Rev 64 | Rev 80 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 79 | magnus | 1 | Author: Magnus Holmgren <holmgren@debian.org> |
| 2 | Description: Check keys against openssh-blacklist |
||
| 3 | Check keys before accepting for pubkey authentication as well as on conversion |
||
| 4 | by lsh-writekey and lsh-decode-key. |
||
| 5 | . |
||
| 6 | blacklist.c code copied from the openssh package and adapted for LSH. |
||
| 60 | magnus | 7 | |
| 79 | magnus | 8 | --- a/src/Makefile.am |
| 9 | +++ b/src/Makefile.am |
||
| 10 | @@ -69,7 +69,8 @@ liblsh_a_SOURCES = abstract_io.c abstrac |
||
| 60 | magnus | 11 | unix_interact.c unix_process.c unix_random.c unix_user.c \ |
| 12 | userauth.c \ |
||
| 13 | werror.c write_buffer.c write_packet.c \ |
||
| 14 | - xalloc.c xauth.c zlib.c |
||
| 15 | + xalloc.c xauth.c zlib.c \ |
||
| 16 | + blacklist.c |
||
| 17 | |||
| 18 | liblsh_a_LIBADD = @LIBOBJS@ |
||
| 19 | |||
| 79 | magnus | 20 | --- a/src/abstract_crypto.h |
| 21 | +++ b/src/abstract_crypto.h |
||
| 22 | @@ -162,7 +162,9 @@ MAC_DIGEST((instance), lsh_string_alloc( |
||
| 63 | magnus | 23 | (public_key method (string)) |
| 24 | |||
| 25 | ; Returns (public-key (<pub-sig-alg-id> <s-expr>*)) |
||
| 26 | - (public_spki_key method (string) "int transport"))) |
||
| 27 | + (public_spki_key method (string) "int transport") |
||
| 28 | + |
||
| 29 | + (key_size method uint32_t))) |
||
| 30 | */ |
||
| 31 | |||
| 32 | #define VERIFY(verifier, algorithm, length, data, slength, sdata) \ |
||
| 79 | magnus | 33 | @@ -170,7 +172,7 @@ MAC_DIGEST((instance), lsh_string_alloc( |
| 63 | magnus | 34 | |
| 35 | #define PUBLIC_KEY(verifier) ((verifier)->public_key((verifier))) |
||
| 36 | #define PUBLIC_SPKI_KEY(verifier, t) ((verifier)->public_spki_key((verifier), (t))) |
||
| 37 | - |
||
| 38 | +#define KEY_SIZE(verifier) ((verifier)->key_size((verifier))) |
||
| 39 | |||
| 40 | /* GABA: |
||
| 41 | (class |
||
| 79 | magnus | 42 | --- a/src/abstract_crypto.h.x |
| 43 | +++ b/src/abstract_crypto.h.x |
||
| 44 | @@ -161,6 +161,7 @@ struct verifier |
||
| 63 | magnus | 45 | int (*(verify))(struct verifier *self,int algorithm,uint32_t length,const uint8_t *data,uint32_t signature_length,const uint8_t *signature_data); |
| 46 | struct lsh_string *(*(public_key))(struct verifier *self); |
||
| 47 | struct lsh_string *(*(public_spki_key))(struct verifier *self,int transport); |
||
| 48 | + uint32_t *(*(key_size))(struct verifier *self); |
||
| 49 | }; |
||
| 50 | extern struct lsh_class verifier_class; |
||
| 51 | #endif /* !GABA_DEFINE */ |
||
| 79 | magnus | 52 | --- /dev/null |
| 53 | +++ b/src/blacklist.c |
||
| 63 | magnus | 54 | @@ -0,0 +1,150 @@ |
| 60 | magnus | 55 | +#if HAVE_CONFIG_H |
| 56 | +#include "config.h" |
||
| 57 | +#endif |
||
| 58 | + |
||
| 59 | +#include <assert.h> |
||
| 60 | + |
||
| 61 | +#include "atoms.h" |
||
| 62 | +#include "format.h" |
||
| 63 | +#include "lsh_string.h" |
||
| 64 | +#include "werror.h" |
||
| 65 | +#include "crypto.h" |
||
| 66 | + |
||
| 67 | +#include <sys/types.h> |
||
| 68 | +#include <sys/stat.h> |
||
| 69 | +#include <unistd.h> |
||
| 70 | +#include <fcntl.h> |
||
| 71 | +#include <string.h> |
||
| 72 | + |
||
| 63 | magnus | 73 | +int blacklisted_key(struct verifier *v, int method); |
| 74 | + |
||
| 60 | magnus | 75 | +/* Scan a blacklist of known-vulnerable keys in blacklist_file. */ |
| 76 | +static int |
||
| 77 | +blacklisted_key_in_file(struct lsh_string *lsh_hash, struct lsh_string *blacklist_file) |
||
| 78 | +{ |
||
| 79 | + int fd = -1; |
||
| 80 | + const char *hash = 0; |
||
| 81 | + uint32_t line_len; |
||
| 82 | + struct stat st; |
||
| 83 | + char buf[256]; |
||
| 84 | + off_t start, lower, upper; |
||
| 85 | + int ret = 0; |
||
| 86 | + |
||
| 87 | + debug("Checking blacklist file %S\n", blacklist_file); |
||
| 88 | + fd = open(lsh_get_cstring(blacklist_file), O_RDONLY); |
||
| 89 | + if (fd < 0) { |
||
| 90 | + ret = -1; |
||
| 91 | + goto out; |
||
| 92 | + } |
||
| 93 | + |
||
| 94 | + hash = lsh_get_cstring(lsh_hash) + 12; |
||
| 95 | + line_len = strlen(hash); |
||
| 96 | + if (line_len != 20) |
||
| 97 | + goto out; |
||
| 98 | + |
||
| 99 | + /* Skip leading comments */ |
||
| 100 | + start = 0; |
||
| 101 | + for (;;) { |
||
| 102 | + ssize_t r; |
||
| 103 | + char *newline; |
||
| 104 | + |
||
| 105 | + r = read(fd, buf, sizeof(buf)); |
||
| 106 | + if (r <= 0) |
||
| 107 | + goto out; |
||
| 108 | + if (buf[0] != '#') |
||
| 109 | + break; |
||
| 110 | + |
||
| 111 | + newline = memchr(buf, '\n', sizeof(buf)); |
||
| 112 | + if (!newline) |
||
| 113 | + goto out; |
||
| 114 | + start += newline + 1 - buf; |
||
| 115 | + if (lseek(fd, start, SEEK_SET) < 0) |
||
| 116 | + goto out; |
||
| 117 | + } |
||
| 118 | + |
||
| 119 | + /* Initialise binary search record numbers */ |
||
| 120 | + if (fstat(fd, &st) < 0) |
||
| 121 | + goto out; |
||
| 122 | + lower = 0; |
||
| 123 | + upper = (st.st_size - start) / (line_len + 1); |
||
| 124 | + |
||
| 125 | + while (lower != upper) { |
||
| 126 | + off_t cur; |
||
| 127 | + int cmp; |
||
| 128 | + |
||
| 129 | + cur = lower + (upper - lower) / 2; |
||
| 130 | + |
||
| 131 | + /* Read this line and compare to digest; this is |
||
| 132 | + * overflow-safe since cur < max(off_t) / (line_len + 1) */ |
||
| 133 | + if (lseek(fd, start + cur * (line_len + 1), SEEK_SET) < 0) |
||
| 134 | + break; |
||
| 135 | + if (read(fd, buf, line_len) != line_len) |
||
| 136 | + break; |
||
| 137 | + cmp = memcmp(buf, hash, line_len); |
||
| 138 | + if (cmp < 0) { |
||
| 139 | + if (cur == lower) |
||
| 140 | + break; |
||
| 141 | + lower = cur; |
||
| 142 | + } else if (cmp > 0) { |
||
| 143 | + if (cur == upper) |
||
| 144 | + break; |
||
| 145 | + upper = cur; |
||
| 146 | + } else { |
||
| 147 | + ret = 1; |
||
| 148 | + break; |
||
| 149 | + } |
||
| 150 | + } |
||
| 151 | + |
||
| 152 | +out: |
||
| 153 | + if (fd >= 0) |
||
| 154 | + close(fd); |
||
| 155 | + return ret; |
||
| 156 | +} |
||
| 157 | + |
||
| 158 | +/* |
||
| 159 | + * Scan blacklists of known-vulnerable keys. If a vulnerable key is found, |
||
| 160 | + * its fingerprint is returned in *fp, unless fp is NULL. |
||
| 161 | + */ |
||
| 162 | +int |
||
| 163 | +blacklisted_key(struct verifier *v, int method) |
||
| 164 | +{ |
||
| 165 | + const char *keytype; |
||
| 166 | + int ret = -1; |
||
| 167 | + const char *paths[] = { "/usr/share/ssh/blacklist", "/etc/ssh/blacklist", NULL }; |
||
| 168 | + const char **pp; |
||
| 169 | + struct lsh_string *lsh_hash = ssh_format("%lfxS", |
||
| 170 | + hash_string(&crypto_md5_algorithm, |
||
| 171 | + PUBLIC_KEY(v), 1)); |
||
| 63 | magnus | 172 | + uint32_t keysize = KEY_SIZE(v); |
| 60 | magnus | 173 | + |
| 174 | + switch (method) |
||
| 175 | + { |
||
| 176 | + case ATOM_SSH_DSS: |
||
| 177 | + case ATOM_DSA: |
||
| 178 | + keytype = "DSA"; |
||
| 63 | magnus | 179 | + break; |
| 60 | magnus | 180 | + case ATOM_SSH_RSA: |
| 181 | + case ATOM_RSA_PKCS1_SHA1: |
||
| 182 | + case ATOM_RSA_PKCS1_MD5: |
||
| 183 | + case ATOM_RSA_PKCS1: |
||
| 184 | + keytype = "RSA"; |
||
| 63 | magnus | 185 | + break; |
| 60 | magnus | 186 | + default: |
| 187 | + werror("Unrecognized key type"); |
||
| 63 | magnus | 188 | + return -1; |
| 60 | magnus | 189 | + } |
| 190 | + |
||
| 191 | + for (pp = paths; *pp && ret <= 0; pp++) { |
||
| 192 | + struct lsh_string *blacklist_file = ssh_format("%lz.%lz-%di", |
||
| 193 | + *pp, keytype, keysize); |
||
| 194 | + int r = blacklisted_key_in_file(lsh_hash, blacklist_file); |
||
| 195 | + lsh_string_free(blacklist_file); |
||
| 196 | + if (r > ret) ret = r; |
||
| 197 | + } |
||
| 198 | + |
||
| 199 | + if (ret > 0) { |
||
| 200 | + werror("Key is compromised: %z %i %fS\n", keytype, keysize, |
||
| 201 | + lsh_string_colonize(lsh_hash, 2, 0)); |
||
| 202 | + } |
||
| 203 | + return ret; |
||
| 204 | +} |
||
| 79 | magnus | 205 | --- a/src/dsa.c |
| 206 | +++ b/src/dsa.c |
||
| 207 | @@ -189,6 +189,14 @@ do_dsa_public_spki_key(struct verifier * |
||
| 63 | magnus | 208 | "y", self->key.y); |
| 209 | } |
||
| 210 | |||
| 211 | +static uint32_t |
||
| 212 | +do_dsa_key_size(struct verifier *v) |
||
| 213 | +{ |
||
| 214 | + CAST(dsa_verifier, self, v); |
||
| 215 | + |
||
| 216 | + return mpz_sizeinbase(self->key.p, 2); |
||
| 217 | +} |
||
| 218 | + |
||
| 219 | static void |
||
| 220 | init_dsa_verifier(struct dsa_verifier *self) |
||
| 221 | { |
||
| 79 | magnus | 222 | @@ -199,6 +207,7 @@ init_dsa_verifier(struct dsa_verifier *s |
| 63 | magnus | 223 | self->super.verify = do_dsa_verify; |
| 224 | self->super.public_spki_key = do_dsa_public_spki_key; |
||
| 225 | self->super.public_key = do_dsa_public_key; |
||
| 226 | + self->super.key_size = do_dsa_key_size; |
||
| 227 | } |
||
| 228 | |||
| 229 | |||
| 79 | magnus | 230 | --- a/src/lsh-decode-key.c |
| 231 | +++ b/src/lsh-decode-key.c |
||
| 232 | @@ -133,6 +133,10 @@ lsh_decode_key(struct lsh_string *conten |
||
| 60 | magnus | 233 | werror("Invalid dsa key.\n"); |
| 234 | return NULL; |
||
| 235 | } |
||
| 236 | + else if (blacklisted_key(v, type)) |
||
| 237 | + { |
||
| 238 | + return NULL; |
||
| 239 | + } |
||
| 240 | else |
||
| 241 | return PUBLIC_SPKI_KEY(v, 1); |
||
| 242 | } |
||
| 79 | magnus | 243 | @@ -150,6 +154,10 @@ lsh_decode_key(struct lsh_string *conten |
| 60 | magnus | 244 | werror("Invalid rsa key.\n"); |
| 245 | return NULL; |
||
| 246 | } |
||
| 247 | + else if (blacklisted_key(v, type)) |
||
| 248 | + { |
||
| 249 | + return NULL; |
||
| 250 | + } |
||
| 251 | else |
||
| 252 | return PUBLIC_SPKI_KEY(v, 1); |
||
| 253 | } |
||
| 79 | magnus | 254 | --- a/src/lsh-writekey.c |
| 255 | +++ b/src/lsh-writekey.c |
||
| 256 | @@ -397,14 +397,18 @@ process_public(const struct lsh_string * |
||
| 60 | magnus | 257 | { |
| 258 | struct signer *s; |
||
| 259 | struct verifier *v; |
||
| 260 | + int algorithm_name; |
||
| 261 | |||
| 262 | - s = spki_make_signer(options->signature_algorithms, key, NULL); |
||
| 263 | + s = spki_make_signer(options->signature_algorithms, key, &algorithm_name); |
||
| 264 | |||
| 265 | if (!s) |
||
| 266 | return NULL; |
||
| 267 | |||
| 268 | v = SIGNER_GET_VERIFIER(s); |
||
| 269 | assert(v); |
||
| 270 | + if (blacklisted_key(v, algorithm_name)) { |
||
| 271 | + return NULL; |
||
| 272 | + } |
||
| 273 | |||
| 274 | return PUBLIC_SPKI_KEY(v, 1); |
||
| 275 | } |
||
| 79 | magnus | 276 | @@ -416,7 +420,8 @@ main(int argc, char **argv) |
| 60 | magnus | 277 | int private_fd; |
| 278 | int public_fd; |
||
| 279 | struct lsh_string *input; |
||
| 280 | - struct lsh_string *output; |
||
| 281 | + struct lsh_string *priv_output; |
||
| 282 | + struct lsh_string *pub_output; |
||
| 283 | const struct exception *e; |
||
| 284 | |||
| 285 | argp_parse(&main_argp, argc, argv, 0, NULL, options); |
||
| 79 | magnus | 286 | @@ -439,16 +444,22 @@ main(int argc, char **argv) |
| 60 | magnus | 287 | return EXIT_FAILURE; |
| 288 | } |
||
| 289 | |||
| 290 | - output = process_private(input, options); |
||
| 291 | - if (!output) |
||
| 292 | + pub_output = process_public(input, options); |
||
| 293 | + if (!pub_output) |
||
| 294 | + return EXIT_FAILURE; |
||
| 295 | + |
||
| 296 | + priv_output = process_private(input, options); |
||
| 297 | + if (!priv_output) |
||
| 298 | return EXIT_FAILURE; |
||
| 299 | |||
| 300 | + lsh_string_free(input); |
||
| 301 | + |
||
| 302 | private_fd = open_file(options->private_file); |
||
| 303 | if (private_fd < 0) |
||
| 304 | return EXIT_FAILURE; |
||
| 305 | |||
| 306 | - e = write_raw(private_fd, STRING_LD(output)); |
||
| 307 | - lsh_string_free(output); |
||
| 308 | + e = write_raw(private_fd, STRING_LD(priv_output)); |
||
| 309 | + lsh_string_free(priv_output); |
||
| 310 | |||
| 311 | if (e) |
||
| 312 | { |
||
| 79 | magnus | 313 | @@ -457,18 +468,12 @@ main(int argc, char **argv) |
| 60 | magnus | 314 | return EXIT_FAILURE; |
| 315 | } |
||
| 316 | |||
| 317 | - output = process_public(input, options); |
||
| 318 | - lsh_string_free(input); |
||
| 319 | - |
||
| 320 | - if (!output) |
||
| 321 | - return EXIT_FAILURE; |
||
| 322 | - |
||
| 323 | public_fd = open_file(options->public_file); |
||
| 324 | if (public_fd < 0) |
||
| 325 | return EXIT_FAILURE; |
||
| 326 | |||
| 327 | - e = write_raw(public_fd, STRING_LD(output)); |
||
| 328 | - lsh_string_free(output); |
||
| 329 | + e = write_raw(public_fd, STRING_LD(pub_output)); |
||
| 330 | + lsh_string_free(pub_output); |
||
| 331 | |||
| 332 | if (e) |
||
| 333 | { |
||
| 79 | magnus | 334 | --- a/src/publickey_crypto.h |
| 335 | +++ b/src/publickey_crypto.h |
||
| 336 | @@ -203,5 +203,7 @@ parse_ssh_dss_public(struct simple_buffe |
||
| 60 | magnus | 337 | struct verifier * |
| 338 | make_ssh_dss_verifier(const struct lsh_string *public); |
||
| 339 | |||
| 340 | +int |
||
| 341 | +blacklisted_key(struct verifier *v, int method); |
||
| 342 | |||
| 343 | #endif /* LSH_PUBLICKEY_CRYPTO_H_INCLUDED */ |
||
| 79 | magnus | 344 | --- a/src/rsa.c |
| 345 | +++ b/src/rsa.c |
||
| 346 | @@ -167,6 +167,14 @@ do_rsa_public_spki_key(struct verifier * |
||
| 63 | magnus | 347 | self->key.n, self->key.e); |
| 348 | } |
||
| 349 | |||
| 350 | +static uint32_t |
||
| 351 | +do_rsa_key_size(struct verifier *v) |
||
| 352 | +{ |
||
| 353 | + CAST(rsa_verifier, self, v); |
||
| 354 | + |
||
| 355 | + return mpz_sizeinbase(self->key.n, 2); |
||
| 356 | +} |
||
| 357 | + |
||
| 358 | |||
| 359 | /* NOTE: To initialize an rsa verifier, one must |
||
| 360 | * |
||
| 79 | magnus | 361 | @@ -184,6 +192,7 @@ init_rsa_verifier(struct rsa_verifier *s |
| 63 | magnus | 362 | self->super.verify = do_rsa_verify; |
| 363 | self->super.public_key = do_rsa_public_key; |
||
| 364 | self->super.public_spki_key = do_rsa_public_spki_key; |
||
| 365 | + self->super.key_size = do_rsa_key_size; |
||
| 366 | } |
||
| 367 | |||
| 368 | /* Alternative constructor using a key of type ssh-rsa, when the atom |
||
| 79 | magnus | 369 | --- a/src/server_authorization.c |
| 370 | +++ b/src/server_authorization.c |
||
| 371 | @@ -93,7 +93,8 @@ do_key_lookup(struct lookup_verifier *c, |
||
| 60 | magnus | 372 | PUBLIC_SPKI_KEY(v, 0), |
| 373 | 1)); |
||
| 374 | |||
| 375 | - if (USER_FILE_EXISTS(keyholder, filename, 1)) |
||
| 376 | + if (USER_FILE_EXISTS(keyholder, filename, 1) |
||
| 377 | + && blacklisted_key(v, method) < 1) |
||
| 378 | return v; |
||
| 379 | |||
| 380 | return NULL; |