Bug Summary

File:src/usr.bin/ssh/ssh-keygen/../sshsig.c
Warning:line 111, column 12
Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name sshsig.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.bin/ssh/ssh-keygen/obj -resource-dir /usr/local/llvm16/lib/clang/16 -I /usr/src/usr.bin/ssh/ssh-keygen/.. -D WITH_OPENSSL -D WITH_ZLIB -D WITH_DSA -D ENABLE_PKCS11 -D HAVE_DLOPEN -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -fdebug-compilation-dir=/usr/src/usr.bin/ssh/ssh-keygen/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c
1/* $OpenBSD: sshsig.c,v 1.34 2023/12/08 09:18:39 markus Exp $ */
2/*
3 * Copyright (c) 2019 Google LLC
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdio.h>
19#include <stdlib.h>
20#include <stdarg.h>
21#include <errno(*__errno()).h>
22#include <string.h>
23#include <unistd.h>
24
25#include "authfd.h"
26#include "authfile.h"
27#include "log.h"
28#include "misc.h"
29#include "sshbuf.h"
30#include "sshsig.h"
31#include "ssherr.h"
32#include "sshkey.h"
33#include "match.h"
34#include "digest.h"
35
36#define SIG_VERSION0x01 0x01
37#define MAGIC_PREAMBLE"SSHSIG" "SSHSIG"
38#define MAGIC_PREAMBLE_LEN(sizeof("SSHSIG") - 1) (sizeof(MAGIC_PREAMBLE"SSHSIG") - 1)
39#define BEGIN_SIGNATURE"-----BEGIN SSH SIGNATURE-----" "-----BEGIN SSH SIGNATURE-----"
40#define END_SIGNATURE"-----END SSH SIGNATURE-----" "-----END SSH SIGNATURE-----"
41#define RSA_SIGN_ALG"rsa-sha2-512" "rsa-sha2-512" /* XXX maybe make configurable */
42#define RSA_SIGN_ALLOWED"rsa-sha2-512,rsa-sha2-256" "rsa-sha2-512,rsa-sha2-256"
43#define HASHALG_DEFAULT"sha512" "sha512" /* XXX maybe make configurable */
44#define HASHALG_ALLOWED"sha256,sha512" "sha256,sha512"
45
46int
47sshsig_armor(const struct sshbuf *blob, struct sshbuf **out)
48{
49 struct sshbuf *buf = NULL((void *)0);
50 int r = SSH_ERR_INTERNAL_ERROR-1;
51
52 *out = NULL((void *)0);
53
54 if ((buf = sshbuf_new()) == NULL((void *)0)) {
55 error_f("sshbuf_new failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 55, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshbuf_new failed"
);
56 r = SSH_ERR_ALLOC_FAIL-2;
57 goto out;
58 }
59
60 if ((r = sshbuf_putf(buf, "%s\n", BEGIN_SIGNATURE"-----BEGIN SSH SIGNATURE-----")) != 0) {
61 error_fr(r, "sshbuf_putf")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 61, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "sshbuf_putf");
62 goto out;
63 }
64
65 if ((r = sshbuf_dtob64(blob, buf, 1)) != 0) {
66 error_fr(r, "base64 encode signature")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 66, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "base64 encode signature"
);
67 goto out;
68 }
69
70 if ((r = sshbuf_put(buf, END_SIGNATURE"-----END SSH SIGNATURE-----",
71 sizeof(END_SIGNATURE"-----END SSH SIGNATURE-----")-1)) != 0 ||
72 (r = sshbuf_put_u8(buf, '\n')) != 0) {
73 error_fr(r, "sshbuf_put")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 73, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "sshbuf_put");
74 goto out;
75 }
76 /* success */
77 *out = buf;
78 buf = NULL((void *)0); /* transferred */
79 r = 0;
80 out:
81 sshbuf_free(buf);
82 return r;
83}
84
85int
86sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out)
87{
88 int r;
89 size_t eoffset = 0;
90 struct sshbuf *buf = NULL((void *)0);
91 struct sshbuf *sbuf = NULL((void *)0);
92 char *b64 = NULL((void *)0);
93
94 if ((sbuf = sshbuf_fromb(sig)) == NULL((void *)0)) {
95 error_f("sshbuf_fromb failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 95, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshbuf_fromb failed"
);
96 return SSH_ERR_ALLOC_FAIL-2;
97 }
98
99 /* Expect and consume preamble + lf/crlf */
100 if ((r = sshbuf_cmp(sbuf, 0,
101 BEGIN_SIGNATURE"-----BEGIN SSH SIGNATURE-----", sizeof(BEGIN_SIGNATURE"-----BEGIN SSH SIGNATURE-----")-1)) != 0) {
102 error("Couldn't parse signature: missing header")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 102, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't parse signature: missing header"
);
103 goto done;
104 }
105 if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE"-----BEGIN SSH SIGNATURE-----")-1)) != 0) {
106 error_fr(r, "consume")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 106, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "consume");
107 goto done;
108 }
109 if ((r = sshbuf_cmp(sbuf, 0, "\r\n", 2)) == 0)
110 eoffset = 2;
111 else if ((r = sshbuf_cmp(sbuf, 0, "\n", 1)) == 0)
Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
112 eoffset = 1;
113 else {
114 r = SSH_ERR_INVALID_FORMAT-4;
115 error_f("no header eol")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 115, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "no header eol");
116 goto done;
117 }
118 if ((r = sshbuf_consume(sbuf, eoffset)) != 0) {
119 error_fr(r, "consume eol")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 119, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "consume eol");
120 goto done;
121 }
122 /* Find and consume lf + suffix (any prior cr would be ignored) */
123 if ((r = sshbuf_find(sbuf, 0, "\n" END_SIGNATURE"-----END SSH SIGNATURE-----",
124 sizeof(END_SIGNATURE"-----END SSH SIGNATURE-----"), &eoffset)) != 0) {
125 error("Couldn't parse signature: missing footer")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 125, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't parse signature: missing footer"
);
126 goto done;
127 }
128 if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) {
129 error_fr(r, "consume")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 129, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "consume");
130 goto done;
131 }
132
133 if ((b64 = sshbuf_dup_string(sbuf)) == NULL((void *)0)) {
134 error_f("sshbuf_dup_string failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 134, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshbuf_dup_string failed"
);
135 r = SSH_ERR_ALLOC_FAIL-2;
136 goto done;
137 }
138
139 if ((buf = sshbuf_new()) == NULL((void *)0)) {
140 error_f("sshbuf_new() failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 140, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshbuf_new() failed"
);
141 r = SSH_ERR_ALLOC_FAIL-2;
142 goto done;
143 }
144
145 if ((r = sshbuf_b64tod(buf, b64)) != 0) {
146 error_fr(r, "decode base64")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 146, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "decode base64");
147 goto done;
148 }
149
150 /* success */
151 *out = buf;
152 r = 0;
153 buf = NULL((void *)0); /* transferred */
154done:
155 sshbuf_free(buf);
156 sshbuf_free(sbuf);
157 free(b64);
158 return r;
159}
160
161static int
162sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
163 const char *sk_provider, const char *sk_pin, const struct sshbuf *h_message,
164 const char *sig_namespace, struct sshbuf **out,
165 sshsig_signer *signer, void *signer_ctx)
166{
167 int r;
168 size_t slen = 0;
169 u_char *sig = NULL((void *)0);
170 struct sshbuf *blob = NULL((void *)0);
171 struct sshbuf *tosign = NULL((void *)0);
172 const char *sign_alg = NULL((void *)0);
173
174 if ((tosign = sshbuf_new()) == NULL((void *)0) ||
175 (blob = sshbuf_new()) == NULL((void *)0)) {
176 error_f("sshbuf_new failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 176, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshbuf_new failed"
);
177 r = SSH_ERR_ALLOC_FAIL-2;
178 goto done;
179 }
180
181 if ((r = sshbuf_put(tosign, MAGIC_PREAMBLE"SSHSIG", MAGIC_PREAMBLE_LEN(sizeof("SSHSIG") - 1))) != 0 ||
182 (r = sshbuf_put_cstring(tosign, sig_namespace)) != 0 ||
183 (r = sshbuf_put_string(tosign, NULL((void *)0), 0)) != 0 || /* reserved */
184 (r = sshbuf_put_cstring(tosign, hashalg)) != 0 ||
185 (r = sshbuf_put_stringb(tosign, h_message)) != 0) {
186 error_fr(r, "assemble message to sign")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 186, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "assemble message to sign"
);
187 goto done;
188 }
189
190 /* If using RSA keys then default to a good signature algorithm */
191 if (sshkey_type_plain(key->type) == KEY_RSA)
192 sign_alg = RSA_SIGN_ALG"rsa-sha2-512";
193
194 if (signer != NULL((void *)0)) {
195 if ((r = signer(key, &sig, &slen,
196 sshbuf_ptr(tosign), sshbuf_len(tosign),
197 sign_alg, sk_provider, sk_pin, 0, signer_ctx)) != 0) {
198 error_r(r, "Couldn't sign message (signer)")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 198, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Couldn't sign message (signer)"
);
199 goto done;
200 }
201 } else {
202 if ((r = sshkey_sign(key, &sig, &slen,
203 sshbuf_ptr(tosign), sshbuf_len(tosign),
204 sign_alg, sk_provider, sk_pin, 0)) != 0) {
205 error_r(r, "Couldn't sign message")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 205, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Couldn't sign message"
);
206 goto done;
207 }
208 }
209
210 if ((r = sshbuf_put(blob, MAGIC_PREAMBLE"SSHSIG", MAGIC_PREAMBLE_LEN(sizeof("SSHSIG") - 1))) != 0 ||
211 (r = sshbuf_put_u32(blob, SIG_VERSION0x01)) != 0 ||
212 (r = sshkey_puts(key, blob)) != 0 ||
213 (r = sshbuf_put_cstring(blob, sig_namespace)) != 0 ||
214 (r = sshbuf_put_string(blob, NULL((void *)0), 0)) != 0 || /* reserved */
215 (r = sshbuf_put_cstring(blob, hashalg)) != 0 ||
216 (r = sshbuf_put_string(blob, sig, slen)) != 0) {
217 error_fr(r, "assemble signature object")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 217, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "assemble signature object"
);
218 goto done;
219 }
220
221 if (out != NULL((void *)0)) {
222 *out = blob;
223 blob = NULL((void *)0);
224 }
225 r = 0;
226done:
227 free(sig);
228 sshbuf_free(blob);
229 sshbuf_free(tosign);
230 return r;
231}
232
233/* Check preamble and version. */
234static int
235sshsig_parse_preamble(struct sshbuf *buf)
236{
237 int r = SSH_ERR_INTERNAL_ERROR-1;
238 uint32_t sversion;
239
240 if ((r = sshbuf_cmp(buf, 0, MAGIC_PREAMBLE"SSHSIG", MAGIC_PREAMBLE_LEN(sizeof("SSHSIG") - 1))) != 0 ||
241 (r = sshbuf_consume(buf, (sizeof(MAGIC_PREAMBLE"SSHSIG")-1))) != 0 ||
242 (r = sshbuf_get_u32(buf, &sversion)) != 0) {
243 error("Couldn't verify signature: invalid format")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 243, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't verify signature: invalid format"
);
244 return r;
245 }
246
247 if (sversion > SIG_VERSION0x01) {
248 error("Signature version %lu is larger than supported "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 249, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Signature version %lu is larger than supported "
"version %u", (unsigned long)sversion, 0x01)
249 "version %u", (unsigned long)sversion, SIG_VERSION)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 249, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Signature version %lu is larger than supported "
"version %u", (unsigned long)sversion, 0x01);
250 return SSH_ERR_INVALID_FORMAT-4;
251 }
252 return 0;
253}
254
255static int
256sshsig_check_hashalg(const char *hashalg)
257{
258 if (hashalg == NULL((void *)0) ||
259 match_pattern_list(hashalg, HASHALG_ALLOWED"sha256,sha512", 0) == 1)
260 return 0;
261 error_f("unsupported hash algorithm \"%.100s\"", hashalg)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 261, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "unsupported hash algorithm \"%.100s\""
, hashalg);
262 return SSH_ERR_SIGN_ALG_UNSUPPORTED-58;
263}
264
265static int
266sshsig_peek_hashalg(struct sshbuf *signature, char **hashalgp)
267{
268 struct sshbuf *buf = NULL((void *)0);
269 char *hashalg = NULL((void *)0);
270 int r = SSH_ERR_INTERNAL_ERROR-1;
271
272 if (hashalgp != NULL((void *)0))
273 *hashalgp = NULL((void *)0);
274 if ((buf = sshbuf_fromb(signature)) == NULL((void *)0))
275 return SSH_ERR_ALLOC_FAIL-2;
276 if ((r = sshsig_parse_preamble(buf)) != 0)
277 goto done;
278 if ((r = sshbuf_get_string_direct(buf, NULL((void *)0), NULL((void *)0))) != 0 ||
279 (r = sshbuf_get_string_direct(buf, NULL((void *)0), NULL((void *)0))) != 0 ||
280 (r = sshbuf_get_string(buf, NULL((void *)0), NULL((void *)0))) != 0 ||
281 (r = sshbuf_get_cstring(buf, &hashalg, NULL((void *)0))) != 0 ||
282 (r = sshbuf_get_string_direct(buf, NULL((void *)0), NULL((void *)0))) != 0) {
283 error_fr(r, "parse signature object")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 283, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "parse signature object"
);
284 goto done;
285 }
286
287 /* success */
288 r = 0;
289 *hashalgp = hashalg;
290 hashalg = NULL((void *)0);
291 done:
292 free(hashalg);
293 sshbuf_free(buf);
294 return r;
295}
296
297static int
298sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg,
299 const struct sshbuf *h_message, const char *expect_namespace,
300 struct sshkey **sign_keyp, struct sshkey_sig_details **sig_details)
301{
302 int r = SSH_ERR_INTERNAL_ERROR-1;
303 struct sshbuf *buf = NULL((void *)0), *toverify = NULL((void *)0);
304 struct sshkey *key = NULL((void *)0);
305 const u_char *sig;
306 char *got_namespace = NULL((void *)0), *sigtype = NULL((void *)0), *sig_hashalg = NULL((void *)0);
307 size_t siglen;
308
309 debug_f("verify message length %zu", sshbuf_len(h_message))sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 309, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "verify message length %zu"
, sshbuf_len(h_message));
310 if (sig_details != NULL((void *)0))
311 *sig_details = NULL((void *)0);
312 if (sign_keyp != NULL((void *)0))
313 *sign_keyp = NULL((void *)0);
314
315 if ((toverify = sshbuf_new()) == NULL((void *)0)) {
316 error_f("sshbuf_new failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 316, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshbuf_new failed"
);
317 r = SSH_ERR_ALLOC_FAIL-2;
318 goto done;
319 }
320 if ((r = sshbuf_put(toverify, MAGIC_PREAMBLE"SSHSIG",
321 MAGIC_PREAMBLE_LEN(sizeof("SSHSIG") - 1))) != 0 ||
322 (r = sshbuf_put_cstring(toverify, expect_namespace)) != 0 ||
323 (r = sshbuf_put_string(toverify, NULL((void *)0), 0)) != 0 || /* reserved */
324 (r = sshbuf_put_cstring(toverify, hashalg)) != 0 ||
325 (r = sshbuf_put_stringb(toverify, h_message)) != 0) {
326 error_fr(r, "assemble message to verify")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 326, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "assemble message to verify"
);
327 goto done;
328 }
329
330 if ((r = sshsig_parse_preamble(signature)) != 0)
331 goto done;
332
333 if ((r = sshkey_froms(signature, &key)) != 0 ||
334 (r = sshbuf_get_cstring(signature, &got_namespace, NULL((void *)0))) != 0 ||
335 (r = sshbuf_get_string(signature, NULL((void *)0), NULL((void *)0))) != 0 ||
336 (r = sshbuf_get_cstring(signature, &sig_hashalg, NULL((void *)0))) != 0 ||
337 (r = sshbuf_get_string_direct(signature, &sig, &siglen)) != 0) {
338 error_fr(r, "parse signature object")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 338, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "parse signature object"
);
339 goto done;
340 }
341
342 if (sshbuf_len(signature) != 0) {
343 error("Signature contains trailing data")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 343, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Signature contains trailing data"
);
344 r = SSH_ERR_INVALID_FORMAT-4;
345 goto done;
346 }
347
348 if (strcmp(expect_namespace, got_namespace) != 0) {
349 error("Couldn't verify signature: namespace does not match")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 349, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't verify signature: namespace does not match"
);
350 debug_f("expected namespace \"%s\" received \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 351, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "expected namespace \"%s\" received \"%s\""
, expect_namespace, got_namespace)
351 expect_namespace, got_namespace)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 351, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "expected namespace \"%s\" received \"%s\""
, expect_namespace, got_namespace);
352 r = SSH_ERR_SIGNATURE_INVALID-21;
353 goto done;
354 }
355 if (strcmp(hashalg, sig_hashalg) != 0) {
356 error("Couldn't verify signature: hash algorithm mismatch")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 356, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't verify signature: hash algorithm mismatch"
);
357 debug_f("expected algorithm \"%s\" received \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 358, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "expected algorithm \"%s\" received \"%s\""
, hashalg, sig_hashalg)
358 hashalg, sig_hashalg)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 358, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "expected algorithm \"%s\" received \"%s\""
, hashalg, sig_hashalg);
359 r = SSH_ERR_SIGNATURE_INVALID-21;
360 goto done;
361 }
362 /* Ensure that RSA keys use an acceptable signature algorithm */
363 if (sshkey_type_plain(key->type) == KEY_RSA) {
364 if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) {
365 error_r(r, "Couldn't verify signature: unable to get "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 366, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Couldn't verify signature: unable to get "
"signature type")
366 "signature type")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 366, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Couldn't verify signature: unable to get "
"signature type");
367 goto done;
368 }
369 if (match_pattern_list(sigtype, RSA_SIGN_ALLOWED"rsa-sha2-512,rsa-sha2-256", 0) != 1) {
370 error("Couldn't verify signature: unsupported RSA "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 371, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't verify signature: unsupported RSA "
"signature algorithm %s", sigtype)
371 "signature algorithm %s", sigtype)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 371, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Couldn't verify signature: unsupported RSA "
"signature algorithm %s", sigtype);
372 r = SSH_ERR_SIGN_ALG_UNSUPPORTED-58;
373 goto done;
374 }
375 }
376 if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify),
377 sshbuf_len(toverify), NULL((void *)0), 0, sig_details)) != 0) {
378 error_r(r, "Signature verification failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 378, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), "Signature verification failed"
);
379 goto done;
380 }
381
382 /* success */
383 r = 0;
384 if (sign_keyp != NULL((void *)0)) {
385 *sign_keyp = key;
386 key = NULL((void *)0); /* transferred */
387 }
388done:
389 free(got_namespace);
390 free(sigtype);
391 free(sig_hashalg);
392 sshbuf_free(buf);
393 sshbuf_free(toverify);
394 sshkey_free(key);
395 return r;
396}
397
398static int
399hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp)
400{
401 char *hex, hash[SSH_DIGEST_MAX_LENGTH64];
402 int alg, r = SSH_ERR_INTERNAL_ERROR-1;
403 struct sshbuf *b = NULL((void *)0);
404
405 *bp = NULL((void *)0);
406 memset(hash, 0, sizeof(hash));
407
408 if ((r = sshsig_check_hashalg(hashalg)) != 0)
409 return r;
410 if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) {
411 error_f("can't look up hash algorithm %s", hashalg)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 411, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "can't look up hash algorithm %s"
, hashalg);
412 return SSH_ERR_INTERNAL_ERROR-1;
413 }
414 if ((r = ssh_digest_buffer(alg, m, hash, sizeof(hash))) != 0) {
415 error_fr(r, "ssh_digest_buffer")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 415, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "ssh_digest_buffer"
);
416 return r;
417 }
418 if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL((void *)0)) {
419 debug3_f("final hash: %s", hex)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 419, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "final hash: %s",
hex);
420 freezero(hex, strlen(hex));
421 }
422 if ((b = sshbuf_new()) == NULL((void *)0)) {
423 r = SSH_ERR_ALLOC_FAIL-2;
424 goto out;
425 }
426 if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) {
427 error_fr(r, "sshbuf_put")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 427, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "sshbuf_put");
428 goto out;
429 }
430 *bp = b;
431 b = NULL((void *)0); /* transferred */
432 /* success */
433 r = 0;
434 out:
435 sshbuf_free(b);
436 explicit_bzero(hash, sizeof(hash));
437 return r;
438}
439
440int
441sshsig_signb(struct sshkey *key, const char *hashalg,
442 const char *sk_provider, const char *sk_pin,
443 const struct sshbuf *message, const char *sig_namespace,
444 struct sshbuf **out, sshsig_signer *signer, void *signer_ctx)
445{
446 struct sshbuf *b = NULL((void *)0);
447 int r = SSH_ERR_INTERNAL_ERROR-1;
448
449 if (hashalg == NULL((void *)0))
450 hashalg = HASHALG_DEFAULT"sha512";
451 if (out != NULL((void *)0))
452 *out = NULL((void *)0);
453 if ((r = hash_buffer(message, hashalg, &b)) != 0) {
454 error_fr(r, "hash buffer")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 454, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hash buffer");
455 goto out;
456 }
457 if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b,
458 sig_namespace, out, signer, signer_ctx)) != 0)
459 goto out;
460 /* success */
461 r = 0;
462 out:
463 sshbuf_free(b);
464 return r;
465}
466
467int
468sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message,
469 const char *expect_namespace, struct sshkey **sign_keyp,
470 struct sshkey_sig_details **sig_details)
471{
472 struct sshbuf *b = NULL((void *)0);
473 int r = SSH_ERR_INTERNAL_ERROR-1;
474 char *hashalg = NULL((void *)0);
475
476 if (sig_details != NULL((void *)0))
477 *sig_details = NULL((void *)0);
478 if (sign_keyp != NULL((void *)0))
479 *sign_keyp = NULL((void *)0);
480 if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0)
481 return r;
482 debug_f("signature made with hash \"%s\"", hashalg)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 482, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "signature made with hash \"%s\""
, hashalg);
483 if ((r = hash_buffer(message, hashalg, &b)) != 0) {
484 error_fr(r, "hash buffer")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 484, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hash buffer");
485 goto out;
486 }
487 if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace,
488 sign_keyp, sig_details)) != 0)
489 goto out;
490 /* success */
491 r = 0;
492 out:
493 sshbuf_free(b);
494 free(hashalg);
495 return r;
496}
497
498static int
499hash_file(int fd, const char *hashalg, struct sshbuf **bp)
500{
501 char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH64];
502 ssize_t n, total = 0;
503 struct ssh_digest_ctx *ctx = NULL((void *)0);
504 int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR-1;
505 struct sshbuf *b = NULL((void *)0);
506
507 *bp = NULL((void *)0);
508 memset(hash, 0, sizeof(hash));
509
510 if ((r = sshsig_check_hashalg(hashalg)) != 0)
511 return r;
512 if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) {
513 error_f("can't look up hash algorithm %s", hashalg)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 513, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "can't look up hash algorithm %s"
, hashalg);
514 return SSH_ERR_INTERNAL_ERROR-1;
515 }
516 if ((ctx = ssh_digest_start(alg)) == NULL((void *)0)) {
517 error_f("ssh_digest_start failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 517, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "ssh_digest_start failed"
);
518 return SSH_ERR_INTERNAL_ERROR-1;
519 }
520 for (;;) {
521 if ((n = read(fd, rbuf, sizeof(rbuf))) == -1) {
522 if (errno(*__errno()) == EINTR4 || errno(*__errno()) == EAGAIN35)
523 continue;
524 oerrno = errno(*__errno());
525 error_f("read: %s", strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 525, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "read: %s", strerror
((*__errno())));
526 errno(*__errno()) = oerrno;
527 r = SSH_ERR_SYSTEM_ERROR-24;
528 goto out;
529 } else if (n == 0) {
530 debug2_f("hashed %zu bytes", total)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 530, 1, SYSLOG_LEVEL_DEBUG2, ((void *)0), "hashed %zu bytes"
, total);
531 break; /* EOF */
532 }
533 total += (size_t)n;
534 if ((r = ssh_digest_update(ctx, rbuf, (size_t)n)) != 0) {
535 error_fr(r, "ssh_digest_update")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 535, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "ssh_digest_update"
);
536 goto out;
537 }
538 }
539 if ((r = ssh_digest_final(ctx, hash, sizeof(hash))) != 0) {
540 error_fr(r, "ssh_digest_final")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 540, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "ssh_digest_final");
541 goto out;
542 }
543 if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL((void *)0)) {
544 debug3_f("final hash: %s", hex)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 544, 1, SYSLOG_LEVEL_DEBUG3, ((void *)0), "final hash: %s",
hex);
545 freezero(hex, strlen(hex));
546 }
547 if ((b = sshbuf_new()) == NULL((void *)0)) {
548 r = SSH_ERR_ALLOC_FAIL-2;
549 goto out;
550 }
551 if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) {
552 error_fr(r, "sshbuf_put")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 552, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "sshbuf_put");
553 goto out;
554 }
555 *bp = b;
556 b = NULL((void *)0); /* transferred */
557 /* success */
558 r = 0;
559 out:
560 oerrno = errno(*__errno());
561 sshbuf_free(b);
562 ssh_digest_free(ctx);
563 explicit_bzero(hash, sizeof(hash));
564 errno(*__errno()) = oerrno;
565 return r;
566}
567
568int
569sshsig_sign_fd(struct sshkey *key, const char *hashalg,
570 const char *sk_provider, const char *sk_pin,
571 int fd, const char *sig_namespace, struct sshbuf **out,
572 sshsig_signer *signer, void *signer_ctx)
573{
574 struct sshbuf *b = NULL((void *)0);
575 int r = SSH_ERR_INTERNAL_ERROR-1;
576
577 if (hashalg == NULL((void *)0))
578 hashalg = HASHALG_DEFAULT"sha512";
579 if (out != NULL((void *)0))
580 *out = NULL((void *)0);
581 if ((r = hash_file(fd, hashalg, &b)) != 0) {
582 error_fr(r, "hash_file")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 582, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hash_file");
583 return r;
584 }
585 if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b,
586 sig_namespace, out, signer, signer_ctx)) != 0)
587 goto out;
588 /* success */
589 r = 0;
590 out:
591 sshbuf_free(b);
592 return r;
593}
594
595int
596sshsig_verify_fd(struct sshbuf *signature, int fd,
597 const char *expect_namespace, struct sshkey **sign_keyp,
598 struct sshkey_sig_details **sig_details)
599{
600 struct sshbuf *b = NULL((void *)0);
601 int r = SSH_ERR_INTERNAL_ERROR-1;
602 char *hashalg = NULL((void *)0);
603
604 if (sig_details != NULL((void *)0))
605 *sig_details = NULL((void *)0);
606 if (sign_keyp != NULL((void *)0))
607 *sign_keyp = NULL((void *)0);
608 if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0)
609 return r;
610 debug_f("signature made with hash \"%s\"", hashalg)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 610, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "signature made with hash \"%s\""
, hashalg);
611 if ((r = hash_file(fd, hashalg, &b)) != 0) {
612 error_fr(r, "hash_file")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 612, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), "hash_file");
613 goto out;
614 }
615 if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace,
616 sign_keyp, sig_details)) != 0)
617 goto out;
618 /* success */
619 r = 0;
620 out:
621 sshbuf_free(b);
622 free(hashalg);
623 return r;
624}
625
626struct sshsigopt {
627 int ca;
628 char *namespaces;
629 uint64_t valid_after, valid_before;
630};
631
632struct sshsigopt *
633sshsigopt_parse(const char *opts, const char *path, u_long linenum,
634 const char **errstrp)
635{
636 struct sshsigopt *ret;
637 int r;
638 char *opt;
639 const char *errstr = NULL((void *)0);
640
641 if ((ret = calloc(1, sizeof(*ret))) == NULL((void *)0))
642 return NULL((void *)0);
643 if (opts == NULL((void *)0) || *opts == '\0')
644 return ret; /* Empty options yields empty options :) */
645
646 while (*opts && *opts != ' ' && *opts != '\t') {
647 /* flag options */
648 if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {
649 ret->ca = 1;
650 } else if (opt_match(&opts, "namespaces")) {
651 if (ret->namespaces != NULL((void *)0)) {
652 errstr = "multiple \"namespaces\" clauses";
653 goto fail;
654 }
655 ret->namespaces = opt_dequote(&opts, &errstr);
656 if (ret->namespaces == NULL((void *)0))
657 goto fail;
658 } else if (opt_match(&opts, "valid-after")) {
659 if (ret->valid_after != 0) {
660 errstr = "multiple \"valid-after\" clauses";
661 goto fail;
662 }
663 if ((opt = opt_dequote(&opts, &errstr)) == NULL((void *)0))
664 goto fail;
665 if (parse_absolute_time(opt, &ret->valid_after) != 0 ||
666 ret->valid_after == 0) {
667 free(opt);
668 errstr = "invalid \"valid-after\" time";
669 goto fail;
670 }
671 free(opt);
672 } else if (opt_match(&opts, "valid-before")) {
673 if (ret->valid_before != 0) {
674 errstr = "multiple \"valid-before\" clauses";
675 goto fail;
676 }
677 if ((opt = opt_dequote(&opts, &errstr)) == NULL((void *)0))
678 goto fail;
679 if (parse_absolute_time(opt, &ret->valid_before) != 0 ||
680 ret->valid_before == 0) {
681 free(opt);
682 errstr = "invalid \"valid-before\" time";
683 goto fail;
684 }
685 free(opt);
686 }
687 /*
688 * Skip the comma, and move to the next option
689 * (or break out if there are no more).
690 */
691 if (*opts == '\0' || *opts == ' ' || *opts == '\t')
692 break; /* End of options. */
693 /* Anything other than a comma is an unknown option */
694 if (*opts != ',') {
695 errstr = "unknown key option";
696 goto fail;
697 }
698 opts++;
699 if (*opts == '\0') {
700 errstr = "unexpected end-of-options";
701 goto fail;
702 }
703 }
704 /* final consistency check */
705 if (ret->valid_after != 0 && ret->valid_before != 0 &&
706 ret->valid_before <= ret->valid_after) {
707 errstr = "\"valid-before\" time is before \"valid-after\"";
708 goto fail;
709 }
710 /* success */
711 return ret;
712 fail:
713 if (errstrp != NULL((void *)0))
714 *errstrp = errstr;
715 sshsigopt_free(ret);
716 return NULL((void *)0);
717}
718
719void
720sshsigopt_free(struct sshsigopt *opts)
721{
722 if (opts == NULL((void *)0))
723 return;
724 free(opts->namespaces);
725 free(opts);
726}
727
728static int
729parse_principals_key_and_options(const char *path, u_long linenum, char *line,
730 const char *required_principal, char **principalsp, struct sshkey **keyp,
731 struct sshsigopt **sigoptsp)
732{
733 char *opts = NULL((void *)0), *tmp, *cp, *principals = NULL((void *)0);
734 const char *reason = NULL((void *)0);
735 struct sshsigopt *sigopts = NULL((void *)0);
736 struct sshkey *key = NULL((void *)0);
737 int r = SSH_ERR_INTERNAL_ERROR-1;
738
739 if (principalsp != NULL((void *)0))
740 *principalsp = NULL((void *)0);
741 if (sigoptsp != NULL((void *)0))
742 *sigoptsp = NULL((void *)0);
743 if (keyp != NULL((void *)0))
744 *keyp = NULL((void *)0);
745
746 cp = line;
747 cp = cp + strspn(cp, " \t"); /* skip leading whitespace */
748 if (*cp == '#' || *cp == '\0')
749 return SSH_ERR_KEY_NOT_FOUND-46; /* blank or all-comment line */
750
751 /* format: identity[,identity...] [option[,option...]] key */
752 if ((tmp = strdelimw(&cp)) == NULL((void *)0) || cp == NULL((void *)0)) {
753 error("%s:%lu: invalid line", path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 753, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: invalid line"
, path, linenum);
754 r = SSH_ERR_INVALID_FORMAT-4;
755 goto out;
756 }
757 if ((principals = strdup(tmp)) == NULL((void *)0)) {
758 error_f("strdup failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 758, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "strdup failed");
759 r = SSH_ERR_ALLOC_FAIL-2;
760 goto out;
761 }
762 /*
763 * Bail out early if we're looking for a particular principal and this
764 * line does not list it.
765 */
766 if (required_principal != NULL((void *)0)) {
767 if (match_pattern_list(required_principal,
768 principals, 0) != 1) {
769 /* principal didn't match */
770 r = SSH_ERR_KEY_NOT_FOUND-46;
771 goto out;
772 }
773 debug_f("%s:%lu: matched principal \"%s\"",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 774, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched principal \"%s\""
, path, linenum, required_principal)
774 path, linenum, required_principal)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 774, 1, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched principal \"%s\""
, path, linenum, required_principal);
775 }
776
777 if ((key = sshkey_new(KEY_UNSPEC)) == NULL((void *)0)) {
778 error_f("sshkey_new failed")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 778, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "sshkey_new failed"
);
779 r = SSH_ERR_ALLOC_FAIL-2;
780 goto out;
781 }
782 if (sshkey_read(key, &cp) != 0) {
783 /* no key? Check for options */
784 opts = cp;
785 if (sshkey_advance_past_options(&cp) != 0) {
786 error("%s:%lu: invalid options", path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 786, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: invalid options"
, path, linenum);
787 r = SSH_ERR_INVALID_FORMAT-4;
788 goto out;
789 }
790 if (cp == NULL((void *)0) || *cp == '\0') {
791 error("%s:%lu: missing key", path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 791, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: missing key"
, path, linenum);
792 r = SSH_ERR_INVALID_FORMAT-4;
793 goto out;
794 }
795 *cp++ = '\0';
796 skip_space(&cp);
797 if (sshkey_read(key, &cp) != 0) {
798 error("%s:%lu: invalid key", path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 798, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: invalid key"
, path, linenum);
799 r = SSH_ERR_INVALID_FORMAT-4;
800 goto out;
801 }
802 }
803 debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 803, 0, SYSLOG_LEVEL_DEBUG3, ((void *)0), "%s:%lu: options %s"
, path, linenum, opts == ((void *)0) ? "" : opts);
804 if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL((void *)0)) {
805 error("%s:%lu: bad options: %s", path, linenum, reason)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 805, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: bad options: %s"
, path, linenum, reason);
806 r = SSH_ERR_INVALID_FORMAT-4;
807 goto out;
808 }
809 /* success */
810 if (principalsp != NULL((void *)0)) {
811 *principalsp = principals;
812 principals = NULL((void *)0); /* transferred */
813 }
814 if (sigoptsp != NULL((void *)0)) {
815 *sigoptsp = sigopts;
816 sigopts = NULL((void *)0); /* transferred */
817 }
818 if (keyp != NULL((void *)0)) {
819 *keyp = key;
820 key = NULL((void *)0); /* transferred */
821 }
822 r = 0;
823 out:
824 free(principals);
825 sshsigopt_free(sigopts);
826 sshkey_free(key);
827 return r;
828}
829
830static int
831cert_filter_principals(const char *path, u_long linenum,
832 char **principalsp, const struct sshkey *cert, uint64_t verify_time)
833{
834 char *cp, *oprincipals, *principals;
835 const char *reason;
836 struct sshbuf *nprincipals;
837 int r = SSH_ERR_INTERNAL_ERROR-1, success = 0;
838 u_int i;
839
840 oprincipals = principals = *principalsp;
841 *principalsp = NULL((void *)0);
842
843 if ((nprincipals = sshbuf_new()) == NULL((void *)0)) {
844 r = SSH_ERR_ALLOC_FAIL-2;
845 goto out;
846 }
847
848 while ((cp = strsep(&principals, ",")) != NULL((void *)0) && *cp != '\0') {
849 /* Check certificate validity */
850 if ((r = sshkey_cert_check_authority(cert, 0, 1, 0,
851 verify_time, NULL((void *)0), &reason)) != 0) {
852 debug("%s:%lu: principal \"%s\" not authorized: %s",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 853, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: principal \"%s\" not authorized: %s"
, path, linenum, cp, reason)
853 path, linenum, cp, reason)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 853, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: principal \"%s\" not authorized: %s"
, path, linenum, cp, reason);
854 continue;
855 }
856 /* Return all matching principal names from the cert */
857 for (i = 0; i < cert->cert->nprincipals; i++) {
858 if (match_pattern(cert->cert->principals[i], cp)) {
859 if ((r = sshbuf_putf(nprincipals, "%s%s",
860 sshbuf_len(nprincipals) != 0 ? "," : "",
861 cert->cert->principals[i])) != 0) {
862 error_f("buffer error")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 862, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "buffer error");
863 goto out;
864 }
865 }
866 }
867 }
868 if (sshbuf_len(nprincipals) == 0) {
869 error("%s:%lu: no valid principals found", path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 869, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: no valid principals found"
, path, linenum);
870 r = SSH_ERR_KEY_CERT_INVALID-25;
871 goto out;
872 }
873 if ((principals = sshbuf_dup_string(nprincipals)) == NULL((void *)0)) {
874 error_f("buffer error")sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 874, 1, SYSLOG_LEVEL_ERROR, ((void *)0), "buffer error");
875 goto out;
876 }
877 /* success */
878 success = 1;
879 *principalsp = principals;
880 out:
881 sshbuf_free(nprincipals);
882 free(oprincipals);
883 return success ? 0 : r;
884}
885
886static int
887check_allowed_keys_line(const char *path, u_long linenum, char *line,
888 const struct sshkey *sign_key, const char *principal,
889 const char *sig_namespace, uint64_t verify_time, char **principalsp)
890{
891 struct sshkey *found_key = NULL((void *)0);
892 char *principals = NULL((void *)0);
893 int r, success = 0;
894 const char *reason = NULL((void *)0);
895 struct sshsigopt *sigopts = NULL((void *)0);
896 char tvalid[64], tverify[64];
897
898 if (principalsp != NULL((void *)0))
899 *principalsp = NULL((void *)0);
900
901 /* Parse the line */
902 if ((r = parse_principals_key_and_options(path, linenum, line,
903 principal, &principals, &found_key, &sigopts)) != 0) {
904 /* error already logged */
905 goto done;
906 }
907
908 if (!sigopts->ca && sshkey_equal(found_key, sign_key)) {
909 /* Exact match of key */
910 debug("%s:%lu: matched key", path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 910, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched key"
, path, linenum);
911 } else if (sigopts->ca && sshkey_is_cert(sign_key) &&
912 sshkey_equal_public(sign_key->cert->signature_key, found_key)) {
913 if (principal) {
914 /* Match certificate CA key with specified principal */
915 if ((r = sshkey_cert_check_authority(sign_key, 0, 1, 0,
916 verify_time, principal, &reason)) != 0) {
917 error("%s:%lu: certificate not authorized: %s",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 918, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: certificate not authorized: %s"
, path, linenum, reason)
918 path, linenum, reason)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 918, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: certificate not authorized: %s"
, path, linenum, reason);
919 goto done;
920 }
921 debug("%s:%lu: matched certificate CA key",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 922, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched certificate CA key"
, path, linenum)
922 path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 922, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched certificate CA key"
, path, linenum);
923 } else {
924 /* No principal specified - find all matching ones */
925 if ((r = cert_filter_principals(path, linenum,
926 &principals, sign_key, verify_time)) != 0) {
927 /* error already displayed */
928 debug_r(r, "%s:%lu: cert_filter_principals",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 929, 0, SYSLOG_LEVEL_DEBUG1, ssh_err(r), "%s:%lu: cert_filter_principals"
, path, linenum)
929 path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 929, 0, SYSLOG_LEVEL_DEBUG1, ssh_err(r), "%s:%lu: cert_filter_principals"
, path, linenum);
930 goto done;
931 }
932 debug("%s:%lu: matched certificate CA key",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 933, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched certificate CA key"
, path, linenum)
933 path, linenum)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 933, 0, SYSLOG_LEVEL_DEBUG1, ((void *)0), "%s:%lu: matched certificate CA key"
, path, linenum);
934 }
935 } else {
936 /* Didn't match key */
937 goto done;
938 }
939
940 /* Check whether options preclude the use of this key */
941 if (sigopts->namespaces != NULL((void *)0) && sig_namespace != NULL((void *)0) &&
942 match_pattern_list(sig_namespace, sigopts->namespaces, 0) != 1) {
943 error("%s:%lu: key is not permitted for use in signature "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 944, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key is not permitted for use in signature "
"namespace \"%s\"", path, linenum, sig_namespace)
944 "namespace \"%s\"", path, linenum, sig_namespace)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 944, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key is not permitted for use in signature "
"namespace \"%s\"", path, linenum, sig_namespace);
945 goto done;
946 }
947
948 /* check key time validity */
949 format_absolute_time((uint64_t)verify_time, tverify, sizeof(tverify));
950 if (sigopts->valid_after != 0 &&
951 (uint64_t)verify_time < sigopts->valid_after) {
952 format_absolute_time(sigopts->valid_after,
953 tvalid, sizeof(tvalid));
954 error("%s:%lu: key is not yet valid: "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 956, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key is not yet valid: "
"verify time %s < valid-after %s", path, linenum, tverify
, tvalid)
955 "verify time %s < valid-after %s", path, linenum,sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 956, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key is not yet valid: "
"verify time %s < valid-after %s", path, linenum, tverify
, tvalid)
956 tverify, tvalid)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 956, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key is not yet valid: "
"verify time %s < valid-after %s", path, linenum, tverify
, tvalid);
957 goto done;
958 }
959 if (sigopts->valid_before != 0 &&
960 (uint64_t)verify_time > sigopts->valid_before) {
961 format_absolute_time(sigopts->valid_before,
962 tvalid, sizeof(tvalid));
963 error("%s:%lu: key has expired: "sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 965, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key has expired: "
"verify time %s > valid-before %s", path, linenum, tverify
, tvalid)
964 "verify time %s > valid-before %s", path, linenum,sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 965, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key has expired: "
"verify time %s > valid-before %s", path, linenum, tverify
, tvalid)
965 tverify, tvalid)sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 965, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "%s:%lu: key has expired: "
"verify time %s > valid-before %s", path, linenum, tverify
, tvalid);
966 goto done;
967 }
968 success = 1;
969
970 done:
971 if (success && principalsp != NULL((void *)0)) {
972 *principalsp = principals;
973 principals = NULL((void *)0); /* transferred */
974 }
975 free(principals);
976 sshkey_free(found_key);
977 sshsigopt_free(sigopts);
978 return success ? 0 : SSH_ERR_KEY_NOT_FOUND-46;
979}
980
981int
982sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key,
983 const char *principal, const char *sig_namespace, uint64_t verify_time)
984{
985 FILE *f = NULL((void *)0);
986 char *line = NULL((void *)0);
987 size_t linesize = 0;
988 u_long linenum = 0;
989 int r = SSH_ERR_KEY_NOT_FOUND-46, oerrno;
990
991 /* Check key and principal against file */
992 if ((f = fopen(path, "r")) == NULL((void *)0)) {
993 oerrno = errno(*__errno());
994 error("Unable to open allowed keys file \"%s\": %s",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 995, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to open allowed keys file \"%s\": %s"
, path, strerror((*__errno())))
995 path, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 995, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to open allowed keys file \"%s\": %s"
, path, strerror((*__errno())));
996 errno(*__errno()) = oerrno;
997 return SSH_ERR_SYSTEM_ERROR-24;
998 }
999
1000 while (getline(&line, &linesize, f) != -1) {
1001 linenum++;
1002 r = check_allowed_keys_line(path, linenum, line, sign_key,
1003 principal, sig_namespace, verify_time, NULL((void *)0));
1004 free(line);
1005 line = NULL((void *)0);
1006 linesize = 0;
1007 if (r == SSH_ERR_KEY_NOT_FOUND-46)
1008 continue;
1009 else if (r == 0) {
1010 /* success */
1011 fclose(f);
1012 return 0;
1013 } else
1014 break;
1015 }
1016 /* Either we hit an error parsing or we simply didn't find the key */
1017 fclose(f);
1018 free(line);
1019 return r;
1020}
1021
1022int
1023sshsig_find_principals(const char *path, const struct sshkey *sign_key,
1024 uint64_t verify_time, char **principals)
1025{
1026 FILE *f = NULL((void *)0);
1027 char *line = NULL((void *)0);
1028 size_t linesize = 0;
1029 u_long linenum = 0;
1030 int r = SSH_ERR_KEY_NOT_FOUND-46, oerrno;
1031
1032 if ((f = fopen(path, "r")) == NULL((void *)0)) {
1033 oerrno = errno(*__errno());
1034 error("Unable to open allowed keys file \"%s\": %s",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 1035, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to open allowed keys file \"%s\": %s"
, path, strerror((*__errno())))
1035 path, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 1035, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to open allowed keys file \"%s\": %s"
, path, strerror((*__errno())));
1036 errno(*__errno()) = oerrno;
1037 return SSH_ERR_SYSTEM_ERROR-24;
1038 }
1039
1040 while (getline(&line, &linesize, f) != -1) {
1041 linenum++;
1042 r = check_allowed_keys_line(path, linenum, line,
1043 sign_key, NULL((void *)0), NULL((void *)0), verify_time, principals);
1044 free(line);
1045 line = NULL((void *)0);
1046 linesize = 0;
1047 if (r == SSH_ERR_KEY_NOT_FOUND-46)
1048 continue;
1049 else if (r == 0) {
1050 /* success */
1051 fclose(f);
1052 return 0;
1053 } else
1054 break;
1055 }
1056 free(line);
1057 /* Either we hit an error parsing or we simply didn't find the key */
1058 if (ferror(f)(!__isthreaded ? (((f)->_flags & 0x0040) != 0) : (ferror
)(f)) != 0) {
1059 oerrno = errno(*__errno());
1060 fclose(f);
1061 error("Unable to read allowed keys file \"%s\": %s",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 1062, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to read allowed keys file \"%s\": %s"
, path, strerror((*__errno())))
1062 path, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 1062, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to read allowed keys file \"%s\": %s"
, path, strerror((*__errno())));
1063 errno(*__errno()) = oerrno;
1064 return SSH_ERR_SYSTEM_ERROR-24;
1065 }
1066 fclose(f);
1067 return r;
1068}
1069
1070int
1071sshsig_match_principals(const char *path, const char *principal,
1072 char ***principalsp, size_t *nprincipalsp)
1073{
1074 FILE *f = NULL((void *)0);
1075 char *found, *line = NULL((void *)0), **principals = NULL((void *)0), **tmp;
1076 size_t i, nprincipals = 0, linesize = 0;
1077 u_long linenum = 0;
1078 int oerrno = 0, r, ret = 0;
1079
1080 if (principalsp != NULL((void *)0))
1081 *principalsp = NULL((void *)0);
1082 if (nprincipalsp != NULL((void *)0))
1083 *nprincipalsp = 0;
1084
1085 /* Check key and principal against file */
1086 if ((f = fopen(path, "r")) == NULL((void *)0)) {
1087 oerrno = errno(*__errno());
1088 error("Unable to open allowed keys file \"%s\": %s",sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 1089, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to open allowed keys file \"%s\": %s"
, path, strerror((*__errno())))
1089 path, strerror(errno))sshlog("/usr/src/usr.bin/ssh/ssh-keygen/../sshsig.c", __func__
, 1089, 0, SYSLOG_LEVEL_ERROR, ((void *)0), "Unable to open allowed keys file \"%s\": %s"
, path, strerror((*__errno())));
1090 errno(*__errno()) = oerrno;
1091 return SSH_ERR_SYSTEM_ERROR-24;
1092 }
1093
1094 while (getline(&line, &linesize, f) != -1) {
1095 linenum++;
1096 /* Parse the line */
1097 if ((r = parse_principals_key_and_options(path, linenum, line,
1098 principal, &found, NULL((void *)0), NULL((void *)0))) != 0) {
1099 if (r == SSH_ERR_KEY_NOT_FOUND-46)
1100 continue;
1101 ret = r;
1102 oerrno = errno(*__errno());
1103 break; /* unexpected error */
1104 }
1105 if ((tmp = recallocarray(principals, nprincipals,
1106 nprincipals + 1, sizeof(*principals))) == NULL((void *)0)) {
1107 ret = SSH_ERR_ALLOC_FAIL-2;
1108 free(found);
1109 break;
1110 }
1111 principals = tmp;
1112 principals[nprincipals++] = found; /* transferred */
1113 free(line);
1114 line = NULL((void *)0);
1115 linesize = 0;
1116 }
1117 fclose(f);
1118
1119 if (ret == 0) {
1120 if (nprincipals == 0)
1121 ret = SSH_ERR_KEY_NOT_FOUND-46;
1122 if (nprincipalsp != 0)
1123 *nprincipalsp = nprincipals;
1124 if (principalsp != NULL((void *)0)) {
1125 *principalsp = principals;
1126 principals = NULL((void *)0); /* transferred */
1127 nprincipals = 0;
1128 }
1129 }
1130
1131 for (i = 0; i < nprincipals; i++)
1132 free(principals[i]);
1133 free(principals);
1134
1135 errno(*__errno()) = oerrno;
1136 return ret;
1137}
1138
1139int
1140sshsig_get_pubkey(struct sshbuf *signature, struct sshkey **pubkey)
1141{
1142 struct sshkey *pk = NULL((void *)0);
1143 int r = SSH_ERR_SIGNATURE_INVALID-21;
1144
1145 if (pubkey == NULL((void *)0))
1146 return SSH_ERR_INTERNAL_ERROR-1;
1147 if ((r = sshsig_parse_preamble(signature)) != 0)
1148 return r;
1149 if ((r = sshkey_froms(signature, &pk)) != 0)
1150 return r;
1151
1152 *pubkey = pk;
1153 pk = NULL((void *)0);
1154 return 0;
1155}