Blame - ssh-pkcs11-helper.c - fp2-dev/platform/external/openssh

blob: ceabc8ba7fe4245a013a573ce259e3bd8771419d [file] [log] [blame]

Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	1	/* $OpenBSD: ssh-pkcs11-helper.c,v 1.10 2015/01/20 23:14:00 deraadt Exp $ */
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	2	/*
				3	* Copyright (c) 2010 Markus Friedl. All rights reserved.
				4	*
				5	* Permission to use, copy, modify, and distribute this software for any
				6	* purpose with or without fee is hereby granted, provided that the above
				7	* copyright notice and this permission notice appear in all copies.
				8	*
				9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
				10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
				11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
				12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
				13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
				14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
				15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
				16	*/
				17
				18	#include "includes.h"
				19
				20	#include <sys/types.h>
				21	#ifdef HAVE_SYS_TIME_H
				22	# include <sys/time.h>
				23	#endif
				24
				25	#include "openbsd-compat/sys-queue.h"
				26
				27	#include <stdarg.h>
				28	#include <string.h>
				29	#include <unistd.h>
				30	#include <errno.h>
				31
				32	#include "xmalloc.h"
				33	#include "buffer.h"
				34	#include "log.h"
				35	#include "misc.h"
				36	#include "key.h"
				37	#include "authfd.h"
				38	#include "ssh-pkcs11.h"
				39
				40	#ifdef ENABLE_PKCS11
				41
				42	/* borrows code from sftp-server and ssh-agent */
				43
				44	struct pkcs11_keyinfo {
				45	Key *key;
				46	char *providername;
				47	TAILQ_ENTRY(pkcs11_keyinfo) next;
				48	};
				49
				50	TAILQ_HEAD(, pkcs11_keyinfo) pkcs11_keylist;
				51
				52	#define MAX_MSG_LENGTH 10240 /XXX/
				53
				54	/* helper */
				55	#define get_int() buffer_get_int(&iqueue);
				56	#define get_string(lenp) buffer_get_string(&iqueue, lenp);
				57
				58	/* input and output queue */
				59	Buffer iqueue;
				60	Buffer oqueue;
				61
				62	static void
				63	add_key(Key k, char name)
				64	{
				65	struct pkcs11_keyinfo *ki;
				66
				67	ki = xcalloc(1, sizeof(*ki));
				68	ki->providername = xstrdup(name);
				69	ki->key = k;
				70	TAILQ_INSERT_TAIL(&pkcs11_keylist, ki, next);
				71	}
				72
				73	static void
				74	del_keys_by_name(char *name)
				75	{
				76	struct pkcs11_keyinfo ki, nxt;
				77
				78	for (ki = TAILQ_FIRST(&pkcs11_keylist); ki; ki = nxt) {
				79	nxt = TAILQ_NEXT(ki, next);
				80	if (!strcmp(ki->providername, name)) {
				81	TAILQ_REMOVE(&pkcs11_keylist, ki, next);
Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	82	free(ki->providername);
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	83	key_free(ki->key);
				84	free(ki);
				85	}
				86	}
				87	}
				88
				89	/* lookup matching 'private' key */
				90	static Key *
				91	lookup_key(Key *k)
				92	{
				93	struct pkcs11_keyinfo *ki;
				94
				95	TAILQ_FOREACH(ki, &pkcs11_keylist, next) {
				96	debug("check %p %s", ki, ki->providername);
				97	if (key_equal(k, ki->key))
				98	return (ki->key);
				99	}
				100	return (NULL);
				101	}
				102
				103	static void
				104	send_msg(Buffer *m)
				105	{
				106	int mlen = buffer_len(m);
				107
				108	buffer_put_int(&oqueue, mlen);
				109	buffer_append(&oqueue, buffer_ptr(m), mlen);
				110	buffer_consume(m, mlen);
				111	}
				112
				113	static void
				114	process_add(void)
				115	{
				116	char name, pin;
				117	Key **keys;
				118	int i, nkeys;
				119	u_char *blob;
				120	u_int blen;
				121	Buffer msg;
				122
				123	buffer_init(&msg);
				124	name = get_string(NULL);
				125	pin = get_string(NULL);
				126	if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) {
				127	buffer_put_char(&msg, SSH2_AGENT_IDENTITIES_ANSWER);
				128	buffer_put_int(&msg, nkeys);
				129	for (i = 0; i < nkeys; i++) {
Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	130	if (key_to_blob(keys[i], &blob, &blen) == 0)
				131	continue;
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	132	buffer_put_string(&msg, blob, blen);
				133	buffer_put_cstring(&msg, name);
Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	134	free(blob);
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	135	add_key(keys[i], name);
				136	}
Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	137	free(keys);
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	138	} else {
				139	buffer_put_char(&msg, SSH_AGENT_FAILURE);
				140	}
Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	141	free(pin);
				142	free(name);
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	143	send_msg(&msg);
				144	buffer_free(&msg);
				145	}
				146
				147	static void
				148	process_del(void)
				149	{
				150	char name, pin;
				151	Buffer msg;
				152
				153	buffer_init(&msg);
				154	name = get_string(NULL);
				155	pin = get_string(NULL);
				156	del_keys_by_name(name);
				157	if (pkcs11_del_provider(name) == 0)
				158	buffer_put_char(&msg, SSH_AGENT_SUCCESS);
				159	else
				160	buffer_put_char(&msg, SSH_AGENT_FAILURE);
Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	161	free(pin);
				162	free(name);
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	163	send_msg(&msg);
				164	buffer_free(&msg);
				165	}
				166
				167	static void
				168	process_sign(void)
				169	{
				170	u_char blob, data, *signature = NULL;
				171	u_int blen, dlen, slen = 0;
Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	172	int ok = -1;
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	173	Key key, found;
				174	Buffer msg;
				175
				176	blob = get_string(&blen);
				177	data = get_string(&dlen);
Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	178	(void)get_int(); /* XXX ignore flags */
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	179
				180	if ((key = key_from_blob(blob, blen)) != NULL) {
				181	if ((found = lookup_key(key)) != NULL) {
Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	182	#ifdef WITH_OPENSSL
				183	int ret;
				184
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	185	slen = RSA_size(key->rsa);
				186	signature = xmalloc(slen);
				187	if ((ret = RSA_private_encrypt(dlen, data, signature,
				188	found->rsa, RSA_PKCS1_PADDING)) != -1) {
				189	slen = ret;
				190	ok = 0;
				191	}
Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	192	#endif /* WITH_OPENSSL */
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	193	}
				194	key_free(key);
				195	}
				196	buffer_init(&msg);
				197	if (ok == 0) {
				198	buffer_put_char(&msg, SSH2_AGENT_SIGN_RESPONSE);
				199	buffer_put_string(&msg, signature, slen);
				200	} else {
				201	buffer_put_char(&msg, SSH_AGENT_FAILURE);
				202	}
Adam Langley	d059297	2015-03-30 14:49:51 -0700	[diff] [blame]	203	free(data);
				204	free(blob);
				205	free(signature);
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	206	send_msg(&msg);
				207	buffer_free(&msg);
				208	}
				209
				210	static void
				211	process(void)
				212	{
				213	u_int msg_len;
				214	u_int buf_len;
				215	u_int consumed;
				216	u_int type;
				217	u_char *cp;
				218
				219	buf_len = buffer_len(&iqueue);
				220	if (buf_len < 5)
				221	return; /* Incomplete message. */
				222	cp = buffer_ptr(&iqueue);
				223	msg_len = get_u32(cp);
				224	if (msg_len > MAX_MSG_LENGTH) {
				225	error("bad message len %d", msg_len);
				226	cleanup_exit(11);
				227	}
				228	if (buf_len < msg_len + 4)
				229	return;
				230	buffer_consume(&iqueue, 4);
				231	buf_len -= 4;
				232	type = buffer_get_char(&iqueue);
				233	switch (type) {
				234	case SSH_AGENTC_ADD_SMARTCARD_KEY:
				235	debug("process_add");
				236	process_add();
				237	break;
				238	case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
				239	debug("process_del");
				240	process_del();
				241	break;
				242	case SSH2_AGENTC_SIGN_REQUEST:
				243	debug("process_sign");
				244	process_sign();
				245	break;
				246	default:
				247	error("Unknown message %d", type);
				248	break;
				249	}
				250	/* discard the remaining bytes from the current packet */
				251	if (buf_len < buffer_len(&iqueue)) {
				252	error("iqueue grew unexpectedly");
				253	cleanup_exit(255);
				254	}
				255	consumed = buf_len - buffer_len(&iqueue);
				256	if (msg_len < consumed) {
				257	error("msg_len %d < consumed %d", msg_len, consumed);
				258	cleanup_exit(255);
				259	}
				260	if (msg_len > consumed)
				261	buffer_consume(&iqueue, msg_len - consumed);
				262	}
				263
				264	void
				265	cleanup_exit(int i)
				266	{
				267	/* XXX */
				268	_exit(i);
				269	}
				270
				271	int
				272	main(int argc, char **argv)
				273	{
				274	fd_set rset, wset;
				275	int in, out, max, log_stderr = 0;
				276	ssize_t len, olen, set_size;
				277	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
				278	LogLevel log_level = SYSLOG_LEVEL_ERROR;
				279	char buf[4*4096];
				280
Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame]	281	extern char *__progname;
				282
				283	TAILQ_INIT(&pkcs11_keylist);
				284	pkcs11_init(0);
				285
				286	seed_rng();
				287	__progname = ssh_get_progname(argv[0]);
				288
				289	log_init(__progname, log_level, log_facility, log_stderr);
				290
				291	in = STDIN_FILENO;
				292	out = STDOUT_FILENO;
				293
				294	max = 0;
				295	if (in > max)
				296	max = in;
				297	if (out > max)
				298	max = out;
				299
				300	buffer_init(&iqueue);
				301	buffer_init(&oqueue);
				302
				303	set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
				304	rset = (fd_set *)xmalloc(set_size);
				305	wset = (fd_set *)xmalloc(set_size);
				306
				307	for (;;) {
				308	memset(rset, 0, set_size);
				309	memset(wset, 0, set_size);
				310
				311	/*
				312	* Ensure that we can read a full buffer and handle
				313	* the worst-case length packet it can generate,
				314	* otherwise apply backpressure by stopping reads.
				315	*/
				316	if (buffer_check_alloc(&iqueue, sizeof(buf)) &&
				317	buffer_check_alloc(&oqueue, MAX_MSG_LENGTH))
				318	FD_SET(in, rset);
				319
				320	olen = buffer_len(&oqueue);
				321	if (olen > 0)
				322	FD_SET(out, wset);
				323
				324	if (select(max+1, rset, wset, NULL, NULL) < 0) {
				325	if (errno == EINTR)
				326	continue;
				327	error("select: %s", strerror(errno));
				328	cleanup_exit(2);
				329	}
				330
				331	/* copy stdin to iqueue */
				332	if (FD_ISSET(in, rset)) {
				333	len = read(in, buf, sizeof buf);
				334	if (len == 0) {
				335	debug("read eof");
				336	cleanup_exit(0);
				337	} else if (len < 0) {
				338	error("read: %s", strerror(errno));
				339	cleanup_exit(1);
				340	} else {
				341	buffer_append(&iqueue, buf, len);
				342	}
				343	}
				344	/* send oqueue to stdout */
				345	if (FD_ISSET(out, wset)) {
				346	len = write(out, buffer_ptr(&oqueue), olen);
				347	if (len < 0) {
				348	error("write: %s", strerror(errno));
				349	cleanup_exit(1);
				350	} else {
				351	buffer_consume(&oqueue, len);
				352	}
				353	}
				354
				355	/*
				356	* Process requests from client if we can fit the results
				357	* into the output buffer, otherwise stop processing input
				358	* and let the output queue drain.
				359	*/
				360	if (buffer_check_alloc(&oqueue, MAX_MSG_LENGTH))
				361	process();
				362	}
				363	}
				364	#else /* ENABLE_PKCS11 */
				365	int
				366	main(int argc, char **argv)
				367	{
				368	extern char *__progname;
				369
				370	__progname = ssh_get_progname(argv[0]);
				371	log_init(__progname, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTH, 0);
				372	fatal("PKCS#11 support disabled at compile time");
				373	}
				374	#endif /* ENABLE_PKCS11 */