Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ssh-key: make decode_as a public API #211

Merged
merged 1 commit into from
Apr 11, 2024

Conversation

baloo
Copy link
Member

@baloo baloo commented Apr 6, 2024

When parsing ssh keys from the SSH agent protocol, you need to read the first element of the protocol (the ssh_key::Algorithm (encoded as a String) to make a decision whether what comes next is supposed to be parsed as an ssh_key::Certificate or as an ssh_key::private::KeypairData.

Because the content has already been consumed from the reader, and because you can't go backwards in the reader. This requires decode_as to be exposed on ssh_key::private::KeypairData.

@baloo baloo force-pushed the baloo/ssh-key/expose-decode_as branch from 4ba151b to 4fcd7d5 Compare April 6, 2024 17:58
@baloo baloo force-pushed the baloo/ssh-key/expose-decode_as branch from 4fcd7d5 to ea2da09 Compare April 6, 2024 17:59
@baloo
Copy link
Member Author

baloo commented Apr 7, 2024

I'd love to have this backported and released to a ssh-key/v0.6.6

@wiktor-k
Copy link
Contributor

wiktor-k commented Apr 8, 2024

Great to see this filed! Thanks a lot @baloo 🙇

I think in general all these "first string ID (algorithm), then we decide what to do" should have a decode_as variants or maybe even all uses of KeypairData should be inspected. If SSH sends us certificates instead of keys during SSH agent protocol it may do so in other places too.

In other words the Credential type that was added to the SSH agent crate may as well be useful for other people and maybe it's place is here?

And if so the question is what to do with other types which are used in SSH agent protocol. Maybe they could also be moved here after they "stabilize" a bit?

This is all just ideas for far future but in the short-term it'd be really nice to have this merged. 🙏

Thanks for your time! 👋

@baloo
Copy link
Member Author

baloo commented Apr 8, 2024

In other words the Credential type that was added to the SSH agent crate may as well be useful for other people and maybe it's place is here?

I don't think it will be ever used outside the agent protocol. This is only used because encoding of private keys changes whether they are tied to certificates or not. I believe agent protocol is the only one that involves private keys.
I would leave it in agent until we find another use for it.

@tarcieri
Copy link
Member

Are you suggesting a new method, or if not, can you link in the source code to the method you're talking about?

As far as I can tell, there is no decode_as method defined on ssh_key::private::KeypairData at present, only on ssh_key::public::KeyData.

@baloo
Copy link
Member Author

baloo commented Apr 11, 2024

This is used for parsing the ssh-agent protocol.

https://github.com/wiktor-k/ssh-agent-lib/pull/33/files#r1554798031

@tarcieri
Copy link
Member

Aah sorry, catching up on PRs and I missed this was extracting a decode_as method

@tarcieri tarcieri merged commit e2b6735 into RustCrypto:master Apr 11, 2024
12 checks passed
@baloo baloo deleted the baloo/ssh-key/expose-decode_as branch April 11, 2024 18:06
baloo added a commit to baloo/SSH that referenced this pull request Apr 12, 2024
baloo added a commit to baloo/SSH that referenced this pull request Apr 12, 2024
Added:
- impl `decode_as` for `KeypairData` ([RustCrypto#211])

Changed:
- clarify SSH vs OpenSSH formats ([RustCrypto#206])

Fixed:
- fix `certificate::OptionsMap` encoding ([RustCrypto#207])
- fixup `EcdsaPrivateKey` Debug impl ([RustCrypto#210])

[RustCrypto#206]: RustCrypto#206
[RustCrypto#207]: RustCrypto#207
[RustCrypto#210]: RustCrypto#210
[RustCrypto#211]: RustCrypto#211
@baloo baloo mentioned this pull request Apr 12, 2024
baloo added a commit that referenced this pull request Apr 12, 2024
Added:
- impl `decode_as` for `KeypairData` ([#211])

Changed:
- clarify SSH vs OpenSSH formats ([#206])

Fixed:
- fix `certificate::OptionsMap` encoding ([#207])
- fixup `EcdsaPrivateKey` Debug impl ([#210])

[#206]: #206
[#207]: #207
[#210]: #210
[#211]: #211
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants