putty-source/utils/host_ca_new_free.c

#include "defs.h"
#include "misc.h"
#include "storage.h"

host_ca *host_ca_new(void)
{
    host_ca *hca = snew(host_ca);
    memset(hca, 0, sizeof(*hca));
    hca->opts.permit_rsa_sha1 = false;
    hca->opts.permit_rsa_sha256 = true;
    hca->opts.permit_rsa_sha512 = true;
    return hca;
}

void host_ca_free(host_ca *hca)
{
    sfree(hca->name);
    sfree(hca->validity_expression);
    if (hca->ca_public_key)
        strbuf_free(hca->ca_public_key);
    sfree(hca);
}
Initial support for host certificates. Now we offer the OpenSSH certificate key types in our KEXINIT host key algorithm list, so that if the server has a certificate, they can send it to us. There's a new storage.h abstraction for representing a list of trusted host CAs, and which ones are trusted to certify hosts for what domains. This is stored outside the normal saved session data, because the whole point of host certificates is to avoid per-host faffing. Configuring this set of trusted CAs is done via a new GUI dialog box, separate from the main PuTTY config box (because it modifies a single set of settings across all saved sessions), which you can launch by clicking a button in the 'Host keys' pane. The GUI is pretty crude for the moment, and very much at a 'just about usable' stage right now. It will want some polishing. If we have no CA configured that matches the hostname, we don't offer to receive certified host keys in the first place. So for existing users who haven't set any of this up yet, nothing will immediately change. Currently, if we do offer to receive certified host keys and the server presents one signed by a CA we don't trust, PuTTY will bomb out unconditionally with an error, instead of offering a confirmation box. That's an unfinished part which I plan to fix before this goes into a release. 2022-04-22 11:07:24 +00:00			`#include "defs.h"`
			`#include "misc.h"`
			`#include "storage.h"`

Centralise creation of a host_ca structure. This will allow the central host_ca_new function to pre-populate the structure with default values for the fields, so that once I add more options to CA configuration they can take their default values when loading a saved record from a previous PuTTY version. 2022-05-02 06:40:52 +00:00			`host_ca *host_ca_new(void)`
			`{`
			`host_ca *hca = snew(host_ca);`
			`memset(hca, 0, sizeof(*hca));`
Permit configuring RSA signature types in certificates. As distinct from the type of signature generated by the SSH server itself from the host key, this lets you exclude (and by default does exclude) the old "ssh-rsa" SHA-1 signature type from the signature of the CA on the certificate. 2022-05-02 09:18:16 +00:00			`hca->opts.permit_rsa_sha1 = false;`
			`hca->opts.permit_rsa_sha256 = true;`
			`hca->opts.permit_rsa_sha512 = true;`
Centralise creation of a host_ca structure. This will allow the central host_ca_new function to pre-populate the structure with default values for the fields, so that once I add more options to CA configuration they can take their default values when loading a saved record from a previous PuTTY version. 2022-05-02 06:40:52 +00:00			`return hca;`
			`}`

Initial support for host certificates. Now we offer the OpenSSH certificate key types in our KEXINIT host key algorithm list, so that if the server has a certificate, they can send it to us. There's a new storage.h abstraction for representing a list of trusted host CAs, and which ones are trusted to certify hosts for what domains. This is stored outside the normal saved session data, because the whole point of host certificates is to avoid per-host faffing. Configuring this set of trusted CAs is done via a new GUI dialog box, separate from the main PuTTY config box (because it modifies a single set of settings across all saved sessions), which you can launch by clicking a button in the 'Host keys' pane. The GUI is pretty crude for the moment, and very much at a 'just about usable' stage right now. It will want some polishing. If we have no CA configured that matches the hostname, we don't offer to receive certified host keys in the first place. So for existing users who haven't set any of this up yet, nothing will immediately change. Currently, if we do offer to receive certified host keys and the server presents one signed by a CA we don't trust, PuTTY will bomb out unconditionally with an error, instead of offering a confirmation box. That's an unfinished part which I plan to fix before this goes into a release. 2022-04-22 11:07:24 +00:00			`void host_ca_free(host_ca *hca)`
			`{`
			`sfree(hca->name);`
Certificate trust scope: change to a boolean-expression system. This replaces the previous placeholder scheme of having a list of hostname wildcards with implicit logical-OR semantics (if any wildcard matched then the certificate would be trusted to sign for that host). That scheme didn't allow for exceptions within a domain ('everything in example.com except extra-high-security-machine.example.com'), and also had no way to specify port numbers. In the new system, you can still write a hostname wildcard by itself in the simple case, but now those are just atomic subexpressions in a boolean-logic domain-specific language I've made up. So if you want multiple wildcards, you can separate them with \|\| in a single longer expression, and also you can use && and ! to impose exceptions on top of that. Full details of the expression language are in the comment at the top of utils/cert-expr.c. It'll need documenting properly before release, of course. For the sake of backwards compatibility for early adopters who've already set up configuration in the old system, I've put in some code that will read the old MatchHosts configuration and automatically translate it into the equivalent boolean expression (by simply stringing together the list of wildcards with \|\| between them). 2022-06-12 09:04:26 +00:00			`sfree(hca->validity_expression);`
Initial support for host certificates. Now we offer the OpenSSH certificate key types in our KEXINIT host key algorithm list, so that if the server has a certificate, they can send it to us. There's a new storage.h abstraction for representing a list of trusted host CAs, and which ones are trusted to certify hosts for what domains. This is stored outside the normal saved session data, because the whole point of host certificates is to avoid per-host faffing. Configuring this set of trusted CAs is done via a new GUI dialog box, separate from the main PuTTY config box (because it modifies a single set of settings across all saved sessions), which you can launch by clicking a button in the 'Host keys' pane. The GUI is pretty crude for the moment, and very much at a 'just about usable' stage right now. It will want some polishing. If we have no CA configured that matches the hostname, we don't offer to receive certified host keys in the first place. So for existing users who haven't set any of this up yet, nothing will immediately change. Currently, if we do offer to receive certified host keys and the server presents one signed by a CA we don't trust, PuTTY will bomb out unconditionally with an error, instead of offering a confirmation box. That's an unfinished part which I plan to fix before this goes into a release. 2022-04-22 11:07:24 +00:00			`if (hca->ca_public_key)`
			`strbuf_free(hca->ca_public_key);`
			`sfree(hca);`
			`}`