mirror of
https://github.com/deltachat/deltachat-core.git
synced 2025-10-06 12:00:11 +02:00
473 lines
13 KiB
C
473 lines
13 KiB
C
/*-
|
|
* Copyright (c) 2009 The NetBSD Foundation, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* This code is derived from software contributed to The NetBSD Foundation
|
|
* by Alistair Crooks (agc@NetBSD.org)
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
#include "config-netpgp.h"
|
|
|
|
#ifdef HAVE_SYS_CDEFS_H
|
|
#include <sys/cdefs.h>
|
|
#endif
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/param.h>
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
#include <ctype.h>
|
|
#include <inttypes.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
#ifdef HAVE_UNISTD_H
|
|
#include <unistd.h>
|
|
#endif
|
|
|
|
#ifdef HAVE_LIMITS_H
|
|
#include <limits.h>
|
|
#endif
|
|
|
|
#ifdef HAVE_OPENSSL_CAST_H
|
|
#include <openssl/cast.h>
|
|
#endif
|
|
|
|
#include <openssl/pem.h>
|
|
|
|
#include "bufgap.h"
|
|
|
|
#include "packet-parse.h"
|
|
#include "netpgpdefs.h"
|
|
#include "netpgpsdk.h"
|
|
#include "crypto.h"
|
|
#include "netpgpdigest.h"
|
|
#include "ssh2pgp.h"
|
|
|
|
/* structure for earching for constant strings */
|
|
typedef struct str_t {
|
|
const char *s; /* string */
|
|
size_t len; /* its length */
|
|
int type; /* return type */
|
|
} str_t;
|
|
|
|
#ifndef USE_ARG
|
|
#define USE_ARG(x) /*LINTED*/(void)&x
|
|
#endif
|
|
|
|
static const uint8_t base64s[] =
|
|
/* 000 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
|
|
/* 016 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
|
|
/* 032 */ "\0\0\0\0\0\0\0\0\0\0\0?\0\0\0@"
|
|
/* 048 */ "56789:;<=>\0\0\0\0\0\0"
|
|
/* 064 */ "\0\1\2\3\4\5\6\7\10\11\12\13\14\15\16\17"
|
|
/* 080 */ "\20\21\22\23\24\25\26\27\30\31\32\0\0\0\0\0"
|
|
/* 096 */ "\0\33\34\35\36\37 !\"#$%&'()"
|
|
/* 112 */ "*+,-./01234\0\0\0\0\0"
|
|
/* 128 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
|
|
/* 144 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
|
|
/* 160 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
|
|
/* 176 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
|
|
/* 192 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
|
|
/* 208 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
|
|
/* 224 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
|
|
/* 240 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
|
|
|
|
|
|
/* short function to decode from base64 */
|
|
/* inspired by an ancient copy of b64.c, then rewritten, the bugs are all mine */
|
|
static int
|
|
frombase64(char *dst, const char *src, size_t size, int flag)
|
|
{
|
|
uint8_t out[3];
|
|
uint8_t in[4];
|
|
uint8_t b;
|
|
size_t srcc;
|
|
int dstc;
|
|
int gotc;
|
|
int i;
|
|
|
|
USE_ARG(flag);
|
|
for (dstc = 0, srcc = 0 ; srcc < size; ) {
|
|
for (gotc = 0, i = 0; i < 4 && srcc < size; i++) {
|
|
for (b = 0x0; srcc < size && b == 0x0 ; ) {
|
|
b = base64s[(unsigned)src[srcc++]];
|
|
}
|
|
if (srcc < size) {
|
|
gotc += 1;
|
|
if (b) {
|
|
in[i] = (uint8_t)(b - 1);
|
|
}
|
|
} else {
|
|
in[i] = 0x0;
|
|
}
|
|
}
|
|
if (gotc) {
|
|
out[0] = (uint8_t)((unsigned)in[0] << 2 |
|
|
(unsigned)in[1] >> 4);
|
|
out[1] = (uint8_t)((unsigned)in[1] << 4 |
|
|
(unsigned)in[2] >> 2);
|
|
out[2] = (uint8_t)(((in[2] << 6) & 0xc0) | in[3]);
|
|
for (i = 0; i < gotc - 1; i++) {
|
|
*dst++ = out[i];
|
|
}
|
|
dstc += gotc - 1;
|
|
}
|
|
}
|
|
return dstc;
|
|
}
|
|
|
|
/* get a bignum from the buffer gap */
|
|
static BIGNUM *
|
|
getbignum(bufgap_t *bg, char *buf, const char *header)
|
|
{
|
|
uint32_t len;
|
|
BIGNUM *bignum;
|
|
|
|
(void) bufgap_getbin(bg, &len, sizeof(len));
|
|
len = ntohl(len);
|
|
(void) bufgap_seek(bg, sizeof(len), BGFromHere, BGByte);
|
|
(void) bufgap_getbin(bg, buf, len);
|
|
bignum = BN_bin2bn((const uint8_t *)buf, (int)len, NULL);
|
|
if (pgp_get_debug_level(__FILE__)) {
|
|
hexdump(stderr, header, (const uint8_t *)(void *)buf, len);
|
|
}
|
|
(void) bufgap_seek(bg, len, BGFromHere, BGByte);
|
|
return bignum;
|
|
}
|
|
|
|
#if 0
|
|
static int
|
|
putbignum(bufgap_t *bg, BIGNUM *bignum)
|
|
{
|
|
uint32_t len;
|
|
|
|
len = BN_num_bytes(bignum);
|
|
(void) bufgap_insert(bg, &len, sizeof(len));
|
|
(void) bufgap_insert(bg, buf, len);
|
|
bignum = BN_bin2bn((const uint8_t *)buf, (int)len, NULL);
|
|
if (pgp_get_debug_level(__FILE__)) {
|
|
hexdump(stderr, header, buf, (int)len);
|
|
}
|
|
(void) bufgap_seek(bg, len, BGFromHere, BGByte);
|
|
return bignum;
|
|
}
|
|
#endif
|
|
|
|
static str_t pkatypes[] = {
|
|
{ "ssh-rsa", 7, PGP_PKA_RSA },
|
|
{ "ssh-dss", 7, PGP_PKA_DSA },
|
|
{ "ssh-dsa", 7, PGP_PKA_DSA },
|
|
{ NULL, 0, 0 }
|
|
};
|
|
|
|
/* look for a string in the given array */
|
|
static int
|
|
findstr(str_t *array, const char *name)
|
|
{
|
|
str_t *sp;
|
|
|
|
for (sp = array ; sp->s ; sp++) {
|
|
if (strncmp(name, sp->s, sp->len) == 0) {
|
|
return sp->type;
|
|
}
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
/* convert an ssh (host) pubkey to a pgp pubkey */
|
|
int
|
|
pgp_ssh2pubkey(pgp_io_t *io, const char *f, pgp_key_t *key, pgp_hash_alg_t hashtype)
|
|
{
|
|
pgp_pubkey_t *pubkey;
|
|
struct stat st;
|
|
bufgap_t bg;
|
|
uint32_t len;
|
|
int64_t off;
|
|
uint8_t *userid;
|
|
char hostname[256];
|
|
char owner[256];
|
|
char *space;
|
|
char *buf;
|
|
char *bin;
|
|
int ok;
|
|
int cc;
|
|
|
|
(void) memset(&bg, 0x0, sizeof(bg));
|
|
if (!bufgap_open(&bg, f)) {
|
|
(void) fprintf(stderr, "pgp_ssh2pubkey: can't open '%s'\n", f);
|
|
return 0;
|
|
}
|
|
(void)stat(f, &st);
|
|
if ((buf = calloc(1, (size_t)st.st_size)) == NULL) {
|
|
(void) fprintf(stderr, "can't calloc %zu bytes for '%s'\n", (size_t)st.st_size, f);
|
|
bufgap_close(&bg);
|
|
return 0;
|
|
}
|
|
if ((bin = calloc(1, (size_t)st.st_size)) == NULL) {
|
|
(void) fprintf(stderr, "can't calloc %zu bytes for '%s'\n", (size_t)st.st_size, f);
|
|
(void) free(buf);
|
|
bufgap_close(&bg);
|
|
return 0;
|
|
}
|
|
|
|
/* move past ascii type of key */
|
|
while (bufgap_peek(&bg, 0) != ' ') {
|
|
bufgap_seek(&bg, 1, BGFromHere, BGByte);
|
|
}
|
|
bufgap_seek(&bg, 1, BGFromHere, BGByte);
|
|
off = bufgap_tell(&bg, BGFromBOF, BGByte);
|
|
|
|
if (bufgap_size(&bg, BGByte) - off < 10) {
|
|
(void) fprintf(stderr, "bad key file '%s'\n", f);
|
|
(void) free(buf);
|
|
bufgap_close(&bg);
|
|
return 0;
|
|
}
|
|
|
|
/* convert from base64 to binary */
|
|
cc = bufgap_getbin(&bg, buf, (size_t)bg.bcc);
|
|
if ((space = strchr(buf, ' ')) != NULL) {
|
|
cc = (int)(space - buf);
|
|
}
|
|
if (pgp_get_debug_level(__FILE__)) {
|
|
hexdump(stderr, NULL, (const uint8_t *)(const void *)buf, (size_t)cc);
|
|
}
|
|
cc = frombase64(bin, buf, (size_t)cc, 0);
|
|
if (pgp_get_debug_level(__FILE__)) {
|
|
hexdump(stderr, "decoded base64:", (const uint8_t *)(const void *)bin, (size_t)cc);
|
|
}
|
|
bufgap_delete(&bg, (uint64_t)bufgap_tell(&bg, BGFromEOF, BGByte));
|
|
bufgap_insert(&bg, bin, cc);
|
|
bufgap_seek(&bg, off, BGFromBOF, BGByte);
|
|
|
|
/* get the type of key */
|
|
(void) bufgap_getbin(&bg, &len, sizeof(len));
|
|
len = ntohl(len);
|
|
(void) bufgap_seek(&bg, sizeof(len), BGFromHere, BGByte);
|
|
(void) bufgap_getbin(&bg, buf, len);
|
|
(void) bufgap_seek(&bg, len, BGFromHere, BGByte);
|
|
|
|
(void) memset(key, 0x0, sizeof(*key));
|
|
pubkey = &key->key.seckey.pubkey;
|
|
pubkey->version = PGP_V4;
|
|
pubkey->birthtime = 0;
|
|
/* get key type */
|
|
ok = 1;
|
|
switch (pubkey->alg = findstr(pkatypes, buf)) {
|
|
case PGP_PKA_RSA:
|
|
/* get the 'e' param of the key */
|
|
pubkey->key.rsa.e = getbignum(&bg, buf, "RSA E");
|
|
/* get the 'n' param of the key */
|
|
pubkey->key.rsa.n = getbignum(&bg, buf, "RSA N");
|
|
break;
|
|
case PGP_PKA_DSA:
|
|
/* get the 'p' param of the key */
|
|
pubkey->key.dsa.p = getbignum(&bg, buf, "DSA P");
|
|
/* get the 'q' param of the key */
|
|
pubkey->key.dsa.q = getbignum(&bg, buf, "DSA Q");
|
|
/* get the 'g' param of the key */
|
|
pubkey->key.dsa.g = getbignum(&bg, buf, "DSA G");
|
|
/* get the 'y' param of the key */
|
|
pubkey->key.dsa.y = getbignum(&bg, buf, "DSA Y");
|
|
break;
|
|
default:
|
|
(void) fprintf(stderr, "Unrecognised pubkey type %d for '%s'\n",
|
|
pubkey->alg, f);
|
|
ok = 0;
|
|
break;
|
|
}
|
|
|
|
/* check for stragglers */
|
|
if (ok && bufgap_tell(&bg, BGFromEOF, BGByte) > 0) {
|
|
printf("%"PRIi64" bytes left\n", bufgap_tell(&bg, BGFromEOF, BGByte));
|
|
printf("[%s]\n", bufgap_getstr(&bg));
|
|
ok = 0;
|
|
}
|
|
if (ok) {
|
|
(void) memset(&userid, 0x0, sizeof(userid));
|
|
(void) gethostname(hostname, sizeof(hostname));
|
|
if (strlen(space + 1) - 1 == 0) {
|
|
(void) snprintf(owner, sizeof(owner), "<root@%s>",
|
|
hostname);
|
|
} else {
|
|
(void) snprintf(owner, sizeof(owner), "<%.*s>",
|
|
(int)strlen(space + 1) - 1,
|
|
space + 1);
|
|
}
|
|
(void) pgp_asprintf((char **)(void *)&userid,
|
|
"%s (%s) %s",
|
|
hostname,
|
|
f,
|
|
owner);
|
|
pgp_keyid(key->sigid, sizeof(key->sigid), pubkey, hashtype);
|
|
pgp_add_userid(key, userid);
|
|
pgp_fingerprint(&key->sigfingerprint, pubkey, hashtype);
|
|
free(userid);
|
|
if (pgp_get_debug_level(__FILE__)) {
|
|
/*pgp_print_keydata(io, keyring, key, "pub", pubkey, 0);*/
|
|
__PGP_USED(io); /* XXX */
|
|
}
|
|
}
|
|
(void) free(bin);
|
|
(void) free(buf);
|
|
bufgap_close(&bg);
|
|
return ok;
|
|
}
|
|
|
|
/* convert an ssh (host) seckey to a pgp seckey */
|
|
int
|
|
pgp_ssh2seckey(pgp_io_t *io, const char *f, pgp_key_t *key, pgp_pubkey_t *pubkey, pgp_hash_alg_t hashtype)
|
|
{
|
|
pgp_crypt_t crypted;
|
|
pgp_hash_t hash;
|
|
unsigned done = 0;
|
|
unsigned i = 0;
|
|
uint8_t sesskey[CAST_KEY_LENGTH];
|
|
uint8_t hashed[PGP_SHA1_HASH_SIZE];
|
|
BIGNUM *tmp;
|
|
|
|
__PGP_USED(io);
|
|
/* XXX - check for rsa/dsa */
|
|
if (!openssl_read_pem_seckey(f, key, "ssh-rsa", 0)) {
|
|
return 0;
|
|
}
|
|
if (pgp_get_debug_level(__FILE__)) {
|
|
/*pgp_print_keydata(io, key, "sec", &key->key.seckey.pubkey, 0);*/
|
|
/* XXX */
|
|
}
|
|
/* let's add some sane defaults */
|
|
(void) memcpy(&key->key.seckey.pubkey, pubkey, sizeof(*pubkey));
|
|
key->key.seckey.s2k_usage = PGP_S2KU_ENCRYPTED_AND_HASHED;
|
|
key->key.seckey.alg = PGP_SA_CAST5;
|
|
key->key.seckey.s2k_specifier = PGP_S2KS_SALTED;
|
|
key->key.seckey.hash_alg = PGP_HASH_SHA1;
|
|
if (key->key.seckey.pubkey.alg == PGP_PKA_RSA) {
|
|
/* openssh and openssl have p and q swapped */
|
|
tmp = key->key.seckey.key.rsa.p;
|
|
key->key.seckey.key.rsa.p = key->key.seckey.key.rsa.q;
|
|
key->key.seckey.key.rsa.q = tmp;
|
|
}
|
|
for (done = 0, i = 0; done < CAST_KEY_LENGTH; i++) {
|
|
unsigned j;
|
|
uint8_t zero = 0;
|
|
int needed;
|
|
int size;
|
|
|
|
needed = CAST_KEY_LENGTH - done;
|
|
size = MIN(needed, PGP_SHA1_HASH_SIZE);
|
|
|
|
pgp_hash_any(&hash, key->key.seckey.hash_alg);
|
|
if (!hash.init(&hash)) {
|
|
(void) fprintf(stderr, "write_seckey_body: bad alloc\n");
|
|
return 0;
|
|
}
|
|
|
|
/* preload if iterating */
|
|
for (j = 0; j < i; j++) {
|
|
/*
|
|
* Coverity shows a DEADCODE error on this
|
|
* line. This is expected since the hardcoded
|
|
* use of SHA1 and CAST5 means that it will
|
|
* not used. This will change however when
|
|
* other algorithms are supported.
|
|
*/
|
|
hash.add(&hash, &zero, 1);
|
|
}
|
|
|
|
if (key->key.seckey.s2k_specifier == PGP_S2KS_SALTED) {
|
|
hash.add(&hash, key->key.seckey.salt, PGP_SALT_SIZE);
|
|
}
|
|
hash.finish(&hash, hashed);
|
|
|
|
/*
|
|
* if more in hash than is needed by session key, use
|
|
* the leftmost octets
|
|
*/
|
|
(void) memcpy(&sesskey[i * PGP_SHA1_HASH_SIZE],
|
|
hashed, (unsigned)size);
|
|
done += (unsigned)size;
|
|
if (done > CAST_KEY_LENGTH) {
|
|
(void) fprintf(stderr,
|
|
"write_seckey_body: short add\n");
|
|
return 0;
|
|
}
|
|
}
|
|
pgp_crypt_any(&crypted, key->key.seckey.alg);
|
|
crypted.set_iv(&crypted, key->key.seckey.iv);
|
|
crypted.set_crypt_key(&crypted, sesskey);
|
|
pgp_encrypt_init(&crypted);
|
|
key->key.seckey.pubkey.alg = PGP_PKA_RSA;
|
|
pgp_fingerprint(&key->sigfingerprint, pubkey, hashtype);
|
|
pgp_keyid(key->sigid, sizeof(key->sigid), pubkey, hashtype);
|
|
return 1;
|
|
}
|
|
|
|
/* read a key from the ssh file, and add it to a keyring */
|
|
int
|
|
pgp_ssh2_readkeys(pgp_io_t *io, pgp_keyring_t *pubring,
|
|
pgp_keyring_t *secring, const char *pubfile,
|
|
const char *secfile, unsigned hashtype)
|
|
{
|
|
pgp_key_t *pubkey;
|
|
pgp_key_t *seckey;
|
|
pgp_key_t key;
|
|
|
|
pubkey = NULL;
|
|
(void) memset(&key, 0x0, sizeof(key));
|
|
if (pubfile) {
|
|
if (pgp_get_debug_level(__FILE__)) {
|
|
(void) fprintf(io->errs, "pgp_ssh2_readkeys: pubfile '%s'\n", pubfile);
|
|
}
|
|
if (!pgp_ssh2pubkey(io, pubfile, &key, (pgp_hash_alg_t)hashtype)) {
|
|
(void) fprintf(io->errs, "pgp_ssh2_readkeys: can't read pubkeys '%s'\n", pubfile);
|
|
return 0;
|
|
}
|
|
EXPAND_ARRAY(pubring, key);
|
|
pubkey = &pubring->keys[pubring->keyc++];
|
|
(void) memcpy(pubkey, &key, sizeof(key));
|
|
pubkey->type = PGP_PTAG_CT_PUBLIC_KEY;
|
|
}
|
|
if (secfile) {
|
|
if (pgp_get_debug_level(__FILE__)) {
|
|
(void) fprintf(io->errs, "pgp_ssh2_readkeys: secfile '%s'\n", secfile);
|
|
}
|
|
if (pubkey == NULL) {
|
|
pubkey = &pubring->keys[0];
|
|
}
|
|
if (!pgp_ssh2seckey(io, secfile, &key, &pubkey->key.pubkey, (pgp_hash_alg_t)hashtype)) {
|
|
(void) fprintf(io->errs, "pgp_ssh2_readkeys: can't read seckeys '%s'\n", secfile);
|
|
return 0;
|
|
}
|
|
EXPAND_ARRAY(secring, key);
|
|
seckey = &secring->keys[secring->keyc++];
|
|
(void) memcpy(seckey, &key, sizeof(key));
|
|
seckey->type = PGP_PTAG_CT_SECRET_KEY;
|
|
}
|
|
return 1;
|
|
}
|