blob: 2c615709da7a4dd2eec1896fbfcb00dc8ca91e62 [file] [log] [blame]
Darren Tucker69c01b12010-01-12 19:42:29 +11001/* $OpenBSD: authfile.c,v 1.79 2010/01/12 00:16:47 dtucker Exp $ */
Damien Millerd4a8b7e1999-10-27 13:42:43 +10002/*
Damien Miller95def091999-11-25 00:26:21 +11003 * Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller95def091999-11-25 00:26:21 +11004 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved
Damien Miller95def091999-11-25 00:26:21 +11006 * This file contains functions for reading and writing identity files, and
7 * for reading the passphrase from the user.
Damien Miller4af51302000-04-16 11:18:38 +10008 *
Damien Millere4340be2000-09-16 13:29:08 +11009 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose. Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell".
14 *
15 *
16 * Copyright (c) 2000 Markus Friedl. All rights reserved.
17 *
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted provided that the following conditions
20 * are met:
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 * 2. Redistributions in binary form must reproduce the above copyright
24 * notice, this list of conditions and the following disclaimer in the
25 * documentation and/or other materials provided with the distribution.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller95def091999-11-25 00:26:21 +110037 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100038
39#include "includes.h"
Damien Millerf17883e2006-03-15 11:45:54 +110040
41#include <sys/types.h>
42#include <sys/stat.h>
Damien Miller8dbffe72006-08-05 11:02:17 +100043#include <sys/param.h>
Damien Millerd7834352006-08-05 12:39:39 +100044#include <sys/uio.h>
Damien Millerd4a8b7e1999-10-27 13:42:43 +100045
Damien Miller0bc1bd82000-11-13 22:57:25 +110046#include <openssl/err.h>
Damien Millereba71ba2000-04-29 23:57:08 +100047#include <openssl/evp.h>
Ben Lindstrom226cfa02001-01-22 05:34:40 +000048#include <openssl/pem.h>
Damien Millereba71ba2000-04-29 23:57:08 +100049
Darren Tuckere89ed1c2009-11-05 20:43:16 +110050/* compatibility with old or broken OpenSSL versions */
51#include "openbsd-compat/openssl-compat.h"
52
Darren Tuckerba724052006-07-12 22:24:22 +100053#include <errno.h>
Damien Miller57cf6382006-07-10 21:13:46 +100054#include <fcntl.h>
Damien Millerded319c2006-09-01 15:38:36 +100055#include <stdarg.h>
Damien Millera7a73ee2006-08-05 11:37:59 +100056#include <stdio.h>
Damien Millere7a1e5c2006-08-05 11:34:19 +100057#include <stdlib.h>
Damien Millere3476ed2006-07-24 14:13:33 +100058#include <string.h>
Damien Millere6b3b612006-07-24 14:01:23 +100059#include <unistd.h>
Damien Miller57cf6382006-07-10 21:13:46 +100060
Damien Millerd4a8b7e1999-10-27 13:42:43 +100061#include "xmalloc.h"
Damien Millerd7834352006-08-05 12:39:39 +100062#include "cipher.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100063#include "buffer.h"
Damien Millereba71ba2000-04-29 23:57:08 +100064#include "key.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000065#include "ssh.h"
66#include "log.h"
Ben Lindstrom31ca54a2001-02-09 02:11:24 +000067#include "authfile.h"
Damien Miller040b64f2002-01-22 23:10:04 +110068#include "rsa.h"
Darren Tuckerf0f90982004-12-11 13:39:50 +110069#include "misc.h"
Damien Millereccb9de2005-06-17 12:59:34 +100070#include "atomicio.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100071
Ben Lindstromd0fca422001-03-26 13:44:06 +000072/* Version identification string for SSH v1 identity files. */
Ben Lindstrom1170d712001-01-29 07:51:26 +000073static const char authfile_id_string[] =
74 "SSH PRIVATE KEY FILE FORMAT 1.1\n";
Damien Millerd4a8b7e1999-10-27 13:42:43 +100075
Damien Miller5428f641999-11-25 11:54:57 +110076/*
77 * Saves the authentication (private) key in a file, encrypting it with
78 * passphrase. The identification of the file (lowest 64 bits of n) will
79 * precede the key to provide identification of the key without needing a
80 * passphrase.
81 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100082
Ben Lindstrombba81212001-06-25 05:01:22 +000083static int
Ben Lindstromd0fca422001-03-26 13:44:06 +000084key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
85 const char *comment)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100086{
Damien Miller95def091999-11-25 00:26:21 +110087 Buffer buffer, encrypted;
Damien Miller708d21c2002-01-22 23:18:15 +110088 u_char buf[100], *cp;
Damien Miller963f6b22002-02-19 15:21:23 +110089 int fd, i, cipher_num;
Damien Miller874d77b2000-10-14 16:23:11 +110090 CipherContext ciphercontext;
91 Cipher *cipher;
Darren Tucker3f9fdc72004-06-22 12:56:01 +100092 u_int32_t rnd;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100093
Damien Miller5428f641999-11-25 11:54:57 +110094 /*
95 * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
96 * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
97 */
Damien Miller963f6b22002-02-19 15:21:23 +110098 cipher_num = (strcmp(passphrase, "") == 0) ?
99 SSH_CIPHER_NONE : SSH_AUTHFILE_CIPHER;
100 if ((cipher = cipher_by_number(cipher_num)) == NULL)
Damien Miller874d77b2000-10-14 16:23:11 +1100101 fatal("save_private_key_rsa: bad cipher");
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000102
Damien Miller95def091999-11-25 00:26:21 +1100103 /* This buffer is used to built the secret part of the private key. */
104 buffer_init(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000105
Damien Miller95def091999-11-25 00:26:21 +1100106 /* Put checkbytes for checking passphrase validity. */
Darren Tucker3f9fdc72004-06-22 12:56:01 +1000107 rnd = arc4random();
108 buf[0] = rnd & 0xff;
109 buf[1] = (rnd >> 8) & 0xff;
Damien Miller95def091999-11-25 00:26:21 +1100110 buf[2] = buf[0];
111 buf[3] = buf[1];
112 buffer_append(&buffer, buf, 4);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000113
Damien Miller5428f641999-11-25 11:54:57 +1100114 /*
115 * Store the private key (n and e will not be stored because they
116 * will be stored in plain text, and storing them also in encrypted
117 * format would just give known plaintext).
118 */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000119 buffer_put_bignum(&buffer, key->rsa->d);
120 buffer_put_bignum(&buffer, key->rsa->iqmp);
121 buffer_put_bignum(&buffer, key->rsa->q); /* reverse from SSL p */
122 buffer_put_bignum(&buffer, key->rsa->p); /* reverse from SSL q */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000123
Damien Miller95def091999-11-25 00:26:21 +1100124 /* Pad the part to be encrypted until its size is a multiple of 8. */
125 while (buffer_len(&buffer) % 8 != 0)
126 buffer_put_char(&buffer, 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000127
Damien Miller95def091999-11-25 00:26:21 +1100128 /* This buffer will be used to contain the data in the file. */
129 buffer_init(&encrypted);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000130
Damien Miller95def091999-11-25 00:26:21 +1100131 /* First store keyfile id string. */
Ben Lindstrom1170d712001-01-29 07:51:26 +0000132 for (i = 0; authfile_id_string[i]; i++)
133 buffer_put_char(&encrypted, authfile_id_string[i]);
Damien Miller95def091999-11-25 00:26:21 +1100134 buffer_put_char(&encrypted, 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000135
Damien Miller95def091999-11-25 00:26:21 +1100136 /* Store cipher type. */
Damien Miller963f6b22002-02-19 15:21:23 +1100137 buffer_put_char(&encrypted, cipher_num);
Damien Miller95def091999-11-25 00:26:21 +1100138 buffer_put_int(&encrypted, 0); /* For future extension */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000139
Damien Miller95def091999-11-25 00:26:21 +1100140 /* Store public key. This will be in plain text. */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000141 buffer_put_int(&encrypted, BN_num_bits(key->rsa->n));
142 buffer_put_bignum(&encrypted, key->rsa->n);
143 buffer_put_bignum(&encrypted, key->rsa->e);
Ben Lindstrom664408d2001-06-09 01:42:01 +0000144 buffer_put_cstring(&encrypted, comment);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000145
Damien Miller95def091999-11-25 00:26:21 +1100146 /* Allocate space for the private part of the key in the buffer. */
Damien Miller5a6b4fe2001-12-21 14:56:54 +1100147 cp = buffer_append_space(&encrypted, buffer_len(&buffer));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000148
Damien Miller963f6b22002-02-19 15:21:23 +1100149 cipher_set_key_string(&ciphercontext, cipher, passphrase,
150 CIPHER_ENCRYPT);
151 cipher_crypt(&ciphercontext, cp,
Damien Miller708d21c2002-01-22 23:18:15 +1100152 buffer_ptr(&buffer), buffer_len(&buffer));
Damien Miller963f6b22002-02-19 15:21:23 +1100153 cipher_cleanup(&ciphercontext);
Damien Miller874d77b2000-10-14 16:23:11 +1100154 memset(&ciphercontext, 0, sizeof(ciphercontext));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000155
Damien Miller95def091999-11-25 00:26:21 +1100156 /* Destroy temporary data. */
157 memset(buf, 0, sizeof(buf));
158 buffer_free(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000159
Damien Miller037a0dc1999-12-07 15:38:31 +1100160 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
Ben Lindstrom15f33862001-04-16 02:00:02 +0000161 if (fd < 0) {
162 error("open %s failed: %s.", filename, strerror(errno));
Darren Tuckerd1d41b32003-09-22 21:01:27 +1000163 buffer_free(&encrypted);
Damien Miller95def091999-11-25 00:26:21 +1100164 return 0;
Ben Lindstrom15f33862001-04-16 02:00:02 +0000165 }
Damien Millereccb9de2005-06-17 12:59:34 +1000166 if (atomicio(vwrite, fd, buffer_ptr(&encrypted),
167 buffer_len(&encrypted)) != buffer_len(&encrypted)) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000168 error("write to key file %s failed: %s", filename,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100169 strerror(errno));
Damien Miller95def091999-11-25 00:26:21 +1100170 buffer_free(&encrypted);
Damien Miller037a0dc1999-12-07 15:38:31 +1100171 close(fd);
Damien Miller78315eb2000-09-29 23:01:36 +1100172 unlink(filename);
Damien Miller95def091999-11-25 00:26:21 +1100173 return 0;
174 }
Damien Miller037a0dc1999-12-07 15:38:31 +1100175 close(fd);
Damien Miller95def091999-11-25 00:26:21 +1100176 buffer_free(&encrypted);
177 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000178}
179
Ben Lindstromd0fca422001-03-26 13:44:06 +0000180/* save SSH v2 key in OpenSSL PEM format */
Ben Lindstrombba81212001-06-25 05:01:22 +0000181static int
Ben Lindstromd0fca422001-03-26 13:44:06 +0000182key_save_private_pem(Key *key, const char *filename, const char *_passphrase,
183 const char *comment)
Damien Millereba71ba2000-04-29 23:57:08 +1000184{
185 FILE *fp;
186 int fd;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100187 int success = 0;
188 int len = strlen(_passphrase);
Ben Lindstrom90fd8142002-02-26 18:09:42 +0000189 u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL;
Darren Tuckerdf6578b2009-11-07 16:03:14 +1100190#if (OPENSSL_VERSION_NUMBER < 0x00907000L)
191 const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
192#else
Darren Tuckerdfb9b712009-10-24 11:46:43 +1100193 const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
Darren Tuckerdf6578b2009-11-07 16:03:14 +1100194#endif
Damien Millereba71ba2000-04-29 23:57:08 +1000195
196 if (len > 0 && len <= 4) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000197 error("passphrase too short: have %d bytes, need > 4", len);
Damien Millereba71ba2000-04-29 23:57:08 +1000198 return 0;
199 }
200 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
201 if (fd < 0) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000202 error("open %s failed: %s.", filename, strerror(errno));
Damien Millereba71ba2000-04-29 23:57:08 +1000203 return 0;
204 }
205 fp = fdopen(fd, "w");
Damien Miller4dec5d72006-08-05 11:38:40 +1000206 if (fp == NULL) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000207 error("fdopen %s failed: %s.", filename, strerror(errno));
Damien Millereba71ba2000-04-29 23:57:08 +1000208 close(fd);
209 return 0;
210 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100211 switch (key->type) {
Ben Lindstromc1116602001-03-29 00:28:37 +0000212 case KEY_DSA:
213 success = PEM_write_DSAPrivateKey(fp, key->dsa,
214 cipher, passphrase, len, NULL, NULL);
215 break;
216 case KEY_RSA:
217 success = PEM_write_RSAPrivateKey(fp, key->rsa,
218 cipher, passphrase, len, NULL, NULL);
219 break;
Damien Millereba71ba2000-04-29 23:57:08 +1000220 }
221 fclose(fp);
222 return success;
223}
224
225int
Ben Lindstromd0fca422001-03-26 13:44:06 +0000226key_save_private(Key *key, const char *filename, const char *passphrase,
Damien Millereba71ba2000-04-29 23:57:08 +1000227 const char *comment)
228{
229 switch (key->type) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100230 case KEY_RSA1:
Ben Lindstromd0fca422001-03-26 13:44:06 +0000231 return key_save_private_rsa1(key, filename, passphrase,
232 comment);
Damien Millereba71ba2000-04-29 23:57:08 +1000233 case KEY_DSA:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100234 case KEY_RSA:
Ben Lindstromd0fca422001-03-26 13:44:06 +0000235 return key_save_private_pem(key, filename, passphrase,
236 comment);
Damien Millereba71ba2000-04-29 23:57:08 +1000237 default:
238 break;
239 }
Ben Lindstrom15f33862001-04-16 02:00:02 +0000240 error("key_save_private: cannot save key type %d", key->type);
Damien Millereba71ba2000-04-29 23:57:08 +1000241 return 0;
242}
243
Damien Miller5428f641999-11-25 11:54:57 +1100244/*
Ben Lindstromd0fca422001-03-26 13:44:06 +0000245 * Loads the public part of the ssh v1 key file. Returns NULL if an error was
246 * encountered (the file does not exist or is not readable), and the key
Damien Miller5428f641999-11-25 11:54:57 +1100247 * otherwise.
248 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000249
Ben Lindstrombba81212001-06-25 05:01:22 +0000250static Key *
Ben Lindstromd0fca422001-03-26 13:44:06 +0000251key_load_public_rsa1(int fd, const char *filename, char **commentp)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000252{
Damien Miller95def091999-11-25 00:26:21 +1100253 Buffer buffer;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000254 Key *pub;
Ben Lindstrom44adb8f2002-12-23 02:00:23 +0000255 struct stat st;
Damien Miller95def091999-11-25 00:26:21 +1100256 char *cp;
Damien Millereccb9de2005-06-17 12:59:34 +1000257 u_int i;
Darren Tucker1f8311c2004-05-13 16:39:33 +1000258 size_t len;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000259
Ben Lindstrom44adb8f2002-12-23 02:00:23 +0000260 if (fstat(fd, &st) < 0) {
261 error("fstat for key file %.200s failed: %.100s",
262 filename, strerror(errno));
263 return NULL;
264 }
Darren Tuckerf4b43712004-08-29 16:28:39 +1000265 if (st.st_size > 1*1024*1024) {
266 error("key file %.200s too large", filename);
267 return NULL;
268 }
Darren Tucker1f8311c2004-05-13 16:39:33 +1000269 len = (size_t)st.st_size; /* truncated */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000270
Damien Miller95def091999-11-25 00:26:21 +1100271 buffer_init(&buffer);
Damien Miller5a6b4fe2001-12-21 14:56:54 +1100272 cp = buffer_append_space(&buffer, len);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000273
Damien Millereccb9de2005-06-17 12:59:34 +1000274 if (atomicio(read, fd, cp, len) != len) {
Damien Miller95def091999-11-25 00:26:21 +1100275 debug("Read from key file %.200s failed: %.100s", filename,
Damien Millereba71ba2000-04-29 23:57:08 +1000276 strerror(errno));
Damien Miller95def091999-11-25 00:26:21 +1100277 buffer_free(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000278 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100279 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000280
Ben Lindstrom1170d712001-01-29 07:51:26 +0000281 /* Check that it is at least big enough to contain the ID string. */
282 if (len < sizeof(authfile_id_string)) {
Damien Miller058655c2001-10-10 15:03:36 +1000283 debug3("Not a RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100284 buffer_free(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000285 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100286 }
Damien Miller5428f641999-11-25 11:54:57 +1100287 /*
288 * Make sure it begins with the id string. Consume the id string
289 * from the buffer.
290 */
Ben Lindstrom1170d712001-01-29 07:51:26 +0000291 for (i = 0; i < sizeof(authfile_id_string); i++)
292 if (buffer_get_char(&buffer) != authfile_id_string[i]) {
Damien Miller058655c2001-10-10 15:03:36 +1000293 debug3("Not a RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100294 buffer_free(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000295 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100296 }
297 /* Skip cipher type and reserved data. */
298 (void) buffer_get_char(&buffer); /* cipher type */
299 (void) buffer_get_int(&buffer); /* reserved */
300
301 /* Read the public key from the buffer. */
Ben Lindstromc5a7f4f2002-06-25 23:19:13 +0000302 (void) buffer_get_int(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000303 pub = key_new(KEY_RSA1);
304 buffer_get_bignum(&buffer, pub->rsa->n);
305 buffer_get_bignum(&buffer, pub->rsa->e);
306 if (commentp)
307 *commentp = buffer_get_string(&buffer, NULL);
Damien Miller95def091999-11-25 00:26:21 +1100308 /* The encrypted private part is not parsed by this function. */
309
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000310 buffer_free(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000311 return pub;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000312}
313
Ben Lindstromd0fca422001-03-26 13:44:06 +0000314/* load public key from private-key file, works only for SSH v1 */
315Key *
316key_load_public_type(int type, const char *filename, char **commentp)
Damien Millereba71ba2000-04-29 23:57:08 +1000317{
Ben Lindstromd0fca422001-03-26 13:44:06 +0000318 Key *pub;
319 int fd;
320
321 if (type == KEY_RSA1) {
322 fd = open(filename, O_RDONLY);
323 if (fd < 0)
324 return NULL;
325 pub = key_load_public_rsa1(fd, filename, commentp);
326 close(fd);
327 return pub;
Damien Millereba71ba2000-04-29 23:57:08 +1000328 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000329 return NULL;
Damien Millereba71ba2000-04-29 23:57:08 +1000330}
331
Damien Miller5428f641999-11-25 11:54:57 +1100332/*
333 * Loads the private key from the file. Returns 0 if an error is encountered
334 * (file does not exist or is not readable, or passphrase is bad). This
335 * initializes the private key.
336 * Assumes we are called under uid of the owner of the file.
337 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000338
Ben Lindstrombba81212001-06-25 05:01:22 +0000339static Key *
Ben Lindstromd0fca422001-03-26 13:44:06 +0000340key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
341 char **commentp)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000342{
Damien Millereccb9de2005-06-17 12:59:34 +1000343 u_int i;
344 int check1, check2, cipher_type;
Darren Tucker1f8311c2004-05-13 16:39:33 +1000345 size_t len;
Damien Miller95def091999-11-25 00:26:21 +1100346 Buffer buffer, decrypted;
Damien Miller708d21c2002-01-22 23:18:15 +1100347 u_char *cp;
Damien Miller874d77b2000-10-14 16:23:11 +1100348 CipherContext ciphercontext;
349 Cipher *cipher;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000350 Key *prv = NULL;
Ben Lindstrom44adb8f2002-12-23 02:00:23 +0000351 struct stat st;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000352
Ben Lindstrom44adb8f2002-12-23 02:00:23 +0000353 if (fstat(fd, &st) < 0) {
354 error("fstat for key file %.200s failed: %.100s",
355 filename, strerror(errno));
356 close(fd);
357 return NULL;
358 }
Darren Tucker1f8311c2004-05-13 16:39:33 +1000359 if (st.st_size > 1*1024*1024) {
Darren Tuckerf4b43712004-08-29 16:28:39 +1000360 error("key file %.200s too large", filename);
Darren Tucker1f8311c2004-05-13 16:39:33 +1000361 close(fd);
362 return (NULL);
363 }
364 len = (size_t)st.st_size; /* truncated */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000365
Damien Miller95def091999-11-25 00:26:21 +1100366 buffer_init(&buffer);
Damien Miller5a6b4fe2001-12-21 14:56:54 +1100367 cp = buffer_append_space(&buffer, len);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000368
Damien Millereccb9de2005-06-17 12:59:34 +1000369 if (atomicio(read, fd, cp, len) != len) {
Damien Miller95def091999-11-25 00:26:21 +1100370 debug("Read from key file %.200s failed: %.100s", filename,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100371 strerror(errno));
Damien Miller95def091999-11-25 00:26:21 +1100372 buffer_free(&buffer);
Damien Miller037a0dc1999-12-07 15:38:31 +1100373 close(fd);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000374 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100375 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000376
Ben Lindstrom1170d712001-01-29 07:51:26 +0000377 /* Check that it is at least big enough to contain the ID string. */
378 if (len < sizeof(authfile_id_string)) {
Damien Miller058655c2001-10-10 15:03:36 +1000379 debug3("Not a RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100380 buffer_free(&buffer);
Ben Lindstromb257cca2001-03-05 04:59:27 +0000381 close(fd);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000382 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100383 }
Damien Miller5428f641999-11-25 11:54:57 +1100384 /*
385 * Make sure it begins with the id string. Consume the id string
386 * from the buffer.
387 */
Ben Lindstrom1170d712001-01-29 07:51:26 +0000388 for (i = 0; i < sizeof(authfile_id_string); i++)
389 if (buffer_get_char(&buffer) != authfile_id_string[i]) {
Damien Miller058655c2001-10-10 15:03:36 +1000390 debug3("Not a RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100391 buffer_free(&buffer);
Ben Lindstromb257cca2001-03-05 04:59:27 +0000392 close(fd);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000393 return NULL;
Damien Miller95def091999-11-25 00:26:21 +1100394 }
Ben Lindstromb257cca2001-03-05 04:59:27 +0000395
Damien Miller95def091999-11-25 00:26:21 +1100396 /* Read cipher type. */
397 cipher_type = buffer_get_char(&buffer);
398 (void) buffer_get_int(&buffer); /* Reserved data. */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000399
Damien Miller95def091999-11-25 00:26:21 +1100400 /* Read the public key from the buffer. */
Ben Lindstromc5a7f4f2002-06-25 23:19:13 +0000401 (void) buffer_get_int(&buffer);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000402 prv = key_new_private(KEY_RSA1);
403
404 buffer_get_bignum(&buffer, prv->rsa->n);
405 buffer_get_bignum(&buffer, prv->rsa->e);
406 if (commentp)
407 *commentp = buffer_get_string(&buffer, NULL);
Damien Miller95def091999-11-25 00:26:21 +1100408 else
409 xfree(buffer_get_string(&buffer, NULL));
410
411 /* Check that it is a supported cipher. */
Damien Miller874d77b2000-10-14 16:23:11 +1100412 cipher = cipher_by_number(cipher_type);
413 if (cipher == NULL) {
414 debug("Unsupported cipher %d used in key file %.200s.",
415 cipher_type, filename);
Damien Miller95def091999-11-25 00:26:21 +1100416 buffer_free(&buffer);
417 goto fail;
418 }
419 /* Initialize space for decrypted data. */
420 buffer_init(&decrypted);
Damien Miller5a6b4fe2001-12-21 14:56:54 +1100421 cp = buffer_append_space(&decrypted, buffer_len(&buffer));
Damien Miller95def091999-11-25 00:26:21 +1100422
423 /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
Damien Miller963f6b22002-02-19 15:21:23 +1100424 cipher_set_key_string(&ciphercontext, cipher, passphrase,
425 CIPHER_DECRYPT);
426 cipher_crypt(&ciphercontext, cp,
Damien Miller708d21c2002-01-22 23:18:15 +1100427 buffer_ptr(&buffer), buffer_len(&buffer));
Damien Miller963f6b22002-02-19 15:21:23 +1100428 cipher_cleanup(&ciphercontext);
Damien Miller874d77b2000-10-14 16:23:11 +1100429 memset(&ciphercontext, 0, sizeof(ciphercontext));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000430 buffer_free(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000431
Damien Miller95def091999-11-25 00:26:21 +1100432 check1 = buffer_get_char(&decrypted);
433 check2 = buffer_get_char(&decrypted);
434 if (check1 != buffer_get_char(&decrypted) ||
435 check2 != buffer_get_char(&decrypted)) {
436 if (strcmp(passphrase, "") != 0)
Ben Lindstromd0fca422001-03-26 13:44:06 +0000437 debug("Bad passphrase supplied for key file %.200s.",
438 filename);
Damien Miller95def091999-11-25 00:26:21 +1100439 /* Bad passphrase. */
440 buffer_free(&decrypted);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000441 goto fail;
Damien Miller95def091999-11-25 00:26:21 +1100442 }
443 /* Read the rest of the private key. */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000444 buffer_get_bignum(&decrypted, prv->rsa->d);
445 buffer_get_bignum(&decrypted, prv->rsa->iqmp); /* u */
446 /* in SSL and SSH v1 p and q are exchanged */
447 buffer_get_bignum(&decrypted, prv->rsa->q); /* p */
448 buffer_get_bignum(&decrypted, prv->rsa->p); /* q */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000449
Ben Lindstromd0fca422001-03-26 13:44:06 +0000450 /* calculate p-1 and q-1 */
Damien Millerda755162002-01-22 23:09:22 +1100451 rsa_generate_additional_parameters(prv->rsa);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000452
Damien Miller95def091999-11-25 00:26:21 +1100453 buffer_free(&decrypted);
Damien Millered33d3b2003-03-15 11:36:18 +1100454
455 /* enable blinding */
456 if (RSA_blinding_on(prv->rsa, NULL) != 1) {
457 error("key_load_private_rsa1: RSA_blinding_on failed");
458 goto fail;
459 }
Ben Lindstromb257cca2001-03-05 04:59:27 +0000460 close(fd);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000461 return prv;
462
463fail:
464 if (commentp)
465 xfree(*commentp);
466 close(fd);
467 key_free(prv);
468 return NULL;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000469}
Damien Millereba71ba2000-04-29 23:57:08 +1000470
Ben Lindstrom1bad2562002-06-06 19:57:33 +0000471Key *
Ben Lindstromd0fca422001-03-26 13:44:06 +0000472key_load_private_pem(int fd, int type, const char *passphrase,
473 char **commentp)
Damien Millereba71ba2000-04-29 23:57:08 +1000474{
Damien Millereba71ba2000-04-29 23:57:08 +1000475 FILE *fp;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100476 EVP_PKEY *pk = NULL;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000477 Key *prv = NULL;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100478 char *name = "<no key>";
Damien Millereba71ba2000-04-29 23:57:08 +1000479
Damien Millereba71ba2000-04-29 23:57:08 +1000480 fp = fdopen(fd, "r");
481 if (fp == NULL) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000482 error("fdopen failed: %s", strerror(errno));
Ben Lindstromb257cca2001-03-05 04:59:27 +0000483 close(fd);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000484 return NULL;
Damien Millereba71ba2000-04-29 23:57:08 +1000485 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100486 pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
487 if (pk == NULL) {
Ben Lindstrom648772f2001-04-19 20:47:10 +0000488 debug("PEM_read_PrivateKey failed");
Damien Miller0bc1bd82000-11-13 22:57:25 +1100489 (void)ERR_get_error();
Ben Lindstromd0fca422001-03-26 13:44:06 +0000490 } else if (pk->type == EVP_PKEY_RSA &&
Damien Miller9f0f5c62001-12-21 14:45:46 +1100491 (type == KEY_UNSPEC||type==KEY_RSA)) {
Ben Lindstromd0fca422001-03-26 13:44:06 +0000492 prv = key_new(KEY_UNSPEC);
493 prv->rsa = EVP_PKEY_get1_RSA(pk);
494 prv->type = KEY_RSA;
495 name = "rsa w/o comment";
Damien Miller0bc1bd82000-11-13 22:57:25 +1100496#ifdef DEBUG_PK
Ben Lindstromd0fca422001-03-26 13:44:06 +0000497 RSA_print_fp(stderr, prv->rsa, 8);
Damien Millereba71ba2000-04-29 23:57:08 +1000498#endif
Damien Millered33d3b2003-03-15 11:36:18 +1100499 if (RSA_blinding_on(prv->rsa, NULL) != 1) {
500 error("key_load_private_pem: RSA_blinding_on failed");
501 key_free(prv);
502 prv = NULL;
503 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000504 } else if (pk->type == EVP_PKEY_DSA &&
Damien Miller9f0f5c62001-12-21 14:45:46 +1100505 (type == KEY_UNSPEC||type==KEY_DSA)) {
Ben Lindstromd0fca422001-03-26 13:44:06 +0000506 prv = key_new(KEY_UNSPEC);
507 prv->dsa = EVP_PKEY_get1_DSA(pk);
508 prv->type = KEY_DSA;
509 name = "dsa w/o comment";
Damien Miller0bc1bd82000-11-13 22:57:25 +1100510#ifdef DEBUG_PK
Ben Lindstromd0fca422001-03-26 13:44:06 +0000511 DSA_print_fp(stderr, prv->dsa, 8);
Damien Miller0bc1bd82000-11-13 22:57:25 +1100512#endif
Damien Miller0bc1bd82000-11-13 22:57:25 +1100513 } else {
514 error("PEM_read_PrivateKey: mismatch or "
515 "unknown EVP_PKEY save_type %d", pk->save_type);
516 }
517 fclose(fp);
518 if (pk != NULL)
519 EVP_PKEY_free(pk);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000520 if (prv != NULL && commentp)
521 *commentp = xstrdup(name);
522 debug("read PEM private key done: type %s",
523 prv ? key_type(prv) : "<unknown>");
524 return prv;
Damien Millereba71ba2000-04-29 23:57:08 +1000525}
526
Damien Miller8275fad2006-03-15 12:06:23 +1100527int
Ben Lindstromd0fca422001-03-26 13:44:06 +0000528key_perm_ok(int fd, const char *filename)
Damien Millereba71ba2000-04-29 23:57:08 +1000529{
Damien Millereba71ba2000-04-29 23:57:08 +1000530 struct stat st;
531
Ben Lindstrom7aff2612001-09-23 13:53:22 +0000532 if (fstat(fd, &st) < 0)
533 return 0;
534 /*
535 * if a key owned by the user is accessed, then we check the
536 * permissions of the file. if the key owned by a different user,
537 * then we don't care.
538 */
Damien Millerb70b61f2000-09-16 16:25:12 +1100539#ifdef HAVE_CYGWIN
Damien Millercb5e44a2000-09-29 12:12:36 +1100540 if (check_ntsec(filename))
Damien Millerb70b61f2000-09-16 16:25:12 +1100541#endif
Ben Lindstrom7aff2612001-09-23 13:53:22 +0000542 if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
Damien Millereba71ba2000-04-29 23:57:08 +1000543 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
544 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
545 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
Ben Lindstrom7aff2612001-09-23 13:53:22 +0000546 error("Permissions 0%3.3o for '%s' are too open.",
Damien Miller04bd8b02003-05-25 14:38:33 +1000547 (u_int)st.st_mode & 0777, filename);
Damien Millereba71ba2000-04-29 23:57:08 +1000548 error("It is recommended that your private key files are NOT accessible by others.");
Ben Lindstromd0fca422001-03-26 13:44:06 +0000549 error("This private key will be ignored.");
Damien Millereba71ba2000-04-29 23:57:08 +1000550 return 0;
551 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000552 return 1;
553}
Ben Lindstromb257cca2001-03-05 04:59:27 +0000554
Ben Lindstromd0fca422001-03-26 13:44:06 +0000555Key *
556key_load_private_type(int type, const char *filename, const char *passphrase,
Darren Tucker232b76f2006-05-06 17:41:51 +1000557 char **commentp, int *perm_ok)
Ben Lindstromd0fca422001-03-26 13:44:06 +0000558{
559 int fd;
560
561 fd = open(filename, O_RDONLY);
Darren Tuckerd4c86b12010-01-12 19:41:22 +1100562 if (fd < 0) {
563 debug("could not open key file '%s': %s", filename,
564 strerror(errno));
565 if (perm_ok != NULL)
566 *perm_ok = 0;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000567 return NULL;
Darren Tucker69c01b12010-01-12 19:42:29 +1100568 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000569 if (!key_perm_ok(fd, filename)) {
Darren Tucker232b76f2006-05-06 17:41:51 +1000570 if (perm_ok != NULL)
571 *perm_ok = 0;
Ben Lindstrom15f33862001-04-16 02:00:02 +0000572 error("bad permissions: ignore key: %s", filename);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000573 close(fd);
574 return NULL;
575 }
Darren Tucker232b76f2006-05-06 17:41:51 +1000576 if (perm_ok != NULL)
577 *perm_ok = 1;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000578 switch (type) {
579 case KEY_RSA1:
580 return key_load_private_rsa1(fd, filename, passphrase,
581 commentp);
582 /* closes fd */
Damien Millereba71ba2000-04-29 23:57:08 +1000583 case KEY_DSA:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100584 case KEY_RSA:
585 case KEY_UNSPEC:
Ben Lindstromd0fca422001-03-26 13:44:06 +0000586 return key_load_private_pem(fd, type, passphrase, commentp);
587 /* closes fd */
Damien Millereba71ba2000-04-29 23:57:08 +1000588 default:
Ben Lindstromb257cca2001-03-05 04:59:27 +0000589 close(fd);
Damien Millereba71ba2000-04-29 23:57:08 +1000590 break;
591 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000592 return NULL;
593}
594
595Key *
596key_load_private(const char *filename, const char *passphrase,
597 char **commentp)
598{
Ben Lindstrom322915d2001-06-05 20:46:32 +0000599 Key *pub, *prv;
Ben Lindstromd0fca422001-03-26 13:44:06 +0000600 int fd;
601
602 fd = open(filename, O_RDONLY);
Darren Tuckerd4c86b12010-01-12 19:41:22 +1100603 if (fd < 0) {
604 debug("could not open key file '%s': %s", filename,
605 strerror(errno));
Ben Lindstromd0fca422001-03-26 13:44:06 +0000606 return NULL;
Darren Tuckerd4c86b12010-01-12 19:41:22 +1100607 }
Ben Lindstromd0fca422001-03-26 13:44:06 +0000608 if (!key_perm_ok(fd, filename)) {
Ben Lindstrom15f33862001-04-16 02:00:02 +0000609 error("bad permissions: ignore key: %s", filename);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000610 close(fd);
611 return NULL;
612 }
613 pub = key_load_public_rsa1(fd, filename, commentp);
614 lseek(fd, (off_t) 0, SEEK_SET); /* rewind */
615 if (pub == NULL) {
616 /* closes fd */
Ben Lindstrom322915d2001-06-05 20:46:32 +0000617 prv = key_load_private_pem(fd, KEY_UNSPEC, passphrase, NULL);
618 /* use the filename as a comment for PEM */
619 if (commentp && prv)
Ben Lindstrom2d0356f2001-06-05 21:13:57 +0000620 *commentp = xstrdup(filename);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000621 } else {
622 /* it's a SSH v1 key if the public key part is readable */
623 key_free(pub);
624 /* closes fd */
Ben Lindstrom322915d2001-06-05 20:46:32 +0000625 prv = key_load_private_rsa1(fd, filename, passphrase, NULL);
Ben Lindstromd0fca422001-03-26 13:44:06 +0000626 }
Ben Lindstrom322915d2001-06-05 20:46:32 +0000627 return prv;
Damien Millereba71ba2000-04-29 23:57:08 +1000628}
Damien Millere4340be2000-09-16 13:29:08 +1100629
Ben Lindstrombba81212001-06-25 05:01:22 +0000630static int
Ben Lindstromd0fca422001-03-26 13:44:06 +0000631key_try_load_public(Key *k, const char *filename, char **commentp)
Damien Millere4340be2000-09-16 13:29:08 +1100632{
633 FILE *f;
Darren Tucker22cc7412004-12-06 22:47:41 +1100634 char line[SSH_MAX_PUBKEY_BYTES];
Damien Millere4340be2000-09-16 13:29:08 +1100635 char *cp;
Darren Tuckerf0f90982004-12-11 13:39:50 +1100636 u_long linenum = 0;
Damien Millere4340be2000-09-16 13:29:08 +1100637
638 f = fopen(filename, "r");
639 if (f != NULL) {
Darren Tucker22cc7412004-12-06 22:47:41 +1100640 while (read_keyfile_line(f, filename, line, sizeof(line),
641 &linenum) != -1) {
Damien Millere4340be2000-09-16 13:29:08 +1100642 cp = line;
Ben Lindstrom1c37c6a2001-12-06 18:00:18 +0000643 switch (*cp) {
Damien Millere4340be2000-09-16 13:29:08 +1100644 case '#':
645 case '\n':
646 case '\0':
647 continue;
648 }
649 /* Skip leading whitespace. */
650 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
651 ;
652 if (*cp) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100653 if (key_read(k, &cp) == 1) {
Damien Millere4340be2000-09-16 13:29:08 +1100654 if (commentp)
655 *commentp=xstrdup(filename);
656 fclose(f);
657 return 1;
658 }
659 }
660 }
661 fclose(f);
662 }
663 return 0;
664}
665
Ben Lindstromd0fca422001-03-26 13:44:06 +0000666/* load public key from ssh v1 private or any pubkey file */
667Key *
668key_load_public(const char *filename, char **commentp)
Damien Millere4340be2000-09-16 13:29:08 +1100669{
Ben Lindstromd0fca422001-03-26 13:44:06 +0000670 Key *pub;
671 char file[MAXPATHLEN];
Damien Millere4340be2000-09-16 13:29:08 +1100672
Damien Millerdb274722003-05-14 13:45:22 +1000673 /* try rsa1 private key */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000674 pub = key_load_public_type(KEY_RSA1, filename, commentp);
675 if (pub != NULL)
676 return pub;
Damien Millerdb274722003-05-14 13:45:22 +1000677
678 /* try rsa1 public key */
679 pub = key_new(KEY_RSA1);
680 if (key_try_load_public(pub, filename, commentp) == 1)
681 return pub;
682 key_free(pub);
683
684 /* try ssh2 public key */
Ben Lindstromd0fca422001-03-26 13:44:06 +0000685 pub = key_new(KEY_UNSPEC);
686 if (key_try_load_public(pub, filename, commentp) == 1)
687 return pub;
688 if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
689 (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
690 (key_try_load_public(pub, file, commentp) == 1))
691 return pub;
692 key_free(pub);
693 return NULL;
Damien Millere4340be2000-09-16 13:29:08 +1100694}