x/crypto/ssh: implement CryptoPublicKey on sk keys #62518
Comments
|
Change https://go.dev/cl/526875 mentions this issue: |
ianlancetaylor
added
the
Proposal-Crypto
|
CC @golang/security @drakkan |
|
It seems ok to me |
|
LGTM |
|
Maybe we can do the same for the agent as well. If you agree I can send a separate CL for this. |
Although it shouldn't, the main reason I haven't done it is because |
I mean something like this https://go-review.googlesource.com/c/crypto/+/530775 however I don't want to block the proposal for this, we can discuss the above CL separately |
This is because these pubkey types do not implement ssh.CryptoPublicKey, which causes a panic when we try to do a type assertion. Also realized we weren't handling SSH certs, so now we extract the pubkey from the cert before trying to parse it. Had to reimplement parsing the SK pubkeys because there is no other way to extract the raw pubkey from it. After golang/go#62518, this will get cleaned up. Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
This is because these pubkey types do not implement ssh.CryptoPublicKey, which causes a panic when we try to do a type assertion. Also realized we weren't handling SSH certs, so now we extract the pubkey from the cert before trying to parse it. Had to reimplement parsing the SK pubkeys because there is no other way to extract the raw pubkey from it. After golang/go#62518, this will get cleaned up. Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
This is because these pubkey types do not implement ssh.CryptoPublicKey, which causes a panic when we try to do a type assertion. Also realized we weren't handling SSH certs, so now we extract the pubkey from the cert before trying to parse it. Had to reimplement parsing the SK pubkeys because there is no other way to extract the raw pubkey from it. After golang/go#62518, this will get cleaned up. Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
|
This looks extremely uncontroversial, ignoring the agent implementation for now. @golang/proposal-review, can we get it straight into likely accept maybe? |
|
This proposal has been added to the active column of the proposals project |
rsc
changed the title
|
Based on the discussion above, this proposal seems like a likely accept. The proposal details are in #62518 (comment). |
|
No change in consensus, so accepted. 🎉 The proposal details are in #62518 (comment). |
rsc
changed the title
The public keys in the
x/crypto/sshpackage implement the following interface:These methods return the underlying key for RSA, ECDSA, Ed25519, and DSA public keys. However, the ecdsa-sk and ed25519-sk keys do not implement that interface, forcing a user to unmarshal the serialized data to a struct to be able to get the underlying keys.
As the
skECDSAPublicKeyandskEd25519PublicKeyalready contain the key, the implementation would look like this:To be consistent with the rest of the CryptoPublicKey implementations, these methods will return the actual key, instead of a copy of it.
The text was updated successfully, but these errors were encountered: