1 files changed, 164 insertions, 0 deletions
diff --git a/PROTOCOL.krl b/PROTOCOL.krl
new file mode 100644
index 000000000..e8caa4527
--- /dev/null
+++ b/PROTOCOL.krl
@@ -0,0 +1,164 @@
+This describes the key/certificate revocation list format for OpenSSH.
+1. Overall format
+The KRL consists of a header and zero or more sections. The header is:
+#define KRL_MAGIC               0x5353484b524c0a00ULL  /* "SSHKRL\n\0" */
+#define KRL_FORMAT_VERSION      1
+        uint64  KRL_MAGIC
+        uint32  KRL_FORMAT_VERSION
+        uint64  krl_version
+        uint64  generated_date
+        uint64  flags
+        string  reserved
+        string  comment
+Where "krl_version" is a version number that increases each time the KRL
+is modified, "generated_date" is the time in seconds since 1970-01-01
+00:00:00 UTC that the KRL was generated, "comment" is an optional comment
+and "reserved" an extension field whose contents are currently ignored.
+No "flags" are currently defined.
+Following the header are zero or more sections, each consisting of:
+        byte    section_type
+        string  section_data
+Where "section_type" indicates the type of the "section_data". An exception
+to this is the KRL_SECTION_SIGNATURE section, that has a slightly different
+format (see below).
+The available section types are:
+#define KRL_SECTION_CERTIFICATES                1
+#define KRL_SECTION_EXPLICIT_KEY                2
+#define KRL_SECTION_FINGERPRINT_SHA1            3
+#define KRL_SECTION_SIGNATURE                   4
+3. Certificate serial section
+These sections use type KRL_SECTION_CERTIFICATES to revoke certificates by
+serial number or key ID. The consist of the CA key that issued the
+certificates to be revoked and a reserved field whose contents is currently
+ignored.
+        string ca_key
+        string reserved
+Followed by one or more sections:
+        byte    cert_section_type
+        string  cert_section_data
+The certificate section types are:
+#define KRL_SECTION_CERT_SERIAL_LIST    0x20
+#define KRL_SECTION_CERT_SERIAL_RANGE   0x21
+#define KRL_SECTION_CERT_SERIAL_BITMAP  0x22
+#define KRL_SECTION_CERT_KEY_ID         0x23
+2.1 Certificate serial list section
+This section is identified as KRL_SECTION_CERT_SERIAL_LIST. It revokes
+certificates by listing their serial numbers. The cert_section_data in this
+case contains:
+        uint64  revoked_cert_serial
+        uint64  ...
+This section may appear multiple times.
+2.2. Certificate serial range section
+These sections use type KRL_SECTION_CERT_SERIAL_RANGE and hold
+a range of serial numbers of certificates:
+        uint64  serial_min
+        uint64  serial_max
+All certificates in the range serial_min <= serial <= serial_max are
+revoked.
+This section may appear multiple times.
+2.3. Certificate serial bitmap section
+Bitmap sections use type KRL_SECTION_CERT_SERIAL_BITMAP and revoke keys
+by listing their serial number in a bitmap.
+        uint64  serial_offset
+        mpint   revoked_keys_bitmap
+A bit set at index N in the bitmap corresponds to revocation of a keys with
+serial number (serial_offset + N).
+This section may appear multiple times.
+2.4. Revoked key ID sections
+KRL_SECTION_CERT_KEY_ID sections revoke particular certificate "key
+ID" strings. This may be useful in revoking all certificates
+associated with a particular identity, e.g. a host or a user.
+        string  key_id[0]
+        ...
+This section must contain at least one "key_id". This section may appear
+multiple times.
+3. Explicit key sections
+These sections, identified as KRL_SECTION_EXPLICIT_KEY, revoke keys
+(not certificates). They are less space efficient than serial numbers,
+but are able to revoke plain keys.
+        string  public_key_blob[0]
+        ....
+This section must contain at least one "public_key_blob". The blob
+must be a raw key (i.e. not a certificate).
+This section may appear multiple times.
+4. SHA1 fingerprint sections
+These sections, identified as KRL_SECTION_FINGERPRINT_SHA1, revoke
+plain keys (i.e. not certificates) by listing their SHA1 hashes:
+        string  public_key_hash[0]
+        ....
+This section must contain at least one "public_key_hash". The hash blob
+is obtained by taking the SHA1 hash of the public key blob. Hashes in
+this section must appear in numeric order, treating each hash as a big-
+endian integer.
+This section may appear multiple times.
+5. KRL signature sections
+The KRL_SECTION_SIGNATURE section serves a different purpose to the
+preceeding ones: to provide cryptographic authentication of a KRL that
+is retrieved over a channel that does not provide integrity protection.
+Its format is slightly different to the previously-described sections:
+in order to simplify the signature generation, it includes as a "body"
+two string components instead of one.
+        byte    KRL_SECTION_SIGNATURE
+        string  signature_key
+        string  signature
+The signature is calculated over the entire KRL from the KRL_MAGIC
+to this subsection's "signature_key", including both and using the
+signature generation rules appropriate for the type of "signature_key".
+This section must appear last in the KRL. If multiple signature sections
+appear, they must appear consecutively at the end of the KRL file.
+Implementations that retrieve KRLs over untrusted channels must verify
+signatures. Signature sections are optional for KRLs distributed by
+trusted means.
+$OpenBSD: PROTOCOL.krl,v 1.2 2013/01/18 00:24:58 djm Exp $

diff --git a/PROTOCOL.krl b/PROTOCOL.krl new file mode 100644 index 000000000..e8caa4527 --- /dev/null +++ b/PROTOCOL.krl
@@ -0,0 +1,164 @@
	1	This describes the key/certificate revocation list format for OpenSSH.
	2
	3	1. Overall format
	4
	5	The KRL consists of a header and zero or more sections. The header is:
	6
	7	#define KRL_MAGIC 0x5353484b524c0a00ULL /* "SSHKRL\n\0" */
	8	#define KRL_FORMAT_VERSION 1
	9
	10	uint64 KRL_MAGIC
	11	uint32 KRL_FORMAT_VERSION
	12	uint64 krl_version
	13	uint64 generated_date
	14	uint64 flags
	15	string reserved
	16	string comment
	17
	18	Where "krl_version" is a version number that increases each time the KRL
	19	is modified, "generated_date" is the time in seconds since 1970-01-01
	20	00:00:00 UTC that the KRL was generated, "comment" is an optional comment
	21	and "reserved" an extension field whose contents are currently ignored.
	22	No "flags" are currently defined.
	23
	24	Following the header are zero or more sections, each consisting of:
	25
	26	byte section_type
	27	string section_data
	28
	29	Where "section_type" indicates the type of the "section_data". An exception
	30	to this is the KRL_SECTION_SIGNATURE section, that has a slightly different
	31	format (see below).
	32
	33	The available section types are:
	34
	35	#define KRL_SECTION_CERTIFICATES 1
	36	#define KRL_SECTION_EXPLICIT_KEY 2
	37	#define KRL_SECTION_FINGERPRINT_SHA1 3
	38	#define KRL_SECTION_SIGNATURE 4
	39
	40	3. Certificate serial section
	41
	42	These sections use type KRL_SECTION_CERTIFICATES to revoke certificates by
	43	serial number or key ID. The consist of the CA key that issued the
	44	certificates to be revoked and a reserved field whose contents is currently
	45	ignored.
	46
	47	string ca_key
	48	string reserved
	49
	50	Followed by one or more sections:
	51
	52	byte cert_section_type
	53	string cert_section_data
	54
	55	The certificate section types are:
	56
	57	#define KRL_SECTION_CERT_SERIAL_LIST 0x20
	58	#define KRL_SECTION_CERT_SERIAL_RANGE 0x21
	59	#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22
	60	#define KRL_SECTION_CERT_KEY_ID 0x23
	61
	62	2.1 Certificate serial list section
	63
	64	This section is identified as KRL_SECTION_CERT_SERIAL_LIST. It revokes
	65	certificates by listing their serial numbers. The cert_section_data in this
	66	case contains:
	67
	68	uint64 revoked_cert_serial
	69	uint64 ...
	70
	71	This section may appear multiple times.
	72
	73	2.2. Certificate serial range section
	74
	75	These sections use type KRL_SECTION_CERT_SERIAL_RANGE and hold
	76	a range of serial numbers of certificates:
	77
	78	uint64 serial_min
	79	uint64 serial_max
	80
	81	All certificates in the range serial_min <= serial <= serial_max are
	82	revoked.
	83
	84	This section may appear multiple times.
	85
	86	2.3. Certificate serial bitmap section
	87
	88	Bitmap sections use type KRL_SECTION_CERT_SERIAL_BITMAP and revoke keys
	89	by listing their serial number in a bitmap.
	90
	91	uint64 serial_offset
	92	mpint revoked_keys_bitmap
	93
	94	A bit set at index N in the bitmap corresponds to revocation of a keys with
	95	serial number (serial_offset + N).
	96
	97	This section may appear multiple times.
	98
	99	2.4. Revoked key ID sections
	100
	101	KRL_SECTION_CERT_KEY_ID sections revoke particular certificate "key
	102	ID" strings. This may be useful in revoking all certificates
	103	associated with a particular identity, e.g. a host or a user.
	104
	105	string key_id[0]
	106	...
	107
	108	This section must contain at least one "key_id". This section may appear
	109	multiple times.
	110
	111	3. Explicit key sections
	112
	113	These sections, identified as KRL_SECTION_EXPLICIT_KEY, revoke keys
	114	(not certificates). They are less space efficient than serial numbers,
	115	but are able to revoke plain keys.
	116
	117	string public_key_blob[0]
	118	....
	119
	120	This section must contain at least one "public_key_blob". The blob
	121	must be a raw key (i.e. not a certificate).
	122
	123	This section may appear multiple times.
	124
	125	4. SHA1 fingerprint sections
	126
	127	These sections, identified as KRL_SECTION_FINGERPRINT_SHA1, revoke
	128	plain keys (i.e. not certificates) by listing their SHA1 hashes:
	129
	130	string public_key_hash[0]
	131	....
	132
	133	This section must contain at least one "public_key_hash". The hash blob
	134	is obtained by taking the SHA1 hash of the public key blob. Hashes in
	135	this section must appear in numeric order, treating each hash as a big-
	136	endian integer.
	137
	138	This section may appear multiple times.
	139
	140	5. KRL signature sections
	141
	142	The KRL_SECTION_SIGNATURE section serves a different purpose to the
	143	preceeding ones: to provide cryptographic authentication of a KRL that
	144	is retrieved over a channel that does not provide integrity protection.
	145	Its format is slightly different to the previously-described sections:
	146	in order to simplify the signature generation, it includes as a "body"
	147	two string components instead of one.
	148
	149	byte KRL_SECTION_SIGNATURE
	150	string signature_key
	151	string signature
	152
	153	The signature is calculated over the entire KRL from the KRL_MAGIC
	154	to this subsection's "signature_key", including both and using the
	155	signature generation rules appropriate for the type of "signature_key".
	156
	157	This section must appear last in the KRL. If multiple signature sections
	158	appear, they must appear consecutively at the end of the KRL file.
	159
	160	Implementations that retrieve KRLs over untrusted channels must verify
	161	signatures. Signature sections are optional for KRLs distributed by
	162	trusted means.
	163
	164	$OpenBSD: PROTOCOL.krl,v 1.2 2013/01/18 00:24:58 djm Exp $