Line | Count | Source (jump to first uncovered line) |
1 | | /* $OpenBSD: ssh_api.c,v 1.28 2024/01/09 21:39:14 djm Exp $ */ |
2 | | /* |
3 | | * Copyright (c) 2012 Markus Friedl. All rights reserved. |
4 | | * |
5 | | * Permission to use, copy, modify, and distribute this software for any |
6 | | * purpose with or without fee is hereby granted, provided that the above |
7 | | * copyright notice and this permission notice appear in all copies. |
8 | | * |
9 | | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
10 | | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
11 | | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
12 | | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
13 | | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
14 | | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
15 | | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | | */ |
17 | | |
18 | | #include "includes.h" |
19 | | |
20 | | #include <sys/types.h> |
21 | | |
22 | | #include <stdio.h> |
23 | | #include <stdlib.h> |
24 | | |
25 | | #include "ssh_api.h" |
26 | | #include "compat.h" |
27 | | #include "log.h" |
28 | | #include "authfile.h" |
29 | | #include "sshkey.h" |
30 | | #include "misc.h" |
31 | | #include "ssh2.h" |
32 | | #include "version.h" |
33 | | #include "myproposal.h" |
34 | | #include "ssherr.h" |
35 | | #include "sshbuf.h" |
36 | | |
37 | | #include "openbsd-compat/openssl-compat.h" |
38 | | |
39 | | #include <string.h> |
40 | | |
41 | | int _ssh_exchange_banner(struct ssh *); |
42 | | int _ssh_send_banner(struct ssh *, struct sshbuf *); |
43 | | int _ssh_read_banner(struct ssh *, struct sshbuf *); |
44 | | int _ssh_order_hostkeyalgs(struct ssh *); |
45 | | int _ssh_verify_host_key(struct sshkey *, struct ssh *); |
46 | | struct sshkey *_ssh_host_public_key(int, int, struct ssh *); |
47 | | struct sshkey *_ssh_host_private_key(int, int, struct ssh *); |
48 | | int _ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *, |
49 | | u_char **, size_t *, const u_char *, size_t, const char *); |
50 | | |
51 | | /* |
52 | | * stubs for the server side implementation of kex. |
53 | | * disable privsep so our stubs will never be called. |
54 | | */ |
55 | | int use_privsep = 0; |
56 | | int mm_sshkey_sign(struct sshkey *, u_char **, u_int *, |
57 | | const u_char *, u_int, const char *, const char *, const char *, u_int); |
58 | | |
59 | | #ifdef WITH_OPENSSL |
60 | | DH *mm_choose_dh(int, int, int); |
61 | | #endif |
62 | | |
63 | | int |
64 | | mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp, |
65 | | const u_char *data, u_int datalen, const char *alg, |
66 | | const char *sk_provider, const char *sk_pin, u_int compat) |
67 | 0 | { |
68 | 0 | return (-1); |
69 | 0 | } |
70 | | |
71 | | #ifdef WITH_OPENSSL |
72 | | DH * |
73 | | mm_choose_dh(int min, int nbits, int max) |
74 | 0 | { |
75 | 0 | return (NULL); |
76 | 0 | } |
77 | | #endif |
78 | | |
79 | | /* API */ |
80 | | |
81 | | int |
82 | | ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) |
83 | 70.0k | { |
84 | 70.0k | char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; |
85 | 70.0k | char *populated[PROPOSAL_MAX]; |
86 | 70.0k | struct ssh *ssh; |
87 | 70.0k | char **proposal; |
88 | 70.0k | static int called; |
89 | 70.0k | int r; |
90 | | |
91 | 70.0k | if (!called) { |
92 | 1 | seed_rng(); |
93 | 1 | called = 1; |
94 | 1 | } |
95 | | |
96 | 70.0k | if ((ssh = ssh_packet_set_connection(NULL, -1, -1)) == NULL) |
97 | 0 | return SSH_ERR_ALLOC_FAIL; |
98 | 70.0k | if (is_server) |
99 | 35.0k | ssh_packet_set_server(ssh); |
100 | | |
101 | | /* Initialize key exchange */ |
102 | 70.0k | proposal = kex_params ? kex_params->proposal : myproposal; |
103 | 70.0k | kex_proposal_populate_entries(ssh, populated, |
104 | 70.0k | proposal[PROPOSAL_KEX_ALGS], |
105 | 70.0k | proposal[PROPOSAL_ENC_ALGS_CTOS], |
106 | 70.0k | proposal[PROPOSAL_MAC_ALGS_CTOS], |
107 | 70.0k | proposal[PROPOSAL_COMP_ALGS_CTOS], |
108 | 70.0k | proposal[PROPOSAL_SERVER_HOST_KEY_ALGS]); |
109 | 70.0k | r = kex_ready(ssh, populated); |
110 | 70.0k | kex_proposal_free_entries(populated); |
111 | 70.0k | if (r != 0) { |
112 | 0 | ssh_free(ssh); |
113 | 0 | return r; |
114 | 0 | } |
115 | | |
116 | 70.0k | ssh->kex->server = is_server; |
117 | 70.0k | if (is_server) { |
118 | 35.0k | #ifdef WITH_OPENSSL |
119 | 35.0k | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; |
120 | 35.0k | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; |
121 | 35.0k | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; |
122 | 35.0k | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; |
123 | 35.0k | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; |
124 | 35.0k | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
125 | 35.0k | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
126 | 35.0k | # ifdef OPENSSL_HAS_ECC |
127 | 35.0k | ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_server; |
128 | 35.0k | # endif |
129 | 35.0k | #endif /* WITH_OPENSSL */ |
130 | 35.0k | ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server; |
131 | 35.0k | ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; |
132 | 35.0k | ssh->kex->load_host_public_key=&_ssh_host_public_key; |
133 | 35.0k | ssh->kex->load_host_private_key=&_ssh_host_private_key; |
134 | 35.0k | ssh->kex->sign=&_ssh_host_key_sign; |
135 | 35.0k | } else { |
136 | 35.0k | #ifdef WITH_OPENSSL |
137 | 35.0k | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client; |
138 | 35.0k | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client; |
139 | 35.0k | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client; |
140 | 35.0k | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client; |
141 | 35.0k | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client; |
142 | 35.0k | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
143 | 35.0k | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
144 | 35.0k | # ifdef OPENSSL_HAS_ECC |
145 | 35.0k | ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; |
146 | 35.0k | # endif |
147 | 35.0k | #endif /* WITH_OPENSSL */ |
148 | 35.0k | ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; |
149 | 35.0k | ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client; |
150 | 35.0k | ssh->kex->verify_host_key =&_ssh_verify_host_key; |
151 | 35.0k | } |
152 | 70.0k | *sshp = ssh; |
153 | 70.0k | return 0; |
154 | 70.0k | } |
155 | | |
156 | | void |
157 | | ssh_free(struct ssh *ssh) |
158 | 70.0k | { |
159 | 70.0k | struct key_entry *k; |
160 | | |
161 | 70.0k | if (ssh == NULL) |
162 | 0 | return; |
163 | | |
164 | | /* |
165 | | * we've only created the public keys variants in case we |
166 | | * are a acting as a server. |
167 | | */ |
168 | 140k | while ((k = TAILQ_FIRST(&ssh->public_keys)) != NULL) { |
169 | 70.0k | TAILQ_REMOVE(&ssh->public_keys, k, next); |
170 | 70.0k | if (ssh->kex && ssh->kex->server) |
171 | 35.0k | sshkey_free(k->key); |
172 | 70.0k | free(k); |
173 | 70.0k | } |
174 | 105k | while ((k = TAILQ_FIRST(&ssh->private_keys)) != NULL) { |
175 | 35.0k | TAILQ_REMOVE(&ssh->private_keys, k, next); |
176 | 35.0k | free(k); |
177 | 35.0k | } |
178 | 70.0k | ssh_packet_close(ssh); |
179 | 70.0k | free(ssh); |
180 | 70.0k | } |
181 | | |
182 | | void |
183 | | ssh_set_app_data(struct ssh *ssh, void *app_data) |
184 | 0 | { |
185 | 0 | ssh->app_data = app_data; |
186 | 0 | } |
187 | | |
188 | | void * |
189 | | ssh_get_app_data(struct ssh *ssh) |
190 | 0 | { |
191 | 0 | return ssh->app_data; |
192 | 0 | } |
193 | | |
194 | | /* Returns < 0 on error, 0 otherwise */ |
195 | | int |
196 | | ssh_add_hostkey(struct ssh *ssh, struct sshkey *key) |
197 | 70.0k | { |
198 | 70.0k | struct sshkey *pubkey = NULL; |
199 | 70.0k | struct key_entry *k = NULL, *k_prv = NULL; |
200 | 70.0k | int r; |
201 | | |
202 | 70.0k | if (ssh->kex->server) { |
203 | 35.0k | if ((r = sshkey_from_private(key, &pubkey)) != 0) |
204 | 0 | return r; |
205 | 35.0k | if ((k = malloc(sizeof(*k))) == NULL || |
206 | 35.0k | (k_prv = malloc(sizeof(*k_prv))) == NULL) { |
207 | 0 | free(k); |
208 | 0 | sshkey_free(pubkey); |
209 | 0 | return SSH_ERR_ALLOC_FAIL; |
210 | 0 | } |
211 | 35.0k | k_prv->key = key; |
212 | 35.0k | TAILQ_INSERT_TAIL(&ssh->private_keys, k_prv, next); |
213 | | |
214 | | /* add the public key, too */ |
215 | 35.0k | k->key = pubkey; |
216 | 35.0k | TAILQ_INSERT_TAIL(&ssh->public_keys, k, next); |
217 | 35.0k | r = 0; |
218 | 35.0k | } else { |
219 | 35.0k | if ((k = malloc(sizeof(*k))) == NULL) |
220 | 0 | return SSH_ERR_ALLOC_FAIL; |
221 | 35.0k | k->key = key; |
222 | 35.0k | TAILQ_INSERT_TAIL(&ssh->public_keys, k, next); |
223 | 35.0k | r = 0; |
224 | 35.0k | } |
225 | | |
226 | 70.0k | return r; |
227 | 70.0k | } |
228 | | |
229 | | int |
230 | | ssh_set_verify_host_key_callback(struct ssh *ssh, |
231 | | int (*cb)(struct sshkey *, struct ssh *)) |
232 | 0 | { |
233 | 0 | if (cb == NULL || ssh->kex == NULL) |
234 | 0 | return SSH_ERR_INVALID_ARGUMENT; |
235 | | |
236 | 0 | ssh->kex->verify_host_key = cb; |
237 | |
|
238 | 0 | return 0; |
239 | 0 | } |
240 | | |
241 | | int |
242 | | ssh_input_append(struct ssh *ssh, const u_char *data, size_t len) |
243 | 55.1k | { |
244 | 55.1k | return sshbuf_put(ssh_packet_get_input(ssh), data, len); |
245 | 55.1k | } |
246 | | |
247 | | int |
248 | | ssh_packet_next(struct ssh *ssh, u_char *typep) |
249 | 90.1k | { |
250 | 90.1k | int r; |
251 | 90.1k | u_int32_t seqnr; |
252 | 90.1k | u_char type; |
253 | | |
254 | | /* |
255 | | * Try to read a packet. Return SSH_MSG_NONE if no packet or not |
256 | | * enough data. |
257 | | */ |
258 | 90.1k | *typep = SSH_MSG_NONE; |
259 | 90.1k | if (sshbuf_len(ssh->kex->client_version) == 0 || |
260 | 90.1k | sshbuf_len(ssh->kex->server_version) == 0) |
261 | 70.0k | return _ssh_exchange_banner(ssh); |
262 | | /* |
263 | | * If we enough data and a dispatch function then |
264 | | * call the function and get the next packet. |
265 | | * Otherwise return the packet type to the caller so it |
266 | | * can decide how to go on. |
267 | | * |
268 | | * We will only call the dispatch function for: |
269 | | * 20-29 Algorithm negotiation |
270 | | * 30-49 Key exchange method specific (numbers can be reused for |
271 | | * different authentication methods) |
272 | | */ |
273 | 218k | for (;;) { |
274 | 218k | if ((r = ssh_packet_read_poll2(ssh, &type, &seqnr)) != 0) |
275 | 10.7k | return r; |
276 | 207k | if (type > 0 && type < DISPATCH_MAX && |
277 | 207k | type >= SSH2_MSG_KEXINIT && type <= SSH2_MSG_TRANSPORT_MAX && |
278 | 207k | ssh->dispatch[type] != NULL) { |
279 | 207k | if ((r = (*ssh->dispatch[type])(type, seqnr, ssh)) != 0) |
280 | 9.34k | return r; |
281 | 207k | } else { |
282 | 0 | *typep = type; |
283 | 0 | return 0; |
284 | 0 | } |
285 | 207k | } |
286 | 20.0k | } |
287 | | |
288 | | const u_char * |
289 | | ssh_packet_payload(struct ssh *ssh, size_t *lenp) |
290 | 0 | { |
291 | 0 | return sshpkt_ptr(ssh, lenp); |
292 | 0 | } |
293 | | |
294 | | int |
295 | | ssh_packet_put(struct ssh *ssh, int type, const u_char *data, size_t len) |
296 | 0 | { |
297 | 0 | int r; |
298 | |
|
299 | 0 | if ((r = sshpkt_start(ssh, type)) != 0 || |
300 | 0 | (r = sshpkt_put(ssh, data, len)) != 0 || |
301 | 0 | (r = sshpkt_send(ssh)) != 0) |
302 | 0 | return r; |
303 | 0 | return 0; |
304 | 0 | } |
305 | | |
306 | | const u_char * |
307 | | ssh_output_ptr(struct ssh *ssh, size_t *len) |
308 | 55.1k | { |
309 | 55.1k | struct sshbuf *output = ssh_packet_get_output(ssh); |
310 | | |
311 | 55.1k | *len = sshbuf_len(output); |
312 | 55.1k | return sshbuf_ptr(output); |
313 | 55.1k | } |
314 | | |
315 | | int |
316 | | ssh_output_consume(struct ssh *ssh, size_t len) |
317 | 37.5k | { |
318 | 37.5k | return sshbuf_consume(ssh_packet_get_output(ssh), len); |
319 | 37.5k | } |
320 | | |
321 | | int |
322 | | ssh_output_space(struct ssh *ssh, size_t len) |
323 | 0 | { |
324 | 0 | return (0 == sshbuf_check_reserve(ssh_packet_get_output(ssh), len)); |
325 | 0 | } |
326 | | |
327 | | int |
328 | | ssh_input_space(struct ssh *ssh, size_t len) |
329 | 0 | { |
330 | 0 | return (0 == sshbuf_check_reserve(ssh_packet_get_input(ssh), len)); |
331 | 0 | } |
332 | | |
333 | | /* Read other side's version identification. */ |
334 | | int |
335 | | _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner) |
336 | 70.0k | { |
337 | 70.0k | struct sshbuf *input = ssh_packet_get_input(ssh); |
338 | 70.0k | const char *mismatch = "Protocol mismatch.\r\n"; |
339 | 70.0k | const u_char *s = sshbuf_ptr(input); |
340 | 70.0k | u_char c; |
341 | 70.0k | char *cp = NULL, *remote_version = NULL; |
342 | 70.0k | int r = 0, remote_major, remote_minor, expect_nl; |
343 | 70.0k | size_t n, j; |
344 | | |
345 | 1.72M | for (j = n = 0;;) { |
346 | 1.72M | sshbuf_reset(banner); |
347 | 1.72M | expect_nl = 0; |
348 | 38.5M | for (;;) { |
349 | 38.5M | if (j >= sshbuf_len(input)) |
350 | 35.0k | return 0; /* insufficient data in input buf */ |
351 | 38.5M | c = s[j++]; |
352 | 38.5M | if (c == '\r') { |
353 | 65.9k | expect_nl = 1; |
354 | 65.9k | continue; |
355 | 65.9k | } |
356 | 38.4M | if (c == '\n') |
357 | 1.68M | break; |
358 | 36.8M | if (expect_nl) |
359 | 740 | goto bad; |
360 | 36.8M | if ((r = sshbuf_put_u8(banner, c)) != 0) |
361 | 0 | return r; |
362 | 36.8M | if (sshbuf_len(banner) > SSH_MAX_BANNER_LEN) |
363 | 300 | goto bad; |
364 | 36.8M | } |
365 | 1.68M | if (sshbuf_len(banner) >= 4 && |
366 | 1.68M | memcmp(sshbuf_ptr(banner), "SSH-", 4) == 0) |
367 | 26.4k | break; |
368 | 1.66M | debug_f("%.*s", (int)sshbuf_len(banner), |
369 | 1.66M | sshbuf_ptr(banner)); |
370 | | /* Accept lines before banner only on client */ |
371 | 1.66M | if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) { |
372 | 8.64k | bad: |
373 | 8.64k | if ((r = sshbuf_put(ssh_packet_get_output(ssh), |
374 | 8.64k | mismatch, strlen(mismatch))) != 0) |
375 | 0 | return r; |
376 | 8.64k | return SSH_ERR_NO_PROTOCOL_VERSION; |
377 | 8.64k | } |
378 | 1.66M | } |
379 | 26.4k | if ((r = sshbuf_consume(input, j)) != 0) |
380 | 0 | return r; |
381 | | |
382 | | /* XXX remote version must be the same size as banner for sscanf */ |
383 | 26.4k | if ((cp = sshbuf_dup_string(banner)) == NULL || |
384 | 26.4k | (remote_version = calloc(1, sshbuf_len(banner))) == NULL) { |
385 | 400 | r = SSH_ERR_ALLOC_FAIL; |
386 | 400 | goto out; |
387 | 400 | } |
388 | | |
389 | | /* |
390 | | * Check that the versions match. In future this might accept |
391 | | * several versions and set appropriate flags to handle them. |
392 | | */ |
393 | 26.0k | if (sscanf(cp, "SSH-%d.%d-%[^\n]\n", |
394 | 26.0k | &remote_major, &remote_minor, remote_version) != 3) { |
395 | 400 | r = SSH_ERR_INVALID_FORMAT; |
396 | 400 | goto out; |
397 | 400 | } |
398 | 25.6k | debug("Remote protocol version %d.%d, remote software version %.100s", |
399 | 25.6k | remote_major, remote_minor, remote_version); |
400 | | |
401 | 25.6k | compat_banner(ssh, remote_version); |
402 | 25.6k | if (remote_major == 1 && remote_minor == 99) { |
403 | 120 | remote_major = 2; |
404 | 120 | remote_minor = 0; |
405 | 120 | } |
406 | 25.6k | if (remote_major != 2) |
407 | 5.54k | r = SSH_ERR_PROTOCOL_MISMATCH; |
408 | | |
409 | 25.6k | debug("Remote version string %.100s", cp); |
410 | 26.4k | out: |
411 | 26.4k | free(cp); |
412 | 26.4k | free(remote_version); |
413 | 26.4k | return r; |
414 | 25.6k | } |
415 | | |
416 | | /* Send our own protocol version identification. */ |
417 | | int |
418 | | _ssh_send_banner(struct ssh *ssh, struct sshbuf *banner) |
419 | 46.7k | { |
420 | 46.7k | char *cp; |
421 | 46.7k | int r; |
422 | | |
423 | 46.7k | if ((r = sshbuf_putf(banner, "SSH-2.0-%.100s\r\n", SSH_RELEASE)) != 0) |
424 | 0 | return r; |
425 | 46.7k | if ((r = sshbuf_putb(ssh_packet_get_output(ssh), banner)) != 0) |
426 | 0 | return r; |
427 | | /* Remove trailing \r\n */ |
428 | 46.7k | if ((r = sshbuf_consume_end(banner, 2)) != 0) |
429 | 0 | return r; |
430 | 46.7k | if ((cp = sshbuf_dup_string(banner)) == NULL) |
431 | 0 | return SSH_ERR_ALLOC_FAIL; |
432 | 46.7k | debug("Local version string %.100s", cp); |
433 | 46.7k | free(cp); |
434 | 46.7k | return 0; |
435 | 46.7k | } |
436 | | |
437 | | int |
438 | | _ssh_exchange_banner(struct ssh *ssh) |
439 | 70.0k | { |
440 | 70.0k | struct kex *kex = ssh->kex; |
441 | 70.0k | int r; |
442 | | |
443 | | /* |
444 | | * if _ssh_read_banner() cannot parse a full version string |
445 | | * it will return NULL and we end up calling it again. |
446 | | */ |
447 | | |
448 | 70.0k | r = 0; |
449 | 70.0k | if (kex->server) { |
450 | 52.5k | if (sshbuf_len(ssh->kex->server_version) == 0) |
451 | 35.0k | r = _ssh_send_banner(ssh, ssh->kex->server_version); |
452 | 52.5k | if (r == 0 && |
453 | 52.5k | sshbuf_len(ssh->kex->server_version) != 0 && |
454 | 52.5k | sshbuf_len(ssh->kex->client_version) == 0) |
455 | 52.5k | r = _ssh_read_banner(ssh, ssh->kex->client_version); |
456 | 52.5k | } else { |
457 | 17.5k | if (sshbuf_len(ssh->kex->server_version) == 0) |
458 | 17.5k | r = _ssh_read_banner(ssh, ssh->kex->server_version); |
459 | 17.5k | if (r == 0 && |
460 | 17.5k | sshbuf_len(ssh->kex->server_version) != 0 && |
461 | 17.5k | sshbuf_len(ssh->kex->client_version) == 0) |
462 | 11.7k | r = _ssh_send_banner(ssh, ssh->kex->client_version); |
463 | 17.5k | } |
464 | 70.0k | if (r != 0) |
465 | 14.9k | return r; |
466 | | /* start initial kex as soon as we have exchanged the banners */ |
467 | 55.1k | if (sshbuf_len(ssh->kex->server_version) != 0 && |
468 | 55.1k | sshbuf_len(ssh->kex->client_version) != 0) { |
469 | 20.0k | if ((r = _ssh_order_hostkeyalgs(ssh)) != 0 || |
470 | 20.0k | (r = kex_send_kexinit(ssh)) != 0) |
471 | 0 | return r; |
472 | 20.0k | } |
473 | 55.1k | return 0; |
474 | 55.1k | } |
475 | | |
476 | | struct sshkey * |
477 | | _ssh_host_public_key(int type, int nid, struct ssh *ssh) |
478 | 0 | { |
479 | 0 | struct key_entry *k; |
480 | |
|
481 | 0 | debug3_f("need %d", type); |
482 | 0 | TAILQ_FOREACH(k, &ssh->public_keys, next) { |
483 | 0 | debug3_f("check %s", sshkey_type(k->key)); |
484 | 0 | if (k->key->type == type && |
485 | 0 | (type != KEY_ECDSA || k->key->ecdsa_nid == nid)) |
486 | 0 | return (k->key); |
487 | 0 | } |
488 | 0 | return (NULL); |
489 | 0 | } |
490 | | |
491 | | struct sshkey * |
492 | | _ssh_host_private_key(int type, int nid, struct ssh *ssh) |
493 | 0 | { |
494 | 0 | struct key_entry *k; |
495 | |
|
496 | 0 | debug3_f("need %d", type); |
497 | 0 | TAILQ_FOREACH(k, &ssh->private_keys, next) { |
498 | 0 | debug3_f("check %s", sshkey_type(k->key)); |
499 | 0 | if (k->key->type == type && |
500 | 0 | (type != KEY_ECDSA || k->key->ecdsa_nid == nid)) |
501 | 0 | return (k->key); |
502 | 0 | } |
503 | 0 | return (NULL); |
504 | 0 | } |
505 | | |
506 | | int |
507 | | _ssh_verify_host_key(struct sshkey *hostkey, struct ssh *ssh) |
508 | 0 | { |
509 | 0 | struct key_entry *k; |
510 | |
|
511 | 0 | debug3_f("need %s", sshkey_type(hostkey)); |
512 | 0 | TAILQ_FOREACH(k, &ssh->public_keys, next) { |
513 | 0 | debug3_f("check %s", sshkey_type(k->key)); |
514 | 0 | if (sshkey_equal_public(hostkey, k->key)) |
515 | 0 | return (0); /* ok */ |
516 | 0 | } |
517 | 0 | return (-1); /* failed */ |
518 | 0 | } |
519 | | |
520 | | /* offer hostkey algorithms in kexinit depending on registered keys */ |
521 | | int |
522 | | _ssh_order_hostkeyalgs(struct ssh *ssh) |
523 | 20.0k | { |
524 | 20.0k | struct key_entry *k; |
525 | 20.0k | char *orig, *avail, *oavail = NULL, *alg, *replace = NULL; |
526 | 20.0k | char **proposal; |
527 | 20.0k | size_t maxlen; |
528 | 20.0k | int ktype, r; |
529 | | |
530 | | /* XXX we de-serialize ssh->kex->my, modify it, and change it */ |
531 | 20.0k | if ((r = kex_buf2prop(ssh->kex->my, NULL, &proposal)) != 0) |
532 | 0 | return r; |
533 | 20.0k | orig = proposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; |
534 | 20.0k | if ((oavail = avail = strdup(orig)) == NULL) { |
535 | 0 | r = SSH_ERR_ALLOC_FAIL; |
536 | 0 | goto out; |
537 | 0 | } |
538 | 20.0k | maxlen = strlen(avail) + 1; |
539 | 20.0k | if ((replace = calloc(1, maxlen)) == NULL) { |
540 | 0 | r = SSH_ERR_ALLOC_FAIL; |
541 | 0 | goto out; |
542 | 0 | } |
543 | 20.0k | *replace = '\0'; |
544 | 40.1k | while ((alg = strsep(&avail, ",")) && *alg != '\0') { |
545 | 20.0k | if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC) |
546 | 0 | continue; |
547 | 20.0k | TAILQ_FOREACH(k, &ssh->public_keys, next) { |
548 | 20.0k | if (k->key->type == ktype || |
549 | 20.0k | (sshkey_is_cert(k->key) && k->key->type == |
550 | 20.0k | sshkey_type_plain(ktype))) { |
551 | 20.0k | if (*replace != '\0') |
552 | 0 | strlcat(replace, ",", maxlen); |
553 | 20.0k | strlcat(replace, alg, maxlen); |
554 | 20.0k | break; |
555 | 20.0k | } |
556 | 20.0k | } |
557 | 20.0k | } |
558 | 20.0k | if (*replace != '\0') { |
559 | 20.0k | debug2_f("orig/%d %s", ssh->kex->server, orig); |
560 | 20.0k | debug2_f("replace/%d %s", ssh->kex->server, replace); |
561 | 20.0k | free(orig); |
562 | 20.0k | proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = replace; |
563 | 20.0k | replace = NULL; /* owned by proposal */ |
564 | 20.0k | r = kex_prop2buf(ssh->kex->my, proposal); |
565 | 20.0k | } |
566 | 20.0k | out: |
567 | 20.0k | free(oavail); |
568 | 20.0k | free(replace); |
569 | 20.0k | kex_prop_free(proposal); |
570 | 20.0k | return r; |
571 | 20.0k | } |
572 | | |
573 | | int |
574 | | _ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey, |
575 | | struct sshkey *pubkey, u_char **signature, size_t *slen, |
576 | | const u_char *data, size_t dlen, const char *alg) |
577 | 0 | { |
578 | 0 | return sshkey_sign(privkey, signature, slen, data, dlen, |
579 | 0 | alg, NULL, NULL, ssh->compat); |
580 | 0 | } |