/
generate.go
272 lines (251 loc) · 6.54 KB
/
generate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
package sshkey
import (
"crypto/dsa"
"crypto/ecdsa"
"crypto/ed25519"
"crypto/elliptic"
cryptorand "crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/asn1"
"encoding/pem"
"fmt"
"io"
"math/big"
"golang.org/x/crypto/ssh"
)
type Algorithm int
//go:generate enumer -type Algorithm -transform snake
const (
RSA Algorithm = iota
DSA
ECDSA
ED25519
)
var (
ErrUnknownAlgorithm = fmt.Errorf("sshkey: unknown private key algorithm")
ErrInvalidRSAKeySize = fmt.Errorf("sshkey: invalid private key rsa size: must be more than 1024")
ErrInvalidECDSAKeySize = fmt.Errorf("sshkey: invalid private key ecdsa size, must be one of 256, 384 or 521")
ErrInvalidDSAKeySize = fmt.Errorf("sshkey: invalid private key dsa size, must be one of 1024, 2048 or 3072")
)
// Pair represents an ssh key pair, as in
type Pair struct {
Private []byte
Public []byte
}
func NewPair(public, private interface{}) (*Pair, error) {
kb, err := x509.MarshalPKCS8PrivateKey(private)
if err != nil {
return nil, err
}
privBlk := &pem.Block{
Type: "PRIVATE KEY",
Headers: nil,
Bytes: kb,
}
publicKey, err := ssh.NewPublicKey(public)
if err != nil {
return nil, err
}
return &Pair{
Private: pem.EncodeToMemory(privBlk),
Public: ssh.MarshalAuthorizedKey(publicKey),
}, nil
}
// PairFromED25519 marshals a valid pair of openssh pem for ED25519 keypairs.
func PairFromED25519(public ed25519.PublicKey, private ed25519.PrivateKey) (*Pair, error) {
// see https://github.com/golang/crypto/blob/7f63de1d35b0f77fa2b9faea3e7deb402a2383c8/ssh/keys.go#L1273-L1443
// and https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
// Also the right cipher block size for padding could be found here
// https://github.com/openssh/openssh-portable/blob/eba523f0a130f1cce829e6aecdcefa841f526a1a/cipher.c#L112
const noneCipherBlockSize = 8
key := struct {
Pub []byte
Priv []byte
Comment string
Pad []byte `ssh:"rest"`
}{
Pub: public,
Priv: private,
}
keyBytes := ssh.Marshal(key)
pk1 := struct {
Check1 uint32
Check2 uint32
Keytype string
Rest []byte `ssh:"rest"`
}{
Keytype: ssh.KeyAlgoED25519,
Rest: keyBytes,
}
pk1Bytes := ssh.Marshal(pk1)
pubk1 := struct {
Keytype string
Key []byte
}{
Keytype: ssh.KeyAlgoED25519,
Key: public,
}
pubk1Bytes := ssh.Marshal(pubk1)
padLen := noneCipherBlockSize - (len(pk1Bytes) % noneCipherBlockSize)
for i := 1; i <= padLen; i++ {
pk1Bytes = append(pk1Bytes, byte(i))
}
k := struct {
CipherName string
KdfName string
KdfOpts string
NumKeys uint32
PubKey []byte
PrivKeyBlock []byte
}{
CipherName: "none",
KdfName: "none",
KdfOpts: "",
NumKeys: 1,
PubKey: pubk1Bytes,
PrivKeyBlock: pk1Bytes,
}
const opensshV1Magic = "openssh-key-v1\x00"
privBlk := &pem.Block{
Type: "OPENSSH PRIVATE KEY",
Headers: nil,
Bytes: append([]byte(opensshV1Magic), ssh.Marshal(k)...),
}
publicKey, err := ssh.NewPublicKey(public)
if err != nil {
return nil, err
}
return &Pair{
Private: pem.EncodeToMemory(privBlk),
Public: ssh.MarshalAuthorizedKey(publicKey),
}, nil
}
// PairFromDSA marshalls a valid pair of openssh pem for dsa keypairs.
// x509.MarshalPKCS8PrivateKey does not know how to deal with dsa keys.
func PairFromDSA(key *dsa.PrivateKey) (*Pair, error) {
// see https://github.com/golang/crypto/blob/7f63de1d35b0f77fa2b9faea3e7deb402a2383c8/ssh/keys.go#L1186-L1195
// and https://linux.die.net/man/1/dsa
k := struct {
Version int
P *big.Int
Q *big.Int
G *big.Int
Pub *big.Int
Priv *big.Int
}{
Version: 0,
P: key.P,
Q: key.Q,
G: key.G,
Pub: key.Y,
Priv: key.X,
}
kb, err := asn1.Marshal(k)
if err != nil {
return nil, err
}
privBlk := &pem.Block{
Type: "DSA PRIVATE KEY",
Headers: nil,
Bytes: kb,
}
publicKey, err := ssh.NewPublicKey(&key.PublicKey)
if err != nil {
return nil, err
}
return &Pair{
Private: pem.EncodeToMemory(privBlk),
Public: ssh.MarshalAuthorizedKey(publicKey),
}, nil
}
// GeneratePair generates a Private/Public key pair using algorithm t.
//
// When rand is nil "crypto/rand".Reader will be used.
//
// bits specifies the number of bits in the key to create. For RSA keys, the
// minimum size is 1024 bits and the default is 3072 bits. Generally, 3072 bits
// is considered sufficient. DSA keys must be exactly 1024 bits - or 2 or 3
// times that - as specified by FIPS 186-2. For ECDSA keys, bits determines the
// key length by selecting from one of three elliptic curve sizes: 256, 384 or
// 521 bits. Attempting to use bit lengths other than these three values for
// ECDSA keys will fail. Ed25519 keys have a fixed length and the bits will
// be ignored.
func GeneratePair(t Algorithm, rand io.Reader, bits int) (*Pair, error) {
if rand == nil {
rand = cryptorand.Reader
}
switch t {
case DSA:
if bits == 0 {
// currently the ssh package can only decode 1024 bits dsa keys, so
// that's going be the default for now see
// https://github.com/golang/crypto/blob/7f63de1d35b0f77fa2b9faea3e7deb402a2383c8/ssh/keys.go#L411-L420
bits = 1024
}
var sizes dsa.ParameterSizes
switch bits {
case 1024:
sizes = dsa.L1024N160
case 2048:
sizes = dsa.L2048N256
case 3072:
sizes = dsa.L3072N256
default:
return nil, ErrInvalidDSAKeySize
}
params := dsa.Parameters{}
if err := dsa.GenerateParameters(¶ms, rand, sizes); err != nil {
return nil, err
}
dsakey := &dsa.PrivateKey{
PublicKey: dsa.PublicKey{
Parameters: params,
},
}
if err := dsa.GenerateKey(dsakey, rand); err != nil {
return nil, err
}
return PairFromDSA(dsakey)
case ECDSA:
if bits == 0 {
bits = 521
}
var ecdsakey *ecdsa.PrivateKey
var err error
switch bits {
case 256:
ecdsakey, err = ecdsa.GenerateKey(elliptic.P256(), rand)
case 384:
ecdsakey, err = ecdsa.GenerateKey(elliptic.P384(), rand)
case 521:
ecdsakey, err = ecdsa.GenerateKey(elliptic.P521(), rand)
default:
ecdsakey, err = nil, ErrInvalidECDSAKeySize
}
if err != nil {
return nil, err
}
return NewPair(&ecdsakey.PublicKey, ecdsakey)
case ED25519:
publicKey, privateKey, err := ed25519.GenerateKey(rand)
if err != nil {
return nil, err
}
return PairFromED25519(publicKey, privateKey)
case RSA:
if bits == 0 {
bits = 4096
}
if bits < 1024 {
return nil, ErrInvalidRSAKeySize
}
rsakey, err := rsa.GenerateKey(rand, bits)
if err != nil {
return nil, err
}
return NewPair(&rsakey.PublicKey, rsakey)
default:
return nil, ErrUnknownAlgorithm
}
}