diff --git a/go.mod b/go.mod index 78495cc6a252a..bc1a13c6a48fd 100644 --- a/go.mod +++ b/go.mod @@ -67,6 +67,7 @@ require ( github.com/mattn/go-sqlite3 v1.14.12 github.com/mholt/archiver/v3 v3.5.1 github.com/microcosm-cc/bluemonday v1.0.19 + github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a github.com/minio/minio-go/v7 v7.0.26 github.com/msteinert/pam v1.0.0 github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 diff --git a/go.sum b/go.sum index dca68d9a8e7d8..ea10bffbbda4b 100644 --- a/go.sum +++ b/go.sum @@ -1163,6 +1163,8 @@ github.com/miekg/dns v1.1.48 h1:Ucfr7IIVyMBz4lRE8qmGUuZ4Wt3/ZGu9hmcMT3Uu4tQ= github.com/miekg/dns v1.1.48/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a h1:eU8j/ClY2Ty3qdHnn0TyW3ivFoPC/0F1gQZz8yTxbbE= +github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a/go.mod h1:v8eSC2SMp9/7FTKUncp7fH9IwPfw+ysMObcEz5FWheQ= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= github.com/minio/minio-go/v7 v7.0.26 h1:D0HK+8793etZfRY/vHhDmFaP+vmT41K3K4JV9vmZCBQ= diff --git a/modules/ssh/ssh.go b/modules/ssh/ssh.go index 2affeb781a998..c8698f4c092ef 100644 --- a/modules/ssh/ssh.go +++ b/modules/ssh/ssh.go @@ -7,10 +7,6 @@ package ssh import ( "bytes" "context" - "crypto/rand" - "crypto/rsa" - "crypto/x509" - "encoding/pem" "fmt" "io" "net" @@ -328,47 +324,3 @@ func Listen(host string, port int, ciphers, keyExchanges, macs []string) { listen(&srv) }() } - -// GenKeyPair make a pair of public and private keys for SSH access. -// Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file. -// Private Key generated is PEM encoded -func GenKeyPair(keyPath string) error { - privateKey, err := rsa.GenerateKey(rand.Reader, 4096) - if err != nil { - return err - } - - privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)} - f, err := os.OpenFile(keyPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600) - if err != nil { - return err - } - defer func() { - if err = f.Close(); err != nil { - log.Error("Close: %v", err) - } - }() - - if err := pem.Encode(f, privateKeyPEM); err != nil { - return err - } - - // generate public key - pub, err := gossh.NewPublicKey(&privateKey.PublicKey) - if err != nil { - return err - } - - public := gossh.MarshalAuthorizedKey(pub) - p, err := os.OpenFile(keyPath+".pub", os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600) - if err != nil { - return err - } - defer func() { - if err = p.Close(); err != nil { - log.Error("Close: %v", err) - } - }() - _, err = p.Write(public) - return err -} diff --git a/modules/ssh/testhelper.go b/modules/ssh/testhelper.go new file mode 100644 index 0000000000000..9af23513fe82f --- /dev/null +++ b/modules/ssh/testhelper.go @@ -0,0 +1,76 @@ +// Copyright 2022 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package ssh + +import ( + "crypto/ed25519" + "crypto/rand" + "encoding/pem" + "os" + + "code.gitea.io/gitea/modules/log" + + "github.com/mikesmitty/edkey" + "golang.org/x/crypto/ssh" +) + +// GenKeyPair make a pair of public and private keys for SSH access. +// Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file. +// Private Key generated is PEM encoded +func GenKeyPair(keyPath string) error { + publicKey, privateKey, err := genKeyPair() + if err != nil { + return err + } + + privKeyFile, err := os.OpenFile(keyPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600) + if err != nil { + return err + } + defer func() { + if err = privKeyFile.Close(); err != nil { + log.Error("Close: %v", err) + } + }() + if _, err := privKeyFile.Write(privateKey); err != nil { + return err + } + + pubKeyFile, err := os.OpenFile(keyPath+".pub", os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600) + if err != nil { + return err + } + defer func() { + if err = pubKeyFile.Close(); err != nil { + log.Error("Close: %v", err) + } + }() + + _, err = pubKeyFile.Write(publicKey) + return err +} + +func genKeyPair() (publicK, privateK []byte, err error) { + publicKey, privateKey, err := ed25519.GenerateKey(rand.Reader) + if err != nil { + return nil, nil, err + } + + // generate private key + privateK = pem.EncodeToMemory(&pem.Block{ + Type: "OPENSSH PRIVATE KEY", + Bytes: edkey.MarshalED25519PrivateKey(privateKey), + }) + + // generate public key + pub, err := ssh.NewPublicKey(publicKey) + if err != nil { + return nil, nil, err + } + + publicK = ssh.MarshalAuthorizedKey(pub) + + return privateK, publicK, nil +}