294
|
1 /*
|
|
2 * ConnectBot: simple, powerful, open-source SSH client for Android
|
|
3 * Copyright 2007 Kenny Root, Jeffrey Sharkey
|
|
4 *
|
|
5 * Licensed under the Apache License, Version 2.0 (the "License");
|
|
6 * you may not use this file except in compliance with the License.
|
|
7 * You may obtain a copy of the License at
|
|
8 *
|
|
9 * http://www.apache.org/licenses/LICENSE-2.0
|
|
10 *
|
|
11 * Unless required by applicable law or agreed to in writing, software
|
|
12 * distributed under the License is distributed on an "AS IS" BASIS,
|
|
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14 * See the License for the specific language governing permissions and
|
|
15 * limitations under the License.
|
|
16 */
|
|
17
|
|
18 package ch.ethz.ssh2.channel;
|
|
19
|
|
20 import java.io.IOException;
|
|
21 import java.io.InputStream;
|
|
22 import java.io.OutputStream;
|
|
23 import java.math.BigInteger;
|
|
24 import java.security.KeyFactory;
|
|
25 import java.security.KeyPair;
|
|
26 import java.security.NoSuchAlgorithmException;
|
|
27 import java.security.PrivateKey;
|
|
28 import java.security.PublicKey;
|
|
29 import java.security.SecureRandom;
|
|
30 import java.security.interfaces.DSAPrivateKey;
|
302
|
31 import java.security.interfaces.ECPrivateKey;
|
294
|
32 import java.security.interfaces.RSAPrivateKey;
|
|
33 import java.security.spec.DSAPrivateKeySpec;
|
|
34 import java.security.spec.DSAPublicKeySpec;
|
|
35 import java.security.spec.ECParameterSpec;
|
|
36 import java.security.spec.ECPoint;
|
|
37 import java.security.spec.ECPrivateKeySpec;
|
|
38 import java.security.spec.ECPublicKeySpec;
|
|
39 import java.security.spec.InvalidKeySpecException;
|
|
40 import java.security.spec.KeySpec;
|
|
41 import java.security.spec.RSAPrivateCrtKeySpec;
|
|
42 import java.security.spec.RSAPublicKeySpec;
|
|
43 import java.util.Map;
|
|
44 import java.util.Map.Entry;
|
|
45
|
|
46 import ch.ethz.ssh2.AuthAgentCallback;
|
|
47 import ch.ethz.ssh2.log.Logger;
|
|
48 import ch.ethz.ssh2.packets.TypesReader;
|
|
49 import ch.ethz.ssh2.packets.TypesWriter;
|
|
50 import ch.ethz.ssh2.signature.DSASHA1Verify;
|
|
51 import ch.ethz.ssh2.signature.ECDSASHA2Verify;
|
|
52 import ch.ethz.ssh2.signature.RSASHA1Verify;
|
|
53
|
|
54 /**
|
|
55 * AuthAgentForwardThread.
|
|
56 *
|
|
57 * @author Kenny Root
|
|
58 * @version $Id$
|
|
59 */
|
|
60 public class AuthAgentForwardThread extends Thread implements IChannelWorkerThread {
|
|
61 private static final byte[] SSH_AGENT_FAILURE = {0, 0, 0, 1, 5}; // 5
|
|
62 private static final byte[] SSH_AGENT_SUCCESS = {0, 0, 0, 1, 6}; // 6
|
|
63
|
|
64 private static final int SSH2_AGENTC_REQUEST_IDENTITIES = 11;
|
|
65 private static final int SSH2_AGENT_IDENTITIES_ANSWER = 12;
|
|
66
|
|
67 private static final int SSH2_AGENTC_SIGN_REQUEST = 13;
|
|
68 private static final int SSH2_AGENT_SIGN_RESPONSE = 14;
|
|
69
|
|
70 private static final int SSH2_AGENTC_ADD_IDENTITY = 17;
|
|
71 private static final int SSH2_AGENTC_REMOVE_IDENTITY = 18;
|
|
72 private static final int SSH2_AGENTC_REMOVE_ALL_IDENTITIES = 19;
|
|
73
|
|
74 // private static final int SSH_AGENTC_ADD_SMARTCARD_KEY = 20;
|
|
75 // private static final int SSH_AGENTC_REMOVE_SMARTCARD_KEY = 21;
|
|
76
|
|
77 private static final int SSH_AGENTC_LOCK = 22;
|
|
78 private static final int SSH_AGENTC_UNLOCK = 23;
|
|
79
|
|
80 private static final int SSH2_AGENTC_ADD_ID_CONSTRAINED = 25;
|
|
81 // private static final int SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED = 26;
|
|
82
|
|
83 // Constraints for adding keys
|
|
84 private static final int SSH_AGENT_CONSTRAIN_LIFETIME = 1;
|
|
85 private static final int SSH_AGENT_CONSTRAIN_CONFIRM = 2;
|
|
86
|
|
87 // Flags for signature requests
|
|
88 // private static final int SSH_AGENT_OLD_SIGNATURE = 1;
|
|
89
|
|
90 private static final Logger log = Logger.getLogger(RemoteAcceptThread.class);
|
|
91
|
|
92 AuthAgentCallback authAgent;
|
|
93 OutputStream os;
|
|
94 InputStream is;
|
|
95 Channel c;
|
|
96
|
|
97 byte[] buffer = new byte[Channel.CHANNEL_BUFFER_SIZE];
|
|
98
|
|
99 public AuthAgentForwardThread(Channel c, AuthAgentCallback authAgent) {
|
|
100 this.c = c;
|
|
101 this.authAgent = authAgent;
|
295
|
102 log.debug("AuthAgentForwardThread started");
|
294
|
103 }
|
|
104
|
|
105 @Override
|
|
106 public void run() {
|
|
107 try {
|
|
108 c.cm.registerThread(this);
|
|
109 }
|
|
110 catch (IOException e) {
|
|
111 stopWorking();
|
|
112 return;
|
|
113 }
|
|
114
|
|
115 try {
|
|
116 c.cm.sendOpenConfirmation(c);
|
|
117 is = c.getStdoutStream();
|
|
118 os = c.getStdinStream();
|
|
119 int totalSize = 4;
|
|
120 int readSoFar = 0;
|
|
121
|
|
122 while (true) {
|
|
123 int len;
|
|
124
|
|
125 try {
|
|
126 len = is.read(buffer, readSoFar, buffer.length - readSoFar);
|
|
127 }
|
|
128 catch (IOException e) {
|
|
129 stopWorking();
|
|
130 return;
|
|
131 }
|
|
132
|
|
133 if (len <= 0)
|
|
134 break;
|
|
135
|
|
136 readSoFar += len;
|
|
137
|
|
138 if (readSoFar >= 4) {
|
|
139 TypesReader tr = new TypesReader(buffer, 0, 4);
|
|
140 totalSize = tr.readUINT32() + 4;
|
|
141 }
|
|
142
|
|
143 if (totalSize == readSoFar) {
|
|
144 TypesReader tr = new TypesReader(buffer, 4, readSoFar - 4);
|
|
145 int messageType = tr.readByte();
|
|
146
|
|
147 switch (messageType) {
|
|
148 case SSH2_AGENTC_REQUEST_IDENTITIES:
|
|
149 sendIdentities();
|
|
150 break;
|
|
151
|
|
152 case SSH2_AGENTC_ADD_IDENTITY:
|
|
153 addIdentity(tr, false);
|
|
154 break;
|
|
155
|
|
156 case SSH2_AGENTC_ADD_ID_CONSTRAINED:
|
|
157 addIdentity(tr, true);
|
|
158 break;
|
|
159
|
|
160 case SSH2_AGENTC_REMOVE_IDENTITY:
|
|
161 removeIdentity(tr);
|
|
162 break;
|
|
163
|
|
164 case SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
|
|
165 removeAllIdentities(tr);
|
|
166 break;
|
|
167
|
|
168 case SSH2_AGENTC_SIGN_REQUEST:
|
|
169 processSignRequest(tr);
|
|
170 break;
|
|
171
|
|
172 case SSH_AGENTC_LOCK:
|
|
173 processLockRequest(tr);
|
|
174 break;
|
|
175
|
|
176 case SSH_AGENTC_UNLOCK:
|
|
177 processUnlockRequest(tr);
|
|
178 break;
|
|
179
|
|
180 default:
|
|
181 os.write(SSH_AGENT_FAILURE);
|
|
182 break;
|
|
183 }
|
|
184
|
|
185 readSoFar = 0;
|
|
186 }
|
|
187 }
|
|
188
|
|
189 c.cm.closeChannel(c, "EOF on both streams reached.", true);
|
|
190 }
|
|
191 catch (IOException e) {
|
295
|
192 log.debug("IOException in agent forwarder: " + e.getMessage());
|
294
|
193
|
|
194 try {
|
|
195 is.close();
|
|
196 }
|
|
197 catch (IOException e1) {
|
|
198 }
|
|
199
|
|
200 try {
|
|
201 os.close();
|
|
202 }
|
|
203 catch (IOException e2) {
|
|
204 }
|
|
205
|
|
206 try {
|
|
207 c.cm.closeChannel(c, "IOException in agent forwarder (" + e.getMessage() + ")", true);
|
|
208 }
|
|
209 catch (IOException e3) {
|
|
210 }
|
|
211 }
|
|
212 }
|
|
213
|
|
214 public void stopWorking() {
|
|
215 try {
|
|
216 /* This will lead to an IOException in the is.read() call */
|
|
217 is.close();
|
|
218 }
|
|
219 catch (IOException e) {
|
|
220 }
|
|
221 }
|
|
222
|
|
223 /**
|
|
224 * @return whether the agent is locked
|
|
225 */
|
|
226 private boolean failWhenLocked() throws IOException {
|
|
227 if (authAgent.isAgentLocked()) {
|
|
228 os.write(SSH_AGENT_FAILURE);
|
|
229 return true;
|
|
230 }
|
|
231 else
|
|
232 return false;
|
|
233 }
|
|
234
|
|
235 private void sendIdentities() throws IOException {
|
|
236 Map<String, byte[]> keys = null;
|
|
237 TypesWriter tw = new TypesWriter();
|
|
238 tw.writeByte(SSH2_AGENT_IDENTITIES_ANSWER);
|
|
239 int numKeys = 0;
|
|
240
|
|
241 if (!authAgent.isAgentLocked())
|
|
242 keys = authAgent.retrieveIdentities();
|
|
243
|
|
244 if (keys != null)
|
|
245 numKeys = keys.size();
|
|
246
|
|
247 tw.writeUINT32(numKeys);
|
|
248
|
|
249 if (keys != null) {
|
|
250 for (Entry<String, byte[]> entry : keys.entrySet()) {
|
|
251 byte[] keyBytes = entry.getValue();
|
|
252 tw.writeString(keyBytes, 0, keyBytes.length);
|
|
253 tw.writeString(entry.getKey());
|
|
254 }
|
|
255 }
|
|
256
|
|
257 sendPacket(tw.getBytes());
|
|
258 }
|
|
259
|
|
260 /**
|
|
261 * @param tr
|
|
262 */
|
|
263 private void addIdentity(TypesReader tr, boolean checkConstraints) {
|
|
264 try {
|
|
265 if (failWhenLocked())
|
|
266 return;
|
|
267
|
|
268 String type = tr.readString();
|
|
269 String comment;
|
|
270 String keyType;
|
|
271 KeySpec pubSpec;
|
|
272 KeySpec privSpec;
|
|
273
|
|
274 if (type.equals("ssh-rsa")) {
|
|
275 keyType = "RSA";
|
|
276 BigInteger n = tr.readMPINT();
|
|
277 BigInteger e = tr.readMPINT();
|
|
278 BigInteger d = tr.readMPINT();
|
|
279 BigInteger iqmp = tr.readMPINT();
|
|
280 BigInteger p = tr.readMPINT();
|
|
281 BigInteger q = tr.readMPINT();
|
|
282 comment = tr.readString();
|
|
283 // Derive the extra values Java needs.
|
|
284 BigInteger dmp1 = d.mod(p.subtract(BigInteger.ONE));
|
|
285 BigInteger dmq1 = d.mod(q.subtract(BigInteger.ONE));
|
|
286 pubSpec = new RSAPublicKeySpec(n, e);
|
|
287 privSpec = new RSAPrivateCrtKeySpec(n, e, d, p, q, dmp1, dmq1, iqmp);
|
|
288 }
|
|
289 else if (type.equals("ssh-dss")) {
|
|
290 keyType = "DSA";
|
|
291 BigInteger p = tr.readMPINT();
|
|
292 BigInteger q = tr.readMPINT();
|
|
293 BigInteger g = tr.readMPINT();
|
|
294 BigInteger y = tr.readMPINT();
|
|
295 BigInteger x = tr.readMPINT();
|
|
296 comment = tr.readString();
|
|
297 pubSpec = new DSAPublicKeySpec(y, p, q, g);
|
|
298 privSpec = new DSAPrivateKeySpec(x, p, q, g);
|
|
299 }
|
|
300 else if (type.equals("ecdsa-sha2-nistp256")) {
|
|
301 keyType = "EC";
|
|
302 String curveName = tr.readString();
|
|
303 byte[] groupBytes = tr.readByteString();
|
|
304 BigInteger exponent = tr.readMPINT();
|
|
305 comment = tr.readString();
|
|
306
|
|
307 if (!"nistp256".equals(curveName)) {
|
295
|
308 log.debug("Invalid curve name for ecdsa-sha2-nistp256: " + curveName);
|
294
|
309 os.write(SSH_AGENT_FAILURE);
|
|
310 return;
|
|
311 }
|
|
312
|
|
313 ECParameterSpec nistp256 = ECDSASHA2Verify.EllipticCurves.nistp256;
|
|
314 ECPoint group = ECDSASHA2Verify.decodeECPoint(groupBytes, nistp256.getCurve());
|
|
315
|
|
316 if (group == null) {
|
300
|
317 log.debug("No groupfor ecdsa-sha2-nistp256: ");
|
294
|
318 os.write(SSH_AGENT_FAILURE);
|
|
319 return;
|
|
320 }
|
|
321
|
|
322 pubSpec = new ECPublicKeySpec(group, nistp256);
|
|
323 privSpec = new ECPrivateKeySpec(exponent, nistp256);
|
|
324 }
|
|
325 else {
|
295
|
326 log.debug("Unknown key type: " + type);
|
294
|
327 os.write(SSH_AGENT_FAILURE);
|
|
328 return;
|
|
329 }
|
|
330
|
|
331 PublicKey pubKey;
|
|
332 PrivateKey privKey;
|
|
333
|
|
334 try {
|
|
335 KeyFactory kf = KeyFactory.getInstance(keyType);
|
|
336 pubKey = kf.generatePublic(pubSpec);
|
|
337 privKey = kf.generatePrivate(privSpec);
|
|
338 }
|
|
339 catch (NoSuchAlgorithmException ex) {
|
|
340 // TODO: log error
|
|
341 os.write(SSH_AGENT_FAILURE);
|
|
342 return;
|
|
343 }
|
|
344 catch (InvalidKeySpecException ex) {
|
|
345 // TODO: log error
|
|
346 os.write(SSH_AGENT_FAILURE);
|
|
347 return;
|
|
348 }
|
|
349
|
|
350 KeyPair pair = new KeyPair(pubKey, privKey);
|
|
351 boolean confirmUse = false;
|
|
352 int lifetime = 0;
|
|
353
|
|
354 if (checkConstraints) {
|
|
355 while (tr.remain() > 0) {
|
|
356 int constraint = tr.readByte();
|
|
357
|
|
358 if (constraint == SSH_AGENT_CONSTRAIN_CONFIRM)
|
|
359 confirmUse = true;
|
|
360 else if (constraint == SSH_AGENT_CONSTRAIN_LIFETIME)
|
|
361 lifetime = tr.readUINT32();
|
|
362 else {
|
|
363 // Unknown constraint. Bail.
|
|
364 os.write(SSH_AGENT_FAILURE);
|
|
365 return;
|
|
366 }
|
|
367 }
|
|
368 }
|
|
369
|
|
370 if (authAgent.addIdentity(pair, comment, confirmUse, lifetime))
|
|
371 os.write(SSH_AGENT_SUCCESS);
|
|
372 else
|
|
373 os.write(SSH_AGENT_FAILURE);
|
|
374 }
|
|
375 catch (IOException e) {
|
|
376 try {
|
|
377 os.write(SSH_AGENT_FAILURE);
|
|
378 }
|
|
379 catch (IOException e1) {
|
|
380 }
|
|
381 }
|
|
382 }
|
|
383
|
|
384 /**
|
|
385 * @param tr
|
|
386 */
|
|
387 private void removeIdentity(TypesReader tr) {
|
|
388 try {
|
|
389 if (failWhenLocked())
|
|
390 return;
|
|
391
|
|
392 byte[] publicKey = tr.readByteString();
|
|
393
|
|
394 if (authAgent.removeIdentity(publicKey))
|
|
395 os.write(SSH_AGENT_SUCCESS);
|
|
396 else
|
|
397 os.write(SSH_AGENT_FAILURE);
|
|
398 }
|
|
399 catch (IOException e) {
|
|
400 try {
|
|
401 os.write(SSH_AGENT_FAILURE);
|
|
402 }
|
|
403 catch (IOException e1) {
|
|
404 }
|
|
405 }
|
|
406 }
|
|
407
|
|
408 /**
|
|
409 * @param tr
|
|
410 */
|
|
411 private void removeAllIdentities(TypesReader tr) {
|
|
412 try {
|
|
413 if (failWhenLocked())
|
|
414 return;
|
|
415
|
|
416 if (authAgent.removeAllIdentities())
|
|
417 os.write(SSH_AGENT_SUCCESS);
|
|
418 else
|
|
419 os.write(SSH_AGENT_FAILURE);
|
|
420 }
|
|
421 catch (IOException e) {
|
|
422 try {
|
|
423 os.write(SSH_AGENT_FAILURE);
|
|
424 }
|
|
425 catch (IOException e1) {
|
|
426 }
|
|
427 }
|
|
428 }
|
|
429
|
|
430 private void processSignRequest(TypesReader tr) {
|
|
431 try {
|
|
432 if (failWhenLocked())
|
|
433 return;
|
|
434
|
|
435 byte[] publicKeyBytes = tr.readByteString();
|
|
436 byte[] challenge = tr.readByteString();
|
|
437 int flags = tr.readUINT32();
|
|
438
|
|
439 if (flags != 0) {
|
|
440 // We don't understand any flags; abort!
|
|
441 os.write(SSH_AGENT_FAILURE);
|
|
442 return;
|
|
443 }
|
|
444
|
|
445 KeyPair pair = authAgent.getKeyPair(publicKeyBytes);
|
|
446
|
|
447 if (pair == null) {
|
|
448 os.write(SSH_AGENT_FAILURE);
|
|
449 return;
|
|
450 }
|
|
451
|
|
452 byte[] response;
|
|
453 PrivateKey privKey = pair.getPrivate();
|
|
454
|
|
455 if (privKey instanceof RSAPrivateKey) {
|
|
456 byte[] signature = RSASHA1Verify.generateSignature(challenge,
|
|
457 (RSAPrivateKey) privKey);
|
|
458 response = RSASHA1Verify.encodeSSHRSASignature(signature);
|
|
459 }
|
|
460 else if (privKey instanceof DSAPrivateKey) {
|
|
461 byte[] signature = DSASHA1Verify.generateSignature(challenge,
|
|
462 (DSAPrivateKey) privKey, new SecureRandom());
|
303
|
463 response = DSASHA1Verify.encodeSSHDSASignature(signature);
|
294
|
464 }
|
298
|
465 else if (privKey instanceof ECPrivateKey) {
|
302
|
466 ECPrivateKey pk = (ECPrivateKey) privKey;
|
304
|
467 byte[] signature = ECDSASHA2Verify.generateSignature(challenge, pk);
|
|
468 response = ECDSASHA2Verify.encodeSSHECDSASignature(signature, pk.getParams());
|
298
|
469 }
|
294
|
470 else {
|
|
471 os.write(SSH_AGENT_FAILURE);
|
|
472 return;
|
|
473 }
|
|
474
|
|
475 TypesWriter tw = new TypesWriter();
|
|
476 tw.writeByte(SSH2_AGENT_SIGN_RESPONSE);
|
|
477 tw.writeString(response, 0, response.length);
|
|
478 sendPacket(tw.getBytes());
|
|
479 }
|
|
480 catch (IOException e) {
|
|
481 try {
|
|
482 os.write(SSH_AGENT_FAILURE);
|
|
483 }
|
|
484 catch (IOException e1) {
|
|
485 }
|
|
486 }
|
|
487 }
|
|
488
|
|
489 /**
|
|
490 * @param tr
|
|
491 */
|
|
492 private void processLockRequest(TypesReader tr) {
|
|
493 try {
|
|
494 if (failWhenLocked())
|
|
495 return;
|
|
496
|
|
497 String lockPassphrase = tr.readString();
|
|
498
|
|
499 if (!authAgent.setAgentLock(lockPassphrase)) {
|
|
500 os.write(SSH_AGENT_FAILURE);
|
|
501 return;
|
|
502 }
|
|
503 else
|
|
504 os.write(SSH_AGENT_SUCCESS);
|
|
505 }
|
|
506 catch (IOException e) {
|
|
507 try {
|
|
508 os.write(SSH_AGENT_FAILURE);
|
|
509 }
|
|
510 catch (IOException e1) {
|
|
511 }
|
|
512 }
|
|
513 }
|
|
514
|
|
515 /**
|
|
516 * @param tr
|
|
517 */
|
|
518 private void processUnlockRequest(TypesReader tr) {
|
|
519 try {
|
|
520 String unlockPassphrase = tr.readString();
|
|
521
|
|
522 if (authAgent.requestAgentUnlock(unlockPassphrase))
|
|
523 os.write(SSH_AGENT_SUCCESS);
|
|
524 else
|
|
525 os.write(SSH_AGENT_FAILURE);
|
|
526 }
|
|
527 catch (IOException e) {
|
|
528 try {
|
|
529 os.write(SSH_AGENT_FAILURE);
|
|
530 }
|
|
531 catch (IOException e1) {
|
|
532 }
|
|
533 }
|
|
534 }
|
|
535
|
|
536 /**
|
|
537 * @param tw
|
|
538 * @throws IOException
|
|
539 */
|
|
540 private void sendPacket(byte[] message) throws IOException {
|
|
541 TypesWriter packet = new TypesWriter();
|
|
542 packet.writeUINT32(message.length);
|
|
543 packet.writeBytes(message);
|
|
544 os.write(packet.getBytes());
|
|
545 }
|
|
546 }
|