1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 #include "includes.h"
26 #include "dbutil.h"
27 #include "signkey.h"
28 #include "buffer.h"
29 #include "ssh.h"
30
31 /* malloc a new sign_key and set the dss and rsa keys to NULL */
new_sign_key()32 sign_key * new_sign_key() {
33
34 sign_key * ret;
35
36 ret = (sign_key*)m_malloc(sizeof(sign_key));
37 #ifdef DROPBEAR_DSS
38 ret->dsskey = NULL;
39 #endif
40 #ifdef DROPBEAR_RSA
41 ret->rsakey = NULL;
42 #endif
43 return ret;
44
45 }
46
47 /* Returns "ssh-dss" or "ssh-rsa" corresponding to the type. Exits fatally
48 * if the type is invalid */
signkey_name_from_type(int type,int * namelen)49 const char* signkey_name_from_type(int type, int *namelen) {
50
51 #ifdef DROPBEAR_RSA
52 if (type == DROPBEAR_SIGNKEY_RSA) {
53 *namelen = SSH_SIGNKEY_RSA_LEN;
54 return SSH_SIGNKEY_RSA;
55 }
56 #endif
57 #ifdef DROPBEAR_DSS
58 if (type == DROPBEAR_SIGNKEY_DSS) {
59 *namelen = SSH_SIGNKEY_DSS_LEN;
60 return SSH_SIGNKEY_DSS;
61 }
62 #endif
63 dropbear_exit("bad key type %d", type);
64 return NULL; /* notreached */
65 }
66
67 /* Returns DROPBEAR_SIGNKEY_RSA, DROPBEAR_SIGNKEY_DSS,
68 * or DROPBEAR_SIGNKEY_NONE */
signkey_type_from_name(const char * name,int namelen)69 int signkey_type_from_name(const char* name, int namelen) {
70
71 #ifdef DROPBEAR_RSA
72 if (namelen == SSH_SIGNKEY_RSA_LEN
73 && memcmp(name, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN) == 0) {
74 return DROPBEAR_SIGNKEY_RSA;
75 }
76 #endif
77 #ifdef DROPBEAR_DSS
78 if (namelen == SSH_SIGNKEY_DSS_LEN
79 && memcmp(name, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN) == 0) {
80 return DROPBEAR_SIGNKEY_DSS;
81 }
82 #endif
83
84 return DROPBEAR_SIGNKEY_NONE;
85 }
86
87 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
88 * type should be set by the caller to specify the type to read, and
89 * on return is set to the type read (useful when type = _ANY) */
buf_get_pub_key(buffer * buf,sign_key * key,int * type)90 int buf_get_pub_key(buffer *buf, sign_key *key, int *type) {
91
92 unsigned char* ident;
93 unsigned int len;
94 int keytype;
95 int ret = DROPBEAR_FAILURE;
96
97 TRACE(("enter buf_get_pub_key"))
98
99 ident = buf_getstring(buf, &len);
100 keytype = signkey_type_from_name(ident, len);
101 m_free(ident);
102
103 if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) {
104 return DROPBEAR_FAILURE;
105 }
106
107 *type = keytype;
108
109 /* Rewind the buffer back before "ssh-rsa" etc */
110 buf_incrpos(buf, -len - 4);
111
112 #ifdef DROPBEAR_DSS
113 if (keytype == DROPBEAR_SIGNKEY_DSS) {
114 dss_key_free(key->dsskey);
115 key->dsskey = (dss_key*)m_malloc(sizeof(dss_key));
116 ret = buf_get_dss_pub_key(buf, key->dsskey);
117 if (ret == DROPBEAR_FAILURE) {
118 m_free(key->dsskey);
119 }
120 }
121 #endif
122 #ifdef DROPBEAR_RSA
123 if (keytype == DROPBEAR_SIGNKEY_RSA) {
124 rsa_key_free(key->rsakey);
125 key->rsakey = (rsa_key*)m_malloc(sizeof(rsa_key));
126 ret = buf_get_rsa_pub_key(buf, key->rsakey);
127 if (ret == DROPBEAR_FAILURE) {
128 m_free(key->rsakey);
129 }
130 }
131 #endif
132
133 TRACE(("leave buf_get_pub_key"))
134
135 return ret;
136
137 }
138
139 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
140 * type should be set by the caller to specify the type to read, and
141 * on return is set to the type read (useful when type = _ANY) */
buf_get_priv_key(buffer * buf,sign_key * key,int * type)142 int buf_get_priv_key(buffer *buf, sign_key *key, int *type) {
143
144 unsigned char* ident;
145 unsigned int len;
146 int keytype;
147 int ret = DROPBEAR_FAILURE;
148
149 TRACE(("enter buf_get_priv_key"))
150
151 ident = buf_getstring(buf, &len);
152 keytype = signkey_type_from_name(ident, len);
153 m_free(ident);
154
155 if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) {
156 TRACE(("wrong key type: %d %d", *type, keytype))
157 return DROPBEAR_FAILURE;
158 }
159
160 *type = keytype;
161
162 /* Rewind the buffer back before "ssh-rsa" etc */
163 buf_incrpos(buf, -len - 4);
164
165 #ifdef DROPBEAR_DSS
166 if (keytype == DROPBEAR_SIGNKEY_DSS) {
167 dss_key_free(key->dsskey);
168 key->dsskey = (dss_key*)m_malloc(sizeof(dss_key));
169 ret = buf_get_dss_priv_key(buf, key->dsskey);
170 if (ret == DROPBEAR_FAILURE) {
171 m_free(key->dsskey);
172 }
173 }
174 #endif
175 #ifdef DROPBEAR_RSA
176 if (keytype == DROPBEAR_SIGNKEY_RSA) {
177 rsa_key_free(key->rsakey);
178 key->rsakey = (rsa_key*)m_malloc(sizeof(rsa_key));
179 ret = buf_get_rsa_priv_key(buf, key->rsakey);
180 if (ret == DROPBEAR_FAILURE) {
181 m_free(key->rsakey);
182 }
183 }
184 #endif
185
186 TRACE(("leave buf_get_priv_key"))
187
188 return ret;
189
190 }
191
192 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
buf_put_pub_key(buffer * buf,sign_key * key,int type)193 void buf_put_pub_key(buffer* buf, sign_key *key, int type) {
194
195 buffer *pubkeys;
196
197 TRACE(("enter buf_put_pub_key"))
198 pubkeys = buf_new(MAX_PUBKEY_SIZE);
199
200 #ifdef DROPBEAR_DSS
201 if (type == DROPBEAR_SIGNKEY_DSS) {
202 buf_put_dss_pub_key(pubkeys, key->dsskey);
203 }
204 #endif
205 #ifdef DROPBEAR_RSA
206 if (type == DROPBEAR_SIGNKEY_RSA) {
207 buf_put_rsa_pub_key(pubkeys, key->rsakey);
208 }
209 #endif
210 if (pubkeys->len == 0) {
211 dropbear_exit("bad key types in buf_put_pub_key");
212 }
213
214 buf_setpos(pubkeys, 0);
215 buf_putstring(buf, buf_getptr(pubkeys, pubkeys->len),
216 pubkeys->len);
217
218 buf_free(pubkeys);
219 TRACE(("leave buf_put_pub_key"))
220 }
221
222 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
buf_put_priv_key(buffer * buf,sign_key * key,int type)223 void buf_put_priv_key(buffer* buf, sign_key *key, int type) {
224
225 TRACE(("enter buf_put_priv_key"))
226 TRACE(("type is %d", type))
227
228 #ifdef DROPBEAR_DSS
229 if (type == DROPBEAR_SIGNKEY_DSS) {
230 buf_put_dss_priv_key(buf, key->dsskey);
231 TRACE(("leave buf_put_priv_key: dss done"))
232 return;
233 }
234 #endif
235 #ifdef DROPBEAR_RSA
236 if (type == DROPBEAR_SIGNKEY_RSA) {
237 buf_put_rsa_priv_key(buf, key->rsakey);
238 TRACE(("leave buf_put_priv_key: rsa done"))
239 return;
240 }
241 #endif
242 dropbear_exit("bad key types in put pub key");
243 }
244
sign_key_free(sign_key * key)245 void sign_key_free(sign_key *key) {
246
247 TRACE(("enter sign_key_free"))
248
249 #ifdef DROPBEAR_DSS
250 dss_key_free(key->dsskey);
251 key->dsskey = NULL;
252 #endif
253 #ifdef DROPBEAR_RSA
254 rsa_key_free(key->rsakey);
255 key->rsakey = NULL;
256 #endif
257
258 m_free(key);
259 TRACE(("leave sign_key_free"))
260 }
261
hexdig(unsigned char x)262 static char hexdig(unsigned char x) {
263
264 if (x > 0xf)
265 return 'X';
266
267 if (x < 10)
268 return '0' + x;
269 else
270 return 'a' + x - 10;
271 }
272
273 /* Since we're not sure if we'll have md5 or sha1, we present both.
274 * MD5 is used in preference, but sha1 could still be useful */
275 #ifdef DROPBEAR_MD5_HMAC
sign_key_md5_fingerprint(unsigned char * keyblob,unsigned int keybloblen)276 static char * sign_key_md5_fingerprint(unsigned char* keyblob,
277 unsigned int keybloblen) {
278
279 char * ret;
280 hash_state hs;
281 unsigned char hash[MD5_HASH_SIZE];
282 unsigned int i;
283 unsigned int buflen;
284
285 md5_init(&hs);
286
287 /* skip the size int of the string - this is a bit messy */
288 md5_process(&hs, keyblob, keybloblen);
289
290 md5_done(&hs, hash);
291
292 /* "md5 hexfingerprinthere\0", each hex digit is "AB:" etc */
293 buflen = 4 + 3*MD5_HASH_SIZE;
294 ret = (char*)m_malloc(buflen);
295
296 memset(ret, 'Z', buflen);
297 strcpy(ret, "md5 ");
298
299 for (i = 0; i < MD5_HASH_SIZE; i++) {
300 unsigned int pos = 4 + i*3;
301 ret[pos] = hexdig(hash[i] >> 4);
302 ret[pos+1] = hexdig(hash[i] & 0x0f);
303 ret[pos+2] = ':';
304 }
305 ret[buflen-1] = 0x0;
306
307 return ret;
308 }
309
310 #else /* use SHA1 rather than MD5 for fingerprint */
sign_key_sha1_fingerprint(unsigned char * keyblob,unsigned int keybloblen)311 static char * sign_key_sha1_fingerprint(unsigned char* keyblob,
312 unsigned int keybloblen) {
313
314 char * ret;
315 hash_state hs;
316 unsigned char hash[SHA1_HASH_SIZE];
317 unsigned int i;
318 unsigned int buflen;
319
320 sha1_init(&hs);
321
322 /* skip the size int of the string - this is a bit messy */
323 sha1_process(&hs, keyblob, keybloblen);
324
325 sha1_done(&hs, hash);
326
327 /* "sha1 hexfingerprinthere\0", each hex digit is "AB:" etc */
328 buflen = 5 + 3*SHA1_HASH_SIZE;
329 ret = (char*)m_malloc(buflen);
330
331 strcpy(ret, "sha1 ");
332
333 for (i = 0; i < SHA1_HASH_SIZE; i++) {
334 unsigned int pos = 5 + 3*i;
335 ret[pos] = hexdig(hash[i] >> 4);
336 ret[pos+1] = hexdig(hash[i] & 0x0f);
337 ret[pos+2] = ':';
338 }
339 ret[buflen-1] = 0x0;
340
341 return ret;
342 }
343
344 #endif /* MD5/SHA1 switch */
345
346 /* This will return a freshly malloced string, containing a fingerprint
347 * in either sha1 or md5 */
sign_key_fingerprint(unsigned char * keyblob,unsigned int keybloblen)348 char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) {
349
350 #ifdef DROPBEAR_MD5_HMAC
351 return sign_key_md5_fingerprint(keyblob, keybloblen);
352 #else
353 return sign_key_sha1_fingerprint(keyblob, keybloblen);
354 #endif
355 }
356
buf_put_sign(buffer * buf,sign_key * key,int type,const unsigned char * data,unsigned int len)357 void buf_put_sign(buffer* buf, sign_key *key, int type,
358 const unsigned char *data, unsigned int len) {
359
360 buffer *sigblob;
361
362 sigblob = buf_new(MAX_PUBKEY_SIZE);
363
364 #ifdef DROPBEAR_DSS
365 if (type == DROPBEAR_SIGNKEY_DSS) {
366 buf_put_dss_sign(sigblob, key->dsskey, data, len);
367 }
368 #endif
369 #ifdef DROPBEAR_RSA
370 if (type == DROPBEAR_SIGNKEY_RSA) {
371 buf_put_rsa_sign(sigblob, key->rsakey, data, len);
372 }
373 #endif
374 if (sigblob->len == 0) {
375 dropbear_exit("non-matching signing type");
376 }
377
378 buf_setpos(sigblob, 0);
379 buf_putstring(buf, buf_getptr(sigblob, sigblob->len),
380 sigblob->len);
381
382 buf_free(sigblob);
383
384 }
385
386 #ifdef DROPBEAR_SIGNKEY_VERIFY
387 /* Return DROPBEAR_SUCCESS or DROPBEAR_FAILURE.
388 * If FAILURE is returned, the position of
389 * buf is undefined. If SUCCESS is returned, buf will be positioned after the
390 * signature blob */
buf_verify(buffer * buf,sign_key * key,const unsigned char * data,unsigned int len)391 int buf_verify(buffer * buf, sign_key *key, const unsigned char *data,
392 unsigned int len) {
393
394 unsigned int bloblen;
395 unsigned char * ident = NULL;
396 unsigned int identlen = 0;
397
398 TRACE(("enter buf_verify"))
399
400 bloblen = buf_getint(buf);
401 ident = buf_getstring(buf, &identlen);
402
403 #ifdef DROPBEAR_DSS
404 if (bloblen == DSS_SIGNATURE_SIZE &&
405 memcmp(ident, SSH_SIGNKEY_DSS, identlen) == 0) {
406 m_free(ident);
407 if (key->dsskey == NULL) {
408 dropbear_exit("no dss key to verify signature");
409 }
410 return buf_dss_verify(buf, key->dsskey, data, len);
411 }
412 #endif
413
414 #ifdef DROPBEAR_RSA
415 if (memcmp(ident, SSH_SIGNKEY_RSA, identlen) == 0) {
416 m_free(ident);
417 if (key->rsakey == NULL) {
418 dropbear_exit("no rsa key to verify signature");
419 }
420 return buf_rsa_verify(buf, key->rsakey, data, len);
421 }
422 #endif
423
424 m_free(ident);
425 dropbear_exit("non-matching signing type");
426 return DROPBEAR_FAILURE;
427 }
428 #endif /* DROPBEAR_SIGNKEY_VERIFY */
429
430 #ifdef DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
431
432 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE when given a buffer containing
433 * a key, a key, and a type. The buffer is positioned at the start of the
434 * base64 data, and contains no trailing data */
435 /* If fingerprint is non-NULL, it will be set to a malloc()ed fingerprint
436 of the key if it is successfully decoded */
cmp_base64_key(const unsigned char * keyblob,unsigned int keybloblen,const unsigned char * algoname,unsigned int algolen,buffer * line,char ** fingerprint)437 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
438 const unsigned char* algoname, unsigned int algolen,
439 buffer * line, char ** fingerprint) {
440
441 buffer * decodekey = NULL;
442 int ret = DROPBEAR_FAILURE;
443 unsigned int len, filealgolen;
444 unsigned long decodekeylen;
445 unsigned char* filealgo = NULL;
446
447 /* now we have the actual data */
448 len = line->len - line->pos;
449 decodekeylen = len * 2; /* big to be safe */
450 decodekey = buf_new(decodekeylen);
451
452 if (base64_decode(buf_getptr(line, len), len,
453 buf_getwriteptr(decodekey, decodekey->size),
454 &decodekeylen) != CRYPT_OK) {
455 TRACE(("checkpubkey: base64 decode failed"))
456 goto out;
457 }
458 TRACE(("checkpubkey: base64_decode success"))
459 buf_incrlen(decodekey, decodekeylen);
460
461 if (fingerprint) {
462 *fingerprint = sign_key_fingerprint(buf_getptr(decodekey, decodekeylen),
463 decodekeylen);
464 }
465
466 /* compare the keys */
467 if ( ( decodekeylen != keybloblen )
468 || memcmp( buf_getptr(decodekey, decodekey->len),
469 keyblob, decodekey->len) != 0) {
470 TRACE(("checkpubkey: compare failed"))
471 goto out;
472 }
473
474 /* ... and also check that the algo specified and the algo in the key
475 * itself match */
476 filealgolen = buf_getint(decodekey);
477 filealgo = buf_getptr(decodekey, filealgolen);
478 if (filealgolen != algolen || memcmp(filealgo, algoname, algolen) != 0) {
479 TRACE(("checkpubkey: algo match failed"))
480 goto out;
481 }
482
483 /* All checks passed */
484 ret = DROPBEAR_SUCCESS;
485
486 out:
487 buf_free(decodekey);
488 decodekey = NULL;
489 return ret;
490 }
491 #endif
492