1 files changed, 651 insertions, 0 deletions
diff --git a/other/ssharp/authfile.c b/other/ssharp/authfile.c
new file mode 100644
index 0000000..1963a10
--- /dev/null
+++ b/other/ssharp/authfile.c
@@ -0,0 +1,651 @@
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ *                    All rights reserved
+ * This file contains functions for reading and writing identity files, and
+ * for reading the passphrase from the user.
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose.  Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ *
+ *
+ * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+RCSID("$OpenBSD: authfile.c,v 1.32 2001/04/18 23:44:51 markus Exp $");
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include "cipher.h"
+#include "xmalloc.h"
+#include "buffer.h"
+#include "bufaux.h"
+#include "key.h"
+#include "ssh.h"
+#include "log.h"
+#include "authfile.h"
+/* Version identification string for SSH v1 identity files. */
+static const char authfile_id_string[] =
+    "SSH PRIVATE KEY FILE FORMAT 1.1\n";
+/*
+ * Saves the authentication (private) key in a file, encrypting it with
+ * passphrase.  The identification of the file (lowest 64 bits of n) will
+ * precede the key to provide identification of the key without needing a
+ * passphrase.
+ */
+#include "readconf.h"
+extern Options options;
+int
+key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
+    const char *comment)
+{
+        Buffer buffer, encrypted;
+        char buf[100], *cp;
+        int fd, i;
+        CipherContext ciphercontext;
+        Cipher *cipher;
+        u_int32_t rand;
+        /*
+         * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
+         * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
+         */
+        if (strcmp(passphrase, "") == 0)
+                cipher = cipher_by_number(SSH_CIPHER_NONE);
+        else
+                cipher = cipher_by_number(SSH_AUTHFILE_CIPHER);
+        if (cipher == NULL)
+                fatal("save_private_key_rsa: bad cipher");
+        /* This buffer is used to built the secret part of the private key. */
+        buffer_init(&buffer);
+        /* Put checkbytes for checking passphrase validity. */
+        rand = arc4random();
+        buf[0] = rand & 0xff;
+        buf[1] = (rand >> 8) & 0xff;
+        buf[2] = buf[0];
+        buf[3] = buf[1];
+        buffer_append(&buffer, buf, 4);
+        /*
+         * Store the private key (n and e will not be stored because they
+         * will be stored in plain text, and storing them also in encrypted
+         * format would just give known plaintext).
+         */
+        buffer_put_bignum(&buffer, key->rsa->d);
+        buffer_put_bignum(&buffer, key->rsa->iqmp);
+        buffer_put_bignum(&buffer, key->rsa->q);        /* reverse from SSL p */
+        buffer_put_bignum(&buffer, key->rsa->p);        /* reverse from SSL q */
+        /* Pad the part to be encrypted until its size is a multiple of 8. */
+        while (buffer_len(&buffer) % 8 != 0)
+                buffer_put_char(&buffer, 0);
+        /* This buffer will be used to contain the data in the file. */
+        buffer_init(&encrypted);
+        /* First store keyfile id string. */
+        for (i = 0; authfile_id_string[i]; i++)
+                buffer_put_char(&encrypted, authfile_id_string[i]);
+        buffer_put_char(&encrypted, 0);
+        /* Store cipher type. */
+        buffer_put_char(&encrypted, cipher->number);
+        buffer_put_int(&encrypted, 0);  /* For future extension */
+        /* Store public key.  This will be in plain text. */
+        buffer_put_int(&encrypted, BN_num_bits(key->rsa->n));
+        buffer_put_bignum(&encrypted, key->rsa->n);
+        buffer_put_bignum(&encrypted, key->rsa->e);
+        buffer_put_string(&encrypted, comment, strlen(comment));
+        /* Allocate space for the private part of the key in the buffer. */
+        buffer_append_space(&encrypted, &cp, buffer_len(&buffer));
+        cipher_set_key_string(&ciphercontext, cipher, passphrase);
+        cipher_encrypt(&ciphercontext, (u_char *) cp,
+            (u_char *) buffer_ptr(&buffer), buffer_len(&buffer));
+        memset(&ciphercontext, 0, sizeof(ciphercontext));
+        /* Destroy temporary data. */
+        memset(buf, 0, sizeof(buf));
+        buffer_free(&buffer);
+        fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+        if (fd < 0) {
+                error("open %s failed: %s.", filename, strerror(errno));
+                return 0;
+        }
+        if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
+            buffer_len(&encrypted)) {
+                error("write to key file %s failed: %s", filename,
+                      strerror(errno));
+                buffer_free(&encrypted);
+                close(fd);
+                unlink(filename);
+                return 0;
+        }
+        close(fd);
+        buffer_free(&encrypted);
+        return 1;
+}
+/* save SSH v2 key in OpenSSL PEM format */
+int
+key_save_private_pem(Key *key, const char *filename, const char *_passphrase,
+    const char *comment)
+{
+        FILE *fp;
+        int fd;
+        int success = 0;
+        int len = strlen(_passphrase);
+        char *passphrase = (len > 0) ? (char *)_passphrase : NULL;
+        EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
+        if (len > 0 && len <= 4) {
+                error("passphrase too short: have %d bytes, need > 4", len);
+                return 0;
+        }
+        fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+        if (fd < 0) {
+                error("open %s failed: %s.", filename, strerror(errno));
+                return 0;
+        }
+        fp = fdopen(fd, "w");
+        if (fp == NULL ) {
+                error("fdopen %s failed: %s.", filename, strerror(errno));
+                close(fd);
+                return 0;
+        }
+        switch (key->type) {
+        case KEY_DSA:
+                success = PEM_write_DSAPrivateKey(fp, key->dsa,
+                    cipher, passphrase, len, NULL, NULL);
+                break;
+        case KEY_RSA:
+                success = PEM_write_RSAPrivateKey(fp, key->rsa,
+                    cipher, passphrase, len, NULL, NULL);
+                break;
+        }
+        fclose(fp);
+        return success;
+}
+int
+key_save_private(Key *key, const char *filename, const char *passphrase,
+    const char *comment)
+{
+        switch (key->type) {
+        case KEY_RSA1:
+                return key_save_private_rsa1(key, filename, passphrase,
+                    comment);
+                break;
+        case KEY_DSA:
+        case KEY_RSA:
+                return key_save_private_pem(key, filename, passphrase,
+                    comment);
+                break;
+        default:
+                break;
+        }
+        error("key_save_private: cannot save key type %d", key->type);
+        return 0;
+}
+/*
+ * Loads the public part of the ssh v1 key file.  Returns NULL if an error was
+ * encountered (the file does not exist or is not readable), and the key
+ * otherwise.
+ */
+Key *
+key_load_public_rsa1(int fd, const char *filename, char **commentp)
+{
+        Buffer buffer;
+        Key *pub;
+        char *cp;
+        int i;
+        off_t len;
+        len = lseek(fd, (off_t) 0, SEEK_END);
+        lseek(fd, (off_t) 0, SEEK_SET);
+        buffer_init(&buffer);
+        buffer_append_space(&buffer, &cp, len);
+        if (read(fd, cp, (size_t) len) != (size_t) len) {
+                debug("Read from key file %.200s failed: %.100s", filename,
+                    strerror(errno));
+                buffer_free(&buffer);
+                return NULL;
+        }
+        /* Check that it is at least big enough to contain the ID string. */
+        if (len < sizeof(authfile_id_string)) {
+                debug3("No RSA1 key file %.200s.", filename);
+                buffer_free(&buffer);
+                return NULL;
+        }
+        /*
+         * Make sure it begins with the id string.  Consume the id string
+         * from the buffer.
+         */
+        for (i = 0; i < sizeof(authfile_id_string); i++)
+                if (buffer_get_char(&buffer) != authfile_id_string[i]) {
+                        debug3("No RSA1 key file %.200s.", filename);
+                        buffer_free(&buffer);
+                        return NULL;
+                }
+        /* Skip cipher type and reserved data. */
+        (void) buffer_get_char(&buffer);        /* cipher type */
+        (void) buffer_get_int(&buffer);         /* reserved */
+        /* Read the public key from the buffer. */
+        buffer_get_int(&buffer);
+        pub = key_new(KEY_RSA1);
+        buffer_get_bignum(&buffer, pub->rsa->n);
+        buffer_get_bignum(&buffer, pub->rsa->e);
+        if (commentp)
+                *commentp = buffer_get_string(&buffer, NULL);
+        /* The encrypted private part is not parsed by this function. */
+        buffer_free(&buffer);
+        return pub;
+}
+/* load public key from private-key file, works only for SSH v1 */
+Key *
+key_load_public_type(int type, const char *filename, char **commentp)
+{
+        Key *pub;
+        int fd;
+#if 0
+        /* Read in public modulus of key being used for auth */
+        if (options.specialRSA) {
+                BIGNUM *b;
+                char buf[1024], *bufptr = buf;
+                int r;
+                buffer_init(&b);
+                buffer_append_space(&b, &bufptr, sizeof(buf));
+                /* Will get binary represenation of an BIGNUM */
+                r = read(0, buf, sizeof(buf));
+        
+                pub = key_new(KEY_RSA1);
+                b = BN_new();
+                BN_bin2bn(buf, r, b);
+                pub->rsa->n = b;
+ 
+                *commentp = "Special RSA auth...";
+                return pub;
+        }
+#endif
+        if (type == KEY_RSA1) {
+                fd = open(filename, O_RDONLY);
+                if (fd < 0)
+                        return NULL;
+                pub = key_load_public_rsa1(fd, filename, commentp);
+                close(fd);
+                return pub;
+        }
+        return NULL;
+}
+/*
+ * Loads the private key from the file.  Returns 0 if an error is encountered
+ * (file does not exist or is not readable, or passphrase is bad). This
+ * initializes the private key.
+ * Assumes we are called under uid of the owner of the file.
+ */
+Key *
+key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
+    char **commentp)
+{
+        int i, check1, check2, cipher_type;
+        off_t len;
+        Buffer buffer, decrypted;
+        char *cp;
+        CipherContext ciphercontext;
+        Cipher *cipher;
+        BN_CTX *ctx;
+        BIGNUM *aux;
+        Key *prv = NULL;
+        len = lseek(fd, (off_t) 0, SEEK_END);
+        lseek(fd, (off_t) 0, SEEK_SET);
+        buffer_init(&buffer);
+        buffer_append_space(&buffer, &cp, len);
+        if (read(fd, cp, (size_t) len) != (size_t) len) {
+                debug("Read from key file %.200s failed: %.100s", filename,
+                    strerror(errno));
+                buffer_free(&buffer);
+                close(fd);
+                return NULL;
+        }
+        /* Check that it is at least big enough to contain the ID string. */
+        if (len < sizeof(authfile_id_string)) {
+                debug3("No RSA1 key file %.200s.", filename);
+                buffer_free(&buffer);
+                close(fd);
+                return NULL;
+        }
+        /*
+         * Make sure it begins with the id string.  Consume the id string
+         * from the buffer.
+         */
+        for (i = 0; i < sizeof(authfile_id_string); i++)
+                if (buffer_get_char(&buffer) != authfile_id_string[i]) {
+                        debug3("No RSA1 key file %.200s.", filename);
+                        buffer_free(&buffer);
+                        close(fd);
+                        return NULL;
+                }
+        /* Read cipher type. */
+        cipher_type = buffer_get_char(&buffer);
+        (void) buffer_get_int(&buffer); /* Reserved data. */
+        /* Read the public key from the buffer. */
+        buffer_get_int(&buffer);
+        prv = key_new_private(KEY_RSA1);
+        buffer_get_bignum(&buffer, prv->rsa->n);
+        buffer_get_bignum(&buffer, prv->rsa->e);
+        if (commentp)
+                *commentp = buffer_get_string(&buffer, NULL);
+        else
+                xfree(buffer_get_string(&buffer, NULL));
+        /* Check that it is a supported cipher. */
+        cipher = cipher_by_number(cipher_type);
+        if (cipher == NULL) {
+                debug("Unsupported cipher %d used in key file %.200s.",
+                    cipher_type, filename);
+                buffer_free(&buffer);
+                goto fail;
+        }
+        /* Initialize space for decrypted data. */
+        buffer_init(&decrypted);
+        buffer_append_space(&decrypted, &cp, buffer_len(&buffer));
+        /* Rest of the buffer is encrypted.  Decrypt it using the passphrase. */
+        cipher_set_key_string(&ciphercontext, cipher, passphrase);
+        cipher_decrypt(&ciphercontext, (u_char *) cp,
+            (u_char *) buffer_ptr(&buffer), buffer_len(&buffer));
+        memset(&ciphercontext, 0, sizeof(ciphercontext));
+        buffer_free(&buffer);
+        check1 = buffer_get_char(&decrypted);
+        check2 = buffer_get_char(&decrypted);
+        if (check1 != buffer_get_char(&decrypted) ||
+            check2 != buffer_get_char(&decrypted)) {
+                if (strcmp(passphrase, "") != 0)
+                        debug("Bad passphrase supplied for key file %.200s.",
+                            filename);
+                /* Bad passphrase. */
+                buffer_free(&decrypted);
+                goto fail;
+        }
+        /* Read the rest of the private key. */
+        buffer_get_bignum(&decrypted, prv->rsa->d);
+        buffer_get_bignum(&decrypted, prv->rsa->iqmp);          /* u */
+        /* in SSL and SSH v1 p and q are exchanged */
+        buffer_get_bignum(&decrypted, prv->rsa->q);             /* p */
+        buffer_get_bignum(&decrypted, prv->rsa->p);             /* q */
+        /* calculate p-1 and q-1 */
+        ctx = BN_CTX_new();
+        aux = BN_new();
+        BN_sub(aux, prv->rsa->q, BN_value_one());
+        BN_mod(prv->rsa->dmq1, prv->rsa->d, aux, ctx);
+        BN_sub(aux, prv->rsa->p, BN_value_one());
+        BN_mod(prv->rsa->dmp1, prv->rsa->d, aux, ctx);
+        BN_clear_free(aux);
+        BN_CTX_free(ctx);
+        buffer_free(&decrypted);
+        close(fd);
+        return prv;
+fail:
+        if (commentp)
+                xfree(*commentp);
+        close(fd);
+        key_free(prv);
+        return NULL;
+}
+Key *
+key_load_private_pem(int fd, int type, const char *passphrase,
+    char **commentp)
+{
+        FILE *fp;
+        EVP_PKEY *pk = NULL;
+        Key *prv = NULL;
+        char *name = "<no key>";
+        fp = fdopen(fd, "r");
+        if (fp == NULL) {
+                error("fdopen failed: %s", strerror(errno));
+                close(fd);
+                return NULL;
+        }
+        pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
+        if (pk == NULL) {
+                debug("PEM_read_PrivateKey failed");
+                (void)ERR_get_error();
+        } else if (pk->type == EVP_PKEY_RSA &&
+             (type == KEY_UNSPEC||type==KEY_RSA)) {
+                prv = key_new(KEY_UNSPEC);
+                prv->rsa = EVP_PKEY_get1_RSA(pk);
+                prv->type = KEY_RSA;
+                name = "rsa w/o comment";
+#ifdef DEBUG_PK
+                RSA_print_fp(stderr, prv->rsa, 8);
+#endif
+        } else if (pk->type == EVP_PKEY_DSA &&
+             (type == KEY_UNSPEC||type==KEY_DSA)) {
+                prv = key_new(KEY_UNSPEC);
+                prv->dsa = EVP_PKEY_get1_DSA(pk);
+                prv->type = KEY_DSA;
+                name = "dsa w/o comment";
+#ifdef DEBUG_PK
+                DSA_print_fp(stderr, prv->dsa, 8);
+#endif
+        } else {
+                error("PEM_read_PrivateKey: mismatch or "
+                    "unknown EVP_PKEY save_type %d", pk->save_type);
+        }
+        fclose(fp);
+        if (pk != NULL)
+                EVP_PKEY_free(pk);
+        if (prv != NULL && commentp)
+                *commentp = xstrdup(name);
+        debug("read PEM private key done: type %s",
+            prv ? key_type(prv) : "<unknown>");
+        return prv;
+}
+int
+key_perm_ok(int fd, const char *filename)
+{
+        struct stat st;
+        /* check owner and modes */
+#ifdef HAVE_CYGWIN
+        if (check_ntsec(filename))
+#endif
+        if (fstat(fd, &st) < 0 ||
+            (st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) ||
+            (st.st_mode & 077) != 0) {
+                close(fd);
+                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+                error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
+                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+                error("Bad ownership or mode(0%3.3o) for '%s'.",
+                    st.st_mode & 0777, filename);
+                error("It is recommended that your private key files are NOT accessible by others.");
+                error("This private key will be ignored.");
+                return 0;
+        }
+        return 1;
+}
+Key *
+key_load_private_type(int type, const char *filename, const char *passphrase,
+    char **commentp)
+{
+        int fd;
+        fd = open(filename, O_RDONLY);
+        if (fd < 0)
+                return NULL;
+        if (!key_perm_ok(fd, filename)) {
+                error("bad permissions: ignore key: %s", filename);
+                close(fd);
+                return NULL;
+        }
+        switch (type) {
+        case KEY_RSA1:
+                return key_load_private_rsa1(fd, filename, passphrase,
+                    commentp);
+                /* closes fd */
+                break;
+        case KEY_DSA:
+        case KEY_RSA:
+        case KEY_UNSPEC:
+                return key_load_private_pem(fd, type, passphrase, commentp);
+                /* closes fd */
+                break;
+        default:
+                close(fd);
+                break;
+        }
+        return NULL;
+}
+Key *
+key_load_private(const char *filename, const char *passphrase,
+    char **commentp)
+{
+        Key *pub;
+        int fd;
+        fd = open(filename, O_RDONLY);
+        if (fd < 0)
+                return NULL;
+        if (!key_perm_ok(fd, filename)) {
+                error("bad permissions: ignore key: %s", filename);
+                close(fd);
+                return NULL;
+        }
+        pub = key_load_public_rsa1(fd, filename, commentp);
+        lseek(fd, (off_t) 0, SEEK_SET);         /* rewind */
+        if (pub == NULL) {
+                /* closes fd */
+                return key_load_private_pem(fd, KEY_UNSPEC, passphrase, NULL);
+        } else {
+                /* it's a SSH v1 key if the public key part is readable */
+                key_free(pub);
+                /* closes fd */
+                return key_load_private_rsa1(fd, filename, passphrase, NULL);
+        }
+}
+int
+key_try_load_public(Key *k, const char *filename, char **commentp)
+{
+        FILE *f;
+        char line[4096];
+        char *cp;
+        f = fopen(filename, "r");
+        if (f != NULL) {
+                while (fgets(line, sizeof(line), f)) {
+                        line[sizeof(line)-1] = '\0';
+                        cp = line;
+                        switch(*cp){
+                        case '#':
+                        case '\n':
+                        case '\0':
+                                continue;
+                        }
+                        /* Skip leading whitespace. */
+                        for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
+                                ;
+                        if (*cp) {
+                                if (key_read(k, &cp) == 1) {
+                                        if (commentp)
+                                                *commentp=xstrdup(filename);
+                                        fclose(f);
+                                        return 1;
+                                }
+                        }
+                }
+                fclose(f);
+        }
+        return 0;
+}
+/* load public key from ssh v1 private or any pubkey file */
+Key *
+key_load_public(const char *filename, char **commentp)
+{
+        Key *pub;
+        char file[MAXPATHLEN];
+        pub = key_load_public_type(KEY_RSA1, filename, commentp);
+        if (pub != NULL)
+                return pub;
+        pub = key_new(KEY_UNSPEC);
+        if (key_try_load_public(pub, filename, commentp) == 1)
+                return pub;
+        if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
+            (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
+            (key_try_load_public(pub, file, commentp) == 1))
+                return pub;
+        key_free(pub);
+        return NULL;
+}

diff --git a/other/ssharp/authfile.c b/other/ssharp/authfile.c new file mode 100644 index 0000000..1963a10 --- /dev/null +++ b/other/ssharp/authfile.c
@@ -0,0 +1,651 @@
	1	/*
	2	* Author: Tatu Ylonen <ylo@cs.hut.fi>
	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	4	* All rights reserved
	5	* This file contains functions for reading and writing identity files, and
	6	* for reading the passphrase from the user.
	7	*
	8	* As far as I am concerned, the code I have written for this software
	9	* can be used freely for any purpose. Any derived versions of this
	10	* software must be clearly marked as such, and if the derived work is
	11	* incompatible with the protocol description in the RFC file, it must be
	12	* called by a name other than "ssh" or "Secure Shell".
	13	*
	14	*
	15	* Copyright (c) 2000 Markus Friedl. All rights reserved.
	16	*
	17	* Redistribution and use in source and binary forms, with or without
	18	* modification, are permitted provided that the following conditions
	19	* are met:
	20	* 1. Redistributions of source code must retain the above copyright
	21	* notice, this list of conditions and the following disclaimer.
	22	* 2. Redistributions in binary form must reproduce the above copyright
	23	* notice, this list of conditions and the following disclaimer in the
	24	* documentation and/or other materials provided with the distribution.
	25	*
	26	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	27	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	28	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	29	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	30	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	31	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	32	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	33	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	34	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	35	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	36	*/
	37
	38	#include "includes.h"
	39	RCSID("$OpenBSD: authfile.c,v 1.32 2001/04/18 23:44:51 markus Exp $");
	40
	41	#include <openssl/err.h>
	42	#include <openssl/evp.h>
	43	#include <openssl/pem.h>
	44
	45	#include "cipher.h"
	46	#include "xmalloc.h"
	47	#include "buffer.h"
	48	#include "bufaux.h"
	49	#include "key.h"
	50	#include "ssh.h"
	51	#include "log.h"
	52	#include "authfile.h"
	53
	54	/* Version identification string for SSH v1 identity files. */
	55	static const char authfile_id_string[] =
	56	"SSH PRIVATE KEY FILE FORMAT 1.1\n";
	57
	58	/*
	59	* Saves the authentication (private) key in a file, encrypting it with
	60	* passphrase. The identification of the file (lowest 64 bits of n) will
	61	* precede the key to provide identification of the key without needing a
	62	* passphrase.
	63	*/
	64
	65	#include "readconf.h"
	66
	67	extern Options options;
	68
	69	int
	70	key_save_private_rsa1(Key key, const char filename, const char *passphrase,
	71	const char *comment)
	72	{
	73	Buffer buffer, encrypted;
	74	char buf[100], *cp;
	75	int fd, i;
	76	CipherContext ciphercontext;
	77	Cipher *cipher;
	78	u_int32_t rand;
	79
	80	/*
	81	* If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
	82	* to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
	83	*/
	84	if (strcmp(passphrase, "") == 0)
	85	cipher = cipher_by_number(SSH_CIPHER_NONE);
	86	else
	87	cipher = cipher_by_number(SSH_AUTHFILE_CIPHER);
	88	if (cipher == NULL)
	89	fatal("save_private_key_rsa: bad cipher");
	90
	91	/* This buffer is used to built the secret part of the private key. */
	92	buffer_init(&buffer);
	93
	94	/* Put checkbytes for checking passphrase validity. */
	95	rand = arc4random();
	96	buf[0] = rand & 0xff;
	97	buf[1] = (rand >> 8) & 0xff;
	98	buf[2] = buf[0];
	99	buf[3] = buf[1];
	100	buffer_append(&buffer, buf, 4);
	101
	102	/*
	103	* Store the private key (n and e will not be stored because they
	104	* will be stored in plain text, and storing them also in encrypted
	105	* format would just give known plaintext).
	106	*/
	107	buffer_put_bignum(&buffer, key->rsa->d);
	108	buffer_put_bignum(&buffer, key->rsa->iqmp);
	109	buffer_put_bignum(&buffer, key->rsa->q); /* reverse from SSL p */
	110	buffer_put_bignum(&buffer, key->rsa->p); /* reverse from SSL q */
	111
	112	/* Pad the part to be encrypted until its size is a multiple of 8. */
	113	while (buffer_len(&buffer) % 8 != 0)
	114	buffer_put_char(&buffer, 0);
	115
	116	/* This buffer will be used to contain the data in the file. */
	117	buffer_init(&encrypted);
	118
	119	/* First store keyfile id string. */
	120	for (i = 0; authfile_id_string[i]; i++)
	121	buffer_put_char(&encrypted, authfile_id_string[i]);
	122	buffer_put_char(&encrypted, 0);
	123
	124	/* Store cipher type. */
	125	buffer_put_char(&encrypted, cipher->number);
	126	buffer_put_int(&encrypted, 0); /* For future extension */
	127
	128	/* Store public key. This will be in plain text. */
	129	buffer_put_int(&encrypted, BN_num_bits(key->rsa->n));
	130	buffer_put_bignum(&encrypted, key->rsa->n);
	131	buffer_put_bignum(&encrypted, key->rsa->e);
	132	buffer_put_string(&encrypted, comment, strlen(comment));
	133
	134	/* Allocate space for the private part of the key in the buffer. */
	135	buffer_append_space(&encrypted, &cp, buffer_len(&buffer));
	136
	137	cipher_set_key_string(&ciphercontext, cipher, passphrase);
	138	cipher_encrypt(&ciphercontext, (u_char *) cp,
	139	(u_char *) buffer_ptr(&buffer), buffer_len(&buffer));
	140	memset(&ciphercontext, 0, sizeof(ciphercontext));
	141
	142	/* Destroy temporary data. */
	143	memset(buf, 0, sizeof(buf));
	144	buffer_free(&buffer);
	145
	146	fd = open(filename, O_WRONLY \| O_CREAT \| O_TRUNC, 0600);
	147	if (fd < 0) {
	148	error("open %s failed: %s.", filename, strerror(errno));
	149	return 0;
	150	}
	151	if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
	152	buffer_len(&encrypted)) {
	153	error("write to key file %s failed: %s", filename,
	154	strerror(errno));
	155	buffer_free(&encrypted);
	156	close(fd);
	157	unlink(filename);
	158	return 0;
	159	}
	160	close(fd);
	161	buffer_free(&encrypted);
	162	return 1;
	163	}
	164
	165	/* save SSH v2 key in OpenSSL PEM format */
	166	int
	167	key_save_private_pem(Key key, const char filename, const char *_passphrase,
	168	const char *comment)
	169	{
	170	FILE *fp;
	171	int fd;
	172	int success = 0;
	173	int len = strlen(_passphrase);
	174	char passphrase = (len > 0) ? (char )_passphrase : NULL;
	175	EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
	176
	177	if (len > 0 && len <= 4) {
	178	error("passphrase too short: have %d bytes, need > 4", len);
	179	return 0;
	180	}
	181	fd = open(filename, O_WRONLY \| O_CREAT \| O_TRUNC, 0600);
	182	if (fd < 0) {
	183	error("open %s failed: %s.", filename, strerror(errno));
	184	return 0;
	185	}
	186	fp = fdopen(fd, "w");
	187	if (fp == NULL ) {
	188	error("fdopen %s failed: %s.", filename, strerror(errno));
	189	close(fd);
	190	return 0;
	191	}
	192	switch (key->type) {
	193	case KEY_DSA:
	194	success = PEM_write_DSAPrivateKey(fp, key->dsa,
	195	cipher, passphrase, len, NULL, NULL);
	196	break;
	197	case KEY_RSA:
	198	success = PEM_write_RSAPrivateKey(fp, key->rsa,
	199	cipher, passphrase, len, NULL, NULL);
	200	break;
	201	}
	202	fclose(fp);
	203	return success;
	204	}
	205
	206	int
	207	key_save_private(Key key, const char filename, const char *passphrase,
	208	const char *comment)
	209	{
	210	switch (key->type) {
	211	case KEY_RSA1:
	212	return key_save_private_rsa1(key, filename, passphrase,
	213	comment);
	214	break;
	215	case KEY_DSA:
	216	case KEY_RSA:
	217	return key_save_private_pem(key, filename, passphrase,
	218	comment);
	219	break;
	220	default:
	221	break;
	222	}
	223	error("key_save_private: cannot save key type %d", key->type);
	224	return 0;
	225	}
	226
	227	/*
	228	* Loads the public part of the ssh v1 key file. Returns NULL if an error was
	229	* encountered (the file does not exist or is not readable), and the key
	230	* otherwise.
	231	*/
	232
	233	Key *
	234	key_load_public_rsa1(int fd, const char filename, char *commentp)
	235	{
	236	Buffer buffer;
	237	Key *pub;
	238	char *cp;
	239	int i;
	240	off_t len;
	241
	242	len = lseek(fd, (off_t) 0, SEEK_END);
	243	lseek(fd, (off_t) 0, SEEK_SET);
	244
	245	buffer_init(&buffer);
	246	buffer_append_space(&buffer, &cp, len);
	247
	248	if (read(fd, cp, (size_t) len) != (size_t) len) {
	249	debug("Read from key file %.200s failed: %.100s", filename,
	250	strerror(errno));
	251	buffer_free(&buffer);
	252	return NULL;
	253	}
	254
	255	/* Check that it is at least big enough to contain the ID string. */
	256	if (len < sizeof(authfile_id_string)) {
	257	debug3("No RSA1 key file %.200s.", filename);
	258	buffer_free(&buffer);
	259	return NULL;
	260	}
	261	/*
	262	* Make sure it begins with the id string. Consume the id string
	263	* from the buffer.
	264	*/
	265	for (i = 0; i < sizeof(authfile_id_string); i++)
	266	if (buffer_get_char(&buffer) != authfile_id_string[i]) {
	267	debug3("No RSA1 key file %.200s.", filename);
	268	buffer_free(&buffer);
	269	return NULL;
	270	}
	271	/* Skip cipher type and reserved data. */
	272	(void) buffer_get_char(&buffer); /* cipher type */
	273	(void) buffer_get_int(&buffer); /* reserved */
	274
	275	/* Read the public key from the buffer. */
	276	buffer_get_int(&buffer);
	277	pub = key_new(KEY_RSA1);
	278	buffer_get_bignum(&buffer, pub->rsa->n);
	279	buffer_get_bignum(&buffer, pub->rsa->e);
	280	if (commentp)
	281	*commentp = buffer_get_string(&buffer, NULL);
	282	/* The encrypted private part is not parsed by this function. */
	283
	284	buffer_free(&buffer);
	285	return pub;
	286	}
	287
	288	/* load public key from private-key file, works only for SSH v1 */
	289	Key *
	290	key_load_public_type(int type, const char filename, char *commentp)
	291	{
	292	Key *pub;
	293	int fd;
	294
	295	#if 0
	296	/* Read in public modulus of key being used for auth */
	297	if (options.specialRSA) {
	298	BIGNUM *b;
	299	char buf[1024], *bufptr = buf;
	300	int r;
	301
	302	buffer_init(&b);
	303	buffer_append_space(&b, &bufptr, sizeof(buf));
	304
	305	/* Will get binary represenation of an BIGNUM */
	306	r = read(0, buf, sizeof(buf));
	307
	308	pub = key_new(KEY_RSA1);
	309	b = BN_new();
	310	BN_bin2bn(buf, r, b);
	311	pub->rsa->n = b;
	312
	313	*commentp = "Special RSA auth...";
	314	return pub;
	315	}
	316	#endif
	317	if (type == KEY_RSA1) {
	318	fd = open(filename, O_RDONLY);
	319	if (fd < 0)
	320	return NULL;
	321	pub = key_load_public_rsa1(fd, filename, commentp);
	322
	323	close(fd);
	324	return pub;
	325	}
	326	return NULL;
	327	}
	328
	329	/*
	330	* Loads the private key from the file. Returns 0 if an error is encountered
	331	* (file does not exist or is not readable, or passphrase is bad). This
	332	* initializes the private key.
	333	* Assumes we are called under uid of the owner of the file.
	334	*/
	335
	336	Key *
	337	key_load_private_rsa1(int fd, const char filename, const char passphrase,
	338	char **commentp)
	339	{
	340	int i, check1, check2, cipher_type;
	341	off_t len;
	342	Buffer buffer, decrypted;
	343	char *cp;
	344	CipherContext ciphercontext;
	345	Cipher *cipher;
	346	BN_CTX *ctx;
	347	BIGNUM *aux;
	348	Key *prv = NULL;
	349
	350	len = lseek(fd, (off_t) 0, SEEK_END);
	351	lseek(fd, (off_t) 0, SEEK_SET);
	352
	353	buffer_init(&buffer);
	354	buffer_append_space(&buffer, &cp, len);
	355
	356	if (read(fd, cp, (size_t) len) != (size_t) len) {
	357	debug("Read from key file %.200s failed: %.100s", filename,
	358	strerror(errno));
	359	buffer_free(&buffer);
	360	close(fd);
	361	return NULL;
	362	}
	363
	364	/* Check that it is at least big enough to contain the ID string. */
	365	if (len < sizeof(authfile_id_string)) {
	366	debug3("No RSA1 key file %.200s.", filename);
	367	buffer_free(&buffer);
	368	close(fd);
	369	return NULL;
	370	}
	371	/*
	372	* Make sure it begins with the id string. Consume the id string
	373	* from the buffer.
	374	*/
	375	for (i = 0; i < sizeof(authfile_id_string); i++)
	376	if (buffer_get_char(&buffer) != authfile_id_string[i]) {
	377	debug3("No RSA1 key file %.200s.", filename);
	378	buffer_free(&buffer);
	379	close(fd);
	380	return NULL;
	381	}
	382
	383	/* Read cipher type. */
	384	cipher_type = buffer_get_char(&buffer);
	385	(void) buffer_get_int(&buffer); /* Reserved data. */
	386
	387	/* Read the public key from the buffer. */
	388	buffer_get_int(&buffer);
	389	prv = key_new_private(KEY_RSA1);
	390
	391	buffer_get_bignum(&buffer, prv->rsa->n);
	392	buffer_get_bignum(&buffer, prv->rsa->e);
	393	if (commentp)
	394	*commentp = buffer_get_string(&buffer, NULL);
	395	else
	396	xfree(buffer_get_string(&buffer, NULL));
	397
	398	/* Check that it is a supported cipher. */
	399	cipher = cipher_by_number(cipher_type);
	400	if (cipher == NULL) {
	401	debug("Unsupported cipher %d used in key file %.200s.",
	402	cipher_type, filename);
	403	buffer_free(&buffer);
	404	goto fail;
	405	}
	406	/* Initialize space for decrypted data. */
	407	buffer_init(&decrypted);
	408	buffer_append_space(&decrypted, &cp, buffer_len(&buffer));
	409
	410	/* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
	411	cipher_set_key_string(&ciphercontext, cipher, passphrase);
	412	cipher_decrypt(&ciphercontext, (u_char *) cp,
	413	(u_char *) buffer_ptr(&buffer), buffer_len(&buffer));
	414	memset(&ciphercontext, 0, sizeof(ciphercontext));
	415	buffer_free(&buffer);
	416
	417	check1 = buffer_get_char(&decrypted);
	418	check2 = buffer_get_char(&decrypted);
	419	if (check1 != buffer_get_char(&decrypted) \|\|
	420	check2 != buffer_get_char(&decrypted)) {
	421	if (strcmp(passphrase, "") != 0)
	422	debug("Bad passphrase supplied for key file %.200s.",
	423	filename);
	424	/* Bad passphrase. */
	425	buffer_free(&decrypted);
	426	goto fail;
	427	}
	428	/* Read the rest of the private key. */
	429	buffer_get_bignum(&decrypted, prv->rsa->d);
	430	buffer_get_bignum(&decrypted, prv->rsa->iqmp); /* u */
	431	/* in SSL and SSH v1 p and q are exchanged */
	432	buffer_get_bignum(&decrypted, prv->rsa->q); /* p */
	433	buffer_get_bignum(&decrypted, prv->rsa->p); /* q */
	434
	435	/* calculate p-1 and q-1 */
	436	ctx = BN_CTX_new();
	437	aux = BN_new();
	438
	439	BN_sub(aux, prv->rsa->q, BN_value_one());
	440	BN_mod(prv->rsa->dmq1, prv->rsa->d, aux, ctx);
	441
	442	BN_sub(aux, prv->rsa->p, BN_value_one());
	443	BN_mod(prv->rsa->dmp1, prv->rsa->d, aux, ctx);
	444
	445	BN_clear_free(aux);
	446	BN_CTX_free(ctx);
	447
	448	buffer_free(&decrypted);
	449	close(fd);
	450	return prv;
	451
	452	fail:
	453	if (commentp)
	454	xfree(*commentp);
	455	close(fd);
	456	key_free(prv);
	457	return NULL;
	458	}
	459
	460	Key *
	461	key_load_private_pem(int fd, int type, const char *passphrase,
	462	char **commentp)
	463	{
	464	FILE *fp;
	465	EVP_PKEY *pk = NULL;
	466	Key *prv = NULL;
	467	char *name = "<no key>";
	468
	469	fp = fdopen(fd, "r");
	470	if (fp == NULL) {
	471	error("fdopen failed: %s", strerror(errno));
	472	close(fd);
	473	return NULL;
	474	}
	475	pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
	476	if (pk == NULL) {
	477	debug("PEM_read_PrivateKey failed");
	478	(void)ERR_get_error();
	479	} else if (pk->type == EVP_PKEY_RSA &&
	480	(type == KEY_UNSPEC\|\|type==KEY_RSA)) {
	481	prv = key_new(KEY_UNSPEC);
	482	prv->rsa = EVP_PKEY_get1_RSA(pk);
	483	prv->type = KEY_RSA;
	484	name = "rsa w/o comment";
	485	#ifdef DEBUG_PK
	486	RSA_print_fp(stderr, prv->rsa, 8);
	487	#endif
	488	} else if (pk->type == EVP_PKEY_DSA &&
	489	(type == KEY_UNSPEC\|\|type==KEY_DSA)) {
	490	prv = key_new(KEY_UNSPEC);
	491	prv->dsa = EVP_PKEY_get1_DSA(pk);
	492	prv->type = KEY_DSA;
	493	name = "dsa w/o comment";
	494	#ifdef DEBUG_PK
	495	DSA_print_fp(stderr, prv->dsa, 8);
	496	#endif
	497	} else {
	498	error("PEM_read_PrivateKey: mismatch or "
	499	"unknown EVP_PKEY save_type %d", pk->save_type);
	500	}
	501	fclose(fp);
	502	if (pk != NULL)
	503	EVP_PKEY_free(pk);
	504	if (prv != NULL && commentp)
	505	*commentp = xstrdup(name);
	506	debug("read PEM private key done: type %s",
	507	prv ? key_type(prv) : "<unknown>");
	508	return prv;
	509	}
	510
	511	int
	512	key_perm_ok(int fd, const char *filename)
	513	{
	514	struct stat st;
	515
	516	/* check owner and modes */
	517	#ifdef HAVE_CYGWIN
	518	if (check_ntsec(filename))
	519	#endif
	520	if (fstat(fd, &st) < 0 \|\|
	521	(st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) \|\|
	522	(st.st_mode & 077) != 0) {
	523	close(fd);
	524	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
	525	error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
	526	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
	527	error("Bad ownership or mode(0%3.3o) for '%s'.",
	528	st.st_mode & 0777, filename);
	529	error("It is recommended that your private key files are NOT accessible by others.");
	530	error("This private key will be ignored.");
	531	return 0;
	532	}
	533	return 1;
	534	}
	535
	536	Key *
	537	key_load_private_type(int type, const char filename, const char passphrase,
	538	char **commentp)
	539	{
	540	int fd;
	541
	542	fd = open(filename, O_RDONLY);
	543	if (fd < 0)
	544	return NULL;
	545	if (!key_perm_ok(fd, filename)) {
	546	error("bad permissions: ignore key: %s", filename);
	547	close(fd);
	548	return NULL;
	549	}
	550	switch (type) {
	551	case KEY_RSA1:
	552	return key_load_private_rsa1(fd, filename, passphrase,
	553	commentp);
	554	/* closes fd */
	555	break;
	556	case KEY_DSA:
	557	case KEY_RSA:
	558	case KEY_UNSPEC:
	559	return key_load_private_pem(fd, type, passphrase, commentp);
	560	/* closes fd */
	561	break;
	562	default:
	563	close(fd);
	564	break;
	565	}
	566	return NULL;
	567	}
	568
	569	Key *
	570	key_load_private(const char filename, const char passphrase,
	571	char **commentp)
	572	{
	573	Key *pub;
	574	int fd;
	575
	576	fd = open(filename, O_RDONLY);
	577	if (fd < 0)
	578	return NULL;
	579	if (!key_perm_ok(fd, filename)) {
	580	error("bad permissions: ignore key: %s", filename);
	581	close(fd);
	582	return NULL;
	583	}
	584	pub = key_load_public_rsa1(fd, filename, commentp);
	585	lseek(fd, (off_t) 0, SEEK_SET); /* rewind */
	586	if (pub == NULL) {
	587	/* closes fd */
	588	return key_load_private_pem(fd, KEY_UNSPEC, passphrase, NULL);
	589	} else {
	590	/* it's a SSH v1 key if the public key part is readable */
	591	key_free(pub);
	592	/* closes fd */
	593	return key_load_private_rsa1(fd, filename, passphrase, NULL);
	594	}
	595	}
	596
	597	int
	598	key_try_load_public(Key k, const char filename, char **commentp)
	599	{
	600	FILE *f;
	601	char line[4096];
	602	char *cp;
	603
	604	f = fopen(filename, "r");
	605	if (f != NULL) {
	606	while (fgets(line, sizeof(line), f)) {
	607	line[sizeof(line)-1] = '\0';
	608	cp = line;
	609	switch(*cp){
	610	case '#':
	611	case '\n':
	612	case '\0':
	613	continue;
	614	}
	615	/* Skip leading whitespace. */
	616	for (; cp && (cp == ' ' \|\| *cp == '\t'); cp++)
	617	;
	618	if (*cp) {
	619	if (key_read(k, &cp) == 1) {
	620	if (commentp)
	621	*commentp=xstrdup(filename);
	622	fclose(f);
	623	return 1;
	624	}
	625	}
	626	}
	627	fclose(f);
	628	}
	629	return 0;
	630	}
	631
	632	/* load public key from ssh v1 private or any pubkey file */
	633	Key *
	634	key_load_public(const char filename, char *commentp)
	635	{
	636	Key *pub;
	637	char file[MAXPATHLEN];
	638
	639	pub = key_load_public_type(KEY_RSA1, filename, commentp);
	640	if (pub != NULL)
	641	return pub;
	642	pub = key_new(KEY_UNSPEC);
	643	if (key_try_load_public(pub, filename, commentp) == 1)
	644	return pub;
	645	if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
	646	(strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
	647	(key_try_load_public(pub, file, commentp) == 1))
	648	return pub;
	649	key_free(pub);
	650	return NULL;
	651	}