Return to ssh-pkcs11-helper.c CVS log

Up to [local] / src / usr.bin / ssh

Annotation of src/usr.bin/ssh/ssh-pkcs11-helper.c, Revision 1.21

1.21    ! djm         1: /* $OpenBSD: ssh-pkcs11-helper.c,v 1.20 2019/09/06 04:53:27 djm Exp $ */
1.1       markus      2: /*
                      3:  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
                      4:  *
                      5:  * Permission to use, copy, modify, and distribute this software for any
                      6:  * purpose with or without fee is hereby granted, provided that the above
                      7:  * copyright notice and this permission notice appear in all copies.
                      8:  *
                      9:  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
                     10:  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
                     11:  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
                     12:  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
                     13:  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
                     14:  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
                     15:  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
                     16:  */
                     17:
1.9       djm        18: #include <sys/types.h>
1.1       markus     19: #include <sys/queue.h>
                     20: #include <sys/time.h>
                     21:
1.20      djm        22: #include <stdlib.h>
1.17      djm        23: #include <errno.h>
                     24: #include <poll.h>
1.1       markus     25: #include <stdarg.h>
                     26: #include <string.h>
                     27: #include <unistd.h>
                     28:
                     29: #include "xmalloc.h"
1.14      markus     30: #include "sshbuf.h"
1.1       markus     31: #include "log.h"
                     32: #include "misc.h"
1.14      markus     33: #include "sshkey.h"
1.1       markus     34: #include "authfd.h"
                     35: #include "ssh-pkcs11.h"
1.14      markus     36: #include "ssherr.h"
1.1       markus     37:
1.21    ! djm        38: #ifdef WITH_OPENSSL
        !            39:
1.1       markus     40: /* borrows code from sftp-server and ssh-agent */
                     41:
                     42: struct pkcs11_keyinfo {
1.13      markus     43:        struct sshkey   *key;
1.1       markus     44:        char            *providername;
                     45:        TAILQ_ENTRY(pkcs11_keyinfo) next;
                     46: };
                     47:
                     48: TAILQ_HEAD(, pkcs11_keyinfo) pkcs11_keylist;
                     49:
                     50: #define MAX_MSG_LENGTH         10240 /*XXX*/
                     51:
                     52: /* input and output queue */
1.14      markus     53: struct sshbuf *iqueue;
                     54: struct sshbuf *oqueue;
1.1       markus     55:
                     56: static void
1.13      markus     57: add_key(struct sshkey *k, char *name)
1.1       markus     58: {
                     59:        struct pkcs11_keyinfo *ki;
                     60:
                     61:        ki = xcalloc(1, sizeof(*ki));
                     62:        ki->providername = xstrdup(name);
                     63:        ki->key = k;
                     64:        TAILQ_INSERT_TAIL(&pkcs11_keylist, ki, next);
                     65: }
                     66:
                     67: static void
                     68: del_keys_by_name(char *name)
                     69: {
                     70:        struct pkcs11_keyinfo *ki, *nxt;
                     71:
                     72:        for (ki = TAILQ_FIRST(&pkcs11_keylist); ki; ki = nxt) {
                     73:                nxt = TAILQ_NEXT(ki, next);
                     74:                if (!strcmp(ki->providername, name)) {
                     75:                        TAILQ_REMOVE(&pkcs11_keylist, ki, next);
1.6       djm        76:                        free(ki->providername);
1.14      markus     77:                        sshkey_free(ki->key);
1.1       markus     78:                        free(ki);
                     79:                }
                     80:        }
                     81: }
                     82:
                     83: /* lookup matching 'private' key */
1.13      markus     84: static struct sshkey *
                     85: lookup_key(struct sshkey *k)
1.1       markus     86: {
                     87:        struct pkcs11_keyinfo *ki;
                     88:
                     89:        TAILQ_FOREACH(ki, &pkcs11_keylist, next) {
                     90:                debug("check %p %s", ki, ki->providername);
1.14      markus     91:                if (sshkey_equal(k, ki->key))
1.1       markus     92:                        return (ki->key);
                     93:        }
                     94:        return (NULL);
                     95: }
                     96:
                     97: static void
1.14      markus     98: send_msg(struct sshbuf *m)
1.1       markus     99: {
1.14      markus    100:        int r;
1.1       markus    101:
1.14      markus    102:        if ((r = sshbuf_put_stringb(oqueue, m)) != 0)
                    103:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus    104: }
                    105:
                    106: static void
                    107: process_add(void)
                    108: {
                    109:        char *name, *pin;
1.15      djm       110:        struct sshkey **keys = NULL;
1.14      markus    111:        int r, i, nkeys;
1.1       markus    112:        u_char *blob;
1.14      markus    113:        size_t blen;
                    114:        struct sshbuf *msg;
1.1       markus    115:
1.14      markus    116:        if ((msg = sshbuf_new()) == NULL)
                    117:                fatal("%s: sshbuf_new failed", __func__);
                    118:        if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
                    119:            (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0)
                    120:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus    121:        if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) {
1.14      markus    122:                if ((r = sshbuf_put_u8(msg,
                    123:                    SSH2_AGENT_IDENTITIES_ANSWER)) != 0 ||
                    124:                    (r = sshbuf_put_u32(msg, nkeys)) != 0)
                    125:                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus    126:                for (i = 0; i < nkeys; i++) {
1.14      markus    127:                        if ((r = sshkey_to_blob(keys[i], &blob, &blen)) != 0) {
                    128:                                debug("%s: sshkey_to_blob: %s",
                    129:                                    __func__, ssh_err(r));
1.7       djm       130:                                continue;
1.14      markus    131:                        }
                    132:                        if ((r = sshbuf_put_string(msg, blob, blen)) != 0 ||
                    133:                            (r = sshbuf_put_cstring(msg, name)) != 0)
                    134:                                fatal("%s: buffer error: %s",
                    135:                                    __func__, ssh_err(r));
1.6       djm       136:                        free(blob);
1.1       markus    137:                        add_key(keys[i], name);
                    138:                }
                    139:        } else {
1.14      markus    140:                if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
                    141:                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.15      djm       142:                if ((r = sshbuf_put_u32(msg, -nkeys)) != 0)
                    143:                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus    144:        }
1.15      djm       145:        free(keys);
1.6       djm       146:        free(pin);
                    147:        free(name);
1.14      markus    148:        send_msg(msg);
                    149:        sshbuf_free(msg);
1.1       markus    150: }
                    151:
                    152: static void
                    153: process_del(void)
                    154: {
                    155:        char *name, *pin;
1.14      markus    156:        struct sshbuf *msg;
                    157:        int r;
1.1       markus    158:
1.14      markus    159:        if ((msg = sshbuf_new()) == NULL)
                    160:                fatal("%s: sshbuf_new failed", __func__);
                    161:        if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
                    162:            (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0)
                    163:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus    164:        del_keys_by_name(name);
1.14      markus    165:        if ((r = sshbuf_put_u8(msg, pkcs11_del_provider(name) == 0 ?
                    166:            SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0)
                    167:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.6       djm       168:        free(pin);
                    169:        free(name);
1.14      markus    170:        send_msg(msg);
                    171:        sshbuf_free(msg);
1.1       markus    172: }
                    173:
                    174: static void
                    175: process_sign(void)
                    176: {
                    177:        u_char *blob, *data, *signature = NULL;
1.14      markus    178:        size_t blen, dlen, slen = 0;
                    179:        int r, ok = -1;
1.13      markus    180:        struct sshkey *key, *found;
1.14      markus    181:        struct sshbuf *msg;
1.1       markus    182:
1.14      markus    183:        /* XXX support SHA2 signature flags */
                    184:        if ((r = sshbuf_get_string(iqueue, &blob, &blen)) != 0 ||
                    185:            (r = sshbuf_get_string(iqueue, &data, &dlen)) != 0 ||
                    186:            (r = sshbuf_get_u32(iqueue, NULL)) != 0)
                    187:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    188:
                    189:        if ((r = sshkey_from_blob(blob, blen, &key)) != 0)
                    190:                error("%s: sshkey_from_blob: %s", __func__, ssh_err(r));
                    191:        else {
1.1       markus    192:                if ((found = lookup_key(key)) != NULL) {
1.8       djm       193: #ifdef WITH_OPENSSL
                    194:                        int ret;
                    195:
1.15      djm       196:                        if (key->type == KEY_RSA) {
                    197:                                slen = RSA_size(key->rsa);
                    198:                                signature = xmalloc(slen);
                    199:                                ret = RSA_private_encrypt(dlen, data, signature,
                    200:                                    found->rsa, RSA_PKCS1_PADDING);
                    201:                                if (ret != -1) {
                    202:                                        slen = ret;
                    203:                                        ok = 0;
                    204:                                }
                    205:                        } else if (key->type == KEY_ECDSA) {
1.18      dtucker   206:                                u_int xslen = ECDSA_size(key->ecdsa);
                    207:
1.15      djm       208:                                signature = xmalloc(xslen);
                    209:                                /* "The parameter type is ignored." */
                    210:                                ret = ECDSA_sign(-1, data, dlen, signature,
                    211:                                    &xslen, found->ecdsa);
                    212:                                if (ret != 0)
                    213:                                        ok = 0;
                    214:                                else
                    215:                                        error("%s: ECDSA_sign"
                    216:                                            " returns %d", __func__, ret);
                    217:                                slen = xslen;
                    218:                        } else
                    219:                                error("%s: don't know how to sign with key "
                    220:                                    "type %d", __func__, (int)key->type);
1.8       djm       221: #endif /* WITH_OPENSSL */
1.1       markus    222:                }
1.14      markus    223:                sshkey_free(key);
1.1       markus    224:        }
1.14      markus    225:        if ((msg = sshbuf_new()) == NULL)
                    226:                fatal("%s: sshbuf_new failed", __func__);
1.1       markus    227:        if (ok == 0) {
1.14      markus    228:                if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 ||
                    229:                    (r = sshbuf_put_string(msg, signature, slen)) != 0)
                    230:                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus    231:        } else {
1.14      markus    232:                if ((r = sshbuf_put_u8(msg, SSH2_AGENT_FAILURE)) != 0)
                    233:                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus    234:        }
1.6       djm       235:        free(data);
                    236:        free(blob);
                    237:        free(signature);
1.14      markus    238:        send_msg(msg);
                    239:        sshbuf_free(msg);
1.1       markus    240: }
                    241:
                    242: static void
                    243: process(void)
                    244: {
                    245:        u_int msg_len;
                    246:        u_int buf_len;
                    247:        u_int consumed;
1.14      markus    248:        u_char type;
                    249:        const u_char *cp;
                    250:        int r;
1.1       markus    251:
1.14      markus    252:        buf_len = sshbuf_len(iqueue);
1.1       markus    253:        if (buf_len < 5)
                    254:                return;         /* Incomplete message. */
1.14      markus    255:        cp = sshbuf_ptr(iqueue);
1.1       markus    256:        msg_len = get_u32(cp);
                    257:        if (msg_len > MAX_MSG_LENGTH) {
                    258:                error("bad message len %d", msg_len);
                    259:                cleanup_exit(11);
                    260:        }
                    261:        if (buf_len < msg_len + 4)
                    262:                return;
1.14      markus    263:        if ((r = sshbuf_consume(iqueue, 4)) != 0 ||
                    264:            (r = sshbuf_get_u8(iqueue, &type)) != 0)
                    265:                fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus    266:        buf_len -= 4;
                    267:        switch (type) {
                    268:        case SSH_AGENTC_ADD_SMARTCARD_KEY:
                    269:                debug("process_add");
                    270:                process_add();
                    271:                break;
                    272:        case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
                    273:                debug("process_del");
                    274:                process_del();
                    275:                break;
                    276:        case SSH2_AGENTC_SIGN_REQUEST:
                    277:                debug("process_sign");
                    278:                process_sign();
                    279:                break;
                    280:        default:
                    281:                error("Unknown message %d", type);
                    282:                break;
                    283:        }
                    284:        /* discard the remaining bytes from the current packet */
1.14      markus    285:        if (buf_len < sshbuf_len(iqueue)) {
1.1       markus    286:                error("iqueue grew unexpectedly");
                    287:                cleanup_exit(255);
                    288:        }
1.14      markus    289:        consumed = buf_len - sshbuf_len(iqueue);
1.1       markus    290:        if (msg_len < consumed) {
                    291:                error("msg_len %d < consumed %d", msg_len, consumed);
                    292:                cleanup_exit(255);
                    293:        }
1.14      markus    294:        if (msg_len > consumed) {
                    295:                if ((r = sshbuf_consume(iqueue, msg_len - consumed)) != 0)
                    296:                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
                    297:        }
1.1       markus    298: }
                    299:
                    300: void
                    301: cleanup_exit(int i)
                    302: {
                    303:        /* XXX */
                    304:        _exit(i);
                    305: }
                    306:
1.16      djm       307:
1.1       markus    308: int
                    309: main(int argc, char **argv)
                    310: {
1.16      djm       311:        int r, ch, in, out, max, log_stderr = 0;
1.17      djm       312:        ssize_t len;
1.1       markus    313:        SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
                    314:        LogLevel log_level = SYSLOG_LEVEL_ERROR;
                    315:        char buf[4*4096];
1.2       deraadt   316:        extern char *__progname;
1.17      djm       317:        struct pollfd pfd[2];
1.1       markus    318:
                    319:        TAILQ_INIT(&pkcs11_keylist);
                    320:
                    321:        log_init(__progname, log_level, log_facility, log_stderr);
                    322:
1.16      djm       323:        while ((ch = getopt(argc, argv, "v")) != -1) {
                    324:                switch (ch) {
                    325:                case 'v':
                    326:                        log_stderr = 1;
                    327:                        if (log_level == SYSLOG_LEVEL_ERROR)
                    328:                                log_level = SYSLOG_LEVEL_DEBUG1;
                    329:                        else if (log_level < SYSLOG_LEVEL_DEBUG3)
                    330:                                log_level++;
                    331:                        break;
                    332:                default:
                    333:                        fprintf(stderr, "usage: %s [-v]\n", __progname);
                    334:                        exit(1);
                    335:                }
                    336:        }
                    337:
                    338:        log_init(__progname, log_level, log_facility, log_stderr);
                    339:
                    340:        pkcs11_init(0);
1.1       markus    341:        in = STDIN_FILENO;
                    342:        out = STDOUT_FILENO;
                    343:
                    344:        max = 0;
                    345:        if (in > max)
                    346:                max = in;
                    347:        if (out > max)
                    348:                max = out;
                    349:
1.14      markus    350:        if ((iqueue = sshbuf_new()) == NULL)
                    351:                fatal("%s: sshbuf_new failed", __func__);
                    352:        if ((oqueue = sshbuf_new()) == NULL)
                    353:                fatal("%s: sshbuf_new failed", __func__);
1.1       markus    354:
1.17      djm       355:        while (1) {
                    356:                memset(pfd, 0, sizeof(pfd));
                    357:                pfd[0].fd = in;
                    358:                pfd[1].fd = out;
1.1       markus    359:
                    360:                /*
                    361:                 * Ensure that we can read a full buffer and handle
                    362:                 * the worst-case length packet it can generate,
                    363:                 * otherwise apply backpressure by stopping reads.
                    364:                 */
1.14      markus    365:                if ((r = sshbuf_check_reserve(iqueue, sizeof(buf))) == 0 &&
                    366:                    (r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0)
1.17      djm       367:                        pfd[0].events = POLLIN;
1.14      markus    368:                else if (r != SSH_ERR_NO_BUFFER_SPACE)
                    369:                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus    370:
1.17      djm       371:                if (sshbuf_len(oqueue) > 0)
                    372:                        pfd[1].events = POLLOUT;
1.1       markus    373:
1.17      djm       374:                if ((r = poll(pfd, 2, -1 /* INFTIM */)) <= 0) {
                    375:                        if (r == 0 || errno == EINTR)
1.1       markus    376:                                continue;
1.17      djm       377:                        fatal("poll: %s", strerror(errno));
1.1       markus    378:                }
                    379:
                    380:                /* copy stdin to iqueue */
1.17      djm       381:                if ((pfd[0].revents & (POLLIN|POLLERR)) != 0) {
1.1       markus    382:                        len = read(in, buf, sizeof buf);
                    383:                        if (len == 0) {
                    384:                                debug("read eof");
                    385:                                cleanup_exit(0);
                    386:                        } else if (len < 0) {
                    387:                                error("read: %s", strerror(errno));
                    388:                                cleanup_exit(1);
1.14      markus    389:                        } else if ((r = sshbuf_put(iqueue, buf, len)) != 0) {
                    390:                                fatal("%s: buffer error: %s",
                    391:                                    __func__, ssh_err(r));
1.1       markus    392:                        }
                    393:                }
                    394:                /* send oqueue to stdout */
1.17      djm       395:                if ((pfd[1].revents & (POLLOUT|POLLHUP)) != 0) {
                    396:                        len = write(out, sshbuf_ptr(oqueue),
                    397:                            sshbuf_len(oqueue));
1.1       markus    398:                        if (len < 0) {
                    399:                                error("write: %s", strerror(errno));
                    400:                                cleanup_exit(1);
1.14      markus    401:                        } else if ((r = sshbuf_consume(oqueue, len)) != 0) {
                    402:                                fatal("%s: buffer error: %s",
                    403:                                    __func__, ssh_err(r));
1.1       markus    404:                        }
                    405:                }
                    406:
                    407:                /*
                    408:                 * Process requests from client if we can fit the results
                    409:                 * into the output buffer, otherwise stop processing input
                    410:                 * and let the output queue drain.
                    411:                 */
1.14      markus    412:                if ((r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0)
1.1       markus    413:                        process();
1.14      markus    414:                else if (r != SSH_ERR_NO_BUFFER_SPACE)
                    415:                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
1.1       markus    416:        }
                    417: }
1.21    ! djm       418:
        !           419: #else /* WITH_OPENSSL */
        !           420: void
        !           421: cleanup_exit(int i)
        !           422: {
        !           423:        _exit(i);
        !           424: }
        !           425:
        !           426: int
        !           427: main(int argc, char **argv)
        !           428: {
        !           429:        fprintf(stderr, "PKCS#11 code is not enabled\n");
        !           430:        return 1;
        !           431: }
        !           432: #endif /* WITH_OPENSSL */