.92 markus 815: (void)buffer_get_string_ptr(©, NULL);
1.8 markus 816:
817: /* Check that it is a supported cipher. */
1.20 markus 818: cipher = cipher_by_number(cipher_type);
819: if (cipher == NULL) {
1.86 djm 820: debug("Unsupported RSA1 cipher %d", cipher_type);
1.92 markus 821: buffer_free(©);
1.8 markus 822: goto fail;
823: }
824: /* Initialize space for decrypted data. */
825: buffer_init(&decrypted);
1.92 markus 826: cp = buffer_append_space(&decrypted, buffer_len(©));
1.8 markus 827:
828: /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
1.46 markus 829: cipher_set_key_string(&ciphercontext, cipher, passphrase,
830: CIPHER_DECRYPT);
1.99 markus 831: if (cipher_crypt(&ciphercontext, 0, cp,
832: buffer_ptr(©), buffer_len(©), 0, 0) != 0)
833: fatal("%s: cipher_crypt failed", __func__);
1.46 markus 834: cipher_cleanup(&ciphercontext);
1.103 djm 835: explicit_bzero(&ciphercontext, sizeof(ciphercontext));
1.92 markus 836: buffer_free(©);
1.1 deraadt 837:
1.8 markus 838: check1 = buffer_get_char(&decrypted);
839: check2 = buffer_get_char(&decrypted);
840: if (check1 != buffer_get_char(&decrypted) ||
841: check2 != buffer_get_char(&decrypted)) {
842: if (strcmp(passphrase, "") != 0)
1.86 djm 843: debug("Bad passphrase supplied for RSA1 key");
1.8 markus 844: /* Bad passphrase. */
845: buffer_free(&decrypted);
1.29 markus 846: goto fail;
1.8 markus 847: }
848: /* Read the rest of the private key. */
1.29 markus 849: buffer_get_bignum(&decrypted, prv->rsa->d);
850: buffer_get_bignum(&decrypted, prv->rsa->iqmp); /* u */
851: /* in SSL and SSH v1 p and q are exchanged */
852: buffer_get_bignum(&decrypted, prv->rsa->q); /* p */
853: buffer_get_bignum(&decrypted, prv->rsa->p); /* q */
1.8 markus 854:
1.29 markus 855: /* calculate p-1 and q-1 */
1.43 markus 856: rsa_generate_additional_parameters(prv->rsa);
1.8 markus 857:
858: buffer_free(&decrypted);
1.52 markus 859:
860: /* enable blinding */
861: if (RSA_blinding_on(prv->rsa, NULL) != 1) {
1.86 djm 862: error("%s: RSA_blinding_on failed", __func__);
1.52 markus 863: goto fail;
864: }
1.29 markus 865: return prv;
866:
867: fail:
1.97 djm 868: if (commentp != NULL)
869: free(*commentp);
1.29 markus 870: key_free(prv);
871: return NULL;
1.15 markus 872: }
1.106 ! markus 873: #endif
1.15 markus 874:
1.106 ! markus 875: #ifdef WITH_OPENSSL
1.86 djm 876: static Key *
877: key_parse_private_pem(Buffer *blob, int type, const char *passphrase,
1.29 markus 878: char **commentp)
1.15 markus 879: {
1.21 markus 880: EVP_PKEY *pk = NULL;
1.29 markus 881: Key *prv = NULL;
1.21 markus 882: char *name = "<no key>";
1.86 djm 883: BIO *bio;
1.15 markus 884:
1.86 djm 885: if ((bio = BIO_new_mem_buf(buffer_ptr(blob),
886: buffer_len(blob))) == NULL) {
887: error("%s: BIO_new_mem_buf failed", __func__);
1.29 markus 888: return NULL;
1.15 markus 889: }
1.86 djm 890:
891: pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, (char *)passphrase);
892: BIO_free(bio);
1.21 markus 893: if (pk == NULL) {
1.86 djm 894: debug("%s: PEM_read_PrivateKey failed", __func__);
1.21 markus 895: (void)ERR_get_error();
1.29 markus 896: } else if (pk->type == EVP_PKEY_RSA &&
1.41 deraadt 897: (type == KEY_UNSPEC||type==KEY_RSA)) {
1.29 markus 898: prv = key_new(KEY_UNSPEC);
899: prv->rsa = EVP_PKEY_get1_RSA(pk);
900: prv->type = KEY_RSA;
901: name = "rsa w/o comment";
1.21 markus 902: #ifdef DEBUG_PK
1.29 markus 903: RSA_print_fp(stderr, prv->rsa, 8);
1.21 markus 904: #endif
1.52 markus 905: if (RSA_blinding_on(prv->rsa, NULL) != 1) {
1.86 djm 906: error("%s: RSA_blinding_on failed", __func__);
1.52 markus 907: key_free(prv);
908: prv = NULL;
909: }
1.29 markus 910: } else if (pk->type == EVP_PKEY_DSA &&
1.41 deraadt 911: (type == KEY_UNSPEC||type==KEY_DSA)) {
1.29 markus 912: prv = key_new(KEY_UNSPEC);
913: prv->dsa = EVP_PKEY_get1_DSA(pk);
914: prv->type = KEY_DSA;
915: name = "dsa w/o comment";
1.21 markus 916: #ifdef DEBUG_PK
1.29 markus 917: DSA_print_fp(stderr, prv->dsa, 8);
1.21 markus 918: #endif
1.83 djm 919: } else if (pk->type == EVP_PKEY_EC &&
920: (type == KEY_UNSPEC||type==KEY_ECDSA)) {
921: prv = key_new(KEY_UNSPEC);
922: prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk);
923: prv->type = KEY_ECDSA;
1.85 djm 924: if ((prv->ecdsa_nid = key_ecdsa_key_to_nid(prv->ecdsa)) == -1 ||
925: key_curve_nid_to_name(prv->ecdsa_nid) == NULL ||
926: key_ec_validate_public(EC_KEY_get0_group(prv->ecdsa),
1.83 djm 927: EC_KEY_get0_public_key(prv->ecdsa)) != 0 ||
928: key_ec_validate_private(prv->ecdsa) != 0) {
929: error("%s: bad ECDSA key", __func__);
930: key_free(prv);
931: prv = NULL;
932: }
1.84 djm 933: name = "ecdsa w/o comment";
1.83 djm 934: #ifdef DEBUG_PK
1.85 djm 935: if (prv != NULL && prv->ecdsa != NULL)
1.83 djm 936: key_dump_ec_key(prv->ecdsa);
937: #endif
1.15 markus 938: } else {
1.86 djm 939: error("%s: PEM_read_PrivateKey: mismatch or "
940: "unknown EVP_PKEY save_type %d", __func__, pk->save_type);
1.15 markus 941: }
1.21 markus 942: if (pk != NULL)
943: EVP_PKEY_free(pk);
1.29 markus 944: if (prv != NULL && commentp)
945: *commentp = xstrdup(name);
946: debug("read PEM private key done: type %s",
947: prv ? key_type(prv) : "<unknown>");
948: return prv;
1.15 markus 949: }
950:
1.86 djm 951: Key *
952: key_load_private_pem(int fd, int type, const char *passphrase,
953: char **commentp)
954: {
955: Buffer buffer;
956: Key *prv;
957:
958: buffer_init(&buffer);
959: if (!key_load_file(fd, NULL, &buffer)) {
960: buffer_free(&buffer);
961: return NULL;
962: }
963: prv = key_parse_private_pem(&buffer, type, passphrase, commentp);
964: buffer_free(&buffer);
965: return prv;
966: }
1.106 ! markus 967: #endif
1.86 djm 968:
1.63 dtucker 969: int
1.29 markus 970: key_perm_ok(int fd, const char *filename)
1.15 markus 971: {
972: struct stat st;
973:
1.38 markus 974: if (fstat(fd, &st) < 0)
975: return 0;
976: /*
977: * if a key owned by the user is accessed, then we check the
978: * permissions of the file. if the key owned by a different user,
979: * then we don't care.
980: */
981: if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
1.15 markus 982: error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
983: error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
984: error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
1.38 markus 985: error("Permissions 0%3.3o for '%s' are too open.",
1.54 djm 986: (u_int)st.st_mode & 0777, filename);
1.15 markus 987: error("It is recommended that your private key files are NOT accessible by others.");
1.29 markus 988: error("This private key will be ignored.");
1.15 markus 989: return 0;
990: }
1.29 markus 991: return 1;
992: }
993:
1.86 djm 994: static Key *
995: key_parse_private_type(Buffer *blob, int type, const char *passphrase,
996: char **commentp)
997: {
1.99 markus 998: Key *k;
999:
1.86 djm 1000: switch (type) {
1.106 ! markus 1001: #ifdef WITH_SSH1
1.86 djm 1002: case KEY_RSA1:
1003: return key_parse_private_rsa1(blob, passphrase, commentp);
1.106 ! markus 1004: #endif
! 1005: #ifdef WITH_OPENSSL
1.86 djm 1006: case KEY_DSA:
1007: case KEY_ECDSA:
1008: case KEY_RSA:
1.100 markus 1009: return key_parse_private_pem(blob, type, passphrase, commentp);
1.106 ! markus 1010: #endif
1.100 markus 1011: case KEY_ED25519:
1012: return key_parse_private2(blob, type, passphrase, commentp);
1.86 djm 1013: case KEY_UNSPEC:
1.99 markus 1014: if ((k = key_parse_private2(blob, type, passphrase, commentp)))
1015: return k;
1.106 ! markus 1016: #ifdef WITH_OPENSSL
1.86 djm 1017: return key_parse_private_pem(blob, type, passphrase, commentp);
1.106 ! markus 1018: #endif
1.86 djm 1019: default:
1.90 djm 1020: error("%s: cannot parse key type %d", __func__, type);
1.86 djm 1021: break;
1022: }
1023: return NULL;
1024: }
1025:
1.29 markus 1026: Key *
1027: key_load_private_type(int type, const char *filename, const char *passphrase,
1.67 dtucker 1028: char **commentp, int *perm_ok)
1.29 markus 1029: {
1030: int fd;
1.86 djm 1031: Key *ret;
1032: Buffer buffer;
1.29 markus 1033:
1034: fd = open(filename, O_RDONLY);
1.78 dtucker 1035: if (fd < 0) {
1036: debug("could not open key file '%s': %s", filename,
1037: strerror(errno));
1038: if (perm_ok != NULL)
1039: *perm_ok = 0;
1.79 dtucker 1040: return NULL;
1.78 dtucker 1041: }
1.29 markus 1042: if (!key_perm_ok(fd, filename)) {
1.67 dtucker 1043: if (perm_ok != NULL)
1044: *perm_ok = 0;
1.31 markus 1045: error("bad permissions: ignore key: %s", filename);
1.29 markus 1046: close(fd);
1047: return NULL;
1048: }
1.67 dtucker 1049: if (perm_ok != NULL)
1050: *perm_ok = 1;
1.86 djm 1051:
1052: buffer_init(&buffer);
1053: if (!key_load_file(fd, filename, &buffer)) {
1054: buffer_free(&buffer);
1.28 deraadt 1055: close(fd);
1.86 djm 1056: return NULL;
1.15 markus 1057: }
1.86 djm 1058: close(fd);
1059: ret = key_parse_private_type(&buffer, type, passphrase, commentp);
1060: buffer_free(&buffer);
1061: return ret;
1.29 markus 1062: }
1063:
1064: Key *
1.88 djm 1065: key_parse_private(Buffer *buffer, const char *filename,
1066: const char *passphrase, char **commentp)
1067: {
1.106 ! markus 1068: #ifdef WITH_SSH1
1.88 djm 1069: Key *pub, *prv;
1070:
1071: /* it's a SSH v1 key if the public key part is readable */
1.92 markus 1072: pub = key_parse_public_rsa1(buffer, commentp);
1.88 djm 1073: if (pub == NULL) {
1074: prv = key_parse_private_type(buffer, KEY_UNSPEC,
1075: passphrase, NULL);
1076: /* use the filename as a comment for PEM */
1077: if (commentp && prv)
1078: *commentp = xstrdup(filename);
1079: } else {
1080: key_free(pub);
1081: /* key_parse_public_rsa1() has already loaded the comment */
1082: prv = key_parse_private_type(buffer, KEY_RSA1, passphrase,
1083: NULL);
1084: }
1085: return prv;
1.106 ! markus 1086: #else
! 1087: return key_parse_private_type(buffer, KEY_UNSPEC,
! 1088: passphrase, commentp);
! 1089: #endif
1.88 djm 1090: }
1091:
1092: Key *
1.29 markus 1093: key_load_private(const char *filename, const char *passphrase,
1094: char **commentp)
1095: {
1.88 djm 1096: Key *prv;
1097: Buffer buffer;
1.29 markus 1098: int fd;
1099:
1100: fd = open(filename, O_RDONLY);
1.78 dtucker 1101: if (fd < 0) {
1102: debug("could not open key file '%s': %s", filename,
1103: strerror(errno));
1.29 markus 1104: return NULL;
1.78 dtucker 1105: }
1.29 markus 1106: if (!key_perm_ok(fd, filename)) {
1.31 markus 1107: error("bad permissions: ignore key: %s", filename);
1.29 markus 1108: close(fd);
1109: return NULL;
1110: }
1.86 djm 1111:
1112: buffer_init(&buffer);
1113: if (!key_load_file(fd, filename, &buffer)) {
1114: buffer_free(&buffer);
1115: close(fd);
1116: return NULL;
1117: }
1118: close(fd);
1119:
1.88 djm 1120: prv = key_parse_private(&buffer, filename, passphrase, commentp);
1.86 djm 1121: buffer_free(&buffer);
1.34 markus 1122: return prv;
1.18 markus 1123: }
1124:
1.37 itojun 1125: static int
1.29 markus 1126: key_try_load_public(Key *k, const char *filename, char **commentp)
1.18 markus 1127: {
1128: FILE *f;
1.59 dtucker 1129: char line[SSH_MAX_PUBKEY_BYTES];
1.18 markus 1130: char *cp;
1.60 dtucker 1131: u_long linenum = 0;
1.18 markus 1132:
1133: f = fopen(filename, "r");
1134: if (f != NULL) {
1.59 dtucker 1135: while (read_keyfile_line(f, filename, line, sizeof(line),
1136: &linenum) != -1) {
1.18 markus 1137: cp = line;
1.40 deraadt 1138: switch (*cp) {
1.18 markus 1139: case '#':
1140: case '\n':
1141: case '\0':
1142: continue;
1143: }
1.89 djm 1144: /* Abort loading if this looks like a private key */
1145: if (strncmp(cp, "-----BEGIN", 10) == 0)
1146: break;
1.18 markus 1147: /* Skip leading whitespace. */
1148: for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
1149: ;
1150: if (*cp) {
1.21 markus 1151: if (key_read(k, &cp) == 1) {
1.91 djm 1152: cp[strcspn(cp, "\r\n")] = '\0';
1153: if (commentp) {
1154: *commentp = xstrdup(*cp ?
1155: cp : filename);
1156: }
1.18 markus 1157: fclose(f);
1158: return 1;
1159: }
1160: }
1161: }
1162: fclose(f);
1163: }
1164: return 0;
1165: }
1166:
1.29 markus 1167: /* load public key from ssh v1 private or any pubkey file */
1168: Key *
1169: key_load_public(const char *filename, char **commentp)
1.18 markus 1170: {
1.29 markus 1171: Key *pub;
1172: char file[MAXPATHLEN];
1.18 markus 1173:
1.106 ! markus 1174: #ifdef WITH_SSH1
1.53 markus 1175: /* try rsa1 private key */
1.29 markus 1176: pub = key_load_public_type(KEY_RSA1, filename, commentp);
1177: if (pub != NULL)
1178: return pub;
1.53 markus 1179:
1180: /* try rsa1 public key */
1181: pub = key_new(KEY_RSA1);
1182: if (key_try_load_public(pub, filename, commentp) == 1)
1183: return pub;
1184: key_free(pub);
1.106 ! markus 1185: #endif
1.53 markus 1186:
1187: /* try ssh2 public key */
1.29 markus 1188: pub = key_new(KEY_UNSPEC);
1189: if (key_try_load_public(pub, filename, commentp) == 1)
1190: return pub;
1191: if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
1192: (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
1193: (key_try_load_public(pub, file, commentp) == 1))
1194: return pub;
1.81 djm 1195: key_free(pub);
1196: return NULL;
1197: }
1198:
1199: /* Load the certificate associated with the named private key */
1200: Key *
1201: key_load_cert(const char *filename)
1202: {
1203: Key *pub;
1.82 djm 1204: char *file;
1.81 djm 1205:
1206: pub = key_new(KEY_UNSPEC);
1.82 djm 1207: xasprintf(&file, "%s-cert.pub", filename);
1208: if (key_try_load_public(pub, file, NULL) == 1) {
1.97 djm 1209: free(file);
1.81 djm 1210: return pub;
1.82 djm 1211: }
1.97 djm 1212: free(file);
1.81 djm 1213: key_free(pub);
1214: return NULL;
1215: }
1216:
1217: /* Load private key and certificate */
1218: Key *
1219: key_load_private_cert(int type, const char *filename, const char *passphrase,
1220: int *perm_ok)
1221: {
1222: Key *key, *pub;
1223:
1224: switch (type) {
1.106 ! markus 1225: #ifdef WITH_OPENSSL
1.81 djm 1226: case KEY_RSA:
1227: case KEY_DSA:
1.83 djm 1228: case KEY_ECDSA:
1.106 ! markus 1229: #endif
1.101 djm 1230: case KEY_ED25519:
1.81 djm 1231: break;
1232: default:
1233: error("%s: unsupported key type", __func__);
1234: return NULL;
1235: }
1236:
1237: if ((key = key_load_private_type(type, filename,
1238: passphrase, NULL, perm_ok)) == NULL)
1239: return NULL;
1240:
1241: if ((pub = key_load_cert(filename)) == NULL) {
1242: key_free(key);
1243: return NULL;
1244: }
1245:
1246: /* Make sure the private key matches the certificate */
1247: if (key_equal_public(key, pub) == 0) {
1248: error("%s: certificate does not match private key %s",
1249: __func__, filename);
1250: } else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) {
1251: error("%s: key_to_certified failed", __func__);
1252: } else {
1253: key_cert_copy(pub, key);
1254: key_free(pub);
1255: return key;
1256: }
1257:
1258: key_free(key);
1.29 markus 1259: key_free(pub);
1260: return NULL;
1.1 deraadt 1261: }
1.80 djm 1262:
1263: /*
1264: * Returns 1 if the specified "key" is listed in the file "filename",
1265: * 0 if the key is not listed or -1 on error.
1266: * If strict_type is set then the key type must match exactly,
1267: * otherwise a comparison that ignores certficiate data is performed.
1268: */
1269: int
1270: key_in_file(Key *key, const char *filename, int strict_type)
1271: {
1272: FILE *f;
1273: char line[SSH_MAX_PUBKEY_BYTES];
1274: char *cp;
1275: u_long linenum = 0;
1276: int ret = 0;
1277: Key *pub;
1278: int (*key_compare)(const Key *, const Key *) = strict_type ?
1279: key_equal : key_equal_public;
1280:
1281: if ((f = fopen(filename, "r")) == NULL) {
1282: if (errno == ENOENT) {
1283: debug("%s: keyfile \"%s\" missing", __func__, filename);
1284: return 0;
1285: } else {
1286: error("%s: could not open keyfile \"%s\": %s", __func__,
1287: filename, strerror(errno));
1288: return -1;
1289: }
1290: }
1291:
1292: while (read_keyfile_line(f, filename, line, sizeof(line),
1293: &linenum) != -1) {
1294: cp = line;
1295:
1296: /* Skip leading whitespace. */
1297: for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
1298: ;
1299:
1300: /* Skip comments and empty lines */
1301: switch (*cp) {
1302: case '#':
1303: case '\n':
1304: case '\0':
1305: continue;
1306: }
1307:
1308: pub = key_new(KEY_UNSPEC);
1309: if (key_read(pub, &cp) != 1) {
1310: key_free(pub);
1311: continue;
1312: }
1313: if (key_compare(key, pub)) {
1314: ret = 1;
1315: key_free(pub);
1316: break;
1317: }
1318: key_free(pub);
1319: }
1320: fclose(f);
1321: return ret;
1322: }