Home Explore Help
Register Sign In
Apq
/
winscp
mirror of https://github.com/winscp/winscp.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: b2465d9bc5
Branches Tags
winscp
/
source
/
putty
/
ssh2transhk.c

ssh2transhk.c 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. /*
    2. 

  2.  * Data structure managing host keys in sessions based on GSSAPI KEX.
    3. 

  3.  *
    4. 

  4.  * In a session we started with a GSSAPI key exchange, the concept of
    5. 

  5.  * 'host key' has completely different lifetime and security semantics
    6. 

  6.  * from the usual ones. Per RFC 4462 section 2.1, we assume that any
    7. 

  7.  * host key delivered to us in the course of a GSSAPI key exchange is
    8. 

  8.  * _solely_ there to use as a transient fallback within the same
    9. 

  9.  * session, if at the time of a subsequent rekey the GSS credentials
    10. 

  10.  * are temporarily invalid and so a non-GSS KEX method has to be used.
    11. 

  11.  *
    12. 

  12.  * In particular, in a GSS-based SSH deployment, host keys may not
    13. 

  13.  * even _be_ persistent identities for the server; it would be
    14. 

  14.  * legitimate for a server to generate a fresh one routinely if it
    15. 

  15.  * wanted to, like SSH-1 server keys.
    16. 

  16.  *
    17. 

  17.  * So, in this mode, we never touch the persistent host key cache at
    18. 

  18.  * all, either to check keys against it _or_ to store keys in it.
    19. 

  19.  * Instead, we maintain an in-memory cache of host keys that have been
    20. 

  20.  * mentioned in GSS key exchanges within this particular session, and
    21. 

  21.  * we permit precisely those host keys in non-GSS rekeys.
    22. 

  22.  */
    23. 

  23. 

  24. #include <assert.h>
    25. 

  25. 

  26. #include "putty.h"
    27. 

  27. #include "ssh.h"
    28. 

  28. 

  29. struct ssh_transient_hostkey_cache {
    30. 

  30.     tree234 *cache;
    31. 

  31. };
    32. 

  32. 

  33. struct ssh_transient_hostkey_cache_entry {
    34. 

  34.     const ssh_keyalg *alg;
    35. 

  35.     strbuf *pub_blob;
    36. 

  36. };
    37. 

  37. 

  38. static int ssh_transient_hostkey_cache_cmp(void *av, void *bv)
    39. 

  39. {
    40. 

  40.     const struct ssh_transient_hostkey_cache_entry
    41. 

  41.         *a = (const struct ssh_transient_hostkey_cache_entry *)av,
    42. 

  42.         *b = (const struct ssh_transient_hostkey_cache_entry *)bv;
    43. 

  43.     return strcmp(a->alg->ssh_id, b->alg->ssh_id);
    44. 

  44. }
    45. 

  45. 

  46. static int ssh_transient_hostkey_cache_find(void *av, void *bv)
    47. 

  47. {
    48. 

  48.     const ssh_keyalg *aalg = (const ssh_keyalg *)av;
    49. 

  49.     const struct ssh_transient_hostkey_cache_entry
    50. 

  50.         *b = (const struct ssh_transient_hostkey_cache_entry *)bv;
    51. 

  51.     return strcmp(aalg->ssh_id, b->alg->ssh_id);
    52. 

  52. }
    53. 

  53. 

  54. ssh_transient_hostkey_cache *ssh_transient_hostkey_cache_new(void)
    55. 

  55. {
    56. 

  56.     ssh_transient_hostkey_cache *thc = snew(ssh_transient_hostkey_cache);
    57. 

  57.     thc->cache = newtree234(ssh_transient_hostkey_cache_cmp);
    58. 

  58.     return thc;
    59. 

  59. }
    60. 

  60. 

  61. void ssh_transient_hostkey_cache_free(ssh_transient_hostkey_cache *thc)
    62. 

  62. {
    63. 

  63.     struct ssh_transient_hostkey_cache_entry *ent;
    64. 

  64.     while ((ent = delpos234(thc->cache, 0)) != NULL) {
    65. 

  65.         strbuf_free(ent->pub_blob);
    66. 

  66.         sfree(ent);
    67. 

  67.     }
    68. 

  68.     freetree234(thc->cache);
    69. 

  69.     sfree(thc);
    70. 

  70. }
    71. 

  71. 

  72. void ssh_transient_hostkey_cache_add(
    73. 

  73.     ssh_transient_hostkey_cache *thc, ssh_key *key)
    74. 

  74. {
    75. 

  75.     struct ssh_transient_hostkey_cache_entry *ent, *retd;
    76. 

  76. 

  77.     if ((ent = find234(thc->cache, (void *)ssh_key_alg(key),
    78. 

  78.                        ssh_transient_hostkey_cache_find)) != NULL) {
    79. 

  79.         del234(thc->cache, ent);
    80. 

  80.         strbuf_free(ent->pub_blob);
    81. 

  81.         sfree(ent);
    82. 

  82.     }
    83. 

  83. 

  84.     ent = snew(struct ssh_transient_hostkey_cache_entry);
    85. 

  85.     ent->alg = ssh_key_alg(key);
    86. 

  86.     ent->pub_blob = strbuf_new();
    87. 

  87.     ssh_key_public_blob(key, BinarySink_UPCAST(ent->pub_blob));
    88. 

  88.     retd = add234(thc->cache, ent);
    89. 

  89.     assert(retd == ent);
    90. 

  90. }
    91. 

  91. 

  92. bool ssh_transient_hostkey_cache_verify(
    93. 

  93.     ssh_transient_hostkey_cache *thc, ssh_key *key)
    94. 

  94. {
    95. 

  95.     struct ssh_transient_hostkey_cache_entry *ent;
    96. 

  96.     bool toret = false;
    97. 

  97. 

  98.     if ((ent = find234(thc->cache, (void *)ssh_key_alg(key),
    99. 

  99.                        ssh_transient_hostkey_cache_find)) != NULL) {
    100. 

  100.         strbuf *this_blob = strbuf_new();
    101. 

  101.         ssh_key_public_blob(key, BinarySink_UPCAST(this_blob));
    102. 

  102. 

  103.         if (this_blob->len == ent->pub_blob->len &&
    104. 

  104.             !memcmp(this_blob->s, ent->pub_blob->s,
    105. 

  105.                     this_blob->len))
    106. 

  106.             toret = true;
    107. 

  107. 

  108.         strbuf_free(this_blob);
    109. 

  109.     }
    110. 

  110. 

  111.     return toret;
    112. 

  112. }
    113. 

  113. 

  114. bool ssh_transient_hostkey_cache_has(
    115. 

  115.     ssh_transient_hostkey_cache *thc, const ssh_keyalg *alg)
    116. 

  116. {
    117. 

  117.     struct ssh_transient_hostkey_cache_entry *ent =
    118. 

  118.         find234(thc->cache, (void *)alg,
    119. 

  119.                 ssh_transient_hostkey_cache_find);
    120. 

  120.     return ent != NULL;
    121. 

  121. }
    122. 

  122. 

  123. bool ssh_transient_hostkey_cache_non_empty(ssh_transient_hostkey_cache *thc)
    124. 

  124. {
    125. 

  125.     return count234(thc->cache) > 0;
    126. 

  126. }
    127.