upstream: Allow testing signature syntax and validity without verifying

that a signature came from a trusted signer. To discourage accidental or
unintentional use, this is invoked by the deliberately ugly option name
"check-novalidate"

from Sebastian Kinne

OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b

2 files changed, 44 insertions, 10 deletions

diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 081158546..f8dafb3aa 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.166 2019/09/05 05:47:23 jmc Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.167 2019/09/16 03:23:02 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 5 2019 $
+.Dd $Mdocdate: September 16 2019 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -149,10 +149,14 @@
 .Nm ssh-keygen
 .Fl Y Cm verify
 .Fl I Ar signer_identity
-.Fl f Ar allowed_keys_file
+.Fl f Ar allowed_signers_file
 .Fl n Ar namespace
 .Fl s Ar signature_file
 .Op Fl r Ar revocation_file
+.Nm ssh-keygen
+.Fl Y Cm check-novalidate
+.Fl s Ar signature_file
+.Fl n Ar namespace
 .Ek
 .Sh DESCRIPTION
 .Nm
@@ -716,6 +720,20 @@ flag.
 The revocation file may be a KRL or a one-per-line list of public keys.
 Successful verification by an authorized signer is signalled by
 .Nm
+.It Fl Y Cm check-novalidate
+Checks that a signature generated using
+.Nm
+.Fl Y Cm sign
+has a valid structure.
+This does not validate if a signature comes from an authorized signer.
+When testing a signature,
+.Nm
+accepts a message on standard input and a signature namespace using
+.Fl n .
+A file containing the corresponding signature must also be supplied using the
+.Fl s
+flag. Successful testing of the signature is signalled by
+.Nm
 returning a zero exit status.
 .It Fl z Ar serial_number
 Specifies a serial number to be embedded in the certificate to distinguish
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 570f31795..0dfad08c4 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.349 2019/09/06 07:53:40 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.350 2019/09/16 03:23:02 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2666,8 +2666,9 @@ verify(const char *signature, const char *sig_namespace, const char *principal,
                 }
         }
 
-        if ((r = sshsig_check_allowed_keys(allowed_keys, sign_key,
-            principal, sig_namespace)) != 0) {
+        if (allowed_keys != NULL &&
+            (r = sshsig_check_allowed_keys(allowed_keys, sign_key,
+                                           principal, sig_namespace)) != 0) {
                 debug3("sshsig_check_allowed_keys failed: %s", ssh_err(r));
                 goto done;
         }
@@ -2681,9 +2682,15 @@ done:
                                 fatal("%s: sshkey_fingerprint failed",
                                     __func__);
                         }
-                        printf("Good \"%s\" signature for %s with %s key %s\n",
-                            sig_namespace, principal,
-                            sshkey_type(sign_key), fp);
+                        if (principal == NULL) {
+                                printf("Good \"%s\" signature with %s key %s\n",
+                                       sig_namespace, sshkey_type(sign_key), fp);
+
+                        } else {
+                                printf("Good \"%s\" signature for %s with %s key %s\n",
+                                       sig_namespace, principal,
+                                       sshkey_type(sign_key), fp);
+                        }
                 } else {
                         printf("Could not verify signature.\n");
                 }
@@ -2735,7 +2742,8 @@ usage(void)
             "       ssh-keygen -Q -f krl_file file ...\n"
             "       ssh-keygen -Y sign -f sign_key -n namespace\n"
             "       ssh-keygen -Y verify -I signer_identity -s signature_file\n"
-            "                  -n namespace -f allowed_keys [-r revoked_keys]\n");
+            "                  -n namespace -f allowed_keys [-r revoked_keys]\n"
+            "       ssh-keygen -Y check-novalidate -s signature_file -n namespace\n");
         exit(1);
 }
 
@@ -3034,6 +3042,14 @@ main(int argc, char **argv)
                                 exit(1);
                         }
                         return sign(identity_file, cert_principals, argc, argv);
+                } else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
+                        if (ca_key_path == NULL) {
+                                error("Too few arguments for check-novalidate: "
+                                      "missing signature file");
+                                exit(1);
+                        }
+                        return verify(ca_key_path, cert_principals,
+                                      NULL, NULL, NULL);
                 } else if (strncmp(sign_op, "verify", 6) == 0) {
                         if (ca_key_path == NULL) {
                                 error("Too few arguments for verify: "