Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / fbb4b5fd4f8e0bb89732670a01954e18b69e15ba / . / krl.c
blob: 379153247b3796430558de913950f1fa255414e4 [file] [log] [blame]
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1/*
2 * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
djm@openbsd.org04c7e282017-12-18 02:25:15 +0000[diff] [blame]17/* $OpenBSD: krl.c,v 1.41 2017/12/18 02:25:15 djm Exp $ */
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]18
19#include "includes.h"
20
21#include <sys/types.h>
Damien Millerd60b2102013-01-20 22:49:58 +1100[diff] [blame]22#include <openbsd-compat/sys-tree.h>
23#include <openbsd-compat/sys-queue.h>
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]24
25#include <errno.h>
26#include <fcntl.h>
27#include <limits.h>
28#include <string.h>
29#include <time.h>
30#include <unistd.h>
31
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]32#include "sshbuf.h"
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]33#include "ssherr.h"
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]34#include "sshkey.h"
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]35#include "authfile.h"
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]36#include "misc.h"
37#include "log.h"
djm@openbsd.org56d1c832014-12-21 22:27:55 +0000[diff] [blame]38#include "digest.h"
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]39#include "bitmap.h"
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]40
41#include "krl.h"
42
43/* #define DEBUG_KRL */
44#ifdef DEBUG_KRL
45# define KRL_DBG(x) debug3 x
46#else
47# define KRL_DBG(x)
48#endif
49
50/*
51 * Trees of revoked serial numbers, key IDs and keys. This allows
52 * quick searching, querying and producing lists in canonical order.
53 */
54
55/* Tree of serial numbers. XXX make smarter: really need a real sparse bitmap */
56struct revoked_serial {
57 u_int64_t lo, hi;
58 RB_ENTRY(revoked_serial) tree_entry;
59};
60static int serial_cmp(struct revoked_serial *a, struct revoked_serial *b);
61RB_HEAD(revoked_serial_tree, revoked_serial);
62RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp);
63
64/* Tree of key IDs */
65struct revoked_key_id {
66 char *key_id;
67 RB_ENTRY(revoked_key_id) tree_entry;
68};
69static int key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b);
70RB_HEAD(revoked_key_id_tree, revoked_key_id);
71RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp);
72
73/* Tree of blobs (used for keys and fingerprints) */
74struct revoked_blob {
75 u_char *blob;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]76 size_t len;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]77 RB_ENTRY(revoked_blob) tree_entry;
78};
79static int blob_cmp(struct revoked_blob *a, struct revoked_blob *b);
80RB_HEAD(revoked_blob_tree, revoked_blob);
81RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp);
82
83/* Tracks revoked certs for a single CA */
84struct revoked_certs {
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]85 struct sshkey *ca_key;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]86 struct revoked_serial_tree revoked_serials;
87 struct revoked_key_id_tree revoked_key_ids;
88 TAILQ_ENTRY(revoked_certs) entry;
89};
90TAILQ_HEAD(revoked_certs_list, revoked_certs);
91
92struct ssh_krl {
93 u_int64_t krl_version;
94 u_int64_t generated_date;
95 u_int64_t flags;
96 char *comment;
97 struct revoked_blob_tree revoked_keys;
98 struct revoked_blob_tree revoked_sha1s;
99 struct revoked_certs_list revoked_certs;
100};
101
102/* Return equal if a and b overlap */
103static int
104serial_cmp(struct revoked_serial *a, struct revoked_serial *b)
105{
106 if (a->hi >= b->lo && a->lo <= b->hi)
107 return 0;
108 return a->lo < b->lo ? -1 : 1;
109}
110
111static int
112key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b)
113{
114 return strcmp(a->key_id, b->key_id);
115}
116
117static int
118blob_cmp(struct revoked_blob *a, struct revoked_blob *b)
119{
120 int r;
121
122 if (a->len != b->len) {
deraadt@openbsd.org9136ec12016-09-12 01:22:38 +0000[diff] [blame]123 if ((r = memcmp(a->blob, b->blob, MINIMUM(a->len, b->len))) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]124 return r;
125 return a->len > b->len ? 1 : -1;
126 } else
127 return memcmp(a->blob, b->blob, a->len);
128}
129
130struct ssh_krl *
131ssh_krl_init(void)
132{
133 struct ssh_krl *krl;
134
135 if ((krl = calloc(1, sizeof(*krl))) == NULL)
136 return NULL;
137 RB_INIT(&krl->revoked_keys);
138 RB_INIT(&krl->revoked_sha1s);
139 TAILQ_INIT(&krl->revoked_certs);
140 return krl;
141}
142
143static void
144revoked_certs_free(struct revoked_certs *rc)
145{
146 struct revoked_serial *rs, *trs;
147 struct revoked_key_id *rki, *trki;
148
149 RB_FOREACH_SAFE(rs, revoked_serial_tree, &rc->revoked_serials, trs) {
150 RB_REMOVE(revoked_serial_tree, &rc->revoked_serials, rs);
151 free(rs);
152 }
153 RB_FOREACH_SAFE(rki, revoked_key_id_tree, &rc->revoked_key_ids, trki) {
154 RB_REMOVE(revoked_key_id_tree, &rc->revoked_key_ids, rki);
155 free(rki->key_id);
156 free(rki);
157 }
djm@openbsd.org669aee92015-01-30 01:10:33 +0000[diff] [blame]158 sshkey_free(rc->ca_key);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]159}
160
161void
162ssh_krl_free(struct ssh_krl *krl)
163{
164 struct revoked_blob *rb, *trb;
165 struct revoked_certs *rc, *trc;
166
167 if (krl == NULL)
168 return;
169
170 free(krl->comment);
171 RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_keys, trb) {
172 RB_REMOVE(revoked_blob_tree, &krl->revoked_keys, rb);
173 free(rb->blob);
174 free(rb);
175 }
176 RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_sha1s, trb) {
177 RB_REMOVE(revoked_blob_tree, &krl->revoked_sha1s, rb);
178 free(rb->blob);
179 free(rb);
180 }
181 TAILQ_FOREACH_SAFE(rc, &krl->revoked_certs, entry, trc) {
182 TAILQ_REMOVE(&krl->revoked_certs, rc, entry);
183 revoked_certs_free(rc);
184 }
185}
186
187void
188ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version)
189{
190 krl->krl_version = version;
191}
192
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]193int
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]194ssh_krl_set_comment(struct ssh_krl *krl, const char *comment)
195{
196 free(krl->comment);
197 if ((krl->comment = strdup(comment)) == NULL)
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]198 return SSH_ERR_ALLOC_FAIL;
199 return 0;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]200}
201
202/*
203 * Find the revoked_certs struct for a CA key. If allow_create is set then
204 * create a new one in the tree if one did not exist already.
205 */
206static int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]207revoked_certs_for_ca_key(struct ssh_krl *krl, const struct sshkey *ca_key,
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]208 struct revoked_certs **rcp, int allow_create)
209{
210 struct revoked_certs *rc;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]211 int r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]212
213 *rcp = NULL;
214 TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {
djm@openbsd.org669aee92015-01-30 01:10:33 +0000[diff] [blame]215 if ((ca_key == NULL && rc->ca_key == NULL) ||
216 sshkey_equal(rc->ca_key, ca_key)) {
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]217 *rcp = rc;
218 return 0;
219 }
220 }
221 if (!allow_create)
222 return 0;
223 /* If this CA doesn't exist in the list then add it now */
224 if ((rc = calloc(1, sizeof(*rc))) == NULL)
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]225 return SSH_ERR_ALLOC_FAIL;
djm@openbsd.org669aee92015-01-30 01:10:33 +0000[diff] [blame]226 if (ca_key == NULL)
227 rc->ca_key = NULL;
228 else if ((r = sshkey_from_private(ca_key, &rc->ca_key)) != 0) {
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]229 free(rc);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]230 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]231 }
232 RB_INIT(&rc->revoked_serials);
233 RB_INIT(&rc->revoked_key_ids);
234 TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry);
djm@openbsd.org669aee92015-01-30 01:10:33 +0000[diff] [blame]235 KRL_DBG(("%s: new CA %s", __func__,
236 ca_key == NULL ? "*" : sshkey_type(ca_key)));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]237 *rcp = rc;
238 return 0;
239}
240
241static int
242insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi)
243{
244 struct revoked_serial rs, *ers, *crs, *irs;
245
246 KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi));
Damien Miller1d2c4562014-02-04 11:18:20 +1100[diff] [blame]247 memset(&rs, 0, sizeof(rs));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]248 rs.lo = lo;
249 rs.hi = hi;
250 ers = RB_NFIND(revoked_serial_tree, rt, &rs);
251 if (ers == NULL || serial_cmp(ers, &rs) != 0) {
252 /* No entry matches. Just insert */
253 if ((irs = malloc(sizeof(rs))) == NULL)
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]254 return SSH_ERR_ALLOC_FAIL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]255 memcpy(irs, &rs, sizeof(*irs));
256 ers = RB_INSERT(revoked_serial_tree, rt, irs);
257 if (ers != NULL) {
258 KRL_DBG(("%s: bad: ers != NULL", __func__));
259 /* Shouldn't happen */
Damien Millera7522d92013-01-20 22:35:31 +1100[diff] [blame]260 free(irs);
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]261 return SSH_ERR_INTERNAL_ERROR;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]262 }
263 ers = irs;
264 } else {
265 KRL_DBG(("%s: overlap found %llu:%llu", __func__,
266 ers->lo, ers->hi));
267 /*
268 * The inserted entry overlaps an existing one. Grow the
269 * existing entry.
270 */
271 if (ers->lo > lo)
272 ers->lo = lo;
273 if (ers->hi < hi)
274 ers->hi = hi;
275 }
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]276
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]277 /*
278 * The inserted or revised range might overlap or abut adjacent ones;
279 * coalesce as necessary.
280 */
281
282 /* Check predecessors */
283 while ((crs = RB_PREV(revoked_serial_tree, rt, ers)) != NULL) {
284 KRL_DBG(("%s: pred %llu:%llu", __func__, crs->lo, crs->hi));
285 if (ers->lo != 0 && crs->hi < ers->lo - 1)
286 break;
287 /* This entry overlaps. */
288 if (crs->lo < ers->lo) {
289 ers->lo = crs->lo;
290 KRL_DBG(("%s: pred extend %llu:%llu", __func__,
291 ers->lo, ers->hi));
292 }
293 RB_REMOVE(revoked_serial_tree, rt, crs);
294 free(crs);
295 }
296 /* Check successors */
297 while ((crs = RB_NEXT(revoked_serial_tree, rt, ers)) != NULL) {
298 KRL_DBG(("%s: succ %llu:%llu", __func__, crs->lo, crs->hi));
299 if (ers->hi != (u_int64_t)-1 && crs->lo > ers->hi + 1)
300 break;
301 /* This entry overlaps. */
302 if (crs->hi > ers->hi) {
303 ers->hi = crs->hi;
304 KRL_DBG(("%s: succ extend %llu:%llu", __func__,
305 ers->lo, ers->hi));
306 }
307 RB_REMOVE(revoked_serial_tree, rt, crs);
308 free(crs);
309 }
310 KRL_DBG(("%s: done, final %llu:%llu", __func__, ers->lo, ers->hi));
311 return 0;
312}
313
314int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]315ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, const struct sshkey *ca_key,
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]316 u_int64_t serial)
317{
318 return ssh_krl_revoke_cert_by_serial_range(krl, ca_key, serial, serial);
319}
320
321int
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]322ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl,
323 const struct sshkey *ca_key, u_int64_t lo, u_int64_t hi)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]324{
325 struct revoked_certs *rc;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]326 int r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]327
328 if (lo > hi || lo == 0)
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]329 return SSH_ERR_INVALID_ARGUMENT;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]330 if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0)
331 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]332 return insert_serial_range(&rc->revoked_serials, lo, hi);
333}
334
335int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]336ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const struct sshkey *ca_key,
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]337 const char *key_id)
338{
339 struct revoked_key_id *rki, *erki;
340 struct revoked_certs *rc;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]341 int r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]342
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]343 if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0)
344 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]345
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]346 KRL_DBG(("%s: revoke %s", __func__, key_id));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]347 if ((rki = calloc(1, sizeof(*rki))) == NULL ||
348 (rki->key_id = strdup(key_id)) == NULL) {
349 free(rki);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]350 return SSH_ERR_ALLOC_FAIL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]351 }
352 erki = RB_INSERT(revoked_key_id_tree, &rc->revoked_key_ids, rki);
353 if (erki != NULL) {
354 free(rki->key_id);
355 free(rki);
356 }
357 return 0;
358}
359
360/* Convert "key" to a public key blob without any certificate information */
361static int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]362plain_key_blob(const struct sshkey *key, u_char **blob, size_t *blen)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]363{
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]364 struct sshkey *kcopy;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]365 int r;
366
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]367 if ((r = sshkey_from_private(key, &kcopy)) != 0)
368 return r;
369 if (sshkey_is_cert(kcopy)) {
370 if ((r = sshkey_drop_cert(kcopy)) != 0) {
371 sshkey_free(kcopy);
372 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]373 }
374 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]375 r = sshkey_to_blob(kcopy, blob, blen);
markus@openbsd.org905fe302015-01-12 14:05:19 +0000[diff] [blame]376 sshkey_free(kcopy);
Damien Miller86687062014-07-02 15:28:02 +1000[diff] [blame]377 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]378}
379
380/* Revoke a key blob. Ownership of blob is transferred to the tree */
381static int
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]382revoke_blob(struct revoked_blob_tree *rbt, u_char *blob, size_t len)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]383{
384 struct revoked_blob *rb, *erb;
385
386 if ((rb = calloc(1, sizeof(*rb))) == NULL)
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]387 return SSH_ERR_ALLOC_FAIL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]388 rb->blob = blob;
389 rb->len = len;
390 erb = RB_INSERT(revoked_blob_tree, rbt, rb);
391 if (erb != NULL) {
392 free(rb->blob);
393 free(rb);
394 }
395 return 0;
396}
397
398int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]399ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]400{
401 u_char *blob;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]402 size_t len;
403 int r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]404
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]405 debug3("%s: revoke type %s", __func__, sshkey_type(key));
406 if ((r = plain_key_blob(key, &blob, &len)) != 0)
407 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]408 return revoke_blob(&krl->revoked_keys, blob, len);
409}
410
411int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]412ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const struct sshkey *key)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]413{
414 u_char *blob;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]415 size_t len;
416 int r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]417
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]418 debug3("%s: revoke type %s by sha1", __func__, sshkey_type(key));
djm@openbsd.org56d1c832014-12-21 22:27:55 +0000[diff] [blame]419 if ((r = sshkey_fingerprint_raw(key, SSH_DIGEST_SHA1,
420 &blob, &len)) != 0)
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]421 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]422 return revoke_blob(&krl->revoked_sha1s, blob, len);
423}
424
425int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]426ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]427{
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]428 if (!sshkey_is_cert(key))
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]429 return ssh_krl_revoke_key_sha1(krl, key);
430
djm@openbsd.orgc28fc622015-07-03 03:43:18 +0000[diff] [blame]431 if (key->cert->serial == 0) {
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]432 return ssh_krl_revoke_cert_by_key_id(krl,
433 key->cert->signature_key,
434 key->cert->key_id);
435 } else {
436 return ssh_krl_revoke_cert_by_serial(krl,
437 key->cert->signature_key,
438 key->cert->serial);
439 }
440}
441
442/*
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]443 * Select the most compact section type to emit next in a KRL based on
444 * the current section type, the run length of contiguous revoked serial
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]445 * numbers and the gaps from the last and to the next revoked serial.
446 * Applies a mostly-accurate bit cost model to select the section type
447 * that will minimise the size of the resultant KRL.
448 */
449static int
450choose_next_state(int current_state, u_int64_t contig, int final,
451 u_int64_t last_gap, u_int64_t next_gap, int *force_new_section)
452{
453 int new_state;
454 u_int64_t cost, cost_list, cost_range, cost_bitmap, cost_bitmap_restart;
455
456 /*
457 * Avoid unsigned overflows.
458 * The limits are high enough to avoid confusing the calculations.
459 */
deraadt@openbsd.org9136ec12016-09-12 01:22:38 +0000[diff] [blame]460 contig = MINIMUM(contig, 1ULL<<31);
461 last_gap = MINIMUM(last_gap, 1ULL<<31);
462 next_gap = MINIMUM(next_gap, 1ULL<<31);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]463
464 /*
465 * Calculate the cost to switch from the current state to candidates.
466 * NB. range sections only ever contain a single range, so their
467 * switching cost is independent of the current_state.
468 */
469 cost_list = cost_bitmap = cost_bitmap_restart = 0;
470 cost_range = 8;
471 switch (current_state) {
472 case KRL_SECTION_CERT_SERIAL_LIST:
473 cost_bitmap_restart = cost_bitmap = 8 + 64;
474 break;
475 case KRL_SECTION_CERT_SERIAL_BITMAP:
476 cost_list = 8;
477 cost_bitmap_restart = 8 + 64;
478 break;
479 case KRL_SECTION_CERT_SERIAL_RANGE:
480 case 0:
481 cost_bitmap_restart = cost_bitmap = 8 + 64;
482 cost_list = 8;
483 }
484
485 /* Estimate base cost in bits of each section type */
486 cost_list += 64 * contig + (final ? 0 : 8+64);
487 cost_range += (2 * 64) + (final ? 0 : 8+64);
deraadt@openbsd.org9136ec12016-09-12 01:22:38 +0000[diff] [blame]488 cost_bitmap += last_gap + contig + (final ? 0 : MINIMUM(next_gap, 8+64));
489 cost_bitmap_restart += contig + (final ? 0 : MINIMUM(next_gap, 8+64));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]490
491 /* Convert to byte costs for actual comparison */
492 cost_list = (cost_list + 7) / 8;
493 cost_bitmap = (cost_bitmap + 7) / 8;
494 cost_bitmap_restart = (cost_bitmap_restart + 7) / 8;
495 cost_range = (cost_range + 7) / 8;
496
497 /* Now pick the best choice */
498 *force_new_section = 0;
499 new_state = KRL_SECTION_CERT_SERIAL_BITMAP;
500 cost = cost_bitmap;
501 if (cost_range < cost) {
502 new_state = KRL_SECTION_CERT_SERIAL_RANGE;
503 cost = cost_range;
504 }
505 if (cost_list < cost) {
506 new_state = KRL_SECTION_CERT_SERIAL_LIST;
507 cost = cost_list;
508 }
509 if (cost_bitmap_restart < cost) {
510 new_state = KRL_SECTION_CERT_SERIAL_BITMAP;
511 *force_new_section = 1;
512 cost = cost_bitmap_restart;
513 }
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]514 KRL_DBG(("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:"
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]515 "list %llu range %llu bitmap %llu new bitmap %llu, "
Damien Millerd677ad12013-04-23 15:18:51 +1000[diff] [blame]516 "selected 0x%02x%s", __func__, (long long unsigned)contig,
517 (long long unsigned)last_gap, (long long unsigned)next_gap, final,
518 (long long unsigned)cost_list, (long long unsigned)cost_range,
519 (long long unsigned)cost_bitmap,
520 (long long unsigned)cost_bitmap_restart, new_state,
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]521 *force_new_section ? " restart" : ""));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]522 return new_state;
523}
524
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]525static int
526put_bitmap(struct sshbuf *buf, struct bitmap *bitmap)
527{
528 size_t len;
529 u_char *blob;
530 int r;
531
532 len = bitmap_nbytes(bitmap);
533 if ((blob = malloc(len)) == NULL)
534 return SSH_ERR_ALLOC_FAIL;
535 if (bitmap_to_string(bitmap, blob, len) != 0) {
536 free(blob);
537 return SSH_ERR_INTERNAL_ERROR;
538 }
539 r = sshbuf_put_bignum2_bytes(buf, blob, len);
540 free(blob);
541 return r;
542}
543
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]544/* Generate a KRL_SECTION_CERTIFICATES KRL section */
545static int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]546revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]547{
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]548 int final, force_new_sect, r = SSH_ERR_INTERNAL_ERROR;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]549 u_int64_t i, contig, gap, last = 0, bitmap_start = 0;
550 struct revoked_serial *rs, *nrs;
551 struct revoked_key_id *rki;
552 int next_state, state = 0;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]553 struct sshbuf *sect;
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]554 struct bitmap *bitmap = NULL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]555
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]556 if ((sect = sshbuf_new()) == NULL)
557 return SSH_ERR_ALLOC_FAIL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]558
djm@openbsd.org669aee92015-01-30 01:10:33 +0000[diff] [blame]559 /* Store the header: optional CA scope key, reserved */
560 if (rc->ca_key == NULL) {
561 if ((r = sshbuf_put_string(buf, NULL, 0)) != 0)
562 goto out;
563 } else {
564 if ((r = sshkey_puts(rc->ca_key, buf)) != 0)
565 goto out;
566 }
567 if ((r = sshbuf_put_string(buf, NULL, 0)) != 0)
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]568 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]569
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]570 /* Store the revoked serials. */
571 for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials);
572 rs != NULL;
573 rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) {
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]574 KRL_DBG(("%s: serial %llu:%llu state 0x%02x", __func__,
Damien Millerd677ad12013-04-23 15:18:51 +1000[diff] [blame]575 (long long unsigned)rs->lo, (long long unsigned)rs->hi,
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]576 state));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]577
578 /* Check contiguous length and gap to next section (if any) */
579 nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs);
580 final = nrs == NULL;
581 gap = nrs == NULL ? 0 : nrs->lo - rs->hi;
582 contig = 1 + (rs->hi - rs->lo);
583
584 /* Choose next state based on these */
585 next_state = choose_next_state(state, contig, final,
586 state == 0 ? 0 : rs->lo - last, gap, &force_new_sect);
587
588 /*
589 * If the current section is a range section or has a different
590 * type to the next section, then finish it off now.
591 */
592 if (state != 0 && (force_new_sect || next_state != state ||
593 state == KRL_SECTION_CERT_SERIAL_RANGE)) {
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]594 KRL_DBG(("%s: finish state 0x%02x", __func__, state));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]595 switch (state) {
596 case KRL_SECTION_CERT_SERIAL_LIST:
597 case KRL_SECTION_CERT_SERIAL_RANGE:
598 break;
599 case KRL_SECTION_CERT_SERIAL_BITMAP:
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]600 if ((r = put_bitmap(sect, bitmap)) != 0)
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]601 goto out;
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]602 bitmap_free(bitmap);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]603 bitmap = NULL;
604 break;
605 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]606 if ((r = sshbuf_put_u8(buf, state)) != 0 ||
607 (r = sshbuf_put_stringb(buf, sect)) != 0)
608 goto out;
609 sshbuf_reset(sect);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]610 }
611
612 /* If we are starting a new section then prepare it now */
613 if (next_state != state || force_new_sect) {
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]614 KRL_DBG(("%s: start state 0x%02x", __func__,
615 next_state));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]616 state = next_state;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]617 sshbuf_reset(sect);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]618 switch (state) {
619 case KRL_SECTION_CERT_SERIAL_LIST:
620 case KRL_SECTION_CERT_SERIAL_RANGE:
621 break;
622 case KRL_SECTION_CERT_SERIAL_BITMAP:
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]623 if ((bitmap = bitmap_new()) == NULL) {
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]624 r = SSH_ERR_ALLOC_FAIL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]625 goto out;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]626 }
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]627 bitmap_start = rs->lo;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]628 if ((r = sshbuf_put_u64(sect,
629 bitmap_start)) != 0)
630 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]631 break;
632 }
633 }
634
635 /* Perform section-specific processing */
636 switch (state) {
637 case KRL_SECTION_CERT_SERIAL_LIST:
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]638 for (i = 0; i < contig; i++) {
639 if ((r = sshbuf_put_u64(sect, rs->lo + i)) != 0)
640 goto out;
641 }
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]642 break;
643 case KRL_SECTION_CERT_SERIAL_RANGE:
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]644 if ((r = sshbuf_put_u64(sect, rs->lo)) != 0 ||
645 (r = sshbuf_put_u64(sect, rs->hi)) != 0)
646 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]647 break;
648 case KRL_SECTION_CERT_SERIAL_BITMAP:
649 if (rs->lo - bitmap_start > INT_MAX) {
650 error("%s: insane bitmap gap", __func__);
651 goto out;
652 }
653 for (i = 0; i < contig; i++) {
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]654 if (bitmap_set_bit(bitmap,
655 rs->lo + i - bitmap_start) != 0) {
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]656 r = SSH_ERR_ALLOC_FAIL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]657 goto out;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]658 }
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]659 }
660 break;
661 }
662 last = rs->hi;
663 }
664 /* Flush the remaining section, if any */
665 if (state != 0) {
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]666 KRL_DBG(("%s: serial final flush for state 0x%02x",
667 __func__, state));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]668 switch (state) {
669 case KRL_SECTION_CERT_SERIAL_LIST:
670 case KRL_SECTION_CERT_SERIAL_RANGE:
671 break;
672 case KRL_SECTION_CERT_SERIAL_BITMAP:
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]673 if ((r = put_bitmap(sect, bitmap)) != 0)
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]674 goto out;
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]675 bitmap_free(bitmap);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]676 bitmap = NULL;
677 break;
678 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]679 if ((r = sshbuf_put_u8(buf, state)) != 0 ||
680 (r = sshbuf_put_stringb(buf, sect)) != 0)
681 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]682 }
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]683 KRL_DBG(("%s: serial done ", __func__));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]684
685 /* Now output a section for any revocations by key ID */
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]686 sshbuf_reset(sect);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]687 RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) {
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]688 KRL_DBG(("%s: key ID %s", __func__, rki->key_id));
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]689 if ((r = sshbuf_put_cstring(sect, rki->key_id)) != 0)
690 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]691 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]692 if (sshbuf_len(sect) != 0) {
693 if ((r = sshbuf_put_u8(buf, KRL_SECTION_CERT_KEY_ID)) != 0 ||
694 (r = sshbuf_put_stringb(buf, sect)) != 0)
695 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]696 }
697 r = 0;
698 out:
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]699 bitmap_free(bitmap);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]700 sshbuf_free(sect);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]701 return r;
702}
703
704int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]705ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
706 const struct sshkey **sign_keys, u_int nsign_keys)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]707{
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]708 int r = SSH_ERR_INTERNAL_ERROR;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]709 struct revoked_certs *rc;
710 struct revoked_blob *rb;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]711 struct sshbuf *sect;
712 u_char *sblob = NULL;
713 size_t slen, i;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]714
715 if (krl->generated_date == 0)
716 krl->generated_date = time(NULL);
717
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]718 if ((sect = sshbuf_new()) == NULL)
719 return SSH_ERR_ALLOC_FAIL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]720
721 /* Store the header */
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]722 if ((r = sshbuf_put(buf, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0 ||
723 (r = sshbuf_put_u32(buf, KRL_FORMAT_VERSION)) != 0 ||
724 (r = sshbuf_put_u64(buf, krl->krl_version)) != 0 ||
jsg@openbsd.orgf3a3ea12015-09-02 07:51:12 +0000[diff] [blame]725 (r = sshbuf_put_u64(buf, krl->generated_date)) != 0 ||
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]726 (r = sshbuf_put_u64(buf, krl->flags)) != 0 ||
727 (r = sshbuf_put_string(buf, NULL, 0)) != 0 ||
728 (r = sshbuf_put_cstring(buf, krl->comment)) != 0)
729 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]730
731 /* Store sections for revoked certificates */
732 TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]733 sshbuf_reset(sect);
734 if ((r = revoked_certs_generate(rc, sect)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]735 goto out;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]736 if ((r = sshbuf_put_u8(buf, KRL_SECTION_CERTIFICATES)) != 0 ||
737 (r = sshbuf_put_stringb(buf, sect)) != 0)
738 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]739 }
740
741 /* Finally, output sections for revocations by public key/hash */
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]742 sshbuf_reset(sect);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]743 RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) {
djm@openbsd.org4e62cc62015-01-19 17:35:48 +0000[diff] [blame]744 KRL_DBG(("%s: key len %zu ", __func__, rb->len));
markus@openbsd.org00975652015-01-12 19:22:46 +0000[diff] [blame]745 if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]746 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]747 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]748 if (sshbuf_len(sect) != 0) {
749 if ((r = sshbuf_put_u8(buf, KRL_SECTION_EXPLICIT_KEY)) != 0 ||
750 (r = sshbuf_put_stringb(buf, sect)) != 0)
751 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]752 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]753 sshbuf_reset(sect);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]754 RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) {
djm@openbsd.org4e62cc62015-01-19 17:35:48 +0000[diff] [blame]755 KRL_DBG(("%s: hash len %zu ", __func__, rb->len));
markus@openbsd.org00975652015-01-12 19:22:46 +0000[diff] [blame]756 if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]757 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]758 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]759 if (sshbuf_len(sect) != 0) {
760 if ((r = sshbuf_put_u8(buf,
761 KRL_SECTION_FINGERPRINT_SHA1)) != 0 ||
762 (r = sshbuf_put_stringb(buf, sect)) != 0)
763 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]764 }
765
766 for (i = 0; i < nsign_keys; i++) {
djm@openbsd.org60b18252015-01-26 02:59:11 +0000[diff] [blame]767 KRL_DBG(("%s: signature key %s", __func__,
768 sshkey_ssh_name(sign_keys[i])));
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]769 if ((r = sshbuf_put_u8(buf, KRL_SECTION_SIGNATURE)) != 0 ||
djm@openbsd.org60b18252015-01-26 02:59:11 +0000[diff] [blame]770 (r = sshkey_puts(sign_keys[i], buf)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]771 goto out;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]772
773 if ((r = sshkey_sign(sign_keys[i], &sblob, &slen,
markus@openbsd.org76c9fbb2015-12-04 16:41:28 +0000[diff] [blame]774 sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0)
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]775 goto out;
djm@openbsd.org4e62cc62015-01-19 17:35:48 +0000[diff] [blame]776 KRL_DBG(("%s: signature sig len %zu", __func__, slen));
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]777 if ((r = sshbuf_put_string(buf, sblob, slen)) != 0)
778 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]779 }
780
781 r = 0;
782 out:
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]783 free(sblob);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]784 sshbuf_free(sect);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]785 return r;
786}
787
788static void
789format_timestamp(u_int64_t timestamp, char *ts, size_t nts)
790{
791 time_t t;
792 struct tm *tm;
793
794 t = timestamp;
795 tm = localtime(&t);
djm@openbsd.orgb6de5ac2014-11-21 01:00:38 +0000[diff] [blame]796 if (tm == NULL)
deraadt@openbsd.orgf101d822015-01-18 14:01:00 +0000[diff] [blame]797 strlcpy(ts, "<INVALID>", nts);
djm@openbsd.orgb6de5ac2014-11-21 01:00:38 +0000[diff] [blame]798 else {
799 *ts = '\0';
800 strftime(ts, nts, "%Y%m%dT%H%M%S", tm);
801 }
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]802}
803
804static int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]805parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]806{
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]807 int r = SSH_ERR_INTERNAL_ERROR;
Damien Miller633de332014-05-15 13:48:26 +1000[diff] [blame]808 u_char type;
809 const u_char *blob;
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]810 size_t blen, nbits;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]811 struct sshbuf *subsect = NULL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]812 u_int64_t serial, serial_lo, serial_hi;
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]813 struct bitmap *bitmap = NULL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]814 char *key_id = NULL;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]815 struct sshkey *ca_key = NULL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]816
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]817 if ((subsect = sshbuf_new()) == NULL)
818 return SSH_ERR_ALLOC_FAIL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]819
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]820 /* Header: key, reserved */
821 if ((r = sshbuf_get_string_direct(buf, &blob, &blen)) != 0 ||
822 (r = sshbuf_skip_string(buf)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]823 goto out;
djm@openbsd.org669aee92015-01-30 01:10:33 +0000[diff] [blame]824 if (blen != 0 && (r = sshkey_from_blob(blob, blen, &ca_key)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]825 goto out;
826
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]827 while (sshbuf_len(buf) > 0) {
mmcc@openbsd.org52d70782015-12-11 04:21:11 +0000[diff] [blame]828 sshbuf_free(subsect);
829 subsect = NULL;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]830 if ((r = sshbuf_get_u8(buf, &type)) != 0 ||
831 (r = sshbuf_froms(buf, &subsect)) != 0)
832 goto out;
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]833 KRL_DBG(("%s: subsection type 0x%02x", __func__, type));
834 /* sshbuf_dump(subsect, stderr); */
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]835
836 switch (type) {
837 case KRL_SECTION_CERT_SERIAL_LIST:
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]838 while (sshbuf_len(subsect) > 0) {
839 if ((r = sshbuf_get_u64(subsect, &serial)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]840 goto out;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]841 if ((r = ssh_krl_revoke_cert_by_serial(krl,
842 ca_key, serial)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]843 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]844 }
845 break;
846 case KRL_SECTION_CERT_SERIAL_RANGE:
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]847 if ((r = sshbuf_get_u64(subsect, &serial_lo)) != 0 ||
848 (r = sshbuf_get_u64(subsect, &serial_hi)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]849 goto out;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]850 if ((r = ssh_krl_revoke_cert_by_serial_range(krl,
851 ca_key, serial_lo, serial_hi)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]852 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]853 break;
854 case KRL_SECTION_CERT_SERIAL_BITMAP:
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]855 if ((bitmap = bitmap_new()) == NULL) {
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]856 r = SSH_ERR_ALLOC_FAIL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]857 goto out;
858 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]859 if ((r = sshbuf_get_u64(subsect, &serial_lo)) != 0 ||
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]860 (r = sshbuf_get_bignum2_bytes_direct(subsect,
861 &blob, &blen)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]862 goto out;
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]863 if (bitmap_from_string(bitmap, blob, blen) != 0) {
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]864 r = SSH_ERR_INVALID_FORMAT;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]865 goto out;
866 }
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]867 nbits = bitmap_nbits(bitmap);
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]868 for (serial = 0; serial < (u_int64_t)nbits; serial++) {
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]869 if (serial > 0 && serial_lo + serial == 0) {
870 error("%s: bitmap wraps u64", __func__);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]871 r = SSH_ERR_INVALID_FORMAT;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]872 goto out;
873 }
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]874 if (!bitmap_test_bit(bitmap, serial))
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]875 continue;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]876 if ((r = ssh_krl_revoke_cert_by_serial(krl,
877 ca_key, serial_lo + serial)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]878 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]879 }
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]880 bitmap_free(bitmap);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]881 bitmap = NULL;
882 break;
883 case KRL_SECTION_CERT_KEY_ID:
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]884 while (sshbuf_len(subsect) > 0) {
885 if ((r = sshbuf_get_cstring(subsect,
886 &key_id, NULL)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]887 goto out;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]888 if ((r = ssh_krl_revoke_cert_by_key_id(krl,
889 ca_key, key_id)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]890 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]891 free(key_id);
892 key_id = NULL;
893 }
894 break;
895 default:
896 error("Unsupported KRL certificate section %u", type);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]897 r = SSH_ERR_INVALID_FORMAT;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]898 goto out;
899 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]900 if (sshbuf_len(subsect) > 0) {
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]901 error("KRL certificate section contains unparsed data");
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]902 r = SSH_ERR_INVALID_FORMAT;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]903 goto out;
904 }
905 }
906
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]907 r = 0;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]908 out:
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]909 if (bitmap != NULL)
djm@openbsd.orga165bab2015-01-14 15:02:39 +0000[diff] [blame]910 bitmap_free(bitmap);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]911 free(key_id);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]912 sshkey_free(ca_key);
913 sshbuf_free(subsect);
914 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]915}
916
917
918/* Attempt to parse a KRL, checking its signature (if any) with sign_ca_keys. */
919int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]920ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]921 const struct sshkey **sign_ca_keys, size_t nsign_ca_keys)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]922{
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]923 struct sshbuf *copy = NULL, *sect = NULL;
924 struct ssh_krl *krl = NULL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]925 char timestamp[64];
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]926 int r = SSH_ERR_INTERNAL_ERROR, sig_seen;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]927 struct sshkey *key = NULL, **ca_used = NULL, **tmp_ca_used;
Damien Miller633de332014-05-15 13:48:26 +1000[diff] [blame]928 u_char type, *rdata = NULL;
929 const u_char *blob;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]930 size_t i, j, sig_off, sects_off, rlen, blen, nca_used;
931 u_int format_version;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]932
Damien Miller30710702013-07-18 16:09:44 +1000[diff] [blame]933 nca_used = 0;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]934 *krlp = NULL;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]935 if (sshbuf_len(buf) < sizeof(KRL_MAGIC) - 1 ||
936 memcmp(sshbuf_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) {
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]937 debug3("%s: not a KRL", __func__);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]938 return SSH_ERR_KRL_BAD_MAGIC;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]939 }
940
941 /* Take a copy of the KRL buffer so we can verify its signature later */
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]942 if ((copy = sshbuf_fromb(buf)) == NULL) {
943 r = SSH_ERR_ALLOC_FAIL;
944 goto out;
945 }
946 if ((r = sshbuf_consume(copy, sizeof(KRL_MAGIC) - 1)) != 0)
947 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]948
949 if ((krl = ssh_krl_init()) == NULL) {
950 error("%s: alloc failed", __func__);
951 goto out;
952 }
953
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]954 if ((r = sshbuf_get_u32(copy, &format_version)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]955 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]956 if (format_version != KRL_FORMAT_VERSION) {
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]957 r = SSH_ERR_INVALID_FORMAT;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]958 goto out;
959 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]960 if ((r = sshbuf_get_u64(copy, &krl->krl_version)) != 0 ||
961 (r = sshbuf_get_u64(copy, &krl->generated_date)) != 0 ||
962 (r = sshbuf_get_u64(copy, &krl->flags)) != 0 ||
963 (r = sshbuf_skip_string(copy)) != 0 ||
964 (r = sshbuf_get_cstring(copy, &krl->comment, NULL)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]965 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]966
967 format_timestamp(krl->generated_date, timestamp, sizeof(timestamp));
Damien Millerd677ad12013-04-23 15:18:51 +1000[diff] [blame]968 debug("KRL version %llu generated at %s%s%s",
969 (long long unsigned)krl->krl_version, timestamp,
970 *krl->comment ? ": " : "", krl->comment);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]971
972 /*
973 * 1st pass: verify signatures, if any. This is done to avoid
974 * detailed parsing of data whose provenance is unverified.
975 */
976 sig_seen = 0;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]977 if (sshbuf_len(buf) < sshbuf_len(copy)) {
978 /* Shouldn't happen */
979 r = SSH_ERR_INTERNAL_ERROR;
980 goto out;
981 }
982 sects_off = sshbuf_len(buf) - sshbuf_len(copy);
983 while (sshbuf_len(copy) > 0) {
984 if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
985 (r = sshbuf_get_string_direct(copy, &blob, &blen)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]986 goto out;
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]987 KRL_DBG(("%s: first pass, section 0x%02x", __func__, type));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]988 if (type != KRL_SECTION_SIGNATURE) {
989 if (sig_seen) {
990 error("KRL contains non-signature section "
991 "after signature");
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]992 r = SSH_ERR_INVALID_FORMAT;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]993 goto out;
994 }
995 /* Not interested for now. */
996 continue;
997 }
998 sig_seen = 1;
999 /* First string component is the signing key */
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1000 if ((r = sshkey_from_blob(blob, blen, &key)) != 0) {
1001 r = SSH_ERR_INVALID_FORMAT;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1002 goto out;
1003 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1004 if (sshbuf_len(buf) < sshbuf_len(copy)) {
1005 /* Shouldn't happen */
1006 r = SSH_ERR_INTERNAL_ERROR;
1007 goto out;
1008 }
1009 sig_off = sshbuf_len(buf) - sshbuf_len(copy);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1010 /* Second string component is the signature itself */
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1011 if ((r = sshbuf_get_string_direct(copy, &blob, &blen)) != 0) {
1012 r = SSH_ERR_INVALID_FORMAT;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1013 goto out;
1014 }
1015 /* Check signature over entire KRL up to this point */
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1016 if ((r = sshkey_verify(key, blob, blen,
djm@openbsd.org04c7e282017-12-18 02:25:15 +0000[diff] [blame]1017 sshbuf_ptr(buf), sig_off, NULL, 0)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1018 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1019 /* Check if this key has already signed this KRL */
1020 for (i = 0; i < nca_used; i++) {
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1021 if (sshkey_equal(ca_used[i], key)) {
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1022 error("KRL signed more than once with "
1023 "the same key");
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]1024 r = SSH_ERR_INVALID_FORMAT;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1025 goto out;
1026 }
1027 }
1028 /* Record keys used to sign the KRL */
deraadt@openbsd.org9e509d42017-05-31 09:15:42 +0000[diff] [blame]1029 tmp_ca_used = recallocarray(ca_used, nca_used, nca_used + 1,
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1030 sizeof(*ca_used));
1031 if (tmp_ca_used == NULL) {
1032 r = SSH_ERR_ALLOC_FAIL;
1033 goto out;
1034 }
1035 ca_used = tmp_ca_used;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1036 ca_used[nca_used++] = key;
1037 key = NULL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1038 }
1039
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1040 if (sshbuf_len(copy) != 0) {
1041 /* Shouldn't happen */
1042 r = SSH_ERR_INTERNAL_ERROR;
1043 goto out;
1044 }
1045
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1046 /*
1047 * 2nd pass: parse and load the KRL, skipping the header to the point
1048 * where the section start.
1049 */
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1050 sshbuf_free(copy);
1051 if ((copy = sshbuf_fromb(buf)) == NULL) {
1052 r = SSH_ERR_ALLOC_FAIL;
1053 goto out;
1054 }
1055 if ((r = sshbuf_consume(copy, sects_off)) != 0)
1056 goto out;
1057 while (sshbuf_len(copy) > 0) {
mmcc@openbsd.org52d70782015-12-11 04:21:11 +0000[diff] [blame]1058 sshbuf_free(sect);
1059 sect = NULL;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1060 if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]1061 (r = sshbuf_froms(copy, &sect)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1062 goto out;
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]1063 KRL_DBG(("%s: second pass, section 0x%02x", __func__, type));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1064
1065 switch (type) {
1066 case KRL_SECTION_CERTIFICATES:
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1067 if ((r = parse_revoked_certs(sect, krl)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1068 goto out;
1069 break;
1070 case KRL_SECTION_EXPLICIT_KEY:
1071 case KRL_SECTION_FINGERPRINT_SHA1:
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1072 while (sshbuf_len(sect) > 0) {
1073 if ((r = sshbuf_get_string(sect,
1074 &rdata, &rlen)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1075 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1076 if (type == KRL_SECTION_FINGERPRINT_SHA1 &&
Damien Miller30710702013-07-18 16:09:44 +1000[diff] [blame]1077 rlen != 20) {
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1078 error("%s: bad SHA1 length", __func__);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1079 r = SSH_ERR_INVALID_FORMAT;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1080 goto out;
1081 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1082 if ((r = revoke_blob(
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1083 type == KRL_SECTION_EXPLICIT_KEY ?
1084 &krl->revoked_keys : &krl->revoked_sha1s,
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1085 rdata, rlen)) != 0)
Damien Miller30710702013-07-18 16:09:44 +1000[diff] [blame]1086 goto out;
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]1087 rdata = NULL; /* revoke_blob frees rdata */
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1088 }
1089 break;
1090 case KRL_SECTION_SIGNATURE:
1091 /* Handled above, but still need to stay in synch */
dtucker@openbsd.orgef653dd2017-03-10 07:18:32 +0000[diff] [blame]1092 sshbuf_free(sect);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1093 sect = NULL;
1094 if ((r = sshbuf_skip_string(copy)) != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1095 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1096 break;
1097 default:
1098 error("Unsupported KRL section %u", type);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1099 r = SSH_ERR_INVALID_FORMAT;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1100 goto out;
1101 }
djm@openbsd.org422d1b32015-12-31 00:33:52 +0000[diff] [blame]1102 if (sect != NULL && sshbuf_len(sect) > 0) {
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1103 error("KRL section contains unparsed data");
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1104 r = SSH_ERR_INVALID_FORMAT;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1105 goto out;
1106 }
1107 }
1108
1109 /* Check that the key(s) used to sign the KRL weren't revoked */
1110 sig_seen = 0;
1111 for (i = 0; i < nca_used; i++) {
1112 if (ssh_krl_check_key(krl, ca_used[i]) == 0)
1113 sig_seen = 1;
1114 else {
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1115 sshkey_free(ca_used[i]);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1116 ca_used[i] = NULL;
1117 }
1118 }
1119 if (nca_used && !sig_seen) {
1120 error("All keys used to sign KRL were revoked");
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]1121 r = SSH_ERR_KEY_REVOKED;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1122 goto out;
1123 }
1124
1125 /* If we have CA keys, then verify that one was used to sign the KRL */
1126 if (sig_seen && nsign_ca_keys != 0) {
1127 sig_seen = 0;
1128 for (i = 0; !sig_seen && i < nsign_ca_keys; i++) {
1129 for (j = 0; j < nca_used; j++) {
1130 if (ca_used[j] == NULL)
1131 continue;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1132 if (sshkey_equal(ca_used[j], sign_ca_keys[i])) {
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1133 sig_seen = 1;
1134 break;
1135 }
1136 }
1137 }
1138 if (!sig_seen) {
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1139 r = SSH_ERR_SIGNATURE_INVALID;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1140 error("KRL not signed with any trusted key");
1141 goto out;
1142 }
1143 }
1144
1145 *krlp = krl;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1146 r = 0;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1147 out:
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1148 if (r != 0)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1149 ssh_krl_free(krl);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1150 for (i = 0; i < nca_used; i++)
1151 sshkey_free(ca_used[i]);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1152 free(ca_used);
Damien Miller30710702013-07-18 16:09:44 +1000[diff] [blame]1153 free(rdata);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1154 sshkey_free(key);
1155 sshbuf_free(copy);
1156 sshbuf_free(sect);
1157 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1158}
1159
djm@openbsd.org669aee92015-01-30 01:10:33 +0000[diff] [blame]1160/* Checks certificate serial number and key ID revocation */
1161static int
1162is_cert_revoked(const struct sshkey *key, struct revoked_certs *rc)
1163{
1164 struct revoked_serial rs, *ers;
1165 struct revoked_key_id rki, *erki;
1166
1167 /* Check revocation by cert key ID */
1168 memset(&rki, 0, sizeof(rki));
1169 rki.key_id = key->cert->key_id;
1170 erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki);
1171 if (erki != NULL) {
1172 KRL_DBG(("%s: revoked by key ID", __func__));
1173 return SSH_ERR_KEY_REVOKED;
1174 }
1175
1176 /*
djm@openbsd.orgc28fc622015-07-03 03:43:18 +0000[diff] [blame]1177 * Zero serials numbers are ignored (it's the default when the
1178 * CA doesn't specify one).
djm@openbsd.org669aee92015-01-30 01:10:33 +0000[diff] [blame]1179 */
djm@openbsd.orgc28fc622015-07-03 03:43:18 +0000[diff] [blame]1180 if (key->cert->serial == 0)
djm@openbsd.org669aee92015-01-30 01:10:33 +0000[diff] [blame]1181 return 0;
1182
1183 memset(&rs, 0, sizeof(rs));
1184 rs.lo = rs.hi = key->cert->serial;
1185 ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs);
1186 if (ers != NULL) {
1187 KRL_DBG(("%s: revoked serial %llu matched %llu:%llu", __func__,
1188 key->cert->serial, ers->lo, ers->hi));
1189 return SSH_ERR_KEY_REVOKED;
1190 }
1191 return 0;
1192}
1193
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1194/* Checks whether a given key/cert is revoked. Does not check its CA */
1195static int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1196is_key_revoked(struct ssh_krl *krl, const struct sshkey *key)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1197{
1198 struct revoked_blob rb, *erb;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1199 struct revoked_certs *rc;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1200 int r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1201
1202 /* Check explicitly revoked hashes first */
Damien Miller1d2c4562014-02-04 11:18:20 +1100[diff] [blame]1203 memset(&rb, 0, sizeof(rb));
djm@openbsd.org56d1c832014-12-21 22:27:55 +0000[diff] [blame]1204 if ((r = sshkey_fingerprint_raw(key, SSH_DIGEST_SHA1,
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1205 &rb.blob, &rb.len)) != 0)
1206 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1207 erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
1208 free(rb.blob);
1209 if (erb != NULL) {
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]1210 KRL_DBG(("%s: revoked by key SHA1", __func__));
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1211 return SSH_ERR_KEY_REVOKED;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1212 }
1213
1214 /* Next, explicit keys */
Damien Miller1d2c4562014-02-04 11:18:20 +1100[diff] [blame]1215 memset(&rb, 0, sizeof(rb));
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1216 if ((r = plain_key_blob(key, &rb.blob, &rb.len)) != 0)
1217 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1218 erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
1219 free(rb.blob);
1220 if (erb != NULL) {
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]1221 KRL_DBG(("%s: revoked by explicit key", __func__));
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1222 return SSH_ERR_KEY_REVOKED;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1223 }
1224
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1225 if (!sshkey_is_cert(key))
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1226 return 0;
1227
djm@openbsd.org669aee92015-01-30 01:10:33 +0000[diff] [blame]1228 /* Check cert revocation for the specified CA */
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1229 if ((r = revoked_certs_for_ca_key(krl, key->cert->signature_key,
1230 &rc, 0)) != 0)
1231 return r;
djm@openbsd.org669aee92015-01-30 01:10:33 +0000[diff] [blame]1232 if (rc != NULL) {
1233 if ((r = is_cert_revoked(key, rc)) != 0)
1234 return r;
1235 }
1236 /* Check cert revocation for the wildcard CA */
1237 if ((r = revoked_certs_for_ca_key(krl, NULL, &rc, 0)) != 0)
1238 return r;
1239 if (rc != NULL) {
1240 if ((r = is_cert_revoked(key, rc)) != 0)
1241 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1242 }
1243
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1244 KRL_DBG(("%s: %llu no match", __func__, key->cert->serial));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1245 return 0;
1246}
1247
1248int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1249ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1250{
1251 int r;
1252
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]1253 KRL_DBG(("%s: checking key", __func__));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1254 if ((r = is_key_revoked(krl, key)) != 0)
1255 return r;
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1256 if (sshkey_is_cert(key)) {
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1257 debug2("%s: checking CA key", __func__);
1258 if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0)
1259 return r;
1260 }
djm@openbsd.orge7fd9522015-01-13 19:04:35 +0000[diff] [blame]1261 KRL_DBG(("%s: key okay", __func__));
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1262 return 0;
1263}
1264
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1265int
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1266ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1267{
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1268 struct sshbuf *krlbuf = NULL;
1269 struct ssh_krl *krl = NULL;
1270 int oerrno = 0, r, fd;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1271
1272 if (path == NULL)
1273 return 0;
1274
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1275 if ((krlbuf = sshbuf_new()) == NULL)
1276 return SSH_ERR_ALLOC_FAIL;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1277 if ((fd = open(path, O_RDONLY)) == -1) {
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1278 r = SSH_ERR_SYSTEM_ERROR;
1279 oerrno = errno;
1280 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1281 }
djm@openbsd.org1195f4c2015-01-08 10:14:08 +0000[diff] [blame]1282 if ((r = sshkey_load_file(fd, krlbuf)) != 0) {
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1283 oerrno = errno;
1284 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1285 }
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1286 if ((r = ssh_krl_from_blob(krlbuf, &krl, NULL, 0)) != 0)
1287 goto out;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1288 debug2("%s: checking KRL %s", __func__, path);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1289 r = ssh_krl_check_key(krl, key);
1290 out:
dtucker@openbsd.orgef653dd2017-03-10 07:18:32 +0000[diff] [blame]1291 if (fd != -1)
1292 close(fd);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1293 sshbuf_free(krlbuf);
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1294 ssh_krl_free(krl);
djm@openbsd.org74de2542014-12-04 01:49:59 +0000[diff] [blame]1295 if (r != 0)
1296 errno = oerrno;
1297 return r;
Damien Millerf3747bf2013-01-18 11:44:04 +1100[diff] [blame]1298}