pki: Allow filtering accepted public key types based on the configuration

This effectively allows to disable using the SHA2 extension, disable other old public key mechanisms out of the box (hello DSA) or force the new SHA2-based key algorithm types if needed. This exposes the default_methods array from kex.c. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-07 11:32:36 +02:00 · 2018-08-07 11:32:36 +02:00 · 4169be45eb
--- a/include/libssh/kex.h
+++ b/include/libssh/kex.h
@ -43,6 +43,7 @@ char **ssh_space_tokenize(const char *chain);
 int ssh_get_kex1(ssh_session session);
 char *ssh_find_matching(const char *in_d, const char *what_d);
 const char *ssh_kex_get_supported_method(uint32_t algo);
+const char *ssh_kex_get_default_methods(uint32_t algo);
 const char *ssh_kex_get_description(uint32_t algo);

 #endif /* KEX_H_ */
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@ -138,4 +138,5 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
 ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key);
 ssh_private_key ssh_pki_convert_key_to_privatekey(const ssh_key key);

+int ssh_key_algorithm_allowed(ssh_session session, const char *type);
 #endif /* PKI_H_ */
--- a/src/kex.c
+++ b/src/kex.c
@ -235,6 +235,15 @@ char **ssh_space_tokenize(const char *chain){
    return tokens;
 }

+const char *ssh_kex_get_default_methods(uint32_t algo)
+{
+    if (algo >= KEX_METHODS_SIZE) {
+        return NULL;
+    }
+
+    return default_methods[algo];
+}
+
 const char *ssh_kex_get_supported_method(uint32_t algo) {
  if (algo >= KEX_METHODS_SIZE) {
    return NULL;
--- a/src/pki.c
+++ b/src/pki.c
@ -271,6 +271,27 @@ static enum ssh_digest_e ssh_key_hash_from_name(const char *name)
    /* we do not care for others now */
    return SSH_DIGEST_AUTO;
 }
+/**
+ * @brief Checks the given key against the configured allowed
+ * public key algorithm types
+ *
+ * @param[in] session The SSH session
+ * @parma[in] type    The key algorithm to check
+ * @returns           1 if the key algorithm is allowed 0 otherwise
+ */
+int ssh_key_algorithm_allowed(ssh_session session, const char *type)
+{
+    const char *allowed_list;
+
+    allowed_list = session->opts.pubkey_accepted_types;
+    if (allowed_list == NULL) {
+        allowed_list = ssh_kex_get_default_methods(SSH_HOSTKEYS);
+    }
+
+    SSH_LOG(SSH_LOG_DEBUG, "Checking %s with list <%s>", type, allowed_list);
+    return ssh_match_group(allowed_list, type);
+}
+
 /**
 * @brief Convert a key type to a hash type. This is usually unambiguous
 * for all the key types, unless the SHA2 extension (RFC 8332) is
@ -285,15 +306,15 @@ static enum ssh_digest_e ssh_key_hash_from_name(const char *name)
 static enum ssh_digest_e ssh_key_type_to_hash(ssh_session session,
                                       enum ssh_keytypes_e type)
 {
-    /* TODO this should also reflect supported key types specified in
-     * configuration (ssh_config PubkeyAcceptedKeyTypes) */
    switch (type) {
    case SSH_KEYTYPE_RSA:
-        if (session->extensions & SSH_EXT_SIG_RSA_SHA512) {
+        if (ssh_key_algorithm_allowed(session, "rsa-sha2-512") &&
+            (session->extensions & SSH_EXT_SIG_RSA_SHA512)) {
            return SSH_DIGEST_SHA512;
        }

-        if (session->extensions & SSH_EXT_SIG_RSA_SHA256) {
+        if (ssh_key_algorithm_allowed(session, "rsa-sha2-256") &&
+            (session->extensions & SSH_EXT_SIG_RSA_SHA256)) {
            return SSH_DIGEST_SHA256;
        }