From b64deb5686a4a23898a9622870882e363f3f777c Mon Sep 17 00:00:00 2001
From: Thanh Nguyen <thanh@timweri.me>
Date: Thu, 9 Nov 2023 14:57:16 -0500
Subject: [PATCH] Client checks pubkey in challenge before signing

---
 rustica-agent/src/rustica/mod.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/rustica-agent/src/rustica/mod.rs b/rustica-agent/src/rustica/mod.rs
index 47163e3..1d19a2b 100644
--- a/rustica-agent/src/rustica/mod.rs
+++ b/rustica-agent/src/rustica/mod.rs
@@ -100,6 +100,14 @@ pub async fn complete_rustica_challenge(
         SSHCertificate::from_string(&response.challenge).map_err(|_| RefreshError::SigningError)?;
     challenge_certificate.signature_key = challenge_certificate.key.clone();
 
+    // We assert that the pubkey in the challenge belongs to the client
+    // This prevents a malicious Rustica server from tricking the client into signing a
+    // malicious SSH certificate for some unknown key.
+    if challenge_certificate.key.fingerprint().hash != ssh_pubkey.fingerprint().hash {
+        debug!("The public key in the challenge doesn't match the client's public key");
+        return Err(RefreshError::SigningError);
+    }
+
     let resigned_certificate = match signatory {
         Signatory::Yubikey(signer) => {
             let signature = signer