Attachment #3104 for bug #2799

Lines 143-149 userauth_hostbased(struct ssh *ssh) Link Here

(-)a/auth2-hostbased.c (-1 / +1 lines)
143	authenticated = 0;	143	authenticated = 0;
144	if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&	144	if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
145	PRIVSEP(sshkey_verify(key, sig, slen,	145	PRIVSEP(sshkey_verify(key, sig, slen,
146	sshbuf_ptr(b), sshbuf_len(b), ssh->compat)) == 0)	146	sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0)
147	authenticated = 1;	147	authenticated = 1;
148		148
149	auth2_record_key(authctxt, authenticated, key);	149	auth2_record_key(authctxt, authenticated, key);

Lines 195-201 userauth_pubkey(struct ssh *ssh) Link Here

(-)a/auth2-pubkey.c (-1 / +1 lines)
195	authenticated = 0;	195	authenticated = 0;
196	if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&	196	if (PRIVSEP(user_key_allowed(authctxt->pw, key, 1)) &&
197	PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b),	197	PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b),
198	sshbuf_len(b), ssh->compat)) == 0) {	198	sshbuf_len(b), pkalg, ssh->compat)) == 0) {
199	authenticated = 1;	199	authenticated = 1;
200	}	200	}
201	sshbuf_free(b);	201	sshbuf_free(b);

Lines 1919-1925 client_global_hostkeys_private_confirm(struct ssh *ssh, int type, Link Here

(-)a/clientloop.c (-1 / +2 lines)
1919	goto out;	1919	goto out;
1920	}	1920	}
1921	if ((r = sshkey_verify(ctx->keys[i], sig, siglen,	1921	if ((r = sshkey_verify(ctx->keys[i], sig, siglen,
1922	sshbuf_ptr(signdata), sshbuf_len(signdata), 0)) != 0) {	1922	sshbuf_ptr(signdata), sshbuf_len(signdata),
		1923	ssh->kex->hostkey_alg, 0)) != 0) {
1923	error("%s: server gave bad signature for %s key %zu",	1924	error("%s: server gave bad signature for %s key %zu",
1924	__func__, sshkey_type(ctx->keys[i]), i);	1925	__func__, sshkey_type(ctx->keys[i]), i);
1925	goto out;	1926	goto out;

Lines 139-145 input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh) Link Here

(-)a/kexc25519c.c (-1 / +1 lines)
139	goto out;	139	goto out;
140		140
141	if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,	141	if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
142	ssh->compat)) != 0)	142	kex->hostkey_alg, ssh->compat)) != 0)
143	goto out;	143	goto out;
144		144
145	/* save session id */	145	/* save session id */

Lines 178-184 input_kex_dh(int type, u_int32_t seq, struct ssh *ssh) Link Here

(-)a/kexdhc.c (-1 / +1 lines)
178	goto out;	178	goto out;
179		179
180	if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,	180	if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
181	ssh->compat)) != 0)	181	kex->hostkey_alg, ssh->compat)) != 0)
182	goto out;	182	goto out;
183		183
184	/* save session id */	184	/* save session id */

Lines 184-190 input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh) Link Here

(-)a/kexecdhc.c (-1 / +1 lines)
184	goto out;	184	goto out;
185		185
186	if ((r = sshkey_verify(server_host_key, signature, slen, hash,	186	if ((r = sshkey_verify(server_host_key, signature, slen, hash,
187	hashlen, ssh->compat)) != 0)	187	hashlen, kex->hostkey_alg, ssh->compat)) != 0)
188	goto out;	188	goto out;
189		189
190	/* save session id */	190	/* save session id */

Lines 225-231 input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh) Link Here

(-)a/kexgexc.c (-1 / +1 lines)
225	goto out;	225	goto out;
226		226
227	if ((r = sshkey_verify(server_host_key, signature, slen, hash,	227	if ((r = sshkey_verify(server_host_key, signature, slen, hash,
228	hashlen, ssh->compat)) != 0)	228	hashlen, kex->hostkey_alg, ssh->compat)) != 0)
229	goto out;	229	goto out;
230		230
231	/* save session id */	231	/* save session id */




	return 0;
}

int
key_verify(const Key *key, const u_char *signature, u_int signaturelen,
    const u_char *data, u_int datalen)
{
	int r;

	if ((r = sshkey_verify(key, signature, signaturelen,
	    data, datalen, datafellows)) != 0) {
		fatal_on_fatal_errors(r, __func__, 0);
		error("%s: %s", __func__, ssh_err(r));
		return r == SSH_ERR_SIGNATURE_INVALID ? 0 : -1;
	}
	return 1;
}

Key *
key_demote(const Key *k)
{

Lines 58-64 int key_to_blob(const Key , u_char , u_int ); Link Here

(-)a/key.h (-1 lines)
58		58
59	int key_sign(const Key , u_char , u_int , const u_char *, u_int,	59	int key_sign(const Key , u_char , u_int , const u_char *, u_int,
60	const char *);	60	const char *);
61	int key_verify(const Key , const u_char , u_int, const u_char *, u_int);
62		61
63	/* authfile.c */	62	/* authfile.c */
64	Key key_load_cert(const char );	63	Key key_load_cert(const char );

Lines 1012-1018 ssh_krl_from_blob(struct sshbuf buf, struct ssh_krl *krlp, Link Here

(-)a/krl.c (-1 / +1 lines)
1012	}	1012	}
1013	/* Check signature over entire KRL up to this point */	1013	/* Check signature over entire KRL up to this point */
1014	if ((r = sshkey_verify(key, blob, blen,	1014	if ((r = sshkey_verify(key, blob, blen,
1015	sshbuf_ptr(buf), sig_off, 0)) != 0)	1015	sshbuf_ptr(buf), sig_off, NULL, 0)) != 0)
1016	goto out;	1016	goto out;
1017	/* Check if this key has already signed this KRL */	1017	/* Check if this key has already signed this KRL */
1018	for (i = 0; i < nca_used; i++) {	1018	for (i = 0; i < nca_used; i++) {




{
	struct sshkey *key;
	u_char *signature, *data, *blob;
	char *sigalg;
	size_t signaturelen, datalen, bloblen;
	int r, ret, valid_data = 0, encoded_ret;

	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
	    (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
	    (r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
	    (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
		fatal("%s: buffer error: %s", __func__, ssh_err(r));

	if (hostbased_cuser == NULL || hostbased_chost == NULL ||

		fatal("%s: bad signature data blob", __func__);

	ret = sshkey_verify(key, signature, signaturelen, data, datalen,
	    sigalg, active_state->compat);
	debug3("%s: %s %p signature %s", __func__, auth_method, key,
	    (ret == 0) ? "verified" : "unverified");
	auth2_record_key(authctxt, ret == 0, key);

Lines 423-429 mm_key_allowed(enum mm_keytype type, const char user, const char host, Link Here

(-)a/monitor_wrap.c (-1 / +2 lines)
423		423
424	int	424	int
425	mm_sshkey_verify(const struct sshkey key, const u_char sig, size_t siglen,	425	mm_sshkey_verify(const struct sshkey key, const u_char sig, size_t siglen,
426	const u_char *data, size_t datalen, u_int compat)	426	const u_char data, size_t datalen, const char sigalg, u_int compat)
427	{	427	{
428	Buffer m;	428	Buffer m;
429	u_char *blob;	429	u_char *blob;
Lines 440-445 mm_sshkey_verify(const struct sshkey key, const u_char sig, size_t siglen, Link Here
440	buffer_put_string(&m, blob, len);	440	buffer_put_string(&m, blob, len);
441	buffer_put_string(&m, sig, siglen);	441	buffer_put_string(&m, sig, siglen);
442	buffer_put_string(&m, data, datalen);	442	buffer_put_string(&m, data, datalen);
		443	buffer_put_cstring(&m, sigalg);
443	free(blob);	444	free(blob);
444		445
445	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);	446	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);

Lines 51-57 int mm_user_key_allowed(struct passwd , struct sshkey , int); Link Here

(-)a/monitor_wrap.h (-1 / +1 lines)
51	int mm_hostbased_key_allowed(struct passwd , const char ,	51	int mm_hostbased_key_allowed(struct passwd , const char ,
52	const char , struct sshkey );	52	const char , struct sshkey );
53	int mm_sshkey_verify(const struct sshkey , const u_char , size_t,	53	int mm_sshkey_verify(const struct sshkey , const u_char , size_t,
54	const u_char *, size_t, u_int);	54	const u_char , size_t, const char , u_int);
55		55
56	#ifdef GSSAPI	56	#ifdef GSSAPI
57	OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);	57	OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);

Lines 702-708 server_input_hostkeys_prove(struct ssh ssh, struct sshbuf *respp) Link Here

(-)a/serverloop.c (-1 / +2 lines)
702	ssh->kex->session_id, ssh->kex->session_id_len)) != 0 \|\|	702	ssh->kex->session_id, ssh->kex->session_id_len)) != 0 \|\|
703	(r = sshkey_puts(key, sigbuf)) != 0 \|\|	703	(r = sshkey_puts(key, sigbuf)) != 0 \|\|
704	(r = ssh->kex->sign(key_prv, key_pub, &sig, &slen,	704	(r = ssh->kex->sign(key_prv, key_pub, &sig, &slen,
705	sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), NULL, 0)) != 0 \|\|	705	sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),
		706	ssh->kex->hostkey_alg, 0)) != 0 \|\|
706	(r = sshbuf_put_string(resp, sig, slen)) != 0) {	707	(r = sshbuf_put_string(resp, sig, slen)) != 0) {
707	error("%s: couldn't prepare signature: %s",	708	error("%s: couldn't prepare signature: %s",
708	__func__, ssh_err(r));	709	__func__, ssh_err(r));

Lines 529-535 do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) Link Here

(-)a/ssh-keygen.c (-1 / +1 lines)
529		529
530	/* try the key */	530	/* try the key */
531	if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 \|\|	531	if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 \|\|
532	sshkey_verify(key, sig, slen, data, sizeof(data), 0) != 0) {	532	sshkey_verify(key, sig, slen, data, sizeof(data), NULL, 0) != 0) {
533	sshkey_free(key);	533	sshkey_free(key);
534	free(sig);	534	free(sig);
535	return NULL;	535	return NULL;





int
ssh_rsa_verify(const struct sshkey *key,
    const u_char *sig, size_t siglen, const u_char *data, size_t datalen,
    const char *alg)
{
	char *sigtype = NULL;
	int hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
	size_t len, diff, modlen, dlen;
	struct sshbuf *b = NULL;


	if ((b = sshbuf_from(sig, siglen)) == NULL)
		return SSH_ERR_ALLOC_FAIL;
	if (sshbuf_get_cstring(b, &sigtype, NULL) != 0) {
		ret = SSH_ERR_INVALID_FORMAT;
		goto out;
	}
	/* XXX djm: need cert types that reliably yield SHA-2 signatures */
	if (alg != NULL && strcmp(alg, sigtype) != 0 &&
	    strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) {
		ret = SSH_ERR_SIGNATURE_INVALID;
		goto out;
	}
	if ((hash_alg = rsa_hash_alg_from_ident(sigtype)) == -1) {
		ret = SSH_ERR_KEY_TYPE_MISMATCH;
		goto out;
	}

		explicit_bzero(sigblob, len);
		free(sigblob);
	}
	free(sigtype);
	sshbuf_free(b);
	explicit_bzero(digest, sizeof(digest));
	return ret;

Lines 1778-1784 cert_parse(struct sshbuf b, struct sshkey key, struct sshbuf *certbuf) Link Here

(-)a/sshkey.c (-3 / +6 lines)
1778	goto out;	1778	goto out;
1779	}	1779	}
1780	if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,	1780	if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
1781	sshbuf_ptr(key->cert->certblob), signed_len, 0)) != 0)	1781	sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0)
1782	goto out;	1782	goto out;
1783		1783
1784	/* Success */	1784	/* Success */
Lines 2067-2079 sshkey_sign(const struct sshkey *key, Link Here
2067	}	2067	}
2068	}	2068	}
2069		2069
		2070	#include "log.h"
		2071
2070	/*	2072	/*
2071	* ssh_key_verify returns 0 for a correct signature and < 0 on error.	2073	* ssh_key_verify returns 0 for a correct signature and < 0 on error.
		2074	* If "alg" specified, then the signature must use that algorithm.
2072	*/	2075	*/
2073	int	2076	int
2074	sshkey_verify(const struct sshkey *key,	2077	sshkey_verify(const struct sshkey *key,
2075	const u_char *sig, size_t siglen,	2078	const u_char *sig, size_t siglen,
2076	const u_char *data, size_t dlen, u_int compat)	2079	const u_char data, size_t dlen, const char alg, u_int compat)
2077	{	2080	{
2078	if (siglen == 0 \|\| dlen > SSH_KEY_MAX_SIGN_DATA_SIZE)	2081	if (siglen == 0 \|\| dlen > SSH_KEY_MAX_SIGN_DATA_SIZE)
2079	return SSH_ERR_INVALID_ARGUMENT;	2082	return SSH_ERR_INVALID_ARGUMENT;
Lines 2087-2093 sshkey_verify(const struct sshkey *key, Link Here
2087	return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat);	2090	return ssh_ecdsa_verify(key, sig, siglen, data, dlen, compat);
2088	case KEY_RSA_CERT:	2091	case KEY_RSA_CERT:
2089	case KEY_RSA:	2092	case KEY_RSA:
2090	return ssh_rsa_verify(key, sig, siglen, data, dlen);	2093	return ssh_rsa_verify(key, sig, siglen, data, dlen, alg);
2091	#endif /* WITH_OPENSSL */	2094	#endif /* WITH_OPENSSL */
2092	case KEY_ED25519:	2095	case KEY_ED25519:
2093	case KEY_ED25519_CERT:	2096	case KEY_ED25519_CERT:

Return to bug 2799

Lines 93-113 key_sign(const Key key, u_char sigp, u_int lenp, Link Here

(-)a/key.c (-15 lines)
93	return 0;	93	return 0;
94	}	94	}
95		95
96	int
97	key_verify(const Key key, const u_char signature, u_int signaturelen,
98	const u_char *data, u_int datalen)
99	{
100	int r;
101
102	if ((r = sshkey_verify(key, signature, signaturelen,
103	data, datalen, datafellows)) != 0) {
104	fatal_on_fatal_errors(r, __func__, 0);
105	error("%s: %s", __func__, ssh_err(r));
106	return r == SSH_ERR_SIGNATURE_INVALID ? 0 : -1;
107	}
108	return 1;
109	}
110
111	Key *	96	Key *
112	key_demote(const Key *k)	97	key_demote(const Key *k)
113	{	98	{

Lines 1048-1059 mm_answer_keyverify(int sock, struct sshbuf *m) Link Here

(-)a/monitor.c (-2 / +4 lines)
1048	{	1048	{
1049	struct sshkey *key;	1049	struct sshkey *key;
1050	u_char signature, data, *blob;	1050	u_char signature, data, *blob;
		1051	char *sigalg;
1051	size_t signaturelen, datalen, bloblen;	1052	size_t signaturelen, datalen, bloblen;
1052	int r, ret, valid_data = 0, encoded_ret;	1053	int r, ret, valid_data = 0, encoded_ret;
1053		1054
1054	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 \|\|	1055	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 \|\|
1055	(r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 \|\|	1056	(r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 \|\|
1056	(r = sshbuf_get_string(m, &data, &datalen)) != 0)	1057	(r = sshbuf_get_string(m, &data, &datalen)) != 0 \|\|
		1058	(r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
1057	fatal("%s: buffer error: %s", __func__, ssh_err(r));	1059	fatal("%s: buffer error: %s", __func__, ssh_err(r));
1058		1060
1059	if (hostbased_cuser == NULL \|\| hostbased_chost == NULL \|\|	1061	if (hostbased_cuser == NULL \|\| hostbased_chost == NULL \|\|
Lines 1082-1088 mm_answer_keyverify(int sock, struct sshbuf *m) Link Here
1082	fatal("%s: bad signature data blob", __func__);	1084	fatal("%s: bad signature data blob", __func__);
1083		1085
1084	ret = sshkey_verify(key, signature, signaturelen, data, datalen,	1086	ret = sshkey_verify(key, signature, signaturelen, data, datalen,
1085	active_state->compat);	1087	sigalg, active_state->compat);
1086	debug3("%s: %s %p signature %s", __func__, auth_method, key,	1088	debug3("%s: %s %p signature %s", __func__, auth_method, key,
1087	(ret == 0) ? "verified" : "unverified");	1089	(ret == 0) ? "verified" : "unverified");
1088	auth2_record_key(authctxt, ret == 0, key);	1090	auth2_record_key(authctxt, ret == 0, key);

Lines 193-201 ssh_rsa_sign(const struct sshkey key, u_char sigp, size_t lenp, Link Here

(-)a/ssh-rsa.c (-5 / +12 lines)
193		193
194	int	194	int
195	ssh_rsa_verify(const struct sshkey *key,	195	ssh_rsa_verify(const struct sshkey *key,
196	const u_char sig, size_t siglen, const u_char data, size_t datalen)	196	const u_char sig, size_t siglen, const u_char data, size_t datalen,
		197	const char *alg)
197	{	198	{
198	char *ktype = NULL;	199	char *sigtype = NULL;
199	int hash_alg, ret = SSH_ERR_INTERNAL_ERROR;	200	int hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
200	size_t len, diff, modlen, dlen;	201	size_t len, diff, modlen, dlen;
201	struct sshbuf *b = NULL;	202	struct sshbuf *b = NULL;
Lines 210-220 ssh_rsa_verify(const struct sshkey *key, Link Here
210		211
211	if ((b = sshbuf_from(sig, siglen)) == NULL)	212	if ((b = sshbuf_from(sig, siglen)) == NULL)
212	return SSH_ERR_ALLOC_FAIL;	213	return SSH_ERR_ALLOC_FAIL;
213	if (sshbuf_get_cstring(b, &ktype, NULL) != 0) {	214	if (sshbuf_get_cstring(b, &sigtype, NULL) != 0) {
214	ret = SSH_ERR_INVALID_FORMAT;	215	ret = SSH_ERR_INVALID_FORMAT;
215	goto out;	216	goto out;
216	}	217	}
217	if ((hash_alg = rsa_hash_alg_from_ident(ktype)) == -1) {	218	/* XXX djm: need cert types that reliably yield SHA-2 signatures */
		219	if (alg != NULL && strcmp(alg, sigtype) != 0 &&
		220	strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) {
		221	ret = SSH_ERR_SIGNATURE_INVALID;
		222	goto out;
		223	}
		224	if ((hash_alg = rsa_hash_alg_from_ident(sigtype)) == -1) {
218	ret = SSH_ERR_KEY_TYPE_MISMATCH;	225	ret = SSH_ERR_KEY_TYPE_MISMATCH;
219	goto out;	226	goto out;
220	}	227	}
Lines 258-264 ssh_rsa_verify(const struct sshkey *key, Link Here
258	explicit_bzero(sigblob, len);	265	explicit_bzero(sigblob, len);
259	free(sigblob);	266	free(sigblob);
260	}	267	}
261	free(ktype);	268	free(sigtype);
262	sshbuf_free(b);	269	sshbuf_free(b);
263	explicit_bzero(digest, sizeof(digest));	270	explicit_bzero(digest, sizeof(digest));
264	return ret;	271	return ret;

Lines 172-178 int sshkey_sigtype(const u_char , size_t, char *); Link Here

(-)a/sshkey.h (-2 / +3 lines)
172	int sshkey_sign(const struct sshkey , u_char , size_t ,	172	int sshkey_sign(const struct sshkey , u_char , size_t ,
173	const u_char , size_t, const char , u_int);	173	const u_char , size_t, const char , u_int);
174	int sshkey_verify(const struct sshkey , const u_char , size_t,	174	int sshkey_verify(const struct sshkey , const u_char , size_t,
175	const u_char *, size_t, u_int);	175	const u_char , size_t, const char , u_int);
176		176
177	/* for debug */	177	/* for debug */
178	void sshkey_dump_ec_point(const EC_GROUP , const EC_POINT );	178	void sshkey_dump_ec_point(const EC_GROUP , const EC_POINT );
Lines 199-205 int ssh_rsa_sign(const struct sshkey *key, Link Here
199	u_char *sigp, size_t lenp, const u_char *data, size_t datalen,	199	u_char *sigp, size_t lenp, const u_char *data, size_t datalen,
200	const char *ident);	200	const char *ident);
201	int ssh_rsa_verify(const struct sshkey *key,	201	int ssh_rsa_verify(const struct sshkey *key,
202	const u_char sig, size_t siglen, const u_char data, size_t datalen);	202	const u_char sig, size_t siglen, const u_char data, size_t datalen,
		203	const char *alg);
203	int ssh_dss_sign(const struct sshkey key, u_char sigp, size_t lenp,	204	int ssh_dss_sign(const struct sshkey key, u_char sigp, size_t lenp,
204	const u_char *data, size_t datalen, u_int compat);	205	const u_char *data, size_t datalen, u_int compat);
205	int ssh_dss_verify(const struct sshkey *key,	206	int ssh_dss_verify(const struct sshkey *key,