[apple/security.git] / OSX / libsecurity_keychain / lib / SecImportExportOpenSSH.cpp

/*
 * Copyright (c) 2006,2011-2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


/*
 * opensshCoding.cpp - Encoding and decoding of OpenSSH format public keys.
 *
 */

#include "SecImportExportOpenSSH.h"
#include "SecImportExportUtils.h"
#include "SecImportExportCrypto.h"
#include <ctype.h>
#include <CommonCrypto/CommonDigest.h>	/* for CC_MD5_DIGEST_LENGTH */
#include <security_utilities/debugging.h>
#include <security_cdsa_utils/cuCdsaUtils.h>

#define SecSSHDbg(args...)	secinfo("openssh", ## args)

#define SSHv2_PUB_KEY_NAME		"OpenSSHv2 Public Key"
#define SSHv1_PUB_KEY_NAME		"OpenSSHv1 Public Key"
#define SSHv1_PRIV_KEY_NAME		"OpenSSHv1 Private Key"

#pragma mark --- Utility functions ---

/* skip whitespace */
static void skipWhite(
	const unsigned char *&cp,
	unsigned &bytesLeft)
{
	while(bytesLeft != 0) {
		if(isspace((int)(*cp))) {
			cp++;
			bytesLeft--;
		}
		else {
			return;
		}
	}
}

/* find next whitespace or EOF - if EOF, rtn pointer points to one past EOF */
static const unsigned char *findNextWhite(
	const unsigned char *cp,
	unsigned &bytesLeft)
{
	while(bytesLeft != 0) {
		if(isspace((int)(*cp))) {
			return cp;
		}
		cp++;
		bytesLeft--;
	}
	return cp;
}

/* obtain comment as the n'th whitespace-delimited field */
static char *commentAsNthField(
	const unsigned char *key,
	unsigned keyLen,
	unsigned n)

{
	unsigned dex;
	
	skipWhite(key, keyLen);
	if(keyLen == 0) {
		return NULL;
	}
	for(dex=0; dex<(n-1); dex++) {
		key = findNextWhite(key, keyLen);
		if(keyLen == 0) {
			return NULL;
		}
		skipWhite(key, keyLen);
		if(keyLen == 0) {
			return NULL;
		}
	}
	
	/* cp points to start of nth field */
	char *rtnStr = (char *)malloc(keyLen + 1);
	memmove(rtnStr, key, keyLen);
	if(rtnStr[keyLen - 1] == '\n') {
		/* normal terminator - snip it off */
		rtnStr[keyLen - 1] = '\0';
	}
	else {
		rtnStr[keyLen] = '\0';
	}
	return rtnStr;

}

static uint32_t readUint32(
	const unsigned char *&cp,		// IN/OUT
	unsigned &len)					// IN/OUT 
{
	uint32_t r = 0;
	
	for(unsigned dex=0; dex<sizeof(uint32_t); dex++) {
		r <<= 8;
		r |= *cp++;
	}
	len -= 4;
	return r;
}

static uint16_t readUint16(
	const unsigned char *&cp,		// IN/OUT
	unsigned &len)					// IN/OUT 
{
	uint16_t r = *cp++;
	r <<= 8;
	r |= *cp++;
	len -= 2;
	return r;
}

/* Skip over an SSHv1 private key formatted bignum */
static void skipBigNum(
	const unsigned char *&cp,		// IN/OUT
	unsigned &len)					// IN/OUT 
{
	if(len < 2) {
		cp += len;
		len = 0;
		return;
	}
	uint16 numBits = readUint16(cp, len);
	unsigned numBytes = (numBits + 7) / 8;
	if(numBytes > len) {
		cp += len;
		len = 0;
		return;
	}
	cp += numBytes;
	len -= numBytes;
}

static char *genPrintName(
	const char *header,		// e.g. SSHv2_PUB_KEY_NAME
	const char *comment)	// optional, from key 
{
	size_t totalLen = strlen(header) + 1;
	if(comment) {
		/* append ": <comment>" */
		totalLen += strlen(comment);
		totalLen += 2;
	}
	char *rtnStr = (char *)malloc(totalLen);
	if(comment) {
		snprintf(rtnStr, totalLen, "%s: %s", header, comment);
	}
	else {
		strcpy(rtnStr, header);
	}
	return rtnStr;
}

#pragma mark --- Infer PrintName attribute from raw keys ---

/* obtain comment from OpenSSHv2 public key */
static char *opensshV2PubComment(
	const unsigned char *key,
	unsigned keyLen)
{
	/*
	 * The format here is
	 * header
	 * <space>
	 * keyblob
	 * <space>
	 * optional comment
	 * \n
	 */
	char *comment = commentAsNthField(key, keyLen, 3);
	char *rtnStr = genPrintName(SSHv2_PUB_KEY_NAME, comment);
	if(comment) {
		free(comment);
	}
	return rtnStr;
}

/* obtain comment from OpenSSHv1 public key */
static char *opensshV1PubComment(
	const unsigned char *key,
	unsigned keyLen)
{
	/*
	 * Format:
	 * numbits
	 * <space>
	 * e (bignum in decimal)
	 * <space>
	 * n (bignum in decimal) 
	 * <space>
	 * optional comment 
	 * \n
	 */
	char *comment = commentAsNthField(key, keyLen, 4);
	char *rtnStr = genPrintName(SSHv1_PUB_KEY_NAME, comment);
	if(comment) {
		free(comment);
	}
	return rtnStr;
}

static const char *authfile_id_string = "SSH PRIVATE KEY FILE FORMAT 1.1\n";

/* obtain comment from OpenSSHv1 private key, wrapped or clear */
static char *opensshV1PrivComment(
	const unsigned char *key,
	unsigned keyLen)
{
	/* 
	 * Format:
	 * "SSH PRIVATE KEY FILE FORMAT 1.1\n"
	 * 1 byte cipherSpec
	 * 4 byte spares
	 * 4 bytes numBits
	 * bignum n
	 * bignum e
	 * 4 byte comment length 
	 * comment
	 * private key components, possibly encrypted 
	 *
	 * A bignum is encoded like so:
	 * 2 bytes numBits
	 * (numBits + 7)/8 bytes of data
	 */
	/* length: ID string, NULL, Cipher, 4-byte spare */
	size_t len = strlen(authfile_id_string);
	if(keyLen < (len + 6)) {
		return NULL;
	}
	if(memcmp(authfile_id_string, key, len)) {
		return NULL;
	}
	key    += (len + 6);
	keyLen -= (len + 6);
	
	/* key points to numBits */
	if(keyLen < 4) {
		return NULL;
	}
	key += 4;
	keyLen -= 4;
	
	/* key points to n */
	skipBigNum(key, keyLen);
	if(keyLen == 0) {
		return NULL;
	}
	skipBigNum(key, keyLen);
	if(keyLen == 0) {
		return NULL;
	}
	
	char *comment = NULL;
	uint32 commentLen = readUint32(key, keyLen);
	if((commentLen != 0) && (commentLen <= keyLen)) {
		comment = (char *)malloc(commentLen + 1);
		memmove(comment, key, commentLen);
		comment[commentLen] = '\0';
	}
	
	char *rtnStr = genPrintName(SSHv1_PRIV_KEY_NAME, comment);
	if(comment) {
		free(comment);
	}
	return rtnStr;
}

/* 
 * Infer PrintName attribute from raw key's 'comment' field. 
 * Returned string is mallocd and must be freed by caller. 
 */
char *impExpOpensshInferPrintName(
	CFDataRef external, 
	SecExternalItemType externType, 
	SecExternalFormat externFormat)
{
	const unsigned char *key = (const unsigned char *)CFDataGetBytePtr(external);
	unsigned keyLen = (unsigned)CFDataGetLength(external);
	switch(externType) {
		case kSecItemTypePublicKey:
			switch(externFormat) {
				case kSecFormatSSH:
					return opensshV1PubComment(key, keyLen);
				case kSecFormatSSHv2:
					return opensshV2PubComment(key, keyLen);
				default:
					/* impossible, right? */
					break;
			}
			break;
		case kSecItemTypePrivateKey:
			switch(externFormat) {
				case kSecFormatSSH:
				case kSecFormatWrappedSSH:
					return opensshV1PrivComment(key, keyLen);
				default:
					break;
			}
			break;
		default:
			break;
	}
	return NULL;
}

#pragma mark --- Infer DescriptiveData from PrintName ---

/* 
 * Infer DescriptiveData (i.e., comment) from a SecKeyRef's PrintName
 * attribute.
 */
void impExpOpensshInferDescData(
	SecKeyRef keyRef,
	CssmOwnedData &descData)
{
	OSStatus ortn;
	SecKeychainAttributeInfo attrInfo;
	SecKeychainAttrType	attrType = kSecKeyPrintName;
	attrInfo.count = 1;
	attrInfo.tag = &attrType;
	attrInfo.format = NULL;	
	SecKeychainAttributeList *attrList = NULL;
	
	ortn = SecKeychainItemCopyAttributesAndData(
		(SecKeychainItemRef)keyRef, 
		&attrInfo,
		NULL,			// itemClass
		&attrList, 
		NULL,			// don't need the data
		NULL);
	if(ortn) {
		SecSSHDbg("SecKeychainItemCopyAttributesAndData returned %ld", (unsigned long)ortn);
		return;
	}
	/* subsequent errors to errOut: */
	SecKeychainAttribute *attr = attrList->attr;
		
	/*
	 * On a previous import, we would have set this to something like 
	 * "OpenSSHv2 Public Key: comment".
	 * We want to strip off everything up to the actual comment.
	 */
	unsigned toStrip = 0;	
	
	/* min length of attribute value for this code to be meaningful */
	unsigned len = strlen(SSHv2_PUB_KEY_NAME) + 1;	
	char *printNameStr = NULL;
	if(len < attr->length) {
		printNameStr = (char *)malloc(attr->length + 1);
		memmove(printNameStr, attr->data, attr->length);
		printNameStr[attr->length] = '\0';
		if(strstr(printNameStr, SSHv2_PUB_KEY_NAME) == printNameStr) {
			toStrip = strlen(SSHv2_PUB_KEY_NAME);
		}
		else if(strstr(printNameStr, SSHv1_PUB_KEY_NAME) == printNameStr) {
			toStrip = strlen(SSHv1_PUB_KEY_NAME);
		}
		else if(strstr(printNameStr, SSHv1_PRIV_KEY_NAME) == printNameStr) {
			toStrip = strlen(SSHv1_PRIV_KEY_NAME);
		}
		if(toStrip) {
			/* only strip if we have ": " after toStrip bytes */
			if((printNameStr[toStrip] == ':') && (printNameStr[toStrip+1] == ' ')) {
				toStrip += 2;
			}
		}
	}
	if(printNameStr) {
		free(printNameStr);
	}
	len = attr->length;

	unsigned char *attrVal;

	if(len < toStrip) {
		SecSSHDbg("impExpOpensshInferDescData: string parse screwup");
		goto errOut;
	}
	if(len > toStrip) {
		/* Normal case of stripping off leading header */
		len -= toStrip;
	}
	else {
		/* 
		 * If equal, then the attr value *is* "OpenSSHv2 Public Key: " with 
		 * no comment. Not sure how that could happen, but let's be careful.
		 */
		toStrip = 0;
	}
	
	attrVal = ((unsigned char *)attr->data) + toStrip;
	descData.copy(attrVal, len);
errOut:
	SecKeychainItemFreeAttributesAndData(attrList, NULL);
	return;
}

#pragma mark --- Derive SSHv1 wrap/unwrap key ---

/* 
 * Common code to derive a wrap/unwrap key for OpenSSHv1.
 * Caller must CSSM_FreeKey when done.
 */
static CSSM_RETURN openSSHv1DeriveKey(
	CSSM_CSP_HANDLE		cspHand,
	const SecKeyImportExportParameters	*keyParams,		// required 
	impExpVerifyPhrase  verifyPhrase,					// for secure passphrase
	CSSM_KEY_PTR		symKey)							// RETURNED
{
	CSSM_KEY					*passKey = NULL;
	CFDataRef					cfPhrase = NULL;
	CSSM_RETURN					crtn;
	OSStatus					ortn;
	CSSM_DATA					dummyLabel;
	uint32						keyAttr;
	CSSM_CC_HANDLE 				ccHand = 0;
	CSSM_ACCESS_CREDENTIALS		creds;
	CSSM_CRYPTO_DATA			seed;
	CSSM_DATA					nullParam = {0, NULL};
	
	memset(symKey, 0, sizeof(CSSM_KEY));
	
	/* passphrase or passkey? */
	ortn = impExpPassphraseCommon(keyParams, cspHand, SPF_Data, verifyPhrase,
		(CFTypeRef *)&cfPhrase, &passKey);
	if(ortn) {
		return ortn;
	}
	/* subsequent errors to errOut: */

	memset(&seed, 0, sizeof(seed));
	if(cfPhrase != NULL) {
		/* TBD - caller-supplied empty passphrase means "export in the clear" */
		size_t len = CFDataGetLength(cfPhrase);
		seed.Param.Data = (uint8 *)malloc(len);
		seed.Param.Length = len;
		memmove(seed.Param.Data, CFDataGetBytePtr(cfPhrase), len);
		CFRelease(cfPhrase);
	}

	memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
	crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand,
		CSSM_ALGID_OPENSSH1,
		CSSM_ALGID_OPENSSH1,
		CC_MD5_DIGEST_LENGTH * 8,
		&creds,
		passKey,		// BaseKey
		0,				// iterationCount
		NULL,			// salt
		&seed,
		&ccHand);
	if(crtn) {
		SecSSHDbg("openSSHv1DeriveKey CSSM_CSP_CreateDeriveKeyContext failure");
		goto errOut;
	}
	
	/* not extractable even for the short time this key lives */
	keyAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE;
	dummyLabel.Data = (uint8 *)"temp unwrap key";
	dummyLabel.Length = strlen((char *)dummyLabel.Data);
	
	crtn = CSSM_DeriveKey(ccHand,
		&nullParam,
		CSSM_KEYUSE_ANY,
		keyAttr,
		&dummyLabel,
		NULL,			// cred and acl
		symKey);
	if(crtn) {
		SecSSHDbg("openSSHv1DeriveKey CSSM_DeriveKey failure");
	}
errOut:
	if(ccHand != 0) {
		CSSM_DeleteContext(ccHand);
	}
	if(passKey != NULL) {
		CSSM_FreeKey(cspHand, NULL, passKey, CSSM_FALSE);
		free(passKey);
	}
	if(seed.Param.Data) {
		memset(seed.Param.Data, 0, seed.Param.Length);
		free(seed.Param.Data);
	}
	return crtn;
}

#pragma mark -- OpenSSHv1 Wrap/Unwrap ---

/*
 * If cspHand is provided instead of importKeychain, the CSP 
 * handle MUST be for the CSPDL, not for the raw CSP.
 */
OSStatus impExpWrappedOpenSSHImport(
	CFDataRef							inData,
	SecKeychainRef						importKeychain, // optional
	CSSM_CSP_HANDLE						cspHand,		// required
	SecItemImportExportFlags			flags,
	const SecKeyImportExportParameters	*keyParams,		// optional 
	const char							*printName,
	CFMutableArrayRef					outArray)		// optional, append here 
{
	OSStatus				ortn;
	impExpKeyUnwrapParams   unwrapParams;

	assert(cspHand != 0);
	if(keyParams == NULL) {
		return errSecParam;
	}
	memset(&unwrapParams, 0, sizeof(unwrapParams));

	/* derive unwrapping key */
	CSSM_KEY unwrappingKey;
	
	ortn = openSSHv1DeriveKey(cspHand, keyParams, VP_Import, &unwrappingKey);
	if(ortn) {
		return ortn;
	}
	
	/* set up key to unwrap */
	CSSM_KEY				wrappedKey;
	CSSM_KEYHEADER			&hdr = wrappedKey.KeyHeader;
	memset(&wrappedKey, 0, sizeof(CSSM_KEY));
	hdr.HeaderVersion = CSSM_KEYHEADER_VERSION;
	/* CspId : don't care */
	hdr.BlobType = CSSM_KEYBLOB_WRAPPED;
	hdr.Format = CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1;
	hdr.AlgorithmId = CSSM_ALGID_RSA;		/* the oly algorithm supported in SSHv1 */
	hdr.KeyClass = CSSM_KEYCLASS_PRIVATE_KEY;
	/* LogicalKeySizeInBits : calculated by CSP during unwrap */
	hdr.KeyAttr = CSSM_KEYATTR_EXTRACTABLE;
	hdr.KeyUsage = CSSM_KEYUSE_ANY;

	wrappedKey.KeyData.Data = (uint8 *)CFDataGetBytePtr(inData);
	wrappedKey.KeyData.Length = CFDataGetLength(inData);
	
	unwrapParams.unwrappingKey = &unwrappingKey;
	unwrapParams.encrAlg = CSSM_ALGID_OPENSSH1;
	
	/* GO */
	ortn =  impExpImportKeyCommon(&wrappedKey, importKeychain, cspHand,
		flags, keyParams, &unwrapParams, printName, outArray);
		
	if(unwrappingKey.KeyData.Data != NULL) {
		CSSM_FreeKey(cspHand, NULL, &unwrappingKey, CSSM_FALSE);
	}
	return ortn;
}

OSStatus impExpWrappedOpenSSHExport(
	SecKeyRef							secKey,
	SecItemImportExportFlags			flags,		
	const SecKeyImportExportParameters	*keyParams,		// optional 
	const CssmData						&descData,
	CFMutableDataRef					outData)		// output appended here
{
	CSSM_CSP_HANDLE cspdlHand = 0;
	OSStatus ortn;
	bool releaseCspHand = false;
	CSSM_RETURN crtn;
	
	if(keyParams == NULL) {
		return errSecParam;
	}

	/* we need a CSPDL handle - try to get it from the key */	
	ortn = SecKeyGetCSPHandle(secKey, &cspdlHand);
	if(ortn) {
		cspdlHand = cuCspStartup(CSSM_FALSE);
		if(cspdlHand == 0) {
			return CSSMERR_CSSM_ADDIN_LOAD_FAILED;
		}
		releaseCspHand = true;
	}
	/* subsequent errors to errOut: */

	/* derive wrapping key */
	CSSM_KEY wrappingKey;
	crtn = openSSHv1DeriveKey(cspdlHand, keyParams, VP_Export, &wrappingKey);
	if(crtn) {
		goto errOut;
	}
	
	/* GO */
	CSSM_KEY wrappedKey;
	memset(&wrappedKey, 0, sizeof(CSSM_KEY));
	
	crtn = impExpExportKeyCommon(cspdlHand, secKey, &wrappingKey, &wrappedKey,
		CSSM_ALGID_OPENSSH1, CSSM_ALGMODE_NONE, CSSM_PADDING_NONE,
		CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1, CSSM_ATTRIBUTE_NONE, CSSM_KEYBLOB_RAW_FORMAT_NONE, 
		&descData,
		NULL);	// IV
	if(crtn) {
		goto errOut;
	}
	
	/* the wrappedKey's KeyData is out output */
	CFDataAppendBytes(outData, wrappedKey.KeyData.Data, wrappedKey.KeyData.Length);
	CSSM_FreeKey(cspdlHand, NULL, &wrappedKey, CSSM_FALSE);
	
errOut:
	if(releaseCspHand) {
		cuCspDetachUnload(cspdlHand, CSSM_FALSE);
	}
	return crtn;

}
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2006,2011-2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	/*
	26	* opensshCoding.cpp - Encoding and decoding of OpenSSH format public keys.
	27	*
b1ab9ed8 A	28	*/
	29
	30	#include "SecImportExportOpenSSH.h"
	31	#include "SecImportExportUtils.h"
	32	#include "SecImportExportCrypto.h"
	33	#include <ctype.h>
	34	#include <CommonCrypto/CommonDigest.h> /* for CC_MD5_DIGEST_LENGTH */
	35	#include <security_utilities/debugging.h>
b1ab9ed8 A	36	#include <security_cdsa_utils/cuCdsaUtils.h>
b1ab9ed8 A	37
fa7225c8	38	#define SecSSHDbg(args...) secinfo("openssh", ## args)
b1ab9ed8 A	39
	40	#define SSHv2_PUB_KEY_NAME "OpenSSHv2 Public Key"
	41	#define SSHv1_PUB_KEY_NAME "OpenSSHv1 Public Key"
	42	#define SSHv1_PRIV_KEY_NAME "OpenSSHv1 Private Key"
	43
	44	#pragma mark --- Utility functions ---
	45
	46	/* skip whitespace */
	47	static void skipWhite(
	48	const unsigned char *&cp,
	49	unsigned &bytesLeft)
	50	{
	51	while(bytesLeft != 0) {
	52	if(isspace((int)(*cp))) {
	53	cp++;
	54	bytesLeft--;
	55	}
	56	else {
	57	return;
	58	}
	59	}
	60	}
	61
	62	/* find next whitespace or EOF - if EOF, rtn pointer points to one past EOF */
	63	static const unsigned char *findNextWhite(
	64	const unsigned char *cp,
	65	unsigned &bytesLeft)
	66	{
	67	while(bytesLeft != 0) {
	68	if(isspace((int)(*cp))) {
	69	return cp;
	70	}
	71	cp++;
	72	bytesLeft--;
	73	}
	74	return cp;
	75	}
	76
	77	/* obtain comment as the n'th whitespace-delimited field */
	78	static char *commentAsNthField(
	79	const unsigned char *key,
	80	unsigned keyLen,
	81	unsigned n)
	82
	83	{
	84	unsigned dex;
	85
	86	skipWhite(key, keyLen);
	87	if(keyLen == 0) {
	88	return NULL;
	89	}
	90	for(dex=0; dex<(n-1); dex++) {
	91	key = findNextWhite(key, keyLen);
	92	if(keyLen == 0) {
	93	return NULL;
	94	}
	95	skipWhite(key, keyLen);
	96	if(keyLen == 0) {
	97	return NULL;
	98	}
	99	}
	100
	101	/* cp points to start of nth field */
	102	char rtnStr = (char )malloc(keyLen + 1);
103	memmove(rtnStr, key, keyLen);
104	if(rtnStr[keyLen - 1] == '\n') {
105	/* normal terminator - snip it off */
106	rtnStr[keyLen - 1] = '\0';
107	}
108	else {
109	rtnStr[keyLen] = '\0';
110	}
111	return rtnStr;
112
113	}
114
115	static uint32_t readUint32(
116	const unsigned char *&cp, // IN/OUT
117	unsigned &len) // IN/OUT
118	{
119	uint32_t r = 0;
120
121	for(unsigned dex=0; dex<sizeof(uint32_t); dex++) {
122	r <<= 8;
123	r \|= *cp++;
124	}
125	len -= 4;
126	return r;
127	}
128
129	static uint16_t readUint16(
130	const unsigned char *&cp, // IN/OUT
131	unsigned &len) // IN/OUT
132	{
133	uint16_t r = *cp++;
134	r <<= 8;
135	r \|= *cp++;
136	len -= 2;
137	return r;
138	}
139
140	/* Skip over an SSHv1 private key formatted bignum */
141	static void skipBigNum(
142	const unsigned char *&cp, // IN/OUT
143	unsigned &len) // IN/OUT
144	{
145	if(len < 2) {
146	cp += len;
147	len = 0;
148	return;
149	}
150	uint16 numBits = readUint16(cp, len);
151	unsigned numBytes = (numBits + 7) / 8;
152	if(numBytes > len) {
153	cp += len;
154	len = 0;
155	return;
156	}
157	cp += numBytes;
158	len -= numBytes;
159	}
160
161	static char *genPrintName(
162	const char *header, // e.g. SSHv2_PUB_KEY_NAME
163	const char *comment) // optional, from key
164	{
427c49bc	165	size_t totalLen = strlen(header) + 1;
b1ab9ed8 A	166	if(comment) {
	167	/* append ": <comment>" */
	168	totalLen += strlen(comment);
	169	totalLen += 2;
	170	}
	171	char rtnStr = (char )malloc(totalLen);
	172	if(comment) {
	173	snprintf(rtnStr, totalLen, "%s: %s", header, comment);
	174	}
	175	else {
	176	strcpy(rtnStr, header);
	177	}
	178	return rtnStr;
	179	}
	180
	181	#pragma mark --- Infer PrintName attribute from raw keys ---
	182
	183	/* obtain comment from OpenSSHv2 public key */
	184	static char *opensshV2PubComment(
	185	const unsigned char *key,
	186	unsigned keyLen)
	187	{
	188	/*
	189	* The format here is
	190	* header
	191	* <space>
	192	* keyblob
	193	* <space>
	194	* optional comment
	195	* \n
	196	*/
	197	char *comment = commentAsNthField(key, keyLen, 3);
	198	char *rtnStr = genPrintName(SSHv2_PUB_KEY_NAME, comment);
	199	if(comment) {
	200	free(comment);
	201	}
	202	return rtnStr;
	203	}
	204
	205	/* obtain comment from OpenSSHv1 public key */
	206	static char *opensshV1PubComment(
	207	const unsigned char *key,
	208	unsigned keyLen)
	209	{
	210	/*
	211	* Format:
	212	* numbits
	213	* <space>
	214	* e (bignum in decimal)
	215	* <space>
	216	* n (bignum in decimal)
	217	* <space>
	218	* optional comment
	219	* \n
	220	*/
	221	char *comment = commentAsNthField(key, keyLen, 4);
	222	char *rtnStr = genPrintName(SSHv1_PUB_KEY_NAME, comment);
	223	if(comment) {
	224	free(comment);
	225	}
	226	return rtnStr;
	227	}
	228
	229	static const char *authfile_id_string = "SSH PRIVATE KEY FILE FORMAT 1.1\n";
230
231	/* obtain comment from OpenSSHv1 private key, wrapped or clear */
232	static char *opensshV1PrivComment(
233	const unsigned char *key,
234	unsigned keyLen)
235	{
236	/*
237	* Format:
238	* "SSH PRIVATE KEY FILE FORMAT 1.1\n"
239	* 1 byte cipherSpec
240	* 4 byte spares
241	* 4 bytes numBits
242	* bignum n
243	* bignum e
244	* 4 byte comment length
245	* comment
246	* private key components, possibly encrypted
247	*
248	* A bignum is encoded like so:
249	* 2 bytes numBits
250	* (numBits + 7)/8 bytes of data
251	*/
252	/* length: ID string, NULL, Cipher, 4-byte spare */
427c49bc	253	size_t len = strlen(authfile_id_string);
b1ab9ed8 A	254	if(keyLen < (len + 6)) {
	255	return NULL;
	256	}
	257	if(memcmp(authfile_id_string, key, len)) {
	258	return NULL;
	259	}
	260	key += (len + 6);
	261	keyLen -= (len + 6);
	262
	263	/* key points to numBits */
	264	if(keyLen < 4) {
	265	return NULL;
	266	}
	267	key += 4;
	268	keyLen -= 4;
	269
	270	/* key points to n */
	271	skipBigNum(key, keyLen);
	272	if(keyLen == 0) {
	273	return NULL;
	274	}
	275	skipBigNum(key, keyLen);
	276	if(keyLen == 0) {
	277	return NULL;
	278	}
	279
	280	char *comment = NULL;
	281	uint32 commentLen = readUint32(key, keyLen);
	282	if((commentLen != 0) && (commentLen <= keyLen)) {
	283	comment = (char *)malloc(commentLen + 1);
	284	memmove(comment, key, commentLen);
	285	comment[commentLen] = '\0';
	286	}
	287
	288	char *rtnStr = genPrintName(SSHv1_PRIV_KEY_NAME, comment);
	289	if(comment) {
	290	free(comment);
	291	}
	292	return rtnStr;
	293	}
	294
	295	/*
	296	* Infer PrintName attribute from raw key's 'comment' field.
	297	* Returned string is mallocd and must be freed by caller.
	298	*/
	299	char *impExpOpensshInferPrintName(
	300	CFDataRef external,
	301	SecExternalItemType externType,
	302	SecExternalFormat externFormat)
	303	{
	304	const unsigned char key = (const unsigned char )CFDataGetBytePtr(external);
427c49bc	305	unsigned keyLen = (unsigned)CFDataGetLength(external);
b1ab9ed8 A	306	switch(externType) {
	307	case kSecItemTypePublicKey:
	308	switch(externFormat) {
	309	case kSecFormatSSH:
	310	return opensshV1PubComment(key, keyLen);
	311	case kSecFormatSSHv2:
	312	return opensshV2PubComment(key, keyLen);
	313	default:
	314	/* impossible, right? */
	315	break;
	316	}
	317	break;
	318	case kSecItemTypePrivateKey:
	319	switch(externFormat) {
	320	case kSecFormatSSH:
	321	case kSecFormatWrappedSSH:
	322	return opensshV1PrivComment(key, keyLen);
	323	default:
	324	break;
	325	}
	326	break;
	327	default:
	328	break;
	329	}
	330	return NULL;
	331	}
	332
	333	#pragma mark --- Infer DescriptiveData from PrintName ---
	334
	335	/*
	336	* Infer DescriptiveData (i.e., comment) from a SecKeyRef's PrintName
	337	* attribute.
	338	*/
	339	void impExpOpensshInferDescData(
	340	SecKeyRef keyRef,
	341	CssmOwnedData &descData)
	342	{
	343	OSStatus ortn;
	344	SecKeychainAttributeInfo attrInfo;
	345	SecKeychainAttrType attrType = kSecKeyPrintName;
	346	attrInfo.count = 1;
	347	attrInfo.tag = &attrType;
	348	attrInfo.format = NULL;
	349	SecKeychainAttributeList *attrList = NULL;
	350
	351	ortn = SecKeychainItemCopyAttributesAndData(
	352	(SecKeychainItemRef)keyRef,
	353	&attrInfo,
	354	NULL, // itemClass
	355	&attrList,
	356	NULL, // don't need the data
	357	NULL);
	358	if(ortn) {
427c49bc	359	SecSSHDbg("SecKeychainItemCopyAttributesAndData returned %ld", (unsigned long)ortn);
b1ab9ed8 A	360	return;
	361	}
	362	/* subsequent errors to errOut: */
	363	SecKeychainAttribute *attr = attrList->attr;
	364
	365	/*
	366	* On a previous import, we would have set this to something like
	367	* "OpenSSHv2 Public Key: comment".
	368	* We want to strip off everything up to the actual comment.
	369	*/
	370	unsigned toStrip = 0;
	371
	372	/* min length of attribute value for this code to be meaningful */
	373	unsigned len = strlen(SSHv2_PUB_KEY_NAME) + 1;
	374	char *printNameStr = NULL;
	375	if(len < attr->length) {
	376	printNameStr = (char *)malloc(attr->length + 1);
	377	memmove(printNameStr, attr->data, attr->length);
	378	printNameStr[attr->length] = '\0';
	379	if(strstr(printNameStr, SSHv2_PUB_KEY_NAME) == printNameStr) {
	380	toStrip = strlen(SSHv2_PUB_KEY_NAME);
	381	}
	382	else if(strstr(printNameStr, SSHv1_PUB_KEY_NAME) == printNameStr) {
	383	toStrip = strlen(SSHv1_PUB_KEY_NAME);
	384	}
	385	else if(strstr(printNameStr, SSHv1_PRIV_KEY_NAME) == printNameStr) {
	386	toStrip = strlen(SSHv1_PRIV_KEY_NAME);
	387	}
	388	if(toStrip) {
	389	/* only strip if we have ": " after toStrip bytes */
	390	if((printNameStr[toStrip] == ':') && (printNameStr[toStrip+1] == ' ')) {
	391	toStrip += 2;
	392	}
	393	}
	394	}
	395	if(printNameStr) {
	396	free(printNameStr);
	397	}
	398	len = attr->length;
	399
	400	unsigned char *attrVal;
	401
	402	if(len < toStrip) {
	403	SecSSHDbg("impExpOpensshInferDescData: string parse screwup");
	404	goto errOut;
	405	}
	406	if(len > toStrip) {
	407	/* Normal case of stripping off leading header */
	408	len -= toStrip;
	409	}
	410	else {
	411	/*
	412	* If equal, then the attr value is "OpenSSHv2 Public Key: " with
	413	* no comment. Not sure how that could happen, but let's be careful.
	414	*/
	415	toStrip = 0;
	416	}
	417
	418	attrVal = ((unsigned char *)attr->data) + toStrip;
	419	descData.copy(attrVal, len);
	420	errOut:
	421	SecKeychainItemFreeAttributesAndData(attrList, NULL);
	422	return;
	423	}
424
425	#pragma mark --- Derive SSHv1 wrap/unwrap key ---
426
427	/*
428	* Common code to derive a wrap/unwrap key for OpenSSHv1.
429	* Caller must CSSM_FreeKey when done.
430	*/
431	static CSSM_RETURN openSSHv1DeriveKey(
432	CSSM_CSP_HANDLE cspHand,
433	const SecKeyImportExportParameters *keyParams, // required
434	impExpVerifyPhrase verifyPhrase, // for secure passphrase
435	CSSM_KEY_PTR symKey) // RETURNED
436	{
437	CSSM_KEY *passKey = NULL;
438	CFDataRef cfPhrase = NULL;
439	CSSM_RETURN crtn;
440	OSStatus ortn;
441	CSSM_DATA dummyLabel;
442	uint32 keyAttr;
443	CSSM_CC_HANDLE ccHand = 0;
444	CSSM_ACCESS_CREDENTIALS creds;
445	CSSM_CRYPTO_DATA seed;
446	CSSM_DATA nullParam = {0, NULL};
447
448	memset(symKey, 0, sizeof(CSSM_KEY));
449
450	/* passphrase or passkey? */
451	ortn = impExpPassphraseCommon(keyParams, cspHand, SPF_Data, verifyPhrase,
452	(CFTypeRef *)&cfPhrase, &passKey);
453	if(ortn) {
454	return ortn;
455	}
456	/* subsequent errors to errOut: */
457
458	memset(&seed, 0, sizeof(seed));
459	if(cfPhrase != NULL) {
460	/* TBD - caller-supplied empty passphrase means "export in the clear" */
427c49bc	461	size_t len = CFDataGetLength(cfPhrase);
b1ab9ed8 A	462	seed.Param.Data = (uint8 *)malloc(len);
	463	seed.Param.Length = len;
	464	memmove(seed.Param.Data, CFDataGetBytePtr(cfPhrase), len);
	465	CFRelease(cfPhrase);
	466	}
	467
	468	memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
	469	crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand,
	470	CSSM_ALGID_OPENSSH1,
	471	CSSM_ALGID_OPENSSH1,
	472	CC_MD5_DIGEST_LENGTH * 8,
	473	&creds,
	474	passKey, // BaseKey
	475	0, // iterationCount
	476	NULL, // salt
	477	&seed,
	478	&ccHand);
	479	if(crtn) {
	480	SecSSHDbg("openSSHv1DeriveKey CSSM_CSP_CreateDeriveKeyContext failure");
	481	goto errOut;
	482	}
	483
	484	/* not extractable even for the short time this key lives */
	485	keyAttr = CSSM_KEYATTR_RETURN_REF \| CSSM_KEYATTR_SENSITIVE;
	486	dummyLabel.Data = (uint8 *)"temp unwrap key";
	487	dummyLabel.Length = strlen((char *)dummyLabel.Data);
	488
	489	crtn = CSSM_DeriveKey(ccHand,
	490	&nullParam,
	491	CSSM_KEYUSE_ANY,
	492	keyAttr,
	493	&dummyLabel,
	494	NULL, // cred and acl
	495	symKey);
	496	if(crtn) {
	497	SecSSHDbg("openSSHv1DeriveKey CSSM_DeriveKey failure");
	498	}
	499	errOut:
	500	if(ccHand != 0) {
	501	CSSM_DeleteContext(ccHand);
	502	}
	503	if(passKey != NULL) {
	504	CSSM_FreeKey(cspHand, NULL, passKey, CSSM_FALSE);
	505	free(passKey);
	506	}
	507	if(seed.Param.Data) {
	508	memset(seed.Param.Data, 0, seed.Param.Length);
	509	free(seed.Param.Data);
	510	}
	511	return crtn;
	512	}
	513
	514	#pragma mark -- OpenSSHv1 Wrap/Unwrap ---
	515
	516	/*
	517	* If cspHand is provided instead of importKeychain, the CSP
	518	* handle MUST be for the CSPDL, not for the raw CSP.
	519	*/
	520	OSStatus impExpWrappedOpenSSHImport(
	521	CFDataRef inData,
	522	SecKeychainRef importKeychain, // optional
	523	CSSM_CSP_HANDLE cspHand, // required
	524	SecItemImportExportFlags flags,
	525	const SecKeyImportExportParameters *keyParams, // optional
526	const char *printName,
527	CFMutableArrayRef outArray) // optional, append here
528	{
529	OSStatus ortn;
530	impExpKeyUnwrapParams unwrapParams;
531
532	assert(cspHand != 0);
533	if(keyParams == NULL) {
427c49bc	534	return errSecParam;
b1ab9ed8 A	535	}
	536	memset(&unwrapParams, 0, sizeof(unwrapParams));
	537
	538	/* derive unwrapping key */
	539	CSSM_KEY unwrappingKey;
	540
	541	ortn = openSSHv1DeriveKey(cspHand, keyParams, VP_Import, &unwrappingKey);
	542	if(ortn) {
	543	return ortn;
	544	}
	545
	546	/* set up key to unwrap */
	547	CSSM_KEY wrappedKey;
	548	CSSM_KEYHEADER &hdr = wrappedKey.KeyHeader;
	549	memset(&wrappedKey, 0, sizeof(CSSM_KEY));
	550	hdr.HeaderVersion = CSSM_KEYHEADER_VERSION;
	551	/* CspId : don't care */
	552	hdr.BlobType = CSSM_KEYBLOB_WRAPPED;
	553	hdr.Format = CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1;
	554	hdr.AlgorithmId = CSSM_ALGID_RSA; /* the oly algorithm supported in SSHv1 */
	555	hdr.KeyClass = CSSM_KEYCLASS_PRIVATE_KEY;
	556	/* LogicalKeySizeInBits : calculated by CSP during unwrap */
	557	hdr.KeyAttr = CSSM_KEYATTR_EXTRACTABLE;
	558	hdr.KeyUsage = CSSM_KEYUSE_ANY;
	559
	560	wrappedKey.KeyData.Data = (uint8 *)CFDataGetBytePtr(inData);
	561	wrappedKey.KeyData.Length = CFDataGetLength(inData);
	562
	563	unwrapParams.unwrappingKey = &unwrappingKey;
	564	unwrapParams.encrAlg = CSSM_ALGID_OPENSSH1;
	565
	566	/* GO */
	567	ortn = impExpImportKeyCommon(&wrappedKey, importKeychain, cspHand,
	568	flags, keyParams, &unwrapParams, printName, outArray);
	569
	570	if(unwrappingKey.KeyData.Data != NULL) {
	571	CSSM_FreeKey(cspHand, NULL, &unwrappingKey, CSSM_FALSE);
	572	}
	573	return ortn;
	574	}
	575
	576	OSStatus impExpWrappedOpenSSHExport(
	577	SecKeyRef secKey,
	578	SecItemImportExportFlags flags,
	579	const SecKeyImportExportParameters *keyParams, // optional
	580	const CssmData &descData,
	581	CFMutableDataRef outData) // output appended here
	582	{
	583	CSSM_CSP_HANDLE cspdlHand = 0;
	584	OSStatus ortn;
	585	bool releaseCspHand = false;
	586	CSSM_RETURN crtn;
	587
	588	if(keyParams == NULL) {
427c49bc	589	return errSecParam;
b1ab9ed8 A	590	}
	591
	592	/* we need a CSPDL handle - try to get it from the key */
	593	ortn = SecKeyGetCSPHandle(secKey, &cspdlHand);
	594	if(ortn) {
	595	cspdlHand = cuCspStartup(CSSM_FALSE);
	596	if(cspdlHand == 0) {
	597	return CSSMERR_CSSM_ADDIN_LOAD_FAILED;
	598	}
	599	releaseCspHand = true;
	600	}
	601	/* subsequent errors to errOut: */
	602
	603	/* derive wrapping key */
	604	CSSM_KEY wrappingKey;
	605	crtn = openSSHv1DeriveKey(cspdlHand, keyParams, VP_Export, &wrappingKey);
	606	if(crtn) {
	607	goto errOut;
	608	}
	609
	610	/* GO */
	611	CSSM_KEY wrappedKey;
	612	memset(&wrappedKey, 0, sizeof(CSSM_KEY));
	613
	614	crtn = impExpExportKeyCommon(cspdlHand, secKey, &wrappingKey, &wrappedKey,
	615	CSSM_ALGID_OPENSSH1, CSSM_ALGMODE_NONE, CSSM_PADDING_NONE,
	616	CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1, CSSM_ATTRIBUTE_NONE, CSSM_KEYBLOB_RAW_FORMAT_NONE,
	617	&descData,
	618	NULL); // IV
	619	if(crtn) {
	620	goto errOut;
	621	}
	622
	623	/* the wrappedKey's KeyData is out output */
	624	CFDataAppendBytes(outData, wrappedKey.KeyData.Data, wrappedKey.KeyData.Length);
	625	CSSM_FreeKey(cspdlHand, NULL, &wrappedKey, CSSM_FALSE);
	626
	627	errOut:
	628	if(releaseCspHand) {
	629	cuCspDetachUnload(cspdlHand, CSSM_FALSE);
	630	}
	631	return crtn;
	632
	633	}