search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dropbear 2015.71
[tomato.git] / release / src / router / dropbear / cli-kex.c
blob07ee431a58658bbf38a617fb107cc5d65f4a7222
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002-2004 Matt Johnston
5 * Copyright (c) 2004 by Mihnea Stoenescu
6 * All rights reserved.
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24 * SOFTWARE. */
25
26 #include "includes.h"
27 #include "session.h"
28 #include "dbutil.h"
29 #include "algo.h"
30 #include "buffer.h"
31 #include "session.h"
32 #include "kex.h"
33 #include "ssh.h"
34 #include "packet.h"
35 #include "bignum.h"
36 #include "dbrandom.h"
37 #include "runopts.h"
38 #include "signkey.h"
39 #include "ecc.h"
40
41
42 static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen);
43 #define MAX_KNOWNHOSTS_LINE 4500
44
45 void send_msg_kexdh_init() {
46 TRACE(("send_msg_kexdh_init()"))
47
48 CHECKCLEARTOWRITE();
49 buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
50 switch (ses.newkeys->algo_kex->mode) {
51 case DROPBEAR_KEX_NORMAL_DH:
52 if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
53 || !cli_ses.dh_param) {
54 if (cli_ses.dh_param) {
55 free_kexdh_param(cli_ses.dh_param);
56 }
57 cli_ses.dh_param = gen_kexdh_param();
58 }
59 buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub);
60 break;
61 case DROPBEAR_KEX_ECDH:
62 #ifdef DROPBEAR_ECDH
63 if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
64 || !cli_ses.ecdh_param) {
65 if (cli_ses.ecdh_param) {
66 free_kexecdh_param(cli_ses.ecdh_param);
67 }
68 cli_ses.ecdh_param = gen_kexecdh_param();
69 }
70 buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key);
71 #endif
72 break;
73 #ifdef DROPBEAR_CURVE25519
74 case DROPBEAR_KEX_CURVE25519:
75 if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
76 || !cli_ses.curve25519_param) {
77 if (cli_ses.curve25519_param) {
78 free_kexcurve25519_param(cli_ses.curve25519_param);
79 }
80 cli_ses.curve25519_param = gen_kexcurve25519_param();
81 }
82 buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN);
83 #endif
84 break;
85 }
86
87 cli_ses.param_kex_algo = ses.newkeys->algo_kex;
88 encrypt_packet();
89 }
90
91 /* Handle a diffie-hellman key exchange reply. */
92 void recv_msg_kexdh_reply() {
93
94 sign_key *hostkey = NULL;
95 unsigned int type, keybloblen;
96 unsigned char* keyblob = NULL;
97
98 TRACE(("enter recv_msg_kexdh_reply"))
99
100 if (cli_ses.kex_state != KEXDH_INIT_SENT) {
101 dropbear_exit("Received out-of-order kexdhreply");
102 }
103 type = ses.newkeys->algo_hostkey;
104 TRACE(("type is %d", type))
105
106 hostkey = new_sign_key();
107 keybloblen = buf_getint(ses.payload);
108
109 keyblob = buf_getptr(ses.payload, keybloblen);
110 if (!ses.kexstate.donefirstkex) {
111 /* Only makes sense the first time */
112 checkhostkey(keyblob, keybloblen);
113 }
114
115 if (buf_get_pub_key(ses.payload, hostkey, &type) != DROPBEAR_SUCCESS) {
116 TRACE(("failed getting pubkey"))
117 dropbear_exit("Bad KEX packet");
118 }
119
120 switch (ses.newkeys->algo_kex->mode) {
121 case DROPBEAR_KEX_NORMAL_DH:
122 {
123 DEF_MP_INT(dh_f);
124 m_mp_init(&dh_f);
125 if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) {
126 TRACE(("failed getting mpint"))
127 dropbear_exit("Bad KEX packet");
128 }
129
130 kexdh_comb_key(cli_ses.dh_param, &dh_f, hostkey);
131 mp_clear(&dh_f);
132 }
133 break;
134 case DROPBEAR_KEX_ECDH:
135 #ifdef DROPBEAR_ECDH
136 {
137 buffer *ecdh_qs = buf_getstringbuf(ses.payload);
138 kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey);
139 buf_free(ecdh_qs);
140 }
141 #endif
142 break;
143 #ifdef DROPBEAR_CURVE25519
144 case DROPBEAR_KEX_CURVE25519:
145 {
146 buffer *ecdh_qs = buf_getstringbuf(ses.payload);
147 kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey);
148 buf_free(ecdh_qs);
149 }
150 #endif
151 break;
152 }
153
154 if (cli_ses.dh_param) {
155 free_kexdh_param(cli_ses.dh_param);
156 cli_ses.dh_param = NULL;
157 }
158 #ifdef DROPBEAR_ECDH
159 if (cli_ses.ecdh_param) {
160 free_kexecdh_param(cli_ses.ecdh_param);
161 cli_ses.ecdh_param = NULL;
162 }
163 #endif
164 #ifdef DROPBEAR_CURVE25519
165 if (cli_ses.curve25519_param) {
166 free_kexcurve25519_param(cli_ses.curve25519_param);
167 cli_ses.curve25519_param = NULL;
168 }
169 #endif
170
171 cli_ses.param_kex_algo = NULL;
172 if (buf_verify(ses.payload, hostkey, ses.hash) != DROPBEAR_SUCCESS) {
173 dropbear_exit("Bad hostkey signature");
174 }
175
176 sign_key_free(hostkey);
177 hostkey = NULL;
178
179 send_msg_newkeys();
180 ses.requirenext = SSH_MSG_NEWKEYS;
181 TRACE(("leave recv_msg_kexdh_init"))
182 }
183
184 static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen,
185 const char* algoname) {
186
187 char* fp = NULL;
188 FILE *tty = NULL;
189 char response = 'z';
190
191 fp = sign_key_fingerprint(keyblob, keybloblen);
192 if (cli_opts.always_accept_key) {
193 fprintf(stderr, "\nHost '%s' key accepted unconditionally.\n(%s fingerprint %s)\n",
194 cli_opts.remotehost,
195 algoname,
196 fp);
197 m_free(fp);
198 return;
199 }
200 fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(%s fingerprint %s)\nDo you want to continue connecting? (y/n) ",
201 cli_opts.remotehost,
202 algoname,
203 fp);
204 m_free(fp);
205
206 tty = fopen(_PATH_TTY, "r");
207 if (tty) {
208 response = getc(tty);
209 fclose(tty);
210 } else {
211 response = getc(stdin);
212 }
213
214 if (response == 'y') {
215 return;
216 }
217
218 dropbear_exit("Didn't validate host key");
219 }
220
221 static FILE* open_known_hosts_file(int * readonly)
222 {
223 FILE * hostsfile = NULL;
224 char * filename = NULL;
225 char * homedir = NULL;
226
227 homedir = getenv("HOME");
228
229 if (!homedir) {
230 struct passwd * pw = NULL;
231 pw = getpwuid(getuid());
232 if (pw) {
233 homedir = pw->pw_dir;
234 }
235 }
236
237 if (homedir) {
238 unsigned int len;
239 len = strlen(homedir);
240 filename = m_malloc(len + 18); /* "/.ssh/known_hosts" and null-terminator*/
241
242 snprintf(filename, len+18, "%s/.ssh", homedir);
243 /* Check that ~/.ssh exists - easiest way is just to mkdir */
244 if (mkdir(filename, S_IRWXU) != 0) {
245 if (errno != EEXIST) {
246 dropbear_log(LOG_INFO, "Warning: failed creating %s/.ssh: %s",
247 homedir, strerror(errno));
248 TRACE(("mkdir didn't work: %s", strerror(errno)))
249 goto out;
250 }
251 }
252
253 snprintf(filename, len+18, "%s/.ssh/known_hosts", homedir);
254 hostsfile = fopen(filename, "a+");
255
256 if (hostsfile != NULL) {
257 *readonly = 0;
258 fseek(hostsfile, 0, SEEK_SET);
259 } else {
260 /* We mightn't have been able to open it if it was read-only */
261 if (errno == EACCES || errno == EROFS) {
262 TRACE(("trying readonly: %s", strerror(errno)))
263 *readonly = 1;
264 hostsfile = fopen(filename, "r");
265 }
266 }
267 }
268
269 if (hostsfile == NULL) {
270 TRACE(("hostsfile didn't open: %s", strerror(errno)))
271 dropbear_log(LOG_WARNING, "Failed to open %s/.ssh/known_hosts",
272 homedir);
273 goto out;
274 }
275
276 out:
277 m_free(filename);
278 return hostsfile;
279 }
280
281 static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
282
283 FILE *hostsfile = NULL;
284 int readonly = 0;
285 unsigned int hostlen, algolen;
286 unsigned long len;
287 const char *algoname = NULL;
288 char * fingerprint = NULL;
289 buffer * line = NULL;
290 int ret;
291
292 if (cli_opts.no_hostkey_check) {
293 fprintf(stderr, "Caution, skipping hostkey check for %s\n", cli_opts.remotehost);
294 return;
295 }
296
297 algoname = signkey_name_from_type(ses.newkeys->algo_hostkey, &algolen);
298
299 hostsfile = open_known_hosts_file(&readonly);
300 if (!hostsfile) {
301 ask_to_confirm(keyblob, keybloblen, algoname);
302 /* ask_to_confirm will exit upon failure */
303 return;
304 }
305
306 line = buf_new(MAX_KNOWNHOSTS_LINE);
307 hostlen = strlen(cli_opts.remotehost);
308
309 do {
310 if (buf_getline(line, hostsfile) == DROPBEAR_FAILURE) {
311 TRACE(("failed reading line: prob EOF"))
312 break;
313 }
314
315 /* The line is too short to be sensible */
316 /* "30" is 'enough to hold ssh-dss plus the spaces, ie so we don't
317 * buf_getfoo() past the end and die horribly - the base64 parsing
318 * code is what tiptoes up to the end nicely */
319 if (line->len < (hostlen+30) ) {
320 TRACE(("line is too short to be sensible"))
321 continue;
322 }
323
324 /* Compare hostnames */
325 if (strncmp(cli_opts.remotehost, (const char *) buf_getptr(line, hostlen),
326 hostlen) != 0) {
327 continue;
328 }
329
330 buf_incrpos(line, hostlen);
331 if (buf_getbyte(line) != ' ') {
332 /* there wasn't a space after the hostname, something dodgy */
333 TRACE(("missing space afte matching hostname"))
334 continue;
335 }
336
337 if (strncmp((const char *) buf_getptr(line, algolen), algoname, algolen) != 0) {
338 TRACE(("algo doesn't match"))
339 continue;
340 }
341
342 buf_incrpos(line, algolen);
343 if (buf_getbyte(line) != ' ') {
344 TRACE(("missing space after algo"))
345 continue;
346 }
347
348 /* Now we're at the interesting hostkey */
349 ret = cmp_base64_key(keyblob, keybloblen, (const unsigned char *) algoname, algolen,
350 line, &fingerprint);
351
352 if (ret == DROPBEAR_SUCCESS) {
353 /* Good matching key */
354 TRACE(("good matching key"))
355 goto out;
356 }
357
358 /* The keys didn't match. eep. Note that we're "leaking"
359 the fingerprint strings here, but we're exiting anyway */
360 dropbear_exit("\n\n%s host key mismatch for %s !\n"
361 "Fingerprint is %s\n"
362 "Expected %s\n"
363 "If you know that the host key is correct you can\nremove the bad entry from ~/.ssh/known_hosts",
364 algoname,
365 cli_opts.remotehost,
366 sign_key_fingerprint(keyblob, keybloblen),
367 fingerprint ? fingerprint : "UNKNOWN");
368 } while (1); /* keep going 'til something happens */
369
370 /* Key doesn't exist yet */
371 ask_to_confirm(keyblob, keybloblen, algoname);
372
373 /* If we get here, they said yes */
374
375 if (readonly) {
376 TRACE(("readonly"))
377 goto out;
378 }
379
380 if (!cli_opts.always_accept_key) {
381 /* put the new entry in the file */
382 fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */
383 buf_setpos(line, 0);
384 buf_setlen(line, 0);
385 buf_putbytes(line, (const unsigned char *) cli_opts.remotehost, hostlen);
386 buf_putbyte(line, ' ');
387 buf_putbytes(line, (const unsigned char *) algoname, algolen);
388 buf_putbyte(line, ' ');
389 len = line->size - line->pos;
390 /* The only failure with base64 is buffer_overflow, but buf_getwriteptr
391 * will die horribly in the case anyway */
392 base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len);
393 buf_incrwritepos(line, len);
394 buf_putbyte(line, '\n');
395 buf_setpos(line, 0);
396 fwrite(buf_getptr(line, line->len), line->len, 1, hostsfile);
397 /* We ignore errors, since there's not much we can do about them */
398 }
399
400 out:
401 if (hostsfile != NULL) {
402 fclose(hostsfile);
403 }
404 if (line != NULL) {
405 buf_free(line);
406 }
407 m_free(fingerprint);
408 }
Tomato firmware and modifications.