From 2a9c9f7272c1e8665155118fe6536bebdafb6166 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Tue, 3 Sep 2019 08:34:19 +0000 Subject: upstream: sshsig: lightweight signature and verification ability for OpenSSH This adds a simple manual signature scheme to OpenSSH. Signatures can be made and verified using ssh-keygen -Y sign|verify Signatures embed the key used to make them. At verification time, this is matched via principal name against an authorized_keys-like list of allowed signers. Mostly by Sebastian Kinne w/ some tweaks by me ok markus@ OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb --- sshsig.c | 787 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 787 insertions(+) create mode 100644 sshsig.c (limited to 'sshsig.c') diff --git a/sshsig.c b/sshsig.c new file mode 100644 index 00000000..0a1e1462 --- /dev/null +++ b/sshsig.c @@ -0,0 +1,787 @@ +/* + * Copyright (c) 2019 Google LLC + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include + +#include "authfd.h" +#include "authfile.h" +#include "log.h" +#include "misc.h" +#include "sshbuf.h" +#include "sshsig.h" +#include "ssherr.h" +#include "sshkey.h" +#include "match.h" +#include "digest.h" + +#define SIG_VERSION 0x01 +#define MAGIC_PREAMBLE "SSHSIG" +#define MAGIC_PREAMBLE_LEN (sizeof(MAGIC_PREAMBLE) - 1) +#define BEGIN_SIGNATURE "-----BEGIN SSH SIGNATURE-----\n" +#define END_SIGNATURE "-----END SSH SIGNATURE-----" +#define RSA_SIGN_ALG "rsa-sha2-512" /* XXX maybe make configurable */ +#define RSA_SIGN_ALLOWED "rsa-sha2-512,rsa-sha2-256" +#define HASHALG_DEFAULT "sha512" /* XXX maybe make configurable */ +#define HASHALG_ALLOWED "sha256,sha512" + +int +sshsig_armor(const struct sshbuf *blob, struct sshbuf **out) +{ + struct sshbuf *buf = NULL; + int r = SSH_ERR_INTERNAL_ERROR; + + *out = NULL; + + if ((buf = sshbuf_new()) == NULL) { + error("%s: sshbuf_new failed", __func__); + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + + if ((r = sshbuf_put(buf, BEGIN_SIGNATURE, + sizeof(BEGIN_SIGNATURE)-1)) != 0) { + error("%s: sshbuf_putf failed: %s", __func__, ssh_err(r)); + goto out; + } + + if ((r = sshbuf_dtob64(blob, buf, 1)) != 0) { + error("%s: Couldn't base64 encode signature blob: %s", + __func__, ssh_err(r)); + goto out; + } + + if ((r = sshbuf_put(buf, END_SIGNATURE, + sizeof(END_SIGNATURE)-1)) != 0 || + (r = sshbuf_put_u8(buf, '\n')) != 0) { + error("%s: sshbuf_put failed: %s", __func__, ssh_err(r)); + goto out; + } + /* success */ + *out = buf; + buf = NULL; /* transferred */ + r = 0; + out: + sshbuf_free(buf); + return r; +} + +int +sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out) +{ + int r; + size_t eoffset = 0; + struct sshbuf *buf = NULL; + struct sshbuf *sbuf = NULL; + char *b64 = NULL; + + if ((sbuf = sshbuf_fromb(sig)) == NULL) { + error("%s: sshbuf_fromb failed", __func__); + return SSH_ERR_ALLOC_FAIL; + } + + if ((r = sshbuf_cmp(sbuf, 0, + BEGIN_SIGNATURE, sizeof(BEGIN_SIGNATURE)-1)) != 0) { + error("Couldn't parse signature: missing header"); + goto done; + } + + if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) { + error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r)); + goto done; + } + + if ((r = sshbuf_find(sbuf, 0, "\n" END_SIGNATURE, + sizeof("\n" END_SIGNATURE)-1, &eoffset)) != 0) { + error("Couldn't parse signature: missing footer"); + goto done; + } + + if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) { + error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r)); + goto done; + } + + if ((b64 = sshbuf_dup_string(sbuf)) == NULL) { + error("%s: sshbuf_dup_string failed", __func__); + r = SSH_ERR_ALLOC_FAIL; + goto done; + } + + if ((buf = sshbuf_new()) == NULL) { + error("%s: sshbuf_new() failed", __func__); + r = SSH_ERR_ALLOC_FAIL; + goto done; + } + + if ((r = sshbuf_b64tod(buf, b64)) != 0) { + error("Coundn't decode signature: %s", ssh_err(r)); + goto done; + } + + /* success */ + *out = buf; + r = 0; + buf = NULL; /* transferred */ +done: + sshbuf_free(buf); + sshbuf_free(sbuf); + free(b64); + return r; +} + +static int +sshsig_wrap_sign(struct sshkey *key, const char *hashalg, + const struct sshbuf *h_message, const char *sig_namespace, + struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) +{ + int r; + size_t slen = 0; + u_char *sig = NULL; + struct sshbuf *blob = NULL; + struct sshbuf *tosign = NULL; + const char *sign_alg = NULL; + + if ((tosign = sshbuf_new()) == NULL || + (blob = sshbuf_new()) == NULL) { + error("%s: sshbuf_new failed", __func__); + r = SSH_ERR_ALLOC_FAIL; + goto done; + } + + if ((r = sshbuf_put(tosign, MAGIC_PREAMBLE, MAGIC_PREAMBLE_LEN)) != 0 || + (r = sshbuf_put_cstring(tosign, sig_namespace)) != 0 || + (r = sshbuf_put_string(tosign, NULL, 0)) != 0 || /* reserved */ + (r = sshbuf_put_cstring(tosign, hashalg)) != 0 || + (r = sshbuf_putb(tosign, h_message)) != 0) { + error("Couldn't construct message to sign: %s", ssh_err(r)); + goto done; + } + + /* If using RSA keys then default to a good signature algorithm */ + if (sshkey_type_plain(key->type) == KEY_RSA) + sign_alg = RSA_SIGN_ALG; + + if (signer != NULL) { + if ((r = signer(key, &sig, &slen, + sshbuf_ptr(tosign), sshbuf_len(tosign), + sign_alg, 0, signer_ctx)) != 0) { + error("Couldn't sign message: %s", ssh_err(r)); + goto done; + } + } else { + if ((r = sshkey_sign(key, &sig, &slen, + sshbuf_ptr(tosign), sshbuf_len(tosign), + sign_alg, 0)) != 0) { + error("Couldn't sign message: %s", ssh_err(r)); + goto done; + } + } + + if ((r = sshbuf_put(blob, MAGIC_PREAMBLE, MAGIC_PREAMBLE_LEN)) != 0 || + (r = sshbuf_put_u32(blob, SIG_VERSION)) != 0 || + (r = sshkey_puts(key, blob)) != 0 || + (r = sshbuf_put_cstring(blob, sig_namespace)) != 0 || + (r = sshbuf_put_string(blob, NULL, 0)) != 0 || /* reserved */ + (r = sshbuf_put_cstring(blob, hashalg)) != 0 || + (r = sshbuf_put_string(blob, sig, slen)) != 0) { + error("Couldn't populate blob: %s", ssh_err(r)); + goto done; + } + + *out = blob; + blob = NULL; + r = 0; +done: + free(sig); + sshbuf_free(blob); + sshbuf_free(tosign); + return r; +} + +/* Check preamble and version. */ +static int +sshsig_parse_preamble(struct sshbuf *buf) +{ + int r = SSH_ERR_INTERNAL_ERROR; + uint32_t sversion; + + if ((r = sshbuf_cmp(buf, 0, MAGIC_PREAMBLE, MAGIC_PREAMBLE_LEN)) != 0 || + (r = sshbuf_consume(buf, (sizeof(MAGIC_PREAMBLE)-1))) != 0 || + (r = sshbuf_get_u32(buf, &sversion)) != 0) { + error("Couldn't verify signature: invalid format"); + return r; + } + + if (sversion < SIG_VERSION) { + error("Signature version %lu is larger than supported " + "version %u", (unsigned long)sversion, SIG_VERSION); + return SSH_ERR_INVALID_FORMAT; + } + return 0; +} + +static int +sshsig_check_hashalg(const char *hashalg) +{ + if (match_pattern_list(hashalg, HASHALG_ALLOWED, 0) == 1) + return 0; + error("%s: unsupported hash algorithm \"%.100s\"", __func__, hashalg); + return SSH_ERR_SIGN_ALG_UNSUPPORTED; +} + +static int +sshsig_peek_hashalg(struct sshbuf *signature, char **hashalgp) +{ + struct sshbuf *buf = NULL; + char *hashalg = NULL; + int r = SSH_ERR_INTERNAL_ERROR; + + if (hashalgp != NULL) + *hashalgp = NULL; + if ((buf = sshbuf_fromb(signature)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if ((r = sshsig_parse_preamble(buf)) != 0) + goto done; + if ((r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0 || + (r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0 || + (r = sshbuf_get_string(buf, NULL, NULL)) != 0 || + (r = sshbuf_get_cstring(buf, &hashalg, NULL)) != 0 || + (r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0) { + error("Couldn't parse signature blob: %s", ssh_err(r)); + goto done; + } + if ((r = sshsig_check_hashalg(hashalg)) != 0) + goto done; + + /* success */ + r = 0; + *hashalgp = hashalg; + hashalg = NULL; + done: + free(hashalg); + sshbuf_free(buf); + return r; +} + +static int +sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg, + const struct sshbuf *h_message, const char *expect_namespace, + struct sshkey **sign_keyp) +{ + int r = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *buf = NULL, *toverify = NULL; + struct sshkey *key = NULL; + const u_char *sig; + char *got_namespace = NULL, *sigtype = NULL, *sig_hashalg = NULL; + size_t siglen; + + if (sign_keyp != NULL) + *sign_keyp = NULL; + + if ((toverify = sshbuf_new()) == NULL) { + error("%s: sshbuf_new failed", __func__); + r = SSH_ERR_ALLOC_FAIL; + goto done; + } + if ((r = sshsig_check_hashalg(hashalg)) != 0) + goto done; + + if ((r = sshbuf_put(toverify, MAGIC_PREAMBLE, + MAGIC_PREAMBLE_LEN)) != 0 || + (r = sshbuf_put_cstring(toverify, expect_namespace)) != 0 || + (r = sshbuf_put_string(toverify, NULL, 0)) != 0 || /* reserved */ + (r = sshbuf_put_cstring(toverify, hashalg)) != 0 || + (r = sshbuf_putb(toverify, h_message)) != 0) { + error("Couldn't construct message to verify: %s", ssh_err(r)); + goto done; + } + + if ((r = sshsig_parse_preamble(signature)) != 0) + goto done; + + if ((r = sshkey_froms(signature, &key)) != 0 || + (r = sshbuf_get_cstring(signature, &got_namespace, NULL)) != 0 || + (r = sshbuf_get_string(signature, NULL, NULL)) != 0 || + (r = sshbuf_get_cstring(signature, &sig_hashalg, NULL)) != 0 || + (r = sshbuf_get_string_direct(signature, &sig, &siglen)) != 0) { + error("Couldn't parse signature blob: %s", ssh_err(r)); + goto done; + } + + if (sshbuf_len(signature) != 0) { + error("Signature contains trailing data"); + r = SSH_ERR_INVALID_FORMAT; + goto done; + } + + if (strcmp(expect_namespace, got_namespace) != 0) { + error("Couldn't verify signature: namespace does not match"); + debug("%s: expected namespace \"%s\" received \"%s\"", + __func__, expect_namespace, got_namespace); + r = SSH_ERR_SIGNATURE_INVALID; + goto done; + } + if (strcmp(hashalg, sig_hashalg) != 0) { + error("Couldn't verify signature: hash algorithm mismatch"); + debug("%s: expected algorithm \"%s\" received \"%s\"", + __func__, hashalg, sig_hashalg); + r = SSH_ERR_SIGNATURE_INVALID; + goto done; + } + /* Ensure that RSA keys use an acceptable signature algorithm */ + if (sshkey_type_plain(key->type) == KEY_RSA) { + if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) { + error("Couldn't verify signature: unable to get " + "signature type: %s", ssh_err(r)); + goto done; + } + if (match_pattern_list(sigtype, RSA_SIGN_ALLOWED, 0) != 1) { + error("Couldn't verify signature: unsupported RSA " + "signature algorithm %s", sigtype); + r = SSH_ERR_SIGN_ALG_UNSUPPORTED; + goto done; + } + } + if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify), + sshbuf_len(toverify), NULL, 0)) != 0) { + error("Signature verification failed: %s", ssh_err(r)); + goto done; + } + + /* success */ + r = 0; + if (sign_keyp != NULL) { + *sign_keyp = key; + key = NULL; /* transferred */ + } +done: + free(got_namespace); + free(sigtype); + free(sig_hashalg); + sshbuf_free(buf); + sshbuf_free(toverify); + sshkey_free(key); + return r; +} + +int +sshsig_sign_message(struct sshkey *key, const char *hashalg, + const struct sshbuf *message, const char *sig_namespace, + struct sshbuf **out, sshsig_signer *signer, void *signer_ctx) +{ + u_char hash[SSH_DIGEST_MAX_LENGTH]; + struct sshbuf *b = NULL; + int alg, r = SSH_ERR_INTERNAL_ERROR; + + if (out != NULL) + *out = NULL; + if (hashalg == NULL) + hashalg = HASHALG_DEFAULT; + + if ((r = sshsig_check_hashalg(hashalg)) != 0) + return r; + if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { + error("%s: can't look up hash algorithm %s", + __func__, HASHALG_DEFAULT); + return SSH_ERR_INTERNAL_ERROR; + } + if ((r = ssh_digest_buffer(alg, message, hash, sizeof(hash))) != 0) { + error("%s: ssh_digest_buffer failed: %s", __func__, ssh_err(r)); + return r; + } + if ((b = sshbuf_from(hash, ssh_digest_bytes(alg))) == NULL) { + error("%s: sshbuf_from failed", __func__); + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshsig_wrap_sign(key, hashalg, b, sig_namespace, out, + signer, signer_ctx)) != 0) + goto out; + /* success */ + r = 0; + out: + sshbuf_free(b); + explicit_bzero(hash, sizeof(hash)); + return r; +} + +int +sshsig_verify_message(struct sshbuf *signature, const struct sshbuf *message, + const char *expect_namespace, struct sshkey **sign_keyp) +{ + u_char hash[SSH_DIGEST_MAX_LENGTH]; + struct sshbuf *b = NULL; + int alg, r = SSH_ERR_INTERNAL_ERROR; + char *hashalg = NULL; + + if (sign_keyp != NULL) + *sign_keyp = NULL; + + if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) + return r; + if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { + error("%s: can't look up hash algorithm %s", + __func__, HASHALG_DEFAULT); + return SSH_ERR_INTERNAL_ERROR; + } + if ((r = ssh_digest_buffer(alg, message, hash, sizeof(hash))) != 0) { + error("%s: ssh_digest_buffer failed: %s", __func__, ssh_err(r)); + goto out; + } + if ((b = sshbuf_from(hash, ssh_digest_bytes(alg))) == NULL) { + error("%s: sshbuf_from failed", __func__); + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, + sign_keyp)) != 0) + goto out; + /* success */ + r = 0; + out: + sshbuf_free(b); + free(hashalg); + explicit_bzero(hash, sizeof(hash)); + return r; +} + +static int +hash_file(int fd, int hashalg, u_char *hash, size_t hashlen) +{ + char *hex, rbuf[8192]; + ssize_t n, total = 0; + struct ssh_digest_ctx *ctx; + int r, oerrno; + + memset(hash, 0, hashlen); + if ((ctx = ssh_digest_start(hashalg)) == NULL) { + error("%s: ssh_digest_start failed", __func__); + return SSH_ERR_INTERNAL_ERROR; + } + for (;;) { + if ((n = read(fd, rbuf, sizeof(rbuf))) == -1) { + if (errno == EINTR || errno == EAGAIN) + continue; + oerrno = errno; + error("%s: read: %s", __func__, strerror(errno)); + ssh_digest_free(ctx); + errno = oerrno; + return SSH_ERR_SYSTEM_ERROR; + } else if (n == 0) { + debug2("%s: hashed %zu bytes", __func__, total); + break; /* EOF */ + } + total += (size_t)n; + if ((r = ssh_digest_update(ctx, rbuf, (size_t)n)) != 0) { + error("%s: ssh_digest_update: %s", + __func__, ssh_err(r)); + ssh_digest_free(ctx); + return r; + } + } + if ((r = ssh_digest_final(ctx, hash, hashlen)) != 0) { + error("%s: ssh_digest_final: %s", __func__, ssh_err(r)); + ssh_digest_free(ctx); + } + if ((hex = tohex(hash, hashlen)) != NULL) { + debug3("%s: final hash: %s", __func__, hex); + freezero(hex, strlen(hex)); + } + /* success */ + ssh_digest_free(ctx); + return 0; +} + +int +sshsig_sign_fd(struct sshkey *key, const char *hashalg, + int fd, const char *sig_namespace, struct sshbuf **out, + sshsig_signer *signer, void *signer_ctx) +{ + u_char hash[SSH_DIGEST_MAX_LENGTH]; + struct sshbuf *b = NULL; + int alg, r = SSH_ERR_INTERNAL_ERROR; + + if (out != NULL) + *out = NULL; + if (hashalg == NULL) + hashalg = HASHALG_DEFAULT; + + if ((r = sshsig_check_hashalg(hashalg)) != 0) + return r; + if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { + error("%s: can't look up hash algorithm %s", + __func__, HASHALG_DEFAULT); + return SSH_ERR_INTERNAL_ERROR; + } + if ((r = hash_file(fd, alg, hash, sizeof(hash))) != 0) { + error("%s: hash_file failed: %s", __func__, ssh_err(r)); + return r; + } + if ((b = sshbuf_from(hash, ssh_digest_bytes(alg))) == NULL) { + error("%s: sshbuf_from failed", __func__); + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshsig_wrap_sign(key, hashalg, b, sig_namespace, out, + signer, signer_ctx)) != 0) + goto out; + /* success */ + r = 0; + out: + sshbuf_free(b); + explicit_bzero(hash, sizeof(hash)); + return r; +} + +int +sshsig_verify_fd(struct sshbuf *signature, int fd, + const char *expect_namespace, struct sshkey **sign_keyp) +{ + u_char hash[SSH_DIGEST_MAX_LENGTH]; + struct sshbuf *b = NULL; + int alg, r = SSH_ERR_INTERNAL_ERROR; + char *hashalg = NULL; + + if (sign_keyp != NULL) + *sign_keyp = NULL; + + if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0) + return r; + if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) { + error("%s: can't look up hash algorithm %s", + __func__, HASHALG_DEFAULT); + return SSH_ERR_INTERNAL_ERROR; + } + if ((r = hash_file(fd, alg, hash, sizeof(hash))) != 0) { + error("%s: hash_file failed: %s", __func__, ssh_err(r)); + return r; + } + if ((b = sshbuf_from(hash, ssh_digest_bytes(alg))) == NULL) { + error("%s: sshbuf_from failed", __func__); + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace, + sign_keyp)) != 0) + goto out; + /* success */ + r = 0; + out: + sshbuf_free(b); + free(hashalg); + explicit_bzero(hash, sizeof(hash)); + return r; +} + +struct sigopts { + int ca; + char *namespaces; +}; + +static struct sigopts * +sigopts_parse(const char *opts, const char *path, u_long linenum, + const char **errstrp) +{ + struct sigopts *ret; + int r; + const char *errstr = NULL; + + if ((ret = calloc(1, sizeof(*ret))) == NULL) + return NULL; + if (opts == NULL || *opts == '\0') + return ret; /* Empty options yields empty options :) */ + + while (*opts && *opts != ' ' && *opts != '\t') { + /* flag options */ + if ((r = opt_flag("cert-authority", 0, &opts)) != -1) { + ret->ca = 1; + } else if (opt_match(&opts, "namespaces")) { + if (ret->namespaces != NULL) { + errstr = "multiple \"namespaces\" clauses"; + goto fail; + } + ret->namespaces = opt_dequote(&opts, &errstr); + if (ret->namespaces == NULL) + goto fail; + } + /* + * Skip the comma, and move to the next option + * (or break out if there are no more). + */ + if (*opts == '\0' || *opts == ' ' || *opts == '\t') + break; /* End of options. */ + /* Anything other than a comma is an unknown option */ + if (*opts != ',') { + errstr = "unknown key option"; + goto fail; + } + opts++; + if (*opts == '\0') { + errstr = "unexpected end-of-options"; + goto fail; + } + } + /* success */ + return ret; + fail: + if (errstrp != NULL) + *errstrp = errstr; + free(ret); + return NULL; +} + +static void +sigopts_free(struct sigopts *opts) +{ + if (opts == NULL) + return; + free(opts->namespaces); + free(opts); +} + +static int +check_allowed_keys_line(const char *path, u_long linenum, char *line, + const struct sshkey *sign_key, const char *principal, + const char *sig_namespace) +{ + struct sshkey *found_key = NULL; + char *cp, *opts = NULL, *identities = NULL; + int r, found = 0; + const char *reason = NULL; + struct sigopts *sigopts = NULL; + + if ((found_key = sshkey_new(KEY_UNSPEC)) == NULL) { + error("%s: sshkey_new failed", __func__); + return SSH_ERR_ALLOC_FAIL; + } + + /* format: identity[,identity...] [option[,option...]] key */ + cp = line; + cp = cp + strspn(cp, " \t"); /* skip leading whitespace */ + if (*cp == '#' || *cp == '\0') + goto done; + if ((identities = strdelimw(&cp)) == NULL) { + error("%s:%lu: invalid line", path, linenum); + goto done; + } + if (match_pattern_list(principal, identities, 0) != 1) { + /* principal didn't match */ + goto done; + } + debug("%s: %s:%lu: matched principal \"%s\"", + __func__, path, linenum, principal); + + if (sshkey_read(found_key, &cp) != 0) { + /* no key? Check for options */ + opts = cp; + if (sshkey_advance_past_options(&cp) != 0) { + error("%s:%lu: invalid options", + path, linenum); + goto done; + } + *cp++ = '\0'; + skip_space(&cp); + if (sshkey_read(found_key, &cp) != 0) { + error("%s:%lu: invalid key", path, + linenum); + goto done; + } + } + debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts); + if ((sigopts = sigopts_parse(opts, path, linenum, &reason)) == NULL) { + error("%s:%lu: bad options: %s", path, linenum, reason); + goto done; + } + + /* Check whether options preclude the use of this key */ + if (sigopts->namespaces != NULL && + match_pattern_list(sig_namespace, sigopts->namespaces, 0) != 1) { + error("%s:%lu: key is not permitted for use in signature " + "namespace \"%s\"", path, linenum, sig_namespace); + goto done; + } + + if (!sigopts->ca && sshkey_equal(found_key, sign_key)) { + /* Exact match of key */ + debug("%s:%lu: matched key and principal", path, linenum); + /* success */ + found = 1; + } else if (sigopts->ca && sshkey_is_cert(sign_key) && + sshkey_equal_public(sign_key->cert->signature_key, found_key)) { + /* Match of certificate's CA key */ + if ((r = sshkey_cert_check_authority(sign_key, 0, 1, + principal, &reason)) != 0) { + error("%s:%lu: certificate not authorized: %s", + path, linenum, reason); + goto done; + } + debug("%s:%lu: matched certificate CA key", path, linenum); + /* success */ + found = 1; + } else { + /* Principal matched but key didn't */ + goto done; + } + done: + sshkey_free(found_key); + sigopts_free(sigopts); + return found ? 0 : SSH_ERR_KEY_NOT_FOUND; +} + +int +sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key, + const char *principal, const char *sig_namespace) +{ + FILE *f = NULL; + char *line = NULL; + size_t linesize = 0; + u_long linenum = 0; + int r, oerrno; + + /* Check key and principal against file */ + if ((f = fopen(path, "r")) == NULL) { + oerrno = errno; + error("Unable to open allowed keys file \"%s\": %s", + path, strerror(errno)); + errno = oerrno; + return SSH_ERR_SYSTEM_ERROR; + } + + while (getline(&line, &linesize, f) != -1) { + linenum++; + r = check_allowed_keys_line(path, linenum, line, sign_key, + principal, sig_namespace); + if (r == SSH_ERR_KEY_NOT_FOUND) + continue; + else if (r == 0) { + /* success */ + fclose(f); + free(line); + return 0; + /* XXX continue and check revocation? */ + } else + break; + } + /* Either we hit an error parsing or we simply didn't find the key */ + fclose(f); + free(line); + return r == 0 ? SSH_ERR_KEY_NOT_FOUND : r; +} -- cgit v1.2.1