int
sshbuf_get(struct sshbuf *buf, void *v, size_t len)
{
const u_char *p = sshbuf_ptr(buf);
int r;
if ((r = sshbuf_consume(buf, len)) < 0)
return r;
if (v != NULL)
memcpy(v, p, len);
return 0;
}
int
sshbuf_get_u32(struct sshbuf *buf, u_int32_t *valp)
{
const u_char *p = sshbuf_ptr(buf);
int r;
if ((r = sshbuf_consume(buf, 4)) < 0)
return r;
if (valp != NULL)
*valp = PEEK_U32(p);
return 0;
}
int
sshbuf_get_u8(struct sshbuf *buf, u_char *valp)
{
const u_char *p = sshbuf_ptr(buf);
int r;
if ((r = sshbuf_consume(buf, 1)) < 0)
return r;
if (valp != NULL)
*valp = (u_int8_t)*p;
return 0;
}
static void
send_msg(struct sshbuf *m)
{
u_char buf[4];
size_t mlen = sshbuf_len(m);
int r;
POKE_U32(buf, mlen);
if (atomicio(vwrite, fd, buf, 4) != 4 ||
atomicio(vwrite, fd, (u_char *)sshbuf_ptr(m),
sshbuf_len(m)) != sshbuf_len(m))
error("write to helper failed");
if ((r = sshbuf_consume(m, mlen)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
}
/*
* Sends data from internal buffers to client program stdin.
*/
static void
process_output(struct ssh *ssh, fd_set *writeset)
{
struct termios tio;
const u_char *data;
u_int dlen;
int r, len;
/* Write buffered data to program stdin. */
if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
data = sshbuf_ptr(stdin_buffer);
dlen = sshbuf_len(stdin_buffer);
len = write(fdin, data, dlen);
if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
/* do nothing */
} else if (len <= 0) {
if (fdin != fdout)
close(fdin);
else
shutdown(fdin, SHUT_WR); /* We will no longer send. */
fdin = -1;
} else {
/* Successful write. */
if (fdin_is_tty && dlen >= 1 && data[0] != '\r' &&
tcgetattr(fdin, &tio) == 0 &&
!(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
/*
* Simulate echo to reduce the impact of
* traffic analysis
*/
ssh_packet_send_ignore(ssh, len);
if ((r = sshpkt_send(ssh)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
}
/* Consume the data from the buffer. */
if ((r = sshbuf_consume(stdin_buffer, len)) != 0)
fatal("%s: buffer error: %s", __func__,
ssh_err(r));
/* Update the count of bytes written to the program. */
stdin_bytes += len;
}
}
/* Send any buffered packet data to the client. */
if (FD_ISSET(connection_out, writeset))
ssh_packet_write_poll(ssh);
}
int
sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, size_t *lenp)
{
size_t len;
const u_char *p;
int r;
if ((r = sshbuf_peek_string_direct(buf, &p, &len)) < 0)
return r;
if (valp != 0)
*valp = p;
if (lenp != NULL)
*lenp = len;
if (sshbuf_consume(buf, len + 4) != 0) {
/* Shouldn't happen */
SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
SSHBUF_ABORT();
return SSH_ERR_INTERNAL_ERROR;
}
return 0;
}
/* parse buffer and return algorithm proposal */
int
kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp)
{
struct sshbuf *b = NULL;
u_char v;
u_int i;
char **proposal = NULL;
int r;
if ((proposal = calloc(PROPOSAL_MAX, sizeof(char *))) == NULL)
return SSH_ERR_ALLOC_FAIL;
if ((b = sshbuf_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((r = sshbuf_putb(b, raw)) != 0 ||
(r = sshbuf_consume(b, KEX_COOKIE_LEN)) != 0) /* skip cookie */
goto out;
/* extract kex init proposal strings */
for (i = 0; i < PROPOSAL_MAX; i++) {
if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0)
goto out;
debug2("kex_parse_kexinit: %s", proposal[i]);
}
/* first kex follows / reserved */
if ((r = sshbuf_get_u8(b, &v)) != 0 ||
(r = sshbuf_get_u32(b, &i)) != 0)
goto out;
if (first_kex_follows != NULL)
*first_kex_follows = i;
debug2("kex_parse_kexinit: first_kex_follows %d ", v);
debug2("kex_parse_kexinit: reserved %u ", i);
r = 0;
*propp = proposal;
out:
if (r != 0 && proposal != NULL)
kex_prop_free(proposal);
sshbuf_free(b);
return r;
}
int
sshbuf_froms(struct sshbuf *buf, struct sshbuf **bufp)
{
const u_char *p;
size_t len;
struct sshbuf *ret;
int r;
if (buf == NULL || bufp == NULL)
return SSH_ERR_INVALID_ARGUMENT;
*bufp = NULL;
if ((r = sshbuf_peek_string_direct(buf, &p, &len)) != 0)
return r;
if ((ret = sshbuf_from(p, len)) == NULL)
return SSH_ERR_ALLOC_FAIL;
if ((r = sshbuf_consume(buf, len + 4)) != 0 || /* Shouldn't happen */
(r = sshbuf_set_parent(ret, buf)) != 0) {
sshbuf_free(ret);
return r;
}
*bufp = ret;
return 0;
}
int
sftp_server_main(int argc, char **argv, struct passwd *user_pw)
{
fd_set *rset, *wset;
int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0;
ssize_t len, olen, set_size;
SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
char *cp, *homedir = NULL, buf[4*4096];
long mask;
extern char *optarg;
extern char *__progname;
ssh_malloc_init(); /* must be called before any mallocs */
__progname = ssh_get_progname(argv[0]);
log_init(__progname, log_level, log_facility, log_stderr);
pw = pwcopy(user_pw);
while (!skipargs && (ch = getopt(argc, argv,
"d:f:l:P:p:Q:u:cehR")) != -1) {
switch (ch) {
case 'Q':
if (strcasecmp(optarg, "requests") != 0) {
fprintf(stderr, "Invalid query type\n");
exit(1);
}
for (i = 0; handlers[i].handler != NULL; i++)
printf("%s\n", handlers[i].name);
for (i = 0; extended_handlers[i].handler != NULL; i++)
printf("%s\n", extended_handlers[i].name);
exit(0);
break;
case 'R':
readonly = 1;
break;
case 'c':
/*
* Ignore all arguments if we are invoked as a
* shell using "sftp-server -c command"
*/
skipargs = 1;
break;
case 'e':
log_stderr = 1;
break;
case 'l':
log_level = log_level_number(optarg);
if (log_level == SYSLOG_LEVEL_NOT_SET)
error("Invalid log level \"%s\"", optarg);
break;
case 'f':
log_facility = log_facility_number(optarg);
if (log_facility == SYSLOG_FACILITY_NOT_SET)
error("Invalid log facility \"%s\"", optarg);
break;
case 'd':
cp = tilde_expand_filename(optarg, user_pw->pw_uid);
homedir = percent_expand(cp, "d", user_pw->pw_dir,
"u", user_pw->pw_name, (char *)NULL);
free(cp);
break;
case 'p':
if (request_whitelist != NULL)
fatal("Permitted requests already set");
request_whitelist = xstrdup(optarg);
break;
case 'P':
if (request_blacklist != NULL)
fatal("Refused requests already set");
request_blacklist = xstrdup(optarg);
break;
case 'u':
errno = 0;
mask = strtol(optarg, &cp, 8);
if (mask < 0 || mask > 0777 || *cp != '\0' ||
cp == optarg || (mask == 0 && errno != 0))
fatal("Invalid umask \"%s\"", optarg);
(void)umask((mode_t)mask);
break;
case 'h':
default:
sftp_server_usage();
}
}
log_init(__progname, log_level, log_facility, log_stderr);
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
/*
* On Linux, we should try to avoid making /proc/self/{mem,maps}
* available to the user so that sftp access doesn't automatically
* imply arbitrary code execution access that will break
* restricted configurations.
*/
if (prctl(PR_SET_DUMPABLE, 0) != 0)
fatal("unable to make the process undumpable");
#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
/* Drop any fine-grained privileges we don't need */
platform_pledge_sftp_server();
if ((cp = getenv("SSH_CONNECTION")) != NULL) {
client_addr = xstrdup(cp);
if ((cp = strchr(client_addr, ' ')) == NULL) {
error("Malformed SSH_CONNECTION variable: \"%s\"",
getenv("SSH_CONNECTION"));
sftp_server_cleanup_exit(255);
}
*cp = '\0';
} else
client_addr = xstrdup("UNKNOWN");
logit("session opened for local user %s from [%s]",
pw->pw_name, client_addr);
in = STDIN_FILENO;
out = STDOUT_FILENO;
#ifdef HAVE_CYGWIN
setmode(in, O_BINARY);
setmode(out, O_BINARY);
#endif
max = 0;
if (in > max)
max = in;
if (out > max)
max = out;
if ((iqueue = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((oqueue = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
rset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask));
wset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask));
if (homedir != NULL) {
if (chdir(homedir) != 0) {
error("chdir to \"%s\" failed: %s", homedir,
strerror(errno));
}
}
set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
for (;;) {
memset(rset, 0, set_size);
memset(wset, 0, set_size);
/*
* Ensure that we can read a full buffer and handle
* the worst-case length packet it can generate,
* otherwise apply backpressure by stopping reads.
*/
if ((r = sshbuf_check_reserve(iqueue, sizeof(buf))) == 0 &&
(r = sshbuf_check_reserve(oqueue,
SFTP_MAX_MSG_LENGTH)) == 0)
FD_SET(in, rset);
else if (r != SSH_ERR_NO_BUFFER_SPACE)
fatal("%s: sshbuf_check_reserve failed: %s",
__func__, ssh_err(r));
olen = sshbuf_len(oqueue);
if (olen > 0)
FD_SET(out, wset);
if (select(max+1, rset, wset, NULL, NULL) < 0) {
if (errno == EINTR)
continue;
error("select: %s", strerror(errno));
sftp_server_cleanup_exit(2);
}
/* copy stdin to iqueue */
if (FD_ISSET(in, rset)) {
len = read(in, buf, sizeof buf);
if (len == 0) {
debug("read eof");
sftp_server_cleanup_exit(0);
} else if (len < 0) {
error("read: %s", strerror(errno));
sftp_server_cleanup_exit(1);
} else if ((r = sshbuf_put(iqueue, buf, len)) != 0) {
fatal("%s: buffer error: %s",
__func__, ssh_err(r));
}
}
/* send oqueue to stdout */
if (FD_ISSET(out, wset)) {
len = write(out, sshbuf_ptr(oqueue), olen);
if (len < 0) {
error("write: %s", strerror(errno));
sftp_server_cleanup_exit(1);
} else if ((r = sshbuf_consume(oqueue, len)) != 0) {
fatal("%s: buffer error: %s",
__func__, ssh_err(r));
}
}
/*
* Process requests from client if we can fit the results
* into the output buffer, otherwise stop processing input
* and let the output queue drain.
*/
r = sshbuf_check_reserve(oqueue, SFTP_MAX_MSG_LENGTH);
if (r == 0)
process();
else if (r != SSH_ERR_NO_BUFFER_SPACE)
fatal("%s: sshbuf_check_reserve: %s",
__func__, ssh_err(r));
}
}
static void
process(void)
{
u_int msg_len;
u_int buf_len;
u_int consumed;
u_char type;
const u_char *cp;
int i, r;
u_int32_t id;
buf_len = sshbuf_len(iqueue);
if (buf_len < 5)
return; /* Incomplete message. */
cp = sshbuf_ptr(iqueue);
msg_len = get_u32(cp);
if (msg_len > SFTP_MAX_MSG_LENGTH) {
error("bad message from %s local user %s",
client_addr, pw->pw_name);
sftp_server_cleanup_exit(11);
}
if (buf_len < msg_len + 4)
return;
if ((r = sshbuf_consume(iqueue, 4)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
buf_len -= 4;
if ((r = sshbuf_get_u8(iqueue, &type)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
switch (type) {
case SSH2_FXP_INIT:
process_init();
init_done = 1;
break;
case SSH2_FXP_EXTENDED:
if (!init_done)
fatal("Received extended request before init");
if ((r = sshbuf_get_u32(iqueue, &id)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
process_extended(id);
break;
default:
if (!init_done)
fatal("Received %u request before init", type);
if ((r = sshbuf_get_u32(iqueue, &id)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
for (i = 0; handlers[i].handler != NULL; i++) {
if (type == handlers[i].type) {
if (!request_permitted(&handlers[i])) {
send_status(id,
SSH2_FX_PERMISSION_DENIED);
} else {
handlers[i].handler(id);
}
break;
}
}
if (handlers[i].handler == NULL)
error("Unknown message %u", type);
}
/* discard the remaining bytes from the current packet */
if (buf_len < sshbuf_len(iqueue)) {
error("iqueue grew unexpectedly");
sftp_server_cleanup_exit(255);
}
consumed = buf_len - sshbuf_len(iqueue);
if (msg_len < consumed) {
error("msg_len %u < consumed %u", msg_len, consumed);
sftp_server_cleanup_exit(255);
}
if (msg_len > consumed &&
(r = sshbuf_consume(iqueue, msg_len - consumed)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
}
void
sshbuf_tests(void)
{
struct sshbuf *p1;
const u_char *cdp;
u_char *dp;
size_t sz;
int r;
TEST_START("allocate sshbuf");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
TEST_DONE();
TEST_START("max size on fresh buffer");
ASSERT_SIZE_T_GT(sshbuf_max_size(p1), 0);
TEST_DONE();
TEST_START("available on fresh buffer");
ASSERT_SIZE_T_GT(sshbuf_avail(p1), 0);
TEST_DONE();
TEST_START("len = 0 on empty buffer");
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 0);
TEST_DONE();
TEST_START("set valid max size");
ASSERT_INT_EQ(sshbuf_set_max_size(p1, 65536), 0);
ASSERT_SIZE_T_EQ(sshbuf_max_size(p1), 65536);
TEST_DONE();
TEST_START("available on limited buffer");
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), 65536);
TEST_DONE();
TEST_START("free");
sshbuf_free(p1);
TEST_DONE();
TEST_START("consume on empty buffer");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_consume(p1, 0), 0);
ASSERT_INT_EQ(sshbuf_consume(p1, 1), SSH_ERR_MESSAGE_INCOMPLETE);
sshbuf_free(p1);
TEST_DONE();
TEST_START("consume_end on empty buffer");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_consume_end(p1, 0), 0);
ASSERT_INT_EQ(sshbuf_consume_end(p1, 1), SSH_ERR_MESSAGE_INCOMPLETE);
sshbuf_free(p1);
TEST_DONE();
TEST_START("reserve space");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
r = sshbuf_reserve(p1, 1, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
*dp = 0x11;
r = sshbuf_reserve(p1, 3, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
*dp++ = 0x22;
*dp++ = 0x33;
*dp++ = 0x44;
TEST_DONE();
TEST_START("sshbuf_len on filled buffer");
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
TEST_DONE();
TEST_START("sshbuf_ptr on filled buffer");
cdp = sshbuf_ptr(p1);
ASSERT_PTR_NE(cdp, NULL);
ASSERT_U8_EQ(cdp[0], 0x11);
ASSERT_U8_EQ(cdp[1], 0x22);
ASSERT_U8_EQ(cdp[2], 0x33);
ASSERT_U8_EQ(cdp[3], 0x44);
TEST_DONE();
TEST_START("consume on filled buffer");
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
ASSERT_INT_EQ(sshbuf_consume(p1, 0), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
r = sshbuf_consume(p1, 64);
ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
ASSERT_INT_EQ(sshbuf_consume(p1, 1), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 3);
cdp = sshbuf_ptr(p1);
ASSERT_PTR_NE(p1, NULL);
ASSERT_U8_EQ(cdp[0], 0x22);
ASSERT_INT_EQ(sshbuf_consume(p1, 2), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1);
cdp = sshbuf_ptr(p1);
ASSERT_PTR_NE(p1, NULL);
ASSERT_U8_EQ(cdp[0], 0x44);
r = sshbuf_consume(p1, 2);
ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1);
ASSERT_INT_EQ(sshbuf_consume(p1, 1), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 0);
r = sshbuf_consume(p1, 1);
ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
sshbuf_free(p1);
TEST_DONE();
TEST_START("consume_end on filled buffer");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
r = sshbuf_reserve(p1, 4, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
*dp++ = 0x11;
*dp++ = 0x22;
*dp++ = 0x33;
*dp++ = 0x44;
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
r = sshbuf_consume_end(p1, 5);
ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4);
ASSERT_INT_EQ(sshbuf_consume_end(p1, 3), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1);
cdp = sshbuf_ptr(p1);
ASSERT_PTR_NE(cdp, NULL);
ASSERT_U8_EQ(*cdp, 0x11);
r = sshbuf_consume_end(p1, 2);
ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
ASSERT_INT_EQ(sshbuf_consume_end(p1, 1), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 0);
sshbuf_free(p1);
TEST_DONE();
TEST_START("fill limited buffer");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_set_max_size(p1, 1223), 0);
ASSERT_SIZE_T_EQ(sshbuf_max_size(p1), 1223);
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), 1223);
r = sshbuf_reserve(p1, 1223, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
memset(dp, 0xd7, 1223);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1223);
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), 0);
r = sshbuf_reserve(p1, 1, &dp);
ASSERT_INT_EQ(r, SSH_ERR_NO_BUFFER_SPACE);
ASSERT_PTR_EQ(dp, NULL);
TEST_DONE();
TEST_START("consume and force compaction");
ASSERT_INT_EQ(sshbuf_consume(p1, 223), 0);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1000);
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), 223);
r = sshbuf_reserve(p1, 224, &dp);
ASSERT_INT_EQ(r, SSH_ERR_NO_BUFFER_SPACE);
ASSERT_PTR_EQ(dp, NULL);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1000);
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), 223);
r = sshbuf_reserve(p1, 223, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
memset(dp, 0x7d, 223);
cdp = sshbuf_ptr(p1);
ASSERT_PTR_NE(cdp, NULL);
ASSERT_MEM_FILLED_EQ(cdp, 0xd7, 1000);
ASSERT_MEM_FILLED_EQ(cdp + 1000, 0x7d, 223);
TEST_DONE();
TEST_START("resize full buffer");
r = sshbuf_set_max_size(p1, 1000);
ASSERT_INT_EQ(r, SSH_ERR_NO_BUFFER_SPACE);
sz = roundup(1223 + SSHBUF_SIZE_INC * 3, SSHBUF_SIZE_INC);
ASSERT_INT_EQ(sshbuf_set_max_size(p1, sz), 0);
ASSERT_SIZE_T_EQ(sshbuf_max_size(p1), sz);
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), sz - 1223);
ASSERT_INT_EQ(sshbuf_len(p1), 1223);
TEST_DONE();
/* NB. uses sshbuf internals */
TEST_START("alloc chunking");
r = sshbuf_reserve(p1, 1, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
*dp = 0xff;
cdp = sshbuf_ptr(p1);
ASSERT_PTR_NE(cdp, NULL);
ASSERT_MEM_FILLED_EQ(cdp, 0xd7, 1000);
ASSERT_MEM_FILLED_EQ(cdp + 1000, 0x7d, 223);
ASSERT_MEM_FILLED_EQ(cdp + 1223, 0xff, 1);
ASSERT_SIZE_T_EQ(sshbuf_alloc(p1) % SSHBUF_SIZE_INC, 0);
sshbuf_free(p1);
TEST_DONE();
TEST_START("reset buffer");
p1 = sshbuf_new();
ASSERT_PTR_NE(p1, NULL);
ASSERT_INT_EQ(sshbuf_set_max_size(p1, 1223), 0);
ASSERT_SIZE_T_EQ(sshbuf_max_size(p1), 1223);
r = sshbuf_reserve(p1, 1223, &dp);
ASSERT_INT_EQ(r, 0);
ASSERT_PTR_NE(dp, NULL);
memset(dp, 0xd7, 1223);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 1223);
sshbuf_reset(p1);
ASSERT_SIZE_T_EQ(sshbuf_max_size(p1), 1223);
ASSERT_SIZE_T_EQ(sshbuf_len(p1), 0);
ASSERT_SIZE_T_EQ(sshbuf_avail(p1), 1223);
sshbuf_free(p1);
TEST_DONE();
}
static int
sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase,
struct sshkey **keyp, char **commentp)
{
int r;
u_int16_t check1, check2;
u_int8_t cipher_type;
struct sshbuf *decrypted = NULL, *copy = NULL;
u_char *cp;
char *comment = NULL;
struct sshcipher_ctx ciphercontext;
const struct sshcipher *cipher;
struct sshkey *prv = NULL;
*keyp = NULL;
if (commentp != NULL)
*commentp = NULL;
/* Check that it is at least big enough to contain the ID string. */
if (sshbuf_len(blob) < sizeof(authfile_id_string))
return SSH_ERR_INVALID_FORMAT;
/*
* Make sure it begins with the id string. Consume the id string
* from the buffer.
*/
if (memcmp(sshbuf_ptr(blob), authfile_id_string,
sizeof(authfile_id_string)) != 0)
return SSH_ERR_INVALID_FORMAT;
if ((prv = sshkey_new_private(KEY_RSA1)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((copy = sshbuf_fromb(blob)) == NULL ||
(decrypted = sshbuf_new()) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((r = sshbuf_consume(copy, sizeof(authfile_id_string))) != 0)
goto out;
/* Read cipher type. */
if ((r = sshbuf_get_u8(copy, &cipher_type)) != 0 ||
(r = sshbuf_get_u32(copy, NULL)) != 0) /* reserved */
goto out;
/* Read the public key and comment from the buffer. */
if ((r = sshbuf_get_u32(copy, NULL)) != 0 || /* key bits */
(r = sshbuf_get_bignum1(copy, prv->rsa->n)) != 0 ||
(r = sshbuf_get_bignum1(copy, prv->rsa->e)) != 0 ||
(r = sshbuf_get_cstring(copy, &comment, NULL)) != 0)
goto out;
/* Check that it is a supported cipher. */
cipher = cipher_by_number(cipher_type);
if (cipher == NULL) {
r = SSH_ERR_KEY_UNKNOWN_CIPHER;
goto out;
}
/* Initialize space for decrypted data. */
if ((r = sshbuf_reserve(decrypted, sshbuf_len(copy), &cp)) != 0)
goto out;
/* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
if ((r = cipher_set_key_string(&ciphercontext, cipher, passphrase,
CIPHER_DECRYPT)) != 0)
goto out;
if ((r = cipher_crypt(&ciphercontext, cp,
sshbuf_ptr(copy), sshbuf_len(copy), 0, 0)) != 0) {
cipher_cleanup(&ciphercontext);
goto out;
}
if ((r = cipher_cleanup(&ciphercontext)) != 0)
goto out;
if ((r = sshbuf_get_u16(decrypted, &check1)) != 0 ||
(r = sshbuf_get_u16(decrypted, &check2)) != 0)
goto out;
if (check1 != check2) {
r = SSH_ERR_KEY_WRONG_PASSPHRASE;
goto out;
}
/* Read the rest of the private key. */
if ((r = sshbuf_get_bignum1(decrypted, prv->rsa->d)) != 0 ||
(r = sshbuf_get_bignum1(decrypted, prv->rsa->iqmp)) != 0 ||
(r = sshbuf_get_bignum1(decrypted, prv->rsa->q)) != 0 ||
(r = sshbuf_get_bignum1(decrypted, prv->rsa->p)) != 0)
goto out;
/* calculate p-1 and q-1 */
if ((r = rsa_generate_additional_parameters(prv->rsa)) != 0)
goto out;
/* enable blinding */
if (RSA_blinding_on(prv->rsa, NULL) != 1) {
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
r = 0;
*keyp = prv;
prv = NULL;
if (commentp != NULL) {
*commentp = comment;
comment = NULL;
}
out:
bzero(&ciphercontext, sizeof(ciphercontext));
if (comment != NULL)
free(comment);
if (prv != NULL)
sshkey_free(prv);
if (copy != NULL)
sshbuf_free(copy);
if (decrypted != NULL)
sshbuf_free(decrypted);
return r;
}
int
sshkey_xmss_decrypt_state(const struct sshkey *k, struct sshbuf *encoded,
struct sshbuf **retp)
{
struct ssh_xmss_state *state = k->xmss_state;
struct sshbuf *copy = NULL, *decrypted = NULL;
struct sshcipher_ctx *ciphercontext = NULL;
const struct sshcipher *cipher = NULL;
u_char *key, *iv = NULL, *dp;
size_t keylen, ivlen, authlen, aadlen;
u_int blocksize, encrypted_len, index;
int r = SSH_ERR_INTERNAL_ERROR;
if (retp != NULL)
*retp = NULL;
if (state == NULL ||
state->enc_keyiv == NULL ||
state->enc_ciphername == NULL)
return SSH_ERR_INTERNAL_ERROR;
if ((cipher = cipher_by_name(state->enc_ciphername)) == NULL) {
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
blocksize = cipher_blocksize(cipher);
keylen = cipher_keylen(cipher);
ivlen = cipher_ivlen(cipher);
authlen = cipher_authlen(cipher);
if (state->enc_keyiv_len != keylen + ivlen) {
r = SSH_ERR_INTERNAL_ERROR;
goto out;
}
key = state->enc_keyiv;
if ((copy = sshbuf_fromb(encoded)) == NULL ||
(decrypted = sshbuf_new()) == NULL ||
(iv = malloc(ivlen)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
/* check magic */
if (sshbuf_len(encoded) < sizeof(XMSS_MAGIC) ||
memcmp(sshbuf_ptr(encoded), XMSS_MAGIC, sizeof(XMSS_MAGIC))) {
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
/* parse public portion */
if ((r = sshbuf_consume(encoded, sizeof(XMSS_MAGIC))) != 0 ||
(r = sshbuf_get_u32(encoded, &index)) != 0 ||
(r = sshbuf_get_u32(encoded, &encrypted_len)) != 0)
goto out;
/* check size of encrypted key blob */
if (encrypted_len < blocksize || (encrypted_len % blocksize) != 0) {
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
/* check that an appropriate amount of auth data is present */
if (sshbuf_len(encoded) < encrypted_len + authlen) {
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
aadlen = sshbuf_len(copy) - sshbuf_len(encoded);
/* replace first 4 bytes of IV with index to ensure uniqueness */
memcpy(iv, key + keylen, ivlen);
POKE_U32(iv, index);
/* decrypt private state of key */
if ((r = sshbuf_reserve(decrypted, aadlen + encrypted_len, &dp)) != 0 ||
(r = cipher_init(&ciphercontext, cipher, key, keylen,
iv, ivlen, 0)) != 0 ||
(r = cipher_crypt(ciphercontext, 0, dp, sshbuf_ptr(copy),
encrypted_len, aadlen, authlen)) != 0)
goto out;
/* there should be no trailing data */
if ((r = sshbuf_consume(encoded, encrypted_len + authlen)) != 0)
goto out;
if (sshbuf_len(encoded) != 0) {
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
/* remove AAD */
if ((r = sshbuf_consume(decrypted, aadlen)) != 0)
goto out;
/* XXX encrypted includes unchecked padding */
/* success */
r = 0;
if (retp != NULL) {
*retp = decrypted;
decrypted = NULL;
}
out:
cipher_free(ciphercontext);
sshbuf_free(copy);
sshbuf_free(decrypted);
free(iv);
return r;
}
static int
monitor_valid_userblob(u_char *data, u_int datalen)
{
struct sshbuf *b;
u_char *p, c;
const u_char *cp;
size_t len;
int r, fail = 0;
char *username, *methodname, *userstyle;
if ((b = sshbuf_from(data, datalen)) == NULL)
fatal("%s: sshbuf_from failed", __func__);
if (active_state->compat & SSH_OLD_SESSIONID) {
cp = sshbuf_ptr(b);
len = sshbuf_len(b);
if ((session_id2 == NULL) ||
(len < session_id2_len) ||
(timingsafe_bcmp(cp, session_id2, session_id2_len) != 0))
fail++;
if ((r = sshbuf_consume(b, session_id2_len)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
} else {
if ((r = sshbuf_get_string(b, &p, &len)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if ((session_id2 == NULL) ||
(len != session_id2_len) ||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
fail++;
free(p);
}
if ((r = sshbuf_get_u8(b, &c)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (c != SSH2_MSG_USERAUTH_REQUEST)
fail++;
xasprintf(&userstyle, "%s%s%s", authctxt->user,
authctxt->style ? ":" : "",
authctxt->style ? authctxt->style : "");
if ((r = sshbuf_get_cstring(b, &username, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (strcmp(userstyle, username) != 0) {
logit("wrong user name sent to monitor: expected %s != %.100s",
userstyle, username);
fail++;
}
free(username);
free(userstyle);
if ((r = sshbuf_skip_string(b)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (active_state->compat & SSH_BUG_PKAUTH) {
if ((r = sshbuf_get_u8(b, &c)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (!c)
fail++;
} else {
if ((r = sshbuf_get_cstring(b, &methodname, NULL)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (strcmp("publickey", methodname) != 0)
fail++;
free(methodname);
if ((r = sshbuf_get_u8(b, &c)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (!c)
fail++;
if ((r = sshbuf_skip_string(b)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
}
if ((r = sshbuf_skip_string(b)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if (sshbuf_len(b) != 0)
fail++;
sshbuf_free(b);
return (fail == 0);
}
