FilesExpand file tree

 master

/

sshutil.go

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

80 lines (74 loc) · 2.04 KB

 master

/

sshutil.go

Top

File metadata and controls

• Code
• Blame

80 lines (74 loc) · 2.04 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

package sshutil

import (

"crypto"

"crypto/dsa" //nolint:staticcheck // support for DSA fingerprints

"crypto/ecdh"

"crypto/ecdsa"

"crypto/ed25519"

"crypto/elliptic"

"crypto/rsa"

"fmt"

"math/big"

"golang.org/x/crypto/ssh"

"golang.org/x/crypto/ssh/agent"

)

// CryptoPublicKey returns the crypto.PublicKey version of an ssh.PublicKey or

// *agent.Key.

func CryptoPublicKey(pub interface{}) (crypto.PublicKey, error) {

switch p := pub.(type) {

case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey, *dsa.PublicKey:

return pub, nil

case ssh.CryptoPublicKey:

return p.CryptoPublicKey(), nil

case *agent.Key:

sshPub, err := ssh.ParsePublicKey(p.Blob)

if err != nil {

return nil, err

}

return CryptoPublicKey(sshPub)

case ssh.PublicKey:

// sk keys do not implement ssh.CryptoPublicKey

return cryptoSKPublicKey(p)

default:

return nil, fmt.Errorf("unsupported public key type %T", pub)

}

}

// cryptoSKPublicKey returns the crypto.PublicKey of an SSH SK public keys.

func cryptoSKPublicKey(pub ssh.PublicKey) (crypto.PublicKey, error) {

switch pub.Type() {

case "[email protected]":

var w struct {

Name string

ID string

Key []byte

Application string

}

if err := ssh.Unmarshal(pub.Marshal(), &w); err != nil {

return nil, err

}

p, err := ecdh.P256().NewPublicKey(w.Key)

if err != nil {

return nil, fmt.Errorf("failed decoding ECDSA key: %w", err)

}

return &ecdsa.PublicKey{

Curve: elliptic.P256(),

X: big.NewInt(0).SetBytes(p.Bytes()[1:33]),

Y: big.NewInt(0).SetBytes(p.Bytes()[33:]),

}, nil

case "[email protected]":

var w struct {

Name string

KeyBytes []byte

Application string

}

if err := ssh.Unmarshal(pub.Marshal(), &w); err != nil {

return nil, err

}

if l := len(w.KeyBytes); l != ed25519.PublicKeySize {

return nil, fmt.Errorf("invalid size %d for Ed25519 public key", l)

}

return ed25519.PublicKey(w.KeyBytes), nil

default:

return nil, fmt.Errorf("unsupported public key type %s", pub.Type())

}

}