forked from golang/crypto
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ssh: deprecate and replace SigAlgo constants
RFC 8332, Section 2 sets up two overlapping namespaces: public key formats and public key algorithms. * The formats are what we currently have KeyAlgo constants for, and they appear in PublicKey.Type. * The algorithms are the set of both KeyAlgo and SigAlgo constants, and they appear in Signature.Format (amongst other places). This is incoherent, because that means Signature.Format can be both a KeyAlgo (like KeyAlgoECDSA256) or a SigAlgo (like SigAlgoRSASHA2256). One solution would be to duplicate all the KeyAlgo constants into the SigAlgo namespace, but that would be confusing because applications are currently using KeyAlgos where they'd be supposed to use the new SigAlgos (while we can't deprecate the KeyAlgos because they are still necessary for the PublicKey.Type namespace). Instead, drop the separate namespaces, and use KeyAlgos throughout. There are simply some KeyAlgos that can't be a PublicKey.Type. Take the opportunity to fix the stuttering SHA22565/SHA2512 names. It's totally ok to call those hashes SHA-256 and SHA-512 without the family infix. For golang/go#49952 Change-Id: Ia1fce3912a7e60aa70a88f75ed311be331fd19d5
- Loading branch information
1 parent
909ff07
commit 6f40d2d
Showing
13 changed files
with
93 additions
and
82 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,8 +14,10 @@ import ( | |
"time" | ||
) | ||
|
||
// These constants from [PROTOCOL.certkeys] represent the key algorithm names | ||
// for certificate types supported by this package. | ||
// Certificate algorithm names from [PROTOCOL.certkeys]. These values can appear | ||
// in Certificate.Type, PublicKey.Type, and ClientConfig.HostKeyAlgorithms. | ||
// Unlike key algorithm names, these are not passed to AlgorithmSigner and don't | ||
// appear in the Signature.Format field. | ||
const ( | ||
CertAlgoRSAv01 = "[email protected]" | ||
CertAlgoDSAv01 = "[email protected]" | ||
|
@@ -25,14 +27,21 @@ const ( | |
CertAlgoSKECDSA256v01 = "[email protected]" | ||
CertAlgoED25519v01 = "[email protected]" | ||
CertAlgoSKED25519v01 = "[email protected]" | ||
|
||
// CertAlgoRSASHA256v01 and CertAlgoRSASHA512v01 can't appear as a | ||
// Certificate.Type (or PublicKey.Type), but only in | ||
// ClientConfig.HostKeyAlgorithms. | ||
CertAlgoRSASHA256v01 = "[email protected]" | ||
CertAlgoRSASHA512v01 = "[email protected]" | ||
) | ||
|
||
// These constants from [PROTOCOL.certkeys] represent additional signature | ||
// algorithm names for certificate types supported by this package. | ||
const ( | ||
CertSigAlgoRSAv01 = "[email protected]" | ||
CertSigAlgoRSASHA2256v01 = "[email protected]" | ||
CertSigAlgoRSASHA2512v01 = "[email protected]" | ||
// Deprecated: use CertAlgoRSAv01. | ||
CertSigAlgoRSAv01 = CertAlgoRSAv01 | ||
// Deprecated: use CertAlgoRSASHA256v01. | ||
CertSigAlgoRSASHA2256v01 = CertAlgoRSASHA256v01 | ||
// Deprecated: use CertAlgoRSASHA512v01. | ||
CertSigAlgoRSASHA2512v01 = CertAlgoRSASHA512v01 | ||
) | ||
|
||
// Certificate types distinguish between host and user | ||
|
@@ -433,7 +442,7 @@ func (c *Certificate) SignCert(rand io.Reader, authority Signer) error { | |
|
||
if v, ok := authority.(AlgorithmSigner); ok { | ||
if v.PublicKey().Type() == KeyAlgoRSA { | ||
authority = &rsaSigner{v, SigAlgoRSASHA2512} | ||
authority = &rsaSigner{v, KeyAlgoRSASHA512} | ||
} | ||
} | ||
|
||
|
@@ -446,13 +455,11 @@ func (c *Certificate) SignCert(rand io.Reader, authority Signer) error { | |
} | ||
|
||
// certAlgoNames includes a mapping from signature algorithms to the | ||
// corresponding certificate signature algorithm. When a key type (such | ||
// as ED25516) is associated with only one algorithm, the KeyAlgo | ||
// constant is used instead of the SigAlgo. | ||
// corresponding certificate signature algorithm. | ||
var certAlgoNames = map[string]string{ | ||
SigAlgoRSA: CertSigAlgoRSAv01, | ||
SigAlgoRSASHA2256: CertSigAlgoRSASHA2256v01, | ||
SigAlgoRSASHA2512: CertSigAlgoRSASHA2512v01, | ||
KeyAlgoRSA: CertAlgoRSAv01, | ||
KeyAlgoRSASHA256: CertAlgoRSASHA256v01, | ||
KeyAlgoRSASHA512: CertAlgoRSASHA512v01, | ||
KeyAlgoDSA: CertAlgoDSAv01, | ||
KeyAlgoECDSA256: CertAlgoECDSA256v01, | ||
KeyAlgoECDSA384: CertAlgoECDSA384v01, | ||
|
@@ -514,7 +521,7 @@ func (c *Certificate) Marshal() []byte { | |
return result | ||
} | ||
|
||
// Type returns the key name. It is part of the PublicKey interface. | ||
// Type returns the certificate algorithm name. It is part of the PublicKey interface. | ||
func (c *Certificate) Type() string { | ||
algo, ok := certAlgoNames[c.Key.Type()] | ||
if !ok { | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -30,8 +30,9 @@ import ( | |
"golang.org/x/crypto/ssh/internal/bcrypt_pbkdf" | ||
) | ||
|
||
// These constants represent the algorithm names for key types supported by this | ||
// package. | ||
// Public key algorithms names. These values can appear in PublicKey.Type, | ||
// ClientConfig.HostKeyAlgorithms, Signature.Format, or as AlgorithmSigner | ||
// arguments. | ||
const ( | ||
KeyAlgoRSA = "ssh-rsa" | ||
KeyAlgoDSA = "ssh-dss" | ||
|
@@ -41,16 +42,21 @@ const ( | |
KeyAlgoECDSA521 = "ecdsa-sha2-nistp521" | ||
KeyAlgoED25519 = "ssh-ed25519" | ||
KeyAlgoSKED25519 = "[email protected]" | ||
|
||
// KeyAlgoRSASHA256 and KeyAlgoRSASHA512 are only public key algorithms, not | ||
// public key formats, so they can't appear as a PublicKey.Type. The | ||
// corresponding PublicKey.Type is KeyAlgoRSA. See RFC 8332, Section 2. | ||
KeyAlgoRSASHA256 = "rsa-sha2-256" | ||
KeyAlgoRSASHA512 = "rsa-sha2-512" | ||
) | ||
|
||
// These constants represent non-default signature algorithms that are supported | ||
// as algorithm parameters to AlgorithmSigner.SignWithAlgorithm methods. See | ||
// [PROTOCOL.agent] section 4.5.1 and | ||
// https://tools.ietf.org/html/draft-ietf-curdle-rsa-sha2-10 | ||
const ( | ||
SigAlgoRSA = "ssh-rsa" | ||
SigAlgoRSASHA2256 = "rsa-sha2-256" | ||
SigAlgoRSASHA2512 = "rsa-sha2-512" | ||
// Deprecated: use KeyAlgoRSA. | ||
SigAlgoRSA = KeyAlgoRSA | ||
// Deprecated: use KeyAlgoRSASHA256. | ||
SigAlgoRSASHA2256 = KeyAlgoRSASHA256 | ||
// Deprecated: use KeyAlgoRSASHA512. | ||
SigAlgoRSASHA2512 = KeyAlgoRSASHA512 | ||
) | ||
|
||
// parsePubKey parses a public key of the given algorithm. | ||
|
@@ -325,11 +331,9 @@ type Signer interface { | |
type AlgorithmSigner interface { | ||
Signer | ||
|
||
// SignWithAlgorithm is like Signer.Sign, but allows specification of a | ||
// non-default signing algorithm. See the SigAlgo* constants in this | ||
// package for signature algorithms supported by this package. Callers may | ||
// pass an empty string for the algorithm in which case the AlgorithmSigner | ||
// will use its default algorithm. | ||
// SignWithAlgorithm is like Signer.Sign, but allows specifying a desired | ||
// signing algorithm. Callers may pass an empty string for the algorithm in | ||
// which case the AlgorithmSigner will use a default algorithm. | ||
SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) | ||
} | ||
|
||
|
@@ -383,11 +387,11 @@ func (r *rsaPublicKey) Marshal() []byte { | |
func (r *rsaPublicKey) Verify(data []byte, sig *Signature) error { | ||
var hash crypto.Hash | ||
switch sig.Format { | ||
case SigAlgoRSA: | ||
case KeyAlgoRSA: | ||
hash = crypto.SHA1 | ||
case SigAlgoRSASHA2256: | ||
case KeyAlgoRSASHA256: | ||
hash = crypto.SHA256 | ||
case SigAlgoRSASHA2512: | ||
case KeyAlgoRSASHA512: | ||
hash = crypto.SHA512 | ||
default: | ||
return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, r.Type()) | ||
|
@@ -979,12 +983,12 @@ func (s *wrappedSigner) SignWithAlgorithm(rand io.Reader, data []byte, algorithm | |
if _, ok := s.pubKey.(*rsaPublicKey); ok { | ||
// RSA keys support a few hash functions determined by the requested signature algorithm | ||
switch algorithm { | ||
case "", SigAlgoRSA: | ||
algorithm = SigAlgoRSA | ||
case "", KeyAlgoRSA: | ||
algorithm = KeyAlgoRSA | ||
hashFunc = crypto.SHA1 | ||
case SigAlgoRSASHA2256: | ||
case KeyAlgoRSASHA256: | ||
hashFunc = crypto.SHA256 | ||
case SigAlgoRSASHA2512: | ||
case KeyAlgoRSASHA512: | ||
hashFunc = crypto.SHA512 | ||
default: | ||
return nil, fmt.Errorf("ssh: unsupported signature algorithm %s", algorithm) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters