diff options
author | Phillip Smyth <phillip.smyth@codethink.co.uk> | 2017-10-07 15:57:15 +0100 |
---|---|---|
committer | Phillip Smyth <phillip.smyth@codethink.co.uk> | 2017-10-07 15:57:15 +0100 |
commit | 66ab24a4f21fb0d0978938bb0ad661e12fa25e4c (patch) | |
tree | 856bad582c466d19df6705a59aa44e56169a9fea | |
parent | 1228c8dc2b1624c8e8c866107c3768d8a47fad29 (diff) | |
download | gitano-nexus/ed25519.tar.gz |
Ticket: Check for ED25519 support in ssh keynexus/ed25519
Added ED25519 support.
config.lua:
Changed the manual keytype check into a function call from util.lua
usercommand:
Changed the manual keytype check into a function call from util.lua
util.lua:
Added a keycheck function that returns true if an invalid keytype is detected
library.yarn:
Added implementation of createsshkey which uses ED25519 as a parameter
02-commands-sshkey.yarn:
Modified the "ssh key basics" Scenario to create a second key of type ED25519 and test it
-rw-r--r-- | lib/gitano/config.lua | 11 | ||||
-rw-r--r-- | lib/gitano/sssc | 8 | ||||
-rw-r--r-- | lib/gitano/sssc.pub | 1 | ||||
-rw-r--r-- | lib/gitano/usercommand.lua | 9 | ||||
-rw-r--r-- | lib/gitano/util.lua | 16 | ||||
-rw-r--r-- | testing/.library.yarn.swp | bin | 0 -> 16384 bytes | |||
-rw-r--r-- | testing/02-commands-sshkey.yarn | 8 | ||||
-rw-r--r-- | testing/keys/testinstance@newkey_Ed25519 | 7 | ||||
-rw-r--r-- | testing/keys/testinstance@newkey_Ed25519.pub | 1 | ||||
-rw-r--r-- | testing/library.yarn | 6 |
10 files changed, 52 insertions, 15 deletions
diff --git a/lib/gitano/config.lua b/lib/gitano/config.lua index 7227866..b42bfba 100644 --- a/lib/gitano/config.lua +++ b/lib/gitano/config.lua @@ -39,6 +39,7 @@ local log = require 'gitano.log' local lace = require 'gitano.lace' local i18n = require 'gitano.i18n' local pat = require 'gitano.patterns' +local util = require 'gitano.util' local luxio = require 'luxio' local sio = require 'luxio.simple' local clod = require 'clod' @@ -163,12 +164,10 @@ local function parse_admin_config(commit) if not (keytype and keydata and keytag) then return nil, i18n.expand("ERROR_BAD_KEY_SMELL", {filename=filename}) end - if (keytype ~= "ssh-rsa") and (keytype ~= "ssh-dss") and - (keytype ~= "ecdsa-sha2-nistp256") and - (keytype ~= "ecdsa-sha2-nistp384") and - (keytype ~= "ecdsa-sha2-nistp521") then - return nil, i18n.expand("ERROR_BAD_KEY_TYPE", - {keytype=keytype, filename=filename}) + + if util.ssh_type_is_invalid(keytype) then + return nil, i18n.expand("ERROR_BAD_KEY_TYPE", + {keytype=keytype, filename=filename}) end if all_keys[this_key] then diff --git a/lib/gitano/sssc b/lib/gitano/sssc new file mode 100644 index 0000000..fc7698f --- /dev/null +++ b/lib/gitano/sssc @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABB9boSOPS ++mgFH73l4a0IuEAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIIrdZLaik3mrc173 +N+GlqEjroqCbDUNmtVHDWrF74W85AAAAoKS76JOFvqS6YW/J0jFgbcURVWT0Tjfd+Z+qS/ +uMt+5DDkzAE1f/Z69Fc3GB03tN7TVlnEeVDkPhFk+BmCddef9vg7c1pOeU1ENtGc+5KAVP +MVmurIQEu9r9qUJjntz61joGnF+WdOUFMGrv79lyciInB9F7ObEpB/XksWLX5V/+PFdBFF +gdmvs3hAbkANNYlpvao0w0kyD/HZOfh7kkykY= +-----END OPENSSH PRIVATE KEY----- diff --git a/lib/gitano/sssc.pub b/lib/gitano/sssc.pub new file mode 100644 index 0000000..3fe440d --- /dev/null +++ b/lib/gitano/sssc.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrdZLaik3mrc173N+GlqEjroqCbDUNmtVHDWrF74W85 phillipsmyth@ct-lt-577 diff --git a/lib/gitano/usercommand.lua b/lib/gitano/usercommand.lua index af7141c..9c005a0 100644 --- a/lib/gitano/usercommand.lua +++ b/lib/gitano/usercommand.lua @@ -218,12 +218,9 @@ local function builtin_sshkey_run(conf, _, cmdline, env) "did not smell like an OpenSSH v2 key") return "exit", 1 end - - if (keytype ~= "ssh-rsa") and (keytype ~= "ssh-dss") and - (keytype ~= "ecdsa-sha2-nistp256") and - (keytype ~= "ecdsa-sha2-nistp384") and - (keytype ~= "ecdsa-sha2-nistp521") then - log.error("Unknown key type", keytype) + + if util.ssh_type_is_invalid(keytype) then + log.error("Unknown key type", keytype) return "exit", 1 end diff --git a/lib/gitano/util.lua b/lib/gitano/util.lua index 76183e3..7e34178 100644 --- a/lib/gitano/util.lua +++ b/lib/gitano/util.lua @@ -584,6 +584,18 @@ local function unlockfile(fh) fh:close() end +local function ssh_type_is_invalid(keytype) + if (keytype ~= "ssh-rsa") and + (keytype ~= "ssh-dss") and + (keytype ~= "ecdsa-sha2-nistp256") and + (keytype ~= "ecdsa-sha2-nistp384") and + (keytype ~= "ecdsa-sha2-nistp521") and + (keytype ~= "ssh-ed25519") then + return true + end + return false +end + return { parse_cmdline = _parse_cmdline, @@ -623,4 +635,6 @@ return { lockfile = lockfile, unlockfile = unlockfile, -} + ssh_type_is_invalid = ssh_type_is_invalid, +} + diff --git a/testing/.library.yarn.swp b/testing/.library.yarn.swp Binary files differnew file mode 100644 index 0000000..d62016e --- /dev/null +++ b/testing/.library.yarn.swp diff --git a/testing/02-commands-sshkey.yarn b/testing/02-commands-sshkey.yarn index da8a309..fc024b4 100644 --- a/testing/02-commands-sshkey.yarn +++ b/testing/02-commands-sshkey.yarn @@ -24,15 +24,20 @@ This information is also shown in `sshkey list`. New keys can be added. - GIVEN testinstance has keys called newkey + GIVEN testinstance has keys called newkey + AND testinstance has keys called edkey of type Ed25519 WHEN testinstance uses their ssh public key called newkey as stdin AND testinstance adminkey runs sshkey add newkey + THEN the output contains SSH authorised key file updated + WHEN testinstance uses their ssh public key called edkey as stdin + AND testinstance adminkey runs sshkey add edkey THEN the output contains SSH authorised key file updated Verify the new keys are listed for the user. WHEN testinstance adminkey runs sshkey list THEN the output contains newkey + AND the output contains edkey We can delete the old key and proceed with the new key in future. @@ -44,6 +49,7 @@ We can delete the old key and proceed with the new key in future. FINALLY the instance is torn down + SSH key tracking ---------------- diff --git a/testing/keys/testinstance@newkey_Ed25519 b/testing/keys/testinstance@newkey_Ed25519 new file mode 100644 index 0000000..369d60b --- /dev/null +++ b/testing/keys/testinstance@newkey_Ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACAwGjSnIXXiyuszXalOR24kstP2q5z/eUz3czF1Co6FjgAAAKCJ+h3Zifod +2QAAAAtzc2gtZWQyNTUxOQAAACAwGjSnIXXiyuszXalOR24kstP2q5z/eUz3czF1Co6Fjg +AAAECwQpGPDj/DisyXljioqnTv+MdCuBc9SKDBco/qOQ3gZDAaNKchdeLK6zNdqU5HbiSy +0/arnP95TPdzMXUKjoWOAAAAG3Rlc3RpbnN0YW5jZS1FZDI1NTE5QG5ld2tleQEC +-----END OPENSSH PRIVATE KEY----- diff --git a/testing/keys/testinstance@newkey_Ed25519.pub b/testing/keys/testinstance@newkey_Ed25519.pub new file mode 100644 index 0000000..94ff2bc --- /dev/null +++ b/testing/keys/testinstance@newkey_Ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAaNKchdeLK6zNdqU5HbiSy0/arnP95TPdzMXUKjoWO testinstance-Ed25519@newkey diff --git a/testing/library.yarn b/testing/library.yarn index cc03122..85e1523 100644 --- a/testing/library.yarn +++ b/testing/library.yarn @@ -43,9 +43,13 @@ SSH keys. Sometimes it's helpful to be able to work with these... IMPLEMENTS GIVEN a unix user called ([a-z][a-z0-9]*) $GTT createunixuser "$MATCH_1" - IMPLEMENTS GIVEN ([a-z][a-z0-9]*) has keys called ([a-z][a-z0-9]*) + IMPLEMENTS GIVEN ([a-z][a-z0-9]*) has keys called ([a-z][a-z0-9]*) $GTT createsshkey "$MATCH_1" "$MATCH_2" + IMPLEMENTS GIVEN ([a-z][a-z0-9]*) has keys called ([a-z][a-z0-9]*) of type ([a-z][a-z0-9]*)? + $GTT createsshkey "$MATCH_1" "$MATCH_2" "$MATCH_3" + + IMPLEMENTS WHEN ([a-z][a-z0-9]*) uses their ssh public key called ([a-z][a-z0-9]*) as stdin cp "$DATADIR/user-home-$MATCH_1/.ssh/$MATCH_2.pub" "$DATADIR/stdin" |