123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570 |
- // Copyright 2012 The Go Authors. All rights reserved.
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- package agent
- import (
- "crypto/dsa"
- "crypto/ecdsa"
- "crypto/elliptic"
- "crypto/rsa"
- "encoding/binary"
- "errors"
- "fmt"
- "io"
- "log"
- "math/big"
- "golang.org/x/crypto/ed25519"
- "golang.org/x/crypto/ssh"
- )
- // Server wraps an Agent and uses it to implement the agent side of
- // the SSH-agent, wire protocol.
- type server struct {
- agent Agent
- }
- func (s *server) processRequestBytes(reqData []byte) []byte {
- rep, err := s.processRequest(reqData)
- if err != nil {
- if err != errLocked {
- // TODO(hanwen): provide better logging interface?
- log.Printf("agent %d: %v", reqData[0], err)
- }
- return []byte{agentFailure}
- }
- if err == nil && rep == nil {
- return []byte{agentSuccess}
- }
- return ssh.Marshal(rep)
- }
- func marshalKey(k *Key) []byte {
- var record struct {
- Blob []byte
- Comment string
- }
- record.Blob = k.Marshal()
- record.Comment = k.Comment
- return ssh.Marshal(&record)
- }
- // See [PROTOCOL.agent], section 2.5.1.
- const agentV1IdentitiesAnswer = 2
- type agentV1IdentityMsg struct {
- Numkeys uint32 `sshtype:"2"`
- }
- type agentRemoveIdentityMsg struct {
- KeyBlob []byte `sshtype:"18"`
- }
- type agentLockMsg struct {
- Passphrase []byte `sshtype:"22"`
- }
- type agentUnlockMsg struct {
- Passphrase []byte `sshtype:"23"`
- }
- func (s *server) processRequest(data []byte) (interface{}, error) {
- switch data[0] {
- case agentRequestV1Identities:
- return &agentV1IdentityMsg{0}, nil
- case agentRemoveAllV1Identities:
- return nil, nil
- case agentRemoveIdentity:
- var req agentRemoveIdentityMsg
- if err := ssh.Unmarshal(data, &req); err != nil {
- return nil, err
- }
- var wk wireKey
- if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {
- return nil, err
- }
- return nil, s.agent.Remove(&Key{Format: wk.Format, Blob: req.KeyBlob})
- case agentRemoveAllIdentities:
- return nil, s.agent.RemoveAll()
- case agentLock:
- var req agentLockMsg
- if err := ssh.Unmarshal(data, &req); err != nil {
- return nil, err
- }
- return nil, s.agent.Lock(req.Passphrase)
- case agentUnlock:
- var req agentUnlockMsg
- if err := ssh.Unmarshal(data, &req); err != nil {
- return nil, err
- }
- return nil, s.agent.Unlock(req.Passphrase)
- case agentSignRequest:
- var req signRequestAgentMsg
- if err := ssh.Unmarshal(data, &req); err != nil {
- return nil, err
- }
- var wk wireKey
- if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {
- return nil, err
- }
- k := &Key{
- Format: wk.Format,
- Blob: req.KeyBlob,
- }
- var sig *ssh.Signature
- var err error
- if extendedAgent, ok := s.agent.(ExtendedAgent); ok {
- sig, err = extendedAgent.SignWithFlags(k, req.Data, SignatureFlags(req.Flags))
- } else {
- sig, err = s.agent.Sign(k, req.Data)
- }
- if err != nil {
- return nil, err
- }
- return &signResponseAgentMsg{SigBlob: ssh.Marshal(sig)}, nil
- case agentRequestIdentities:
- keys, err := s.agent.List()
- if err != nil {
- return nil, err
- }
- rep := identitiesAnswerAgentMsg{
- NumKeys: uint32(len(keys)),
- }
- for _, k := range keys {
- rep.Keys = append(rep.Keys, marshalKey(k)...)
- }
- return rep, nil
- case agentAddIDConstrained, agentAddIdentity:
- return nil, s.insertIdentity(data)
- case agentExtension:
- // Return a stub object where the whole contents of the response gets marshaled.
- var responseStub struct {
- Rest []byte `ssh:"rest"`
- }
- if extendedAgent, ok := s.agent.(ExtendedAgent); !ok {
- // If this agent doesn't implement extensions, [PROTOCOL.agent] section 4.7
- // requires that we return a standard SSH_AGENT_FAILURE message.
- responseStub.Rest = []byte{agentFailure}
- } else {
- var req extensionAgentMsg
- if err := ssh.Unmarshal(data, &req); err != nil {
- return nil, err
- }
- res, err := extendedAgent.Extension(req.ExtensionType, req.Contents)
- if err != nil {
- // If agent extensions are unsupported, return a standard SSH_AGENT_FAILURE
- // message as required by [PROTOCOL.agent] section 4.7.
- if err == ErrExtensionUnsupported {
- responseStub.Rest = []byte{agentFailure}
- } else {
- // As the result of any other error processing an extension request,
- // [PROTOCOL.agent] section 4.7 requires that we return a
- // SSH_AGENT_EXTENSION_FAILURE code.
- responseStub.Rest = []byte{agentExtensionFailure}
- }
- } else {
- if len(res) == 0 {
- return nil, nil
- }
- responseStub.Rest = res
- }
- }
- return responseStub, nil
- }
- return nil, fmt.Errorf("unknown opcode %d", data[0])
- }
- func parseConstraints(constraints []byte) (lifetimeSecs uint32, confirmBeforeUse bool, extensions []ConstraintExtension, err error) {
- for len(constraints) != 0 {
- switch constraints[0] {
- case agentConstrainLifetime:
- lifetimeSecs = binary.BigEndian.Uint32(constraints[1:5])
- constraints = constraints[5:]
- case agentConstrainConfirm:
- confirmBeforeUse = true
- constraints = constraints[1:]
- case agentConstrainExtension:
- var msg constrainExtensionAgentMsg
- if err = ssh.Unmarshal(constraints, &msg); err != nil {
- return 0, false, nil, err
- }
- extensions = append(extensions, ConstraintExtension{
- ExtensionName: msg.ExtensionName,
- ExtensionDetails: msg.ExtensionDetails,
- })
- constraints = msg.Rest
- default:
- return 0, false, nil, fmt.Errorf("unknown constraint type: %d", constraints[0])
- }
- }
- return
- }
- func setConstraints(key *AddedKey, constraintBytes []byte) error {
- lifetimeSecs, confirmBeforeUse, constraintExtensions, err := parseConstraints(constraintBytes)
- if err != nil {
- return err
- }
- key.LifetimeSecs = lifetimeSecs
- key.ConfirmBeforeUse = confirmBeforeUse
- key.ConstraintExtensions = constraintExtensions
- return nil
- }
- func parseRSAKey(req []byte) (*AddedKey, error) {
- var k rsaKeyMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- if k.E.BitLen() > 30 {
- return nil, errors.New("agent: RSA public exponent too large")
- }
- priv := &rsa.PrivateKey{
- PublicKey: rsa.PublicKey{
- E: int(k.E.Int64()),
- N: k.N,
- },
- D: k.D,
- Primes: []*big.Int{k.P, k.Q},
- }
- priv.Precompute()
- addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
- }
- func parseEd25519Key(req []byte) (*AddedKey, error) {
- var k ed25519KeyMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- priv := ed25519.PrivateKey(k.Priv)
- addedKey := &AddedKey{PrivateKey: &priv, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
- }
- func parseDSAKey(req []byte) (*AddedKey, error) {
- var k dsaKeyMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- priv := &dsa.PrivateKey{
- PublicKey: dsa.PublicKey{
- Parameters: dsa.Parameters{
- P: k.P,
- Q: k.Q,
- G: k.G,
- },
- Y: k.Y,
- },
- X: k.X,
- }
- addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
- }
- func unmarshalECDSA(curveName string, keyBytes []byte, privScalar *big.Int) (priv *ecdsa.PrivateKey, err error) {
- priv = &ecdsa.PrivateKey{
- D: privScalar,
- }
- switch curveName {
- case "nistp256":
- priv.Curve = elliptic.P256()
- case "nistp384":
- priv.Curve = elliptic.P384()
- case "nistp521":
- priv.Curve = elliptic.P521()
- default:
- return nil, fmt.Errorf("agent: unknown curve %q", curveName)
- }
- priv.X, priv.Y = elliptic.Unmarshal(priv.Curve, keyBytes)
- if priv.X == nil || priv.Y == nil {
- return nil, errors.New("agent: point not on curve")
- }
- return priv, nil
- }
- func parseEd25519Cert(req []byte) (*AddedKey, error) {
- var k ed25519CertMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- pubKey, err := ssh.ParsePublicKey(k.CertBytes)
- if err != nil {
- return nil, err
- }
- priv := ed25519.PrivateKey(k.Priv)
- cert, ok := pubKey.(*ssh.Certificate)
- if !ok {
- return nil, errors.New("agent: bad ED25519 certificate")
- }
- addedKey := &AddedKey{PrivateKey: &priv, Certificate: cert, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
- }
- func parseECDSAKey(req []byte) (*AddedKey, error) {
- var k ecdsaKeyMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- priv, err := unmarshalECDSA(k.Curve, k.KeyBytes, k.D)
- if err != nil {
- return nil, err
- }
- addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
- }
- func parseRSACert(req []byte) (*AddedKey, error) {
- var k rsaCertMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- pubKey, err := ssh.ParsePublicKey(k.CertBytes)
- if err != nil {
- return nil, err
- }
- cert, ok := pubKey.(*ssh.Certificate)
- if !ok {
- return nil, errors.New("agent: bad RSA certificate")
- }
- // An RSA publickey as marshaled by rsaPublicKey.Marshal() in keys.go
- var rsaPub struct {
- Name string
- E *big.Int
- N *big.Int
- }
- if err := ssh.Unmarshal(cert.Key.Marshal(), &rsaPub); err != nil {
- return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)
- }
- if rsaPub.E.BitLen() > 30 {
- return nil, errors.New("agent: RSA public exponent too large")
- }
- priv := rsa.PrivateKey{
- PublicKey: rsa.PublicKey{
- E: int(rsaPub.E.Int64()),
- N: rsaPub.N,
- },
- D: k.D,
- Primes: []*big.Int{k.Q, k.P},
- }
- priv.Precompute()
- addedKey := &AddedKey{PrivateKey: &priv, Certificate: cert, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
- }
- func parseDSACert(req []byte) (*AddedKey, error) {
- var k dsaCertMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- pubKey, err := ssh.ParsePublicKey(k.CertBytes)
- if err != nil {
- return nil, err
- }
- cert, ok := pubKey.(*ssh.Certificate)
- if !ok {
- return nil, errors.New("agent: bad DSA certificate")
- }
- // A DSA publickey as marshaled by dsaPublicKey.Marshal() in keys.go
- var w struct {
- Name string
- P, Q, G, Y *big.Int
- }
- if err := ssh.Unmarshal(cert.Key.Marshal(), &w); err != nil {
- return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)
- }
- priv := &dsa.PrivateKey{
- PublicKey: dsa.PublicKey{
- Parameters: dsa.Parameters{
- P: w.P,
- Q: w.Q,
- G: w.G,
- },
- Y: w.Y,
- },
- X: k.X,
- }
- addedKey := &AddedKey{PrivateKey: priv, Certificate: cert, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
- }
- func parseECDSACert(req []byte) (*AddedKey, error) {
- var k ecdsaCertMsg
- if err := ssh.Unmarshal(req, &k); err != nil {
- return nil, err
- }
- pubKey, err := ssh.ParsePublicKey(k.CertBytes)
- if err != nil {
- return nil, err
- }
- cert, ok := pubKey.(*ssh.Certificate)
- if !ok {
- return nil, errors.New("agent: bad ECDSA certificate")
- }
- // An ECDSA publickey as marshaled by ecdsaPublicKey.Marshal() in keys.go
- var ecdsaPub struct {
- Name string
- ID string
- Key []byte
- }
- if err := ssh.Unmarshal(cert.Key.Marshal(), &ecdsaPub); err != nil {
- return nil, err
- }
- priv, err := unmarshalECDSA(ecdsaPub.ID, ecdsaPub.Key, k.D)
- if err != nil {
- return nil, err
- }
- addedKey := &AddedKey{PrivateKey: priv, Certificate: cert, Comment: k.Comments}
- if err := setConstraints(addedKey, k.Constraints); err != nil {
- return nil, err
- }
- return addedKey, nil
- }
- func (s *server) insertIdentity(req []byte) error {
- var record struct {
- Type string `sshtype:"17|25"`
- Rest []byte `ssh:"rest"`
- }
- if err := ssh.Unmarshal(req, &record); err != nil {
- return err
- }
- var addedKey *AddedKey
- var err error
- switch record.Type {
- case ssh.KeyAlgoRSA:
- addedKey, err = parseRSAKey(req)
- case ssh.KeyAlgoDSA:
- addedKey, err = parseDSAKey(req)
- case ssh.KeyAlgoECDSA256, ssh.KeyAlgoECDSA384, ssh.KeyAlgoECDSA521:
- addedKey, err = parseECDSAKey(req)
- case ssh.KeyAlgoED25519:
- addedKey, err = parseEd25519Key(req)
- case ssh.CertAlgoRSAv01:
- addedKey, err = parseRSACert(req)
- case ssh.CertAlgoDSAv01:
- addedKey, err = parseDSACert(req)
- case ssh.CertAlgoECDSA256v01, ssh.CertAlgoECDSA384v01, ssh.CertAlgoECDSA521v01:
- addedKey, err = parseECDSACert(req)
- case ssh.CertAlgoED25519v01:
- addedKey, err = parseEd25519Cert(req)
- default:
- return fmt.Errorf("agent: not implemented: %q", record.Type)
- }
- if err != nil {
- return err
- }
- return s.agent.Add(*addedKey)
- }
- // ServeAgent serves the agent protocol on the given connection. It
- // returns when an I/O error occurs.
- func ServeAgent(agent Agent, c io.ReadWriter) error {
- s := &server{agent}
- var length [4]byte
- for {
- if _, err := io.ReadFull(c, length[:]); err != nil {
- return err
- }
- l := binary.BigEndian.Uint32(length[:])
- if l == 0 {
- return fmt.Errorf("agent: request size is 0")
- }
- if l > maxAgentResponseBytes {
- // We also cap requests.
- return fmt.Errorf("agent: request too large: %d", l)
- }
- req := make([]byte, l)
- if _, err := io.ReadFull(c, req); err != nil {
- return err
- }
- repData := s.processRequestBytes(req)
- if len(repData) > maxAgentResponseBytes {
- return fmt.Errorf("agent: reply too large: %d bytes", len(repData))
- }
- binary.BigEndian.PutUint32(length[:], uint32(len(repData)))
- if _, err := c.Write(length[:]); err != nil {
- return err
- }
- if _, err := c.Write(repData); err != nil {
- return err
- }
- }
- }
|