tenseleyflow/shithub / 0936fec

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+// Package sshkey wraps the parsing, validation, and fingerprinting of

+// user-supplied SSH public keys. Every entry that takes key material

+// from outside (the settings handlers, future imports, the AKC binary's

+// equality checks) goes through this package so policy lives in exactly

+// one place.

+package sshkey

+

+import (

+	"crypto/dsa"   //nolint:staticcheck // DSA detection only — never accepted.

+	"crypto/ecdsa"

+	"crypto/ed25519"

+	"crypto/rsa"

+	"errors"

+	"fmt"

+	"strings"

+

+	"golang.org/x/crypto/ssh"

+)

+

+// MinRSABits is the smallest accepted modulus length for ssh-rsa keys.

+const MinRSABits = 2048

+

+// MaxKeysPerUser is the cap enforced at the handler layer. Keeps DB rows

+// per-user bounded and limits AKC lookup amplification if an attacker

+// registered an enormous keyring on a single account.

+const MaxKeysPerUser = 100

+

+// Parsed is the validated, ready-to-store representation of a user-supplied

+// SSH public key. Title is whatever name the user typed; everything else

+// is derived from the key blob.

+type Parsed struct {

+	Title       string

+	Type        string // OpenSSH algorithm name, e.g. "ssh-ed25519"

+	Bits        int    // 0 when not meaningful (e.g. ed25519)

+	Fingerprint string // canonical SHA256:<base64-no-padding>

+	// PublicKey is the canonical authorized_keys line (no comment; no

+	// trailing newline). It is what the AKC binary re-emits on a hit.

+	PublicKey string

+}

+

+// Errors. Keep them precise enough for the settings handler to render a

+// useful UI string.

+var (

+	ErrUnsupportedAlgo = errors.New("sshkey: unsupported key algorithm")

+	ErrRSATooShort     = fmt.Errorf("sshkey: RSA keys must be at least %d bits", MinRSABits)

+	ErrUnparseable     = errors.New("sshkey: could not parse key — paste the contents of your .pub file")

+	ErrTitleEmpty      = errors.New("sshkey: title required")

+	ErrTitleTooLong    = errors.New("sshkey: title may be at most 80 characters")

+	ErrTitleControl    = errors.New("sshkey: title contains control characters")

+)

+

+// Parse validates and canonicalizes input. Title goes through a small

+// validator (length + control-char rejection); the key blob through

+// ssh.ParseAuthorizedKey + an algorithm whitelist + an RSA-bits check.

+func Parse(title, blob string) (*Parsed, error) {

+	t := strings.TrimSpace(title)

+	if t == "" {

+		return nil, ErrTitleEmpty

+	}

+	if len(t) > 80 {

+		return nil, ErrTitleTooLong

+	}

+	if hasControlChars(t) {

+		return nil, ErrTitleControl

+	}

+

+	pub, _, _, _, err := ssh.ParseAuthorizedKey([]byte(blob))

+	if err != nil {

+		return nil, ErrUnparseable

+	}

+

+	algo := pub.Type()

+	if !algorithmAllowed(algo) {

+		return nil, ErrUnsupportedAlgo

+	}

+

+	bits, err := keyBits(pub)

+	if err != nil {

+		return nil, err

+	}

+	if algo == "ssh-rsa" && bits < MinRSABits {

+		return nil, ErrRSATooShort

+	}

+

+	canonical := canonicalAuthorizedKey(pub)

+	return &Parsed{

+		Title:       t,

+		Type:        algo,

+		Bits:        bits,

+		Fingerprint: ssh.FingerprintSHA256(pub),

+		PublicKey:   canonical,

+	}, nil

+}

+

+// FingerprintOf returns the canonical SHA256 fingerprint for an

+// already-parsed key. Used by the AKC binary's equality checks.

+func FingerprintOf(pub ssh.PublicKey) string {

+	return ssh.FingerprintSHA256(pub)

+}

+

+// canonicalAuthorizedKey re-emits the parsed key as a single

+// `<algo> <base64>` line so storage/lookup don't accidentally depend on

+// whitespace or comment fields the user supplied.

+func canonicalAuthorizedKey(pub ssh.PublicKey) string {

+	line := strings.TrimSpace(string(ssh.MarshalAuthorizedKey(pub)))

+	return line

+}

+

+// algorithmAllowed gates the OpenSSH algorithm names we accept.

+func algorithmAllowed(algo string) bool {

+	switch algo {

+	case "ssh-ed25519",

+		"sk-ssh-ed25519@openssh.com",

+		"ecdsa-sha2-nistp256",

+		"ecdsa-sha2-nistp384",

+		"ecdsa-sha2-nistp521",

+		"sk-ecdsa-sha2-nistp256@openssh.com",

+		"ssh-rsa":

+		return true

+	}

+	return false

+}

+

+// keyBits extracts the modulus / curve size from a parsed key. Returns 0

+// for ed25519 (where the concept doesn't apply meaningfully).

+func keyBits(pub ssh.PublicKey) (int, error) {

+	cp, ok := pub.(ssh.CryptoPublicKey)

+	if !ok {

+		return 0, nil

+	}

+	switch k := cp.CryptoPublicKey().(type) {

+	case ed25519.PublicKey:

+		return 0, nil

+	case *rsa.PublicKey:

+		return k.N.BitLen(), nil

+	case *ecdsa.PublicKey:

+		return k.Params().BitSize, nil

+	case *dsa.PublicKey:

+		return 0, ErrUnsupportedAlgo

+	default:

+		return 0, nil

+	}

+}

+

+func hasControlChars(s string) bool {

+	for _, r := range s {

+		if r < 0x20 || r == 0x7f {

+			return true

+		}

+	}

+	return false

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package sshkey

+

+import (

+	"errors"

+	"os"

+	"os/exec"

+	"path/filepath"

+	"strings"

+	"testing"

+)

+

+func mustRead(t *testing.T, name string) string {

+	t.Helper()

+	b, err := os.ReadFile(filepath.Join("testdata", name))

+	if err != nil {

+		t.Fatalf("read %s: %v", name, err)

+	}

+	return string(b)

+}

+

+func TestParse_AcceptsEd25519(t *testing.T) {

+	t.Parallel()

+	pub := mustRead(t, "ed25519.pub")

+	got, err := Parse("my laptop", pub)

+	if err != nil {

+		t.Fatalf("Parse: %v", err)

+	}

+	if got.Type != "ssh-ed25519" {

+		t.Fatalf("type = %q", got.Type)

+	}

+	if !strings.HasPrefix(got.Fingerprint, "SHA256:") {

+		t.Fatalf("fingerprint shape: %q", got.Fingerprint)

+	}

+	// Cross-check against ssh-keygen if available — defensive.

+	if _, err := exec.LookPath("ssh-keygen"); err == nil {

+		out, err := exec.Command("ssh-keygen", "-E", "sha256", "-lf",

+			filepath.Join("testdata", "ed25519.pub")).Output()

+		if err != nil {

+			t.Fatalf("ssh-keygen: %v", err)

+		}

+		if !strings.Contains(string(out), got.Fingerprint) {

+			t.Fatalf("fingerprint mismatch with ssh-keygen: %q vs %s",

+				got.Fingerprint, out)

+		}

+	}

+}

+

+func TestParse_AcceptsRSA2048(t *testing.T) {

+	t.Parallel()

+	pub := mustRead(t, "rsa2048.pub")

+	got, err := Parse("ci runner", pub)

+	if err != nil {

+		t.Fatalf("Parse: %v", err)

+	}

+	if got.Type != "ssh-rsa" {

+		t.Fatalf("type = %q", got.Type)

+	}

+	if got.Bits < 2048 {

+		t.Fatalf("bits = %d", got.Bits)

+	}

+}

+

+func TestParse_AcceptsECDSA(t *testing.T) {

+	t.Parallel()

+	pub := mustRead(t, "ecdsa256.pub")

+	got, err := Parse("hsm", pub)

+	if err != nil {

+		t.Fatalf("Parse: %v", err)

+	}

+	if got.Type != "ecdsa-sha2-nistp256" {

+		t.Fatalf("type = %q", got.Type)

+	}

+}

+

+func TestParse_RejectsRSA1024(t *testing.T) {

+	t.Parallel()

+	pub := mustRead(t, "rsa1024.pub")

+	_, err := Parse("weak", pub)

+	if !errors.Is(err, ErrRSATooShort) {

+		t.Fatalf("expected ErrRSATooShort, got %v", err)

+	}

+}

+

+func TestParse_RejectsUnparseable(t *testing.T) {

+	t.Parallel()

+	cases := []string{

+		"",

+		"not-a-key",

+		"ssh-rsa AAAA broken",

+		"ssh-dss AAAAB3NzaC1kc3MAAACB",

+	}

+	for _, in := range cases {

+		_, err := Parse("title", in)

+		if err == nil {

+			t.Errorf("expected error for %q", in)

+		}

+	}

+}

+

+func TestParse_RejectsEmptyTitle(t *testing.T) {

+	t.Parallel()

+	pub := mustRead(t, "ed25519.pub")

+	_, err := Parse("   ", pub)

+	if !errors.Is(err, ErrTitleEmpty) {

+		t.Fatalf("expected ErrTitleEmpty, got %v", err)

+	}

+}

+

+func TestParse_RejectsLongTitle(t *testing.T) {

+	t.Parallel()

+	pub := mustRead(t, "ed25519.pub")

+	_, err := Parse(strings.Repeat("a", 81), pub)

+	if !errors.Is(err, ErrTitleTooLong) {

+		t.Fatalf("expected ErrTitleTooLong, got %v", err)

+	}

+}

+

+func TestParse_RejectsControlCharsInTitle(t *testing.T) {

+	t.Parallel()

+	pub := mustRead(t, "ed25519.pub")

+	_, err := Parse("oops\nnewline", pub)

+	if !errors.Is(err, ErrTitleControl) {

+		t.Fatalf("expected ErrTitleControl, got %v", err)

+	}

+}

+

+func TestParse_CanonicalizesPublicKey(t *testing.T) {

+	t.Parallel()

+	pub := mustRead(t, "ed25519.pub")

+	got, _ := Parse("my laptop", pub)

+	// No trailing newline, no comment.

+	if strings.HasSuffix(got.PublicKey, "\n") {

+		t.Fatal("canonical key has trailing newline")

+	}

+	if strings.Contains(got.PublicKey, "fixture-ed25519") {

+		t.Fatal("canonical key includes original comment")

+	}

+	parts := strings.Fields(got.PublicKey)

+	if len(parts) != 2 {

+		t.Fatalf("canonical key should be 'algo b64', got %q", got.PublicKey)

+	}

+}

+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDhZ0XNDwZFKaR2bnyRAIGkQsRrrCfdZ5d/VEF4NX3wFbjt587fPWT9X4t0WxbwKyC9M6f8cFFI9KHs697Vw1/E= fixture-ecdsa256

+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH8uLO5XJSuhkis6RRogK+blyCwUe6qJJUNNwNr3HnFu fixture-ed25519

+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCczCPPyi3UFhbqVvwipqmmhYcBrO+b2BI/aDgzoe7X8ARwpAVgE7P8rRKU4FbmFDgfc/sgUu5hy04JAwGXepruA06k1fQnLrtJkVyYXEQeophCw3VASJH2YvoKyLHr5ynw3za5EKyvhPWcc5NfWoJZMaNrmxHk4VF6eTgb0L9JPw== fixture-rsa1024

+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJHPBEZcki4/K8/HR0gQQ/vVIwWaWibmLmlRQdE8V/W4DqksEY6XXty1hZay8euhw5rdHe4ZtwLRCREBYDjPRP5Zej0f0ZndqMbTJupOw7wd8AtiMMQXXzfHYfaAGTUv3+k0FkYWjxikdlra95OuAJ9zChclqb+h0kyfNGN6fEww9pI1j/BaEFFFK3HDqE0Wm2Xuxw4Wy4T1ird+ev3s5Op2t/SqLkU+7vaVbYxxCRMQoeb4egJgnplXXTFmt1hVL1i6oMYd9+enVP+QmYhO3+uChzCODDy4j8E1VLnUMBo/Yei6PPSPUBlY86CfZ+qopiLXh7ApcDUbHYApHxVUaN fixture-rsa2048