From b391a7603a900a04039f4a9e63c5a93ecc2c2e6a Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 28 Sep 2010 19:08:32 +0200 Subject: pki: Create a file for known_hosts functions. --- src/CMakeLists.txt | 1 + src/keyfiles.c | 673 ------------------------------------------------- src/known_hosts.c | 723 +++++++++++++++++++++++++++++++++++++++++++++++++++++ src/pki.c | 1 + 4 files changed, 725 insertions(+), 673 deletions(-) create mode 100644 src/known_hosts.c (limited to 'src') diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 87340c66..83aaf45a 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -90,6 +90,7 @@ set(libssh_SRCS kex.c keyfiles.c keys.c + known_hosts.c legacy.c libcrypto.c libgcrypt.c diff --git a/src/keyfiles.c b/src/keyfiles.c index ca84b819..c0b61171 100644 --- a/src/keyfiles.c +++ b/src/keyfiles.c @@ -24,7 +24,6 @@ #include "config.h" -#include #include #include #include @@ -1226,678 +1225,6 @@ error: return pubkey; } -static int alldigits(const char *s) { - while (*s) { - if (isdigit(*s)) { - s++; - } else { - return 0; - } - } - - return 1; -} - -/** @} */ - - -/** - * @addtogroup libssh_session - * - * @{ - */ - -/** - * @internal - * - * @brief Free a token array. - */ -static void tokens_free(char **tokens) { - if (tokens == NULL) { - return; - } - - SAFE_FREE(tokens[0]); - /* It's not needed to free other pointers because tokens generated by - * space_tokenize fit all in one malloc - */ - SAFE_FREE(tokens); -} - -/** - * @internal - * - * @brief Return one line of known host file. - * - * This will return a token array containing (host|ip), keytype and key. - * - * @param[out] file A pointer to the known host file. Could be pointing to - * NULL at start. - * - * @param[in] filename The file name of the known host file. - * - * @param[out] found_type A pointer to a string to be set with the found key - * type. - * - * @returns The found_type type of key (ie "dsa","ssh-rsa1"). Don't - * free that value. NULL if no match was found or the file - * was not found. - */ -static char **ssh_get_knownhost_line(ssh_session session, FILE **file, - const char *filename, const char **found_type) { - char buffer[4096] = {0}; - char *ptr; - char **tokens; - - enter_function(); - - if(*file == NULL){ - *file = fopen(filename,"r"); - if (*file == NULL) { - leave_function(); - return NULL; - } - } - - while (fgets(buffer, sizeof(buffer), *file)) { - ptr = strchr(buffer, '\n'); - if (ptr) { - *ptr = '\0'; - } - - ptr = strchr(buffer,'\r'); - if (ptr) { - *ptr = '\0'; - } - - if (!buffer[0] || buffer[0] == '#') { - continue; /* skip empty lines */ - } - - tokens = space_tokenize(buffer); - if (tokens == NULL) { - fclose(*file); - *file = NULL; - leave_function(); - return NULL; - } - - if(!tokens[0] || !tokens[1] || !tokens[2]) { - /* it should have at least 3 tokens */ - tokens_free(tokens); - continue; - } - - *found_type = tokens[1]; - if (tokens[3]) { - /* openssh rsa1 format has 4 tokens on the line. Recognize it - by the fact that everything is all digits */ - if (tokens[4]) { - /* that's never valid */ - tokens_free(tokens); - continue; - } - if (alldigits(tokens[1]) && alldigits(tokens[2]) && alldigits(tokens[3])) { - *found_type = "ssh-rsa1"; - } else { - /* 3 tokens only, not four */ - tokens_free(tokens); - continue; - } - } - leave_function(); - return tokens; - } - - fclose(*file); - *file = NULL; - - /* we did not find anything, end of file*/ - leave_function(); - return NULL; -} - -/** - * @brief Check the public key in the known host line matches the public key of - * the currently connected server. - * - * @param[in] session The SSH session to use. - * - * @param[in] tokens A list of tokens in the known_hosts line. - * - * @returns 1 if the key matches, 0 if the key doesn't match and -1 - * on error. - */ -static int check_public_key(ssh_session session, char **tokens) { - ssh_string pubkey = session->current_crypto->server_pubkey; - ssh_buffer pubkey_buffer; - char *pubkey_64; - - /* ok we found some public key in known hosts file. now un-base64it */ - if (alldigits(tokens[1])) { - /* openssh rsa1 format */ - bignum tmpbn; - ssh_string tmpstring; - unsigned int len; - int i; - - pubkey_buffer = ssh_buffer_new(); - if (pubkey_buffer == NULL) { - return -1; - } - - tmpstring = ssh_string_from_char("ssh-rsa1"); - if (tmpstring == NULL) { - ssh_buffer_free(pubkey_buffer); - return -1; - } - - if (buffer_add_ssh_string(pubkey_buffer, tmpstring) < 0) { - ssh_buffer_free(pubkey_buffer); - ssh_string_free(tmpstring); - return -1; - } - ssh_string_free(tmpstring); - - for (i = 2; i < 4; i++) { /* e, then n */ - tmpbn = NULL; - bignum_dec2bn(tokens[i], &tmpbn); - if (tmpbn == NULL) { - ssh_buffer_free(pubkey_buffer); - return -1; - } - /* for some reason, make_bignum_string does not work - because of the padding which it does --kv */ - /* tmpstring = make_bignum_string(tmpbn); */ - /* do it manually instead */ - len = bignum_num_bytes(tmpbn); - tmpstring = malloc(4 + len); - if (tmpstring == NULL) { - ssh_buffer_free(pubkey_buffer); - bignum_free(tmpbn); - return -1; - } - /* TODO: fix the hardcoding */ - tmpstring->size = htonl(len); -#ifdef HAVE_LIBGCRYPT - bignum_bn2bin(tmpbn, len, tmpstring->string); -#elif defined HAVE_LIBCRYPTO - bignum_bn2bin(tmpbn, tmpstring->string); -#endif - bignum_free(tmpbn); - if (buffer_add_ssh_string(pubkey_buffer, tmpstring) < 0) { - ssh_buffer_free(pubkey_buffer); - ssh_string_free(tmpstring); - bignum_free(tmpbn); - return -1; - } - ssh_string_free(tmpstring); - } - } else { - /* ssh-dss or ssh-rsa */ - pubkey_64 = tokens[2]; - pubkey_buffer = base64_to_bin(pubkey_64); - } - - if (pubkey_buffer == NULL) { - ssh_set_error(session, SSH_FATAL, - "Verifying that server is a known host: base64 error"); - return -1; - } - - if (ssh_buffer_get_len(pubkey_buffer) != ssh_string_len(pubkey)) { - ssh_buffer_free(pubkey_buffer); - return 0; - } - - /* now test that they are identical */ - if (memcmp(ssh_buffer_get_begin(pubkey_buffer), pubkey->string, - ssh_buffer_get_len(pubkey_buffer)) != 0) { - ssh_buffer_free(pubkey_buffer); - return 0; - } - - ssh_buffer_free(pubkey_buffer); - return 1; -} - -/** - * @brief Check if a hostname matches a openssh-style hashed known host. - * - * @param[in] host The host to check. - * - * @param[in] hashed The hashed value. - * - * @returns 1 if it matches, 0 otherwise. - */ -static int match_hashed_host(ssh_session session, const char *host, - const char *sourcehash) { - /* Openssh hash structure : - * |1|base64 encoded salt|base64 encoded hash - * hash is produced that way : - * hash := HMAC_SHA1(key=salt,data=host) - */ - unsigned char buffer[256] = {0}; - ssh_buffer salt; - ssh_buffer hash; - HMACCTX mac; - char *source; - char *b64hash; - int match; - unsigned int size; - - enter_function(); - - if (strncmp(sourcehash, "|1|", 3) != 0) { - leave_function(); - return 0; - } - - source = strdup(sourcehash + 3); - if (source == NULL) { - leave_function(); - return 0; - } - - b64hash = strchr(source, '|'); - if (b64hash == NULL) { - /* Invalid hash */ - SAFE_FREE(source); - leave_function(); - return 0; - } - - *b64hash = '\0'; - b64hash++; - - salt = base64_to_bin(source); - if (salt == NULL) { - SAFE_FREE(source); - leave_function(); - return 0; - } - - hash = base64_to_bin(b64hash); - SAFE_FREE(source); - if (hash == NULL) { - ssh_buffer_free(salt); - leave_function(); - return 0; - } - - mac = hmac_init(ssh_buffer_get_begin(salt), ssh_buffer_get_len(salt), HMAC_SHA1); - if (mac == NULL) { - ssh_buffer_free(salt); - ssh_buffer_free(hash); - leave_function(); - return 0; - } - size = sizeof(buffer); - hmac_update(mac, host, strlen(host)); - hmac_final(mac, buffer, &size); - - if (size == ssh_buffer_get_len(hash) && - memcmp(buffer, ssh_buffer_get_begin(hash), size) == 0) { - match = 1; - } else { - match = 0; - } - - ssh_buffer_free(salt); - ssh_buffer_free(hash); - - ssh_log(session, SSH_LOG_PACKET, - "Matching a hashed host: %s match=%d", host, match); - - leave_function(); - return match; -} - -/* How it's working : - * 1- we open the known host file and bitch if it doesn't exist - * 2- we need to examine each line of the file, until going on state SSH_SERVER_KNOWN_OK: - * - there's a match. if the key is good, state is SSH_SERVER_KNOWN_OK, - * else it's SSH_SERVER_KNOWN_CHANGED (or SSH_SERVER_FOUND_OTHER) - * - there's no match : no change - */ - -/** - * @brief Check if the server is known. - * - * Checks the user's known host file for a previous connection to the - * current server. - * - * @param[in] session The SSH session to use. - * - * @returns SSH_SERVER_KNOWN_OK: The server is known and has not changed.\n - * SSH_SERVER_KNOWN_CHANGED: The server key has changed. Either you - * are under attack or the administrator - * changed the key. You HAVE to warn the - * user about a possible attack.\n - * SSH_SERVER_FOUND_OTHER: The server gave use a key of a type while - * we had an other type recorded. It is a - * possible attack.\n - * SSH_SERVER_NOT_KNOWN: The server is unknown. User should - * confirm the MD5 is correct.\n - * SSH_SERVER_FILE_NOT_FOUND: The known host file does not exist. The - * host is thus unknown. File will be - * created if host key is accepted.\n - * SSH_SERVER_ERROR: Some error happened. - * - * @see ssh_get_pubkey_hash() - * - * @bug There is no current way to remove or modify an entry into the known - * host table. - */ -int ssh_is_server_known(ssh_session session) { - FILE *file = NULL; - char **tokens; - char *host; - char *hostport; - const char *type; - int match; - int ret = SSH_SERVER_NOT_KNOWN; - - enter_function(); - - if (session->knownhosts == NULL) { - if (ssh_options_apply(session) < 0) { - ssh_set_error(session, SSH_REQUEST_DENIED, - "Can't find a known_hosts file"); - leave_function(); - return SSH_SERVER_FILE_NOT_FOUND; - } - } - - if (session->host == NULL) { - ssh_set_error(session, SSH_FATAL, - "Can't verify host in known hosts if the hostname isn't known"); - leave_function(); - return SSH_SERVER_ERROR; - } - - if (session->current_crypto == NULL){ - ssh_set_error(session, SSH_FATAL, - "ssh_is_host_known called without cryptographic context"); - leave_function(); - return SSH_SERVER_ERROR; - } - host = ssh_lowercase(session->host); - hostport = ssh_hostport(host,session->port); - if (host == NULL || hostport == NULL) { - ssh_set_error_oom(session); - SAFE_FREE(host); - SAFE_FREE(hostport); - leave_function(); - return SSH_SERVER_ERROR; - } - - do { - tokens = ssh_get_knownhost_line(session, &file, - session->knownhosts, &type); - - /* End of file, return the current state */ - if (tokens == NULL) { - break; - } - match = match_hashed_host(session, host, tokens[0]); - if (match == 0){ - match = match_hostname(hostport, tokens[0], strlen(tokens[0])); - } - if (match == 0) { - match = match_hostname(host, tokens[0], strlen(tokens[0])); - } - if (match == 0) { - match = match_hashed_host(session, hostport, tokens[0]); - } - if (match) { - /* We got a match. Now check the key type */ - if (strcmp(session->current_crypto->server_pubkey_type, type) != 0) { - /* Different type. We don't override the known_changed error which is - * more important */ - if (ret != SSH_SERVER_KNOWN_CHANGED) - ret = SSH_SERVER_FOUND_OTHER; - tokens_free(tokens); - continue; - } - /* so we know the key type is good. We may get a good key or a bad key. */ - match = check_public_key(session, tokens); - tokens_free(tokens); - - if (match < 0) { - ret = SSH_SERVER_ERROR; - break; - } else if (match == 1) { - ret = SSH_SERVER_KNOWN_OK; - break; - } else if(match == 0) { - /* We override the status with the wrong key state */ - ret = SSH_SERVER_KNOWN_CHANGED; - } - } else { - tokens_free(tokens); - } - } while (1); - - if ( (ret == SSH_SERVER_NOT_KNOWN) && (session->StrictHostKeyChecking == 0) ) { - ssh_write_knownhost(session); - ret = SSH_SERVER_KNOWN_OK; - } - - SAFE_FREE(host); - SAFE_FREE(hostport); - if (file != NULL) { - fclose(file); - } - - /* Return the current state at end of file */ - leave_function(); - return ret; -} - -/** - * @brief Write the current server as known in the known hosts file. - * - * This will create the known hosts file if it does not exist. You generaly use - * it when ssh_is_server_known() answered SSH_SERVER_NOT_KNOWN. - * - * @param[in] session The ssh session to use. - * - * @return SSH_OK on success, SSH_ERROR on error. - */ -int ssh_write_knownhost(ssh_session session) { - ssh_string pubkey; - unsigned char *pubkey_64; - char buffer[4096] = {0}; - FILE *file; - char *dir; - char *host; - char *hostport; - size_t len = 0; - - if (session->host == NULL) { - ssh_set_error(session, SSH_FATAL, - "Can't write host in known hosts if the hostname isn't known"); - return SSH_ERROR; - } - - host = ssh_lowercase(session->host); - /* If using a nonstandard port, save the host in the [host]:port format */ - if(session->port != 22){ - hostport = ssh_hostport(host,session->port); - SAFE_FREE(host); - host=hostport; - hostport=NULL; - } - - if (session->knownhosts == NULL) { - if (ssh_options_apply(session) < 0) { - ssh_set_error(session, SSH_FATAL, "Can't find a known_hosts file"); - return SSH_ERROR; - } - } - - if(session->current_crypto==NULL) { - ssh_set_error(session, SSH_FATAL, "No current crypto context"); - return SSH_ERROR; - } - - pubkey = session->current_crypto->server_pubkey; - if(pubkey == NULL){ - ssh_set_error(session, SSH_FATAL, "No public key present"); - return SSH_ERROR; - } - - /* Check if ~/.ssh exists and create it if not */ - dir = ssh_dirname(session->knownhosts); - if (dir == NULL) { - ssh_set_error(session, SSH_FATAL, "%s", strerror(errno)); - return -1; - } - if (! ssh_file_readaccess_ok(dir)) { - if (ssh_mkdir(dir, 0700) < 0) { - ssh_set_error(session, SSH_FATAL, - "Cannot create %s directory.", dir); - SAFE_FREE(dir); - return -1; - } - } - SAFE_FREE(dir); - - file = fopen(session->knownhosts, "a"); - if (file == NULL) { - ssh_set_error(session, SSH_FATAL, - "Couldn't open known_hosts file %s for appending: %s", - session->knownhosts, strerror(errno)); - SAFE_FREE(host); - return -1; - } - - if (strcmp(session->current_crypto->server_pubkey_type, "ssh-rsa1") == 0) { - /* openssh uses a different format for ssh-rsa1 keys. - Be compatible --kv */ - ssh_public_key key; - char *e_string = NULL; - char *n_string = NULL; - bignum e = NULL; - bignum n = NULL; - int rsa_size; -#ifdef HAVE_LIBGCRYPT - gcry_sexp_t sexp; -#endif - - key = publickey_from_string(session, pubkey); - if (key == NULL) { - fclose(file); - SAFE_FREE(host); - return -1; - } - -#ifdef HAVE_LIBGCRYPT - sexp = gcry_sexp_find_token(key->rsa_pub, "e", 0); - if (sexp == NULL) { - publickey_free(key); - fclose(file); - SAFE_FREE(host); - return -1; - } - e = gcry_sexp_nth_mpi(sexp, 1, GCRYMPI_FMT_USG); - gcry_sexp_release(sexp); - if (e == NULL) { - publickey_free(key); - fclose(file); - SAFE_FREE(host); - return -1; - } - - sexp = gcry_sexp_find_token(key->rsa_pub, "n", 0); - if (sexp == NULL) { - publickey_free(key); - bignum_free(e); - fclose(file); - SAFE_FREE(host); - return -1; - } - n = gcry_sexp_nth_mpi(sexp, 1, GCRYMPI_FMT_USG); - gcry_sexp_release(sexp); - if (n == NULL) { - publickey_free(key); - bignum_free(e); - fclose(file); - SAFE_FREE(host); - return -1; - } - - rsa_size = (gcry_pk_get_nbits(key->rsa_pub) + 7) / 8; -#elif defined HAVE_LIBCRYPTO - e = key->rsa_pub->e; - n = key->rsa_pub->n; - rsa_size = RSA_size(key->rsa_pub); -#endif - - e_string = bignum_bn2dec(e); - n_string = bignum_bn2dec(n); - if (e_string == NULL || n_string == NULL) { -#ifdef HAVE_LIBGCRYPT - bignum_free(e); - bignum_free(n); - SAFE_FREE(e_string); - SAFE_FREE(n_string); -#elif defined HAVE_LIBCRYPTO - OPENSSL_free(e_string); - OPENSSL_free(n_string); -#endif - publickey_free(key); - fclose(file); - SAFE_FREE(host); - return -1; - } - - snprintf(buffer, sizeof(buffer), - "%s %d %s %s\n", - host, - rsa_size << 3, - e_string, - n_string); - -#ifdef HAVE_LIBGCRYPT - bignum_free(e); - bignum_free(n); - SAFE_FREE(e_string); - SAFE_FREE(n_string); -#elif defined HAVE_LIBCRYPTO - OPENSSL_free(e_string); - OPENSSL_free(n_string); -#endif - - publickey_free(key); - } else { - pubkey_64 = bin_to_base64(pubkey->string, ssh_string_len(pubkey)); - if (pubkey_64 == NULL) { - fclose(file); - SAFE_FREE(host); - return -1; - } - - snprintf(buffer, sizeof(buffer), - "%s %s %s\n", - host, - session->current_crypto->server_pubkey_type, - pubkey_64); - - SAFE_FREE(pubkey_64); - } - SAFE_FREE(host); - len = strlen(buffer); - if (fwrite(buffer, len, 1, file) != 1 || ferror(file)) { - fclose(file); - return -1; - } - - fclose(file); - return 0; -} - /** @} */ /* vim: set ts=4 sw=4 et cindent: */ diff --git a/src/known_hosts.c b/src/known_hosts.c new file mode 100644 index 00000000..a506584e --- /dev/null +++ b/src/known_hosts.c @@ -0,0 +1,723 @@ +/* + * keyfiles.c - private and public key handling for authentication. + * + * This file is part of the SSH Library + * + * Copyright (c) 2003-2009 by Aris Adamantiadis + * Copyright (c) 2009 by Andreas Schneider + * + * The SSH Library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The SSH Library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the SSH Library; see the file COPYING. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#include "config.h" + +#include +#include + +#include "libssh/priv.h" +#include "libssh/session.h" +#include "libssh/buffer.h" +#include "libssh/misc.h" +#include "libssh/keys.h" + +/*todo: remove this include */ +#include "libssh/string.h" + +#ifdef HAVE_LIBGCRYPT +#include +#elif defined HAVE_LIBCRYPTO +#include +#include +#include +#include +#endif /* HAVE_LIBCRYPTO */ + +#ifndef _WIN32 +# include +#endif + +/** + * @addtogroup libssh_session + * + * @{ + */ + +static int alldigits(const char *s) { + while (*s) { + if (isdigit(*s)) { + s++; + } else { + return 0; + } + } + + return 1; +} + +/** + * @internal + * + * @brief Free a token array. + */ +static void tokens_free(char **tokens) { + if (tokens == NULL) { + return; + } + + SAFE_FREE(tokens[0]); + /* It's not needed to free other pointers because tokens generated by + * space_tokenize fit all in one malloc + */ + SAFE_FREE(tokens); +} + +/** + * @internal + * + * @brief Return one line of known host file. + * + * This will return a token array containing (host|ip), keytype and key. + * + * @param[out] file A pointer to the known host file. Could be pointing to + * NULL at start. + * + * @param[in] filename The file name of the known host file. + * + * @param[out] found_type A pointer to a string to be set with the found key + * type. + * + * @returns The found_type type of key (ie "dsa","ssh-rsa1"). Don't + * free that value. NULL if no match was found or the file + * was not found. + */ +static char **ssh_get_knownhost_line(ssh_session session, FILE **file, + const char *filename, const char **found_type) { + char buffer[4096] = {0}; + char *ptr; + char **tokens; + + enter_function(); + + if(*file == NULL){ + *file = fopen(filename,"r"); + if (*file == NULL) { + leave_function(); + return NULL; + } + } + + while (fgets(buffer, sizeof(buffer), *file)) { + ptr = strchr(buffer, '\n'); + if (ptr) { + *ptr = '\0'; + } + + ptr = strchr(buffer,'\r'); + if (ptr) { + *ptr = '\0'; + } + + if (!buffer[0] || buffer[0] == '#') { + continue; /* skip empty lines */ + } + + tokens = space_tokenize(buffer); + if (tokens == NULL) { + fclose(*file); + *file = NULL; + leave_function(); + return NULL; + } + + if(!tokens[0] || !tokens[1] || !tokens[2]) { + /* it should have at least 3 tokens */ + tokens_free(tokens); + continue; + } + + *found_type = tokens[1]; + if (tokens[3]) { + /* openssh rsa1 format has 4 tokens on the line. Recognize it + by the fact that everything is all digits */ + if (tokens[4]) { + /* that's never valid */ + tokens_free(tokens); + continue; + } + if (alldigits(tokens[1]) && alldigits(tokens[2]) && alldigits(tokens[3])) { + *found_type = "ssh-rsa1"; + } else { + /* 3 tokens only, not four */ + tokens_free(tokens); + continue; + } + } + leave_function(); + return tokens; + } + + fclose(*file); + *file = NULL; + + /* we did not find anything, end of file*/ + leave_function(); + return NULL; +} + +/** + * @brief Check the public key in the known host line matches the public key of + * the currently connected server. + * + * @param[in] session The SSH session to use. + * + * @param[in] tokens A list of tokens in the known_hosts line. + * + * @returns 1 if the key matches, 0 if the key doesn't match and -1 + * on error. + */ +static int check_public_key(ssh_session session, char **tokens) { + ssh_string pubkey = session->current_crypto->server_pubkey; + ssh_buffer pubkey_buffer; + char *pubkey_64; + + /* ok we found some public key in known hosts file. now un-base64it */ + if (alldigits(tokens[1])) { + /* openssh rsa1 format */ + bignum tmpbn; + ssh_string tmpstring; + unsigned int len; + int i; + + pubkey_buffer = ssh_buffer_new(); + if (pubkey_buffer == NULL) { + return -1; + } + + tmpstring = ssh_string_from_char("ssh-rsa1"); + if (tmpstring == NULL) { + ssh_buffer_free(pubkey_buffer); + return -1; + } + + if (buffer_add_ssh_string(pubkey_buffer, tmpstring) < 0) { + ssh_buffer_free(pubkey_buffer); + ssh_string_free(tmpstring); + return -1; + } + ssh_string_free(tmpstring); + + for (i = 2; i < 4; i++) { /* e, then n */ + tmpbn = NULL; + bignum_dec2bn(tokens[i], &tmpbn); + if (tmpbn == NULL) { + ssh_buffer_free(pubkey_buffer); + return -1; + } + /* for some reason, make_bignum_string does not work + because of the padding which it does --kv */ + /* tmpstring = make_bignum_string(tmpbn); */ + /* do it manually instead */ + len = bignum_num_bytes(tmpbn); + tmpstring = malloc(4 + len); + if (tmpstring == NULL) { + ssh_buffer_free(pubkey_buffer); + bignum_free(tmpbn); + return -1; + } + /* TODO: fix the hardcoding */ + tmpstring->size = htonl(len); +#ifdef HAVE_LIBGCRYPT + bignum_bn2bin(tmpbn, len, tmpstring->string); +#elif defined HAVE_LIBCRYPTO + bignum_bn2bin(tmpbn, tmpstring->string); +#endif + bignum_free(tmpbn); + if (buffer_add_ssh_string(pubkey_buffer, tmpstring) < 0) { + ssh_buffer_free(pubkey_buffer); + ssh_string_free(tmpstring); + bignum_free(tmpbn); + return -1; + } + ssh_string_free(tmpstring); + } + } else { + /* ssh-dss or ssh-rsa */ + pubkey_64 = tokens[2]; + pubkey_buffer = base64_to_bin(pubkey_64); + } + + if (pubkey_buffer == NULL) { + ssh_set_error(session, SSH_FATAL, + "Verifying that server is a known host: base64 error"); + return -1; + } + + if (ssh_buffer_get_len(pubkey_buffer) != ssh_string_len(pubkey)) { + ssh_buffer_free(pubkey_buffer); + return 0; + } + + /* now test that they are identical */ + if (memcmp(ssh_buffer_get_begin(pubkey_buffer), pubkey->string, + ssh_buffer_get_len(pubkey_buffer)) != 0) { + ssh_buffer_free(pubkey_buffer); + return 0; + } + + ssh_buffer_free(pubkey_buffer); + return 1; +} + +/** + * @brief Check if a hostname matches a openssh-style hashed known host. + * + * @param[in] host The host to check. + * + * @param[in] hashed The hashed value. + * + * @returns 1 if it matches, 0 otherwise. + */ +static int match_hashed_host(ssh_session session, const char *host, + const char *sourcehash) { + /* Openssh hash structure : + * |1|base64 encoded salt|base64 encoded hash + * hash is produced that way : + * hash := HMAC_SHA1(key=salt,data=host) + */ + unsigned char buffer[256] = {0}; + ssh_buffer salt; + ssh_buffer hash; + HMACCTX mac; + char *source; + char *b64hash; + int match; + unsigned int size; + + enter_function(); + + if (strncmp(sourcehash, "|1|", 3) != 0) { + leave_function(); + return 0; + } + + source = strdup(sourcehash + 3); + if (source == NULL) { + leave_function(); + return 0; + } + + b64hash = strchr(source, '|'); + if (b64hash == NULL) { + /* Invalid hash */ + SAFE_FREE(source); + leave_function(); + return 0; + } + + *b64hash = '\0'; + b64hash++; + + salt = base64_to_bin(source); + if (salt == NULL) { + SAFE_FREE(source); + leave_function(); + return 0; + } + + hash = base64_to_bin(b64hash); + SAFE_FREE(source); + if (hash == NULL) { + ssh_buffer_free(salt); + leave_function(); + return 0; + } + + mac = hmac_init(ssh_buffer_get_begin(salt), ssh_buffer_get_len(salt), HMAC_SHA1); + if (mac == NULL) { + ssh_buffer_free(salt); + ssh_buffer_free(hash); + leave_function(); + return 0; + } + size = sizeof(buffer); + hmac_update(mac, host, strlen(host)); + hmac_final(mac, buffer, &size); + + if (size == ssh_buffer_get_len(hash) && + memcmp(buffer, ssh_buffer_get_begin(hash), size) == 0) { + match = 1; + } else { + match = 0; + } + + ssh_buffer_free(salt); + ssh_buffer_free(hash); + + ssh_log(session, SSH_LOG_PACKET, + "Matching a hashed host: %s match=%d", host, match); + + leave_function(); + return match; +} + +/* How it's working : + * 1- we open the known host file and bitch if it doesn't exist + * 2- we need to examine each line of the file, until going on state SSH_SERVER_KNOWN_OK: + * - there's a match. if the key is good, state is SSH_SERVER_KNOWN_OK, + * else it's SSH_SERVER_KNOWN_CHANGED (or SSH_SERVER_FOUND_OTHER) + * - there's no match : no change + */ + +/** + * @brief Check if the server is known. + * + * Checks the user's known host file for a previous connection to the + * current server. + * + * @param[in] session The SSH session to use. + * + * @returns SSH_SERVER_KNOWN_OK: The server is known and has not changed.\n + * SSH_SERVER_KNOWN_CHANGED: The server key has changed. Either you + * are under attack or the administrator + * changed the key. You HAVE to warn the + * user about a possible attack.\n + * SSH_SERVER_FOUND_OTHER: The server gave use a key of a type while + * we had an other type recorded. It is a + * possible attack.\n + * SSH_SERVER_NOT_KNOWN: The server is unknown. User should + * confirm the MD5 is correct.\n + * SSH_SERVER_FILE_NOT_FOUND: The known host file does not exist. The + * host is thus unknown. File will be + * created if host key is accepted.\n + * SSH_SERVER_ERROR: Some error happened. + * + * @see ssh_get_pubkey_hash() + * + * @bug There is no current way to remove or modify an entry into the known + * host table. + */ +int ssh_is_server_known(ssh_session session) { + FILE *file = NULL; + char **tokens; + char *host; + char *hostport; + const char *type; + int match; + int ret = SSH_SERVER_NOT_KNOWN; + + enter_function(); + + if (session->knownhosts == NULL) { + if (ssh_options_apply(session) < 0) { + ssh_set_error(session, SSH_REQUEST_DENIED, + "Can't find a known_hosts file"); + leave_function(); + return SSH_SERVER_FILE_NOT_FOUND; + } + } + + if (session->host == NULL) { + ssh_set_error(session, SSH_FATAL, + "Can't verify host in known hosts if the hostname isn't known"); + leave_function(); + return SSH_SERVER_ERROR; + } + + if (session->current_crypto == NULL){ + ssh_set_error(session, SSH_FATAL, + "ssh_is_host_known called without cryptographic context"); + leave_function(); + return SSH_SERVER_ERROR; + } + host = ssh_lowercase(session->host); + hostport = ssh_hostport(host,session->port); + if (host == NULL || hostport == NULL) { + ssh_set_error_oom(session); + SAFE_FREE(host); + SAFE_FREE(hostport); + leave_function(); + return SSH_SERVER_ERROR; + } + + do { + tokens = ssh_get_knownhost_line(session, &file, + session->knownhosts, &type); + + /* End of file, return the current state */ + if (tokens == NULL) { + break; + } + match = match_hashed_host(session, host, tokens[0]); + if (match == 0){ + match = match_hostname(hostport, tokens[0], strlen(tokens[0])); + } + if (match == 0) { + match = match_hostname(host, tokens[0], strlen(tokens[0])); + } + if (match == 0) { + match = match_hashed_host(session, hostport, tokens[0]); + } + if (match) { + /* We got a match. Now check the key type */ + if (strcmp(session->current_crypto->server_pubkey_type, type) != 0) { + /* Different type. We don't override the known_changed error which is + * more important */ + if (ret != SSH_SERVER_KNOWN_CHANGED) + ret = SSH_SERVER_FOUND_OTHER; + tokens_free(tokens); + continue; + } + /* so we know the key type is good. We may get a good key or a bad key. */ + match = check_public_key(session, tokens); + tokens_free(tokens); + + if (match < 0) { + ret = SSH_SERVER_ERROR; + break; + } else if (match == 1) { + ret = SSH_SERVER_KNOWN_OK; + break; + } else if(match == 0) { + /* We override the status with the wrong key state */ + ret = SSH_SERVER_KNOWN_CHANGED; + } + } else { + tokens_free(tokens); + } + } while (1); + + if ( (ret == SSH_SERVER_NOT_KNOWN) && (session->StrictHostKeyChecking == 0) ) { + ssh_write_knownhost(session); + ret = SSH_SERVER_KNOWN_OK; + } + + SAFE_FREE(host); + SAFE_FREE(hostport); + if (file != NULL) { + fclose(file); + } + + /* Return the current state at end of file */ + leave_function(); + return ret; +} + +/** + * @brief Write the current server as known in the known hosts file. + * + * This will create the known hosts file if it does not exist. You generaly use + * it when ssh_is_server_known() answered SSH_SERVER_NOT_KNOWN. + * + * @param[in] session The ssh session to use. + * + * @return SSH_OK on success, SSH_ERROR on error. + */ +int ssh_write_knownhost(ssh_session session) { + ssh_string pubkey; + unsigned char *pubkey_64; + char buffer[4096] = {0}; + FILE *file; + char *dir; + char *host; + char *hostport; + size_t len = 0; + + if (session->host == NULL) { + ssh_set_error(session, SSH_FATAL, + "Can't write host in known hosts if the hostname isn't known"); + return SSH_ERROR; + } + + host = ssh_lowercase(session->host); + /* If using a nonstandard port, save the host in the [host]:port format */ + if(session->port != 22){ + hostport = ssh_hostport(host,session->port); + SAFE_FREE(host); + host=hostport; + hostport=NULL; + } + + if (session->knownhosts == NULL) { + if (ssh_options_apply(session) < 0) { + ssh_set_error(session, SSH_FATAL, "Can't find a known_hosts file"); + return SSH_ERROR; + } + } + + if(session->current_crypto==NULL) { + ssh_set_error(session, SSH_FATAL, "No current crypto context"); + return SSH_ERROR; + } + + pubkey = session->current_crypto->server_pubkey; + if(pubkey == NULL){ + ssh_set_error(session, SSH_FATAL, "No public key present"); + return SSH_ERROR; + } + + /* Check if ~/.ssh exists and create it if not */ + dir = ssh_dirname(session->knownhosts); + if (dir == NULL) { + ssh_set_error(session, SSH_FATAL, "%s", strerror(errno)); + return -1; + } + if (! ssh_file_readaccess_ok(dir)) { + if (ssh_mkdir(dir, 0700) < 0) { + ssh_set_error(session, SSH_FATAL, + "Cannot create %s directory.", dir); + SAFE_FREE(dir); + return -1; + } + } + SAFE_FREE(dir); + + file = fopen(session->knownhosts, "a"); + if (file == NULL) { + ssh_set_error(session, SSH_FATAL, + "Couldn't open known_hosts file %s for appending: %s", + session->knownhosts, strerror(errno)); + SAFE_FREE(host); + return -1; + } + + if (strcmp(session->current_crypto->server_pubkey_type, "ssh-rsa1") == 0) { + /* openssh uses a different format for ssh-rsa1 keys. + Be compatible --kv */ + ssh_public_key key; + char *e_string = NULL; + char *n_string = NULL; + bignum e = NULL; + bignum n = NULL; + int rsa_size; +#ifdef HAVE_LIBGCRYPT + gcry_sexp_t sexp; +#endif + + key = publickey_from_string(session, pubkey); + if (key == NULL) { + fclose(file); + SAFE_FREE(host); + return -1; + } + +#ifdef HAVE_LIBGCRYPT + sexp = gcry_sexp_find_token(key->rsa_pub, "e", 0); + if (sexp == NULL) { + publickey_free(key); + fclose(file); + SAFE_FREE(host); + return -1; + } + e = gcry_sexp_nth_mpi(sexp, 1, GCRYMPI_FMT_USG); + gcry_sexp_release(sexp); + if (e == NULL) { + publickey_free(key); + fclose(file); + SAFE_FREE(host); + return -1; + } + + sexp = gcry_sexp_find_token(key->rsa_pub, "n", 0); + if (sexp == NULL) { + publickey_free(key); + bignum_free(e); + fclose(file); + SAFE_FREE(host); + return -1; + } + n = gcry_sexp_nth_mpi(sexp, 1, GCRYMPI_FMT_USG); + gcry_sexp_release(sexp); + if (n == NULL) { + publickey_free(key); + bignum_free(e); + fclose(file); + SAFE_FREE(host); + return -1; + } + + rsa_size = (gcry_pk_get_nbits(key->rsa_pub) + 7) / 8; +#elif defined HAVE_LIBCRYPTO + e = key->rsa_pub->e; + n = key->rsa_pub->n; + rsa_size = RSA_size(key->rsa_pub); +#endif + + e_string = bignum_bn2dec(e); + n_string = bignum_bn2dec(n); + if (e_string == NULL || n_string == NULL) { +#ifdef HAVE_LIBGCRYPT + bignum_free(e); + bignum_free(n); + SAFE_FREE(e_string); + SAFE_FREE(n_string); +#elif defined HAVE_LIBCRYPTO + OPENSSL_free(e_string); + OPENSSL_free(n_string); +#endif + publickey_free(key); + fclose(file); + SAFE_FREE(host); + return -1; + } + + snprintf(buffer, sizeof(buffer), + "%s %d %s %s\n", + host, + rsa_size << 3, + e_string, + n_string); + +#ifdef HAVE_LIBGCRYPT + bignum_free(e); + bignum_free(n); + SAFE_FREE(e_string); + SAFE_FREE(n_string); +#elif defined HAVE_LIBCRYPTO + OPENSSL_free(e_string); + OPENSSL_free(n_string); +#endif + + publickey_free(key); + } else { + pubkey_64 = bin_to_base64(pubkey->string, ssh_string_len(pubkey)); + if (pubkey_64 == NULL) { + fclose(file); + SAFE_FREE(host); + return -1; + } + + snprintf(buffer, sizeof(buffer), + "%s %s %s\n", + host, + session->current_crypto->server_pubkey_type, + pubkey_64); + + SAFE_FREE(pubkey_64); + } + SAFE_FREE(host); + len = strlen(buffer); + if (fwrite(buffer, len, 1, file) != 1 || ferror(file)) { + fclose(file); + return -1; + } + + fclose(file); + return 0; +} + +/** @} */ + +/* vim: set ts=4 sw=4 et cindent: */ diff --git a/src/pki.c b/src/pki.c index fc15a2c8..c3a1bcf9 100644 --- a/src/pki.c +++ b/src/pki.c @@ -1,4 +1,5 @@ /* + * known_hosts.c * This file is part of the SSH Library * * Copyright (c) 2010 by Aris Adamantiadis -- cgit v1.2.3