aboutsummaryrefslogtreecommitdiff
path: root/vendor/golang.org/x/crypto/ssh/keys.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/golang.org/x/crypto/ssh/keys.go')
-rw-r--r--vendor/golang.org/x/crypto/ssh/keys.go156
1 files changed, 60 insertions, 96 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/keys.go b/vendor/golang.org/x/crypto/ssh/keys.go
index c67d3a31c..1c7de1a6d 100644
--- a/vendor/golang.org/x/crypto/ssh/keys.go
+++ b/vendor/golang.org/x/crypto/ssh/keys.go
@@ -30,8 +30,9 @@ import (
"golang.org/x/crypto/ssh/internal/bcrypt_pbkdf"
)
-// These constants represent the algorithm names for key types supported by this
-// package.
+// Public key algorithms names. These values can appear in PublicKey.Type,
+// ClientConfig.HostKeyAlgorithms, Signature.Format, or as AlgorithmSigner
+// arguments.
const (
KeyAlgoRSA = "ssh-rsa"
KeyAlgoDSA = "ssh-dss"
@@ -41,16 +42,21 @@ const (
KeyAlgoECDSA521 = "ecdsa-sha2-nistp521"
KeyAlgoED25519 = "ssh-ed25519"
KeyAlgoSKED25519 = "sk-ssh-ed25519@openssh.com"
+
+ // KeyAlgoRSASHA256 and KeyAlgoRSASHA512 are only public key algorithms, not
+ // public key formats, so they can't appear as a PublicKey.Type. The
+ // corresponding PublicKey.Type is KeyAlgoRSA. See RFC 8332, Section 2.
+ KeyAlgoRSASHA256 = "rsa-sha2-256"
+ KeyAlgoRSASHA512 = "rsa-sha2-512"
)
-// These constants represent non-default signature algorithms that are supported
-// as algorithm parameters to AlgorithmSigner.SignWithAlgorithm methods. See
-// [PROTOCOL.agent] section 4.5.1 and
-// https://tools.ietf.org/html/draft-ietf-curdle-rsa-sha2-10
const (
- SigAlgoRSA = "ssh-rsa"
- SigAlgoRSASHA2256 = "rsa-sha2-256"
- SigAlgoRSASHA2512 = "rsa-sha2-512"
+ // Deprecated: use KeyAlgoRSA.
+ SigAlgoRSA = KeyAlgoRSA
+ // Deprecated: use KeyAlgoRSASHA256.
+ SigAlgoRSASHA2256 = KeyAlgoRSASHA256
+ // Deprecated: use KeyAlgoRSASHA512.
+ SigAlgoRSASHA2512 = KeyAlgoRSASHA512
)
// parsePubKey parses a public key of the given algorithm.
@@ -70,7 +76,7 @@ func parsePubKey(in []byte, algo string) (pubKey PublicKey, rest []byte, err err
case KeyAlgoSKED25519:
return parseSKEd25519(in)
case CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoSKECDSA256v01, CertAlgoED25519v01, CertAlgoSKED25519v01:
- cert, err := parseCert(in, certToPrivAlgo(algo))
+ cert, err := parseCert(in, certKeyAlgoNames[algo])
if err != nil {
return nil, nil, err
}
@@ -289,18 +295,21 @@ func MarshalAuthorizedKey(key PublicKey) []byte {
return b.Bytes()
}
-// PublicKey is an abstraction of different types of public keys.
+// PublicKey represents a public key using an unspecified algorithm.
+//
+// Some PublicKeys provided by this package also implement CryptoPublicKey.
type PublicKey interface {
- // Type returns the key's type, e.g. "ssh-rsa".
+ // Type returns the key format name, e.g. "ssh-rsa".
Type() string
- // Marshal returns the serialized key data in SSH wire format,
- // with the name prefix. To unmarshal the returned data, use
- // the ParsePublicKey function.
+ // Marshal returns the serialized key data in SSH wire format, with the name
+ // prefix. To unmarshal the returned data, use the ParsePublicKey function.
Marshal() []byte
- // Verify that sig is a signature on the given data using this
- // key. This function will hash the data appropriately first.
+ // Verify that sig is a signature on the given data using this key. This
+ // method will hash the data appropriately first. sig.Format is allowed to
+ // be any signature algorithm compatible with the key type, the caller
+ // should check if it has more stringent requirements.
Verify(data []byte, sig *Signature) error
}
@@ -311,25 +320,32 @@ type CryptoPublicKey interface {
}
// A Signer can create signatures that verify against a public key.
+//
+// Some Signers provided by this package also implement AlgorithmSigner.
type Signer interface {
- // PublicKey returns an associated PublicKey instance.
+ // PublicKey returns the associated PublicKey.
PublicKey() PublicKey
- // Sign returns raw signature for the given data. This method
- // will apply the hash specified for the keytype to the data.
+ // Sign returns a signature for the given data. This method will hash the
+ // data appropriately first. The signature algorithm is expected to match
+ // the key format returned by the PublicKey.Type method (and not to be any
+ // alternative algorithm supported by the key format).
Sign(rand io.Reader, data []byte) (*Signature, error)
}
-// A AlgorithmSigner is a Signer that also supports specifying a specific
-// algorithm to use for signing.
+// An AlgorithmSigner is a Signer that also supports specifying an algorithm to
+// use for signing.
+//
+// An AlgorithmSigner can't advertise the algorithms it supports, so it should
+// be prepared to be invoked with every algorithm supported by the public key
+// format.
type AlgorithmSigner interface {
Signer
- // SignWithAlgorithm is like Signer.Sign, but allows specification of a
- // non-default signing algorithm. See the SigAlgo* constants in this
- // package for signature algorithms supported by this package. Callers may
- // pass an empty string for the algorithm in which case the AlgorithmSigner
- // will use its default algorithm.
+ // SignWithAlgorithm is like Signer.Sign, but allows specifying a desired
+ // signing algorithm. Callers may pass an empty string for the algorithm in
+ // which case the AlgorithmSigner will use a default algorithm. This default
+ // doesn't currently control any behavior in this package.
SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error)
}
@@ -381,17 +397,11 @@ func (r *rsaPublicKey) Marshal() []byte {
}
func (r *rsaPublicKey) Verify(data []byte, sig *Signature) error {
- var hash crypto.Hash
- switch sig.Format {
- case SigAlgoRSA:
- hash = crypto.SHA1
- case SigAlgoRSASHA2256:
- hash = crypto.SHA256
- case SigAlgoRSASHA2512:
- hash = crypto.SHA512
- default:
+ supportedAlgos := algorithmsForKeyFormat(r.Type())
+ if !contains(supportedAlgos, sig.Format) {
return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, r.Type())
}
+ hash := hashFuncs[sig.Format]
h := hash.New()
h.Write(data)
digest := h.Sum(nil)
@@ -466,7 +476,7 @@ func (k *dsaPublicKey) Verify(data []byte, sig *Signature) error {
if sig.Format != k.Type() {
return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
}
- h := crypto.SHA1.New()
+ h := hashFuncs[sig.Format].New()
h.Write(data)
digest := h.Sum(nil)
@@ -499,7 +509,7 @@ func (k *dsaPrivateKey) PublicKey() PublicKey {
}
func (k *dsaPrivateKey) Sign(rand io.Reader, data []byte) (*Signature, error) {
- return k.SignWithAlgorithm(rand, data, "")
+ return k.SignWithAlgorithm(rand, data, k.PublicKey().Type())
}
func (k *dsaPrivateKey) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {
@@ -507,7 +517,7 @@ func (k *dsaPrivateKey) SignWithAlgorithm(rand io.Reader, data []byte, algorithm
return nil, fmt.Errorf("ssh: unsupported signature algorithm %s", algorithm)
}
- h := crypto.SHA1.New()
+ h := hashFuncs[k.PublicKey().Type()].New()
h.Write(data)
digest := h.Sum(nil)
r, s, err := dsa.Sign(rand, k.PrivateKey, digest)
@@ -603,19 +613,6 @@ func supportedEllipticCurve(curve elliptic.Curve) bool {
return curve == elliptic.P256() || curve == elliptic.P384() || curve == elliptic.P521()
}
-// ecHash returns the hash to match the given elliptic curve, see RFC
-// 5656, section 6.2.1
-func ecHash(curve elliptic.Curve) crypto.Hash {
- bitSize := curve.Params().BitSize
- switch {
- case bitSize <= 256:
- return crypto.SHA256
- case bitSize <= 384:
- return crypto.SHA384
- }
- return crypto.SHA512
-}
-
// parseECDSA parses an ECDSA key according to RFC 5656, section 3.1.
func parseECDSA(in []byte) (out PublicKey, rest []byte, err error) {
var w struct {
@@ -671,7 +668,7 @@ func (k *ecdsaPublicKey) Verify(data []byte, sig *Signature) error {
return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
}
- h := ecHash(k.Curve).New()
+ h := hashFuncs[sig.Format].New()
h.Write(data)
digest := h.Sum(nil)
@@ -775,7 +772,7 @@ func (k *skECDSAPublicKey) Verify(data []byte, sig *Signature) error {
return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
}
- h := ecHash(k.Curve).New()
+ h := hashFuncs[sig.Format].New()
h.Write([]byte(k.application))
appDigest := h.Sum(nil)
@@ -874,7 +871,7 @@ func (k *skEd25519PublicKey) Verify(data []byte, sig *Signature) error {
return fmt.Errorf("invalid size %d for Ed25519 public key", l)
}
- h := sha256.New()
+ h := hashFuncs[sig.Format].New()
h.Write([]byte(k.application))
appDigest := h.Sum(nil)
@@ -939,15 +936,6 @@ func newDSAPrivateKey(key *dsa.PrivateKey) (Signer, error) {
return &dsaPrivateKey{key}, nil
}
-type rsaSigner struct {
- AlgorithmSigner
- defaultAlgorithm string
-}
-
-func (s *rsaSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {
- return s.AlgorithmSigner.SignWithAlgorithm(rand, data, s.defaultAlgorithm)
-}
-
type wrappedSigner struct {
signer crypto.Signer
pubKey PublicKey
@@ -970,44 +958,20 @@ func (s *wrappedSigner) PublicKey() PublicKey {
}
func (s *wrappedSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {
- return s.SignWithAlgorithm(rand, data, "")
+ return s.SignWithAlgorithm(rand, data, s.pubKey.Type())
}
func (s *wrappedSigner) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {
- var hashFunc crypto.Hash
-
- if _, ok := s.pubKey.(*rsaPublicKey); ok {
- // RSA keys support a few hash functions determined by the requested signature algorithm
- switch algorithm {
- case "", SigAlgoRSA:
- algorithm = SigAlgoRSA
- hashFunc = crypto.SHA1
- case SigAlgoRSASHA2256:
- hashFunc = crypto.SHA256
- case SigAlgoRSASHA2512:
- hashFunc = crypto.SHA512
- default:
- return nil, fmt.Errorf("ssh: unsupported signature algorithm %s", algorithm)
- }
- } else {
- // The only supported algorithm for all other key types is the same as the type of the key
- if algorithm == "" {
- algorithm = s.pubKey.Type()
- } else if algorithm != s.pubKey.Type() {
- return nil, fmt.Errorf("ssh: unsupported signature algorithm %s", algorithm)
- }
+ if algorithm == "" {
+ algorithm = s.pubKey.Type()
+ }
- switch key := s.pubKey.(type) {
- case *dsaPublicKey:
- hashFunc = crypto.SHA1
- case *ecdsaPublicKey:
- hashFunc = ecHash(key.Curve)
- case ed25519PublicKey:
- default:
- return nil, fmt.Errorf("ssh: unsupported key type %T", key)
- }
+ supportedAlgos := algorithmsForKeyFormat(s.pubKey.Type())
+ if !contains(supportedAlgos, algorithm) {
+ return nil, fmt.Errorf("ssh: unsupported signature algorithm %q for key format %q", algorithm, s.pubKey.Type())
}
+ hashFunc := hashFuncs[algorithm]
var digest []byte
if hashFunc != 0 {
h := hashFunc.New()