blob: 1d7e53cd19a131e9577fc254096e12ebafce117c [file] [log] [blame]
Damien Millere7ac2bd2011-06-20 14:23:25 +10001/* $OpenBSD: authfile.c,v 1.92 2011/06/14 22:49:18 markus Exp $ */
Damien Millerd4a8b7e1999-10-27 13:42:43 +10002/*
Damien Miller95def091999-11-25 00:26:21 +11003 * Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller95def091999-11-25 00:26:21 +11004 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
Damien Miller95def091999-11-25 00:26:21 +11006 * This file contains functions for reading and writing identity files, and
7 * for reading the passphrase from the user.
Damien Miller4af51302000-04-16 11:18:38 +10008 *
Damien Millere4340be2000-09-16 13:29:08 +11009 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose. Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell".
14 *
15 *
16 * Copyright (c) 2000 Markus Friedl. All rights reserved.
17 *
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted provided that the following conditions
20 * are met:
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 * 2. Redistributions in binary form must reproduce the above copyright
24 * notice, this list of conditions and the following disclaimer in the
25 * documentation and/or other materials provided with the distribution.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller95def091999-11-25 00:26:21 +110037 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100038
39#include "includes.h"
Damien Millerf17883e2006-03-15 11:45:54 +110040
41#include <sys/types.h>
42#include <sys/stat.h>
Damien Miller8dbffe72006-08-05 11:02:17 +100043#include <sys/param.h>
Damien Millerd7834352006-08-05 12:39:39 +100044#include <sys/uio.h>
Damien Millerd4a8b7e1999-10-27 13:42:43 +100045
Damien Miller0bc1bd82000-11-13 22:57:25 +110046#include <openssl/err.h>
Damien Millereba71ba2000-04-29 23:57:08 +100047#include <openssl/evp.h>
Ben Lindstrom226cfa02001-01-22 05:34:40 +000048#include <openssl/pem.h>
Damien Millereba71ba2000-04-29 23:57:08 +100049
Darren Tuckere89ed1c2009-11-05 20:43:16 +110050/* compatibility with old or broken OpenSSL versions */
51#include "openbsd-compat/openssl-compat.h"
52
Darren Tuckerba724052006-07-12 22:24:22 +100053#include <errno.h>
Damien Miller57cf6382006-07-10 21:13:46 +100054#include <fcntl.h>
Damien Millerded319c2006-09-01 15:38:36 +100055#include <stdarg.h>
Damien Millera7a73ee2006-08-05 11:37:59 +100056#include <stdio.h>
Damien Millere7a1e5c2006-08-05 11:34:19 +100057#include <stdlib.h>
Damien Millere3476ed2006-07-24 14:13:33 +100058#include <string.h>
Damien Millere6b3b612006-07-24 14:01:23 +100059#include <unistd.h>
Damien Miller57cf6382006-07-10 21:13:46 +100060
Damien Millerd4a8b7e1999-10-27 13:42:43 +100061#include "xmalloc.h"
Damien Millerd7834352006-08-05 12:39:39 +100062#include "cipher.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100063#include "buffer.h"
Damien Millereba71ba2000-04-29 23:57:08 +100064#include "key.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000065#include "ssh.h"
66#include "log.h"
Ben Lindstrom31ca54a2001-02-09 02:11:24 +000067#include "authfile.h"
Damien Miller040b64f2002-01-22 23:10:04 +110068#include "rsa.h"
Darren Tuckerf0f90982004-12-11 13:39:50 +110069#include "misc.h"
Damien Millereccb9de2005-06-17 12:59:34 +100070#include "atomicio.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100071
Damien Miller2ce12ef2011-05-05 14:17:18 +100072#define MAX_KEY_FILE_SIZE (1024 * 1024)
73
Ben Lindstromd0fca422001-03-26 13:44:06 +000074/* Version identification string for SSH v1 identity files. */
Ben Lindstrom1170d712001-01-29 07:51:26 +000075static const char authfile_id_string[] =
76 "SSH PRIVATE KEY FILE FORMAT 1.1\n";
Damien Millerd4a8b7e1999-10-27 13:42:43 +100077
Damien Miller5428f641999-11-25 11:54:57 +110078/*
Damien Millera2327922010-12-01 12:01:21 +110079 * Serialises the authentication (private) key to a blob, encrypting it with
80 * passphrase. The identification of the blob (lowest 64 bits of n) will
Damien Miller5428f641999-11-25 11:54:57 +110081 * precede the key to provide identification of the key without needing a
82 * passphrase.
83 */
Ben Lindstrombba81212001-06-25 05:01:22 +000084static int
Damien Millera2327922010-12-01 12:01:21 +110085key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
Ben Lindstromd0fca422001-03-26 13:44:06 +000086 const char *comment)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100087{
Damien Miller95def091999-11-25 00:26:21 +110088 Buffer buffer, encrypted;
Damien Miller708d21c2002-01-22 23:18:15 +110089 u_char buf[100], *cp;
Damien Millera2327922010-12-01 12:01:21 +110090 int i, cipher_num;
Damien Miller874d77b2000-10-14 16:23:11 +110091 CipherContext ciphercontext;
92 Cipher *cipher;
Darren Tucker3f9fdc72004-06-22 12:56:01 +100093 u_int32_t rnd;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100094
Damien Miller5428f641999-11-25 11:54:57 +110095 /*
96 * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
97 * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
98 */
Damien Miller963f6b22002-02-19 15:21:23 +110099 cipher_num = (strcmp(passphrase, "") == 0) ?
100 SSH_CIPHER_NONE : SSH_AUTHFILE_CIPHER;
101 if ((cipher = cipher_by_number(cipher_num)) == NULL)
Damien Miller874d77b2000-10-14 16:23:11 +1100102 fatal("save_private_key_rsa: bad cipher");
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000103
Damien Miller95def091999-11-25 00:26:21 +1100104 /* This buffer is used to built the secret part of the private key. */
105 buffer_init(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000106
Damien Miller95def091999-11-25 00:26:21 +1100107 /* Put checkbytes for checking passphrase validity. */
Darren Tucker3f9fdc72004-06-22 12:56:01 +1000108 rnd = arc4random();
109 buf[0] = rnd & 0xff;
110 buf[1] = (rnd >> 8) & 0xff;
Damien Miller95def091999-11-25 00:26:21 +1100111 buf[2] = buf[0];
112 buf[3] = buf[1];
113 buffer_append(&buffer, buf, 4);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000114
Damien Miller5428f641999-11-25 11:54:57 +1100115 /*
116 * Store the private key (n and e will not be stored because they
117 * will be stored in plain text, and storing them also in encrypted
118 * format would just give known plaintext).
119 */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000120 buffer_put_bignum(&buffer, key->rsa->d);
121 buffer_put_bignum(&buffer, key->rsa->iqmp);
122 buffer_put_bignum(&buffer, key->rsa->q); /* reverse from SSL p */
123 buffer_put_bignum(&buffer, key->rsa->p); /* reverse from SSL q */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000124
Damien Miller95def091999-11-25 00:26:21 +1100125 /* Pad the part to be encrypted until its size is a multiple of 8. */
126 while (buffer_len(&buffer) % 8 != 0)
127 buffer_put_char(&buffer, 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000128
Damien Miller95def091999-11-25 00:26:21 +1100129 /* This buffer will be used to contain the data in the file. */
130 buffer_init(&encrypted);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000131
Damien Miller95def091999-11-25 00:26:21 +1100132 /* First store keyfile id string. */
Ben Lindstrom1170d712001-01-29 07:51:26 +0000133 for (i = 0; authfile_id_string[i]; i++)
134 buffer_put_char(&encrypted, authfile_id_string[i]);
Damien Miller95def091999-11-25 00:26:21 +1100135 buffer_put_char(&encrypted, 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000136
Damien Miller95def091999-11-25 00:26:21 +1100137 /* Store cipher type. */
Damien Miller963f6b22002-02-19 15:21:23 +1100138 buffer_put_char(&encrypted, cipher_num);
Damien Miller95def091999-11-25 00:26:21 +1100139 buffer_put_int(&encrypted, 0); /* For future extension */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000140
Damien Miller95def091999-11-25 00:26:21 +1100141 /* Store public key. This will be in plain text. */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000142 buffer_put_int(&encrypted, BN_num_bits(key->rsa->n));
143 buffer_put_bignum(&encrypted, key->rsa->n);
144 buffer_put_bignum(&encrypted, key->rsa->e);
Ben Lindstrom664408d2001-06-09 01:42:01 +0000145 buffer_put_cstring(&encrypted, comment);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000146
Damien Miller95def091999-11-25 00:26:21 +1100147 /* Allocate space for the private part of the key in the buffer. */
Damien Miller5a6b4fe2001-12-21 14:56:54 +1100148 cp = buffer_append_space(&encrypted, buffer_len(&buffer));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000149
Damien Miller963f6b22002-02-19 15:21:23 +1100150 cipher_set_key_string(&ciphercontext, cipher, passphrase,
151 CIPHER_ENCRYPT);
152 cipher_crypt(&ciphercontext, cp,
Damien Miller708d21c2002-01-22 23:18:15 +1100153 buffer_ptr(&buffer), buffer_len(&buffer));
Damien Miller963f6b22002-02-19 15:21:23 +1100154 cipher_cleanup(&ciphercontext);
Damien Miller874d77b2000-10-14 16:23:11 +1100155 memset(&ciphercontext, 0, sizeof(ciphercontext));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000156
Damien Miller95def091999-11-25 00:26:21 +1100157 /* Destroy temporary data. */
158 memset(buf, 0, sizeof(buf));
159 buffer_free(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000160
Damien Millera2327922010-12-01 12:01:21 +1100161 buffer_append(blob, buffer_ptr(&encrypted), buffer_len(&encrypted));
Damien Miller95def091999-11-25 00:26:21 +1100162 buffer_free(&encrypted);
Damien Millera2327922010-12-01 12:01:21 +1100163
Damien Miller95def091999-11-25 00:26:21 +1100164 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000165}
166
Damien Millera2327922010-12-01 12:01:21 +1100167/* convert SSH v2 key in OpenSSL PEM format */
Ben Lindstrombba81212001-06-25 05:01:22 +0000168static int
Damien Millera2327922010-12-01 12:01:21 +1100169key_private_pem_to_blob(Key *key, Buffer *blob, const char *_passphrase,
Ben Lindstromd0fca422001-03-26 13:44:06 +0000170 const char *comment)
Damien Millereba71ba2000-04-29 23:57:08 +1000171{
Damien Miller0bc1bd82000-11-13 22:57:25 +1100172 int success = 0;
Damien Millera2327922010-12-01 12:01:21 +1100173 int blen, len = strlen(_passphrase);
Ben Lindstrom90fd8142002-02-26 18:09:42 +0000174 u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL;
Darren Tuckerdf6578b2009-11-07 16:03:14 +1100175#if (OPENSSL_VERSION_NUMBER < 0x00907000L)
176 const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
177#else
Darren Tuckerdfb9b712009-10-24 11:46:43 +1100178 const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
Darren Tuckerdf6578b2009-11-07 16:03:14 +1100179#endif
Damien Millera2327922010-12-01 12:01:21 +1100180 const u_char *bptr;
181 BIO *bio;
Damien Millereba71ba2000-04-29 23:57:08 +1000182
183 if (len > 0 && len <= 4) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000184 error("passphrase too short: have %d bytes, need > 4", len);
Damien Millereba71ba2000-04-29 23:57:08 +1000185 return 0;
186 }
Damien Millera2327922010-12-01 12:01:21 +1100187 if ((bio = BIO_new(BIO_s_mem())) == NULL) {
188 error("%s: BIO_new failed", __func__);
Damien Millereba71ba2000-04-29 23:57:08 +1000189 return 0;
190 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100191 switch (key->type) {
Ben Lindstromc1116602001-03-29 00:28:37 +0000192 case KEY_DSA:
Damien Millera2327922010-12-01 12:01:21 +1100193 success = PEM_write_bio_DSAPrivateKey(bio, key->dsa,
Ben Lindstromc1116602001-03-29 00:28:37 +0000194 cipher, passphrase, len, NULL, NULL);
195 break;
Damien Miller6af914a2010-09-10 11:39:26 +1000196#ifdef OPENSSL_HAS_ECC
Damien Millereb8b60e2010-08-31 22:41:14 +1000197 case KEY_ECDSA:
Damien Millera2327922010-12-01 12:01:21 +1100198 success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa,
Damien Millereb8b60e2010-08-31 22:41:14 +1000199 cipher, passphrase, len, NULL, NULL);
200 break;
Damien Miller6af914a2010-09-10 11:39:26 +1000201#endif
Ben Lindstromc1116602001-03-29 00:28:37 +0000202 case KEY_RSA:
Damien Millera2327922010-12-01 12:01:21 +1100203 success = PEM_write_bio_RSAPrivateKey(bio, key->rsa,
Ben Lindstromc1116602001-03-29 00:28:37 +0000204 cipher, passphrase, len, NULL, NULL);
205 break;
Damien Millereba71ba2000-04-29 23:57:08 +1000206 }
Damien Millera2327922010-12-01 12:01:21 +1100207 if (success) {
208 if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0)
209 success = 0;
210 else
211 buffer_append(blob, bptr, blen);
212 }
213 BIO_free(bio);
Damien Millereba71ba2000-04-29 23:57:08 +1000214 return success;
215}
216
Damien Millera2327922010-12-01 12:01:21 +1100217/* Save a key blob to a file */
218static int
219key_save_private_blob(Buffer *keybuf, const char *filename)
220{
221 int fd;
222
223 if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0) {
224 error("open %s failed: %s.", filename, strerror(errno));
225 return 0;
226 }
227 if (atomicio(vwrite, fd, buffer_ptr(keybuf),
228 buffer_len(keybuf)) != buffer_len(keybuf)) {
229 error("write to key file %s failed: %s", filename,
230 strerror(errno));
231 close(fd);
232 unlink(filename);
233 return 0;
234 }
235 close(fd);
236 return 1;
237}
238
239/* Serialise "key" to buffer "blob" */
240static int
241key_private_to_blob(Key *key, Buffer *blob, const char *passphrase,
242 const char *comment)
243{
244 switch (key->type) {
245 case KEY_RSA1:
246 return key_private_rsa1_to_blob(key, blob, passphrase, comment);
247 case KEY_DSA:
248 case KEY_ECDSA:
249 case KEY_RSA:
250 return key_private_pem_to_blob(key, blob, passphrase, comment);
251 default:
252 error("%s: cannot save key type %d", __func__, key->type);
253 return 0;
254 }
255}
256
Damien Millereba71ba2000-04-29 23:57:08 +1000257int
Ben Lindstromd0fca422001-03-26 13:44:06 +0000258key_save_private(Key *key, const char *filename, const char *passphrase,
Damien Millereba71ba2000-04-29 23:57:08 +1000259 const char *comment)
260{
Damien Millera2327922010-12-01 12:01:21 +1100261 Buffer keyblob;
262 int success = 0;
263
264 buffer_init(&keyblob);
265 if (!key_private_to_blob(key, &keyblob, passphrase, comment))
266 goto out;
267 if (!key_save_private_blob(&keyblob, filename))
268 goto out;
269 success = 1;
270 out:
271 buffer_free(&keyblob);
272 return success;
273}
274
275/*
276 * Parse the public, unencrypted portion of a RSA1 key.
277 */
278static Key *
279key_parse_public_rsa1(Buffer *blob, char **commentp)
280{
281 Key *pub;
Damien Millere7ac2bd2011-06-20 14:23:25 +1000282 Buffer copy;
Damien Millera2327922010-12-01 12:01:21 +1100283
284 /* Check that it is at least big enough to contain the ID string. */
285 if (buffer_len(blob) < sizeof(authfile_id_string)) {
286 debug3("Truncated RSA1 identifier");
287 return NULL;
Damien Millereba71ba2000-04-29 23:57:08 +1000288 }
Damien Millera2327922010-12-01 12:01:21 +1100289
290 /*
291 * Make sure it begins with the id string. Consume the id string
292 * from the buffer.
293 */
294 if (memcmp(buffer_ptr(blob), authfile_id_string,
295 sizeof(authfile_id_string)) != 0) {
296 debug3("Incorrect RSA1 identifier");
297 return NULL;
298 }
Damien Millere7ac2bd2011-06-20 14:23:25 +1000299 buffer_init(&copy);
300 buffer_append(&copy, buffer_ptr(blob), buffer_len(blob));
301 buffer_consume(&copy, sizeof(authfile_id_string));
Damien Millera2327922010-12-01 12:01:21 +1100302
303 /* Skip cipher type and reserved data. */
Damien Millere7ac2bd2011-06-20 14:23:25 +1000304 (void) buffer_get_char(&copy); /* cipher type */
305 (void) buffer_get_int(&copy); /* reserved */
Damien Millera2327922010-12-01 12:01:21 +1100306
307 /* Read the public key from the buffer. */
Damien Millere7ac2bd2011-06-20 14:23:25 +1000308 (void) buffer_get_int(&copy);
Damien Millera2327922010-12-01 12:01:21 +1100309 pub = key_new(KEY_RSA1);
Damien Millere7ac2bd2011-06-20 14:23:25 +1000310 buffer_get_bignum(&copy, pub->rsa->n);
311 buffer_get_bignum(&copy, pub->rsa->e);
Damien Millera2327922010-12-01 12:01:21 +1100312 if (commentp)
Damien Millere7ac2bd2011-06-20 14:23:25 +1000313 *commentp = buffer_get_string(&copy, NULL);
Damien Millera2327922010-12-01 12:01:21 +1100314 /* The encrypted private part is not parsed by this function. */
Damien Millere7ac2bd2011-06-20 14:23:25 +1000315 buffer_free(&copy);
Damien Millera2327922010-12-01 12:01:21 +1100316
317 return pub;
318}
319
Damien Miller2ce12ef2011-05-05 14:17:18 +1000320/* Load a key from a fd into a buffer */
321int
Damien Millera2327922010-12-01 12:01:21 +1100322key_load_file(int fd, const char *filename, Buffer *blob)
323{
Damien Miller2ce12ef2011-05-05 14:17:18 +1000324 u_char buf[1024];
Damien Millera2327922010-12-01 12:01:21 +1100325 size_t len;
Damien Millera2327922010-12-01 12:01:21 +1100326 struct stat st;
327
328 if (fstat(fd, &st) < 0) {
329 error("%s: fstat of key file %.200s%sfailed: %.100s", __func__,
330 filename == NULL ? "" : filename,
331 filename == NULL ? "" : " ",
332 strerror(errno));
Damien Millera2327922010-12-01 12:01:21 +1100333 return 0;
334 }
Damien Miller2ce12ef2011-05-05 14:17:18 +1000335 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
336 st.st_size > MAX_KEY_FILE_SIZE) {
337 toobig:
Damien Millera2327922010-12-01 12:01:21 +1100338 error("%s: key file %.200s%stoo large", __func__,
339 filename == NULL ? "" : filename,
340 filename == NULL ? "" : " ");
Damien Millera2327922010-12-01 12:01:21 +1100341 return 0;
342 }
Damien Millera2327922010-12-01 12:01:21 +1100343 buffer_init(blob);
Damien Miller2ce12ef2011-05-05 14:17:18 +1000344 for (;;) {
345 if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
346 if (errno == EPIPE)
347 break;
348 debug("%s: read from key file %.200s%sfailed: %.100s",
349 __func__, filename == NULL ? "" : filename,
350 filename == NULL ? "" : " ", strerror(errno));
351 buffer_clear(blob);
352 bzero(buf, sizeof(buf));
353 return 0;
354 }
355 buffer_append(blob, buf, len);
356 if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
357 buffer_clear(blob);
358 bzero(buf, sizeof(buf));
359 goto toobig;
360 }
361 }
362 bzero(buf, sizeof(buf));
363 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
364 st.st_size != buffer_len(blob)) {
365 debug("%s: key file %.200s%schanged size while reading",
366 __func__, filename == NULL ? "" : filename,
367 filename == NULL ? "" : " ");
Damien Millera2327922010-12-01 12:01:21 +1100368 buffer_clear(blob);
Damien Millera2327922010-12-01 12:01:21 +1100369 return 0;
370 }
Damien Miller2ce12ef2011-05-05 14:17:18 +1000371
Damien Millera2327922010-12-01 12:01:21 +1100372 return 1;
Damien Millereba71ba2000-04-29 23:57:08 +1000373}
374
Damien Miller5428f641999-11-25 11:54:57 +1100375/*
Ben Lindstromd0fca422001-03-26 13:44:06 +0000376 * Loads the public part of the ssh v1 key file. Returns NULL if an error was
377 * encountered (the file does not exist or is not readable), and the key
Damien Miller5428f641999-11-25 11:54:57 +1100378 * otherwise.
379 */
Ben Lindstrombba81212001-06-25 05:01:22 +0000380static Key *
Ben Lindstromd0fca422001-03-26 13:44:06 +0000381key_load_public_rsa1(int fd, const char *filename, char **commentp)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000382{
Damien Miller95def091999-11-25 00:26:21 +1100383 Buffer buffer;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000384 Key *pub;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000385
Damien Miller95def091999-11-25 00:26:21 +1100386 buffer_init(&buffer);
Damien Millera2327922010-12-01 12:01:21 +1100387 if (!key_load_file(fd, filename, &buffer)) {
Damien Miller95def091999-11-25 00:26:21 +1100388 buffer_free(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000389 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100390 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000391
Damien Millera2327922010-12-01 12:01:21 +1100392 pub = key_parse_public_rsa1(&buffer, commentp);
393 if (pub == NULL)
394 debug3("Could not load \"%s\" as a RSA1 public key", filename);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000395 buffer_free(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000396 return pub;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000397}
398
Ben Lindstromd0fca422001-03-26 13:44:06 +0000399/* load public key from private-key file, works only for SSH v1 */
400Key *
401key_load_public_type(int type, const char *filename, char **commentp)
Damien Millereba71ba2000-04-29 23:57:08 +1000402{
Ben Lindstromd0fca422001-03-26 13:44:06 +0000403 Key *pub;
404 int fd;
405
406 if (type == KEY_RSA1) {
407 fd = open(filename, O_RDONLY);
408 if (fd < 0)
409 return NULL;
410 pub = key_load_public_rsa1(fd, filename, commentp);
411 close(fd);
412 return pub;
Damien Millereba71ba2000-04-29 23:57:08 +1000413 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000414 return NULL;
Damien Millereba71ba2000-04-29 23:57:08 +1000415}
416
Ben Lindstrombba81212001-06-25 05:01:22 +0000417static Key *
Damien Millera2327922010-12-01 12:01:21 +1100418key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000419{
Damien Millereccb9de2005-06-17 12:59:34 +1000420 int check1, check2, cipher_type;
Damien Millera2327922010-12-01 12:01:21 +1100421 Buffer decrypted;
Damien Miller708d21c2002-01-22 23:18:15 +1100422 u_char *cp;
Damien Miller874d77b2000-10-14 16:23:11 +1100423 CipherContext ciphercontext;
424 Cipher *cipher;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000425 Key *prv = NULL;
Damien Millere7ac2bd2011-06-20 14:23:25 +1000426 Buffer copy;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000427
Ben Lindstrom1170d712001-01-29 07:51:26 +0000428 /* Check that it is at least big enough to contain the ID string. */
Damien Millera2327922010-12-01 12:01:21 +1100429 if (buffer_len(blob) < sizeof(authfile_id_string)) {
430 debug3("Truncated RSA1 identifier");
Ben Lindstromd0fca422001-03-26 13:44:06 +0000431 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100432 }
Damien Millera2327922010-12-01 12:01:21 +1100433
Damien Miller5428f641999-11-25 11:54:57 +1100434 /*
435 * Make sure it begins with the id string. Consume the id string
436 * from the buffer.
437 */
Damien Millera2327922010-12-01 12:01:21 +1100438 if (memcmp(buffer_ptr(blob), authfile_id_string,
439 sizeof(authfile_id_string)) != 0) {
440 debug3("Incorrect RSA1 identifier");
441 return NULL;
442 }
Damien Millere7ac2bd2011-06-20 14:23:25 +1000443 buffer_init(&copy);
444 buffer_append(&copy, buffer_ptr(blob), buffer_len(blob));
445 buffer_consume(&copy, sizeof(authfile_id_string));
Ben Lindstromb257cca2001-03-05 04:59:27 +0000446
Damien Miller95def091999-11-25 00:26:21 +1100447 /* Read cipher type. */
Damien Millere7ac2bd2011-06-20 14:23:25 +1000448 cipher_type = buffer_get_char(&copy);
449 (void) buffer_get_int(&copy); /* Reserved data. */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000450
Damien Miller95def091999-11-25 00:26:21 +1100451 /* Read the public key from the buffer. */
Damien Millere7ac2bd2011-06-20 14:23:25 +1000452 (void) buffer_get_int(&copy);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000453 prv = key_new_private(KEY_RSA1);
454
Damien Millere7ac2bd2011-06-20 14:23:25 +1000455 buffer_get_bignum(&copy, prv->rsa->n);
456 buffer_get_bignum(&copy, prv->rsa->e);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000457 if (commentp)
Damien Millere7ac2bd2011-06-20 14:23:25 +1000458 *commentp = buffer_get_string(&copy, NULL);
Damien Miller95def091999-11-25 00:26:21 +1100459 else
Damien Millere7ac2bd2011-06-20 14:23:25 +1000460 (void)buffer_get_string_ptr(&copy, NULL);
Damien Miller95def091999-11-25 00:26:21 +1100461
462 /* Check that it is a supported cipher. */
Damien Miller874d77b2000-10-14 16:23:11 +1100463 cipher = cipher_by_number(cipher_type);
464 if (cipher == NULL) {
Damien Millera2327922010-12-01 12:01:21 +1100465 debug("Unsupported RSA1 cipher %d", cipher_type);
Damien Millere7ac2bd2011-06-20 14:23:25 +1000466 buffer_free(&copy);
Damien Miller95def091999-11-25 00:26:21 +1100467 goto fail;
468 }
469 /* Initialize space for decrypted data. */
470 buffer_init(&decrypted);
Damien Millere7ac2bd2011-06-20 14:23:25 +1000471 cp = buffer_append_space(&decrypted, buffer_len(&copy));
Damien Miller95def091999-11-25 00:26:21 +1100472
473 /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
Damien Miller963f6b22002-02-19 15:21:23 +1100474 cipher_set_key_string(&ciphercontext, cipher, passphrase,
475 CIPHER_DECRYPT);
476 cipher_crypt(&ciphercontext, cp,
Damien Millere7ac2bd2011-06-20 14:23:25 +1000477 buffer_ptr(&copy), buffer_len(&copy));
Damien Miller963f6b22002-02-19 15:21:23 +1100478 cipher_cleanup(&ciphercontext);
Damien Miller874d77b2000-10-14 16:23:11 +1100479 memset(&ciphercontext, 0, sizeof(ciphercontext));
Damien Millere7ac2bd2011-06-20 14:23:25 +1000480 buffer_free(&copy);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000481
Damien Miller95def091999-11-25 00:26:21 +1100482 check1 = buffer_get_char(&decrypted);
483 check2 = buffer_get_char(&decrypted);
484 if (check1 != buffer_get_char(&decrypted) ||
485 check2 != buffer_get_char(&decrypted)) {
486 if (strcmp(passphrase, "") != 0)
Damien Millera2327922010-12-01 12:01:21 +1100487 debug("Bad passphrase supplied for RSA1 key");
Damien Miller95def091999-11-25 00:26:21 +1100488 /* Bad passphrase. */
489 buffer_free(&decrypted);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000490 goto fail;
Damien Miller95def091999-11-25 00:26:21 +1100491 }
492 /* Read the rest of the private key. */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000493 buffer_get_bignum(&decrypted, prv->rsa->d);
494 buffer_get_bignum(&decrypted, prv->rsa->iqmp); /* u */
495 /* in SSL and SSH v1 p and q are exchanged */
496 buffer_get_bignum(&decrypted, prv->rsa->q); /* p */
497 buffer_get_bignum(&decrypted, prv->rsa->p); /* q */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000498
Ben Lindstromd0fca422001-03-26 13:44:06 +0000499 /* calculate p-1 and q-1 */
Damien Millerda755162002-01-22 23:09:22 +1100500 rsa_generate_additional_parameters(prv->rsa);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000501
Damien Miller95def091999-11-25 00:26:21 +1100502 buffer_free(&decrypted);
Damien Millered33d3b2003-03-15 11:36:18 +1100503
504 /* enable blinding */
505 if (RSA_blinding_on(prv->rsa, NULL) != 1) {
Damien Millera2327922010-12-01 12:01:21 +1100506 error("%s: RSA_blinding_on failed", __func__);
Damien Millered33d3b2003-03-15 11:36:18 +1100507 goto fail;
508 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000509 return prv;
510
511fail:
512 if (commentp)
513 xfree(*commentp);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000514 key_free(prv);
515 return NULL;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000516}
Damien Millereba71ba2000-04-29 23:57:08 +1000517
Damien Millera2327922010-12-01 12:01:21 +1100518static Key *
519key_parse_private_pem(Buffer *blob, int type, const char *passphrase,
Ben Lindstromd0fca422001-03-26 13:44:06 +0000520 char **commentp)
Damien Millereba71ba2000-04-29 23:57:08 +1000521{
Damien Miller0bc1bd82000-11-13 22:57:25 +1100522 EVP_PKEY *pk = NULL;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000523 Key *prv = NULL;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100524 char *name = "<no key>";
Damien Millera2327922010-12-01 12:01:21 +1100525 BIO *bio;
Damien Millereba71ba2000-04-29 23:57:08 +1000526
Damien Millera2327922010-12-01 12:01:21 +1100527 if ((bio = BIO_new_mem_buf(buffer_ptr(blob),
528 buffer_len(blob))) == NULL) {
529 error("%s: BIO_new_mem_buf failed", __func__);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000530 return NULL;
Damien Millereba71ba2000-04-29 23:57:08 +1000531 }
Damien Millera2327922010-12-01 12:01:21 +1100532
533 pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, (char *)passphrase);
534 BIO_free(bio);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100535 if (pk == NULL) {
Damien Millera2327922010-12-01 12:01:21 +1100536 debug("%s: PEM_read_PrivateKey failed", __func__);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100537 (void)ERR_get_error();
Ben Lindstromd0fca422001-03-26 13:44:06 +0000538 } else if (pk->type == EVP_PKEY_RSA &&
Damien Miller9f0f5c62001-12-21 14:45:46 +1100539 (type == KEY_UNSPEC||type==KEY_RSA)) {
Ben Lindstromd0fca422001-03-26 13:44:06 +0000540 prv = key_new(KEY_UNSPEC);
541 prv->rsa = EVP_PKEY_get1_RSA(pk);
542 prv->type = KEY_RSA;
543 name = "rsa w/o comment";
Damien Miller0bc1bd82000-11-13 22:57:25 +1100544#ifdef DEBUG_PK
Ben Lindstromd0fca422001-03-26 13:44:06 +0000545 RSA_print_fp(stderr, prv->rsa, 8);
Damien Millereba71ba2000-04-29 23:57:08 +1000546#endif
Damien Millered33d3b2003-03-15 11:36:18 +1100547 if (RSA_blinding_on(prv->rsa, NULL) != 1) {
Damien Millera2327922010-12-01 12:01:21 +1100548 error("%s: RSA_blinding_on failed", __func__);
Damien Millered33d3b2003-03-15 11:36:18 +1100549 key_free(prv);
550 prv = NULL;
551 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000552 } else if (pk->type == EVP_PKEY_DSA &&
Damien Miller9f0f5c62001-12-21 14:45:46 +1100553 (type == KEY_UNSPEC||type==KEY_DSA)) {
Ben Lindstromd0fca422001-03-26 13:44:06 +0000554 prv = key_new(KEY_UNSPEC);
555 prv->dsa = EVP_PKEY_get1_DSA(pk);
556 prv->type = KEY_DSA;
557 name = "dsa w/o comment";
Damien Miller0bc1bd82000-11-13 22:57:25 +1100558#ifdef DEBUG_PK
Ben Lindstromd0fca422001-03-26 13:44:06 +0000559 DSA_print_fp(stderr, prv->dsa, 8);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100560#endif
Damien Miller6af914a2010-09-10 11:39:26 +1000561#ifdef OPENSSL_HAS_ECC
Damien Millereb8b60e2010-08-31 22:41:14 +1000562 } else if (pk->type == EVP_PKEY_EC &&
563 (type == KEY_UNSPEC||type==KEY_ECDSA)) {
564 prv = key_new(KEY_UNSPEC);
565 prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk);
566 prv->type = KEY_ECDSA;
Damien Millerb472a902010-11-05 10:19:49 +1100567 if ((prv->ecdsa_nid = key_ecdsa_key_to_nid(prv->ecdsa)) == -1 ||
568 key_curve_nid_to_name(prv->ecdsa_nid) == NULL ||
569 key_ec_validate_public(EC_KEY_get0_group(prv->ecdsa),
Damien Millereb8b60e2010-08-31 22:41:14 +1000570 EC_KEY_get0_public_key(prv->ecdsa)) != 0 ||
571 key_ec_validate_private(prv->ecdsa) != 0) {
572 error("%s: bad ECDSA key", __func__);
573 key_free(prv);
574 prv = NULL;
575 }
Damien Millerbf0423e2010-09-10 11:20:38 +1000576 name = "ecdsa w/o comment";
Damien Millereb8b60e2010-08-31 22:41:14 +1000577#ifdef DEBUG_PK
Damien Millerb472a902010-11-05 10:19:49 +1100578 if (prv != NULL && prv->ecdsa != NULL)
Damien Millereb8b60e2010-08-31 22:41:14 +1000579 key_dump_ec_key(prv->ecdsa);
580#endif
Damien Miller6af914a2010-09-10 11:39:26 +1000581#endif /* OPENSSL_HAS_ECC */
Damien Miller0bc1bd82000-11-13 22:57:25 +1100582 } else {
Damien Millera2327922010-12-01 12:01:21 +1100583 error("%s: PEM_read_PrivateKey: mismatch or "
584 "unknown EVP_PKEY save_type %d", __func__, pk->save_type);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100585 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100586 if (pk != NULL)
587 EVP_PKEY_free(pk);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000588 if (prv != NULL && commentp)
589 *commentp = xstrdup(name);
590 debug("read PEM private key done: type %s",
591 prv ? key_type(prv) : "<unknown>");
592 return prv;
Damien Millereba71ba2000-04-29 23:57:08 +1000593}
594
Damien Millera2327922010-12-01 12:01:21 +1100595Key *
596key_load_private_pem(int fd, int type, const char *passphrase,
597 char **commentp)
598{
599 Buffer buffer;
600 Key *prv;
601
602 buffer_init(&buffer);
603 if (!key_load_file(fd, NULL, &buffer)) {
604 buffer_free(&buffer);
605 return NULL;
606 }
607 prv = key_parse_private_pem(&buffer, type, passphrase, commentp);
608 buffer_free(&buffer);
609 return prv;
610}
611
Damien Miller8275fad2006-03-15 12:06:23 +1100612int
Ben Lindstromd0fca422001-03-26 13:44:06 +0000613key_perm_ok(int fd, const char *filename)
Damien Millereba71ba2000-04-29 23:57:08 +1000614{
Damien Millereba71ba2000-04-29 23:57:08 +1000615 struct stat st;
616
Ben Lindstrom7aff2612001-09-23 13:53:22 +0000617 if (fstat(fd, &st) < 0)
618 return 0;
619 /*
620 * if a key owned by the user is accessed, then we check the
621 * permissions of the file. if the key owned by a different user,
622 * then we don't care.
623 */
Damien Millerb70b61f2000-09-16 16:25:12 +1100624#ifdef HAVE_CYGWIN
Damien Millercb5e44a2000-09-29 12:12:36 +1100625 if (check_ntsec(filename))
Damien Millerb70b61f2000-09-16 16:25:12 +1100626#endif
Ben Lindstrom7aff2612001-09-23 13:53:22 +0000627 if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
Damien Millereba71ba2000-04-29 23:57:08 +1000628 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
629 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
630 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
Ben Lindstrom7aff2612001-09-23 13:53:22 +0000631 error("Permissions 0%3.3o for '%s' are too open.",
Damien Miller04bd8b02003-05-25 14:38:33 +1000632 (u_int)st.st_mode & 0777, filename);
Damien Millera10abe92011-04-12 15:39:35 +1000633 error("It is required that your private key files are NOT accessible by others.");
Ben Lindstromd0fca422001-03-26 13:44:06 +0000634 error("This private key will be ignored.");
Damien Millereba71ba2000-04-29 23:57:08 +1000635 return 0;
636 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000637 return 1;
638}
Ben Lindstromb257cca2001-03-05 04:59:27 +0000639
Damien Millera2327922010-12-01 12:01:21 +1100640static Key *
641key_parse_private_type(Buffer *blob, int type, const char *passphrase,
642 char **commentp)
643{
644 switch (type) {
645 case KEY_RSA1:
646 return key_parse_private_rsa1(blob, passphrase, commentp);
647 case KEY_DSA:
648 case KEY_ECDSA:
649 case KEY_RSA:
650 case KEY_UNSPEC:
651 return key_parse_private_pem(blob, type, passphrase, commentp);
652 default:
Damien Miller9d276b82011-05-15 08:51:43 +1000653 error("%s: cannot parse key type %d", __func__, type);
Damien Millera2327922010-12-01 12:01:21 +1100654 break;
655 }
656 return NULL;
657}
658
Ben Lindstromd0fca422001-03-26 13:44:06 +0000659Key *
660key_load_private_type(int type, const char *filename, const char *passphrase,
Darren Tucker232b76f2006-05-06 17:41:51 +1000661 char **commentp, int *perm_ok)
Ben Lindstromd0fca422001-03-26 13:44:06 +0000662{
663 int fd;
Damien Millera2327922010-12-01 12:01:21 +1100664 Key *ret;
665 Buffer buffer;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000666
667 fd = open(filename, O_RDONLY);
Darren Tuckerd4c86b12010-01-12 19:41:22 +1100668 if (fd < 0) {
669 debug("could not open key file '%s': %s", filename,
670 strerror(errno));
671 if (perm_ok != NULL)
672 *perm_ok = 0;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000673 return NULL;
Darren Tucker69c01b12010-01-12 19:42:29 +1100674 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000675 if (!key_perm_ok(fd, filename)) {
Darren Tucker232b76f2006-05-06 17:41:51 +1000676 if (perm_ok != NULL)
677 *perm_ok = 0;
Ben Lindstrom15f33862001-04-16 02:00:02 +0000678 error("bad permissions: ignore key: %s", filename);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000679 close(fd);
680 return NULL;
681 }
Darren Tucker232b76f2006-05-06 17:41:51 +1000682 if (perm_ok != NULL)
683 *perm_ok = 1;
Damien Millera2327922010-12-01 12:01:21 +1100684
685 buffer_init(&buffer);
686 if (!key_load_file(fd, filename, &buffer)) {
687 buffer_free(&buffer);
Ben Lindstromb257cca2001-03-05 04:59:27 +0000688 close(fd);
Damien Millera2327922010-12-01 12:01:21 +1100689 return NULL;
Damien Millereba71ba2000-04-29 23:57:08 +1000690 }
Damien Millera2327922010-12-01 12:01:21 +1100691 close(fd);
692 ret = key_parse_private_type(&buffer, type, passphrase, commentp);
693 buffer_free(&buffer);
694 return ret;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000695}
696
697Key *
Damien Miller2ce12ef2011-05-05 14:17:18 +1000698key_parse_private(Buffer *buffer, const char *filename,
699 const char *passphrase, char **commentp)
700{
701 Key *pub, *prv;
Damien Miller2ce12ef2011-05-05 14:17:18 +1000702
Damien Miller2ce12ef2011-05-05 14:17:18 +1000703 /* it's a SSH v1 key if the public key part is readable */
Damien Millere7ac2bd2011-06-20 14:23:25 +1000704 pub = key_parse_public_rsa1(buffer, commentp);
Damien Miller2ce12ef2011-05-05 14:17:18 +1000705 if (pub == NULL) {
706 prv = key_parse_private_type(buffer, KEY_UNSPEC,
707 passphrase, NULL);
708 /* use the filename as a comment for PEM */
709 if (commentp && prv)
710 *commentp = xstrdup(filename);
711 } else {
712 key_free(pub);
713 /* key_parse_public_rsa1() has already loaded the comment */
714 prv = key_parse_private_type(buffer, KEY_RSA1, passphrase,
715 NULL);
716 }
717 return prv;
718}
719
720Key *
Ben Lindstromd0fca422001-03-26 13:44:06 +0000721key_load_private(const char *filename, const char *passphrase,
722 char **commentp)
723{
Damien Miller2ce12ef2011-05-05 14:17:18 +1000724 Key *prv;
725 Buffer buffer;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000726 int fd;
727
728 fd = open(filename, O_RDONLY);
Darren Tuckerd4c86b12010-01-12 19:41:22 +1100729 if (fd < 0) {
730 debug("could not open key file '%s': %s", filename,
731 strerror(errno));
Ben Lindstromd0fca422001-03-26 13:44:06 +0000732 return NULL;
Darren Tuckerd4c86b12010-01-12 19:41:22 +1100733 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000734 if (!key_perm_ok(fd, filename)) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000735 error("bad permissions: ignore key: %s", filename);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000736 close(fd);
737 return NULL;
738 }
Damien Millera2327922010-12-01 12:01:21 +1100739
740 buffer_init(&buffer);
741 if (!key_load_file(fd, filename, &buffer)) {
742 buffer_free(&buffer);
743 close(fd);
744 return NULL;
745 }
746 close(fd);
747
Damien Miller2ce12ef2011-05-05 14:17:18 +1000748 prv = key_parse_private(&buffer, filename, passphrase, commentp);
Damien Millera2327922010-12-01 12:01:21 +1100749 buffer_free(&buffer);
Ben Lindstrom322915d2001-06-05 20:46:32 +0000750 return prv;
Damien Millereba71ba2000-04-29 23:57:08 +1000751}
Damien Millere4340be2000-09-16 13:29:08 +1100752
Ben Lindstrombba81212001-06-25 05:01:22 +0000753static int
Ben Lindstromd0fca422001-03-26 13:44:06 +0000754key_try_load_public(Key *k, const char *filename, char **commentp)
Damien Millere4340be2000-09-16 13:29:08 +1100755{
756 FILE *f;
Darren Tucker22cc7412004-12-06 22:47:41 +1100757 char line[SSH_MAX_PUBKEY_BYTES];
Damien Millere4340be2000-09-16 13:29:08 +1100758 char *cp;
Darren Tuckerf0f90982004-12-11 13:39:50 +1100759 u_long linenum = 0;
Damien Millere4340be2000-09-16 13:29:08 +1100760
761 f = fopen(filename, "r");
762 if (f != NULL) {
Darren Tucker22cc7412004-12-06 22:47:41 +1100763 while (read_keyfile_line(f, filename, line, sizeof(line),
764 &linenum) != -1) {
Damien Millere4340be2000-09-16 13:29:08 +1100765 cp = line;
Ben Lindstrom1c37c6a2001-12-06 18:00:18 +0000766 switch (*cp) {
Damien Millere4340be2000-09-16 13:29:08 +1100767 case '#':
768 case '\n':
769 case '\0':
770 continue;
771 }
Damien Miller32198242011-05-15 08:50:32 +1000772 /* Abort loading if this looks like a private key */
773 if (strncmp(cp, "-----BEGIN", 10) == 0)
774 break;
Damien Millere4340be2000-09-16 13:29:08 +1100775 /* Skip leading whitespace. */
776 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
777 ;
778 if (*cp) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100779 if (key_read(k, &cp) == 1) {
Damien Miller04bb56e2011-05-29 21:42:08 +1000780 cp[strcspn(cp, "\r\n")] = '\0';
781 if (commentp) {
782 *commentp = xstrdup(*cp ?
783 cp : filename);
784 }
Damien Millere4340be2000-09-16 13:29:08 +1100785 fclose(f);
786 return 1;
787 }
788 }
789 }
790 fclose(f);
791 }
792 return 0;
793}
794
Ben Lindstromd0fca422001-03-26 13:44:06 +0000795/* load public key from ssh v1 private or any pubkey file */
796Key *
797key_load_public(const char *filename, char **commentp)
Damien Millere4340be2000-09-16 13:29:08 +1100798{
Ben Lindstromd0fca422001-03-26 13:44:06 +0000799 Key *pub;
800 char file[MAXPATHLEN];
Damien Millere4340be2000-09-16 13:29:08 +1100801
Damien Millerdb274722003-05-14 13:45:22 +1000802 /* try rsa1 private key */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000803 pub = key_load_public_type(KEY_RSA1, filename, commentp);
804 if (pub != NULL)
805 return pub;
Damien Millerdb274722003-05-14 13:45:22 +1000806
807 /* try rsa1 public key */
808 pub = key_new(KEY_RSA1);
809 if (key_try_load_public(pub, filename, commentp) == 1)
810 return pub;
811 key_free(pub);
812
813 /* try ssh2 public key */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000814 pub = key_new(KEY_UNSPEC);
815 if (key_try_load_public(pub, filename, commentp) == 1)
816 return pub;
817 if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
818 (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
819 (key_try_load_public(pub, file, commentp) == 1))
820 return pub;
821 key_free(pub);
822 return NULL;
Damien Millere4340be2000-09-16 13:29:08 +1100823}
Damien Miller1aed65e2010-03-04 21:53:35 +1100824
Damien Millerc1583312010-08-05 13:04:50 +1000825/* Load the certificate associated with the named private key */
826Key *
827key_load_cert(const char *filename)
828{
829 Key *pub;
Damien Miller5458c4d2010-08-05 13:05:15 +1000830 char *file;
Damien Millerc1583312010-08-05 13:04:50 +1000831
832 pub = key_new(KEY_UNSPEC);
Damien Miller5458c4d2010-08-05 13:05:15 +1000833 xasprintf(&file, "%s-cert.pub", filename);
834 if (key_try_load_public(pub, file, NULL) == 1) {
835 xfree(file);
Damien Millerc1583312010-08-05 13:04:50 +1000836 return pub;
Damien Miller5458c4d2010-08-05 13:05:15 +1000837 }
838 xfree(file);
Damien Millerc1583312010-08-05 13:04:50 +1000839 key_free(pub);
840 return NULL;
841}
842
843/* Load private key and certificate */
844Key *
845key_load_private_cert(int type, const char *filename, const char *passphrase,
846 int *perm_ok)
847{
848 Key *key, *pub;
849
850 switch (type) {
851 case KEY_RSA:
852 case KEY_DSA:
Damien Millereb8b60e2010-08-31 22:41:14 +1000853 case KEY_ECDSA:
Damien Millerc1583312010-08-05 13:04:50 +1000854 break;
855 default:
856 error("%s: unsupported key type", __func__);
857 return NULL;
858 }
859
860 if ((key = key_load_private_type(type, filename,
861 passphrase, NULL, perm_ok)) == NULL)
862 return NULL;
863
864 if ((pub = key_load_cert(filename)) == NULL) {
865 key_free(key);
866 return NULL;
867 }
868
869 /* Make sure the private key matches the certificate */
870 if (key_equal_public(key, pub) == 0) {
871 error("%s: certificate does not match private key %s",
872 __func__, filename);
873 } else if (key_to_certified(key, key_cert_is_legacy(pub)) != 0) {
874 error("%s: key_to_certified failed", __func__);
875 } else {
876 key_cert_copy(pub, key);
877 key_free(pub);
878 return key;
879 }
880
881 key_free(key);
882 key_free(pub);
883 return NULL;
884}
885
Damien Miller1aed65e2010-03-04 21:53:35 +1100886/*
887 * Returns 1 if the specified "key" is listed in the file "filename",
888 * 0 if the key is not listed or -1 on error.
889 * If strict_type is set then the key type must match exactly,
890 * otherwise a comparison that ignores certficiate data is performed.
891 */
892int
893key_in_file(Key *key, const char *filename, int strict_type)
894{
895 FILE *f;
896 char line[SSH_MAX_PUBKEY_BYTES];
897 char *cp;
898 u_long linenum = 0;
899 int ret = 0;
900 Key *pub;
901 int (*key_compare)(const Key *, const Key *) = strict_type ?
902 key_equal : key_equal_public;
903
904 if ((f = fopen(filename, "r")) == NULL) {
905 if (errno == ENOENT) {
906 debug("%s: keyfile \"%s\" missing", __func__, filename);
907 return 0;
908 } else {
909 error("%s: could not open keyfile \"%s\": %s", __func__,
910 filename, strerror(errno));
911 return -1;
912 }
913 }
914
915 while (read_keyfile_line(f, filename, line, sizeof(line),
916 &linenum) != -1) {
917 cp = line;
918
919 /* Skip leading whitespace. */
920 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
921 ;
922
923 /* Skip comments and empty lines */
924 switch (*cp) {
925 case '#':
926 case '\n':
927 case '\0':
928 continue;
929 }
930
931 pub = key_new(KEY_UNSPEC);
932 if (key_read(pub, &cp) != 1) {
933 key_free(pub);
934 continue;
935 }
936 if (key_compare(key, pub)) {
937 ret = 1;
938 key_free(pub);
939 break;
940 }
941 key_free(pub);
942 }
943 fclose(f);
944 return ret;
945}
946