Send only allowed algorithms in server-sig-algs extension if in FIPS
mode.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
There is actually a bug in OpenSSH's ssh-agent of handling these
requests [1], but this change follows the way how OpenSSH clients
behave in regards to the communication with agent.
Without this change, the agent is asked to provide SHA1 signature
with certificates, which is not right if we negotiated SHA2 extensions.
[1] https://bugzilla.mindrot.org/show_bug.cgi?id=3016
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
If in FIPS mode, skip tests which require algorithms not allowed. Also
use allowed algorithms when possible to avoid skipping the test.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Copies of the DSA, RSA, and ECDSA keys were added encoded in PKCS#8
format. For now, these keys are only used when testing with OpenSSL.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
OpenSSH agent has a bug which makes it to not use SHA2 in signatures
when using certificates. It always uses SHA1.
See https://gitlab.com/libssh/libssh-mirror/merge_requests/34
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Make ssh_fallback_group() to duplicate the modulus and generator.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The macro is defined for each crypto back end. If (*dest) is NULL, a
new bignum is allocated. Otherwise the value of orig is copied to
(*dest).
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
When in FIPS mode, filter the algorithms to enable only the allowed
ones. If any algorithm is explicitly set through options or
configuration file, they are kept.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This allows the use of the new PKCS#8 PEM files and does not
limit libssh to using only the "traditional" PEM files, that
are not default in OpenSSL since 1.0.0 and which do not work
at all in FIPS mode.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Since OpenSSL 1.0.0, the "traditional" PEM format was deprecated
in favor of the PKCS#8 PEM files which is more standardized,
more secure and does not depend on the MD5 hash, which is not
available for example in FIPS mode.
This requires using the new EVP_PKEY API for reading private key
blobs.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Do not use MD5 when generating fingerprints in FIPS mode. The call will
fail in such case. The test suite was updated with a negative test for
this case.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Added a test to make sure unknown options in the configuration file are
ignored and don't make ssh_bind_options_parse_config() to fail.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Make ssh_bind_options_parse_config() to fail if setting a known option
fails. Previously the return value of ssh_bind_options_set() were
ignored when configuring the server through a configuration file.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Previously, when no methods were set, the server would enable all
supported methods. This changes this behaviour by setting only the
default methods.
The server in pkd_daemon.c was changed to set explicitly all the
supported methods to keep the previous behaviour.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The default order of preference for signature algorithms were not
consistent. This makes the following order of preference to be the
default order:
* ssh-ed25519
* ecdsa-sha2-nistp521
* ecdsa-sha2-nistp384
* ecdsa-sha2-nistp256
* rsa-sha2-512
* rsa-sha2-256
* ssh-rsa
* ssh-dss
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The added tests run the server with different combinations of algorithms
and try to connect using a client.
Note that few combinations are tested.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This allows testing the server with a configuration file. This also
adds an option for the stand-alone test server to skip parsing the
system-wide configuration file.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The added option SSH_BIND_OPTIONS_PROCESS_CONFIG allows to skip
processing the system-wide configuration file. The global configuration
file is processed automatically if this option is not set as false.
This option will only be effective if set before any call to
ssh_bind_options_parse_config().
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Add support for setting the allowed HostKey algorithms through
configuration file.
Note that this does NOT add support for adding or removing values using
'+' or '-'. Only replacing the whole list is supported.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The added option SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS allows restricting
the signature algorithms to offer to the client for host authentication.
The list set is used as a filter of allowed algorithms.
First a list of possible signature algorithms to offer is created from
the keys set and then such list is filtered against the allowed
algorithms.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Add support for setting the accepted public key types through
configuration file.
Note that this does NOT add support for adding or removing values using
'+' or '-'. Only replacing the whole list is supported.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The added option SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES allows
restricting the allowed public key types accepted by the server for
authentication.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Replace the old tokens handling functions usage with the new implementation.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The added functions allow splitting chains of tokens separated by a
given character (usually ','), and extracting matching parts between two
chains of tokens.
The previously existing functions in kex.c were replaced by the
introduced ones.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Previously when generating the signature in server side the key was
checked against the wrong list, potentially making the server to select
the wrong algorithm to sign (e.g. rsa-sha2-512 instead of rsa-sha2-256).
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This avoids csbuild failures due to new source files added. Previously
in some runs, csbuild would try to reuse the existing cmake cache file
which could contain added dependencies to new source files, leading to
failure in the run.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Do not print crypto debug information to reduce size of generated logs.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
