+++ /dev/null
-/*
- * Copyright (c) 2006,2011-2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-
-/*
- * opensshCoding.cpp - Encoding and decoding of OpenSSH format public keys.
- *
- */
-
-#include "SecImportExportOpenSSH.h"
-#include "SecImportExportUtils.h"
-#include "SecImportExportCrypto.h"
-#include <ctype.h>
-#include <CommonCrypto/CommonDigest.h> /* for CC_MD5_DIGEST_LENGTH */
-#include <security_utilities/debugging.h>
-#include <security_cdsa_utils/cuCdsaUtils.h>
-
-#define SecSSHDbg(args...) secdebug("openssh", ## args)
-
-#define SSHv2_PUB_KEY_NAME "OpenSSHv2 Public Key"
-#define SSHv1_PUB_KEY_NAME "OpenSSHv1 Public Key"
-#define SSHv1_PRIV_KEY_NAME "OpenSSHv1 Private Key"
-
-#pragma mark --- Utility functions ---
-
-/* skip whitespace */
-static void skipWhite(
- const unsigned char *&cp,
- unsigned &bytesLeft)
-{
- while(bytesLeft != 0) {
- if(isspace((int)(*cp))) {
- cp++;
- bytesLeft--;
- }
- else {
- return;
- }
- }
-}
-
-/* find next whitespace or EOF - if EOF, rtn pointer points to one past EOF */
-static const unsigned char *findNextWhite(
- const unsigned char *cp,
- unsigned &bytesLeft)
-{
- while(bytesLeft != 0) {
- if(isspace((int)(*cp))) {
- return cp;
- }
- cp++;
- bytesLeft--;
- }
- return cp;
-}
-
-/* obtain comment as the n'th whitespace-delimited field */
-static char *commentAsNthField(
- const unsigned char *key,
- unsigned keyLen,
- unsigned n)
-
-{
- unsigned dex;
-
- skipWhite(key, keyLen);
- if(keyLen == 0) {
- return NULL;
- }
- for(dex=0; dex<(n-1); dex++) {
- key = findNextWhite(key, keyLen);
- if(keyLen == 0) {
- return NULL;
- }
- skipWhite(key, keyLen);
- if(keyLen == 0) {
- return NULL;
- }
- }
-
- /* cp points to start of nth field */
- char *rtnStr = (char *)malloc(keyLen + 1);
- memmove(rtnStr, key, keyLen);
- if(rtnStr[keyLen - 1] == '\n') {
- /* normal terminator - snip it off */
- rtnStr[keyLen - 1] = '\0';
- }
- else {
- rtnStr[keyLen] = '\0';
- }
- return rtnStr;
-
-}
-
-static uint32_t readUint32(
- const unsigned char *&cp, // IN/OUT
- unsigned &len) // IN/OUT
-{
- uint32_t r = 0;
-
- for(unsigned dex=0; dex<sizeof(uint32_t); dex++) {
- r <<= 8;
- r |= *cp++;
- }
- len -= 4;
- return r;
-}
-
-static uint16_t readUint16(
- const unsigned char *&cp, // IN/OUT
- unsigned &len) // IN/OUT
-{
- uint16_t r = *cp++;
- r <<= 8;
- r |= *cp++;
- len -= 2;
- return r;
-}
-
-/* Skip over an SSHv1 private key formatted bignum */
-static void skipBigNum(
- const unsigned char *&cp, // IN/OUT
- unsigned &len) // IN/OUT
-{
- if(len < 2) {
- cp += len;
- len = 0;
- return;
- }
- uint16 numBits = readUint16(cp, len);
- unsigned numBytes = (numBits + 7) / 8;
- if(numBytes > len) {
- cp += len;
- len = 0;
- return;
- }
- cp += numBytes;
- len -= numBytes;
-}
-
-static char *genPrintName(
- const char *header, // e.g. SSHv2_PUB_KEY_NAME
- const char *comment) // optional, from key
-{
- size_t totalLen = strlen(header) + 1;
- if(comment) {
- /* append ": <comment>" */
- totalLen += strlen(comment);
- totalLen += 2;
- }
- char *rtnStr = (char *)malloc(totalLen);
- if(comment) {
- snprintf(rtnStr, totalLen, "%s: %s", header, comment);
- }
- else {
- strcpy(rtnStr, header);
- }
- return rtnStr;
-}
-
-#pragma mark --- Infer PrintName attribute from raw keys ---
-
-/* obtain comment from OpenSSHv2 public key */
-static char *opensshV2PubComment(
- const unsigned char *key,
- unsigned keyLen)
-{
- /*
- * The format here is
- * header
- * <space>
- * keyblob
- * <space>
- * optional comment
- * \n
- */
- char *comment = commentAsNthField(key, keyLen, 3);
- char *rtnStr = genPrintName(SSHv2_PUB_KEY_NAME, comment);
- if(comment) {
- free(comment);
- }
- return rtnStr;
-}
-
-/* obtain comment from OpenSSHv1 public key */
-static char *opensshV1PubComment(
- const unsigned char *key,
- unsigned keyLen)
-{
- /*
- * Format:
- * numbits
- * <space>
- * e (bignum in decimal)
- * <space>
- * n (bignum in decimal)
- * <space>
- * optional comment
- * \n
- */
- char *comment = commentAsNthField(key, keyLen, 4);
- char *rtnStr = genPrintName(SSHv1_PUB_KEY_NAME, comment);
- if(comment) {
- free(comment);
- }
- return rtnStr;
-}
-
-static const char *authfile_id_string = "SSH PRIVATE KEY FILE FORMAT 1.1\n";
-
-/* obtain comment from OpenSSHv1 private key, wrapped or clear */
-static char *opensshV1PrivComment(
- const unsigned char *key,
- unsigned keyLen)
-{
- /*
- * Format:
- * "SSH PRIVATE KEY FILE FORMAT 1.1\n"
- * 1 byte cipherSpec
- * 4 byte spares
- * 4 bytes numBits
- * bignum n
- * bignum e
- * 4 byte comment length
- * comment
- * private key components, possibly encrypted
- *
- * A bignum is encoded like so:
- * 2 bytes numBits
- * (numBits + 7)/8 bytes of data
- */
- /* length: ID string, NULL, Cipher, 4-byte spare */
- size_t len = strlen(authfile_id_string);
- if(keyLen < (len + 6)) {
- return NULL;
- }
- if(memcmp(authfile_id_string, key, len)) {
- return NULL;
- }
- key += (len + 6);
- keyLen -= (len + 6);
-
- /* key points to numBits */
- if(keyLen < 4) {
- return NULL;
- }
- key += 4;
- keyLen -= 4;
-
- /* key points to n */
- skipBigNum(key, keyLen);
- if(keyLen == 0) {
- return NULL;
- }
- skipBigNum(key, keyLen);
- if(keyLen == 0) {
- return NULL;
- }
-
- char *comment = NULL;
- uint32 commentLen = readUint32(key, keyLen);
- if((commentLen != 0) && (commentLen <= keyLen)) {
- comment = (char *)malloc(commentLen + 1);
- memmove(comment, key, commentLen);
- comment[commentLen] = '\0';
- }
-
- char *rtnStr = genPrintName(SSHv1_PRIV_KEY_NAME, comment);
- if(comment) {
- free(comment);
- }
- return rtnStr;
-}
-
-/*
- * Infer PrintName attribute from raw key's 'comment' field.
- * Returned string is mallocd and must be freed by caller.
- */
-char *impExpOpensshInferPrintName(
- CFDataRef external,
- SecExternalItemType externType,
- SecExternalFormat externFormat)
-{
- const unsigned char *key = (const unsigned char *)CFDataGetBytePtr(external);
- unsigned keyLen = (unsigned)CFDataGetLength(external);
- switch(externType) {
- case kSecItemTypePublicKey:
- switch(externFormat) {
- case kSecFormatSSH:
- return opensshV1PubComment(key, keyLen);
- case kSecFormatSSHv2:
- return opensshV2PubComment(key, keyLen);
- default:
- /* impossible, right? */
- break;
- }
- break;
- case kSecItemTypePrivateKey:
- switch(externFormat) {
- case kSecFormatSSH:
- case kSecFormatWrappedSSH:
- return opensshV1PrivComment(key, keyLen);
- default:
- break;
- }
- break;
- default:
- break;
- }
- return NULL;
-}
-
-#pragma mark --- Infer DescriptiveData from PrintName ---
-
-/*
- * Infer DescriptiveData (i.e., comment) from a SecKeyRef's PrintName
- * attribute.
- */
-void impExpOpensshInferDescData(
- SecKeyRef keyRef,
- CssmOwnedData &descData)
-{
- OSStatus ortn;
- SecKeychainAttributeInfo attrInfo;
- SecKeychainAttrType attrType = kSecKeyPrintName;
- attrInfo.count = 1;
- attrInfo.tag = &attrType;
- attrInfo.format = NULL;
- SecKeychainAttributeList *attrList = NULL;
-
- ortn = SecKeychainItemCopyAttributesAndData(
- (SecKeychainItemRef)keyRef,
- &attrInfo,
- NULL, // itemClass
- &attrList,
- NULL, // don't need the data
- NULL);
- if(ortn) {
- SecSSHDbg("SecKeychainItemCopyAttributesAndData returned %ld", (unsigned long)ortn);
- return;
- }
- /* subsequent errors to errOut: */
- SecKeychainAttribute *attr = attrList->attr;
-
- /*
- * On a previous import, we would have set this to something like
- * "OpenSSHv2 Public Key: comment".
- * We want to strip off everything up to the actual comment.
- */
- unsigned toStrip = 0;
-
- /* min length of attribute value for this code to be meaningful */
- unsigned len = strlen(SSHv2_PUB_KEY_NAME) + 1;
- char *printNameStr = NULL;
- if(len < attr->length) {
- printNameStr = (char *)malloc(attr->length + 1);
- memmove(printNameStr, attr->data, attr->length);
- printNameStr[attr->length] = '\0';
- if(strstr(printNameStr, SSHv2_PUB_KEY_NAME) == printNameStr) {
- toStrip = strlen(SSHv2_PUB_KEY_NAME);
- }
- else if(strstr(printNameStr, SSHv1_PUB_KEY_NAME) == printNameStr) {
- toStrip = strlen(SSHv1_PUB_KEY_NAME);
- }
- else if(strstr(printNameStr, SSHv1_PRIV_KEY_NAME) == printNameStr) {
- toStrip = strlen(SSHv1_PRIV_KEY_NAME);
- }
- if(toStrip) {
- /* only strip if we have ": " after toStrip bytes */
- if((printNameStr[toStrip] == ':') && (printNameStr[toStrip+1] == ' ')) {
- toStrip += 2;
- }
- }
- }
- if(printNameStr) {
- free(printNameStr);
- }
- len = attr->length;
-
- unsigned char *attrVal;
-
- if(len < toStrip) {
- SecSSHDbg("impExpOpensshInferDescData: string parse screwup");
- goto errOut;
- }
- if(len > toStrip) {
- /* Normal case of stripping off leading header */
- len -= toStrip;
- }
- else {
- /*
- * If equal, then the attr value *is* "OpenSSHv2 Public Key: " with
- * no comment. Not sure how that could happen, but let's be careful.
- */
- toStrip = 0;
- }
-
- attrVal = ((unsigned char *)attr->data) + toStrip;
- descData.copy(attrVal, len);
-errOut:
- SecKeychainItemFreeAttributesAndData(attrList, NULL);
- return;
-}
-
-#pragma mark --- Derive SSHv1 wrap/unwrap key ---
-
-/*
- * Common code to derive a wrap/unwrap key for OpenSSHv1.
- * Caller must CSSM_FreeKey when done.
- */
-static CSSM_RETURN openSSHv1DeriveKey(
- CSSM_CSP_HANDLE cspHand,
- const SecKeyImportExportParameters *keyParams, // required
- impExpVerifyPhrase verifyPhrase, // for secure passphrase
- CSSM_KEY_PTR symKey) // RETURNED
-{
- CSSM_KEY *passKey = NULL;
- CFDataRef cfPhrase = NULL;
- CSSM_RETURN crtn;
- OSStatus ortn;
- CSSM_DATA dummyLabel;
- uint32 keyAttr;
- CSSM_CC_HANDLE ccHand = 0;
- CSSM_ACCESS_CREDENTIALS creds;
- CSSM_CRYPTO_DATA seed;
- CSSM_DATA nullParam = {0, NULL};
-
- memset(symKey, 0, sizeof(CSSM_KEY));
-
- /* passphrase or passkey? */
- ortn = impExpPassphraseCommon(keyParams, cspHand, SPF_Data, verifyPhrase,
- (CFTypeRef *)&cfPhrase, &passKey);
- if(ortn) {
- return ortn;
- }
- /* subsequent errors to errOut: */
-
- memset(&seed, 0, sizeof(seed));
- if(cfPhrase != NULL) {
- /* TBD - caller-supplied empty passphrase means "export in the clear" */
- size_t len = CFDataGetLength(cfPhrase);
- seed.Param.Data = (uint8 *)malloc(len);
- seed.Param.Length = len;
- memmove(seed.Param.Data, CFDataGetBytePtr(cfPhrase), len);
- CFRelease(cfPhrase);
- }
-
- memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
- crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand,
- CSSM_ALGID_OPENSSH1,
- CSSM_ALGID_OPENSSH1,
- CC_MD5_DIGEST_LENGTH * 8,
- &creds,
- passKey, // BaseKey
- 0, // iterationCount
- NULL, // salt
- &seed,
- &ccHand);
- if(crtn) {
- SecSSHDbg("openSSHv1DeriveKey CSSM_CSP_CreateDeriveKeyContext failure");
- goto errOut;
- }
-
- /* not extractable even for the short time this key lives */
- keyAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE;
- dummyLabel.Data = (uint8 *)"temp unwrap key";
- dummyLabel.Length = strlen((char *)dummyLabel.Data);
-
- crtn = CSSM_DeriveKey(ccHand,
- &nullParam,
- CSSM_KEYUSE_ANY,
- keyAttr,
- &dummyLabel,
- NULL, // cred and acl
- symKey);
- if(crtn) {
- SecSSHDbg("openSSHv1DeriveKey CSSM_DeriveKey failure");
- }
-errOut:
- if(ccHand != 0) {
- CSSM_DeleteContext(ccHand);
- }
- if(passKey != NULL) {
- CSSM_FreeKey(cspHand, NULL, passKey, CSSM_FALSE);
- free(passKey);
- }
- if(seed.Param.Data) {
- memset(seed.Param.Data, 0, seed.Param.Length);
- free(seed.Param.Data);
- }
- return crtn;
-}
-
-#pragma mark -- OpenSSHv1 Wrap/Unwrap ---
-
-/*
- * If cspHand is provided instead of importKeychain, the CSP
- * handle MUST be for the CSPDL, not for the raw CSP.
- */
-OSStatus impExpWrappedOpenSSHImport(
- CFDataRef inData,
- SecKeychainRef importKeychain, // optional
- CSSM_CSP_HANDLE cspHand, // required
- SecItemImportExportFlags flags,
- const SecKeyImportExportParameters *keyParams, // optional
- const char *printName,
- CFMutableArrayRef outArray) // optional, append here
-{
- OSStatus ortn;
- impExpKeyUnwrapParams unwrapParams;
-
- assert(cspHand != 0);
- if(keyParams == NULL) {
- return errSecParam;
- }
- memset(&unwrapParams, 0, sizeof(unwrapParams));
-
- /* derive unwrapping key */
- CSSM_KEY unwrappingKey;
-
- ortn = openSSHv1DeriveKey(cspHand, keyParams, VP_Import, &unwrappingKey);
- if(ortn) {
- return ortn;
- }
-
- /* set up key to unwrap */
- CSSM_KEY wrappedKey;
- CSSM_KEYHEADER &hdr = wrappedKey.KeyHeader;
- memset(&wrappedKey, 0, sizeof(CSSM_KEY));
- hdr.HeaderVersion = CSSM_KEYHEADER_VERSION;
- /* CspId : don't care */
- hdr.BlobType = CSSM_KEYBLOB_WRAPPED;
- hdr.Format = CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1;
- hdr.AlgorithmId = CSSM_ALGID_RSA; /* the oly algorithm supported in SSHv1 */
- hdr.KeyClass = CSSM_KEYCLASS_PRIVATE_KEY;
- /* LogicalKeySizeInBits : calculated by CSP during unwrap */
- hdr.KeyAttr = CSSM_KEYATTR_EXTRACTABLE;
- hdr.KeyUsage = CSSM_KEYUSE_ANY;
-
- wrappedKey.KeyData.Data = (uint8 *)CFDataGetBytePtr(inData);
- wrappedKey.KeyData.Length = CFDataGetLength(inData);
-
- unwrapParams.unwrappingKey = &unwrappingKey;
- unwrapParams.encrAlg = CSSM_ALGID_OPENSSH1;
-
- /* GO */
- ortn = impExpImportKeyCommon(&wrappedKey, importKeychain, cspHand,
- flags, keyParams, &unwrapParams, printName, outArray);
-
- if(unwrappingKey.KeyData.Data != NULL) {
- CSSM_FreeKey(cspHand, NULL, &unwrappingKey, CSSM_FALSE);
- }
- return ortn;
-}
-
-OSStatus impExpWrappedOpenSSHExport(
- SecKeyRef secKey,
- SecItemImportExportFlags flags,
- const SecKeyImportExportParameters *keyParams, // optional
- const CssmData &descData,
- CFMutableDataRef outData) // output appended here
-{
- CSSM_CSP_HANDLE cspdlHand = 0;
- OSStatus ortn;
- bool releaseCspHand = false;
- CSSM_RETURN crtn;
-
- if(keyParams == NULL) {
- return errSecParam;
- }
-
- /* we need a CSPDL handle - try to get it from the key */
- ortn = SecKeyGetCSPHandle(secKey, &cspdlHand);
- if(ortn) {
- cspdlHand = cuCspStartup(CSSM_FALSE);
- if(cspdlHand == 0) {
- return CSSMERR_CSSM_ADDIN_LOAD_FAILED;
- }
- releaseCspHand = true;
- }
- /* subsequent errors to errOut: */
-
- /* derive wrapping key */
- CSSM_KEY wrappingKey;
- crtn = openSSHv1DeriveKey(cspdlHand, keyParams, VP_Export, &wrappingKey);
- if(crtn) {
- goto errOut;
- }
-
- /* GO */
- CSSM_KEY wrappedKey;
- memset(&wrappedKey, 0, sizeof(CSSM_KEY));
-
- crtn = impExpExportKeyCommon(cspdlHand, secKey, &wrappingKey, &wrappedKey,
- CSSM_ALGID_OPENSSH1, CSSM_ALGMODE_NONE, CSSM_PADDING_NONE,
- CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1, CSSM_ATTRIBUTE_NONE, CSSM_KEYBLOB_RAW_FORMAT_NONE,
- &descData,
- NULL); // IV
- if(crtn) {
- goto errOut;
- }
-
- /* the wrappedKey's KeyData is out output */
- CFDataAppendBytes(outData, wrappedKey.KeyData.Data, wrappedKey.KeyData.Length);
- CSSM_FreeKey(cspdlHand, NULL, &wrappedKey, CSSM_FALSE);
-
-errOut:
- if(releaseCspHand) {
- cuCspDetachUnload(cspdlHand, CSSM_FALSE);
- }
- return crtn;
-
-}
projects / apple / security.git / blobdiff