File: | src/usr.bin/ssh/ssh-keygen/../sshsig.c |
Warning: | line 1115, column 8 Array access (from variable 'principals') results in a null pointer dereference |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: sshsig.c,v 1.27 2022/01/05 04:02:42 djm Exp $ */ | |||
2 | /* | |||
3 | * Copyright (c) 2019 Google LLC | |||
4 | * | |||
5 | * Permission to use, copy, modify, and distribute this software for any | |||
6 | * purpose with or without fee is hereby granted, provided that the above | |||
7 | * copyright notice and this permission notice appear in all copies. | |||
8 | * | |||
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |||
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |||
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |||
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |||
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |||
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |||
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |||
16 | */ | |||
17 | ||||
18 | #include <stdio.h> | |||
19 | #include <stdlib.h> | |||
20 | #include <stdarg.h> | |||
21 | #include <errno(*__errno()).h> | |||
22 | #include <string.h> | |||
23 | #include <unistd.h> | |||
24 | ||||
25 | #include "authfd.h" | |||
26 | #include "authfile.h" | |||
27 | #include "log.h" | |||
28 | #include "misc.h" | |||
29 | #include "sshbuf.h" | |||
30 | #include "sshsig.h" | |||
31 | #include "ssherr.h" | |||
32 | #include "sshkey.h" | |||
33 | #include "match.h" | |||
34 | #include "digest.h" | |||
35 | ||||
36 | #define SIG_VERSION0x01 0x01 | |||
37 | #define MAGIC_PREAMBLE"SSHSIG" "SSHSIG" | |||
38 | #define MAGIC_PREAMBLE_LEN(sizeof("SSHSIG") - 1) (sizeof(MAGIC_PREAMBLE"SSHSIG") - 1) | |||
39 | #define BEGIN_SIGNATURE"-----BEGIN SSH SIGNATURE-----\n" "-----BEGIN SSH SIGNATURE-----\n" | |||
40 | #define END_SIGNATURE"-----END SSH SIGNATURE-----" "-----END SSH SIGNATURE-----" | |||
41 | #define RSA_SIGN_ALG"rsa-sha2-512" "rsa-sha2-512" /* XXX maybe make configurable */ | |||
42 | #define RSA_SIGN_ALLOWED"rsa-sha2-512,rsa-sha2-256" "rsa-sha2-512,rsa-sha2-256" | |||
43 | #define HASHALG_DEFAULT"sha512" "sha512" /* XXX maybe make configurable */ | |||
44 | #define HASHALG_ALLOWED"sha256,sha512" "sha256,sha512" | |||
45 | ||||
46 | int | |||
47 | sshsig_armor(const struct sshbuf *blob, struct sshbuf **out) | |||
48 | { | |||
49 | struct sshbuf *buf = NULL((void *)0); | |||
50 | int r = SSH_ERR_INTERNAL_ERROR-1; | |||
51 | ||||
52 | *out = NULL((void *)0); | |||
53 | ||||
54 | if ((buf = sshbuf_new()) == NULL((void *)0)) { | |||
55 | error_f("sshbuf_new failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 55, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshbuf_new failed" ); | |||
56 | r = SSH_ERR_ALLOC_FAIL-2; | |||
57 | goto out; | |||
58 | } | |||
59 | ||||
60 | if ((r = sshbuf_put(buf, BEGIN_SIGNATURE"-----BEGIN SSH SIGNATURE-----\n", | |||
61 | sizeof(BEGIN_SIGNATURE"-----BEGIN SSH SIGNATURE-----\n")-1)) != 0) { | |||
62 | error_fr(r, "sshbuf_putf")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 62, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "sshbuf_putf"); | |||
63 | goto out; | |||
64 | } | |||
65 | ||||
66 | if ((r = sshbuf_dtob64(blob, buf, 1)) != 0) { | |||
67 | error_fr(r, "base64 encode signature")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 67, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "base64 encode signature" ); | |||
68 | goto out; | |||
69 | } | |||
70 | ||||
71 | if ((r = sshbuf_put(buf, END_SIGNATURE"-----END SSH SIGNATURE-----", | |||
72 | sizeof(END_SIGNATURE"-----END SSH SIGNATURE-----")-1)) != 0 || | |||
73 | (r = sshbuf_put_u8(buf, '\n')) != 0) { | |||
74 | error_fr(r, "sshbuf_put")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 74, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "sshbuf_put"); | |||
75 | goto out; | |||
76 | } | |||
77 | /* success */ | |||
78 | *out = buf; | |||
79 | buf = NULL((void *)0); /* transferred */ | |||
80 | r = 0; | |||
81 | out: | |||
82 | sshbuf_free(buf); | |||
83 | return r; | |||
84 | } | |||
85 | ||||
86 | int | |||
87 | sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out) | |||
88 | { | |||
89 | int r; | |||
90 | size_t eoffset = 0; | |||
91 | struct sshbuf *buf = NULL((void *)0); | |||
92 | struct sshbuf *sbuf = NULL((void *)0); | |||
93 | char *b64 = NULL((void *)0); | |||
94 | ||||
95 | if ((sbuf = sshbuf_fromb(sig)) == NULL((void *)0)) { | |||
96 | error_f("sshbuf_fromb failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 96, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshbuf_fromb failed" ); | |||
97 | return SSH_ERR_ALLOC_FAIL-2; | |||
98 | } | |||
99 | ||||
100 | if ((r = sshbuf_cmp(sbuf, 0, | |||
101 | BEGIN_SIGNATURE"-----BEGIN SSH SIGNATURE-----\n", sizeof(BEGIN_SIGNATURE"-----BEGIN SSH SIGNATURE-----\n")-1)) != 0) { | |||
102 | error("Couldn't parse signature: missing header")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 102, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't parse signature: missing header" ); | |||
103 | goto done; | |||
104 | } | |||
105 | ||||
106 | if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE"-----BEGIN SSH SIGNATURE-----\n")-1)) != 0) { | |||
107 | error_fr(r, "consume")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 107, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "consume"); | |||
108 | goto done; | |||
109 | } | |||
110 | ||||
111 | if ((r = sshbuf_find(sbuf, 0, "\n" END_SIGNATURE"-----END SSH SIGNATURE-----", | |||
112 | sizeof("\n" END_SIGNATURE"-----END SSH SIGNATURE-----")-1, &eoffset)) != 0) { | |||
113 | error("Couldn't parse signature: missing footer")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 113, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't parse signature: missing footer" ); | |||
114 | goto done; | |||
115 | } | |||
116 | ||||
117 | if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) { | |||
118 | error_fr(r, "consume")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 118, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "consume"); | |||
119 | goto done; | |||
120 | } | |||
121 | ||||
122 | if ((b64 = sshbuf_dup_string(sbuf)) == NULL((void *)0)) { | |||
123 | error_f("sshbuf_dup_string failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 123, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshbuf_dup_string failed" ); | |||
124 | r = SSH_ERR_ALLOC_FAIL-2; | |||
125 | goto done; | |||
126 | } | |||
127 | ||||
128 | if ((buf = sshbuf_new()) == NULL((void *)0)) { | |||
129 | error_f("sshbuf_new() failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 129, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshbuf_new() failed" ); | |||
130 | r = SSH_ERR_ALLOC_FAIL-2; | |||
131 | goto done; | |||
132 | } | |||
133 | ||||
134 | if ((r = sshbuf_b64tod(buf, b64)) != 0) { | |||
135 | error_fr(r, "decode base64")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 135, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "decode base64"); | |||
136 | goto done; | |||
137 | } | |||
138 | ||||
139 | /* success */ | |||
140 | *out = buf; | |||
141 | r = 0; | |||
142 | buf = NULL((void *)0); /* transferred */ | |||
143 | done: | |||
144 | sshbuf_free(buf); | |||
145 | sshbuf_free(sbuf); | |||
146 | free(b64); | |||
147 | return r; | |||
148 | } | |||
149 | ||||
150 | static int | |||
151 | sshsig_wrap_sign(struct sshkey *key, const char *hashalg, | |||
152 | const char *sk_provider, const char *sk_pin, const struct sshbuf *h_message, | |||
153 | const char *sig_namespace, struct sshbuf **out, | |||
154 | sshsig_signer *signer, void *signer_ctx) | |||
155 | { | |||
156 | int r; | |||
157 | size_t slen = 0; | |||
158 | u_char *sig = NULL((void *)0); | |||
159 | struct sshbuf *blob = NULL((void *)0); | |||
160 | struct sshbuf *tosign = NULL((void *)0); | |||
161 | const char *sign_alg = NULL((void *)0); | |||
162 | ||||
163 | if ((tosign = sshbuf_new()) == NULL((void *)0) || | |||
164 | (blob = sshbuf_new()) == NULL((void *)0)) { | |||
165 | error_f("sshbuf_new failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 165, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshbuf_new failed" ); | |||
166 | r = SSH_ERR_ALLOC_FAIL-2; | |||
167 | goto done; | |||
168 | } | |||
169 | ||||
170 | if ((r = sshbuf_put(tosign, MAGIC_PREAMBLE"SSHSIG", MAGIC_PREAMBLE_LEN(sizeof("SSHSIG") - 1))) != 0 || | |||
171 | (r = sshbuf_put_cstring(tosign, sig_namespace)) != 0 || | |||
172 | (r = sshbuf_put_string(tosign, NULL((void *)0), 0)) != 0 || /* reserved */ | |||
173 | (r = sshbuf_put_cstring(tosign, hashalg)) != 0 || | |||
174 | (r = sshbuf_put_stringb(tosign, h_message)) != 0) { | |||
175 | error_fr(r, "assemble message to sign")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 175, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "assemble message to sign" ); | |||
176 | goto done; | |||
177 | } | |||
178 | ||||
179 | /* If using RSA keys then default to a good signature algorithm */ | |||
180 | if (sshkey_type_plain(key->type) == KEY_RSA) | |||
181 | sign_alg = RSA_SIGN_ALG"rsa-sha2-512"; | |||
182 | ||||
183 | if (signer != NULL((void *)0)) { | |||
184 | if ((r = signer(key, &sig, &slen, | |||
185 | sshbuf_ptr(tosign), sshbuf_len(tosign), | |||
186 | sign_alg, sk_provider, sk_pin, 0, signer_ctx)) != 0) { | |||
187 | error_r(r, "Couldn't sign message (signer)")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 187, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Couldn't sign message (signer)" ); | |||
188 | goto done; | |||
189 | } | |||
190 | } else { | |||
191 | if ((r = sshkey_sign(key, &sig, &slen, | |||
192 | sshbuf_ptr(tosign), sshbuf_len(tosign), | |||
193 | sign_alg, sk_provider, sk_pin, 0)) != 0) { | |||
194 | error_r(r, "Couldn't sign message")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 194, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Couldn't sign message" ); | |||
195 | goto done; | |||
196 | } | |||
197 | } | |||
198 | ||||
199 | if ((r = sshbuf_put(blob, MAGIC_PREAMBLE"SSHSIG", MAGIC_PREAMBLE_LEN(sizeof("SSHSIG") - 1))) != 0 || | |||
200 | (r = sshbuf_put_u32(blob, SIG_VERSION0x01)) != 0 || | |||
201 | (r = sshkey_puts(key, blob)) != 0 || | |||
202 | (r = sshbuf_put_cstring(blob, sig_namespace)) != 0 || | |||
203 | (r = sshbuf_put_string(blob, NULL((void *)0), 0)) != 0 || /* reserved */ | |||
204 | (r = sshbuf_put_cstring(blob, hashalg)) != 0 || | |||
205 | (r = sshbuf_put_string(blob, sig, slen)) != 0) { | |||
206 | error_fr(r, "assemble signature object")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 206, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "assemble signature object" ); | |||
207 | goto done; | |||
208 | } | |||
209 | ||||
210 | if (out != NULL((void *)0)) { | |||
211 | *out = blob; | |||
212 | blob = NULL((void *)0); | |||
213 | } | |||
214 | r = 0; | |||
215 | done: | |||
216 | free(sig); | |||
217 | sshbuf_free(blob); | |||
218 | sshbuf_free(tosign); | |||
219 | return r; | |||
220 | } | |||
221 | ||||
222 | /* Check preamble and version. */ | |||
223 | static int | |||
224 | sshsig_parse_preamble(struct sshbuf *buf) | |||
225 | { | |||
226 | int r = SSH_ERR_INTERNAL_ERROR-1; | |||
227 | uint32_t sversion; | |||
228 | ||||
229 | if ((r = sshbuf_cmp(buf, 0, MAGIC_PREAMBLE"SSHSIG", MAGIC_PREAMBLE_LEN(sizeof("SSHSIG") - 1))) != 0 || | |||
230 | (r = sshbuf_consume(buf, (sizeof(MAGIC_PREAMBLE"SSHSIG")-1))) != 0 || | |||
231 | (r = sshbuf_get_u32(buf, &sversion)) != 0) { | |||
232 | error("Couldn't verify signature: invalid format")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 232, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't verify signature: invalid format" ); | |||
233 | return r; | |||
234 | } | |||
235 | ||||
236 | if (sversion > SIG_VERSION0x01) { | |||
237 | error("Signature version %lu is larger than supported "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 238, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Signature version %lu is larger than supported " "version %u", (unsigned long)sversion, 0x01) | |||
238 | "version %u", (unsigned long)sversion, SIG_VERSION)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 238, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Signature version %lu is larger than supported " "version %u", (unsigned long)sversion, 0x01); | |||
239 | return SSH_ERR_INVALID_FORMAT-4; | |||
240 | } | |||
241 | return 0; | |||
242 | } | |||
243 | ||||
244 | static int | |||
245 | sshsig_check_hashalg(const char *hashalg) | |||
246 | { | |||
247 | if (hashalg == NULL((void *)0) || | |||
248 | match_pattern_list(hashalg, HASHALG_ALLOWED"sha256,sha512", 0) == 1) | |||
249 | return 0; | |||
250 | error_f("unsupported hash algorithm \"%.100s\"", hashalg)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 250, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "unsupported hash algorithm \"%.100s\"" , hashalg); | |||
251 | return SSH_ERR_SIGN_ALG_UNSUPPORTED-58; | |||
252 | } | |||
253 | ||||
254 | static int | |||
255 | sshsig_peek_hashalg(struct sshbuf *signature, char **hashalgp) | |||
256 | { | |||
257 | struct sshbuf *buf = NULL((void *)0); | |||
258 | char *hashalg = NULL((void *)0); | |||
259 | int r = SSH_ERR_INTERNAL_ERROR-1; | |||
260 | ||||
261 | if (hashalgp != NULL((void *)0)) | |||
262 | *hashalgp = NULL((void *)0); | |||
263 | if ((buf = sshbuf_fromb(signature)) == NULL((void *)0)) | |||
264 | return SSH_ERR_ALLOC_FAIL-2; | |||
265 | if ((r = sshsig_parse_preamble(buf)) != 0) | |||
266 | goto done; | |||
267 | if ((r = sshbuf_get_string_direct(buf, NULL((void *)0), NULL((void *)0))) != 0 || | |||
268 | (r = sshbuf_get_string_direct(buf, NULL((void *)0), NULL((void *)0))) != 0 || | |||
269 | (r = sshbuf_get_string(buf, NULL((void *)0), NULL((void *)0))) != 0 || | |||
270 | (r = sshbuf_get_cstring(buf, &hashalg, NULL((void *)0))) != 0 || | |||
271 | (r = sshbuf_get_string_direct(buf, NULL((void *)0), NULL((void *)0))) != 0) { | |||
272 | error_fr(r, "parse signature object")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 272, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "parse signature object" ); | |||
273 | goto done; | |||
274 | } | |||
275 | ||||
276 | /* success */ | |||
277 | r = 0; | |||
278 | *hashalgp = hashalg; | |||
279 | hashalg = NULL((void *)0); | |||
280 | done: | |||
281 | free(hashalg); | |||
282 | sshbuf_free(buf); | |||
283 | return r; | |||
284 | } | |||
285 | ||||
286 | static int | |||
287 | sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, | |||
288 | const struct sshbuf *h_message, const char *expect_namespace, | |||
289 | struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details) | |||
290 | { | |||
291 | int r = SSH_ERR_INTERNAL_ERROR-1; | |||
292 | struct sshbuf *buf = NULL((void *)0), *toverify = NULL((void *)0); | |||
293 | struct sshkey *key = NULL((void *)0); | |||
294 | const u_char *sig; | |||
295 | char *got_namespace = NULL((void *)0), *sigtype = NULL((void *)0), *sig_hashalg = NULL((void *)0); | |||
296 | size_t siglen; | |||
297 | ||||
298 | debug_f("verify message length %zu", sshbuf_len(h_message))sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 298, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "verify message length %zu" , sshbuf_len(h_message)); | |||
299 | if (sig_details != NULL((void *)0)) | |||
300 | *sig_details = NULL((void *)0); | |||
301 | if (sign_keyp != NULL((void *)0)) | |||
302 | *sign_keyp = NULL((void *)0); | |||
303 | ||||
304 | if ((toverify = sshbuf_new()) == NULL((void *)0)) { | |||
305 | error_f("sshbuf_new failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 305, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshbuf_new failed" ); | |||
306 | r = SSH_ERR_ALLOC_FAIL-2; | |||
307 | goto done; | |||
308 | } | |||
309 | if ((r = sshbuf_put(toverify, MAGIC_PREAMBLE"SSHSIG", | |||
310 | MAGIC_PREAMBLE_LEN(sizeof("SSHSIG") - 1))) != 0 || | |||
311 | (r = sshbuf_put_cstring(toverify, expect_namespace)) != 0 || | |||
312 | (r = sshbuf_put_string(toverify, NULL((void *)0), 0)) != 0 || /* reserved */ | |||
313 | (r = sshbuf_put_cstring(toverify, hashalg)) != 0 || | |||
314 | (r = sshbuf_put_stringb(toverify, h_message)) != 0) { | |||
315 | error_fr(r, "assemble message to verify")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 315, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "assemble message to verify" ); | |||
316 | goto done; | |||
317 | } | |||
318 | ||||
319 | if ((r = sshsig_parse_preamble(signature)) != 0) | |||
320 | goto done; | |||
321 | ||||
322 | if ((r = sshkey_froms(signature, &key)) != 0 || | |||
323 | (r = sshbuf_get_cstring(signature, &got_namespace, NULL((void *)0))) != 0 || | |||
324 | (r = sshbuf_get_string(signature, NULL((void *)0), NULL((void *)0))) != 0 || | |||
325 | (r = sshbuf_get_cstring(signature, &sig_hashalg, NULL((void *)0))) != 0 || | |||
326 | (r = sshbuf_get_string_direct(signature, &sig, &siglen)) != 0) { | |||
327 | error_fr(r, "parse signature object")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 327, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "parse signature object" ); | |||
328 | goto done; | |||
329 | } | |||
330 | ||||
331 | if (sshbuf_len(signature) != 0) { | |||
332 | error("Signature contains trailing data")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 332, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Signature contains trailing data" ); | |||
333 | r = SSH_ERR_INVALID_FORMAT-4; | |||
334 | goto done; | |||
335 | } | |||
336 | ||||
337 | if (strcmp(expect_namespace, got_namespace) != 0) { | |||
338 | error("Couldn't verify signature: namespace does not match")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 338, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't verify signature: namespace does not match" ); | |||
339 | debug_f("expected namespace \"%s\" received \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 340, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "expected namespace \"%s\" received \"%s\"" , expect_namespace, got_namespace) | |||
340 | expect_namespace, got_namespace)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 340, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "expected namespace \"%s\" received \"%s\"" , expect_namespace, got_namespace); | |||
341 | r = SSH_ERR_SIGNATURE_INVALID-21; | |||
342 | goto done; | |||
343 | } | |||
344 | if (strcmp(hashalg, sig_hashalg) != 0) { | |||
345 | error("Couldn't verify signature: hash algorithm mismatch")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 345, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't verify signature: hash algorithm mismatch" ); | |||
346 | debug_f("expected algorithm \"%s\" received \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 347, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "expected algorithm \"%s\" received \"%s\"" , hashalg, sig_hashalg) | |||
347 | hashalg, sig_hashalg)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 347, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "expected algorithm \"%s\" received \"%s\"" , hashalg, sig_hashalg); | |||
348 | r = SSH_ERR_SIGNATURE_INVALID-21; | |||
349 | goto done; | |||
350 | } | |||
351 | /* Ensure that RSA keys use an acceptable signature algorithm */ | |||
352 | if (sshkey_type_plain(key->type) == KEY_RSA) { | |||
353 | if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) { | |||
354 | error_r(r, "Couldn't verify signature: unable to get "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 355, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Couldn't verify signature: unable to get " "signature type") | |||
355 | "signature type")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 355, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Couldn't verify signature: unable to get " "signature type"); | |||
356 | goto done; | |||
357 | } | |||
358 | if (match_pattern_list(sigtype, RSA_SIGN_ALLOWED"rsa-sha2-512,rsa-sha2-256", 0) != 1) { | |||
359 | error("Couldn't verify signature: unsupported RSA "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 360, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't verify signature: unsupported RSA " "signature algorithm %s", sigtype) | |||
360 | "signature algorithm %s", sigtype)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 360, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't verify signature: unsupported RSA " "signature algorithm %s", sigtype); | |||
361 | r = SSH_ERR_SIGN_ALG_UNSUPPORTED-58; | |||
362 | goto done; | |||
363 | } | |||
364 | } | |||
365 | if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), | |||
366 | sshbuf_len(toverify), NULL((void *)0), 0, sig_details)) != 0) { | |||
367 | error_r(r, "Signature verification failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 367, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Signature verification failed" ); | |||
368 | goto done; | |||
369 | } | |||
370 | ||||
371 | /* success */ | |||
372 | r = 0; | |||
373 | if (sign_keyp != NULL((void *)0)) { | |||
374 | *sign_keyp = key; | |||
375 | key = NULL((void *)0); /* transferred */ | |||
376 | } | |||
377 | done: | |||
378 | free(got_namespace); | |||
379 | free(sigtype); | |||
380 | free(sig_hashalg); | |||
381 | sshbuf_free(buf); | |||
382 | sshbuf_free(toverify); | |||
383 | sshkey_free(key); | |||
384 | return r; | |||
385 | } | |||
386 | ||||
387 | static int | |||
388 | hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp) | |||
389 | { | |||
390 | char *hex, hash[SSH_DIGEST_MAX_LENGTH64]; | |||
391 | int alg, r = SSH_ERR_INTERNAL_ERROR-1; | |||
392 | struct sshbuf *b = NULL((void *)0); | |||
393 | ||||
394 | *bp = NULL((void *)0); | |||
395 | memset(hash, 0, sizeof(hash)); | |||
396 | ||||
397 | if ((r = sshsig_check_hashalg(hashalg)) != 0) | |||
398 | return r; | |||
399 | if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { | |||
400 | error_f("can't look up hash algorithm %s", hashalg)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 400, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "can't look up hash algorithm %s" , hashalg); | |||
401 | return SSH_ERR_INTERNAL_ERROR-1; | |||
402 | } | |||
403 | if ((r = ssh_digest_buffer(alg, m, hash, sizeof(hash))) != 0) { | |||
404 | error_fr(r, "ssh_digest_buffer")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 404, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "ssh_digest_buffer" ); | |||
405 | return r; | |||
406 | } | |||
407 | if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL((void *)0)) { | |||
408 | debug3_f("final hash: %s", hex)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 408, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "final hash: %s", hex); | |||
409 | freezero(hex, strlen(hex)); | |||
410 | } | |||
411 | if ((b = sshbuf_new()) == NULL((void *)0)) { | |||
412 | r = SSH_ERR_ALLOC_FAIL-2; | |||
413 | goto out; | |||
414 | } | |||
415 | if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) { | |||
416 | error_fr(r, "sshbuf_put")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 416, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "sshbuf_put"); | |||
417 | goto out; | |||
418 | } | |||
419 | *bp = b; | |||
420 | b = NULL((void *)0); /* transferred */ | |||
421 | /* success */ | |||
422 | r = 0; | |||
423 | out: | |||
424 | sshbuf_free(b); | |||
425 | explicit_bzero(hash, sizeof(hash)); | |||
426 | return r; | |||
427 | } | |||
428 | ||||
429 | int | |||
430 | sshsig_signb(struct sshkey *key, const char *hashalg, | |||
431 | const char *sk_provider, const char *sk_pin, | |||
432 | const struct sshbuf *message, const char *sig_namespace, | |||
433 | struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) | |||
434 | { | |||
435 | struct sshbuf *b = NULL((void *)0); | |||
436 | int r = SSH_ERR_INTERNAL_ERROR-1; | |||
437 | ||||
438 | if (hashalg == NULL((void *)0)) | |||
439 | hashalg = HASHALG_DEFAULT"sha512"; | |||
440 | if (out != NULL((void *)0)) | |||
441 | *out = NULL((void *)0); | |||
442 | if ((r = hash_buffer(message, hashalg, &b)) != 0) { | |||
443 | error_fr(r, "hash buffer")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 443, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hash buffer"); | |||
444 | goto out; | |||
445 | } | |||
446 | if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b, | |||
447 | sig_namespace, out, signer, signer_ctx)) != 0) | |||
448 | goto out; | |||
449 | /* success */ | |||
450 | r = 0; | |||
451 | out: | |||
452 | sshbuf_free(b); | |||
453 | return r; | |||
454 | } | |||
455 | ||||
456 | int | |||
457 | sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message, | |||
458 | const char *expect_namespace, struct sshkey **sign_keyp, | |||
459 | struct sshkey_sig_details **sig_details) | |||
460 | { | |||
461 | struct sshbuf *b = NULL((void *)0); | |||
462 | int r = SSH_ERR_INTERNAL_ERROR-1; | |||
463 | char *hashalg = NULL((void *)0); | |||
464 | ||||
465 | if (sig_details != NULL((void *)0)) | |||
466 | *sig_details = NULL((void *)0); | |||
467 | if (sign_keyp != NULL((void *)0)) | |||
468 | *sign_keyp = NULL((void *)0); | |||
469 | if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) | |||
470 | return r; | |||
471 | debug_f("signature made with hash \"%s\"", hashalg)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 471, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "signature made with hash \"%s\"" , hashalg); | |||
472 | if ((r = hash_buffer(message, hashalg, &b)) != 0) { | |||
473 | error_fr(r, "hash buffer")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 473, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hash buffer"); | |||
474 | goto out; | |||
475 | } | |||
476 | if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, | |||
477 | sign_keyp, sig_details)) != 0) | |||
478 | goto out; | |||
479 | /* success */ | |||
480 | r = 0; | |||
481 | out: | |||
482 | sshbuf_free(b); | |||
483 | free(hashalg); | |||
484 | return r; | |||
485 | } | |||
486 | ||||
487 | static int | |||
488 | hash_file(int fd, const char *hashalg, struct sshbuf **bp) | |||
489 | { | |||
490 | char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH64]; | |||
491 | ssize_t n, total = 0; | |||
492 | struct ssh_digest_ctx *ctx; | |||
493 | int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR-1; | |||
494 | struct sshbuf *b = NULL((void *)0); | |||
495 | ||||
496 | *bp = NULL((void *)0); | |||
497 | memset(hash, 0, sizeof(hash)); | |||
498 | ||||
499 | if ((r = sshsig_check_hashalg(hashalg)) != 0) | |||
500 | return r; | |||
501 | if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { | |||
502 | error_f("can't look up hash algorithm %s", hashalg)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 502, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "can't look up hash algorithm %s" , hashalg); | |||
503 | return SSH_ERR_INTERNAL_ERROR-1; | |||
504 | } | |||
505 | if ((ctx = ssh_digest_start(alg)) == NULL((void *)0)) { | |||
506 | error_f("ssh_digest_start failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 506, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "ssh_digest_start failed" ); | |||
507 | return SSH_ERR_INTERNAL_ERROR-1; | |||
508 | } | |||
509 | for (;;) { | |||
510 | if ((n = read(fd, rbuf, sizeof(rbuf))) == -1) { | |||
511 | if (errno(*__errno()) == EINTR4 || errno(*__errno()) == EAGAIN35) | |||
512 | continue; | |||
513 | oerrno = errno(*__errno()); | |||
514 | error_f("read: %s", strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 514, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "read: %s", strerror ((*__errno()))); | |||
515 | ssh_digest_free(ctx); | |||
516 | errno(*__errno()) = oerrno; | |||
517 | r = SSH_ERR_SYSTEM_ERROR-24; | |||
518 | goto out; | |||
519 | } else if (n == 0) { | |||
520 | debug2_f("hashed %zu bytes", total)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 520, 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "hashed %zu bytes" , total); | |||
521 | break; /* EOF */ | |||
522 | } | |||
523 | total += (size_t)n; | |||
524 | if ((r = ssh_digest_update(ctx, rbuf, (size_t)n)) != 0) { | |||
525 | error_fr(r, "ssh_digest_update")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 525, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "ssh_digest_update" ); | |||
526 | goto out; | |||
527 | } | |||
528 | } | |||
529 | if ((r = ssh_digest_final(ctx, hash, sizeof(hash))) != 0) { | |||
530 | error_fr(r, "ssh_digest_final")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 530, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "ssh_digest_final"); | |||
531 | goto out; | |||
532 | } | |||
533 | if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL((void *)0)) { | |||
534 | debug3_f("final hash: %s", hex)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 534, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "final hash: %s", hex); | |||
535 | freezero(hex, strlen(hex)); | |||
536 | } | |||
537 | if ((b = sshbuf_new()) == NULL((void *)0)) { | |||
538 | r = SSH_ERR_ALLOC_FAIL-2; | |||
539 | goto out; | |||
540 | } | |||
541 | if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) { | |||
542 | error_fr(r, "sshbuf_put")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 542, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "sshbuf_put"); | |||
543 | goto out; | |||
544 | } | |||
545 | *bp = b; | |||
546 | b = NULL((void *)0); /* transferred */ | |||
547 | /* success */ | |||
548 | r = 0; | |||
549 | out: | |||
550 | sshbuf_free(b); | |||
551 | ssh_digest_free(ctx); | |||
552 | explicit_bzero(hash, sizeof(hash)); | |||
553 | return r; | |||
554 | } | |||
555 | ||||
556 | int | |||
557 | sshsig_sign_fd(struct sshkey *key, const char *hashalg, | |||
558 | const char *sk_provider, const char *sk_pin, | |||
559 | int fd, const char *sig_namespace, struct sshbuf **out, | |||
560 | sshsig_signer *signer, void *signer_ctx) | |||
561 | { | |||
562 | struct sshbuf *b = NULL((void *)0); | |||
563 | int r = SSH_ERR_INTERNAL_ERROR-1; | |||
564 | ||||
565 | if (hashalg == NULL((void *)0)) | |||
566 | hashalg = HASHALG_DEFAULT"sha512"; | |||
567 | if (out != NULL((void *)0)) | |||
568 | *out = NULL((void *)0); | |||
569 | if ((r = hash_file(fd, hashalg, &b)) != 0) { | |||
570 | error_fr(r, "hash_file")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 570, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hash_file"); | |||
571 | return r; | |||
572 | } | |||
573 | if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b, | |||
574 | sig_namespace, out, signer, signer_ctx)) != 0) | |||
575 | goto out; | |||
576 | /* success */ | |||
577 | r = 0; | |||
578 | out: | |||
579 | sshbuf_free(b); | |||
580 | return r; | |||
581 | } | |||
582 | ||||
583 | int | |||
584 | sshsig_verify_fd(struct sshbuf *signature, int fd, | |||
585 | const char *expect_namespace, struct sshkey **sign_keyp, | |||
586 | struct sshkey_sig_details **sig_details) | |||
587 | { | |||
588 | struct sshbuf *b = NULL((void *)0); | |||
589 | int r = SSH_ERR_INTERNAL_ERROR-1; | |||
590 | char *hashalg = NULL((void *)0); | |||
591 | ||||
592 | if (sig_details != NULL((void *)0)) | |||
593 | *sig_details = NULL((void *)0); | |||
594 | if (sign_keyp != NULL((void *)0)) | |||
595 | *sign_keyp = NULL((void *)0); | |||
596 | if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) | |||
597 | return r; | |||
598 | debug_f("signature made with hash \"%s\"", hashalg)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 598, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "signature made with hash \"%s\"" , hashalg); | |||
599 | if ((r = hash_file(fd, hashalg, &b)) != 0) { | |||
600 | error_fr(r, "hash_file")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 600, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hash_file"); | |||
601 | goto out; | |||
602 | } | |||
603 | if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, | |||
604 | sign_keyp, sig_details)) != 0) | |||
605 | goto out; | |||
606 | /* success */ | |||
607 | r = 0; | |||
608 | out: | |||
609 | sshbuf_free(b); | |||
610 | free(hashalg); | |||
611 | return r; | |||
612 | } | |||
613 | ||||
614 | struct sshsigopt { | |||
615 | int ca; | |||
616 | char *namespaces; | |||
617 | uint64_t valid_after, valid_before; | |||
618 | }; | |||
619 | ||||
620 | struct sshsigopt * | |||
621 | sshsigopt_parse(const char *opts, const char *path, u_long linenum, | |||
622 | const char **errstrp) | |||
623 | { | |||
624 | struct sshsigopt *ret; | |||
625 | int r; | |||
626 | char *opt; | |||
627 | const char *errstr = NULL((void *)0); | |||
628 | ||||
629 | if ((ret = calloc(1, sizeof(*ret))) == NULL((void *)0)) | |||
630 | return NULL((void *)0); | |||
631 | if (opts == NULL((void *)0) || *opts == '\0') | |||
632 | return ret; /* Empty options yields empty options :) */ | |||
633 | ||||
634 | while (*opts && *opts != ' ' && *opts != '\t') { | |||
635 | /* flag options */ | |||
636 | if ((r = opt_flag("cert-authority", 0, &opts)) != -1) { | |||
637 | ret->ca = 1; | |||
638 | } else if (opt_match(&opts, "namespaces")) { | |||
639 | if (ret->namespaces != NULL((void *)0)) { | |||
640 | errstr = "multiple \"namespaces\" clauses"; | |||
641 | goto fail; | |||
642 | } | |||
643 | ret->namespaces = opt_dequote(&opts, &errstr); | |||
644 | if (ret->namespaces == NULL((void *)0)) | |||
645 | goto fail; | |||
646 | } else if (opt_match(&opts, "valid-after")) { | |||
647 | if (ret->valid_after != 0) { | |||
648 | errstr = "multiple \"valid-after\" clauses"; | |||
649 | goto fail; | |||
650 | } | |||
651 | if ((opt = opt_dequote(&opts, &errstr)) == NULL((void *)0)) | |||
652 | goto fail; | |||
653 | if (parse_absolute_time(opt, &ret->valid_after) != 0 || | |||
654 | ret->valid_after == 0) { | |||
655 | free(opt); | |||
656 | errstr = "invalid \"valid-after\" time"; | |||
657 | goto fail; | |||
658 | } | |||
659 | free(opt); | |||
660 | } else if (opt_match(&opts, "valid-before")) { | |||
661 | if (ret->valid_before != 0) { | |||
662 | errstr = "multiple \"valid-before\" clauses"; | |||
663 | goto fail; | |||
664 | } | |||
665 | if ((opt = opt_dequote(&opts, &errstr)) == NULL((void *)0)) | |||
666 | goto fail; | |||
667 | if (parse_absolute_time(opt, &ret->valid_before) != 0 || | |||
668 | ret->valid_before == 0) { | |||
669 | free(opt); | |||
670 | errstr = "invalid \"valid-before\" time"; | |||
671 | goto fail; | |||
672 | } | |||
673 | free(opt); | |||
674 | } | |||
675 | /* | |||
676 | * Skip the comma, and move to the next option | |||
677 | * (or break out if there are no more). | |||
678 | */ | |||
679 | if (*opts == '\0' || *opts == ' ' || *opts == '\t') | |||
680 | break; /* End of options. */ | |||
681 | /* Anything other than a comma is an unknown option */ | |||
682 | if (*opts != ',') { | |||
683 | errstr = "unknown key option"; | |||
684 | goto fail; | |||
685 | } | |||
686 | opts++; | |||
687 | if (*opts == '\0') { | |||
688 | errstr = "unexpected end-of-options"; | |||
689 | goto fail; | |||
690 | } | |||
691 | } | |||
692 | /* final consistency check */ | |||
693 | if (ret->valid_after != 0 && ret->valid_before != 0 && | |||
694 | ret->valid_before <= ret->valid_after) { | |||
695 | errstr = "\"valid-before\" time is before \"valid-after\""; | |||
696 | goto fail; | |||
697 | } | |||
698 | /* success */ | |||
699 | return ret; | |||
700 | fail: | |||
701 | if (errstrp != NULL((void *)0)) | |||
702 | *errstrp = errstr; | |||
703 | sshsigopt_free(ret); | |||
704 | return NULL((void *)0); | |||
705 | } | |||
706 | ||||
707 | void | |||
708 | sshsigopt_free(struct sshsigopt *opts) | |||
709 | { | |||
710 | if (opts == NULL((void *)0)) | |||
711 | return; | |||
712 | free(opts->namespaces); | |||
713 | free(opts); | |||
714 | } | |||
715 | ||||
716 | static int | |||
717 | parse_principals_key_and_options(const char *path, u_long linenum, char *line, | |||
718 | const char *required_principal, char **principalsp, struct sshkey **keyp, | |||
719 | struct sshsigopt **sigoptsp) | |||
720 | { | |||
721 | char *opts = NULL((void *)0), *tmp, *cp, *principals = NULL((void *)0); | |||
722 | const char *reason = NULL((void *)0); | |||
723 | struct sshsigopt *sigopts = NULL((void *)0); | |||
724 | struct sshkey *key = NULL((void *)0); | |||
725 | int r = SSH_ERR_INTERNAL_ERROR-1; | |||
726 | ||||
727 | if (principalsp != NULL((void *)0)) | |||
728 | *principalsp = NULL((void *)0); | |||
729 | if (sigoptsp != NULL((void *)0)) | |||
730 | *sigoptsp = NULL((void *)0); | |||
731 | if (keyp != NULL((void *)0)) | |||
732 | *keyp = NULL((void *)0); | |||
733 | ||||
734 | cp = line; | |||
735 | cp = cp + strspn(cp, " \t"); /* skip leading whitespace */ | |||
736 | if (*cp == '#' || *cp == '\0') | |||
737 | return SSH_ERR_KEY_NOT_FOUND-46; /* blank or all-comment line */ | |||
738 | ||||
739 | /* format: identity[,identity...] [option[,option...]] key */ | |||
740 | if ((tmp = strdelimw(&cp)) == NULL((void *)0)) { | |||
741 | error("%s:%lu: invalid line", path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 741, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: invalid line" , path, linenum); | |||
742 | r = SSH_ERR_INVALID_FORMAT-4; | |||
743 | goto out; | |||
744 | } | |||
745 | if ((principals = strdup(tmp)) == NULL((void *)0)) { | |||
746 | error_f("strdup failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 746, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "strdup failed"); | |||
747 | r = SSH_ERR_ALLOC_FAIL-2; | |||
748 | goto out; | |||
749 | } | |||
750 | /* | |||
751 | * Bail out early if we're looking for a particular principal and this | |||
752 | * line does not list it. | |||
753 | */ | |||
754 | if (required_principal != NULL((void *)0)) { | |||
755 | if (match_pattern_list(required_principal, | |||
756 | principals, 0) != 1) { | |||
757 | /* principal didn't match */ | |||
758 | r = SSH_ERR_KEY_NOT_FOUND-46; | |||
759 | goto out; | |||
760 | } | |||
761 | debug_f("%s:%lu: matched principal \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 762, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched principal \"%s\"" , path, linenum, required_principal) | |||
762 | path, linenum, required_principal)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 762, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched principal \"%s\"" , path, linenum, required_principal); | |||
763 | } | |||
764 | ||||
765 | if ((key = sshkey_new(KEY_UNSPEC)) == NULL((void *)0)) { | |||
766 | error_f("sshkey_new failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 766, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshkey_new failed" ); | |||
767 | r = SSH_ERR_ALLOC_FAIL-2; | |||
768 | goto out; | |||
769 | } | |||
770 | if (sshkey_read(key, &cp) != 0) { | |||
771 | /* no key? Check for options */ | |||
772 | opts = cp; | |||
773 | if (sshkey_advance_past_options(&cp) != 0) { | |||
774 | error("%s:%lu: invalid options", path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 774, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: invalid options" , path, linenum); | |||
775 | r = SSH_ERR_INVALID_FORMAT-4; | |||
776 | goto out; | |||
777 | } | |||
778 | *cp++ = '\0'; | |||
779 | skip_space(&cp); | |||
780 | if (sshkey_read(key, &cp) != 0) { | |||
781 | error("%s:%lu: invalid key", path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 781, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: invalid key" , path, linenum); | |||
782 | r = SSH_ERR_INVALID_FORMAT-4; | |||
783 | goto out; | |||
784 | } | |||
785 | } | |||
786 | debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 786, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%s:%lu: options %s" , path, linenum, opts == ((void *)0) ? "" : opts); | |||
787 | if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL((void *)0)) { | |||
788 | error("%s:%lu: bad options: %s", path, linenum, reason)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 788, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: bad options: %s" , path, linenum, reason); | |||
789 | r = SSH_ERR_INVALID_FORMAT-4; | |||
790 | goto out; | |||
791 | } | |||
792 | /* success */ | |||
793 | if (principalsp != NULL((void *)0)) { | |||
794 | *principalsp = principals; | |||
795 | principals = NULL((void *)0); /* transferred */ | |||
796 | } | |||
797 | if (sigoptsp != NULL((void *)0)) { | |||
798 | *sigoptsp = sigopts; | |||
799 | sigopts = NULL((void *)0); /* transferred */ | |||
800 | } | |||
801 | if (keyp != NULL((void *)0)) { | |||
802 | *keyp = key; | |||
803 | key = NULL((void *)0); /* transferred */ | |||
804 | } | |||
805 | r = 0; | |||
806 | out: | |||
807 | free(principals); | |||
808 | sshsigopt_free(sigopts); | |||
809 | sshkey_free(key); | |||
810 | return r; | |||
811 | } | |||
812 | ||||
813 | static int | |||
814 | cert_filter_principals(const char *path, u_long linenum, | |||
815 | char **principalsp, const struct sshkey *cert, uint64_t verify_time) | |||
816 | { | |||
817 | char *cp, *oprincipals, *principals; | |||
818 | const char *reason; | |||
819 | struct sshbuf *nprincipals; | |||
820 | int r = SSH_ERR_INTERNAL_ERROR-1, success = 0; | |||
821 | ||||
822 | oprincipals = principals = *principalsp; | |||
823 | *principalsp = NULL((void *)0); | |||
824 | ||||
825 | if ((nprincipals = sshbuf_new()) == NULL((void *)0)) { | |||
826 | r = SSH_ERR_ALLOC_FAIL-2; | |||
827 | goto out; | |||
828 | } | |||
829 | ||||
830 | while ((cp = strsep(&principals, ",")) != NULL((void *)0) && *cp != '\0') { | |||
831 | if (strcspn(cp, "!?*") != strlen(cp)) { | |||
832 | debug("%s:%lu: principal \"%s\" not authorized: "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 833, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: principal \"%s\" not authorized: " "contains wildcards", path, linenum, cp) | |||
833 | "contains wildcards", path, linenum, cp)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 833, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: principal \"%s\" not authorized: " "contains wildcards", path, linenum, cp); | |||
834 | continue; | |||
835 | } | |||
836 | /* Check against principals list in certificate */ | |||
837 | if ((r = sshkey_cert_check_authority(cert, 0, 1, 0, | |||
838 | verify_time, cp, &reason)) != 0) { | |||
839 | debug("%s:%lu: principal \"%s\" not authorized: %s",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 840, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: principal \"%s\" not authorized: %s" , path, linenum, cp, reason) | |||
840 | path, linenum, cp, reason)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 840, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: principal \"%s\" not authorized: %s" , path, linenum, cp, reason); | |||
841 | continue; | |||
842 | } | |||
843 | if ((r = sshbuf_putf(nprincipals, "%s%s", | |||
844 | sshbuf_len(nprincipals) != 0 ? "," : "", cp)) != 0) { | |||
845 | error_f("buffer error")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 845, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "buffer error"); | |||
846 | goto out; | |||
847 | } | |||
848 | } | |||
849 | if (sshbuf_len(nprincipals) == 0) { | |||
850 | error("%s:%lu: no valid principals found", path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 850, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: no valid principals found" , path, linenum); | |||
851 | r = SSH_ERR_KEY_CERT_INVALID-25; | |||
852 | goto out; | |||
853 | } | |||
854 | if ((principals = sshbuf_dup_string(nprincipals)) == NULL((void *)0)) { | |||
855 | error_f("buffer error")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 855, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "buffer error"); | |||
856 | goto out; | |||
857 | } | |||
858 | /* success */ | |||
859 | success = 1; | |||
860 | *principalsp = principals; | |||
861 | out: | |||
862 | sshbuf_free(nprincipals); | |||
863 | free(oprincipals); | |||
864 | return success ? 0 : r; | |||
865 | } | |||
866 | ||||
867 | static int | |||
868 | check_allowed_keys_line(const char *path, u_long linenum, char *line, | |||
869 | const struct sshkey *sign_key, const char *principal, | |||
870 | const char *sig_namespace, uint64_t verify_time, char **principalsp) | |||
871 | { | |||
872 | struct sshkey *found_key = NULL((void *)0); | |||
873 | char *principals = NULL((void *)0); | |||
874 | int r, success = 0; | |||
875 | const char *reason = NULL((void *)0); | |||
876 | struct sshsigopt *sigopts = NULL((void *)0); | |||
877 | char tvalid[64], tverify[64]; | |||
878 | ||||
879 | if (principalsp != NULL((void *)0)) | |||
880 | *principalsp = NULL((void *)0); | |||
881 | ||||
882 | /* Parse the line */ | |||
883 | if ((r = parse_principals_key_and_options(path, linenum, line, | |||
884 | principal, &principals, &found_key, &sigopts)) != 0) { | |||
885 | /* error already logged */ | |||
886 | goto done; | |||
887 | } | |||
888 | ||||
889 | if (!sigopts->ca && sshkey_equal(found_key, sign_key)) { | |||
890 | /* Exact match of key */ | |||
891 | debug("%s:%lu: matched key", path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 891, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched key" , path, linenum); | |||
892 | } else if (sigopts->ca && sshkey_is_cert(sign_key) && | |||
893 | sshkey_equal_public(sign_key->cert->signature_key, found_key)) { | |||
894 | if (principal) { | |||
895 | /* Match certificate CA key with specified principal */ | |||
896 | if ((r = sshkey_cert_check_authority(sign_key, 0, 1, 0, | |||
897 | verify_time, principal, &reason)) != 0) { | |||
898 | error("%s:%lu: certificate not authorized: %s",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 899, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: certificate not authorized: %s" , path, linenum, reason) | |||
899 | path, linenum, reason)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 899, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: certificate not authorized: %s" , path, linenum, reason); | |||
900 | goto done; | |||
901 | } | |||
902 | debug("%s:%lu: matched certificate CA key",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 903, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched certificate CA key" , path, linenum) | |||
903 | path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 903, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched certificate CA key" , path, linenum); | |||
904 | } else { | |||
905 | /* No principal specified - find all matching ones */ | |||
906 | if ((r = cert_filter_principals(path, linenum, | |||
907 | &principals, sign_key, verify_time)) != 0) { | |||
908 | /* error already displayed */ | |||
909 | debug_r(r, "%s:%lu: cert_filter_principals",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 910, 0, SYSLOG_LEVEL_DEBUG1, ssh_err(r), "%s:%lu: cert_filter_principals" , path, linenum) | |||
910 | path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 910, 0, SYSLOG_LEVEL_DEBUG1, ssh_err(r), "%s:%lu: cert_filter_principals" , path, linenum); | |||
911 | goto done; | |||
912 | } | |||
913 | debug("%s:%lu: matched certificate CA key",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 914, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched certificate CA key" , path, linenum) | |||
914 | path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 914, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched certificate CA key" , path, linenum); | |||
915 | } | |||
916 | } else { | |||
917 | /* Didn't match key */ | |||
918 | goto done; | |||
919 | } | |||
920 | ||||
921 | /* Check whether options preclude the use of this key */ | |||
922 | if (sigopts->namespaces != NULL((void *)0) && sig_namespace != NULL((void *)0) && | |||
923 | match_pattern_list(sig_namespace, sigopts->namespaces, 0) != 1) { | |||
924 | error("%s:%lu: key is not permitted for use in signature "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 925, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key is not permitted for use in signature " "namespace \"%s\"", path, linenum, sig_namespace) | |||
925 | "namespace \"%s\"", path, linenum, sig_namespace)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 925, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key is not permitted for use in signature " "namespace \"%s\"", path, linenum, sig_namespace); | |||
926 | goto done; | |||
927 | } | |||
928 | ||||
929 | /* check key time validity */ | |||
930 | format_absolute_time((uint64_t)verify_time, tverify, sizeof(tverify)); | |||
931 | if (sigopts->valid_after != 0 && | |||
932 | (uint64_t)verify_time < sigopts->valid_after) { | |||
933 | format_absolute_time(sigopts->valid_after, | |||
934 | tvalid, sizeof(tvalid)); | |||
935 | error("%s:%lu: key is not yet valid: "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 937, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key is not yet valid: " "verify time %s < valid-after %s", path, linenum, tverify , tvalid) | |||
936 | "verify time %s < valid-after %s", path, linenum,sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 937, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key is not yet valid: " "verify time %s < valid-after %s", path, linenum, tverify , tvalid) | |||
937 | tverify, tvalid)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 937, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key is not yet valid: " "verify time %s < valid-after %s", path, linenum, tverify , tvalid); | |||
938 | goto done; | |||
939 | } | |||
940 | if (sigopts->valid_before != 0 && | |||
941 | (uint64_t)verify_time > sigopts->valid_before) { | |||
942 | format_absolute_time(sigopts->valid_before, | |||
943 | tvalid, sizeof(tvalid)); | |||
944 | error("%s:%lu: key has expired: "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 946, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key has expired: " "verify time %s > valid-before %s", path, linenum, tverify , tvalid) | |||
945 | "verify time %s > valid-before %s", path, linenum,sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 946, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key has expired: " "verify time %s > valid-before %s", path, linenum, tverify , tvalid) | |||
946 | tverify, tvalid)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 946, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key has expired: " "verify time %s > valid-before %s", path, linenum, tverify , tvalid); | |||
947 | goto done; | |||
948 | } | |||
949 | success = 1; | |||
950 | ||||
951 | done: | |||
952 | if (success && principalsp != NULL((void *)0)) { | |||
953 | *principalsp = principals; | |||
954 | principals = NULL((void *)0); /* transferred */ | |||
955 | } | |||
956 | free(principals); | |||
957 | sshkey_free(found_key); | |||
958 | sshsigopt_free(sigopts); | |||
959 | return success ? 0 : SSH_ERR_KEY_NOT_FOUND-46; | |||
960 | } | |||
961 | ||||
962 | int | |||
963 | sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, | |||
964 | const char *principal, const char *sig_namespace, uint64_t verify_time) | |||
965 | { | |||
966 | FILE *f = NULL((void *)0); | |||
967 | char *line = NULL((void *)0); | |||
968 | size_t linesize = 0; | |||
969 | u_long linenum = 0; | |||
970 | int r = SSH_ERR_INTERNAL_ERROR-1, oerrno; | |||
971 | ||||
972 | /* Check key and principal against file */ | |||
973 | if ((f = fopen(path, "r")) == NULL((void *)0)) { | |||
974 | oerrno = errno(*__errno()); | |||
975 | error("Unable to open allowed keys file \"%s\": %s",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 976, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to open allowed keys file \"%s\": %s" , path, strerror((*__errno()))) | |||
976 | path, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 976, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to open allowed keys file \"%s\": %s" , path, strerror((*__errno()))); | |||
977 | errno(*__errno()) = oerrno; | |||
978 | return SSH_ERR_SYSTEM_ERROR-24; | |||
979 | } | |||
980 | ||||
981 | while (getline(&line, &linesize, f) != -1) { | |||
982 | linenum++; | |||
983 | r = check_allowed_keys_line(path, linenum, line, sign_key, | |||
984 | principal, sig_namespace, verify_time, NULL((void *)0)); | |||
985 | free(line); | |||
986 | line = NULL((void *)0); | |||
987 | linesize = 0; | |||
988 | if (r == SSH_ERR_KEY_NOT_FOUND-46) | |||
989 | continue; | |||
990 | else if (r == 0) { | |||
991 | /* success */ | |||
992 | fclose(f); | |||
993 | return 0; | |||
994 | } else | |||
995 | break; | |||
996 | } | |||
997 | /* Either we hit an error parsing or we simply didn't find the key */ | |||
998 | fclose(f); | |||
999 | free(line); | |||
1000 | return r == 0 ? SSH_ERR_KEY_NOT_FOUND-46 : r; | |||
1001 | } | |||
1002 | ||||
1003 | int | |||
1004 | sshsig_find_principals(const char *path, const struct sshkey *sign_key, | |||
1005 | uint64_t verify_time, char **principals) | |||
1006 | { | |||
1007 | FILE *f = NULL((void *)0); | |||
1008 | char *line = NULL((void *)0); | |||
1009 | size_t linesize = 0; | |||
1010 | u_long linenum = 0; | |||
1011 | int r = SSH_ERR_INTERNAL_ERROR-1, oerrno; | |||
1012 | ||||
1013 | if ((f = fopen(path, "r")) == NULL((void *)0)) { | |||
1014 | oerrno = errno(*__errno()); | |||
1015 | error("Unable to open allowed keys file \"%s\": %s",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 1016, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to open allowed keys file \"%s\": %s" , path, strerror((*__errno()))) | |||
1016 | path, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 1016, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to open allowed keys file \"%s\": %s" , path, strerror((*__errno()))); | |||
1017 | errno(*__errno()) = oerrno; | |||
1018 | return SSH_ERR_SYSTEM_ERROR-24; | |||
1019 | } | |||
1020 | ||||
1021 | r = SSH_ERR_KEY_NOT_FOUND-46; | |||
1022 | while (getline(&line, &linesize, f) != -1) { | |||
1023 | linenum++; | |||
1024 | r = check_allowed_keys_line(path, linenum, line, | |||
1025 | sign_key, NULL((void *)0), NULL((void *)0), verify_time, principals); | |||
1026 | free(line); | |||
1027 | line = NULL((void *)0); | |||
1028 | linesize = 0; | |||
1029 | if (r == SSH_ERR_KEY_NOT_FOUND-46) | |||
1030 | continue; | |||
1031 | else if (r == 0) { | |||
1032 | /* success */ | |||
1033 | fclose(f); | |||
1034 | return 0; | |||
1035 | } else | |||
1036 | break; | |||
1037 | } | |||
1038 | free(line); | |||
1039 | /* Either we hit an error parsing or we simply didn't find the key */ | |||
1040 | if (ferror(f)(!__isthreaded ? (((f)->_flags & 0x0040) != 0) : (ferror )(f)) != 0) { | |||
1041 | oerrno = errno(*__errno()); | |||
1042 | fclose(f); | |||
1043 | error("Unable to read allowed keys file \"%s\": %s",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 1044, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to read allowed keys file \"%s\": %s" , path, strerror((*__errno()))) | |||
1044 | path, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 1044, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to read allowed keys file \"%s\": %s" , path, strerror((*__errno()))); | |||
1045 | errno(*__errno()) = oerrno; | |||
1046 | return SSH_ERR_SYSTEM_ERROR-24; | |||
1047 | } | |||
1048 | fclose(f); | |||
1049 | return r == 0 ? SSH_ERR_KEY_NOT_FOUND-46 : r; | |||
1050 | } | |||
1051 | ||||
1052 | int | |||
1053 | sshsig_match_principals(const char *path, const char *principal, | |||
1054 | char ***principalsp, size_t *nprincipalsp) | |||
1055 | { | |||
1056 | FILE *f = NULL((void *)0); | |||
1057 | char *found, *line = NULL((void *)0), **principals = NULL((void *)0), **tmp; | |||
1058 | size_t i, nprincipals = 0, linesize = 0; | |||
1059 | u_long linenum = 0; | |||
1060 | int oerrno = 0, r, ret = 0; | |||
1061 | ||||
1062 | if (principalsp != NULL((void *)0)) | |||
| ||||
1063 | *principalsp = NULL((void *)0); | |||
1064 | if (nprincipalsp != NULL((void *)0)) | |||
1065 | *nprincipalsp = 0; | |||
1066 | ||||
1067 | /* Check key and principal against file */ | |||
1068 | if ((f = fopen(path, "r")) == NULL((void *)0)) { | |||
1069 | oerrno = errno(*__errno()); | |||
1070 | error("Unable to open allowed keys file \"%s\": %s",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 1071, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to open allowed keys file \"%s\": %s" , path, strerror((*__errno()))) | |||
1071 | path, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__ , 1071, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to open allowed keys file \"%s\": %s" , path, strerror((*__errno()))); | |||
1072 | errno(*__errno()) = oerrno; | |||
1073 | return SSH_ERR_SYSTEM_ERROR-24; | |||
1074 | } | |||
1075 | ||||
1076 | while (getline(&line, &linesize, f) != -1) { | |||
1077 | linenum++; | |||
1078 | /* Parse the line */ | |||
1079 | if ((r = parse_principals_key_and_options(path, linenum, line, | |||
1080 | principal, &found, NULL((void *)0), NULL((void *)0))) != 0) { | |||
1081 | if (r == SSH_ERR_KEY_NOT_FOUND-46) | |||
1082 | continue; | |||
1083 | ret = r; | |||
1084 | oerrno = errno(*__errno()); | |||
1085 | break; /* unexpected error */ | |||
1086 | } | |||
1087 | if ((tmp = recallocarray(principals, nprincipals, | |||
1088 | nprincipals + 1, sizeof(*principals))) == NULL((void *)0)) { | |||
1089 | ret = SSH_ERR_ALLOC_FAIL-2; | |||
1090 | free(found); | |||
1091 | break; | |||
1092 | } | |||
1093 | principals = tmp; | |||
1094 | principals[nprincipals++] = found; /* transferred */ | |||
1095 | free(line); | |||
1096 | line = NULL((void *)0); | |||
1097 | linesize = 0; | |||
1098 | } | |||
1099 | fclose(f); | |||
1100 | ||||
1101 | if (ret
| |||
1102 | if (nprincipals
| |||
1103 | ret = SSH_ERR_KEY_NOT_FOUND-46; | |||
1104 | if (principalsp
| |||
1105 | *principalsp = principals; | |||
1106 | principals = NULL((void *)0); /* transferred */ | |||
1107 | } | |||
1108 | if (nprincipalsp
| |||
1109 | *nprincipalsp = nprincipals; | |||
1110 | nprincipals = 0; | |||
1111 | } | |||
1112 | } | |||
1113 | ||||
1114 | for (i = 0; i < nprincipals; i++) | |||
1115 | free(principals[i]); | |||
| ||||
1116 | free(principals); | |||
1117 | ||||
1118 | errno(*__errno()) = oerrno; | |||
1119 | return ret; | |||
1120 | } | |||
1121 | ||||
1122 | int | |||
1123 | sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey) | |||
1124 | { | |||
1125 | struct sshkey *pk = NULL((void *)0); | |||
1126 | int r = SSH_ERR_SIGNATURE_INVALID-21; | |||
1127 | ||||
1128 | if (pubkey == NULL((void *)0)) | |||
1129 | return SSH_ERR_INTERNAL_ERROR-1; | |||
1130 | if ((r = sshsig_parse_preamble(signature)) != 0) | |||
1131 | return r; | |||
1132 | if ((r = sshkey_froms(signature, &pk)) != 0) | |||
1133 | return r; | |||
1134 | ||||
1135 | *pubkey = pk; | |||
1136 | pk = NULL((void *)0); | |||
1137 | return 0; | |||
1138 | } |