blob: 735c6478096495fa392c74d1a1cdb8f73a405f90 [file] [log] [blame]
Damien Millerd7834352006-08-05 12:39:39 +10001/* $OpenBSD: authfile.c,v 1.76 2006/08/03 03:34:41 deraadt Exp $ */
Damien Millerd4a8b7e1999-10-27 13:42:43 +10002/*
Damien Miller95def091999-11-25 00:26:21 +11003 * Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller95def091999-11-25 00:26:21 +11004 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
Damien Miller95def091999-11-25 00:26:21 +11006 * This file contains functions for reading and writing identity files, and
7 * for reading the passphrase from the user.
Damien Miller4af51302000-04-16 11:18:38 +10008 *
Damien Millere4340be2000-09-16 13:29:08 +11009 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose. Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell".
14 *
15 *
16 * Copyright (c) 2000 Markus Friedl. All rights reserved.
17 *
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted provided that the following conditions
20 * are met:
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 * 2. Redistributions in binary form must reproduce the above copyright
24 * notice, this list of conditions and the following disclaimer in the
25 * documentation and/or other materials provided with the distribution.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller95def091999-11-25 00:26:21 +110037 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100038
39#include "includes.h"
Damien Millerf17883e2006-03-15 11:45:54 +110040
41#include <sys/types.h>
42#include <sys/stat.h>
Damien Miller8dbffe72006-08-05 11:02:17 +100043#include <sys/param.h>
Damien Millerd7834352006-08-05 12:39:39 +100044#include <sys/uio.h>
Damien Millerd4a8b7e1999-10-27 13:42:43 +100045
Damien Miller0bc1bd82000-11-13 22:57:25 +110046#include <openssl/err.h>
Damien Millereba71ba2000-04-29 23:57:08 +100047#include <openssl/evp.h>
Ben Lindstrom226cfa02001-01-22 05:34:40 +000048#include <openssl/pem.h>
Damien Millereba71ba2000-04-29 23:57:08 +100049
Darren Tuckerba724052006-07-12 22:24:22 +100050#include <errno.h>
Damien Miller57cf6382006-07-10 21:13:46 +100051#include <fcntl.h>
Damien Millerded319c2006-09-01 15:38:36 +100052#include <stdarg.h>
Damien Millera7a73ee2006-08-05 11:37:59 +100053#include <stdio.h>
Damien Millere7a1e5c2006-08-05 11:34:19 +100054#include <stdlib.h>
Damien Millere3476ed2006-07-24 14:13:33 +100055#include <string.h>
Damien Millere6b3b612006-07-24 14:01:23 +100056#include <unistd.h>
Damien Miller57cf6382006-07-10 21:13:46 +100057
Damien Millerd4a8b7e1999-10-27 13:42:43 +100058#include "xmalloc.h"
Damien Millerd7834352006-08-05 12:39:39 +100059#include "cipher.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100060#include "buffer.h"
Damien Millereba71ba2000-04-29 23:57:08 +100061#include "key.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000062#include "ssh.h"
63#include "log.h"
Ben Lindstrom31ca54a2001-02-09 02:11:24 +000064#include "authfile.h"
Damien Miller040b64f2002-01-22 23:10:04 +110065#include "rsa.h"
Darren Tuckerf0f90982004-12-11 13:39:50 +110066#include "misc.h"
Damien Millereccb9de2005-06-17 12:59:34 +100067#include "atomicio.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100068
Ben Lindstromd0fca422001-03-26 13:44:06 +000069/* Version identification string for SSH v1 identity files. */
Ben Lindstrom1170d712001-01-29 07:51:26 +000070static const char authfile_id_string[] =
71 "SSH PRIVATE KEY FILE FORMAT 1.1\n";
Damien Millerd4a8b7e1999-10-27 13:42:43 +100072
Damien Miller5428f641999-11-25 11:54:57 +110073/*
74 * Saves the authentication (private) key in a file, encrypting it with
75 * passphrase. The identification of the file (lowest 64 bits of n) will
76 * precede the key to provide identification of the key without needing a
77 * passphrase.
78 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100079
Ben Lindstrombba81212001-06-25 05:01:22 +000080static int
Ben Lindstromd0fca422001-03-26 13:44:06 +000081key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
82 const char *comment)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100083{
Damien Miller95def091999-11-25 00:26:21 +110084 Buffer buffer, encrypted;
Damien Miller708d21c2002-01-22 23:18:15 +110085 u_char buf[100], *cp;
Damien Miller963f6b22002-02-19 15:21:23 +110086 int fd, i, cipher_num;
Damien Miller874d77b2000-10-14 16:23:11 +110087 CipherContext ciphercontext;
88 Cipher *cipher;
Darren Tucker3f9fdc72004-06-22 12:56:01 +100089 u_int32_t rnd;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100090
Damien Miller5428f641999-11-25 11:54:57 +110091 /*
92 * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
93 * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
94 */
Damien Miller963f6b22002-02-19 15:21:23 +110095 cipher_num = (strcmp(passphrase, "") == 0) ?
96 SSH_CIPHER_NONE : SSH_AUTHFILE_CIPHER;
97 if ((cipher = cipher_by_number(cipher_num)) == NULL)
Damien Miller874d77b2000-10-14 16:23:11 +110098 fatal("save_private_key_rsa: bad cipher");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100099
Damien Miller95def091999-11-25 00:26:21 +1100100 /* This buffer is used to built the secret part of the private key. */
101 buffer_init(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000102
Damien Miller95def091999-11-25 00:26:21 +1100103 /* Put checkbytes for checking passphrase validity. */
Darren Tucker3f9fdc72004-06-22 12:56:01 +1000104 rnd = arc4random();
105 buf[0] = rnd & 0xff;
106 buf[1] = (rnd >> 8) & 0xff;
Damien Miller95def091999-11-25 00:26:21 +1100107 buf[2] = buf[0];
108 buf[3] = buf[1];
109 buffer_append(&buffer, buf, 4);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000110
Damien Miller5428f641999-11-25 11:54:57 +1100111 /*
112 * Store the private key (n and e will not be stored because they
113 * will be stored in plain text, and storing them also in encrypted
114 * format would just give known plaintext).
115 */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000116 buffer_put_bignum(&buffer, key->rsa->d);
117 buffer_put_bignum(&buffer, key->rsa->iqmp);
118 buffer_put_bignum(&buffer, key->rsa->q); /* reverse from SSL p */
119 buffer_put_bignum(&buffer, key->rsa->p); /* reverse from SSL q */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000120
Damien Miller95def091999-11-25 00:26:21 +1100121 /* Pad the part to be encrypted until its size is a multiple of 8. */
122 while (buffer_len(&buffer) % 8 != 0)
123 buffer_put_char(&buffer, 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000124
Damien Miller95def091999-11-25 00:26:21 +1100125 /* This buffer will be used to contain the data in the file. */
126 buffer_init(&encrypted);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000127
Damien Miller95def091999-11-25 00:26:21 +1100128 /* First store keyfile id string. */
Ben Lindstrom1170d712001-01-29 07:51:26 +0000129 for (i = 0; authfile_id_string[i]; i++)
130 buffer_put_char(&encrypted, authfile_id_string[i]);
Damien Miller95def091999-11-25 00:26:21 +1100131 buffer_put_char(&encrypted, 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000132
Damien Miller95def091999-11-25 00:26:21 +1100133 /* Store cipher type. */
Damien Miller963f6b22002-02-19 15:21:23 +1100134 buffer_put_char(&encrypted, cipher_num);
Damien Miller95def091999-11-25 00:26:21 +1100135 buffer_put_int(&encrypted, 0); /* For future extension */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000136
Damien Miller95def091999-11-25 00:26:21 +1100137 /* Store public key. This will be in plain text. */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000138 buffer_put_int(&encrypted, BN_num_bits(key->rsa->n));
139 buffer_put_bignum(&encrypted, key->rsa->n);
140 buffer_put_bignum(&encrypted, key->rsa->e);
Ben Lindstrom664408d2001-06-09 01:42:01 +0000141 buffer_put_cstring(&encrypted, comment);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000142
Damien Miller95def091999-11-25 00:26:21 +1100143 /* Allocate space for the private part of the key in the buffer. */
Damien Miller5a6b4fe2001-12-21 14:56:54 +1100144 cp = buffer_append_space(&encrypted, buffer_len(&buffer));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000145
Damien Miller963f6b22002-02-19 15:21:23 +1100146 cipher_set_key_string(&ciphercontext, cipher, passphrase,
147 CIPHER_ENCRYPT);
148 cipher_crypt(&ciphercontext, cp,
Damien Miller708d21c2002-01-22 23:18:15 +1100149 buffer_ptr(&buffer), buffer_len(&buffer));
Damien Miller963f6b22002-02-19 15:21:23 +1100150 cipher_cleanup(&ciphercontext);
Damien Miller874d77b2000-10-14 16:23:11 +1100151 memset(&ciphercontext, 0, sizeof(ciphercontext));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000152
Damien Miller95def091999-11-25 00:26:21 +1100153 /* Destroy temporary data. */
154 memset(buf, 0, sizeof(buf));
155 buffer_free(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000156
Damien Miller037a0dc1999-12-07 15:38:31 +1100157 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
Ben Lindstrom15f33862001-04-16 02:00:02 +0000158 if (fd < 0) {
159 error("open %s failed: %s.", filename, strerror(errno));
Darren Tuckerd1d41b32003-09-22 21:01:27 +1000160 buffer_free(&encrypted);
Damien Miller95def091999-11-25 00:26:21 +1100161 return 0;
Ben Lindstrom15f33862001-04-16 02:00:02 +0000162 }
Damien Millereccb9de2005-06-17 12:59:34 +1000163 if (atomicio(vwrite, fd, buffer_ptr(&encrypted),
164 buffer_len(&encrypted)) != buffer_len(&encrypted)) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000165 error("write to key file %s failed: %s", filename,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100166 strerror(errno));
Damien Miller95def091999-11-25 00:26:21 +1100167 buffer_free(&encrypted);
Damien Miller037a0dc1999-12-07 15:38:31 +1100168 close(fd);
Damien Miller78315eb2000-09-29 23:01:36 +1100169 unlink(filename);
Damien Miller95def091999-11-25 00:26:21 +1100170 return 0;
171 }
Damien Miller037a0dc1999-12-07 15:38:31 +1100172 close(fd);
Damien Miller95def091999-11-25 00:26:21 +1100173 buffer_free(&encrypted);
174 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000175}
176
Ben Lindstromd0fca422001-03-26 13:44:06 +0000177/* save SSH v2 key in OpenSSL PEM format */
Ben Lindstrombba81212001-06-25 05:01:22 +0000178static int
Ben Lindstromd0fca422001-03-26 13:44:06 +0000179key_save_private_pem(Key *key, const char *filename, const char *_passphrase,
180 const char *comment)
Damien Millereba71ba2000-04-29 23:57:08 +1000181{
182 FILE *fp;
183 int fd;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100184 int success = 0;
185 int len = strlen(_passphrase);
Ben Lindstrom90fd8142002-02-26 18:09:42 +0000186 u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL;
Ben Lindstrom80cb27d2002-03-05 01:33:36 +0000187 const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
Damien Millereba71ba2000-04-29 23:57:08 +1000188
189 if (len > 0 && len <= 4) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000190 error("passphrase too short: have %d bytes, need > 4", len);
Damien Millereba71ba2000-04-29 23:57:08 +1000191 return 0;
192 }
193 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
194 if (fd < 0) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000195 error("open %s failed: %s.", filename, strerror(errno));
Damien Millereba71ba2000-04-29 23:57:08 +1000196 return 0;
197 }
198 fp = fdopen(fd, "w");
Damien Miller4dec5d72006-08-05 11:38:40 +1000199 if (fp == NULL) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000200 error("fdopen %s failed: %s.", filename, strerror(errno));
Damien Millereba71ba2000-04-29 23:57:08 +1000201 close(fd);
202 return 0;
203 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100204 switch (key->type) {
Ben Lindstromc1116602001-03-29 00:28:37 +0000205 case KEY_DSA:
206 success = PEM_write_DSAPrivateKey(fp, key->dsa,
207 cipher, passphrase, len, NULL, NULL);
208 break;
209 case KEY_RSA:
210 success = PEM_write_RSAPrivateKey(fp, key->rsa,
211 cipher, passphrase, len, NULL, NULL);
212 break;
Damien Millereba71ba2000-04-29 23:57:08 +1000213 }
214 fclose(fp);
215 return success;
216}
217
218int
Ben Lindstromd0fca422001-03-26 13:44:06 +0000219key_save_private(Key *key, const char *filename, const char *passphrase,
Damien Millereba71ba2000-04-29 23:57:08 +1000220 const char *comment)
221{
222 switch (key->type) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100223 case KEY_RSA1:
Ben Lindstromd0fca422001-03-26 13:44:06 +0000224 return key_save_private_rsa1(key, filename, passphrase,
225 comment);
Damien Millereba71ba2000-04-29 23:57:08 +1000226 case KEY_DSA:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100227 case KEY_RSA:
Ben Lindstromd0fca422001-03-26 13:44:06 +0000228 return key_save_private_pem(key, filename, passphrase,
229 comment);
Damien Millereba71ba2000-04-29 23:57:08 +1000230 default:
231 break;
232 }
Ben Lindstrom15f33862001-04-16 02:00:02 +0000233 error("key_save_private: cannot save key type %d", key->type);
Damien Millereba71ba2000-04-29 23:57:08 +1000234 return 0;
235}
236
Damien Miller5428f641999-11-25 11:54:57 +1100237/*
Ben Lindstromd0fca422001-03-26 13:44:06 +0000238 * Loads the public part of the ssh v1 key file. Returns NULL if an error was
239 * encountered (the file does not exist or is not readable), and the key
Damien Miller5428f641999-11-25 11:54:57 +1100240 * otherwise.
241 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000242
Ben Lindstrombba81212001-06-25 05:01:22 +0000243static Key *
Ben Lindstromd0fca422001-03-26 13:44:06 +0000244key_load_public_rsa1(int fd, const char *filename, char **commentp)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000245{
Damien Miller95def091999-11-25 00:26:21 +1100246 Buffer buffer;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000247 Key *pub;
Ben Lindstrom44adb8f2002-12-23 02:00:23 +0000248 struct stat st;
Damien Miller95def091999-11-25 00:26:21 +1100249 char *cp;
Damien Millereccb9de2005-06-17 12:59:34 +1000250 u_int i;
Darren Tucker1f8311c2004-05-13 16:39:33 +1000251 size_t len;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000252
Ben Lindstrom44adb8f2002-12-23 02:00:23 +0000253 if (fstat(fd, &st) < 0) {
254 error("fstat for key file %.200s failed: %.100s",
255 filename, strerror(errno));
256 return NULL;
257 }
Darren Tuckerf4b43712004-08-29 16:28:39 +1000258 if (st.st_size > 1*1024*1024) {
259 error("key file %.200s too large", filename);
260 return NULL;
261 }
Darren Tucker1f8311c2004-05-13 16:39:33 +1000262 len = (size_t)st.st_size; /* truncated */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000263
Damien Miller95def091999-11-25 00:26:21 +1100264 buffer_init(&buffer);
Damien Miller5a6b4fe2001-12-21 14:56:54 +1100265 cp = buffer_append_space(&buffer, len);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000266
Damien Millereccb9de2005-06-17 12:59:34 +1000267 if (atomicio(read, fd, cp, len) != len) {
Damien Miller95def091999-11-25 00:26:21 +1100268 debug("Read from key file %.200s failed: %.100s", filename,
Damien Millereba71ba2000-04-29 23:57:08 +1000269 strerror(errno));
Damien Miller95def091999-11-25 00:26:21 +1100270 buffer_free(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000271 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100272 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000273
Ben Lindstrom1170d712001-01-29 07:51:26 +0000274 /* Check that it is at least big enough to contain the ID string. */
275 if (len < sizeof(authfile_id_string)) {
Damien Miller058655c2001-10-10 15:03:36 +1000276 debug3("Not a RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100277 buffer_free(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000278 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100279 }
Damien Miller5428f641999-11-25 11:54:57 +1100280 /*
281 * Make sure it begins with the id string. Consume the id string
282 * from the buffer.
283 */
Ben Lindstrom1170d712001-01-29 07:51:26 +0000284 for (i = 0; i < sizeof(authfile_id_string); i++)
285 if (buffer_get_char(&buffer) != authfile_id_string[i]) {
Damien Miller058655c2001-10-10 15:03:36 +1000286 debug3("Not a RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100287 buffer_free(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000288 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100289 }
290 /* Skip cipher type and reserved data. */
291 (void) buffer_get_char(&buffer); /* cipher type */
292 (void) buffer_get_int(&buffer); /* reserved */
293
294 /* Read the public key from the buffer. */
Ben Lindstromc5a7f4f2002-06-25 23:19:13 +0000295 (void) buffer_get_int(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000296 pub = key_new(KEY_RSA1);
297 buffer_get_bignum(&buffer, pub->rsa->n);
298 buffer_get_bignum(&buffer, pub->rsa->e);
299 if (commentp)
300 *commentp = buffer_get_string(&buffer, NULL);
Damien Miller95def091999-11-25 00:26:21 +1100301 /* The encrypted private part is not parsed by this function. */
302
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000303 buffer_free(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000304 return pub;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000305}
306
Ben Lindstromd0fca422001-03-26 13:44:06 +0000307/* load public key from private-key file, works only for SSH v1 */
308Key *
309key_load_public_type(int type, const char *filename, char **commentp)
Damien Millereba71ba2000-04-29 23:57:08 +1000310{
Ben Lindstromd0fca422001-03-26 13:44:06 +0000311 Key *pub;
312 int fd;
313
314 if (type == KEY_RSA1) {
315 fd = open(filename, O_RDONLY);
316 if (fd < 0)
317 return NULL;
318 pub = key_load_public_rsa1(fd, filename, commentp);
319 close(fd);
320 return pub;
Damien Millereba71ba2000-04-29 23:57:08 +1000321 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000322 return NULL;
Damien Millereba71ba2000-04-29 23:57:08 +1000323}
324
Damien Miller5428f641999-11-25 11:54:57 +1100325/*
326 * Loads the private key from the file. Returns 0 if an error is encountered
327 * (file does not exist or is not readable, or passphrase is bad). This
328 * initializes the private key.
329 * Assumes we are called under uid of the owner of the file.
330 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000331
Ben Lindstrombba81212001-06-25 05:01:22 +0000332static Key *
Ben Lindstromd0fca422001-03-26 13:44:06 +0000333key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
334 char **commentp)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000335{
Damien Millereccb9de2005-06-17 12:59:34 +1000336 u_int i;
337 int check1, check2, cipher_type;
Darren Tucker1f8311c2004-05-13 16:39:33 +1000338 size_t len;
Damien Miller95def091999-11-25 00:26:21 +1100339 Buffer buffer, decrypted;
Damien Miller708d21c2002-01-22 23:18:15 +1100340 u_char *cp;
Damien Miller874d77b2000-10-14 16:23:11 +1100341 CipherContext ciphercontext;
342 Cipher *cipher;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000343 Key *prv = NULL;
Ben Lindstrom44adb8f2002-12-23 02:00:23 +0000344 struct stat st;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000345
Ben Lindstrom44adb8f2002-12-23 02:00:23 +0000346 if (fstat(fd, &st) < 0) {
347 error("fstat for key file %.200s failed: %.100s",
348 filename, strerror(errno));
349 close(fd);
350 return NULL;
351 }
Darren Tucker1f8311c2004-05-13 16:39:33 +1000352 if (st.st_size > 1*1024*1024) {
Darren Tuckerf4b43712004-08-29 16:28:39 +1000353 error("key file %.200s too large", filename);
Darren Tucker1f8311c2004-05-13 16:39:33 +1000354 close(fd);
355 return (NULL);
356 }
357 len = (size_t)st.st_size; /* truncated */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000358
Damien Miller95def091999-11-25 00:26:21 +1100359 buffer_init(&buffer);
Damien Miller5a6b4fe2001-12-21 14:56:54 +1100360 cp = buffer_append_space(&buffer, len);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000361
Damien Millereccb9de2005-06-17 12:59:34 +1000362 if (atomicio(read, fd, cp, len) != len) {
Damien Miller95def091999-11-25 00:26:21 +1100363 debug("Read from key file %.200s failed: %.100s", filename,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100364 strerror(errno));
Damien Miller95def091999-11-25 00:26:21 +1100365 buffer_free(&buffer);
Damien Miller037a0dc1999-12-07 15:38:31 +1100366 close(fd);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000367 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100368 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000369
Ben Lindstrom1170d712001-01-29 07:51:26 +0000370 /* Check that it is at least big enough to contain the ID string. */
371 if (len < sizeof(authfile_id_string)) {
Damien Miller058655c2001-10-10 15:03:36 +1000372 debug3("Not a RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100373 buffer_free(&buffer);
Ben Lindstromb257cca2001-03-05 04:59:27 +0000374 close(fd);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000375 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100376 }
Damien Miller5428f641999-11-25 11:54:57 +1100377 /*
378 * Make sure it begins with the id string. Consume the id string
379 * from the buffer.
380 */
Ben Lindstrom1170d712001-01-29 07:51:26 +0000381 for (i = 0; i < sizeof(authfile_id_string); i++)
382 if (buffer_get_char(&buffer) != authfile_id_string[i]) {
Damien Miller058655c2001-10-10 15:03:36 +1000383 debug3("Not a RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100384 buffer_free(&buffer);
Ben Lindstromb257cca2001-03-05 04:59:27 +0000385 close(fd);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000386 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100387 }
Ben Lindstromb257cca2001-03-05 04:59:27 +0000388
Damien Miller95def091999-11-25 00:26:21 +1100389 /* Read cipher type. */
390 cipher_type = buffer_get_char(&buffer);
391 (void) buffer_get_int(&buffer); /* Reserved data. */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000392
Damien Miller95def091999-11-25 00:26:21 +1100393 /* Read the public key from the buffer. */
Ben Lindstromc5a7f4f2002-06-25 23:19:13 +0000394 (void) buffer_get_int(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000395 prv = key_new_private(KEY_RSA1);
396
397 buffer_get_bignum(&buffer, prv->rsa->n);
398 buffer_get_bignum(&buffer, prv->rsa->e);
399 if (commentp)
400 *commentp = buffer_get_string(&buffer, NULL);
Damien Miller95def091999-11-25 00:26:21 +1100401 else
402 xfree(buffer_get_string(&buffer, NULL));
403
404 /* Check that it is a supported cipher. */
Damien Miller874d77b2000-10-14 16:23:11 +1100405 cipher = cipher_by_number(cipher_type);
406 if (cipher == NULL) {
407 debug("Unsupported cipher %d used in key file %.200s.",
408 cipher_type, filename);
Damien Miller95def091999-11-25 00:26:21 +1100409 buffer_free(&buffer);
410 goto fail;
411 }
412 /* Initialize space for decrypted data. */
413 buffer_init(&decrypted);
Damien Miller5a6b4fe2001-12-21 14:56:54 +1100414 cp = buffer_append_space(&decrypted, buffer_len(&buffer));
Damien Miller95def091999-11-25 00:26:21 +1100415
416 /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
Damien Miller963f6b22002-02-19 15:21:23 +1100417 cipher_set_key_string(&ciphercontext, cipher, passphrase,
418 CIPHER_DECRYPT);
419 cipher_crypt(&ciphercontext, cp,
Damien Miller708d21c2002-01-22 23:18:15 +1100420 buffer_ptr(&buffer), buffer_len(&buffer));
Damien Miller963f6b22002-02-19 15:21:23 +1100421 cipher_cleanup(&ciphercontext);
Damien Miller874d77b2000-10-14 16:23:11 +1100422 memset(&ciphercontext, 0, sizeof(ciphercontext));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000423 buffer_free(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000424
Damien Miller95def091999-11-25 00:26:21 +1100425 check1 = buffer_get_char(&decrypted);
426 check2 = buffer_get_char(&decrypted);
427 if (check1 != buffer_get_char(&decrypted) ||
428 check2 != buffer_get_char(&decrypted)) {
429 if (strcmp(passphrase, "") != 0)
Ben Lindstromd0fca422001-03-26 13:44:06 +0000430 debug("Bad passphrase supplied for key file %.200s.",
431 filename);
Damien Miller95def091999-11-25 00:26:21 +1100432 /* Bad passphrase. */
433 buffer_free(&decrypted);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000434 goto fail;
Damien Miller95def091999-11-25 00:26:21 +1100435 }
436 /* Read the rest of the private key. */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000437 buffer_get_bignum(&decrypted, prv->rsa->d);
438 buffer_get_bignum(&decrypted, prv->rsa->iqmp); /* u */
439 /* in SSL and SSH v1 p and q are exchanged */
440 buffer_get_bignum(&decrypted, prv->rsa->q); /* p */
441 buffer_get_bignum(&decrypted, prv->rsa->p); /* q */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000442
Ben Lindstromd0fca422001-03-26 13:44:06 +0000443 /* calculate p-1 and q-1 */
Damien Millerda755162002-01-22 23:09:22 +1100444 rsa_generate_additional_parameters(prv->rsa);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000445
Damien Miller95def091999-11-25 00:26:21 +1100446 buffer_free(&decrypted);
Damien Millered33d3b2003-03-15 11:36:18 +1100447
448 /* enable blinding */
449 if (RSA_blinding_on(prv->rsa, NULL) != 1) {
450 error("key_load_private_rsa1: RSA_blinding_on failed");
451 goto fail;
452 }
Ben Lindstromb257cca2001-03-05 04:59:27 +0000453 close(fd);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000454 return prv;
455
456fail:
457 if (commentp)
458 xfree(*commentp);
459 close(fd);
460 key_free(prv);
461 return NULL;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000462}
Damien Millereba71ba2000-04-29 23:57:08 +1000463
Ben Lindstrom1bad2562002-06-06 19:57:33 +0000464Key *
Ben Lindstromd0fca422001-03-26 13:44:06 +0000465key_load_private_pem(int fd, int type, const char *passphrase,
466 char **commentp)
Damien Millereba71ba2000-04-29 23:57:08 +1000467{
Damien Millereba71ba2000-04-29 23:57:08 +1000468 FILE *fp;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100469 EVP_PKEY *pk = NULL;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000470 Key *prv = NULL;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100471 char *name = "<no key>";
Damien Millereba71ba2000-04-29 23:57:08 +1000472
Damien Millereba71ba2000-04-29 23:57:08 +1000473 fp = fdopen(fd, "r");
474 if (fp == NULL) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000475 error("fdopen failed: %s", strerror(errno));
Ben Lindstromb257cca2001-03-05 04:59:27 +0000476 close(fd);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000477 return NULL;
Damien Millereba71ba2000-04-29 23:57:08 +1000478 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100479 pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
480 if (pk == NULL) {
Ben Lindstrom648772f2001-04-19 20:47:10 +0000481 debug("PEM_read_PrivateKey failed");
Damien Miller0bc1bd82000-11-13 22:57:25 +1100482 (void)ERR_get_error();
Ben Lindstromd0fca422001-03-26 13:44:06 +0000483 } else if (pk->type == EVP_PKEY_RSA &&
Damien Miller9f0f5c62001-12-21 14:45:46 +1100484 (type == KEY_UNSPEC||type==KEY_RSA)) {
Ben Lindstromd0fca422001-03-26 13:44:06 +0000485 prv = key_new(KEY_UNSPEC);
486 prv->rsa = EVP_PKEY_get1_RSA(pk);
487 prv->type = KEY_RSA;
488 name = "rsa w/o comment";
Damien Miller0bc1bd82000-11-13 22:57:25 +1100489#ifdef DEBUG_PK
Ben Lindstromd0fca422001-03-26 13:44:06 +0000490 RSA_print_fp(stderr, prv->rsa, 8);
Damien Millereba71ba2000-04-29 23:57:08 +1000491#endif
Damien Millered33d3b2003-03-15 11:36:18 +1100492 if (RSA_blinding_on(prv->rsa, NULL) != 1) {
493 error("key_load_private_pem: RSA_blinding_on failed");
494 key_free(prv);
495 prv = NULL;
496 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000497 } else if (pk->type == EVP_PKEY_DSA &&
Damien Miller9f0f5c62001-12-21 14:45:46 +1100498 (type == KEY_UNSPEC||type==KEY_DSA)) {
Ben Lindstromd0fca422001-03-26 13:44:06 +0000499 prv = key_new(KEY_UNSPEC);
500 prv->dsa = EVP_PKEY_get1_DSA(pk);
501 prv->type = KEY_DSA;
502 name = "dsa w/o comment";
Damien Miller0bc1bd82000-11-13 22:57:25 +1100503#ifdef DEBUG_PK
Ben Lindstromd0fca422001-03-26 13:44:06 +0000504 DSA_print_fp(stderr, prv->dsa, 8);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100505#endif
Damien Miller0bc1bd82000-11-13 22:57:25 +1100506 } else {
507 error("PEM_read_PrivateKey: mismatch or "
508 "unknown EVP_PKEY save_type %d", pk->save_type);
509 }
510 fclose(fp);
511 if (pk != NULL)
512 EVP_PKEY_free(pk);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000513 if (prv != NULL && commentp)
514 *commentp = xstrdup(name);
515 debug("read PEM private key done: type %s",
516 prv ? key_type(prv) : "<unknown>");
517 return prv;
Damien Millereba71ba2000-04-29 23:57:08 +1000518}
519
Damien Miller8275fad2006-03-15 12:06:23 +1100520int
Ben Lindstromd0fca422001-03-26 13:44:06 +0000521key_perm_ok(int fd, const char *filename)
Damien Millereba71ba2000-04-29 23:57:08 +1000522{
Damien Millereba71ba2000-04-29 23:57:08 +1000523 struct stat st;
524
Ben Lindstrom7aff2612001-09-23 13:53:22 +0000525 if (fstat(fd, &st) < 0)
526 return 0;
527 /*
528 * if a key owned by the user is accessed, then we check the
529 * permissions of the file. if the key owned by a different user,
530 * then we don't care.
531 */
Damien Millerb70b61f2000-09-16 16:25:12 +1100532#ifdef HAVE_CYGWIN
Damien Millercb5e44a2000-09-29 12:12:36 +1100533 if (check_ntsec(filename))
Damien Millerb70b61f2000-09-16 16:25:12 +1100534#endif
Ben Lindstrom7aff2612001-09-23 13:53:22 +0000535 if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
Damien Millereba71ba2000-04-29 23:57:08 +1000536 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
537 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
538 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
Ben Lindstrom7aff2612001-09-23 13:53:22 +0000539 error("Permissions 0%3.3o for '%s' are too open.",
Damien Miller04bd8b02003-05-25 14:38:33 +1000540 (u_int)st.st_mode & 0777, filename);
Damien Millereba71ba2000-04-29 23:57:08 +1000541 error("It is recommended that your private key files are NOT accessible by others.");
Ben Lindstromd0fca422001-03-26 13:44:06 +0000542 error("This private key will be ignored.");
Damien Millereba71ba2000-04-29 23:57:08 +1000543 return 0;
544 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000545 return 1;
546}
Ben Lindstromb257cca2001-03-05 04:59:27 +0000547
Ben Lindstromd0fca422001-03-26 13:44:06 +0000548Key *
549key_load_private_type(int type, const char *filename, const char *passphrase,
Darren Tucker232b76f2006-05-06 17:41:51 +1000550 char **commentp, int *perm_ok)
Ben Lindstromd0fca422001-03-26 13:44:06 +0000551{
552 int fd;
553
554 fd = open(filename, O_RDONLY);
555 if (fd < 0)
556 return NULL;
557 if (!key_perm_ok(fd, filename)) {
Darren Tucker232b76f2006-05-06 17:41:51 +1000558 if (perm_ok != NULL)
559 *perm_ok = 0;
Ben Lindstrom15f33862001-04-16 02:00:02 +0000560 error("bad permissions: ignore key: %s", filename);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000561 close(fd);
562 return NULL;
563 }
Darren Tucker232b76f2006-05-06 17:41:51 +1000564 if (perm_ok != NULL)
565 *perm_ok = 1;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000566 switch (type) {
567 case KEY_RSA1:
568 return key_load_private_rsa1(fd, filename, passphrase,
569 commentp);
570 /* closes fd */
Damien Millereba71ba2000-04-29 23:57:08 +1000571 case KEY_DSA:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100572 case KEY_RSA:
573 case KEY_UNSPEC:
Ben Lindstromd0fca422001-03-26 13:44:06 +0000574 return key_load_private_pem(fd, type, passphrase, commentp);
575 /* closes fd */
Damien Millereba71ba2000-04-29 23:57:08 +1000576 default:
Ben Lindstromb257cca2001-03-05 04:59:27 +0000577 close(fd);
Damien Millereba71ba2000-04-29 23:57:08 +1000578 break;
579 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000580 return NULL;
581}
582
583Key *
584key_load_private(const char *filename, const char *passphrase,
585 char **commentp)
586{
Ben Lindstrom322915d2001-06-05 20:46:32 +0000587 Key *pub, *prv;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000588 int fd;
589
590 fd = open(filename, O_RDONLY);
591 if (fd < 0)
592 return NULL;
593 if (!key_perm_ok(fd, filename)) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000594 error("bad permissions: ignore key: %s", filename);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000595 close(fd);
596 return NULL;
597 }
598 pub = key_load_public_rsa1(fd, filename, commentp);
599 lseek(fd, (off_t) 0, SEEK_SET); /* rewind */
600 if (pub == NULL) {
601 /* closes fd */
Ben Lindstrom322915d2001-06-05 20:46:32 +0000602 prv = key_load_private_pem(fd, KEY_UNSPEC, passphrase, NULL);
603 /* use the filename as a comment for PEM */
604 if (commentp && prv)
Ben Lindstrom2d0356f2001-06-05 21:13:57 +0000605 *commentp = xstrdup(filename);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000606 } else {
607 /* it's a SSH v1 key if the public key part is readable */
608 key_free(pub);
609 /* closes fd */
Ben Lindstrom322915d2001-06-05 20:46:32 +0000610 prv = key_load_private_rsa1(fd, filename, passphrase, NULL);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000611 }
Ben Lindstrom322915d2001-06-05 20:46:32 +0000612 return prv;
Damien Millereba71ba2000-04-29 23:57:08 +1000613}
Damien Millere4340be2000-09-16 13:29:08 +1100614
Ben Lindstrombba81212001-06-25 05:01:22 +0000615static int
Ben Lindstromd0fca422001-03-26 13:44:06 +0000616key_try_load_public(Key *k, const char *filename, char **commentp)
Damien Millere4340be2000-09-16 13:29:08 +1100617{
618 FILE *f;
Darren Tucker22cc7412004-12-06 22:47:41 +1100619 char line[SSH_MAX_PUBKEY_BYTES];
Damien Millere4340be2000-09-16 13:29:08 +1100620 char *cp;
Darren Tuckerf0f90982004-12-11 13:39:50 +1100621 u_long linenum = 0;
Damien Millere4340be2000-09-16 13:29:08 +1100622
623 f = fopen(filename, "r");
624 if (f != NULL) {
Darren Tucker22cc7412004-12-06 22:47:41 +1100625 while (read_keyfile_line(f, filename, line, sizeof(line),
626 &linenum) != -1) {
Damien Millere4340be2000-09-16 13:29:08 +1100627 cp = line;
Ben Lindstrom1c37c6a2001-12-06 18:00:18 +0000628 switch (*cp) {
Damien Millere4340be2000-09-16 13:29:08 +1100629 case '#':
630 case '\n':
631 case '\0':
632 continue;
633 }
634 /* Skip leading whitespace. */
635 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
636 ;
637 if (*cp) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100638 if (key_read(k, &cp) == 1) {
Damien Millere4340be2000-09-16 13:29:08 +1100639 if (commentp)
640 *commentp=xstrdup(filename);
641 fclose(f);
642 return 1;
643 }
644 }
645 }
646 fclose(f);
647 }
648 return 0;
649}
650
Ben Lindstromd0fca422001-03-26 13:44:06 +0000651/* load public key from ssh v1 private or any pubkey file */
652Key *
653key_load_public(const char *filename, char **commentp)
Damien Millere4340be2000-09-16 13:29:08 +1100654{
Ben Lindstromd0fca422001-03-26 13:44:06 +0000655 Key *pub;
656 char file[MAXPATHLEN];
Damien Millere4340be2000-09-16 13:29:08 +1100657
Damien Millerdb274722003-05-14 13:45:22 +1000658 /* try rsa1 private key */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000659 pub = key_load_public_type(KEY_RSA1, filename, commentp);
660 if (pub != NULL)
661 return pub;
Damien Millerdb274722003-05-14 13:45:22 +1000662
663 /* try rsa1 public key */
664 pub = key_new(KEY_RSA1);
665 if (key_try_load_public(pub, filename, commentp) == 1)
666 return pub;
667 key_free(pub);
668
669 /* try ssh2 public key */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000670 pub = key_new(KEY_UNSPEC);
671 if (key_try_load_public(pub, filename, commentp) == 1)
672 return pub;
673 if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
674 (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
675 (key_try_load_public(pub, file, commentp) == 1))
676 return pub;
677 key_free(pub);
678 return NULL;
Damien Millere4340be2000-09-16 13:29:08 +1100679}