[ssh_x509] empty x509v3-ecdsa-sha2-nistp256 key?

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Wed Feb 15 09:23:27 EET 2017


Hi Lee,

ssh_x509 at roumenpetrov.info wrote:
> Hi Roumen,
>
> [SNIP]
>> For RSA keys name of signature is only ssh-rsa. Maverick sends name of algorithm, i.e. x509v3-ssh-rsa.
> Yes its sending the public key algorithm name. This has been fixed to send private key algorithm which remains to be ssh-rsa.
Thanks,
I would like to confirm that 1.7.4 snapshot from 2017-02-09 fixes above 
issue.

> [SNIP]
> I had tested originally with your patch most likely using a self-signed certificate which explains why certificate encoding passed.
This part in not changed in 1.7.4-snapshot(20170209). Maverick still 
send <total_len><der1><der2>.
It is expect test to pass with single certificate as <total_len><der1> 
is same as <len1><der1>.
PKIX-SSH regression tests use root CA, intermediate CA that issue 
certificates used in test.
Also self-signed certificates are tested as well.

In RFC format is documents as
...
      uint32  certificate-count
      string  certificate[1..certificate-count]
...
but actually is "string array" and this is visible in sample section.

> Did you get more strict on the signature algorithm name at any point?
Signature algorithm is not strict . Its depend from settings in option 
X509KeyAlgorithm. "Signature name" is optional string in free format.
For instance if options is defined like this
X509KeyAlgorithm  x509v3-sign-dss,dss-asn1,bar
X509KeyAlgorithm  x509v3-sign-dss,dss-asn1,foo
accepted signature name is bar or foo.
Option in the middle determine how is encoded . In particular case above 
dss-asn1 mean encoded using ASN1. notation (DER). This part depend from 
code.
Name of algorithm (first part) also depend from code is used to match to 
base key type RSA,DSA,etc and format of key "blob" (like rfc 6187).
*
*
> I'm pretty sure the tests passed at that stage.
During the test I found another issue in ECDSA signature encoding :(.
I did note that format of ecdsa_signature_blob should be same as is 
described for plain keys in RFC5656.
My implementation uses ASN.1 notation.
For upcoming  version  encoding of ECDSA will be changed to conform with 
standard (RFC 6187)


Brief  status of the tests client sshtoools - server pkix-ssh:
Prerequisites:
a) one certificate in client key (sshtoools, 1.7.4 from 2017-02-09 )
b) conform to RFC 6187 key-blob and ecdsa signature (pkix-ssh, 
development/10.0 beta1)

1) Client could connect to server with five RFC 6187 public-key 
algorithms. Test are based on sample X509Connect.java.
- x509v3-ecdsa-sha2-nistp256
- x509v3-ecdsa-sha2-nistp384
- x509v3-ecdsa-sha2-nistp521
- x509v3-ssh-rsa
- x509v3-ssh-dss

2) Server with host-key in above formats.
As pkix-ssh build internaly certificate chain, server host keys always 
is encoded three certificates in "key blob".
Test use sample PublicKeyConnect.java.
- rsa, dsa and ecdsa (nistp256) pass
- ecdsa (nistp384 and nist521) fail

Part of java log when connections succeeded:
...
[DEBUG com.maverick.ssh2.TransportProtocol] 1426 - Remote computer 
supports public keys: x509v3-ecdsa-sha2-nistp256
[DEBUG com.maverick.ssh.components.jce.client.DiffieHellmanGroup14Sha1] 
146 - Sending SSH_MSG_KEXDH_INIT
[DEBUG com.maverick.ssh.components.jce.client.DiffieHellmanGroup14Sha1] 
176 - Received SSH_MSG_KEXDH_REPLY
[DEBUG com.maverick.ssh2.TransportProtocol] 1440 - Negotiated public 
key: x509v3-ecdsa-sha2-nistp256
[DEBUG 
com.maverick.ssh.components.jce.SshX509EcdsaSha2NistPublicKeyRfc6187] 55 
- Expecting chain of 3
The connected host's key (x509v3-ecdsa-sha2-nistp256) is
MD5:8e:c0:e4:b8:b4:c6:3b:97:00:46:62:66:9f:8d:7a:14
[DEBUG com.maverick.ssh2.TransportProtocol] 1531 - Sending SSH_MSG_NEWKEYS
...

Part of java log when connections fail:
...
[DEBUG com.maverick.ssh.components.jce.client.DiffieHellmanGroup14Sha1] 
146 - Sending SSH_MSG_KEXDH_INIT
[DEBUG com.maverick.ssh.components.jce.client.DiffieHellmanGroup14Sha1] 
176 - Received SSH_MSG_KEXDH_REPLY
[DEBUG com.maverick.ssh2.TransportProtocol] 1440 - Negotiated public 
key: x509v3-ecdsa-sha2-nistp384
[ERROR com.maverick.ssh.SshConnector] 641 - Failed to create connection
com.maverick.ssh.SshException: Public key blob is not a 
x509v3-ecdsa-sha2-nistp256 formatted key [x509v3-ecdsa-sha2-nistp384] 
[Unknown cause]
         at 
com.maverick.ssh.components.jce.SshX509EcdsaSha2NistPublicKeyRfc6187.init(SshX509EcdsaSha2NistPublicKeyRfc6187.java:48)
...

> [SNIP]
> Regards
>
> Lee

Regards,
Roumen





More information about the ssh_x509 mailing list