Using TLS to establish SSH-like key based trust model

Mon, 29 Jul 2013 21:05:10 -0700 

Hello list,
I am trying to use OpenSSL to provide SSH-like trust model, by using TLS. That means that the two peers have an RSA key pair stored, no certificate. They have also exchanged their public keys in a secure manner. Here is the way I do it, I would appreciate all opinions on this: 


* During initialisation peers generate an in-memory, temporary x509 
certificate. It contains the minimal dummy data I could get away with, 
i.e. a dummy CN, issuer, and 100 years lifetime before expiring. These are 
never checked anyway.



* The important step is that the certificate contains the peer's public 
key and it is signed using the peer's private key:


    EVP_PKEY *pkey = EVP_PKEY_new();
    EVP_PKEY_assign_RSA(pkey, PRIVKEY);
    X509_set_pubkey(x509, pkey);
    X509_sign(x509, pkey, EVP_sha384());


* The x509 certificate is then assigned to SSL_CTX 
(SSL_CTX_use_certificate()) and is used for the whole application 
lifetime.



* For trust establishment I disable the callback mechanism 
(SSL_CTX_set_cert_verify_callback(always_success_callback)) mainly because 
I had issues with multiple threads. I also set the option to request 
certificate both ways (SSL_CTX_set_verify(SSL_VERIFY_PEER) in both peers). 
Immediately after each TLS session is established I do the following:


    X509 *received_cert = SSL_get_peer_certificate(ssl);
    EVP_PKEY *received_pubkey = X509_get_pubkey(received_cert);
    // expected_rsa_key is the foreign peer's public key, we assume it has been 
safely exchanged
    EVP_PKEY expected_pubkey = { 0 };
    ret = EVP_PKEY_assign_RSA(&expected_pubkey, expected_rsa_key);
    ret = EVP_PKEY_cmp(received_pubkey, &expected_pubkey);
    if (ret == 1)
        return 1;        // THE SESSION IS SECURE!
    else
        return 0;        // WATCH-OUT!


That means I ignore all of the certificate besides the public key, which I 
compare to the stored one. The in-memory certificate is re-generated from 
the stored RSA key every time the application starts.



Do you think this is a secure design/implementation for my requirements? 
Can you identify any flaws?



Thank you in advance,
Dimitris

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to