1/* $OpenBSD: authfile.c,v 1.111 2015/02/23 16:55:51 djm Exp $ */ 2/* 3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26#include "includes.h" 27 28#include <sys/types.h> 29#include <sys/stat.h> 30#include <sys/uio.h> 31 32#include <errno.h> 33#include <fcntl.h> 34#include <stdio.h> 35#include <stdarg.h> 36#include <stdlib.h> 37#include <string.h> 38#include <unistd.h> 39#include <limits.h> 40 41#include "cipher.h" 42#include "key.h" 43#include "ssh.h" 44#include "log.h" 45#include "authfile.h" 46#include "rsa.h" 47#include "misc.h" 48#include "atomicio.h" 49#include "sshbuf.h" 50#include "ssherr.h" 51#include "krl.h" 52 53#define MAX_KEY_FILE_SIZE (1024 * 1024) 54 55/* Save a key blob to a file */ 56static int 57sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) 58{ 59 int fd, oerrno; 60 61 if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) 62 return SSH_ERR_SYSTEM_ERROR; 63 if (atomicio(vwrite, fd, (u_char *)sshbuf_ptr(keybuf), 64 sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { 65 oerrno = errno; 66 close(fd); 67 unlink(filename); 68 errno = oerrno; 69 return SSH_ERR_SYSTEM_ERROR; 70 } 71 close(fd); 72 return 0; 73} 74 75int 76sshkey_save_private(struct sshkey *key, const char *filename, 77 const char *passphrase, const char *comment, 78 int force_new_format, const char *new_format_cipher, int new_format_rounds) 79{ 80 struct sshbuf *keyblob = NULL; 81 int r; 82 83 if ((keyblob = sshbuf_new()) == NULL) 84 return SSH_ERR_ALLOC_FAIL; 85 if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment, 86 force_new_format, new_format_cipher, new_format_rounds)) != 0) 87 goto out; 88 if ((r = sshkey_save_private_blob(keyblob, filename)) != 0) 89 goto out; 90 r = 0; 91 out: 92 sshbuf_free(keyblob); 93 return r; 94} 95 96/* Load a key from a fd into a buffer */ 97int 98sshkey_load_file(int fd, struct sshbuf *blob) 99{ 100 u_char buf[1024]; 101 size_t len; 102 struct stat st; 103 int r; 104 105 if (fstat(fd, &st) < 0) 106 return SSH_ERR_SYSTEM_ERROR; 107 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && 108 st.st_size > MAX_KEY_FILE_SIZE) 109 return SSH_ERR_INVALID_FORMAT; 110 for (;;) { 111 if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { 112 if (errno == EPIPE) 113 break; 114 r = SSH_ERR_SYSTEM_ERROR; 115 goto out; 116 } 117 if ((r = sshbuf_put(blob, buf, len)) != 0) 118 goto out; 119 if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) { 120 r = SSH_ERR_INVALID_FORMAT; 121 goto out; 122 } 123 } 124 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && 125 st.st_size != (off_t)sshbuf_len(blob)) { 126 r = SSH_ERR_FILE_CHANGED; 127 goto out; 128 } 129 r = 0; 130 131 out: 132 explicit_bzero(buf, sizeof(buf)); 133 if (r != 0) 134 sshbuf_reset(blob); 135 return r; 136} 137 138#ifdef WITH_SSH1 139/* 140 * Loads the public part of the ssh v1 key file. Returns NULL if an error was 141 * encountered (the file does not exist or is not readable), and the key 142 * otherwise. 143 */ 144static int 145sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp) 146{ 147 struct sshbuf *b = NULL; 148 int r; 149 150 *keyp = NULL; 151 if (commentp != NULL) 152 *commentp = NULL; 153 154 if ((b = sshbuf_new()) == NULL) 155 return SSH_ERR_ALLOC_FAIL; 156 if ((r = sshkey_load_file(fd, b)) != 0) 157 goto out; 158 if ((r = sshkey_parse_public_rsa1_fileblob(b, keyp, commentp)) != 0) 159 goto out; 160 r = 0; 161 out: 162 sshbuf_free(b); 163 return r; 164} 165#endif /* WITH_SSH1 */ 166 167/* XXX remove error() calls from here? */ 168int 169sshkey_perm_ok(int fd, const char *filename) 170{ 171 struct stat st; 172 173 if (fstat(fd, &st) < 0) 174 return SSH_ERR_SYSTEM_ERROR; 175 /* 176 * if a key owned by the user is accessed, then we check the 177 * permissions of the file. if the key owned by a different user, 178 * then we don't care. 179 */ 180#ifdef HAVE_CYGWIN 181 if (check_ntsec(filename)) 182#endif 183 if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { 184 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 185 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); 186 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); 187 error("Permissions 0%3.3o for '%s' are too open.", 188 (u_int)st.st_mode & 0777, filename); 189 error("It is recommended that your private key files are NOT accessible by others."); 190 error("This private key will be ignored."); 191 return SSH_ERR_KEY_BAD_PERMISSIONS; 192 } 193 return 0; 194} 195 196/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */ 197int 198sshkey_load_private_type(int type, const char *filename, const char *passphrase, 199 struct sshkey **keyp, char **commentp, int *perm_ok) 200{ 201 int fd, r; 202 203 *keyp = NULL; 204 if (commentp != NULL) 205 *commentp = NULL; 206 207 if ((fd = open(filename, O_RDONLY)) < 0) { 208 if (perm_ok != NULL) 209 *perm_ok = 0; 210 return SSH_ERR_SYSTEM_ERROR; 211 } 212 if (sshkey_perm_ok(fd, filename) != 0) { 213 if (perm_ok != NULL) 214 *perm_ok = 0; 215 r = SSH_ERR_KEY_BAD_PERMISSIONS; 216 goto out; 217 } 218 if (perm_ok != NULL) 219 *perm_ok = 1; 220 221 r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp); 222 out: 223 close(fd); 224 return r; 225} 226 227int 228sshkey_load_private_type_fd(int fd, int type, const char *passphrase, 229 struct sshkey **keyp, char **commentp) 230{ 231 struct sshbuf *buffer = NULL; 232 int r; 233 234 if ((buffer = sshbuf_new()) == NULL) { 235 r = SSH_ERR_ALLOC_FAIL; 236 goto out; 237 } 238 if ((r = sshkey_load_file(fd, buffer)) != 0 || 239 (r = sshkey_parse_private_fileblob_type(buffer, type, 240 passphrase, keyp, commentp)) != 0) 241 goto out; 242 243 /* success */ 244 r = 0; 245 out: 246 if (buffer != NULL) 247 sshbuf_free(buffer); 248 return r; 249} 250 251/* XXX this is almost identical to sshkey_load_private_type() */ 252int 253sshkey_load_private(const char *filename, const char *passphrase, 254 struct sshkey **keyp, char **commentp) 255{ 256 struct sshbuf *buffer = NULL; 257 int r, fd; 258 259 *keyp = NULL; 260 if (commentp != NULL) 261 *commentp = NULL; 262 263 if ((fd = open(filename, O_RDONLY)) < 0) 264 return SSH_ERR_SYSTEM_ERROR; 265 if (sshkey_perm_ok(fd, filename) != 0) { 266 r = SSH_ERR_KEY_BAD_PERMISSIONS; 267 goto out; 268 } 269 270 if ((buffer = sshbuf_new()) == NULL) { 271 r = SSH_ERR_ALLOC_FAIL; 272 goto out; 273 } 274 if ((r = sshkey_load_file(fd, buffer)) != 0 || 275 (r = sshkey_parse_private_fileblob(buffer, passphrase, filename, 276 keyp, commentp)) != 0) 277 goto out; 278 r = 0; 279 out: 280 close(fd); 281 if (buffer != NULL) 282 sshbuf_free(buffer); 283 return r; 284} 285 286static int 287sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) 288{ 289 FILE *f; 290 char line[SSH_MAX_PUBKEY_BYTES]; 291 char *cp; 292 u_long linenum = 0; 293 int r; 294 295 if (commentp != NULL) 296 *commentp = NULL; 297 if ((f = fopen(filename, "r")) == NULL) 298 return SSH_ERR_SYSTEM_ERROR; 299 while (read_keyfile_line(f, filename, line, sizeof(line), 300 &linenum) != -1) { 301 cp = line; 302 switch (*cp) { 303 case '#': 304 case '\n': 305 case '\0': 306 continue; 307 } 308 /* Abort loading if this looks like a private key */ 309 if (strncmp(cp, "-----BEGIN", 10) == 0 || 310 strcmp(cp, "SSH PRIVATE KEY FILE") == 0) 311 break; 312 /* Skip leading whitespace. */ 313 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) 314 ; 315 if (*cp) { 316 if ((r = sshkey_read(k, &cp)) == 0) { 317 cp[strcspn(cp, "\r\n")] = '\0'; 318 if (commentp) { 319 *commentp = strdup(*cp ? 320 cp : filename); 321 if (*commentp == NULL) 322 r = SSH_ERR_ALLOC_FAIL; 323 } 324 fclose(f); 325 return r; 326 } 327 } 328 } 329 fclose(f); 330 return SSH_ERR_INVALID_FORMAT; 331} 332 333/* load public key from ssh v1 private or any pubkey file */ 334int 335sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) 336{ 337 struct sshkey *pub = NULL; 338 char file[PATH_MAX]; 339 int r, fd; 340 341 if (keyp != NULL) 342 *keyp = NULL; 343 if (commentp != NULL) 344 *commentp = NULL; 345 346 /* XXX should load file once and attempt to parse each format */ 347 348 if ((fd = open(filename, O_RDONLY)) < 0) 349 goto skip; 350#ifdef WITH_SSH1 351 /* try rsa1 private key */ 352 r = sshkey_load_public_rsa1(fd, keyp, commentp); 353 close(fd); 354 switch (r) { 355 case SSH_ERR_INTERNAL_ERROR: 356 case SSH_ERR_ALLOC_FAIL: 357 case SSH_ERR_INVALID_ARGUMENT: 358 case SSH_ERR_SYSTEM_ERROR: 359 case 0: 360 return r; 361 } 362#endif /* WITH_SSH1 */ 363 364 /* try ssh2 public key */ 365 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) 366 return SSH_ERR_ALLOC_FAIL; 367 if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { 368 if (keyp != NULL) 369 *keyp = pub; 370 return 0; 371 } 372 sshkey_free(pub); 373 374#ifdef WITH_SSH1 375 /* try rsa1 public key */ 376 if ((pub = sshkey_new(KEY_RSA1)) == NULL) 377 return SSH_ERR_ALLOC_FAIL; 378 if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { 379 if (keyp != NULL) 380 *keyp = pub; 381 return 0; 382 } 383 sshkey_free(pub); 384#endif /* WITH_SSH1 */ 385 386 skip: 387 /* try .pub suffix */ 388 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) 389 return SSH_ERR_ALLOC_FAIL; 390 r = SSH_ERR_ALLOC_FAIL; /* in case strlcpy or strlcat fail */ 391 if ((strlcpy(file, filename, sizeof file) < sizeof(file)) && 392 (strlcat(file, ".pub", sizeof file) < sizeof(file)) && 393 (r = sshkey_try_load_public(pub, file, commentp)) == 0) { 394 if (keyp != NULL) 395 *keyp = pub; 396 return 0; 397 } 398 sshkey_free(pub); 399 400 return r; 401} 402 403/* Load the certificate associated with the named private key */ 404int 405sshkey_load_cert(const char *filename, struct sshkey **keyp) 406{ 407 struct sshkey *pub = NULL; 408 char *file = NULL; 409 int r = SSH_ERR_INTERNAL_ERROR; 410 411 *keyp = NULL; 412 413 if (asprintf(&file, "%s-cert.pub", filename) == -1) 414 return SSH_ERR_ALLOC_FAIL; 415 416 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { 417 goto out; 418 } 419 if ((r = sshkey_try_load_public(pub, file, NULL)) != 0) 420 goto out; 421 422 *keyp = pub; 423 pub = NULL; 424 r = 0; 425 426 out: 427 if (file != NULL) 428 free(file); 429 if (pub != NULL) 430 sshkey_free(pub); 431 return r; 432} 433 434/* Load private key and certificate */ 435int 436sshkey_load_private_cert(int type, const char *filename, const char *passphrase, 437 struct sshkey **keyp, int *perm_ok) 438{ 439 struct sshkey *key = NULL, *cert = NULL; 440 int r; 441 442 *keyp = NULL; 443 444 switch (type) { 445#ifdef WITH_OPENSSL 446 case KEY_RSA: 447 case KEY_DSA: 448 case KEY_ECDSA: 449 case KEY_ED25519: 450#endif /* WITH_OPENSSL */ 451 case KEY_UNSPEC: 452 break; 453 default: 454 return SSH_ERR_KEY_TYPE_UNKNOWN; 455 } 456 457 if ((r = sshkey_load_private_type(type, filename, 458 passphrase, &key, NULL, perm_ok)) != 0 || 459 (r = sshkey_load_cert(filename, &cert)) != 0) 460 goto out; 461 462 /* Make sure the private key matches the certificate */ 463 if (sshkey_equal_public(key, cert) == 0) { 464 r = SSH_ERR_KEY_CERT_MISMATCH; 465 goto out; 466 } 467 468 if ((r = sshkey_to_certified(key, sshkey_cert_is_legacy(cert))) != 0 || 469 (r = sshkey_cert_copy(cert, key)) != 0) 470 goto out; 471 r = 0; 472 *keyp = key; 473 key = NULL; 474 out: 475 if (key != NULL) 476 sshkey_free(key); 477 if (cert != NULL) 478 sshkey_free(cert); 479 return r; 480} 481 482/* 483 * Returns success if the specified "key" is listed in the file "filename", 484 * SSH_ERR_KEY_NOT_FOUND: if the key is not listed or another error. 485 * If "strict_type" is set then the key type must match exactly, 486 * otherwise a comparison that ignores certficiate data is performed. 487 * If "check_ca" is set and "key" is a certificate, then its CA key is 488 * also checked and sshkey_in_file() will return success if either is found. 489 */ 490int 491sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, 492 int check_ca) 493{ 494 FILE *f; 495 char line[SSH_MAX_PUBKEY_BYTES]; 496 char *cp; 497 u_long linenum = 0; 498 int r = 0; 499 struct sshkey *pub = NULL; 500 int (*sshkey_compare)(const struct sshkey *, const struct sshkey *) = 501 strict_type ? sshkey_equal : sshkey_equal_public; 502 503 if ((f = fopen(filename, "r")) == NULL) 504 return SSH_ERR_SYSTEM_ERROR; 505 506 while (read_keyfile_line(f, filename, line, sizeof(line), 507 &linenum) != -1) { 508 cp = line; 509 510 /* Skip leading whitespace. */ 511 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) 512 ; 513 514 /* Skip comments and empty lines */ 515 switch (*cp) { 516 case '#': 517 case '\n': 518 case '\0': 519 continue; 520 } 521 522 if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { 523 r = SSH_ERR_ALLOC_FAIL; 524 goto out; 525 } 526 if ((r = sshkey_read(pub, &cp)) != 0) 527 goto out; 528 if (sshkey_compare(key, pub) || 529 (check_ca && sshkey_is_cert(key) && 530 sshkey_compare(key->cert->signature_key, pub))) { 531 r = 0; 532 goto out; 533 } 534 sshkey_free(pub); 535 pub = NULL; 536 } 537 r = SSH_ERR_KEY_NOT_FOUND; 538 out: 539 if (pub != NULL) 540 sshkey_free(pub); 541 fclose(f); 542 return r; 543} 544 545/* 546 * Checks whether the specified key is revoked, returning 0 if not, 547 * SSH_ERR_KEY_REVOKED if it is or another error code if something 548 * unexpected happened. 549 * This will check both the key and, if it is a certificate, its CA key too. 550 * "revoked_keys_file" may be a KRL or a one-per-line list of public keys. 551 */ 552int 553sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file) 554{ 555 int r; 556 557 r = ssh_krl_file_contains_key(revoked_keys_file, key); 558 /* If this was not a KRL to begin with then continue below */ 559 if (r != SSH_ERR_KRL_BAD_MAGIC) 560 return r; 561 562 /* 563 * If the file is not a KRL or we can't handle KRLs then attempt to 564 * parse the file as a flat list of keys. 565 */ 566 switch ((r = sshkey_in_file(key, revoked_keys_file, 0, 1))) { 567 case 0: 568 /* Key found => revoked */ 569 return SSH_ERR_KEY_REVOKED; 570 case SSH_ERR_KEY_NOT_FOUND: 571 /* Key not found => not revoked */ 572 return 0; 573 default: 574 /* Some other error occurred */ 575 return r; 576 } 577} 578 579