mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-15 23:33:56 +08:00
eb8b60e320
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
307 lines
7.8 KiB
C
307 lines
7.8 KiB
C
/* $OpenBSD: dns.c,v 1.27 2010/08/31 11:54:45 djm Exp $ */
|
|
|
|
/*
|
|
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
|
* Copyright (c) 2003 Jakob Schlyter. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
|
|
#include <netdb.h>
|
|
#include <stdarg.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
#include "xmalloc.h"
|
|
#include "key.h"
|
|
#include "dns.h"
|
|
#include "log.h"
|
|
|
|
static const char *errset_text[] = {
|
|
"success", /* 0 ERRSET_SUCCESS */
|
|
"out of memory", /* 1 ERRSET_NOMEMORY */
|
|
"general failure", /* 2 ERRSET_FAIL */
|
|
"invalid parameter", /* 3 ERRSET_INVAL */
|
|
"name does not exist", /* 4 ERRSET_NONAME */
|
|
"data does not exist", /* 5 ERRSET_NODATA */
|
|
};
|
|
|
|
static const char *
|
|
dns_result_totext(unsigned int res)
|
|
{
|
|
switch (res) {
|
|
case ERRSET_SUCCESS:
|
|
return errset_text[ERRSET_SUCCESS];
|
|
case ERRSET_NOMEMORY:
|
|
return errset_text[ERRSET_NOMEMORY];
|
|
case ERRSET_FAIL:
|
|
return errset_text[ERRSET_FAIL];
|
|
case ERRSET_INVAL:
|
|
return errset_text[ERRSET_INVAL];
|
|
case ERRSET_NONAME:
|
|
return errset_text[ERRSET_NONAME];
|
|
case ERRSET_NODATA:
|
|
return errset_text[ERRSET_NODATA];
|
|
default:
|
|
return "unknown error";
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Read SSHFP parameters from key buffer.
|
|
*/
|
|
static int
|
|
dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
|
|
u_char **digest, u_int *digest_len, Key *key)
|
|
{
|
|
int success = 0;
|
|
|
|
switch (key->type) {
|
|
case KEY_RSA:
|
|
*algorithm = SSHFP_KEY_RSA;
|
|
break;
|
|
case KEY_DSA:
|
|
*algorithm = SSHFP_KEY_DSA;
|
|
break;
|
|
/* XXX KEY_ECDSA */
|
|
default:
|
|
*algorithm = SSHFP_KEY_RESERVED; /* 0 */
|
|
}
|
|
|
|
if (*algorithm) {
|
|
*digest_type = SSHFP_HASH_SHA1;
|
|
*digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len);
|
|
if (*digest == NULL)
|
|
fatal("dns_read_key: null from key_fingerprint_raw()");
|
|
success = 1;
|
|
} else {
|
|
*digest_type = SSHFP_HASH_RESERVED;
|
|
*digest = NULL;
|
|
*digest_len = 0;
|
|
success = 0;
|
|
}
|
|
|
|
return success;
|
|
}
|
|
|
|
/*
|
|
* Read SSHFP parameters from rdata buffer.
|
|
*/
|
|
static int
|
|
dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
|
|
u_char **digest, u_int *digest_len, u_char *rdata, int rdata_len)
|
|
{
|
|
int success = 0;
|
|
|
|
*algorithm = SSHFP_KEY_RESERVED;
|
|
*digest_type = SSHFP_HASH_RESERVED;
|
|
|
|
if (rdata_len >= 2) {
|
|
*algorithm = rdata[0];
|
|
*digest_type = rdata[1];
|
|
*digest_len = rdata_len - 2;
|
|
|
|
if (*digest_len > 0) {
|
|
*digest = (u_char *) xmalloc(*digest_len);
|
|
memcpy(*digest, rdata + 2, *digest_len);
|
|
} else {
|
|
*digest = (u_char *)xstrdup("");
|
|
}
|
|
|
|
success = 1;
|
|
}
|
|
|
|
return success;
|
|
}
|
|
|
|
/*
|
|
* Check if hostname is numerical.
|
|
* Returns -1 if hostname is numeric, 0 otherwise
|
|
*/
|
|
static int
|
|
is_numeric_hostname(const char *hostname)
|
|
{
|
|
struct addrinfo hints, *ai;
|
|
|
|
/*
|
|
* We shouldn't ever get a null host but if we do then log an error
|
|
* and return -1 which stops DNS key fingerprint processing.
|
|
*/
|
|
if (hostname == NULL) {
|
|
error("is_numeric_hostname called with NULL hostname");
|
|
return -1;
|
|
}
|
|
|
|
memset(&hints, 0, sizeof(hints));
|
|
hints.ai_socktype = SOCK_DGRAM;
|
|
hints.ai_flags = AI_NUMERICHOST;
|
|
|
|
if (getaddrinfo(hostname, NULL, &hints, &ai) == 0) {
|
|
freeaddrinfo(ai);
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Verify the given hostname, address and host key using DNS.
|
|
* Returns 0 if lookup succeeds, -1 otherwise
|
|
*/
|
|
int
|
|
verify_host_key_dns(const char *hostname, struct sockaddr *address,
|
|
Key *hostkey, int *flags)
|
|
{
|
|
u_int counter;
|
|
int result;
|
|
struct rrsetinfo *fingerprints = NULL;
|
|
|
|
u_int8_t hostkey_algorithm;
|
|
u_int8_t hostkey_digest_type;
|
|
u_char *hostkey_digest;
|
|
u_int hostkey_digest_len;
|
|
|
|
u_int8_t dnskey_algorithm;
|
|
u_int8_t dnskey_digest_type;
|
|
u_char *dnskey_digest;
|
|
u_int dnskey_digest_len;
|
|
|
|
*flags = 0;
|
|
|
|
debug3("verify_host_key_dns");
|
|
if (hostkey == NULL)
|
|
fatal("No key to look up!");
|
|
|
|
if (is_numeric_hostname(hostname)) {
|
|
debug("skipped DNS lookup for numerical hostname");
|
|
return -1;
|
|
}
|
|
|
|
result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
|
|
DNS_RDATATYPE_SSHFP, 0, &fingerprints);
|
|
if (result) {
|
|
verbose("DNS lookup error: %s", dns_result_totext(result));
|
|
return -1;
|
|
}
|
|
|
|
if (fingerprints->rri_flags & RRSET_VALIDATED) {
|
|
*flags |= DNS_VERIFY_SECURE;
|
|
debug("found %d secure fingerprints in DNS",
|
|
fingerprints->rri_nrdatas);
|
|
} else {
|
|
debug("found %d insecure fingerprints in DNS",
|
|
fingerprints->rri_nrdatas);
|
|
}
|
|
|
|
/* Initialize host key parameters */
|
|
if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type,
|
|
&hostkey_digest, &hostkey_digest_len, hostkey)) {
|
|
error("Error calculating host key fingerprint.");
|
|
freerrset(fingerprints);
|
|
return -1;
|
|
}
|
|
|
|
if (fingerprints->rri_nrdatas)
|
|
*flags |= DNS_VERIFY_FOUND;
|
|
|
|
for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) {
|
|
/*
|
|
* Extract the key from the answer. Ignore any badly
|
|
* formatted fingerprints.
|
|
*/
|
|
if (!dns_read_rdata(&dnskey_algorithm, &dnskey_digest_type,
|
|
&dnskey_digest, &dnskey_digest_len,
|
|
fingerprints->rri_rdatas[counter].rdi_data,
|
|
fingerprints->rri_rdatas[counter].rdi_length)) {
|
|
verbose("Error parsing fingerprint from DNS.");
|
|
continue;
|
|
}
|
|
|
|
/* Check if the current key is the same as the given key */
|
|
if (hostkey_algorithm == dnskey_algorithm &&
|
|
hostkey_digest_type == dnskey_digest_type) {
|
|
|
|
if (hostkey_digest_len == dnskey_digest_len &&
|
|
memcmp(hostkey_digest, dnskey_digest,
|
|
hostkey_digest_len) == 0) {
|
|
|
|
*flags |= DNS_VERIFY_MATCH;
|
|
}
|
|
}
|
|
xfree(dnskey_digest);
|
|
}
|
|
|
|
xfree(hostkey_digest); /* from key_fingerprint_raw() */
|
|
freerrset(fingerprints);
|
|
|
|
if (*flags & DNS_VERIFY_FOUND)
|
|
if (*flags & DNS_VERIFY_MATCH)
|
|
debug("matching host key fingerprint found in DNS");
|
|
else
|
|
debug("mismatching host key fingerprint found in DNS");
|
|
else
|
|
debug("no host key fingerprint found in DNS");
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Export the fingerprint of a key as a DNS resource record
|
|
*/
|
|
int
|
|
export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
|
|
{
|
|
u_int8_t rdata_pubkey_algorithm = 0;
|
|
u_int8_t rdata_digest_type = SSHFP_HASH_SHA1;
|
|
u_char *rdata_digest;
|
|
u_int rdata_digest_len;
|
|
|
|
u_int i;
|
|
int success = 0;
|
|
|
|
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
|
|
&rdata_digest, &rdata_digest_len, key)) {
|
|
|
|
if (generic)
|
|
fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname,
|
|
DNS_RDATATYPE_SSHFP, 2 + rdata_digest_len,
|
|
rdata_pubkey_algorithm, rdata_digest_type);
|
|
else
|
|
fprintf(f, "%s IN SSHFP %d %d ", hostname,
|
|
rdata_pubkey_algorithm, rdata_digest_type);
|
|
|
|
for (i = 0; i < rdata_digest_len; i++)
|
|
fprintf(f, "%02x", rdata_digest[i]);
|
|
fprintf(f, "\n");
|
|
xfree(rdata_digest); /* from key_fingerprint_raw() */
|
|
success = 1;
|
|
} else {
|
|
error("export_dns_rr: unsupported algorithm");
|
|
}
|
|
|
|
return success;
|
|
}
|