Annotation of src/usr.bin/ssh/authfile.c, Revision 1.16
1.1 deraadt 1: /*
1.14 markus 2: *
1.9 deraadt 3: * authfile.c
1.14 markus 4: *
1.9 deraadt 5: * Author: Tatu Ylonen <ylo@cs.hut.fi>
1.14 markus 6: *
1.9 deraadt 7: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: * All rights reserved
1.14 markus 9: *
1.9 deraadt 10: * Created: Mon Mar 27 03:52:05 1995 ylo
1.14 markus 11: *
1.9 deraadt 12: * This file contains functions for reading and writing identity files, and
13: * for reading the passphrase from the user.
1.14 markus 14: *
1.9 deraadt 15: */
1.1 deraadt 16:
17: #include "includes.h"
1.15 markus 18: RCSID("$Id: authfile.c,v 1.3 2000/04/17 09:13:21 markus Exp $");
1.1 deraadt 19:
1.13 markus 20: #include <openssl/bn.h>
1.15 markus 21: #include <openssl/dsa.h>
22: #include <openssl/rsa.h>
23: #include <openssl/pem.h>
24: #include <openssl/evp.h>
25:
1.1 deraadt 26: #include "xmalloc.h"
27: #include "buffer.h"
28: #include "bufaux.h"
29: #include "cipher.h"
30: #include "ssh.h"
1.15 markus 31: #include "key.h"
1.1 deraadt 32:
33: /* Version identification string for identity files. */
34: #define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
35:
1.10 markus 36: /*
37: * Saves the authentication (private) key in a file, encrypting it with
38: * passphrase. The identification of the file (lowest 64 bits of n) will
39: * precede the key to provide identification of the key without needing a
40: * passphrase.
41: */
1.1 deraadt 42:
1.3 provos 43: int
1.15 markus 44: save_private_key_rsa(const char *filename, const char *passphrase,
45: RSA *key, const char *comment)
1.1 deraadt 46: {
1.8 markus 47: Buffer buffer, encrypted;
48: char buf[100], *cp;
1.11 deraadt 49: int fd, i;
1.8 markus 50: CipherContext cipher;
51: int cipher_type;
52: u_int32_t rand;
53:
1.10 markus 54: /*
55: * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
56: * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
57: */
1.8 markus 58: if (strcmp(passphrase, "") == 0)
59: cipher_type = SSH_CIPHER_NONE;
60: else
61: cipher_type = SSH_AUTHFILE_CIPHER;
62:
63: /* This buffer is used to built the secret part of the private key. */
64: buffer_init(&buffer);
65:
66: /* Put checkbytes for checking passphrase validity. */
67: rand = arc4random();
68: buf[0] = rand & 0xff;
69: buf[1] = (rand >> 8) & 0xff;
70: buf[2] = buf[0];
71: buf[3] = buf[1];
72: buffer_append(&buffer, buf, 4);
73:
1.10 markus 74: /*
75: * Store the private key (n and e will not be stored because they
76: * will be stored in plain text, and storing them also in encrypted
77: * format would just give known plaintext).
78: */
1.8 markus 79: buffer_put_bignum(&buffer, key->d);
80: buffer_put_bignum(&buffer, key->iqmp);
81: buffer_put_bignum(&buffer, key->q); /* reverse from SSL p */
82: buffer_put_bignum(&buffer, key->p); /* reverse from SSL q */
83:
84: /* Pad the part to be encrypted until its size is a multiple of 8. */
85: while (buffer_len(&buffer) % 8 != 0)
86: buffer_put_char(&buffer, 0);
87:
88: /* This buffer will be used to contain the data in the file. */
89: buffer_init(&encrypted);
90:
91: /* First store keyfile id string. */
92: cp = AUTHFILE_ID_STRING;
93: for (i = 0; cp[i]; i++)
94: buffer_put_char(&encrypted, cp[i]);
95: buffer_put_char(&encrypted, 0);
96:
97: /* Store cipher type. */
98: buffer_put_char(&encrypted, cipher_type);
99: buffer_put_int(&encrypted, 0); /* For future extension */
100:
101: /* Store public key. This will be in plain text. */
102: buffer_put_int(&encrypted, BN_num_bits(key->n));
103: buffer_put_bignum(&encrypted, key->n);
104: buffer_put_bignum(&encrypted, key->e);
105: buffer_put_string(&encrypted, comment, strlen(comment));
106:
107: /* Allocate space for the private part of the key in the buffer. */
108: buffer_append_space(&encrypted, &cp, buffer_len(&buffer));
109:
1.12 markus 110: cipher_set_key_string(&cipher, cipher_type, passphrase);
1.8 markus 111: cipher_encrypt(&cipher, (unsigned char *) cp,
112: (unsigned char *) buffer_ptr(&buffer),
113: buffer_len(&buffer));
114: memset(&cipher, 0, sizeof(cipher));
115:
116: /* Destroy temporary data. */
117: memset(buf, 0, sizeof(buf));
118: buffer_free(&buffer);
119:
1.11 deraadt 120: fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
121: if (fd < 0)
1.8 markus 122: return 0;
1.11 deraadt 123: if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
1.8 markus 124: buffer_len(&encrypted)) {
125: debug("Write to key file %.200s failed: %.100s", filename,
126: strerror(errno));
127: buffer_free(&encrypted);
1.11 deraadt 128: close(fd);
1.8 markus 129: remove(filename);
130: return 0;
131: }
1.11 deraadt 132: close(fd);
1.8 markus 133: buffer_free(&encrypted);
134: return 1;
1.1 deraadt 135: }
136:
1.15 markus 137: /* save DSA key in OpenSSL PEM format */
138:
139: int
140: save_private_key_dsa(const char *filename, const char *passphrase,
141: DSA *dsa, const char *comment)
142: {
143: FILE *fp;
144: int fd;
145: int success = 1;
146: int len = strlen(passphrase);
147:
148: if (len > 0 && len <= 4) {
149: error("passphrase too short: %d bytes", len);
150: errno = 0;
151: return 0;
152: }
153: fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
154: if (fd < 0) {
155: debug("open %s failed", filename);
156: return 0;
157: }
158: fp = fdopen(fd, "w");
159: if (fp == NULL ) {
160: debug("fdopen %s failed", filename);
161: close(fd);
162: return 0;
163: }
164: if (len > 0) {
165: if (!PEM_write_DSAPrivateKey(fp, dsa, EVP_des_ede3_cbc(),
166: (char *)passphrase, strlen(passphrase), NULL, NULL))
167: success = 0;
168: } else {
169: if (!PEM_write_DSAPrivateKey(fp, dsa, NULL,
170: NULL, 0, NULL, NULL))
171: success = 0;
172: }
173: fclose(fp);
174: return success;
175: }
176:
177: int
178: save_private_key(const char *filename, const char *passphrase, Key *key,
179: const char *comment)
180: {
181: switch (key->type) {
182: case KEY_RSA:
183: return save_private_key_rsa(filename, passphrase, key->rsa, comment);
184: break;
185: case KEY_DSA:
186: return save_private_key_dsa(filename, passphrase, key->dsa, comment);
187: break;
188: default:
189: break;
190: }
191: return 0;
192: }
193:
1.10 markus 194: /*
195: * Loads the public part of the key file. Returns 0 if an error was
196: * encountered (the file does not exist or is not readable), and non-zero
197: * otherwise.
198: */
1.1 deraadt 199:
1.3 provos 200: int
1.15 markus 201: load_public_key_rsa(const char *filename, RSA * pub, char **comment_return)
1.1 deraadt 202: {
1.11 deraadt 203: int fd, i;
1.8 markus 204: off_t len;
205: Buffer buffer;
206: char *cp;
207:
1.11 deraadt 208: fd = open(filename, O_RDONLY);
209: if (fd < 0)
1.8 markus 210: return 0;
1.11 deraadt 211: len = lseek(fd, (off_t) 0, SEEK_END);
212: lseek(fd, (off_t) 0, SEEK_SET);
1.8 markus 213:
214: buffer_init(&buffer);
215: buffer_append_space(&buffer, &cp, len);
216:
1.11 deraadt 217: if (read(fd, cp, (size_t) len) != (size_t) len) {
1.8 markus 218: debug("Read from key file %.200s failed: %.100s", filename,
1.15 markus 219: strerror(errno));
1.8 markus 220: buffer_free(&buffer);
1.11 deraadt 221: close(fd);
1.8 markus 222: return 0;
223: }
1.11 deraadt 224: close(fd);
1.8 markus 225:
226: /* Check that it is at least big enought to contain the ID string. */
227: if (len < strlen(AUTHFILE_ID_STRING) + 1) {
228: debug("Bad key file %.200s.", filename);
229: buffer_free(&buffer);
230: return 0;
231: }
1.10 markus 232: /*
233: * Make sure it begins with the id string. Consume the id string
234: * from the buffer.
235: */
1.8 markus 236: for (i = 0; i < (unsigned int) strlen(AUTHFILE_ID_STRING) + 1; i++)
1.11 deraadt 237: if (buffer_get_char(&buffer) != (u_char) AUTHFILE_ID_STRING[i]) {
1.8 markus 238: debug("Bad key file %.200s.", filename);
239: buffer_free(&buffer);
240: return 0;
241: }
242: /* Skip cipher type and reserved data. */
243: (void) buffer_get_char(&buffer); /* cipher type */
244: (void) buffer_get_int(&buffer); /* reserved */
245:
246: /* Read the public key from the buffer. */
247: buffer_get_int(&buffer);
1.15 markus 248: /* XXX alloc */
249: if (pub->n == NULL)
250: pub->n = BN_new();
1.8 markus 251: buffer_get_bignum(&buffer, pub->n);
1.15 markus 252: /* XXX alloc */
253: if (pub->e == NULL)
254: pub->e = BN_new();
1.8 markus 255: buffer_get_bignum(&buffer, pub->e);
256: if (comment_return)
257: *comment_return = buffer_get_string(&buffer, NULL);
258: /* The encrypted private part is not parsed by this function. */
259:
1.1 deraadt 260: buffer_free(&buffer);
261:
1.8 markus 262: return 1;
1.1 deraadt 263: }
264:
1.15 markus 265: int
266: load_public_key(const char *filename, Key * key, char **comment_return)
267: {
268: switch (key->type) {
269: case KEY_RSA:
270: return load_public_key_rsa(filename, key->rsa, comment_return);
271: break;
272: case KEY_DSA:
273: default:
274: break;
275: }
276: return 0;
277: }
278:
1.10 markus 279: /*
280: * Loads the private key from the file. Returns 0 if an error is encountered
281: * (file does not exist or is not readable, or passphrase is bad). This
282: * initializes the private key.
283: * Assumes we are called under uid of the owner of the file.
284: */
1.1 deraadt 285:
1.3 provos 286: int
1.15 markus 287: load_private_key_rsa(int fd, const char *filename,
288: const char *passphrase, RSA * prv, char **comment_return)
1.1 deraadt 289: {
1.15 markus 290: int i, check1, check2, cipher_type;
1.8 markus 291: off_t len;
292: Buffer buffer, decrypted;
293: char *cp;
294: CipherContext cipher;
295: BN_CTX *ctx;
296: BIGNUM *aux;
297:
1.11 deraadt 298: len = lseek(fd, (off_t) 0, SEEK_END);
299: lseek(fd, (off_t) 0, SEEK_SET);
1.8 markus 300:
301: buffer_init(&buffer);
302: buffer_append_space(&buffer, &cp, len);
303:
1.11 deraadt 304: if (read(fd, cp, (size_t) len) != (size_t) len) {
1.8 markus 305: debug("Read from key file %.200s failed: %.100s", filename,
306: strerror(errno));
307: buffer_free(&buffer);
1.11 deraadt 308: close(fd);
1.8 markus 309: return 0;
310: }
1.11 deraadt 311: close(fd);
1.8 markus 312:
313: /* Check that it is at least big enought to contain the ID string. */
314: if (len < strlen(AUTHFILE_ID_STRING) + 1) {
315: debug("Bad key file %.200s.", filename);
316: buffer_free(&buffer);
317: return 0;
318: }
1.10 markus 319: /*
320: * Make sure it begins with the id string. Consume the id string
321: * from the buffer.
322: */
1.8 markus 323: for (i = 0; i < (unsigned int) strlen(AUTHFILE_ID_STRING) + 1; i++)
324: if (buffer_get_char(&buffer) != (unsigned char) AUTHFILE_ID_STRING[i]) {
325: debug("Bad key file %.200s.", filename);
326: buffer_free(&buffer);
327: return 0;
328: }
329: /* Read cipher type. */
330: cipher_type = buffer_get_char(&buffer);
331: (void) buffer_get_int(&buffer); /* Reserved data. */
332:
333: /* Read the public key from the buffer. */
334: buffer_get_int(&buffer);
335: prv->n = BN_new();
336: buffer_get_bignum(&buffer, prv->n);
337: prv->e = BN_new();
338: buffer_get_bignum(&buffer, prv->e);
339: if (comment_return)
340: *comment_return = buffer_get_string(&buffer, NULL);
341: else
342: xfree(buffer_get_string(&buffer, NULL));
343:
344: /* Check that it is a supported cipher. */
1.12 markus 345: if (((cipher_mask1() | SSH_CIPHER_NONE | SSH_AUTHFILE_CIPHER) &
1.8 markus 346: (1 << cipher_type)) == 0) {
347: debug("Unsupported cipher %.100s used in key file %.200s.",
348: cipher_name(cipher_type), filename);
349: buffer_free(&buffer);
350: goto fail;
351: }
352: /* Initialize space for decrypted data. */
353: buffer_init(&decrypted);
354: buffer_append_space(&decrypted, &cp, buffer_len(&buffer));
355:
356: /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
1.12 markus 357: cipher_set_key_string(&cipher, cipher_type, passphrase);
1.8 markus 358: cipher_decrypt(&cipher, (unsigned char *) cp,
359: (unsigned char *) buffer_ptr(&buffer),
360: buffer_len(&buffer));
361:
1.1 deraadt 362: buffer_free(&buffer);
363:
1.8 markus 364: check1 = buffer_get_char(&decrypted);
365: check2 = buffer_get_char(&decrypted);
366: if (check1 != buffer_get_char(&decrypted) ||
367: check2 != buffer_get_char(&decrypted)) {
368: if (strcmp(passphrase, "") != 0)
369: debug("Bad passphrase supplied for key file %.200s.", filename);
370: /* Bad passphrase. */
371: buffer_free(&decrypted);
372: fail:
373: BN_clear_free(prv->n);
1.15 markus 374: prv->n = NULL;
1.8 markus 375: BN_clear_free(prv->e);
1.15 markus 376: prv->e = NULL;
1.8 markus 377: if (comment_return)
378: xfree(*comment_return);
379: return 0;
380: }
381: /* Read the rest of the private key. */
382: prv->d = BN_new();
383: buffer_get_bignum(&decrypted, prv->d);
384: prv->iqmp = BN_new();
385: buffer_get_bignum(&decrypted, prv->iqmp); /* u */
386: /* in SSL and SSH p and q are exchanged */
387: prv->q = BN_new();
388: buffer_get_bignum(&decrypted, prv->q); /* p */
389: prv->p = BN_new();
390: buffer_get_bignum(&decrypted, prv->p); /* q */
391:
392: ctx = BN_CTX_new();
393: aux = BN_new();
394:
395: BN_sub(aux, prv->q, BN_value_one());
396: prv->dmq1 = BN_new();
397: BN_mod(prv->dmq1, prv->d, aux, ctx);
398:
399: BN_sub(aux, prv->p, BN_value_one());
400: prv->dmp1 = BN_new();
401: BN_mod(prv->dmp1, prv->d, aux, ctx);
402:
403: BN_clear_free(aux);
404: BN_CTX_free(ctx);
405:
406: buffer_free(&decrypted);
1.1 deraadt 407:
1.8 markus 408: return 1;
1.15 markus 409: }
410:
411: int
412: load_private_key_dsa(int fd, const char *passphrase, Key *k, char **comment_return)
413: {
414: DSA *dsa;
415: BIO *in;
416: FILE *fp;
417:
418: in = BIO_new(BIO_s_file());
419: if (in == NULL) {
420: error("BIO_new failed");
421: return 0;
422: }
423: fp = fdopen(fd, "r");
424: if (fp == NULL) {
425: error("fdopen failed");
426: return 0;
427: }
428: BIO_set_fp(in, fp, BIO_NOCLOSE);
429: dsa = PEM_read_bio_DSAPrivateKey(in, NULL, NULL, (char *)passphrase);
430: if (dsa == NULL) {
431: debug("PEM_read_bio_DSAPrivateKey failed");
432: } else {
433: /* replace k->dsa with loaded key */
434: DSA_free(k->dsa);
435: k->dsa = dsa;
436: }
437: BIO_free(in);
438: fclose(fp);
439: if (comment_return)
440: *comment_return = xstrdup("dsa w/o comment");
441: debug("read DSA private key done");
442: #ifdef DEBUG_DSS
443: DSA_print_fp(stderr, dsa, 8);
444: #endif
445: return dsa != NULL ? 1 : 0;
446: }
447:
448: int
449: load_private_key(const char *filename, const char *passphrase, Key *key,
450: char **comment_return)
451: {
452: int fd;
453: int ret = 0;
454: struct stat st;
455:
456: fd = open(filename, O_RDONLY);
457: if (fd < 0)
458: return 0;
459:
460: /* check owner and modes */
461: if (fstat(fd, &st) < 0 ||
462: (st.st_uid != 0 && st.st_uid != getuid()) ||
463: (st.st_mode & 077) != 0) {
464: close(fd);
465: error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
466: error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
467: error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
468: error("Bad ownership or mode(0%3.3o) for '%s'.",
469: st.st_mode & 0777, filename);
470: error("It is recommended that your private key files are NOT accessible by others.");
471: return 0;
472: }
473: switch (key->type) {
474: case KEY_RSA:
475: if (key->rsa->e != NULL) {
476: BN_clear_free(key->rsa->e);
477: key->rsa->e = NULL;
478: }
479: if (key->rsa->n != NULL) {
480: BN_clear_free(key->rsa->n);
481: key->rsa->n = NULL;
482: }
483: ret = load_private_key_rsa(fd, filename, passphrase,
484: key->rsa, comment_return);
485: break;
486: case KEY_DSA:
487: ret = load_private_key_dsa(fd, passphrase, key, comment_return);
488: default:
489: break;
490: }
491: close(fd);
492: return ret;
1.1 deraadt 493: }