| version 1.343, 2019/09/03 08:27:52 |
version 1.344, 2019/09/03 08:34:19 |
|
|
| #include "digest.h" |
#include "digest.h" |
| #include "utf8.h" |
#include "utf8.h" |
| #include "authfd.h" |
#include "authfd.h" |
| |
#include "sshsig.h" |
| |
|
| #ifdef ENABLE_PKCS11 |
#ifdef ENABLE_PKCS11 |
| #include "ssh-pkcs11.h" |
#include "ssh-pkcs11.h" |
|
|
| } |
} |
| #endif |
#endif |
| |
|
| |
static struct sshkey * |
| |
load_sign_key(const char *keypath, const struct sshkey *pubkey) |
| |
{ |
| |
size_t i, slen, plen = strlen(keypath); |
| |
char *privpath = xstrdup(keypath); |
| |
const char *suffixes[] = { "-cert.pub", ".pub", NULL }; |
| |
struct sshkey *ret = NULL, *privkey = NULL; |
| |
int r; |
| |
|
| |
/* |
| |
* If passed a public key filename, then try to locate the correponding |
| |
* private key. This lets us specify certificates on the command-line |
| |
* and have ssh-keygen find the appropriate private key. |
| |
*/ |
| |
for (i = 0; suffixes[i]; i++) { |
| |
slen = strlen(suffixes[i]); |
| |
if (plen <= slen || |
| |
strcmp(privpath + plen - slen, suffixes[i]) != 0) |
| |
continue; |
| |
privpath[plen - slen] = '\0'; |
| |
debug("%s: %s looks like a public key, using private key " |
| |
"path %s instead", __func__, keypath, privpath); |
| |
} |
| |
if ((privkey = load_identity(privpath, NULL)) == NULL) { |
| |
error("Couldn't load identity %s", keypath); |
| |
goto done; |
| |
} |
| |
if (!sshkey_equal_public(pubkey, privkey)) { |
| |
error("Public key %s doesn't match private %s", |
| |
keypath, privpath); |
| |
goto done; |
| |
} |
| |
if (sshkey_is_cert(pubkey) && !sshkey_is_cert(privkey)) { |
| |
/* |
| |
* Graft the certificate onto the private key to make |
| |
* it capable of signing. |
| |
*/ |
| |
if ((r = sshkey_to_certified(privkey)) != 0) { |
| |
error("%s: sshkey_to_certified: %s", __func__, |
| |
ssh_err(r)); |
| |
goto done; |
| |
} |
| |
if ((r = sshkey_cert_copy(pubkey, privkey)) != 0) { |
| |
error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r)); |
| |
goto done; |
| |
} |
| |
} |
| |
/* success */ |
| |
ret = privkey; |
| |
privkey = NULL; |
| |
done: |
| |
sshkey_free(privkey); |
| |
free(privpath); |
| |
return ret; |
| |
} |
| |
|
| |
static int |
| |
sign_one(struct sshkey *signkey, const char *filename, int fd, |
| |
const char *sig_namespace, sshsig_signer *signer, void *signer_ctx) |
| |
{ |
| |
struct sshbuf *sigbuf = NULL, *abuf = NULL; |
| |
int r = SSH_ERR_INTERNAL_ERROR, wfd = -1, oerrno; |
| |
char *wfile = NULL; |
| |
char *asig = NULL; |
| |
|
| |
if (!quiet) { |
| |
if (fd == STDIN_FILENO) |
| |
fprintf(stderr, "Signing data on standard input\n"); |
| |
else |
| |
fprintf(stderr, "Signing file %s\n", filename); |
| |
} |
| |
if ((r = sshsig_sign_fd(signkey, NULL, fd, sig_namespace, |
| |
&sigbuf, signer, signer_ctx)) != 0) { |
| |
error("Signing %s failed: %s", filename, ssh_err(r)); |
| |
goto out; |
| |
} |
| |
if ((r = sshsig_armor(sigbuf, &abuf)) != 0) { |
| |
error("%s: sshsig_armor: %s", __func__, ssh_err(r)); |
| |
goto out; |
| |
} |
| |
if ((asig = sshbuf_dup_string(abuf)) == NULL) { |
| |
error("%s: buffer error", __func__); |
| |
r = SSH_ERR_ALLOC_FAIL; |
| |
goto out; |
| |
} |
| |
|
| |
if (fd == STDIN_FILENO) { |
| |
fputs(asig, stdout); |
| |
fflush(stdout); |
| |
} else { |
| |
xasprintf(&wfile, "%s.sig", filename); |
| |
if (confirm_overwrite(wfile)) { |
| |
if ((wfd = open(wfile, O_WRONLY|O_CREAT|O_TRUNC, |
| |
0666)) == -1) { |
| |
oerrno = errno; |
| |
error("Cannot open %s: %s", |
| |
wfile, strerror(errno)); |
| |
errno = oerrno; |
| |
r = SSH_ERR_SYSTEM_ERROR; |
| |
goto out; |
| |
} |
| |
if (atomicio(vwrite, wfd, asig, |
| |
strlen(asig)) != strlen(asig)) { |
| |
oerrno = errno; |
| |
error("Cannot write to %s: %s", |
| |
wfile, strerror(errno)); |
| |
errno = oerrno; |
| |
r = SSH_ERR_SYSTEM_ERROR; |
| |
goto out; |
| |
} |
| |
if (!quiet) { |
| |
fprintf(stderr, "Write signature to %s\n", |
| |
wfile); |
| |
} |
| |
} |
| |
} |
| |
/* success */ |
| |
r = 0; |
| |
out: |
| |
free(wfile); |
| |
free(asig); |
| |
sshbuf_free(abuf); |
| |
sshbuf_free(sigbuf); |
| |
if (wfd != -1) |
| |
close(wfd); |
| |
return r; |
| |
} |
| |
|
| |
static int |
| |
sign(const char *keypath, const char *sig_namespace, int argc, char **argv) |
| |
{ |
| |
int i, fd = -1, r, ret = -1; |
| |
int agent_fd = -1; |
| |
struct sshkey *pubkey = NULL, *privkey = NULL, *signkey = NULL; |
| |
sshsig_signer *signer = NULL; |
| |
|
| |
/* Check file arguments. */ |
| |
for (i = 0; i < argc; i++) { |
| |
if (strcmp(argv[i], "-") != 0) |
| |
continue; |
| |
if (i > 0 || argc > 1) |
| |
fatal("Cannot sign mix of paths and standard input"); |
| |
} |
| |
|
| |
if ((r = sshkey_load_public(keypath, &pubkey, NULL)) != 0) { |
| |
error("Couldn't load public key %s: %s", keypath, ssh_err(r)); |
| |
goto done; |
| |
} |
| |
|
| |
if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) |
| |
debug("Couldn't get agent socket: %s", ssh_err(r)); |
| |
else { |
| |
if ((r = ssh_agent_has_key(agent_fd, pubkey)) == 0) |
| |
signer = agent_signer; |
| |
else |
| |
debug("Couldn't find key in agent: %s", ssh_err(r)); |
| |
} |
| |
|
| |
if (signer == NULL) { |
| |
/* Not using agent - try to load private key */ |
| |
if ((privkey = load_sign_key(keypath, pubkey)) == NULL) |
| |
goto done; |
| |
signkey = privkey; |
| |
} else { |
| |
/* Will use key in agent */ |
| |
signkey = pubkey; |
| |
} |
| |
|
| |
if (argc == 0) { |
| |
if ((r = sign_one(signkey, "(stdin)", STDIN_FILENO, |
| |
sig_namespace, signer, &agent_fd)) != 0) |
| |
goto done; |
| |
} else { |
| |
for (i = 0; i < argc; i++) { |
| |
if (strcmp(argv[i], "-") == 0) |
| |
fd = STDIN_FILENO; |
| |
else if ((fd = open(argv[i], O_RDONLY)) == -1) { |
| |
error("Cannot open %s for signing: %s", |
| |
argv[i], strerror(errno)); |
| |
goto done; |
| |
} |
| |
if ((r = sign_one(signkey, argv[i], fd, sig_namespace, |
| |
signer, &agent_fd)) != 0) |
| |
goto done; |
| |
if (fd != STDIN_FILENO) |
| |
close(fd); |
| |
fd = -1; |
| |
} |
| |
} |
| |
|
| |
ret = 0; |
| |
done: |
| |
if (fd != -1 && fd != STDIN_FILENO) |
| |
close(fd); |
| |
sshkey_free(pubkey); |
| |
sshkey_free(privkey); |
| |
return ret; |
| |
} |
| |
|
| |
static int |
| |
verify(const char *signature, const char *sig_namespace, const char *principal, |
| |
const char *allowed_keys, const char *revoked_keys) |
| |
{ |
| |
int r, ret = -1, sigfd = -1; |
| |
struct sshbuf *sigbuf = NULL, *abuf = NULL; |
| |
struct sshkey *sign_key = NULL; |
| |
char *fp = NULL; |
| |
|
| |
if ((abuf = sshbuf_new()) == NULL) |
| |
fatal("%s: sshbuf_new() failed", __func__); |
| |
|
| |
if ((sigfd = open(signature, O_RDONLY)) < 0) { |
| |
error("Couldn't open signature file %s", signature); |
| |
goto done; |
| |
} |
| |
|
| |
if ((r = sshkey_load_file(sigfd, abuf)) != 0) { |
| |
error("Couldn't read signature file: %s", ssh_err(r)); |
| |
goto done; |
| |
} |
| |
if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) { |
| |
error("%s: sshsig_armor: %s", __func__, ssh_err(r)); |
| |
return r; |
| |
} |
| |
if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace, |
| |
&sign_key)) != 0) |
| |
goto done; /* sshsig_verify() prints error */ |
| |
|
| |
if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash, |
| |
SSH_FP_DEFAULT)) == NULL) |
| |
fatal("%s: sshkey_fingerprint failed", __func__); |
| |
debug("Valid (unverified) signature from key %s", fp); |
| |
free(fp); |
| |
fp = NULL; |
| |
|
| |
if (revoked_keys != NULL) { |
| |
if ((r = sshkey_check_revoked(sign_key, revoked_keys)) != 0) { |
| |
debug3("sshkey_check_revoked failed: %s", ssh_err(r)); |
| |
goto done; |
| |
} |
| |
} |
| |
|
| |
if ((r = sshsig_check_allowed_keys(allowed_keys, sign_key, |
| |
principal, sig_namespace)) != 0) { |
| |
debug3("sshsig_check_allowed_keys failed: %s", ssh_err(r)); |
| |
goto done; |
| |
} |
| |
/* success */ |
| |
ret = 0; |
| |
done: |
| |
if (!quiet) { |
| |
if (ret == 0) { |
| |
if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash, |
| |
SSH_FP_DEFAULT)) == NULL) { |
| |
fatal("%s: sshkey_fingerprint failed", |
| |
__func__); |
| |
} |
| |
printf("Good \"%s\" signature for %s with %s key %s\n", |
| |
sig_namespace, principal, |
| |
sshkey_type(sign_key), fp); |
| |
} else { |
| |
printf("Could not verify signature.\n"); |
| |
} |
| |
} |
| |
if (sigfd != -1) |
| |
close(sigfd); |
| |
sshbuf_free(sigbuf); |
| |
sshbuf_free(abuf); |
| |
sshkey_free(sign_key); |
| |
free(fp); |
| |
return ret; |
| |
} |
| |
|
| static void |
static void |
| usage(void) |
usage(void) |
| { |
{ |
|
|
| " ssh-keygen -A\n" |
" ssh-keygen -A\n" |
| " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n" |
" ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n" |
| " file ...\n" |
" file ...\n" |
| " ssh-keygen -Q -f krl_file file ...\n"); |
" ssh-keygen -Q -f le file ...\n" |
| |
" ssh-keygen -Y sign -f sign_key -n namespace\n" |
| |
" ssh-keygen -Y verify -I signer_identity -s signature_file\n" |
| |
" -n namespace -f allowed_keys [-r revoked_keys]\n"); |
| exit(1); |
exit(1); |
| } |
} |
| |
|
|
|
| FILE *f; |
FILE *f; |
| const char *errstr; |
const char *errstr; |
| int log_level = SYSLOG_LEVEL_INFO; |
int log_level = SYSLOG_LEVEL_INFO; |
| |
char *sign_op = NULL; |
| #ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
| /* Moduli generation/screening */ |
/* Moduli generation/screening */ |
| char out_file[PATH_MAX], *checkpoint = NULL; |
char out_file[PATH_MAX], *checkpoint = NULL; |
|
|
| if (gethostname(hostname, sizeof(hostname)) == -1) |
if (gethostname(hostname, sizeof(hostname)) == -1) |
| fatal("gethostname: %s", strerror(errno)); |
fatal("gethostname: %s", strerror(errno)); |
| |
|
| /* Remaining characters: Ydw */ |
/* Remaining characters: dw */ |
| while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy" |
while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy" |
| "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:" |
"C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Y:Z:" |
| "a:b:f:g:j:m:n:r:s:t:z:")) != -1) { |
"a:b:f:g:j:m:n:r:s:t:z:")) != -1) { |
| switch (opt) { |
switch (opt) { |
| case 'A': |
case 'A': |
|
|
| case 'V': |
case 'V': |
| parse_cert_times(optarg); |
parse_cert_times(optarg); |
| break; |
break; |
| |
case 'Y': |
| |
sign_op = optarg; |
| |
break; |
| case 'z': |
case 'z': |
| errno = 0; |
errno = 0; |
| if (*optarg == '+') { |
if (*optarg == '+') { |
|
|
| |
|
| argv += optind; |
argv += optind; |
| argc -= optind; |
argc -= optind; |
| |
|
| |
if (sign_op != NULL) { |
| |
if (cert_principals == NULL) { |
| |
error("Too few arguments for sign/verify: " |
| |
"missing namespace"); |
| |
exit(1); |
| |
} |
| |
if (strncmp(sign_op, "sign", 4) == 0) { |
| |
if (!have_identity) { |
| |
error("Too few arguments for sign: " |
| |
"missing key"); |
| |
exit(1); |
| |
} |
| |
return sign(identity_file, cert_principals, argc, argv); |
| |
} else if (strncmp(sign_op, "verify", 6) == 0) { |
| |
if (ca_key_path == NULL) { |
| |
error("Too few arguments for verify: " |
| |
"missing signature file"); |
| |
exit(1); |
| |
} |
| |
if (!have_identity) { |
| |
error("Too few arguments for sign: " |
| |
"missing allowed keys file"); |
| |
exit(1); |
| |
} |
| |
if (cert_key_id == NULL) { |
| |
error("Too few arguments for verify: " |
| |
"missing principal ID"); |
| |
exit(1); |
| |
} |
| |
return verify(ca_key_path, cert_principals, |
| |
cert_key_id, identity_file, rr_hostname); |
| |
} |
| |
usage(); |
| |
/* NOTREACHED */ |
| |
} |
| |
|
| if (ca_key_path != NULL) { |
if (ca_key_path != NULL) { |
| if (argc < 1 && !gen_krl) { |
if (argc < 1 && !gen_krl) { |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh