Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Dev
Understanding SSH Certificate signatures
diggyk at gmail
Feb 8, 2021, 10:20 PM
Post #1 of 6 (773 views)
Permalink
Hello OpenSSH community,

I haven't found a good Rust library to verify that a presented OpenSSH
public certificate is valid. My plan is to compare the signature_key to my
trusted CA certs and verify the signature in the user's public certificate.

Here is what I tried but it isn't working:
* create an openssl RSA public key using the n and e from the signature_key
* decrypt the signature with that key to get the hash
* create a hash from all the base64 bytes up to but not including the
signature using SHA1
* compare the hashes, but they do not match

To create my own hash, I'm skipping the opening text identifier in the
cert, but using the "ssh-rsa-cert-v01@openssh.com" string as part of the
octet string.

Am I on the right track? If so, I'll give some details of what I'm doing
so we can hopefully pinpoint where I'm going wrong. (Or if someone knows a
rust crate that actually verifies a certificate instead of just parsing it,
that would be awesome!)

--
Digant Chimanlal "DC" Kasundra
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Understanding SSH Certificate signatures [ In reply to ]
b.candler at pobox
Feb 9, 2021, 12:22 AM
Post #2 of 6 (773 views)
Permalink
On 09/02/2021 06:20, Digant Kasundra wrote:
> I haven't found a good Rust library to verify that a presented OpenSSH
> public certificate is valid. My plan is to compare the signature_key to my
> trusted CA certs and verify the signature in the user's public certificate.

I can't help you with a Rust library, but maybe it's worth going through
what Go's x/crypto/ssh package does?

https://github.com/golang/crypto/blob/eec23a3978ad/ssh/certs.go#L410


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Understanding SSH Certificate signatures [ In reply to ]
mindrot at hda3
Feb 9, 2021, 7:25 AM
Post #3 of 6 (773 views)
Permalink
On Mon, Feb 8, 2021 at 10:23 PM Digant Kasundra <diggyk@gmail.com> wrote:
>
> Hello OpenSSH community,
>
> I haven't found a good Rust library to verify that a presented OpenSSH
> public certificate is valid.

I'm not a rustacean, but this library being actively developed by an
old co-worker might be what you're after

https://github.com/obelisk/sshcerts
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Understanding SSH Certificate signatures [ In reply to ]
diggyk at gmail
Feb 9, 2021, 12:31 PM
Post #4 of 6 (773 views)
Permalink
On Tue, Feb 9, 2021 at 7:25 AM Peter Moody <mindrot@hda3.com> wrote:

> On Mon, Feb 8, 2021 at 10:23 PM Digant Kasundra <diggyk@gmail.com> wrote:
>
> > I haven't found a good Rust library to verify that a presented OpenSSH
> > public certificate is valid.
>
> I'm not a rustacean, but this library being actively developed by an
> old co-worker might be what you're after
>
> https://github.com/obelisk/sshcerts
>

This is perfect! Thank you!
--
Digant Chimanlal "DC" Kasundra
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Understanding SSH Certificate signatures [ In reply to ]
djm at mindrot
Feb 9, 2021, 3:38 PM
Post #5 of 6 (773 views)
Permalink
On Mon, 8 Feb 2021, Digant Kasundra wrote:

> Hello OpenSSH community,
>
> I haven't found a good Rust library to verify that a presented OpenSSH
> public certificate is valid. My plan is to compare the signature_key to my
> trusted CA certs and verify the signature in the user's public certificate.
>
> Here is what I tried but it isn't working:
> * create an openssl RSA public key using the n and e from the signature_key
> * decrypt the signature with that key to get the hash
> * create a hash from all the base64 bytes up to but not including the
> signature using SHA1

Current versions of OpenSSH use sha-256 for certificate signatures by
default, so that's one possile problem.

> * compare the hashes, but they do not match

Your approach seems reasonable. The certificate signature is made using
exactly the same rules and structure as other SSH signatures. Are you
following these? If so, then the only other possibility is that you are
including the wrong bytes in the hash :)

> To create my own hash, I'm skipping the opening text identifier in the
> cert, but using the "ssh-rsa-cert-v01@openssh.com" string as part of the
> octet string.

The signed hash definitely includes this (and the four byte length before it)

> Am I on the right track? If so, I'll give some details of what I'm doing
> so we can hopefully pinpoint where I'm going wrong. (Or if someone knows a
> rust crate that actually verifies a certificate instead of just parsing it,
> that would be awesome!)

My advice is to take a copy of OpenSSH, insert a
sshbuf_dump_data(sshbuf_ptr(key->cert->certblob), signed_len, stderr)
in sshkey.c:cert_parse() right before the sshkey_verify() call and
compare what is you are including in your hash to what OpenSSH is.
I've never solved a signature verification bug without printf debugging :)

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Understanding SSH Certificate signatures [ In reply to ]
diggyk at gmail
Feb 9, 2021, 7:52 PM
Post #6 of 6 (773 views)
Permalink
Awesome, thanks!

On Tue, Feb 9, 2021 at 3:38 PM Damien Miller <djm@mindrot.org> wrote:

> On Mon, 8 Feb 2021, Digant Kasundra wrote:
>
> > Hello OpenSSH community,
> >
> > I haven't found a good Rust library to verify that a presented OpenSSH
> > public certificate is valid. My plan is to compare the signature_key to
> my
> > trusted CA certs and verify the signature in the user's public
> certificate.
> >
> > Here is what I tried but it isn't working:
> > * create an openssl RSA public key using the n and e from the
> signature_key
> > * decrypt the signature with that key to get the hash
> > * create a hash from all the base64 bytes up to but not including the
> > signature using SHA1
>
> Current versions of OpenSSH use sha-256 for certificate signatures by
> default, so that's one possile problem.
>
> > * compare the hashes, but they do not match
>
> Your approach seems reasonable. The certificate signature is made using
> exactly the same rules and structure as other SSH signatures. Are you
> following these? If so, then the only other possibility is that you are
> including the wrong bytes in the hash :)
>
> > To create my own hash, I'm skipping the opening text identifier in the
> > cert, but using the "ssh-rsa-cert-v01@openssh.com" string as part of the
> > octet string.
>
> The signed hash definitely includes this (and the four byte length before
> it)
>
> > Am I on the right track? If so, I'll give some details of what I'm doing
> > so we can hopefully pinpoint where I'm going wrong. (Or if someone
> knows a
> > rust crate that actually verifies a certificate instead of just parsing
> it,
> > that would be awesome!)
>
> My advice is to take a copy of OpenSSH, insert a
> sshbuf_dump_data(sshbuf_ptr(key->cert->certblob), signed_len, stderr)
> in sshkey.c:cert_parse() right before the sshkey_verify() call and
> compare what is you are including in your hash to what OpenSSH is.
> I've never solved a signature verification bug without printf debugging :)
>
> -d
>


--
Digant Chimanlal "DC" Kasundra
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal