File 0002-Add-support-for-openssl-engine-based-keys.patch of Package openssh
From 579c5128b4f06682ec58ef9bb8d557af2ed7ad35 Mon Sep 17 00:00:00 2001
From: James Bottomley <James.Bottomley@HansenPartnership.com>
Date: Mon, 23 Oct 2017 12:34:42 -0700
Subject: [PATCH 2/3] Add support for openssl engine based keys
Engine keys are keys whose file format is understood by a specific
engine rather than by openssl itself. Since these keys are file
based, the pkcs11 interface isn't appropriate for them because they
don't actually represent tokens. The current most useful engine for
openssh keys are the TPM engines, which allow all private keys to be
stored in a form only the TPM hardware can decode, making them
impossible to steal. The design of engine keys is that while they
have to be loaded using a different openssl API, they can be used as
standard openssl EVP_PKEYs. The only difficulty for openssh is that
the private components can't be serialised, so a new agent command is
introduced which interprets a message giving the location of the file
and invokes the correct engine API from with ssh-agent.
Since engine keys are drop in replacements for openssl keys, any ssh
key that can be converted to openssl form can also be converted to an
engine key. To convert an existing ssh key to engine form first
convert to PKCS8 and then pass that output into the engine conversion
command. So to convert a private key stored in file rsa to TPM engine
format, you do
ssh-keygen -p -m PKCS8 -f rsa
create_tpm2_key -w rsa rsa.tpm
Then to use the TPM key simply mv rsa.tpm rsa and openssh will be able
to use this key using the -o option to specify the engine:
ssh -i rsa user@host
Note that engines usually have specific limits on the type of keys
they accept (so TPM 2.0 usually only does 2048 bits for RSA and NIST
elliptic curves) so not all existing openssh keys can be converted to
engine keys.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
Makefile.in | 2 +-
authfd.c | 48 ++++++++++++++++
authfd.h | 8 +++
ssh-add.c | 42 ++++++++++++++
ssh-agent.c | 74 ++++++++++++++++++++++++
ssh-engine.c | 159 +++++++++++++++++++++++++++++++++++++++++++++++++++
ssh-engine.h | 9 +++
7 files changed, 341 insertions(+), 1 deletion(-)
create mode 100644 ssh-engine.c
create mode 100644 ssh-engine.h
diff --git a/Makefile.in b/Makefile.in
index e1b77ebc6..01c13709c 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -147,7 +147,7 @@ SCP_OBJS= scp.o progressmeter.o $(SFTP_CLIENT_OBJS)
SSHADD_OBJS= ssh-add.o $(SKOBJS)
-SSHAGENT_OBJS= ssh-agent.o ssh-pkcs11-client.o $(SKOBJS)
+SSHAGENT_OBJS= ssh-agent.o ssh-pkcs11-client.o ssh-engine.o $(SKOBJS)
SSHKEYGEN_OBJS= ssh-keygen.o sshsig.o $(SKOBJS)
diff --git a/authfd.c b/authfd.c
index e04ad0cf2..1509988a1 100644
--- a/authfd.c
+++ b/authfd.c
@@ -677,6 +677,54 @@ ssh_remove_identity(int sock, const struct sshkey *key)
return r;
}
+/*
+ * Add an engine based identity
+ */
+#ifdef USE_OPENSSL_ENGINE
+int
+ssh_add_engine_key(int sock, const char *file, const char *pin,
+ u_int lifetime, u_int confirm, u_int maxsign,
+ struct dest_constraint **dest_constraints,
+ size_t ndest_constraints)
+{
+ struct sshbuf *msg;
+ int r, constrained = (lifetime || confirm);
+ u_char type = constrained ? SSH_AGENTC_ADD_ENGINE_KEY_CONSTRAINED :
+ SSH_AGENTC_ADD_ENGINE_KEY;
+
+ msg = sshbuf_new();
+ if (!msg)
+ return SSH_ERR_ALLOC_FAIL;
+ r = sshbuf_put_u8(msg, type);
+ if (r)
+ goto out;
+ r = sshbuf_put_cstring(msg, file);
+ if (r)
+ goto out;
+ r = sshbuf_put_cstring(msg, pin);
+ if (r)
+ goto out;
+ if (constrained) {
+ r = encode_constraints(msg, lifetime, confirm, maxsign, NULL,
+ dest_constraints, ndest_constraints, 0,
+ NULL, 0);
+ if (r)
+ goto out;
+ }
+ r = ssh_request_reply(sock, msg, msg);
+ if (r)
+ goto out;
+ r = sshbuf_get_u8(msg, &type);
+ if (r)
+ goto out;
+ r = (signed char)type;
+ out:
+ sshbuf_free(msg);
+ return r;
+}
+#endif
+
+
/*
* Add/remove an token-based identity from the authentication server.
* This call is intended only for use by ssh-add(1) and like applications.
diff --git a/authfd.h b/authfd.h
index c1e4b405c..b1b389944 100644
--- a/authfd.h
+++ b/authfd.h
@@ -59,6 +59,10 @@ int ssh_update_card(int sock, int add, const char *reader_id,
size_t ndest_constraints,
int cert_only, struct sshkey **certs, size_t ncerts);
int ssh_remove_all_identities(int sock, int version);
+int ssh_add_engine_key(int sock, const char *file, const char *pin,
+ u_int lifetime, u_int confirm, u_int maxsign,
+ struct dest_constraint **dest_constraints,
+ size_t ndest_constraints);
int ssh_agent_sign(int sock, const struct sshkey *key,
u_char **sigp, size_t *lenp,
@@ -104,6 +108,10 @@ int ssh_agent_bind_hostkey(int sock, const struct sshkey *key,
/* generic extension mechanism */
#define SSH_AGENTC_EXTENSION 27
+/* engine keys */
+#define SSH_AGENTC_ADD_ENGINE_KEY 28
+#define SSH_AGENTC_ADD_ENGINE_KEY_CONSTRAINED 29
+
#define SSH_AGENT_CONSTRAIN_LIFETIME 1
#define SSH_AGENT_CONSTRAIN_CONFIRM 2
#define SSH_AGENT_CONSTRAIN_MAXSIGN 3
diff --git a/ssh-add.c b/ssh-add.c
index e532d5ce1..2d2b66a36 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -114,6 +114,36 @@ clear_pass(void)
}
}
+#ifdef USE_OPENSSL_ENGINE
+static int
+add_engine_key(int agent_fd, const char *file,
+ struct dest_constraint **dest_constraints,
+ size_t ndest_constraints)
+{
+ int ret;
+ char *pin = NULL;
+
+ ret = ssh_add_engine_key(agent_fd, file, NULL, lifetime, confirm,
+ maxsign, dest_constraints, ndest_constraints);
+ if (ret == SSH_ERR_KEY_WRONG_PASSPHRASE) {
+ pin = read_passphrase("Enter engine key passphrase:", RP_ALLOW_STDIN);
+ if (!pin)
+ return -1;
+ ret = ssh_add_engine_key(agent_fd, file, pin, lifetime,
+ confirm, maxsign, dest_constraints,
+ ndest_constraints);
+ }
+ if (ret != SSH_AGENT_SUCCESS) {
+ fprintf(stderr, "failed to add engine key: %s\n", ssh_err(ret));
+ } else {
+ fprintf(stderr, "Engine Identity added: %s\n", file);
+ }
+ if (pin)
+ free (pin);
+ return ret;
+}
+#endif
+
static int
delete_one(int agent_fd, const struct sshkey *key, const char *comment,
const char *path, int qflag)
@@ -287,6 +317,18 @@ add_file(int agent_fd, const char *filename, int key_only, int cert_only,
/* At first, try empty passphrase */
if ((r = sshkey_parse_private_fileblob(keyblob, "", &private,
&comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE) {
+#ifdef USE_OPENSSL_ENGINE
+ int n_r = add_engine_key(agent_fd, filename, dest_constraints,
+ ndest_constraints);
+
+ if (n_r == SSH_AGENT_SUCCESS) {
+ clear_pass();
+ sshbuf_free(keyblob);
+ return 0;
+ } else if (n_r != SSH_ERR_INTERNAL_ERROR) {
+ r = n_r;
+ }
+#endif
fprintf(stderr, "Error loading key \"%s\": %s\n",
filename, ssh_err(r));
goto fail_load;
diff --git a/ssh-agent.c b/ssh-agent.c
index d35741a86..183f77e2c 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -91,6 +91,10 @@
#include "sk-api.h"
#include "myproposal.h"
+#ifdef USE_OPENSSL_ENGINE
+#include "ssh-engine.h"
+#endif
+
#ifndef DEFAULT_ALLOWED_PROVIDERS
# define DEFAULT_ALLOWED_PROVIDERS "/usr/lib*/*,/usr/local/lib*/*"
#endif
@@ -1553,6 +1557,70 @@ add_p11_identity(struct sshkey *key, char *comment, const char *provider,
idtab->nentries++;
}
+#ifdef USE_OPENSSL_ENGINE
+static void
+process_add_engine_key(SocketEntry *e)
+{
+ char *pin, *file, *comment;
+ int r, confirm = 0;
+ u_int seconds;
+ time_t death = 0;
+ u_char type;
+ struct sshkey *k;
+ Identity *id;
+
+ if ((r = sshbuf_get_cstring(e->request, &file, NULL)) != 0 ||
+ (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+
+ while (sshbuf_len(e->request)) {
+ if ((r = sshbuf_get_u8(e->request, &type)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ switch (type) {
+ case SSH_AGENT_CONSTRAIN_LIFETIME:
+ if ((r = sshbuf_get_u32(e->request, &seconds)) != 0)
+ fatal("%s: buffer error: %s",
+ __func__, ssh_err(r));
+ death = monotime() + seconds;
+ break;
+ case SSH_AGENT_CONSTRAIN_CONFIRM:
+ confirm = 1;
+ break;
+ default:
+ error("%s: Unknown constraint type %d", __func__, type);
+ goto send;
+ }
+ }
+ if (lifetime && !death)
+ death = monotime() + lifetime;
+
+ if ((r = engine_process_add(file, pin, &k, &comment)) < 0)
+ goto send;
+
+ r = SSH_AGENT_SUCCESS;
+ if (lookup_identity(k) == NULL) {
+ id = xcalloc(1, sizeof(Identity));
+ id->key = k;
+ id->comment = comment;
+ id->death = death;
+ id->confirm = confirm;
+ TAILQ_INSERT_TAIL(&idtab->idlist, id, next);
+ idtab->nentries++;
+ } else {
+ /* key is already present, just return success */
+ sshkey_free(k);
+ }
+
+send:
+ free(pin);
+ free(file);
+ /* open code send_status because need to return actual error */
+ if (sshbuf_put_u32(e->output, 1) != 0 ||
+ sshbuf_put_u8(e->output, r) != 0)
+ fatal("%s: buffer error", __func__);
+}
+#endif /* USE_OPENSSL_ENGINE */
+
static void
process_add_smartcard_key(SocketEntry *e)
{
@@ -1880,6 +1948,12 @@ process_message(u_int socknum)
case SSH_AGENTC_EXTENSION:
process_extension(e);
break;
+#ifdef USE_OPENSSL_ENGINE
+ case SSH_AGENTC_ADD_ENGINE_KEY:
+ case SSH_AGENTC_ADD_ENGINE_KEY_CONSTRAINED:
+ process_add_engine_key(e);
+ break;
+#endif /* USE_OPENSSL_ENGINE */
default:
/* Unknown message. Respond with failure. */
error("Unknown message %d", type);
diff --git a/ssh-engine.c b/ssh-engine.c
new file mode 100644
index 000000000..2263c8e7d
--- /dev/null
+++ b/ssh-engine.c
@@ -0,0 +1,159 @@
+#include "includes.h"
+
+#include <string.h>
+
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/ui.h>
+
+#include "authfile.h"
+#include "log.h"
+#include "ssh-engine.h"
+#include "sshkey.h"
+#include "ssherr.h"
+#include "xmalloc.h"
+
+#ifdef USE_OPENSSL_ENGINE
+
+struct ui_data {
+ char *passphrase;
+ int ret;
+};
+
+static int
+ui_read(UI *ui, UI_STRING *uis)
+{
+ struct ui_data *d = UI_get0_user_data(ui);
+ d->ret = 0;
+
+ if (UI_get_string_type(uis) == UIT_PROMPT) {
+ if (d->passphrase == NULL || d->passphrase[0] == '\0') {
+ /* we sent no passphrase but get asked for one
+ * send an interrupt event to avoid DA implications */
+ d->ret = -2;
+ } else {
+ UI_set_result(ui, uis, d->passphrase);
+ d->ret = 1;
+ }
+ }
+
+ return d->ret;
+}
+
+static int
+engine_process_add_internal(ENGINE *e, char *file, char *pin,
+ struct sshkey **k)
+{
+ EVP_PKEY *pk;
+ int ret;
+ UI_METHOD *ui;
+ EVP_PKEY_CTX *ctx;
+ char hash[SHA256_DIGEST_LENGTH], result[1024];
+ size_t siglen;
+ const char *engine = ENGINE_get_name(e);
+ struct ui_data d;
+
+ verbose("%s: add provider=%s, key=%s", __func__, engine, file);
+
+ ret = SSH_ERR_INTERNAL_ERROR;
+
+ ui = UI_create_method("ssh-agent password writer");
+ if (!ui) {
+ verbose("%s: failed to create UI method", __func__);
+ ERR_print_errors_fp(stderr);
+ return ret;
+ }
+ UI_method_set_reader(ui, ui_read);
+
+ if (!ENGINE_init(e)) {
+ verbose("%s: failed to init engine %s", __func__, engine);
+ ERR_print_errors_fp(stderr);
+ return ret;
+ }
+
+ d.passphrase = pin;
+ d.ret = 0;
+ pk = ENGINE_load_private_key(e, file, ui, &d);
+ ENGINE_finish(e);
+
+ if (d.ret == -2) {
+ ret = SSH_ERR_KEY_WRONG_PASSPHRASE;
+ ERR_clear_error();
+ goto err_free_pkey;
+ }
+
+ if (!pk) {
+ verbose("%s: engine returned no key", __func__);
+ ERR_print_errors_fp(stderr);
+ return ret;
+ }
+
+ /* here's a nasty problem: most engines don't tell us the password
+ * was wrong until we try to use the key, so do a test to see */
+ ctx = EVP_PKEY_CTX_new(pk, NULL);
+ if (!ctx) {
+ verbose("%s: openssl context allocation failed", __func__);
+ ERR_print_errors_fp(stderr);
+ goto err_free_pkey;
+ }
+
+ EVP_PKEY_sign_init(ctx);
+
+ siglen=sizeof(result);
+ ret = EVP_PKEY_sign(ctx, result, &siglen, hash, sizeof(hash));
+ EVP_PKEY_CTX_free(ctx);
+
+ if (ret != 1 || siglen == 0) {
+ verbose("%s: trial signature failed with %d", __func__, ret);
+ ERR_print_errors_fp(stderr);
+ ret = SSH_ERR_KEY_WRONG_PASSPHRASE;
+ goto err_free_pkey;
+ }
+
+ ret = sshkey_openssl_private_key(KEY_UNSPEC, pk, k, 1);
+
+ err_free_pkey:
+ EVP_PKEY_free(pk);
+ verbose("%s: returning %d", __func__, ret);
+ return ret;
+}
+
+static void
+engine_get_comment(char *file, char **comment)
+{
+ struct sshkey *kp;
+
+ if (!comment)
+ return;
+
+ if (sshkey_load_public(file, &kp, comment) < 0)
+ *comment = xstrdup(file);
+ else
+ sshkey_free(kp);
+}
+
+int
+engine_process_add(char *file, char *pin, struct sshkey **k, char **comment)
+{
+ ENGINE *e;
+
+ for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
+ int ret;
+
+ if (!ENGINE_get_load_privkey_function(e))
+ continue;
+
+ ret = engine_process_add_internal(e, file, pin, k);
+
+ if (ret == SSH_ERR_KEY_WRONG_PASSPHRASE) {
+ return ret;
+ } else if (ret == 0) {
+ engine_get_comment(file, comment);
+ return ret;
+ }
+ }
+
+ return SSH_ERR_INTERNAL_ERROR;
+}
+
+#endif
diff --git a/ssh-engine.h b/ssh-engine.h
new file mode 100644
index 000000000..a1310dc90
--- /dev/null
+++ b/ssh-engine.h
@@ -0,0 +1,9 @@
+#ifndef _ENGINE_H
+#define _ENGINE_H
+
+#include "sshkey.h"
+
+int
+engine_process_add(char *file, char *pin, struct sshkey **k, char **comment);
+
+#endif
--
2.35.3
