nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-01 03:22:48 -05:00
Code Issues Projects Releases Wiki Activity

Reorganise host key checking and confirmation.

Browse Source 
Previously, checking the host key against the persistent cache managed
by the storage.h API was done as part of the seat_verify_ssh_host_key
method, i.e. separately by each Seat.

Now that check is done by verify_ssh_host_key(), which is a new
function in ssh/common.c that centralises all the parts of host key
checking that don't need an interactive prompt. It subsumes the
previous verify_ssh_manual_host_key() that checked against the Conf,
and it does the check against the storage API that each Seat was
previously doing separately. If it can't confirm or definitively
reject the host key by itself, _then_ it calls out to the Seat, once
an interactive prompt is definitely needed.

The main point of doing this is so that when SshProxy forwards a Seat
call from the proxy SSH connection to the primary Seat, it won't print
an announcement of which connection is involved unless it's actually
going to do something interactive. (Not that we're printing those
announcements _yet_ anyway, but this is a piece of groundwork that
works towards doing so.)

But while I'm at it, I've also taken the opportunity to clean things
up a bit by renaming functions sensibly. Previously we had three very
similarly named functions verify_ssh_manual_host_key(), SeatVtable's
'verify_ssh_host_key' method, and verify_host_key() in storage.h. Now
the Seat method is called 'confirm' rather than 'verify' (since its
job is now always to print an interactive prompt, so it looks more
like the other confirm_foo methods), and the storage.h function is
called check_stored_host_key(), which goes better with store_host_key
and avoids having too many functions with similar names. And the
'manual' function is subsumed into the new centralised code, so
there's now just *one* host key function with 'verify' in the name.

Several functions are reindented in this commit. Best viewed with
whitespace changes ignored.
This commit is contained in:
Simon Tatham
2021-10-25 18:12:17 +01:00
parent f1746d69b1
commit efa89573ae
26 changed files with 240 additions and 266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
ssh/common.c
View File

@ -9,6 +9,7 @@
#include "putty.h"
#include "mpint.h"
#include "ssh.h"
#include "storage.h"
#include "bpp.h"
#include "ppl.h"
#include "channel.h"
@ -837,58 +838,93 @@ bool ssh2_bpp_check_unimplemented(BinaryPacketProtocol *bpp, PktIn *pktin)
#undef SSH1_BITMAP_WORD
/* ----------------------------------------------------------------------
* Function to check a host key against any manually configured in Conf.
* Centralised component of SSH host key verification.
*
* verify_ssh_host_key is called from both the SSH-1 and SSH-2
* transport layers, and does the initial work of checking whether the
* host key is already known. If so, it returns success on its own
* account; otherwise, it calls out to the Seat to give an interactive
* prompt (the nature of which varies depending on the Seat itself).
*
* Return values are 0 for 'abort connection', 1 for 'ok, carry on',
* and negative for 'answer not received yet, wait for a callback'.
*/
int verify_ssh_manual_host_key(Conf *conf, char **fingerprints, ssh_key *key)
int verify_ssh_host_key(
Seat *seat, Conf *conf, const char *host, int port, ssh_key *key,
const char *keytype, char *keystr, const char *keydisp,
char **fingerprints, void (*callback)(void *ctx, int result), void *ctx)
{
if (!conf_get_str_nthstrkey(conf, CONF_ssh_manual_hostkeys, 0))
return -1; /* no manual keys configured */
/*
* First, check if the Conf includes a manual specification of the
* expected host key. If so, that completely supersedes everything
* else, including the normal host key cache _and_ including
* manual overrides: we return success or failure immediately,
* entirely based on whether the key matches the Conf.
*/
if (conf_get_str_nthstrkey(conf, CONF_ssh_manual_hostkeys, 0)) {
if (fingerprints) {
for (size_t i = 0; i < SSH_N_FPTYPES; i++) {
/*
* Each fingerprint string we've been given will have
* things like 'ssh-rsa 2048' at the front of it. Strip
* those off and narrow down to just the hash at the end
* of the string.
*/
const char *fingerprint = fingerprints[i];
if (!fingerprint)
continue;
const char *p = strrchr(fingerprint, ' ');
fingerprint = p ? p+1 : fingerprint;
if (conf_get_str_str_opt(conf, CONF_ssh_manual_hostkeys,
fingerprint))
return 1; /* success */
}
}
if (fingerprints) {
for (size_t i = 0; i < SSH_N_FPTYPES; i++) {
if (key) {
/*
* Each fingerprint string we've been given will have
* things like 'ssh-rsa 2048' at the front of it. Strip
* those off and narrow down to just the hash at the end
* of the string.
* Construct the base64-encoded public key blob and see if
* that's listed.
*/
const char *fingerprint = fingerprints[i];
if (!fingerprint)
continue;
const char *p = strrchr(fingerprint, ' ');
fingerprint = p ? p+1 : fingerprint;
strbuf *binblob;
char *base64blob;
int atoms, i;
binblob = strbuf_new();
ssh_key_public_blob(key, BinarySink_UPCAST(binblob));
atoms = (binblob->len + 2) / 3;
base64blob = snewn(atoms * 4 + 1, char);
for (i = 0; i < atoms; i++)
base64_encode_atom(binblob->u + 3*i,
binblob->len - 3*i, base64blob + 4*i);
base64blob[atoms * 4] = '\0';
strbuf_free(binblob);
if (conf_get_str_str_opt(conf, CONF_ssh_manual_hostkeys,
fingerprint))
base64blob)) {
sfree(base64blob);
return 1; /* success */
}
}
if (key) {
/*
* Construct the base64-encoded public key blob and see if
* that's listed.
*/
strbuf *binblob;
char *base64blob;
int atoms, i;
binblob = strbuf_new();
ssh_key_public_blob(key, BinarySink_UPCAST(binblob));
atoms = (binblob->len + 2) / 3;
base64blob = snewn(atoms * 4 + 1, char);
for (i = 0; i < atoms; i++)
base64_encode_atom(binblob->u + 3*i,
binblob->len - 3*i, base64blob + 4*i);
base64blob[atoms * 4] = '\0';
strbuf_free(binblob);
if (conf_get_str_str_opt(conf, CONF_ssh_manual_hostkeys, base64blob)) {
}
sfree(base64blob);
return 1; /* success */
}
sfree(base64blob);
return 0;
}
return 0;
/*
* Next, check the host key cache.
*/
int storage_status = check_stored_host_key(host, port, keytype, keystr);
if (storage_status == 0) /* matching key was found in the cache */
return 1; /* success */
/*
* The key is either missing from the cache, or does not match.
* Either way, fall back to an interactive prompt from the Seat.
*/
bool mismatch = (storage_status != 1);
return seat_confirm_ssh_host_key(
seat, host, port, keytype, keystr, keydisp, fingerprints, mismatch,
callback, ctx);
}
/* ----------------------------------------------------------------------

46
ssh/kex2-client.c
View File

@ -843,39 +843,33 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
* Authenticate remote host: verify host key. (We've already
* checked the signature of the exchange hash.)
*/
char **fingerprints = ssh2_all_fingerprints(s->hkey);
FingerprintType fptype_default =
ssh2_pick_default_fingerprint(fingerprints);
ppl_logevent("Host key fingerprint is:");
ppl_logevent("%s", fingerprints[fptype_default]);
/* First check against manually configured host keys. */
s->dlgret = verify_ssh_manual_host_key(
s->conf, fingerprints, s->hkey);
if (s->dlgret == 0) { /* did not match */
ssh2_free_all_fingerprints(fingerprints);
ssh_sw_abort(s->ppl.ssh, "Host key did not appear in manually "
"configured list");
*aborted = true;
return;
} else if (s->dlgret < 0) { /* none configured; use standard handling */
{
ssh2_userkey uk = { .key = s->hkey, .comment = NULL };
char *keydisp = ssh2_pubkey_openssh_str(&uk);
s->dlgret = seat_verify_ssh_host_key(
s->ppl.seat, s->savedhost, s->savedport,
char **fingerprints = ssh2_all_fingerprints(s->hkey);
FingerprintType fptype_default =
ssh2_pick_default_fingerprint(fingerprints);
ppl_logevent("Host key fingerprint is:");
ppl_logevent("%s", fingerprints[fptype_default]);
s->dlgret = verify_ssh_host_key(
s->ppl.seat, s->conf, s->savedhost, s->savedport, s->hkey,
ssh_key_cache_id(s->hkey), s->keystr, keydisp,
fingerprints, ssh2_transport_dialog_callback, s);
sfree(keydisp);
ssh2_free_all_fingerprints(fingerprints);
sfree(keydisp);
}
#ifdef FUZZING
s->dlgret = 1;
s->dlgret = 1;
#endif
crMaybeWaitUntilV(s->dlgret >= 0);
if (s->dlgret == 0) {
ssh_user_close(s->ppl.ssh,
"User aborted at host key verification");
*aborted = true;
return;
}
crMaybeWaitUntilV(s->dlgret >= 0);
if (s->dlgret == 0) {
ssh_user_close(s->ppl.ssh,
"User aborted at host key verification");
*aborted = true;
return;
}
/*

51
ssh/login1.c
View File

@ -238,42 +238,29 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
* Verify the host key.
*/
{
/*
* First format the key into a string.
*/
char *keystr = rsastr_fmt(&s->hostkey);
char *keydisp = ssh1_pubkey_str(&s->hostkey);
char **fingerprints = rsa_ssh1_fake_all_fingerprints(&s->hostkey);
/* First check against manually configured host keys. */
s->dlgret = verify_ssh_manual_host_key(s->conf, fingerprints, NULL);
if (s->dlgret == 0) { /* did not match */
ssh2_free_all_fingerprints(fingerprints);
sfree(keystr);
ssh_proto_error(s->ppl.ssh, "Host key did not appear in manually "
"configured list");
return;
} else if (s->dlgret < 0) { /* none configured; use standard handling */
char *keydisp = ssh1_pubkey_str(&s->hostkey);
s->dlgret = seat_verify_ssh_host_key(
s->ppl.seat, s->savedhost, s->savedport, "rsa", keystr,
keydisp, fingerprints, ssh1_login_dialog_callback, s);
sfree(keydisp);
ssh2_free_all_fingerprints(fingerprints);
sfree(keystr);
#ifdef FUZZING
s->dlgret = 1;
#endif
crMaybeWaitUntilV(s->dlgret >= 0);
s->dlgret = verify_ssh_host_key(
s->ppl.seat, s->conf, s->savedhost, s->savedport, NULL,
"rsa", keystr, keydisp, fingerprints,
ssh1_login_dialog_callback, s);
if (s->dlgret == 0) {
ssh_user_close(s->ppl.ssh,
"User aborted at host key verification");
return;
}
} else {
ssh2_free_all_fingerprints(fingerprints);
sfree(keystr);
}
ssh2_free_all_fingerprints(fingerprints);
sfree(keydisp);
sfree(keystr);
}
#ifdef FUZZING
s->dlgret = 1;
#endif
crMaybeWaitUntilV(s->dlgret >= 0);
if (s->dlgret == 0) {
ssh_user_close(s->ppl.ssh,
"User aborted at host key verification");
return;
}
for (i = 0; i < 32; i++) {

2
ssh/server.c
View File

@ -116,7 +116,7 @@ static const SeatVtable server_seat_vt = {
.update_specials_menu = nullseat_update_specials_menu,
.get_ttymode = nullseat_get_ttymode,
.set_busy_status = nullseat_set_busy_status,
.verify_ssh_host_key = nullseat_verify_ssh_host_key,
.confirm_ssh_host_key = nullseat_confirm_ssh_host_key,
.confirm_weak_crypto_primitive = server_confirm_weak_crypto_primitive,
.confirm_weak_cached_hostkey = server_confirm_weak_cached_hostkey,
.is_utf8 = nullseat_is_never_utf8,

2
ssh/sesschan.c
View File

@ -195,7 +195,7 @@ static const SeatVtable sesschan_seat_vt = {
.update_specials_menu = nullseat_update_specials_menu,
.get_ttymode = nullseat_get_ttymode,
.set_busy_status = nullseat_set_busy_status,
.verify_ssh_host_key = nullseat_verify_ssh_host_key,
.confirm_ssh_host_key = nullseat_confirm_ssh_host_key,
.confirm_weak_crypto_primitive = nullseat_confirm_weak_crypto_primitive,
.confirm_weak_cached_hostkey = nullseat_confirm_weak_cached_hostkey,
.is_utf8 = nullseat_is_never_utf8,