This is a preparation to store the raw signature for all algorithms in
the same place in ssh_signature.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This makes pki_do_sign() and pki_signature_verify() to receive the
original input instead of the pre-calculated hash. The hash is then
calculated internally.
The hash to be used inside the signature is decided earlier, when all
the information about the signature to be generated/verified is
available.
Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid().
The tests were modified to use pki_do_sign() instead of
pki_do_sign_hash().
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The goal here is to avoid errors due to fall through when
HAVE_OPENSSL_ECC is not defined.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Refactor pki_signature_to_blob() without behaviour changes.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The goal of this change is to make pki_signature_from_*_blob()
consistent.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Remove duplicate code previously used only in server side to generate
signatures. Currently the code used to generate the signature is the
same for both client and server.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Refactor ssh_srv_pki_do_sign_sessionid() without behaviour changes.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Added ECDSA key types to ssh_key_type_to_hash(). Refactor
ssh_pki_do_sign() without behaviour changes.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Upon SSH_OK, callers of `ssh_dh_keypair_set_keys` expect for ownership
of the `priv` and `pub` values to be transferred away and eventually
later managed by way of the `struct dh_ctx` at hand.
The mbedTLS and gcrypt builds transfer ownership of these values in
that way, but the libcrypto `ssh_dh_keypair_set_keys` is copying the
given values with `BN_dup`. This causes a memory leak that can be
seen with pkd and valgrind:
valgrind --leak-check=full \
./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_diffie_hellman_group16_sha512
Fix the leak by replacing the `BN_dup` with direct assignment.
Now the bignums will eventually be freed via `ssh_dh_cleanup`.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Ensure to free the `dh_ctx` member in `ssh_dh_cleanup` to match
the allocation in `ssh_dh_init_common`.
The before-and-after of this change can be observed with the pkd
tests and valgrind:
valgrind --leak-check=full \
./pkd_hello -i1 -t torture_pkd_openssh_dsa_rsa_diffie_hellman_group16_sha512
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix libssh server sending SSH_MSG_EXT_INFO messages upon rekey: clients
do not expect that message during rekey, and OpenSSH in particular will
log error messages along the lines of:
"kex protocol error: type 7 seq 15"
when the message is received during a rekey.
To fix, check against the session connected flag, which only transitions
to non-zero following the first successful authentication.
bf2c7128ab adds logic to resolve this
issue, but it turns out that checking the session_state to avoid
sending the message is insufficient, because that state is re-set
to SSH_SESSION_STATE_KEXINIT_RECEIVED during rekey.
The before-and-after effects of this change can be observed using the
pkd --rekey flag as so:
./pkd_hello -t torture_pkd_openssh_rsa_rsa_sha2_256 \
-i1 --rekey=16 -v -v -v 2>&1 |
grep -e 'KEY' -e 'EXT'
^ where before the change, multiple SSH_MSG_EXT_INFO send messages are
logged; after, there is only a single SSH_MSG_EXT_INFO logged once upon
the first initial key exchange.
Cross-reference: https://bugs.libssh.org/T121.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Fix a bug with server-side rekeying where the session state at hand
has been toggled to SSH_SESSION_STATE_AUTHENTICATED before performing
the packet send of the SSH2_MSG_USERAUTH_SUCCESS message.
Before this change, what can happen is that during the packet send,
the SSH2_MSG_USERAUTH_SUCCESS message can end up being queued due
to a small rekey data limit value. libssh server will then proceed
to attempt to send KEX-related rekeying messages to the client before
the client has received USERAUTH_SUCCESS. OpenSSH clients do not
expect to undergo rekeying before having been authenticated, and so
will exit with error when this happens.
The behavior before and after can be observed with the pkd test making
use of its new --rekey flag:
./pkd_hello -t torture_pkd_openssh_rsa_rsa_default -i1 --rekey=16 -v -v -v
A new CMake test entry is added for the above variation and can be run
with:
ARGS="-R pkd_hello_rekey" make test
Before the fix, the test will fail; after, the test succeeds while
performing rekeying once every 16 bytes.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Log an SSH_LOG_PACKET debug message when rekeying is necessary due to
the cipher max_blocks configuration.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Summary:
* Note that SSH_ERROR can be returned on error in `ssh_channel_get_exit_status`
and `ssh_channel_get_session`.
* Note the return codes for `channel_open` and `grow_window`; although these
are internal APIs, it's best to document their behavior.
* Replace `@returns` use with `@return`. While Doxygen supports the
former as a synonym for `@return`, it isn't documented in the manual
(and might not be supported by other downstream documentation tools).
Signed-off-by: Enji Cooper <yaneurabeya@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Test Plan: n/a
Reviewers: #libssh, asn
Differential Revision: https://bugs.libssh.org/D15
A number of places checked that the signature type matched the key type. We
losen these checks to, for example, allow an RSA signature with an RSA-cert
key.
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Previously, we were just storing the raw certificate in ssh_key->cert. With
this change, we parse out the nonce string at the beginning of the certificate.
This leaves us with the certificate's public key at the start of the buffer.
The existing public key parsing code can then parse this out into the key fieds
of the ssh_key.
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
As with RSA/DSS, support is still quite limited. This is mostly about adding
new ssh_keytypes_e values and updating sites that check keys' types.
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This type is imprecise. We often need the ecdsa_nid in addition to the key type
in order to do anything. We replace this singluar ECDSA type with one type per
curve.
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
In preparation for adding crypto-libraries specific backends.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
In preparation for deferring computation on DH secret material to
crypto library specific backends
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Rename and refactor how some variables are held in ssh_crypto_struct.
Refactor allocation of dh exchange public keys.
This is in preparation for switching the code to use openssl native DH
handling and allowed to better reason about the code and the overall API.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Only "Match All" is supported, if any other criterion is used, the block
is ignored and the options are not applied.
It is important to note that only a subset of the supported keywords are
allowed to be used inside a Match block, currently being "LogLevel" the
only supported keyword.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Apply the global bind configuration from the file pointed by
BIND_GLOBAL_CONFIG when a bind_new() is called.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This allows the global bind configuration file path to be set in
configuration time by defining the GLOBAL_BIND_CONFIG when calling
cmake. If no value is defined, the default path is set as
"/etc/ssh/libssh_server_config".
usage example:
$ cmake -DGLOBAL_BIND_CONFIG=/etc/my/custom/path ..
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This adds the SSH_BIND_OPTIONS_CONFIG_DIR which allows to set the
directory used to expand the escape character "%d" when passing a path
to ssh_bind_options_parse_file().
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The added API allows setting the options of a given bind context through
a configuration file. The default global configuration file
"/etc/ssh/libssh_server_config" is parsed before the provided
configuration file, if it hasn't been parsed yet.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Introduced the support to set options for a given ssh_bind through a
configuration file.
For options set more than once in a single file (or by files included in it
recursively) the first value set will be kept.
Differently from the session options configuration,
if an option previously set in one configuration file is redefined in a
later processed file, the latest will be kept.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This will allow the moved functions to be used in the server side
configuration parser implementation.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
