1 /* $OpenBSD: ssh_api.c,v 1.4 2015/02/16 22:13:32 djm Exp $ */ 2 /* 3 * Copyright (c) 2012 Markus Friedl. All rights reserved. 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include "includes.h" 19 20 #include "ssh1.h" /* For SSH_MSG_NONE */ 21 #include "ssh_api.h" 22 #include "compat.h" 23 #include "log.h" 24 #include "authfile.h" 25 #include "sshkey.h" 26 #include "misc.h" 27 #include "ssh1.h" 28 #include "ssh2.h" 29 #include "version.h" 30 #include "myproposal.h" 31 #include "ssherr.h" 32 #include "sshbuf.h" 33 34 #include <string.h> 35 36 int _ssh_exchange_banner(struct ssh *); 37 int _ssh_send_banner(struct ssh *, char **); 38 int _ssh_read_banner(struct ssh *, char **); 39 int _ssh_order_hostkeyalgs(struct ssh *); 40 int _ssh_verify_host_key(struct sshkey *, struct ssh *); 41 struct sshkey *_ssh_host_public_key(int, int, struct ssh *); 42 struct sshkey *_ssh_host_private_key(int, int, struct ssh *); 43 int _ssh_host_key_sign(struct sshkey *, struct sshkey *, u_char **, 44 size_t *, const u_char *, size_t, u_int); 45 46 /* 47 * stubs for the server side implementation of kex. 48 * disable privsep so our stubs will never be called. 49 */ 50 int use_privsep = 0; 51 int mm_sshkey_sign(struct sshkey *, u_char **, u_int *, 52 u_char *, u_int, u_int); 53 DH *mm_choose_dh(int, int, int); 54 55 /* Define these two variables here so that they are part of the library */ 56 u_char *session_id2 = NULL; 57 u_int session_id2_len = 0; 58 59 int 60 mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp, 61 u_char *data, u_int datalen, u_int compat) 62 { 63 return (-1); 64 } 65 66 DH * 67 mm_choose_dh(int min, int nbits, int max) 68 { 69 return (NULL); 70 } 71 72 /* API */ 73 74 int 75 ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) 76 { 77 char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; 78 struct ssh *ssh; 79 char **proposal; 80 static int called; 81 int r; 82 83 if (!called) { 84 OpenSSL_add_all_algorithms(); 85 called = 1; 86 } 87 88 if ((ssh = ssh_packet_set_connection(NULL, -1, -1)) == NULL) 89 return SSH_ERR_ALLOC_FAIL; 90 if (is_server) 91 ssh_packet_set_server(ssh); 92 93 /* Initialize key exchange */ 94 proposal = kex_params ? kex_params->proposal : myproposal; 95 if ((r = kex_new(ssh, proposal, &ssh->kex)) != 0) { 96 ssh_free(ssh); 97 return r; 98 } 99 ssh->kex->server = is_server; 100 if (is_server) { 101 #ifdef WITH_OPENSSL 102 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 103 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; 104 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 105 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 106 ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; 107 #endif /* WITH_OPENSSL */ 108 ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server; 109 ssh->kex->load_host_public_key=&_ssh_host_public_key; 110 ssh->kex->load_host_private_key=&_ssh_host_private_key; 111 ssh->kex->sign=&_ssh_host_key_sign; 112 } else { 113 #ifdef WITH_OPENSSL 114 ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; 115 ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; 116 ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; 117 ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; 118 ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client; 119 #endif /* WITH_OPENSSL */ 120 ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client; 121 ssh->kex->verify_host_key =&_ssh_verify_host_key; 122 } 123 *sshp = ssh; 124 return 0; 125 } 126 127 void 128 ssh_free(struct ssh *ssh) 129 { 130 struct key_entry *k; 131 132 ssh_packet_close(ssh); 133 /* 134 * we've only created the public keys variants in case we 135 * are a acting as a server. 136 */ 137 while ((k = TAILQ_FIRST(&ssh->public_keys)) != NULL) { 138 TAILQ_REMOVE(&ssh->public_keys, k, next); 139 if (ssh->kex && ssh->kex->server) 140 sshkey_free(k->key); 141 free(k); 142 } 143 while ((k = TAILQ_FIRST(&ssh->private_keys)) != NULL) { 144 TAILQ_REMOVE(&ssh->private_keys, k, next); 145 free(k); 146 } 147 if (ssh->kex) 148 kex_free(ssh->kex); 149 free(ssh); 150 } 151 152 void 153 ssh_set_app_data(struct ssh *ssh, void *app_data) 154 { 155 ssh->app_data = app_data; 156 } 157 158 void * 159 ssh_get_app_data(struct ssh *ssh) 160 { 161 return ssh->app_data; 162 } 163 164 /* Returns < 0 on error, 0 otherwise */ 165 int 166 ssh_add_hostkey(struct ssh *ssh, struct sshkey *key) 167 { 168 struct sshkey *pubkey = NULL; 169 struct key_entry *k = NULL, *k_prv = NULL; 170 int r; 171 172 if (ssh->kex->server) { 173 if ((r = sshkey_from_private(key, &pubkey)) != 0) 174 return r; 175 if ((k = malloc(sizeof(*k))) == NULL || 176 (k_prv = malloc(sizeof(*k_prv))) == NULL) { 177 free(k); 178 sshkey_free(pubkey); 179 return SSH_ERR_ALLOC_FAIL; 180 } 181 k_prv->key = key; 182 TAILQ_INSERT_TAIL(&ssh->private_keys, k_prv, next); 183 184 /* add the public key, too */ 185 k->key = pubkey; 186 TAILQ_INSERT_TAIL(&ssh->public_keys, k, next); 187 r = 0; 188 } else { 189 if ((k = malloc(sizeof(*k))) == NULL) 190 return SSH_ERR_ALLOC_FAIL; 191 k->key = key; 192 TAILQ_INSERT_TAIL(&ssh->public_keys, k, next); 193 r = 0; 194 } 195 196 return r; 197 } 198 199 int 200 ssh_set_verify_host_key_callback(struct ssh *ssh, 201 int (*cb)(struct sshkey *, struct ssh *)) 202 { 203 if (cb == NULL || ssh->kex == NULL) 204 return SSH_ERR_INVALID_ARGUMENT; 205 206 ssh->kex->verify_host_key = cb; 207 208 return 0; 209 } 210 211 int 212 ssh_input_append(struct ssh *ssh, const u_char *data, size_t len) 213 { 214 return sshbuf_put(ssh_packet_get_input(ssh), data, len); 215 } 216 217 int 218 ssh_packet_next(struct ssh *ssh, u_char *typep) 219 { 220 int r; 221 u_int32_t seqnr; 222 u_char type; 223 224 /* 225 * Try to read a packet. Return SSH_MSG_NONE if no packet or not 226 * enough data. 227 */ 228 *typep = SSH_MSG_NONE; 229 if (ssh->kex->client_version_string == NULL || 230 ssh->kex->server_version_string == NULL) 231 return _ssh_exchange_banner(ssh); 232 /* 233 * If we enough data and a dispatch function then 234 * call the function and get the next packet. 235 * Otherwise return the packet type to the caller so it 236 * can decide how to go on. 237 * 238 * We will only call the dispatch function for: 239 * 20-29 Algorithm negotiation 240 * 30-49 Key exchange method specific (numbers can be reused for 241 * different authentication methods) 242 */ 243 for (;;) { 244 if ((r = ssh_packet_read_poll2(ssh, &type, &seqnr)) != 0) 245 return r; 246 if (type > 0 && type < DISPATCH_MAX && 247 type >= SSH2_MSG_KEXINIT && type <= SSH2_MSG_TRANSPORT_MAX && 248 ssh->dispatch[type] != NULL) { 249 if ((r = (*ssh->dispatch[type])(type, seqnr, ssh)) != 0) 250 return r; 251 } else { 252 *typep = type; 253 return 0; 254 } 255 } 256 } 257 258 const u_char * 259 ssh_packet_payload(struct ssh *ssh, size_t *lenp) 260 { 261 return sshpkt_ptr(ssh, lenp); 262 } 263 264 int 265 ssh_packet_put(struct ssh *ssh, int type, const u_char *data, size_t len) 266 { 267 int r; 268 269 if ((r = sshpkt_start(ssh, type)) != 0 || 270 (r = sshpkt_put(ssh, data, len)) != 0 || 271 (r = sshpkt_send(ssh)) != 0) 272 return r; 273 return 0; 274 } 275 276 const u_char * 277 ssh_output_ptr(struct ssh *ssh, size_t *len) 278 { 279 struct sshbuf *output = ssh_packet_get_output(ssh); 280 281 *len = sshbuf_len(output); 282 return sshbuf_ptr(output); 283 } 284 285 int 286 ssh_output_consume(struct ssh *ssh, size_t len) 287 { 288 return sshbuf_consume(ssh_packet_get_output(ssh), len); 289 } 290 291 int 292 ssh_output_space(struct ssh *ssh, size_t len) 293 { 294 return (0 == sshbuf_check_reserve(ssh_packet_get_output(ssh), len)); 295 } 296 297 int 298 ssh_input_space(struct ssh *ssh, size_t len) 299 { 300 return (0 == sshbuf_check_reserve(ssh_packet_get_input(ssh), len)); 301 } 302 303 /* Read other side's version identification. */ 304 int 305 _ssh_read_banner(struct ssh *ssh, char **bannerp) 306 { 307 struct sshbuf *input; 308 const char *s; 309 char buf[256], remote_version[256]; /* must be same size! */ 310 const char *mismatch = "Protocol mismatch.\r\n"; 311 int r, remote_major, remote_minor; 312 size_t i, n, j, len; 313 314 *bannerp = NULL; 315 input = ssh_packet_get_input(ssh); 316 len = sshbuf_len(input); 317 s = (const char *)sshbuf_ptr(input); 318 for (j = n = 0;;) { 319 for (i = 0; i < sizeof(buf) - 1; i++) { 320 if (j >= len) 321 return (0); 322 buf[i] = s[j++]; 323 if (buf[i] == '\r') { 324 buf[i] = '\n'; 325 buf[i + 1] = 0; 326 continue; /**XXX wait for \n */ 327 } 328 if (buf[i] == '\n') { 329 buf[i + 1] = 0; 330 break; 331 } 332 } 333 buf[sizeof(buf) - 1] = 0; 334 if (strncmp(buf, "SSH-", 4) == 0) 335 break; 336 debug("ssh_exchange_identification: %s", buf); 337 if (ssh->kex->server || ++n > 65536) { 338 if ((r = sshbuf_put(ssh_packet_get_output(ssh), 339 mismatch, strlen(mismatch))) != 0) 340 return r; 341 return SSH_ERR_NO_PROTOCOL_VERSION; 342 } 343 } 344 if ((r = sshbuf_consume(input, j)) != 0) 345 return r; 346 347 /* 348 * Check that the versions match. In future this might accept 349 * several versions and set appropriate flags to handle them. 350 */ 351 if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", 352 &remote_major, &remote_minor, remote_version) != 3) 353 return SSH_ERR_INVALID_FORMAT; 354 debug("Remote protocol version %d.%d, remote software version %.100s", 355 remote_major, remote_minor, remote_version); 356 357 ssh->compat = compat_datafellows(remote_version); 358 if (remote_major == 1 && remote_minor == 99) { 359 remote_major = 2; 360 remote_minor = 0; 361 } 362 if (remote_major != 2) 363 return SSH_ERR_PROTOCOL_MISMATCH; 364 enable_compat20(); 365 chop(buf); 366 debug("Remote version string %.100s", buf); 367 if ((*bannerp = strdup(buf)) == NULL) 368 return SSH_ERR_ALLOC_FAIL; 369 return 0; 370 } 371 372 /* Send our own protocol version identification. */ 373 int 374 _ssh_send_banner(struct ssh *ssh, char **bannerp) 375 { 376 char buf[256]; 377 int r; 378 379 snprintf(buf, sizeof buf, "SSH-2.0-%.100s\r\n", SSH_VERSION); 380 if ((r = sshbuf_put(ssh_packet_get_output(ssh), buf, strlen(buf))) != 0) 381 return r; 382 chop(buf); 383 debug("Local version string %.100s", buf); 384 if ((*bannerp = strdup(buf)) == NULL) 385 return SSH_ERR_ALLOC_FAIL; 386 return 0; 387 } 388 389 int 390 _ssh_exchange_banner(struct ssh *ssh) 391 { 392 struct kex *kex = ssh->kex; 393 int r; 394 395 /* 396 * if _ssh_read_banner() cannot parse a full version string 397 * it will return NULL and we end up calling it again. 398 */ 399 400 r = 0; 401 if (kex->server) { 402 if (kex->server_version_string == NULL) 403 r = _ssh_send_banner(ssh, &kex->server_version_string); 404 if (r == 0 && 405 kex->server_version_string != NULL && 406 kex->client_version_string == NULL) 407 r = _ssh_read_banner(ssh, &kex->client_version_string); 408 } else { 409 if (kex->server_version_string == NULL) 410 r = _ssh_read_banner(ssh, &kex->server_version_string); 411 if (r == 0 && 412 kex->server_version_string != NULL && 413 kex->client_version_string == NULL) 414 r = _ssh_send_banner(ssh, &kex->client_version_string); 415 } 416 if (r != 0) 417 return r; 418 /* start initial kex as soon as we have exchanged the banners */ 419 if (kex->server_version_string != NULL && 420 kex->client_version_string != NULL) { 421 if ((r = _ssh_order_hostkeyalgs(ssh)) != 0 || 422 (r = kex_send_kexinit(ssh)) != 0) 423 return r; 424 } 425 return 0; 426 } 427 428 struct sshkey * 429 _ssh_host_public_key(int type, int nid, struct ssh *ssh) 430 { 431 struct key_entry *k; 432 433 debug3("%s: need %d", __func__, type); 434 TAILQ_FOREACH(k, &ssh->public_keys, next) { 435 debug3("%s: check %s", __func__, sshkey_type(k->key)); 436 if (k->key->type == type && 437 (type != KEY_ECDSA || k->key->ecdsa_nid == nid)) 438 return (k->key); 439 } 440 return (NULL); 441 } 442 443 struct sshkey * 444 _ssh_host_private_key(int type, int nid, struct ssh *ssh) 445 { 446 struct key_entry *k; 447 448 debug3("%s: need %d", __func__, type); 449 TAILQ_FOREACH(k, &ssh->private_keys, next) { 450 debug3("%s: check %s", __func__, sshkey_type(k->key)); 451 if (k->key->type == type && 452 (type != KEY_ECDSA || k->key->ecdsa_nid == nid)) 453 return (k->key); 454 } 455 return (NULL); 456 } 457 458 int 459 _ssh_verify_host_key(struct sshkey *hostkey, struct ssh *ssh) 460 { 461 struct key_entry *k; 462 463 debug3("%s: need %s", __func__, sshkey_type(hostkey)); 464 TAILQ_FOREACH(k, &ssh->public_keys, next) { 465 debug3("%s: check %s", __func__, sshkey_type(k->key)); 466 if (sshkey_equal_public(hostkey, k->key)) 467 return (0); /* ok */ 468 } 469 return (-1); /* failed */ 470 } 471 472 /* offer hostkey algorithms in kexinit depending on registered keys */ 473 int 474 _ssh_order_hostkeyalgs(struct ssh *ssh) 475 { 476 struct key_entry *k; 477 char *orig, *avail, *oavail = NULL, *alg, *replace = NULL; 478 char **proposal; 479 size_t maxlen; 480 int ktype, r; 481 482 /* XXX we de-serialize ssh->kex->my, modify it, and change it */ 483 if ((r = kex_buf2prop(ssh->kex->my, NULL, &proposal)) != 0) 484 return r; 485 orig = proposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; 486 if ((oavail = avail = strdup(orig)) == NULL) { 487 r = SSH_ERR_ALLOC_FAIL; 488 goto out; 489 } 490 maxlen = strlen(avail) + 1; 491 if ((replace = calloc(1, maxlen)) == NULL) { 492 r = SSH_ERR_ALLOC_FAIL; 493 goto out; 494 } 495 *replace = '\0'; 496 while ((alg = strsep(&avail, ",")) && *alg != '\0') { 497 if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC) 498 continue; 499 TAILQ_FOREACH(k, &ssh->public_keys, next) { 500 if (k->key->type == ktype || 501 (sshkey_is_cert(k->key) && k->key->type == 502 sshkey_type_plain(ktype))) { 503 if (*replace != '\0') 504 strlcat(replace, ",", maxlen); 505 strlcat(replace, alg, maxlen); 506 break; 507 } 508 } 509 } 510 if (*replace != '\0') { 511 debug2("%s: orig/%d %s", __func__, ssh->kex->server, orig); 512 debug2("%s: replace/%d %s", __func__, ssh->kex->server, replace); 513 free(orig); 514 proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = replace; 515 replace = NULL; /* owned by proposal */ 516 r = kex_prop2buf(ssh->kex->my, proposal); 517 } 518 out: 519 free(oavail); 520 free(replace); 521 kex_prop_free(proposal); 522 return r; 523 } 524 525 int 526 _ssh_host_key_sign(struct sshkey *privkey, struct sshkey *pubkey, 527 u_char **signature, size_t *slen, 528 const u_char *data, size_t dlen, u_int compat) 529 { 530 return sshkey_sign(privkey, signature, slen, data, dlen, compat); 531 } 532