Add support for certificate key types for users and hosts.

OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
author: djm <djm@openbsd.org> 2010-02-26 20:29:54 +0000
committer: djm <djm@openbsd.org> 2010-02-26 20:29:54 +0000
commit: b94e498ee01728630740033222d91168419128b4 (patch)
tree: 00cafcbcc946aee33ddeab7d750bbadcb35ff01d /usr.bin/ssh/sshconnect.c
parent: Back out the last commit. Bizzarely, that extra l@ makes boong from CD fail! (diff)
download: wireguard-openbsd-b94e498ee01728630740033222d91168419128b4.tar.xz
wireguard-openbsd-b94e498ee01728630740033222d91168419128b4.zip
1 files changed, 65 insertions, 13 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index a568d6557e4..df5a9bdcb5a 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.218 2010/01/13 00:19:04 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.219 2010/02/26 20:29:54 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -49,6 +49,7 @@
 #include "misc.h"
 #include "dns.h"
 #include "roaming.h"
+#include "ssh2.h"
 #include "version.h"
 
 char *client_version_string = NULL;
@@ -567,6 +568,23 @@ confirm(const char *prompt)
 	}
 }
 
+static int
+check_host_cert(const char *host, const Key *host_key)
+{
+	const char *reason;
+
+	if (key_cert_check_authority(host_key, 1, 0, host, &reason) != 0) {
+		error("%s", reason);
+		return 0;
+	}
+	if (buffer_len(&host_key->cert->constraints) != 0) {
+		error("Certificate for %s contains unsupported constraint(s)",
+		    host);
+		return 0;
+	}
+	return 1;
+}
+
 /*
  * check whether the supplied host key is valid, return -1 if the key
  * is not valid. the user_hostfile will not be updated if 'readonly' is true.
@@ -579,13 +597,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
     Key *host_key, int readonly, const char *user_hostfile,
     const char *system_hostfile)
 {
-	Key *file_key;
-	const char *type = key_type(host_key);
+	Key *file_key, *raw_key = NULL;
+	const char *type;
 	char *ip = NULL, *host = NULL;
 	char hostline[1000], *hostp, *fp, *ra;
 	HostStatus host_status;
 	HostStatus ip_status;
-	int r, local = 0, host_ip_differ = 0;
+	int r, want_cert, local = 0, host_ip_differ = 0;
 	char ntop[NI_MAXHOST];
 	char msg[1024];
 	int len, host_line, ip_line, cancelled_forwarding = 0;
@@ -654,11 +672,15 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 		host = put_host_port(hostname, port);
 	}
 
+ retry:
+	want_cert = key_is_cert(host_key);
+	type = key_type(host_key);
+
 	/*
 	 * Store the host key from the known host file in here so that we can
 	 * compare it with the key for the IP address.
 	 */
-	file_key = key_new(host_key->type);
+	file_key = key_new(key_is_cert(host_key) ? KEY_UNSPEC : host_key->type);
 
 	/*
 	 * Check if the host key is present in the user's list of known
@@ -674,9 +696,10 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 	}
 	/*
 	 * Also perform check for the ip address, skip the check if we are
-	 * localhost or the hostname was an ip address to begin with
+	 * localhost, looking for a certificate, or the hostname was an ip
+	 * address to begin with.
 	 */
-	if (options.check_host_ip) {
+	if (!want_cert && options.check_host_ip) {
 		Key *ip_key = key_new(host_key->type);
 
 		ip_file = user_hostfile;
@@ -700,11 +723,14 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 	switch (host_status) {
 	case HOST_OK:
 		/* The host is known and the key matches. */
-		debug("Host '%.200s' is known and matches the %s host key.",
-		    host, type);
-		debug("Found key in %s:%d", host_file, host_line);
+		debug("Host '%.200s' is known and matches the %s host %s.",
+		    host, type, want_cert ? "certificate" : "key");
+		debug("Found %s in %s:%d",
+		    want_cert ? "certificate" : "key", host_file, host_line);
+		if (want_cert && !check_host_cert(hostname, host_key))
+			goto fail;
 		if (options.check_host_ip && ip_status == HOST_NEW) {
-			if (readonly)
+			if (readonly || want_cert)
 				logit("%s host key for IP address "
 				    "'%.128s' not in list of known hosts.",
 				    type, ip);
@@ -736,7 +762,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 				break;
 			}
 		}
-		if (readonly)
+		if (readonly || want_cert)
 			goto fail;
 		/* The host is new. */
 		if (options.strict_host_key_checking == 1) {
@@ -821,6 +847,17 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 			    "list of known hosts.", hostp, type);
 		break;
 	case HOST_CHANGED:
+		if (want_cert) {
+			/*
+			 * This is only a debug() since it is valid to have
+			 * CAs with wildcard DNS matches that don't match
+			 * all hosts that one might visit.
+			 */
+			debug("Host certificate authority does not "
+			    "match %s in %s:%d", CA_MARKER,
+			    host_file, host_line);
+			goto fail;
+		}
 		if (readonly == ROQUIET)
 			goto fail;
 		if (options.check_host_ip && host_ip_differ) {
@@ -957,6 +994,20 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 	return 0;
 
 fail:
+	if (want_cert) {
+		/*
+		 * No matching certificate. Downgrade cert to raw key and
+		 * search normally.
+		 */
+		debug("No matching CA found. Retry with plain key");
+		raw_key = key_from_private(host_key);
+		if (key_drop_cert(raw_key) != 0)
+			fatal("Couldn't drop certificate");
+		host_key = raw_key;
+		goto retry;
+	}
+	if (raw_key != NULL)
+		key_free(raw_key);
 	xfree(ip);
 	xfree(host);
 	return -1;
@@ -969,7 +1020,8 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
 	struct stat st;
 	int flags = 0;
 
-	if (options.verify_host_key_dns &&
+	/* XXX certs are not yet supported for DNS */
+	if (!key_is_cert(host_key) && options.verify_host_key_dns &&
 	    verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
 
 		if (flags & DNS_VERIFY_FOUND) {
author	djm <djm@openbsd.org>	2010-02-26 20:29:54 +0000
committer	djm <djm@openbsd.org>	2010-02-26 20:29:54 +0000
commit	b94e498ee01728630740033222d91168419128b4 (patch)
tree	00cafcbcc946aee33ddeab7d750bbadcb35ff01d /usr.bin/ssh/sshconnect.c
parent	Back out the last commit. Bizzarely, that extra l@ makes boong from CD fail! (diff)
download	wireguard-openbsd-b94e498ee01728630740033222d91168419128b4.tar.xz wireguard-openbsd-b94e498ee01728630740033222d91168419128b4.zip