gitea/vendor/github.com/42wim/sshsig/sign.go
Wim 6fe756dc93
Add support for ssh commit signing (#17743)
* Add support for ssh commit signing

* Split out ssh verification to separate file

* Show ssh key fingerprint on commit page

* Update sshsig lib

* Make sure we verify against correct namespace

* Add ssh public key verification via ssh signatures

When adding a public ssh key also validate that this user actually
owns the key by signing a token with the private key.

* Remove some gpg references and make verify key optional

* Fix spaces indentation

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update templates/user/settings/keys_ssh.tmpl

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update models/ssh_key_commit_verification.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Reword ssh/gpg_key_success message

* Change Badsignature to NoKeyFound

* Add sign/verify tests

* Fix upstream api changes to user_model User

* Match exact on SSH signature

* Fix code review remarks

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-19 00:37:18 -05:00

170 lines
4.5 KiB
Go
Vendored

// Modifications by 42wim
//
// Copyright 2021 The Sigstore Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package sshsig
import (
"crypto/rand"
"crypto/sha256"
"crypto/sha512"
"errors"
"hash"
"io"
"golang.org/x/crypto/ssh"
"golang.org/x/crypto/ssh/agent"
)
// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig#L81
type MessageWrapper struct {
Namespace string
Reserved string
HashAlgorithm string
Hash string
}
// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig#L34
type WrappedSig struct {
MagicHeader [6]byte
Version uint32
PublicKey string
Namespace string
Reserved string
HashAlgorithm string
Signature string
}
const (
magicHeader = "SSHSIG"
defaultHashAlgorithm = "sha512"
)
var supportedHashAlgorithms = map[string]func() hash.Hash{
"sha256": sha256.New,
"sha512": sha512.New,
}
func wrapData(m io.Reader, ns string) ([]byte, error) {
hf := sha512.New()
if _, err := io.Copy(hf, m); err != nil {
return nil, err
}
mh := hf.Sum(nil)
sp := MessageWrapper{
Namespace: ns,
HashAlgorithm: defaultHashAlgorithm,
Hash: string(mh),
}
dataMessageWrapper := ssh.Marshal(sp)
dataMessageWrapper = append([]byte(magicHeader), dataMessageWrapper...)
return dataMessageWrapper, nil
}
func sign(s ssh.AlgorithmSigner, m io.Reader, ns string) (*ssh.Signature, error) {
dataMessageWrapper, err := wrapData(m, ns)
if err != nil {
return nil, err
}
// ssh-rsa is not supported for RSA keys:
// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig#L71
// We can use the default value of "" for other key types though.
algo := ""
if s.PublicKey().Type() == ssh.KeyAlgoRSA {
algo = ssh.SigAlgoRSASHA2512
}
return s.SignWithAlgorithm(rand.Reader, dataMessageWrapper, algo)
}
func signAgent(pk ssh.PublicKey, ag agent.Agent, m io.Reader, ns string) (*ssh.Signature, error) {
dataMessageWrapper, err := wrapData(m, ns)
if err != nil {
return nil, err
}
var sigFlag agent.SignatureFlags
if pk.Type() == ssh.KeyAlgoRSA {
sigFlag = agent.SignatureFlagRsaSha512
}
agExt, ok := ag.(agent.ExtendedAgent)
if !ok {
return nil, errors.New("couldn't cast to ExtendedAgent")
}
return agExt.SignWithFlags(pk, dataMessageWrapper, sigFlag)
}
// SignWithAgent asks the ssh Agent to sign the data with the signer matching the given publicKey and returns an armored signature.
// The purpose of the namespace value is to specify a unambiguous
// interpretation domain for the signature, e.g. file signing.
// This prevents cross-protocol attacks caused by signatures
// intended for one intended domain being accepted in another.
// If empty, the default is "file".
// This can be compared with `ssh-keygen -Y sign -f keyfile -n namespace data`
func SignWithAgent(publicKey []byte, ag agent.Agent, data io.Reader, namespace string) ([]byte, error) {
pk, _, _, _, err := ssh.ParseAuthorizedKey(publicKey)
if err != nil {
return nil, err
}
if namespace == "" {
namespace = defaultNamespace
}
sig, err := signAgent(pk, ag, data, namespace)
if err != nil {
return nil, err
}
armored := Armor(sig, pk, namespace)
return armored, nil
}
// Sign signs the data with the given private key in PEM format and returns an armored signature.
// The purpose of the namespace value is to specify a unambiguous
// interpretation domain for the signature, e.g. file signing.
// This prevents cross-protocol attacks caused by signatures
// intended for one intended domain being accepted in another.
// If empty, the default is "file".
// This can be compared with `ssh-keygen -Y sign -f keyfile -n namespace data`
func Sign(pemBytes []byte, data io.Reader, namespace string) ([]byte, error) {
s, err := ssh.ParsePrivateKey(pemBytes)
if err != nil {
return nil, err
}
as, ok := s.(ssh.AlgorithmSigner)
if !ok {
return nil, err
}
if namespace == "" {
namespace = defaultNamespace
}
sig, err := sign(as, data, namespace)
if err != nil {
return nil, err
}
armored := Armor(sig, s.PublicKey(), namespace)
return armored, nil
}