Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh/dist from openbsd
details: https://anonhg.NetBSD.org/src/rev/cfcd3db81ddb
branches: trunk
changeset: 785761:cfcd3db81ddb
user: christos <christos%NetBSD.org@localhost>
date: Fri Mar 29 14:52:38 2013 +0000
description:
from openbsd
diffstat:
crypto/external/bsd/openssh/dist/PROTOCOL.krl | 164 +++
crypto/external/bsd/openssh/dist/krl.c | 1228 +++++++++++++++++++++++++
crypto/external/bsd/openssh/dist/krl.h | 63 +
3 files changed, 1455 insertions(+), 0 deletions(-)
diffs (truncated from 1467 to 300 lines):
diff -r def34fd5e6c5 -r cfcd3db81ddb crypto/external/bsd/openssh/dist/PROTOCOL.krl
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.krl Fri Mar 29 14:52:38 2013 +0000
@@ -0,0 +1,164 @@
+This describes the key/certificate revocation list format for OpenSSH.
+
+1. Overall format
+
+The KRL consists of a header and zero or more sections. The header is:
+
+#define KRL_MAGIC 0x5353484b524c0a00ULL /* "SSHKRL\n\0" */
+#define KRL_FORMAT_VERSION 1
+
+ uint64 KRL_MAGIC
+ uint32 KRL_FORMAT_VERSION
+ uint64 krl_version
+ uint64 generated_date
+ uint64 flags
+ string reserved
+ string comment
+
+Where "krl_version" is a version number that increases each time the KRL
+is modified, "generated_date" is the time in seconds since 1970-01-01
+00:00:00 UTC that the KRL was generated, "comment" is an optional comment
+and "reserved" an extension field whose contents are currently ignored.
+No "flags" are currently defined.
+
+Following the header are zero or more sections, each consisting of:
+
+ byte section_type
+ string section_data
+
+Where "section_type" indicates the type of the "section_data". An exception
+to this is the KRL_SECTION_SIGNATURE section, that has a slightly different
+format (see below).
+
+The available section types are:
+
+#define KRL_SECTION_CERTIFICATES 1
+#define KRL_SECTION_EXPLICIT_KEY 2
+#define KRL_SECTION_FINGERPRINT_SHA1 3
+#define KRL_SECTION_SIGNATURE 4
+
+3. Certificate serial section
+
+These sections use type KRL_SECTION_CERTIFICATES to revoke certificates by
+serial number or key ID. The consist of the CA key that issued the
+certificates to be revoked and a reserved field whose contents is currently
+ignored.
+
+ string ca_key
+ string reserved
+
+Followed by one or more sections:
+
+ byte cert_section_type
+ string cert_section_data
+
+The certificate section types are:
+
+#define KRL_SECTION_CERT_SERIAL_LIST 0x20
+#define KRL_SECTION_CERT_SERIAL_RANGE 0x21
+#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22
+#define KRL_SECTION_CERT_KEY_ID 0x23
+
+2.1 Certificate serial list section
+
+This section is identified as KRL_SECTION_CERT_SERIAL_LIST. It revokes
+certificates by listing their serial numbers. The cert_section_data in this
+case contains:
+
+ uint64 revoked_cert_serial
+ uint64 ...
+
+This section may appear multiple times.
+
+2.2. Certificate serial range section
+
+These sections use type KRL_SECTION_CERT_SERIAL_RANGE and hold
+a range of serial numbers of certificates:
+
+ uint64 serial_min
+ uint64 serial_max
+
+All certificates in the range serial_min <= serial <= serial_max are
+revoked.
+
+This section may appear multiple times.
+
+2.3. Certificate serial bitmap section
+
+Bitmap sections use type KRL_SECTION_CERT_SERIAL_BITMAP and revoke keys
+by listing their serial number in a bitmap.
+
+ uint64 serial_offset
+ mpint revoked_keys_bitmap
+
+A bit set at index N in the bitmap corresponds to revocation of a keys with
+serial number (serial_offset + N).
+
+This section may appear multiple times.
+
+2.4. Revoked key ID sections
+
+KRL_SECTION_CERT_KEY_ID sections revoke particular certificate "key
+ID" strings. This may be useful in revoking all certificates
+associated with a particular identity, e.g. a host or a user.
+
+ string key_id[0]
+ ...
+
+This section must contain at least one "key_id". This section may appear
+multiple times.
+
+3. Explicit key sections
+
+These sections, identified as KRL_SECTION_EXPLICIT_KEY, revoke keys
+(not certificates). They are less space efficient than serial numbers,
+but are able to revoke plain keys.
+
+ string public_key_blob[0]
+ ....
+
+This section must contain at least one "public_key_blob". The blob
+must be a raw key (i.e. not a certificate).
+
+This section may appear multiple times.
+
+4. SHA1 fingerprint sections
+
+These sections, identified as KRL_SECTION_FINGERPRINT_SHA1, revoke
+plain keys (i.e. not certificates) by listing their SHA1 hashes:
+
+ string public_key_hash[0]
+ ....
+
+This section must contain at least one "public_key_hash". The hash blob
+is obtained by taking the SHA1 hash of the public key blob. Hashes in
+this section must appear in numeric order, treating each hash as a big-
+endian integer.
+
+This section may appear multiple times.
+
+5. KRL signature sections
+
+The KRL_SECTION_SIGNATURE section serves a different purpose to the
+preceeding ones: to provide cryptographic authentication of a KRL that
+is retrieved over a channel that does not provide integrity protection.
+Its format is slightly different to the previously-described sections:
+in order to simplify the signature generation, it includes as a "body"
+two string components instead of one.
+
+ byte KRL_SECTION_SIGNATURE
+ string signature_key
+ string signature
+
+The signature is calculated over the entire KRL from the KRL_MAGIC
+to this subsection's "signature_key", including both and using the
+signature generation rules appropriate for the type of "signature_key".
+
+This section must appear last in the KRL. If multiple signature sections
+appear, they must appear consecutively at the end of the KRL file.
+
+Implementations that retrieve KRLs over untrusted channels must verify
+signatures. Signature sections are optional for KRLs distributed by
+trusted means.
+
+$OpenBSD: PROTOCOL.krl,v 1.2 2013/01/18 00:24:58 djm Exp $
diff -r def34fd5e6c5 -r cfcd3db81ddb crypto/external/bsd/openssh/dist/krl.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/krl.c Fri Mar 29 14:52:38 2013 +0000
@@ -0,0 +1,1228 @@
+/*
+ * Copyright (c) 2012 Damien Miller <djm%mindrot.org@localhost>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $OpenBSD: krl.c,v 1.9 2013/01/27 10:06:12 djm Exp $ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/tree.h>
+#include <sys/queue.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "buffer.h"
+#include "key.h"
+#include "authfile.h"
+#include "err.h"
+#include "misc.h"
+#include "log.h"
+#include "xmalloc.h"
+
+#include "krl.h"
+
+/* #define DEBUG_KRL */
+#ifdef DEBUG_KRL
+# define KRL_DBG(x) debug3 x
+#else
+# define KRL_DBG(x)
+#endif
+
+/*
+ * Trees of revoked serial numbers, key IDs and keys. This allows
+ * quick searching, querying and producing lists in canonical order.
+ */
+
+/* Tree of serial numbers. XXX make smarter: really need a real sparse bitmap */
+struct revoked_serial {
+ u_int64_t lo, hi;
+ RB_ENTRY(revoked_serial) tree_entry;
+};
+static int serial_cmp(struct revoked_serial *a, struct revoked_serial *b);
+RB_HEAD(revoked_serial_tree, revoked_serial);
+RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp);
+
+/* Tree of key IDs */
+struct revoked_key_id {
+ char *key_id;
+ RB_ENTRY(revoked_key_id) tree_entry;
+};
+static int key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b);
+RB_HEAD(revoked_key_id_tree, revoked_key_id);
+RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp);
+
+/* Tree of blobs (used for keys and fingerprints) */
+struct revoked_blob {
+ u_char *blob;
+ u_int len;
+ RB_ENTRY(revoked_blob) tree_entry;
+};
+static int blob_cmp(struct revoked_blob *a, struct revoked_blob *b);
+RB_HEAD(revoked_blob_tree, revoked_blob);
+RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp);
+
+/* Tracks revoked certs for a single CA */
+struct revoked_certs {
+ Key *ca_key;
+ struct revoked_serial_tree revoked_serials;
+ struct revoked_key_id_tree revoked_key_ids;
+ TAILQ_ENTRY(revoked_certs) entry;
+};
+TAILQ_HEAD(revoked_certs_list, revoked_certs);
+
+struct ssh_krl {
+ u_int64_t krl_version;
+ u_int64_t generated_date;
+ u_int64_t flags;
+ char *comment;
+ struct revoked_blob_tree revoked_keys;
+ struct revoked_blob_tree revoked_sha1s;
+ struct revoked_certs_list revoked_certs;
+};
+
+/* Return equal if a and b overlap */
+static int
+serial_cmp(struct revoked_serial *a, struct revoked_serial *b)
+{
+ if (a->hi >= b->lo && a->lo <= b->hi)
+ return 0;
+ return a->lo < b->lo ? -1 : 1;
+}
+
+static int
+key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b)
+{
+ return strcmp(a->key_id, b->key_id);
+}
+
+static int
+blob_cmp(struct revoked_blob *a, struct revoked_blob *b)
+{
+ int r;
+
+ if (a->len != b->len) {
+ if ((r = memcmp(a->blob, b->blob, MIN(a->len, b->len))) != 0)
+ return r;
+ return a->len > b->len ? 1 : -1;
+ } else
+ return memcmp(a->blob, b->blob, a->len);
+}
+
+struct ssh_krl *
Home |
Main Index |
Thread Index |
Old Index