1
1
Граф коммитов

988 Коммитов

Автор SHA1 Сообщение Дата
Jakub Jelen
d2434c69c0 pki: Separate signature extraction and verification
Initial solution proposed by Tilo Eckert <tilo.eckert@flam.de>

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-30 16:21:18 +01:00
Jakub Jelen
c18ed4eafa Drop unused header file
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-23 17:30:16 +01:00
Aris Adamantiadis
f4339df577 packets: allow removal of callbacks
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-21 16:54:20 +01:00
Nicolas Viennot
59ada799d7 packets: Fix ssh_send_keepalive()
ssh_send_keepalive() should use global_request() to properly configure
the state machine for packet filtering.

Signed-off-by: Nicolas Viennot <nicolas@viennot.biz>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-20 07:55:08 +01:00
Jakub Jelen
de7405f1c7 config: Preserve the seen array among invocations
This follows the OpenSSH behavior of parsing subseqent configuration
files, while applying only the first option.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 11:16:38 +01:00
Jakub Jelen
b7fefb0500 options: Provide a way of disabling automatic config parsing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 11:16:35 +01:00
Jakub Jelen
89a8a6fcf0 Process OpenSSH configuration files by default.
This will allow to use the same configuration in client applications
including the users aliases or system wide cryptographic configuration.

As the configuration parsing is the last thing before doing the
actual connection, it might overwrite previously set options.
If this is not intended, the client application can
ask the configuration files to be parsed before setting some other
options that should not ve overwritten. The code ensures that
the configuration is not parsed again.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-02 11:15:30 +01:00
Jakub Jelen
c8519c435e session: Drop unused structure member (SSHv1)
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-30 16:22:17 +01:00
Sanne Raymaekers
ced05eb6db socket: Undouble socket fds
Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com>
2018-10-25 18:49:29 +02:00
Andreas Schneider
00cd5b1c83 messages: Add SSH_MESSAGE_FREE
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
ca425ebe67 messages: Make ssh_message_queue() static
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
f8b70d6a73 pki_crypto: Mark iqmp as unused
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
480915c07d libsshpp: Pass username and submethods to ssh_userauth_kbdint()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Andreas Schneider
e27c6b21b5 include: Fix HAVE_<FEATURE> checks in pki.h
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Jakub Jelen
f622c4309b knownhosts: Consult also the global known hosts file
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-19 17:43:20 +02:00
Jakub Jelen
bdb3bb9ccd tests: Verify the hostkey ordering for negotiation is correct
Previously, not all of the host keys algorithms were used for algorithm
negotiation. This verifies the algorithms list is sane and ordered
with the key types from known hosts in the first place.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-19 17:43:20 +02:00
Andreas Schneider
91f35eca4d libsshpp: Use ssh_session_update_known_hosts()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-19 17:42:02 +02:00
Andreas Schneider
009ca5c9dd priv: Add ssize_t if not available with MSVC
Fixes T113

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Tested-by: Wolf Wolfswinkel <wolf.wolfswinkel@objectplus.nl>
2018-10-17 15:37:28 +02:00
Anderson Toshiyuki Sasaki
75be012b4a CVE-2018-10933: Introduced packet filtering
The packet filter checks required states for the incoming packets and
reject them if they arrived in the wrong state.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-16 09:19:03 +02:00
Anderson Toshiyuki Sasaki
20981bf229 CVE-2018-10933: Introduce SSH_AUTH_STATE_AUTH_NONE_SENT
The introduced auth state allows to identify when a request without
authentication information was sent.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-16 09:19:03 +02:00
Anderson Toshiyuki Sasaki
825f4ba964 CVE-2018-10933: Introduce SSH_AUTH_STATE_PASSWORD_AUTH_SENT
The introduced auth state allows to identify when authentication using
password was tried.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-16 09:19:03 +02:00
Anderson Toshiyuki Sasaki
2bddafeb70 CVE-2018-10933: Introduced new auth states
Introduced the states SSH_AUTH_STATE_PUBKEY_OFFER_SENT and
SSH_AUTH_STATE_PUBKEY_AUTH_SENT to know when SSH2_MSG_USERAUTH_PK_OK and
SSH2_MSG_USERAUTH_SUCCESS should be expected.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-16 09:19:03 +02:00
Andreas Schneider
259d7de153 include: Mark old known_hosts API as deprecated
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-13 22:08:41 +02:00
Jakub Jelen
72bd2fe197 libmbedtls: Support OpenSSH-compatible AES-GCM ciphers using mbedTLS
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-09 13:05:38 +02:00
Jakub Jelen
5790036a23 libgcrypt: Implement OpenSSH-compatible AES-GCM ciphers using libgcrypt
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-09 13:05:38 +02:00
Jakub Jelen
46090facba libcrypto: Implement OpenSSH-compatible AES-GCM ciphers using OpenSSL
The commit also propares the internals throughout the code base
for the inclusion of a new AEAD cipher, because previously, the
source code counted only with chacha20-poly1305 cipher, which
is very specific in many cases.

The SSH_HMAC_AEAD_GCM mac algorithm is not actually used, but the name
needed to be defined so we can match in the algorithms selection per
OpenSSH specification (MACs are ignored in case GCM is select as a cipher [1]).

If the provided OpenSSL does not provide  EVP_aes_128_gcm()  function,
the AES-GCM ciphers will not be compiled in.

[1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-09 12:05:40 +02:00
Andreas Schneider
85a274ff3c include: Add macros for bytearray handling
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-10-05 14:38:43 +02:00
Anderson Toshiyuki Sasaki
11d480134c include: Add SSH_KEY_FREE
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-27 15:21:30 +02:00
Andreas Schneider
ae2b9a3bde include: Do not declare ssh_channel_new() twice
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-25 14:37:25 +02:00
Chris Townsend
6c56c1e0d7 sftpserver: Support some openssh extensions
Add support for "hardlink@openssh.com" and
"posix-rename@openssh.com" extensions.

Signed-off-by: Chris Townsend <christopher.townsend@canonical.com>
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-20 16:35:13 +02:00
DavidWed
d0ce2d1ecd pki: Add ssh_pki_export_privkey_base64()
Fixes T53

Signed-off-by: DavidWedderwille <davidwe@posteo.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-09-20 16:35:13 +02:00
Andreas Schneider
bbed139eca dh: Add ssh_get_fingerprint_hash()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-20 16:35:13 +02:00
Anderson Toshiyuki Sasaki
71594f9d6c dh: Add diffie-hellman-group18-sha512 support
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2018-09-20 15:37:23 +02:00
Anderson Toshiyuki Sasaki
d9d3b65df2 dh: Add diffie-hellman-group16-sha512 support
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-19 12:17:02 +02:00
Jakub Jelen
1226de875b pki: Implement reading public key from OpenSSH private key container
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
39102224b2 pki: Allow reading keys in new OpenSSH format
This implements reading the OpenSSH key format accross the
cryptographic backends. Most of the code is shared and moved
to pki.c, just the building of the keys is implemented in
pki_privkey_build_*() functions.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Andreas Schneider
79a3fcac72 sftp: Keep a ssh_packet for reading in the sftp handle
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
29b5477849 include: Add SSH_BUFFER_FREE
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Jakub Jelen
e9b44d26b1 config: Parse Match keyword
Amends f818e63f8, which introduced the constants and matching of this
configuration option, but did not implement the handling of the values
which was causing the configuration parser failing for certain
configurations.

This commit exposes match_pattern_list() from match.c

Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1624425

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-05 11:43:05 +02:00
Andreas Schneider
ba1ff992ce libsshpp: Initialize the string returned by getIssueBanner()
Fixes T13

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-04 20:52:31 +02:00
Andreas Schneider
a1b57d3b94 buffer: Use bool for secure buffer
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-03 15:00:53 +02:00
Andreas Schneider
3efc64112a include: Add SSH_STRING_FREE() and SSH_STRING_FREE_CHAR()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-02 09:54:20 +02:00
Jakub Jelen
b4c8bd9fe4 pki: Support RSA SHA2 signatures of sessionid for server
This involves mostly creation of host keys proofs but needs
to follow the same procedure as the client authentication
signatures.

At the same time, the SHA2 extension is enabled in the pkd
so we are able to atomicaly provide correct signatures and
pass tests.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
6fa5e8adb0 server: Support for extension negotiation
This includes intercepting the  ext-info-c  string from
the client kex proposal, configuring the server to allow using
this extension and sending the SSH_MSG_EXT_INFO packet back
to the client after the new keys are in use.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
594c62d718 tests: PUBLICKEY_ACCEPTED_TYPES are effective
Verify the PUBLICKEY_ACCEPTED_TYPES option is handled correctly
and affects the signature algorithm selection based on the
extensions and can be used to limit list of offered mechanisms
to the server.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
4169be45eb pki: Allow filtering accepted public key types based on the configuration
This effectively allows to disable using the SHA2 extension, disable
other old public key mechanisms out of the box (hello DSA) or force
the new SHA2-based key algorithm types if needed.

This exposes the  default_methods  array from  kex.c.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
4521ab73b6 options: The new option SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES
This option allows to specify acceptable public key algorithms
and reflects the PubkeyAcceptedTypes configuration option from
OpenSSH.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
ebb01549d0 SHA2 extension in the ssh-agent interface
The new constants for flags are defined in draft-miller-ssh-agent-02
are active if the SHA2 extension is negotiated with the server.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
82da0c3361 auth: Support SHA2 extension for pubkey authentication (RFC 8332)
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Jakub Jelen
1f08aabe43 pki: RSA signatures with SHA2 hash algorithms (RFC 8332)
* This change introduces a new API to request signature using
   one key and different hash algorithms. This is used only with
   RSA keys, that used to have SHA1 hardcoded, but the new
   algorithsms allow to use the SHA2 hashes, if the extension
   is negotiated.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00