NotificationsYou must be signed in to change notification settings
Fork150
Star2.8k

Commitece3a2a

committed

Add support for Ed25519 keys

1 parent2e5376c commitece3a2aCopy full SHA for ece3a2a

File tree

4 files changed

+35

-7

lines changed

4 files changed

+35

-7

lines changed

`‎go.mod‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ module filippo.io/yubikey-agent`
`3`	`3`	`go1.19`
`4`	`4`
`5`	`5`	`require (`
`6`		`-github.com/go-piv/piv-gov1.10.0`
	`6`	`+github.com/go-piv/piv-go/v2v2.3.0`
`7`	`7`	`github.com/twpayne/go-pinentry-minimalv0.0.0-20220113210447-2a5dc4396c2a`
`8`	`8`	`golang.org/x/cryptov0.4.0`
`9`	`9`	`golang.org/x/termv0.3.0`

`‎go.sum‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`		`-github.com/go-piv/piv-gov1.10.0 h1:P1Y1VjBI5DnXW0+YkKmTuh5opWnMIrKriUaIOblee9Q=`
`2`		`-github.com/go-piv/piv-gov1.10.0/go.mod h1:NZ2zmjVkfFaL/CF8cVQ/pXdXtuj110zEKGdJM6fJZZM=`
	`1`	`+github.com/go-piv/piv-go/v2v2.3.0 h1:kKkrYlgLQTMPA6BiSL25A7/x4CEh2YCG7rtb/aTkx+g=`
	`2`	`+github.com/go-piv/piv-go/v2v2.3.0/go.mod h1:ShZi74nnrWNQEdWzRUd/3cSig3uNOcEZp+EWl0oewnI=`
`3`	`3`	`github.com/twpayne/go-pinentry-minimalv0.0.0-20220113210447-2a5dc4396c2a h1:a1bRrtgkiv0tytmDVXU5Dqse/WOTws7JvsY2WxPMZ6M=`
`4`	`4`	`github.com/twpayne/go-pinentry-minimalv0.0.0-20220113210447-2a5dc4396c2a/go.mod h1:ARJJXqNuaxVS84jX6ST52hQh0TtuQZWABhTe95a6BI4=`
`5`	`5`	`golang.org/x/cryptov0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=`

`‎main.go‎`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ import (`
`10`	`10`	`"bytes"`
`11`	`11`	`"context"`
`12`	`12`	`"crypto/ecdsa"`
	`13`	`+"crypto/ed25519"`
`13`	`14`	`"crypto/rand"`
`14`	`15`	`"crypto/rsa"`
`15`	`16`	`"errors"`
`@@ -28,7 +29,7 @@ import (`
`28`	`29`	`"syscall"`
`29`	`30`	`"time"`
`30`	`31`
`31`		`-"github.com/go-piv/piv-go/piv"`
	`32`	`+"github.com/go-piv/piv-go/v2/piv"`
`32`	`33`	`"golang.org/x/crypto/ssh"`
`33`	`34`	`"golang.org/x/crypto/ssh/agent"`
`34`	`35`	`"golang.org/x/crypto/ssh/terminal"`
`@@ -249,6 +250,7 @@ func getPublicKey(yk *piv.YubiKey, slot piv.Slot) (ssh.PublicKey, error) {`
`249`	`250`	`}`
`250`	`251`	`switchcert.PublicKey.(type) {`
`251`	`252`	`case*ecdsa.PublicKey:`
	`253`	`+case ed25519.PublicKey:`
`252`	`254`	`case*rsa.PublicKey:`
`253`	`255`	`default:`
`254`	`256`	`returnnil,fmt.Errorf("unexpected public key type: %T",cert.PublicKey)`

`‎setup.go‎`

Lines changed: 29 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ import (`
`21`	`21`	`"runtime/debug"`
`22`	`22`	`"time"`
`23`	`23`
`24`		`-"github.com/go-piv/piv-go/piv"`
	`24`	`+"github.com/go-piv/piv-go/v2/piv"`
`25`	`25`	`"golang.org/x/crypto/ssh"`
`26`	`26`	`"golang.org/x/term"`
`27`	`27`	`)`
`@@ -100,7 +100,15 @@ func runSetup(yk *piv.YubiKey) {`
`100`	`100`	`fmt.Println("")`
`101`	`101`	`fmt.Println("🧪 Reticulating splines...")`
`102`	`102`
`103`		`-varkey [24]byte`
	`103`	`+varversion=yk.Version()`
	`104`	`+varkey []byte`
	`105`	`+ifsupportsVersion(&version,5,4,0) {`
	`106`	`+// Yubikey Firmware >=5.4.0 supports AES256 management keys`
	`107`	`+key=make([]byte,32)`
	`108`	`+}else {`
	`109`	`+key=make([]byte,24)`
	`110`	`+}`
	`111`	`+`
`104`	`112`	`if_,err:=rand.Read(key[:]);err!=nil {`
`105`	`113`	`log.Fatal(err)`
`106`	`114`	`}`
`@@ -137,8 +145,16 @@ func runSetup(yk *piv.YubiKey) {`
`137`	`145`	`log.Fatalln("use --really-delete-all-piv-keys ⚠️")`
`138`	`146`	`}`
`139`	`147`
	`148`	`+varalg piv.Algorithm`
	`149`	`+ifsupportsVersion(&version,5,7,0) {`
	`150`	`+// For newer Yubikeys, upgrade the key automatically to Ed25519`
	`151`	`+alg=piv.AlgorithmEd25519`
	`152`	`+}else {`
	`153`	`+alg=piv.AlgorithmEC256`
	`154`	`+}`
	`155`	`+`
`140`	`156`	`pub,err:=yk.GenerateKey(key,piv.SlotAuthentication, piv.Key{`
`141`		`-Algorithm:piv.AlgorithmEC256,`
	`157`	`+Algorithm:alg,`
`142`	`158`	`PINPolicy:piv.PINPolicyOnce,`
`143`	`159`	`TouchPolicy:piv.TouchPolicyAlways,`
`144`	`160`	`})`
`@@ -196,6 +212,16 @@ func runSetup(yk *piv.YubiKey) {`
`196`	`212`	`fmt.Println("💭 Remember: everything breaks, have a backup plan for when this YubiKey does.")`
`197`	`213`	`}`
`198`	`214`
	`215`	`+funcsupportsVersion(v*piv.Version,major,minor,patchint)bool {`
	`216`	`+ifv.Major!=major {`
	`217`	`+returnv.Major>major`
	`218`	`+}`
	`219`	`+ifv.Minor!=minor {`
	`220`	`+returnv.Minor>minor`
	`221`	`+}`
	`222`	`+returnv.Patch>=patch`
	`223`	`+}`
	`224`	`+`
`199`	`225`	`funcrandomSerialNumber()*big.Int {`
`200`	`226`	`serialNumberLimit:=new(big.Int).Lsh(big.NewInt(1),128)`
`201`	`227`	`serialNumber,err:=rand.Int(rand.Reader,serialNumberLimit)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitece3a2a

File tree

4 files changed

4 files changed

`‎go.mod‎`

`‎go.sum‎`

`‎main.go‎`

`‎setup.go‎`

0 commit comments