Line | Count | Source (jump to first uncovered line) |
1 | | /* $OpenBSD: ssh_api.c,v 1.32 2024/10/18 05:14:51 djm Exp $ */ |
2 | | /* |
3 | | * Copyright (c) 2012 Markus Friedl. All rights reserved. |
4 | | * |
5 | | * Permission to use, copy, modify, and distribute this software for any |
6 | | * purpose with or without fee is hereby granted, provided that the above |
7 | | * copyright notice and this permission notice appear in all copies. |
8 | | * |
9 | | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
10 | | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
11 | | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
12 | | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
13 | | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
14 | | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
15 | | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | | */ |
17 | | |
18 | | #include "includes.h" |
19 | | |
20 | | #include <sys/types.h> |
21 | | |
22 | | #include <stdio.h> |
23 | | #include <stdlib.h> |
24 | | |
25 | | #include "ssh_api.h" |
26 | | #include "compat.h" |
27 | | #include "log.h" |
28 | | #include "authfile.h" |
29 | | #include "sshkey.h" |
30 | | #include "dh.h" |
31 | | #include "misc.h" |
32 | | #include "ssh2.h" |
33 | | #include "version.h" |
34 | | #include "myproposal.h" |
35 | | #include "ssherr.h" |
36 | | #include "sshbuf.h" |
37 | | |
38 | | #include "openbsd-compat/openssl-compat.h" |
39 | | |
40 | | #include <string.h> |
41 | | |
42 | | int _ssh_exchange_banner(struct ssh *); |
43 | | int _ssh_send_banner(struct ssh *, struct sshbuf *); |
44 | | int _ssh_read_banner(struct ssh *, struct sshbuf *); |
45 | | int _ssh_order_hostkeyalgs(struct ssh *); |
46 | | int _ssh_verify_host_key(struct sshkey *, struct ssh *); |
47 | | struct sshkey *_ssh_host_public_key(int, int, struct ssh *); |
48 | | struct sshkey *_ssh_host_private_key(int, int, struct ssh *); |
49 | | int _ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *, |
50 | | u_char **, size_t *, const u_char *, size_t, const char *); |
51 | | |
52 | | /* |
53 | | * stubs for privsep calls in the server side implementation of kex. |
54 | | */ |
55 | | int mm_sshkey_sign(struct sshkey *, u_char **, u_int *, |
56 | | const u_char *, u_int, const char *, const char *, const char *, u_int); |
57 | | |
58 | | #ifdef WITH_OPENSSL |
59 | | DH *mm_choose_dh(int, int, int); |
60 | | #endif |
61 | | |
62 | | int |
63 | | mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp, |
64 | | const u_char *data, u_int datalen, const char *alg, |
65 | | const char *sk_provider, const char *sk_pin, u_int compat) |
66 | 0 | { |
67 | 0 | size_t slen = 0; |
68 | 0 | int ret; |
69 | |
|
70 | 0 | ret = sshkey_sign(key, sigp, &slen, data, datalen, alg, |
71 | 0 | sk_provider, sk_pin, compat); |
72 | 0 | *lenp = slen; |
73 | 0 | return ret; |
74 | 0 | } |
75 | | |
76 | | #ifdef WITH_OPENSSL |
77 | | DH * |
78 | | mm_choose_dh(int min, int nbits, int max) |
79 | 0 | { |
80 | 0 | return choose_dh(min, nbits, max); |
81 | 0 | } |
82 | | #endif |
83 | | |
84 | | /* API */ |
85 | | |
86 | | int |
87 | | ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) |
88 | 56.4k | { |
89 | 56.4k | char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; |
90 | 56.4k | char *populated[PROPOSAL_MAX]; |
91 | 56.4k | struct ssh *ssh; |
92 | 56.4k | char **proposal; |
93 | 56.4k | static int called; |
94 | 56.4k | int r; |
95 | | |
96 | 56.4k | if (!called) { |
97 | 1 | seed_rng(); |
98 | 1 | called = 1; |
99 | 1 | } |
100 | | |
101 | 56.4k | if ((ssh = ssh_packet_set_connection(NULL, -1, -1)) == NULL) |
102 | 0 | return SSH_ERR_ALLOC_FAIL; |
103 | 56.4k | if (is_server) |
104 | 28.2k | ssh_packet_set_server(ssh); |
105 | | |
106 | | /* Initialize key exchange */ |
107 | 56.4k | proposal = kex_params ? kex_params->proposal : myproposal; |
108 | 56.4k | kex_proposal_populate_entries(ssh, populated, |
109 | 56.4k | proposal[PROPOSAL_KEX_ALGS], |
110 | 56.4k | proposal[PROPOSAL_ENC_ALGS_CTOS], |
111 | 56.4k | proposal[PROPOSAL_MAC_ALGS_CTOS], |
112 | 56.4k | proposal[PROPOSAL_COMP_ALGS_CTOS], |
113 | 56.4k | proposal[PROPOSAL_SERVER_HOST_KEY_ALGS]); |
114 | 56.4k | r = kex_ready(ssh, populated); |
115 | 56.4k | kex_proposal_free_entries(populated); |
116 | 56.4k | if (r != 0) { |
117 | 0 | ssh_free(ssh); |
118 | 0 | return r; |
119 | 0 | } |
120 | | |
121 | 56.4k | ssh->kex->server = is_server; |
122 | 56.4k | if (is_server) { |
123 | 28.2k | #ifdef WITH_OPENSSL |
124 | 28.2k | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server; |
125 | 28.2k | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server; |
126 | 28.2k | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server; |
127 | 28.2k | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server; |
128 | 28.2k | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server; |
129 | 28.2k | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
130 | 28.2k | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
131 | 28.2k | # ifdef OPENSSL_HAS_ECC |
132 | 28.2k | ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_server; |
133 | 28.2k | # endif |
134 | 28.2k | #endif /* WITH_OPENSSL */ |
135 | 28.2k | ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server; |
136 | 28.2k | ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; |
137 | 28.2k | ssh->kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_server; |
138 | 28.2k | ssh->kex->load_host_public_key=&_ssh_host_public_key; |
139 | 28.2k | ssh->kex->load_host_private_key=&_ssh_host_private_key; |
140 | 28.2k | ssh->kex->sign=&_ssh_host_key_sign; |
141 | 28.2k | } else { |
142 | 28.2k | #ifdef WITH_OPENSSL |
143 | 28.2k | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client; |
144 | 28.2k | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client; |
145 | 28.2k | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client; |
146 | 28.2k | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client; |
147 | 28.2k | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client; |
148 | 28.2k | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
149 | 28.2k | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
150 | 28.2k | # ifdef OPENSSL_HAS_ECC |
151 | 28.2k | ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; |
152 | 28.2k | # endif |
153 | 28.2k | #endif /* WITH_OPENSSL */ |
154 | 28.2k | ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; |
155 | 28.2k | ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client; |
156 | 28.2k | ssh->kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_client; |
157 | 28.2k | ssh->kex->verify_host_key =&_ssh_verify_host_key; |
158 | 28.2k | } |
159 | 56.4k | *sshp = ssh; |
160 | 56.4k | return 0; |
161 | 56.4k | } |
162 | | |
163 | | void |
164 | | ssh_free(struct ssh *ssh) |
165 | 56.4k | { |
166 | 56.4k | struct key_entry *k; |
167 | | |
168 | 56.4k | if (ssh == NULL) |
169 | 0 | return; |
170 | | |
171 | | /* |
172 | | * we've only created the public keys variants in case we |
173 | | * are a acting as a server. |
174 | | */ |
175 | 112k | while ((k = TAILQ_FIRST(&ssh->public_keys)) != NULL) { |
176 | 56.4k | TAILQ_REMOVE(&ssh->public_keys, k, next); |
177 | 56.4k | if (ssh->kex && ssh->kex->server) |
178 | 28.2k | sshkey_free(k->key); |
179 | 56.4k | free(k); |
180 | 56.4k | } |
181 | 84.6k | while ((k = TAILQ_FIRST(&ssh->private_keys)) != NULL) { |
182 | 28.2k | TAILQ_REMOVE(&ssh->private_keys, k, next); |
183 | 28.2k | free(k); |
184 | 28.2k | } |
185 | 56.4k | ssh_packet_close(ssh); |
186 | 56.4k | free(ssh); |
187 | 56.4k | } |
188 | | |
189 | | void |
190 | | ssh_set_app_data(struct ssh *ssh, void *app_data) |
191 | 0 | { |
192 | 0 | ssh->app_data = app_data; |
193 | 0 | } |
194 | | |
195 | | void * |
196 | | ssh_get_app_data(struct ssh *ssh) |
197 | 0 | { |
198 | 0 | return ssh->app_data; |
199 | 0 | } |
200 | | |
201 | | /* Returns < 0 on error, 0 otherwise */ |
202 | | int |
203 | | ssh_add_hostkey(struct ssh *ssh, struct sshkey *key) |
204 | 56.4k | { |
205 | 56.4k | struct sshkey *pubkey = NULL; |
206 | 56.4k | struct key_entry *k = NULL, *k_prv = NULL; |
207 | 56.4k | int r; |
208 | | |
209 | 56.4k | if (ssh->kex->server) { |
210 | 28.2k | if ((r = sshkey_from_private(key, &pubkey)) != 0) |
211 | 0 | return r; |
212 | 28.2k | if ((k = malloc(sizeof(*k))) == NULL || |
213 | 28.2k | (k_prv = malloc(sizeof(*k_prv))) == NULL) { |
214 | 0 | free(k); |
215 | 0 | sshkey_free(pubkey); |
216 | 0 | return SSH_ERR_ALLOC_FAIL; |
217 | 0 | } |
218 | 28.2k | k_prv->key = key; |
219 | 28.2k | TAILQ_INSERT_TAIL(&ssh->private_keys, k_prv, next); |
220 | | |
221 | | /* add the public key, too */ |
222 | 28.2k | k->key = pubkey; |
223 | 28.2k | TAILQ_INSERT_TAIL(&ssh->public_keys, k, next); |
224 | 28.2k | r = 0; |
225 | 28.2k | } else { |
226 | 28.2k | if ((k = malloc(sizeof(*k))) == NULL) |
227 | 0 | return SSH_ERR_ALLOC_FAIL; |
228 | 28.2k | k->key = key; |
229 | 28.2k | TAILQ_INSERT_TAIL(&ssh->public_keys, k, next); |
230 | 28.2k | r = 0; |
231 | 28.2k | } |
232 | | |
233 | 56.4k | return r; |
234 | 56.4k | } |
235 | | |
236 | | int |
237 | | ssh_set_verify_host_key_callback(struct ssh *ssh, |
238 | | int (*cb)(struct sshkey *, struct ssh *)) |
239 | 0 | { |
240 | 0 | if (cb == NULL || ssh->kex == NULL) |
241 | 0 | return SSH_ERR_INVALID_ARGUMENT; |
242 | | |
243 | 0 | ssh->kex->verify_host_key = cb; |
244 | |
|
245 | 0 | return 0; |
246 | 0 | } |
247 | | |
248 | | int |
249 | | ssh_input_append(struct ssh *ssh, const u_char *data, size_t len) |
250 | 44.0k | { |
251 | 44.0k | return sshbuf_put(ssh_packet_get_input(ssh), data, len); |
252 | 44.0k | } |
253 | | |
254 | | int |
255 | | ssh_packet_next(struct ssh *ssh, u_char *typep) |
256 | 72.2k | { |
257 | 72.2k | int r; |
258 | 72.2k | u_int32_t seqnr; |
259 | 72.2k | u_char type; |
260 | | |
261 | | /* |
262 | | * Try to read a packet. Return SSH_MSG_NONE if no packet or not |
263 | | * enough data. |
264 | | */ |
265 | 72.2k | *typep = SSH_MSG_NONE; |
266 | 72.2k | if (sshbuf_len(ssh->kex->client_version) == 0 || |
267 | 72.2k | sshbuf_len(ssh->kex->server_version) == 0) |
268 | 56.4k | return _ssh_exchange_banner(ssh); |
269 | | /* |
270 | | * If we enough data and a dispatch function then |
271 | | * call the function and get the next packet. |
272 | | * Otherwise return the packet type to the caller so it |
273 | | * can decide how to go on. |
274 | | * |
275 | | * We will only call the dispatch function for: |
276 | | * 20-29 Algorithm negotiation |
277 | | * 30-49 Key exchange method specific (numbers can be reused for |
278 | | * different authentication methods) |
279 | | */ |
280 | 1.12M | for (;;) { |
281 | 1.12M | if ((r = ssh_packet_read_poll2(ssh, &type, &seqnr)) != 0) |
282 | 8.64k | return r; |
283 | 1.12M | if (type > 0 && type < DISPATCH_MAX && |
284 | 1.12M | type >= SSH2_MSG_KEXINIT && type <= SSH2_MSG_TRANSPORT_MAX && |
285 | 1.12M | ssh->dispatch[type] != NULL) { |
286 | 1.12M | if ((r = (*ssh->dispatch[type])(type, seqnr, ssh)) != 0) |
287 | 7.14k | return r; |
288 | 1.12M | } else { |
289 | 0 | *typep = type; |
290 | 0 | return 0; |
291 | 0 | } |
292 | 1.12M | } |
293 | 15.7k | } |
294 | | |
295 | | const u_char * |
296 | | ssh_packet_payload(struct ssh *ssh, size_t *lenp) |
297 | 0 | { |
298 | 0 | return sshpkt_ptr(ssh, lenp); |
299 | 0 | } |
300 | | |
301 | | int |
302 | | ssh_packet_put(struct ssh *ssh, int type, const u_char *data, size_t len) |
303 | 0 | { |
304 | 0 | int r; |
305 | |
|
306 | 0 | if ((r = sshpkt_start(ssh, type)) != 0 || |
307 | 0 | (r = sshpkt_put(ssh, data, len)) != 0 || |
308 | 0 | (r = sshpkt_send(ssh)) != 0) |
309 | 0 | return r; |
310 | 0 | return 0; |
311 | 0 | } |
312 | | |
313 | | const u_char * |
314 | | ssh_output_ptr(struct ssh *ssh, size_t *len) |
315 | 44.0k | { |
316 | 44.0k | struct sshbuf *output = ssh_packet_get_output(ssh); |
317 | | |
318 | 44.0k | *len = sshbuf_len(output); |
319 | 44.0k | return sshbuf_ptr(output); |
320 | 44.0k | } |
321 | | |
322 | | int |
323 | | ssh_output_consume(struct ssh *ssh, size_t len) |
324 | 29.8k | { |
325 | 29.8k | return sshbuf_consume(ssh_packet_get_output(ssh), len); |
326 | 29.8k | } |
327 | | |
328 | | int |
329 | | ssh_output_space(struct ssh *ssh, size_t len) |
330 | 0 | { |
331 | 0 | return (0 == sshbuf_check_reserve(ssh_packet_get_output(ssh), len)); |
332 | 0 | } |
333 | | |
334 | | int |
335 | | ssh_input_space(struct ssh *ssh, size_t len) |
336 | 0 | { |
337 | 0 | return (0 == sshbuf_check_reserve(ssh_packet_get_input(ssh), len)); |
338 | 0 | } |
339 | | |
340 | | /* Read other side's version identification. */ |
341 | | int |
342 | | _ssh_read_banner(struct ssh *ssh, struct sshbuf *banner) |
343 | 56.4k | { |
344 | 56.4k | struct sshbuf *input = ssh_packet_get_input(ssh); |
345 | 56.4k | const char *mismatch = "Protocol mismatch.\r\n"; |
346 | 56.4k | const u_char *s = sshbuf_ptr(input); |
347 | 56.4k | u_char c; |
348 | 56.4k | char *cp = NULL, *remote_version = NULL; |
349 | 56.4k | int r = 0, remote_major, remote_minor, expect_nl; |
350 | 56.4k | size_t n, j; |
351 | | |
352 | 1.59M | for (j = n = 0;;) { |
353 | 1.59M | sshbuf_reset(banner); |
354 | 1.59M | expect_nl = 0; |
355 | 22.5M | for (;;) { |
356 | 22.5M | if (j >= sshbuf_len(input)) |
357 | 28.2k | return 0; /* insufficient data in input buf */ |
358 | 22.4M | c = s[j++]; |
359 | 22.4M | if (c == '\r') { |
360 | 36.3k | expect_nl = 1; |
361 | 36.3k | continue; |
362 | 36.3k | } |
363 | 22.4M | if (c == '\n') |
364 | 1.56M | break; |
365 | 20.8M | if (expect_nl) |
366 | 795 | goto bad; |
367 | 20.8M | if ((r = sshbuf_put_u8(banner, c)) != 0) |
368 | 0 | return r; |
369 | 20.8M | if (sshbuf_len(banner) > SSH_MAX_BANNER_LEN) |
370 | 360 | goto bad; |
371 | 20.8M | } |
372 | 1.56M | if (sshbuf_len(banner) >= 4 && |
373 | 1.56M | memcmp(sshbuf_ptr(banner), "SSH-", 4) == 0) |
374 | 21.0k | break; |
375 | 1.54M | debug_f("%.*s", (int)sshbuf_len(banner), |
376 | 1.54M | sshbuf_ptr(banner)); |
377 | | /* Accept lines before banner only on client */ |
378 | 1.54M | if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) { |
379 | 7.20k | bad: |
380 | 7.20k | if ((r = sshbuf_put(ssh_packet_get_output(ssh), |
381 | 7.20k | mismatch, strlen(mismatch))) != 0) |
382 | 0 | return r; |
383 | 7.20k | return SSH_ERR_NO_PROTOCOL_VERSION; |
384 | 7.20k | } |
385 | 1.54M | } |
386 | 21.0k | if ((r = sshbuf_consume(input, j)) != 0) |
387 | 0 | return r; |
388 | | |
389 | | /* XXX remote version must be the same size as banner for sscanf */ |
390 | 21.0k | if ((cp = sshbuf_dup_string(banner)) == NULL || |
391 | 21.0k | (remote_version = calloc(1, sshbuf_len(banner))) == NULL) { |
392 | 375 | r = SSH_ERR_ALLOC_FAIL; |
393 | 375 | goto out; |
394 | 375 | } |
395 | | |
396 | | /* |
397 | | * Check that the versions match. In future this might accept |
398 | | * several versions and set appropriate flags to handle them. |
399 | | */ |
400 | 20.6k | if (sscanf(cp, "SSH-%d.%d-%[^\n]\n", |
401 | 20.6k | &remote_major, &remote_minor, remote_version) != 3) { |
402 | 345 | r = SSH_ERR_INVALID_FORMAT; |
403 | 345 | goto out; |
404 | 345 | } |
405 | 20.3k | debug("Remote protocol version %d.%d, remote software version %.100s", |
406 | 20.3k | remote_major, remote_minor, remote_version); |
407 | | |
408 | 20.3k | compat_banner(ssh, remote_version); |
409 | 20.3k | if (remote_major == 1 && remote_minor == 99) { |
410 | 90 | remote_major = 2; |
411 | 90 | remote_minor = 0; |
412 | 90 | } |
413 | 20.3k | if (remote_major != 2) |
414 | 4.53k | r = SSH_ERR_PROTOCOL_MISMATCH; |
415 | | |
416 | 20.3k | debug("Remote version string %.100s", cp); |
417 | 21.0k | out: |
418 | 21.0k | free(cp); |
419 | 21.0k | free(remote_version); |
420 | 21.0k | return r; |
421 | 20.3k | } |
422 | | |
423 | | /* Send our own protocol version identification. */ |
424 | | int |
425 | | _ssh_send_banner(struct ssh *ssh, struct sshbuf *banner) |
426 | 37.0k | { |
427 | 37.0k | char *cp; |
428 | 37.0k | int r; |
429 | | |
430 | 37.0k | if ((r = sshbuf_putf(banner, "SSH-2.0-%.100s\r\n", SSH_RELEASE)) != 0) |
431 | 0 | return r; |
432 | 37.0k | if ((r = sshbuf_putb(ssh_packet_get_output(ssh), banner)) != 0) |
433 | 0 | return r; |
434 | | /* Remove trailing \r\n */ |
435 | 37.0k | if ((r = sshbuf_consume_end(banner, 2)) != 0) |
436 | 0 | return r; |
437 | 37.0k | if ((cp = sshbuf_dup_string(banner)) == NULL) |
438 | 0 | return SSH_ERR_ALLOC_FAIL; |
439 | 37.0k | debug("Local version string %.100s", cp); |
440 | 37.0k | free(cp); |
441 | 37.0k | return 0; |
442 | 37.0k | } |
443 | | |
444 | | int |
445 | | _ssh_exchange_banner(struct ssh *ssh) |
446 | 56.4k | { |
447 | 56.4k | struct kex *kex = ssh->kex; |
448 | 56.4k | int r; |
449 | | |
450 | | /* |
451 | | * if _ssh_read_banner() cannot parse a full version string |
452 | | * it will return NULL and we end up calling it again. |
453 | | */ |
454 | | |
455 | 56.4k | r = 0; |
456 | 56.4k | if (kex->server) { |
457 | 42.3k | if (sshbuf_len(ssh->kex->server_version) == 0) |
458 | 28.2k | r = _ssh_send_banner(ssh, ssh->kex->server_version); |
459 | 42.3k | if (r == 0 && |
460 | 42.3k | sshbuf_len(ssh->kex->server_version) != 0 && |
461 | 42.3k | sshbuf_len(ssh->kex->client_version) == 0) |
462 | 42.3k | r = _ssh_read_banner(ssh, ssh->kex->client_version); |
463 | 42.3k | } else { |
464 | 14.1k | if (sshbuf_len(ssh->kex->server_version) == 0) |
465 | 14.1k | r = _ssh_read_banner(ssh, ssh->kex->server_version); |
466 | 14.1k | if (r == 0 && |
467 | 14.1k | sshbuf_len(ssh->kex->server_version) != 0 && |
468 | 14.1k | sshbuf_len(ssh->kex->client_version) == 0) |
469 | 8.83k | r = _ssh_send_banner(ssh, ssh->kex->client_version); |
470 | 14.1k | } |
471 | 56.4k | if (r != 0) |
472 | 12.4k | return r; |
473 | | /* start initial kex as soon as we have exchanged the banners */ |
474 | 44.0k | if (sshbuf_len(ssh->kex->server_version) != 0 && |
475 | 44.0k | sshbuf_len(ssh->kex->client_version) != 0) { |
476 | 15.7k | if ((r = _ssh_order_hostkeyalgs(ssh)) != 0 || |
477 | 15.7k | (r = kex_send_kexinit(ssh)) != 0) |
478 | 0 | return r; |
479 | 15.7k | } |
480 | 44.0k | return 0; |
481 | 44.0k | } |
482 | | |
483 | | struct sshkey * |
484 | | _ssh_host_public_key(int type, int nid, struct ssh *ssh) |
485 | 0 | { |
486 | 0 | struct key_entry *k; |
487 | |
|
488 | 0 | debug3_f("need %d", type); |
489 | 0 | TAILQ_FOREACH(k, &ssh->public_keys, next) { |
490 | 0 | debug3_f("check %s", sshkey_type(k->key)); |
491 | 0 | if (k->key->type == type && |
492 | 0 | (type != KEY_ECDSA || k->key->ecdsa_nid == nid)) |
493 | 0 | return (k->key); |
494 | 0 | } |
495 | 0 | return (NULL); |
496 | 0 | } |
497 | | |
498 | | struct sshkey * |
499 | | _ssh_host_private_key(int type, int nid, struct ssh *ssh) |
500 | 0 | { |
501 | 0 | struct key_entry *k; |
502 | |
|
503 | 0 | debug3_f("need %d", type); |
504 | 0 | TAILQ_FOREACH(k, &ssh->private_keys, next) { |
505 | 0 | debug3_f("check %s", sshkey_type(k->key)); |
506 | 0 | if (k->key->type == type && |
507 | 0 | (type != KEY_ECDSA || k->key->ecdsa_nid == nid)) |
508 | 0 | return (k->key); |
509 | 0 | } |
510 | 0 | return (NULL); |
511 | 0 | } |
512 | | |
513 | | int |
514 | | _ssh_verify_host_key(struct sshkey *hostkey, struct ssh *ssh) |
515 | 0 | { |
516 | 0 | struct key_entry *k; |
517 | |
|
518 | 0 | debug3_f("need %s", sshkey_type(hostkey)); |
519 | 0 | TAILQ_FOREACH(k, &ssh->public_keys, next) { |
520 | 0 | debug3_f("check %s", sshkey_type(k->key)); |
521 | 0 | if (sshkey_equal_public(hostkey, k->key)) |
522 | 0 | return (0); /* ok */ |
523 | 0 | } |
524 | 0 | return (-1); /* failed */ |
525 | 0 | } |
526 | | |
527 | | /* offer hostkey algorithms in kexinit depending on registered keys */ |
528 | | int |
529 | | _ssh_order_hostkeyalgs(struct ssh *ssh) |
530 | 15.7k | { |
531 | 15.7k | struct key_entry *k; |
532 | 15.7k | char *orig, *avail, *oavail = NULL, *alg, *replace = NULL; |
533 | 15.7k | char **proposal; |
534 | 15.7k | size_t maxlen; |
535 | 15.7k | int ktype, nid, r; |
536 | | |
537 | | /* XXX we de-serialize ssh->kex->my, modify it, and change it */ |
538 | 15.7k | if ((r = kex_buf2prop(ssh->kex->my, NULL, &proposal)) != 0) |
539 | 0 | return r; |
540 | 15.7k | orig = proposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; |
541 | 15.7k | if ((oavail = avail = strdup(orig)) == NULL) { |
542 | 0 | r = SSH_ERR_ALLOC_FAIL; |
543 | 0 | goto out; |
544 | 0 | } |
545 | 15.7k | maxlen = strlen(avail) + 1; |
546 | 15.7k | if ((replace = calloc(1, maxlen)) == NULL) { |
547 | 0 | r = SSH_ERR_ALLOC_FAIL; |
548 | 0 | goto out; |
549 | 0 | } |
550 | 15.7k | *replace = '\0'; |
551 | 31.5k | while ((alg = strsep(&avail, ",")) && *alg != '\0') { |
552 | 15.7k | if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC) |
553 | 0 | continue; |
554 | 15.7k | nid = sshkey_ecdsa_nid_from_name(alg); |
555 | 15.7k | TAILQ_FOREACH(k, &ssh->public_keys, next) { |
556 | 15.7k | if (k->key->type != ktype && |
557 | 15.7k | (!sshkey_is_cert(k->key) || |
558 | 0 | k->key->type != sshkey_type_plain(ktype))) |
559 | 0 | continue; |
560 | 15.7k | if (sshkey_type_plain(k->key->type) == KEY_ECDSA && |
561 | 15.7k | k->key->ecdsa_nid != nid) |
562 | 0 | continue; |
563 | | /* Candidate */ |
564 | 15.7k | if (*replace != '\0') |
565 | 0 | strlcat(replace, ",", maxlen); |
566 | 15.7k | strlcat(replace, alg, maxlen); |
567 | 15.7k | break; |
568 | 15.7k | } |
569 | 15.7k | } |
570 | 15.7k | if (*replace != '\0') { |
571 | 15.7k | debug2_f("orig/%d %s", ssh->kex->server, orig); |
572 | 15.7k | debug2_f("replace/%d %s", ssh->kex->server, replace); |
573 | 15.7k | free(orig); |
574 | 15.7k | proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = replace; |
575 | 15.7k | replace = NULL; /* owned by proposal */ |
576 | 15.7k | r = kex_prop2buf(ssh->kex->my, proposal); |
577 | 15.7k | } |
578 | 15.7k | out: |
579 | 15.7k | free(oavail); |
580 | 15.7k | free(replace); |
581 | 15.7k | kex_prop_free(proposal); |
582 | 15.7k | return r; |
583 | 15.7k | } |
584 | | |
585 | | int |
586 | | _ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey, |
587 | | struct sshkey *pubkey, u_char **signature, size_t *slen, |
588 | | const u_char *data, size_t dlen, const char *alg) |
589 | 0 | { |
590 | 0 | return sshkey_sign(privkey, signature, slen, data, dlen, |
591 | 0 | alg, NULL, NULL, ssh->compat); |
592 | 0 | } |