diff options
| author |   djm <djm@openbsd.org> | 2019-09-16 03:23:02 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2019-09-16 03:23:02 +0000 |
| commit | 077a957649f17f0b3a804b22ed8d42eb9653ecf2 (patch) | |
| tree | fa3afcd2776f362e70d9dbc0d3cb08da07f33c72 | |
| parent | Add push-default and pop-default in styles to change the default colours (diff) | |
| download | wireguard-openbsd-077a957649f17f0b3a804b22ed8d42eb9653ecf2.tar.xz wireguard-openbsd-077a957649f17f0b3a804b22ed8d42eb9653ecf2.zip | |
Allow testing signature syntax and validity without verifying that
a signature came from a trusted signer. To discourage accidental or
unintentional use, this is invoked by the deliberately ugly option name
"check-novalidate"
from Sebastian Kinne
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.1 | 24 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 30 |
2 files changed, 44 insertions, 10 deletions
diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1 index 08115854629..f8dafb3aae2 100644 --- a/usr.bin/ssh/ssh-keygen.1 +++ b/usr.bin/ssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.166 2019/09/05 05:47:23 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.167 2019/09/16 03:23:02 djm Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 5 2019 $ +.Dd $Mdocdate: September 16 2019 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -149,10 +149,14 @@ .Nm ssh-keygen .Fl Y Cm verify .Fl I Ar signer_identity -.Fl f Ar allowed_keys_file +.Fl f Ar allowed_signers_file .Fl n Ar namespace .Fl s Ar signature_file .Op Fl r Ar revocation_file +.Nm ssh-keygen +.Fl Y Cm check-novalidate +.Fl s Ar signature_file +.Fl n Ar namespace .Ek .Sh DESCRIPTION .Nm @@ -716,6 +720,20 @@ flag. The revocation file may be a KRL or a one-per-line list of public keys. Successful verification by an authorized signer is signalled by .Nm +.It Fl Y Cm check-novalidate +Checks that a signature generated using +.Nm +.Fl Y Cm sign +has a valid structure. +This does not validate if a signature comes from an authorized signer. +When testing a signature, +.Nm +accepts a message on standard input and a signature namespace using +.Fl n . +A file containing the corresponding signature must also be supplied using the +.Fl s +flag. Successful testing of the signature is signalled by +.Nm returning a zero exit status. .It Fl z Ar serial_number Specifies a serial number to be embedded in the certificate to distinguish diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 0d8868e514c..8e2159e7179 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.349 2019/09/06 07:53:40 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.350 2019/09/16 03:23:02 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2649,8 +2649,9 @@ verify(const char *signature, const char *sig_namespace, const char *principal, } } - if ((r = sshsig_check_allowed_keys(allowed_keys, sign_key, - principal, sig_namespace)) != 0) { + if (allowed_keys != NULL && + (r = sshsig_check_allowed_keys(allowed_keys, sign_key, + principal, sig_namespace)) != 0) { debug3("sshsig_check_allowed_keys failed: %s", ssh_err(r)); goto done; } @@ -2664,9 +2665,15 @@ done: fatal("%s: sshkey_fingerprint failed", __func__); } - printf("Good \"%s\" signature for %s with %s key %s\n", - sig_namespace, principal, - sshkey_type(sign_key), fp); + if (principal == NULL) { + printf("Good \"%s\" signature with %s key %s\n", + sig_namespace, sshkey_type(sign_key), fp); + + } else { + printf("Good \"%s\" signature for %s with %s key %s\n", + sig_namespace, principal, + sshkey_type(sign_key), fp); + } } else { printf("Could not verify signature.\n"); } @@ -2718,7 +2725,8 @@ usage(void) " ssh-keygen -Q -f krl_file file ...\n" " ssh-keygen -Y sign -f sign_key -n namespace\n" " ssh-keygen -Y verify -I signer_identity -s signature_file\n" - " -n namespace -f allowed_keys [-r revoked_keys]\n"); + " -n namespace -f allowed_keys [-r revoked_keys]\n" + " ssh-keygen -Y check-novalidate -s signature_file -n namespace\n"); exit(1); } @@ -3016,6 +3024,14 @@ main(int argc, char **argv) exit(1); } return sign(identity_file, cert_principals, argc, argv); + } else if (strncmp(sign_op, "check-novalidate", 16) == 0) { + if (ca_key_path == NULL) { + error("Too few arguments for check-novalidate: " + "missing signature file"); + exit(1); + } + return verify(ca_key_path, cert_principals, + NULL, NULL, NULL); } else if (strncmp(sign_op, "verify", 6) == 0) { if (ca_key_path == NULL) { error("Too few arguments for verify: " |