Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit9f029ff

Browse files
committed
Merge branch 'morten/comment'
* morten/comment: ssh-tpm-keygen: parse comment from public key on import key_test: Add tests for comments key_test: Run CreateKey under one test keygen: Fix public key comment ssh-tpm-agent: Implement key comments
2 parentscfac705 +9f3cfb6 commit9f029ff

File tree

6 files changed

+132
-52
lines changed

6 files changed

+132
-52
lines changed

‎agent/agent.go‎

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -112,8 +112,9 @@ func (a *Agent) List() ([]*agent.Key, error) {
112112
}
113113

114114
agentKeys=append(agentKeys,&agent.Key{
115-
Format:pk.Type(),
116-
Blob:pk.Marshal(),
115+
Format:pk.Type(),
116+
Blob:pk.Marshal(),
117+
Comment:string(k.Comment),
117118
})
118119
}
119120
returnagentKeys,nil

‎cmd/ssh-tpm-agent/main_test.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,7 @@ func runSSHAuth(t *testing.T, keytype tpm2.TPMAlgID) {
110110
t.Fatal(err)
111111
}
112112

113-
k,err:=key.CreateKey(tpm,keytype, []byte(""))
113+
k,err:=key.CreateKey(tpm,keytype, []byte(""), []byte(""))
114114
iferr!=nil {
115115
t.Fatalf("failed creating key: %v",err)
116116
}

‎cmd/ssh-tpm-keygen/main.go‎

Lines changed: 36 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import (
1212
"io/fs"
1313
"log"
1414
"os"
15+
"os/user"
1516
"path"
1617
"strings"
1718
"syscall"
@@ -29,7 +30,7 @@ const usage = `Usage:
2930
ssh-tpm-keygen
3031
3132
Options:
32-
-CComment WIP
33+
-CProvide a comment with the key.
3334
-f Output keyfile WIP
3435
-N PIN for the key WIP
3536
-t ecdsa | rsa Specify the type of key to create. Defaults to ecdsa
@@ -106,7 +107,21 @@ func main() {
106107
swtpmFlagbool
107108
)
108109

109-
flag.StringVar(&comment,"C","","provide a comment with the key")
110+
defaultComment:=func()string {
111+
user,err:=user.Current()
112+
iferr!=nil {
113+
log.Println(err)
114+
return""
115+
}
116+
host,err:=os.Hostname()
117+
iferr!=nil {
118+
log.Println(err)
119+
return""
120+
}
121+
returnuser.Username+"@"+host
122+
}()
123+
124+
flag.StringVar(&comment,"C",defaultComment,"provide a comment, default to user@host")
110125
flag.StringVar(&outputFile,"f","","output keyfile")
111126
flag.StringVar(&keyPin,"N","","new pin for the key")
112127
flag.StringVar(&keyType,"t","ecdsa","key to create")
@@ -181,6 +196,17 @@ func main() {
181196
log.Fatal("unsupported key type")
182197
}
183198

199+
pubPem,err:=os.ReadFile(importKey+".pub")
200+
iferr!=nil {
201+
log.Fatalf("can't find corresponding public key: %v",err)
202+
}
203+
204+
_,c,_,_,err:=ssh.ParseAuthorizedKey(pubPem)
205+
iferr!=nil {
206+
log.Fatal("can't parse public key",err)
207+
}
208+
comment=c
209+
184210
}else {
185211
fmt.Printf("Generating a sealed public/private %s key pair.\n",keyType)
186212

@@ -235,12 +261,13 @@ func main() {
235261
vark*key.Key
236262

237263
ifimportKey!="" {
238-
k,err=key.ImportKey(tpm,toImportKey,pin)
264+
// TODO: Read public key for comment
265+
k,err=key.ImportKey(tpm,toImportKey,pin, []byte(comment))
239266
iferr!=nil {
240267
log.Fatal(err)
241268
}
242269
}else {
243-
k,err=key.CreateKey(tpm,tpmkeyType,pin)
270+
k,err=key.CreateKey(tpm,tpmkeyType,pin, []byte(comment))
244271
iferr!=nil {
245272
log.Fatal(err)
246273
}
@@ -251,8 +278,12 @@ func main() {
251278
log.Fatal(err)
252279
}
253280

281+
pubkeyLine:=
282+
strings.TrimSuffix(string(ssh.MarshalAuthorizedKey(sshKey)),"\n")+
283+
" "+comment+"\n"
284+
254285
ifimportKey=="" {
255-
iferr:=os.WriteFile(pubkeyFilename,ssh.MarshalAuthorizedKey(sshKey),0644);err!=nil {
286+
iferr:=os.WriteFile(pubkeyFilename,[]byte(pubkeyLine),0644);err!=nil {
256287
log.Fatal(err)
257288
}
258289
}

‎key/key.go‎

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ type Key struct {
4040
Type tpm2.TPMAlgID
4141
Private tpm2.TPM2BPrivate
4242
Public tpm2.TPM2BPublic
43+
Comment []byte
4344
}
4445

4546
func (k*Key)ecdsaPubKey() (*ecdsa.PublicKey,error) {
@@ -98,6 +99,7 @@ func (k *Key) SSHPublicKey() (ssh.PublicKey, error) {
9899

99100
funcUnmarshalKey(b []byte) (*Key,error) {
100101
varkeyKey
102+
varcomment []byte
101103

102104
r:=bytes.NewBuffer(b)
103105

@@ -116,13 +118,28 @@ func UnmarshalKey(b []byte) (*Key, error) {
116118
returnnil,err
117119
}
118120

119-
private,err:= tpm2.Unmarshal[tpm2.TPM2BPrivate](r.Bytes()[len(public.Bytes())+2:])
121+
// The TPM byte blob + the two bytes for the blob length
122+
bLength:=len(public.Bytes())+2
123+
124+
private,err:= tpm2.Unmarshal[tpm2.TPM2BPrivate](r.Bytes()[bLength:])
120125
iferr!=nil {
121126
returnnil,err
122127
}
123128

129+
// The TPM byte blob + the two bytes for the blob length
130+
bLength+=len(private.Buffer)+2
131+
132+
// Advance the reader with the TPM blobs we've read
133+
r.Next(bLength)
134+
135+
ifr.Len()!=0 {
136+
comment=make([]byte,r.Len())
137+
r.Read(comment)
138+
}
139+
124140
key.Public=*public
125141
key.Private=*private
142+
key.Comment=comment
126143

127144
return&key,err
128145
}
@@ -136,6 +153,7 @@ func MarshalKey(k *Key) []byte {
136153
varpub []byte
137154
pub=append(pub,tpm2.Marshal(k.Public)...)
138155
pub=append(pub,tpm2.Marshal(k.Private)...)
156+
pub=append(pub,k.Comment...)
139157
b.Write(pub)
140158

141159
returnb.Bytes()
@@ -267,7 +285,7 @@ var (
267285
})
268286
)
269287

270-
funcCreateKey(tpm transport.TPMCloser,keytype tpm2.TPMAlgID,pin []byte) (*Key,error) {
288+
funcCreateKey(tpm transport.TPMCloser,keytype tpm2.TPMAlgID,pin,comment []byte) (*Key,error) {
271289
switchkeytype {
272290
casetpm2.TPMAlgECDSA:
273291
casetpm2.TPMAlgRSA:
@@ -325,10 +343,11 @@ func CreateKey(tpm transport.TPMCloser, keytype tpm2.TPMAlgID, pin []byte) (*Key
325343
Type:keytype,
326344
Private:createRsp.OutPrivate,
327345
Public:createRsp.OutPublic,
346+
Comment:comment,
328347
},nil
329348
}
330349

331-
funcImportKey(tpm transport.TPMCloser,pkany,pin []byte) (*Key,error) {
350+
funcImportKey(tpm transport.TPMCloser,pkany,pin,comment []byte) (*Key,error) {
332351

333352
varpublic tpm2.TPMTPublic
334353
varsensitive tpm2.TPMTSensitive
@@ -473,6 +492,7 @@ func ImportKey(tpm transport.TPMCloser, pk any, pin []byte) (*Key, error) {
473492
Private:importRsp.OutPrivate,
474493
Public:importCmd.ObjectPublic,
475494
Type:keytype,
495+
Comment:comment,
476496
},nil
477497
}
478498

‎key/key_test.go‎

Lines changed: 67 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -13,41 +13,40 @@ import (
1313
"crypto/rsa"
1414
)
1515

16-
funcTestECDSACreateKey(t*testing.T) {
17-
tpm,err:=simulator.OpenSimulator()
18-
iferr!=nil {
19-
t.Fatal(err)
20-
}
21-
defertpm.Close()
22-
k,err:=CreateKey(tpm,tpm2.TPMAlgECDSA, []byte(""))
23-
iferr!=nil {
24-
t.Fatalf("failed key import: %v",err)
25-
}
26-
27-
// Test if we can load the key
28-
// signer/signer_test.go tests the signing of the key
29-
_,err=LoadKey(tpm,k)
30-
iferr!=nil {
31-
t.Fatalf("failed loading key: %v",err)
16+
funcTestCreateKey(t*testing.T) {
17+
cases:= []struct {
18+
textstring
19+
alg tpm2.TPMAlgID
20+
}{
21+
{
22+
text:"ecdsa",
23+
alg:tpm2.TPMAlgECDSA,
24+
},
25+
{
26+
text:"rsa",
27+
alg:tpm2.TPMAlgRSA,
28+
},
3229
}
33-
}
3430

35-
funcTestRSACreateKey(t*testing.T) {
3631
tpm,err:=simulator.OpenSimulator()
3732
iferr!=nil {
3833
t.Fatal(err)
3934
}
4035
defertpm.Close()
41-
k,err:=CreateKey(tpm,tpm2.TPMAlgRSA, []byte(""))
42-
iferr!=nil {
43-
t.Fatalf("failed key import: %v",err)
44-
}
4536

46-
// Test if we can load the key
47-
// signer/signer_test.go tests the signing of the key
48-
_,err=LoadKey(tpm,k)
49-
iferr!=nil {
50-
t.Fatalf("failed loading key: %v",err)
37+
for_,c:=rangecases {
38+
t.Run(c.text,func(t*testing.T) {
39+
k,err:=CreateKey(tpm,c.alg, []byte(""), []byte(""))
40+
iferr!=nil {
41+
t.Fatalf("failed key import: %v",err)
42+
}
43+
44+
// Test if we can load the key
45+
// signer/signer_test.go tests the signing of the key
46+
if_,err=LoadKey(tpm,k);err!=nil {
47+
t.Fatalf("failed loading key: %v",err)
48+
}
49+
})
5150
}
5251
}
5352

@@ -63,9 +62,11 @@ func mustPrivate(data []byte) tpm2.TPM2BPrivate {
6362

6463
funcTestMarshalling(t*testing.T) {
6564
cases:= []struct {
66-
k*Key
65+
textstring
66+
k*Key
6767
}{
6868
{
69+
text:"ecdsa/haspin",
6970
k:&Key{
7071
Version:1,
7172
PIN:HasPIN,
@@ -75,6 +76,7 @@ func TestMarshalling(t *testing.T) {
7576
},
7677
},
7778
{
79+
text:"ecdsa/nopin",
7880
k:&Key{
7981
Version:1,
8082
PIN:NoPIN,
@@ -84,6 +86,18 @@ func TestMarshalling(t *testing.T) {
8486
},
8587
},
8688
{
89+
text:"ecdsa/comment",
90+
k:&Key{
91+
Version:1,
92+
PIN:HasPIN,
93+
Type:tpm2.TPMAlgECDSA,
94+
Public:mustPublic([]byte("public")),
95+
Private:mustPrivate([]byte("private")),
96+
Comment: []byte("This is a comment"),
97+
},
98+
},
99+
{
100+
text:"rsa/haspin",
87101
k:&Key{
88102
Version:1,
89103
PIN:HasPIN,
@@ -93,6 +107,7 @@ func TestMarshalling(t *testing.T) {
93107
},
94108
},
95109
{
110+
text:"rsa/nopin",
96111
k:&Key{
97112
Version:1,
98113
PIN:NoPIN,
@@ -101,18 +116,31 @@ func TestMarshalling(t *testing.T) {
101116
Private:mustPrivate([]byte("private")),
102117
},
103118
},
119+
{
120+
text:"rsa/comment",
121+
k:&Key{
122+
Version:1,
123+
PIN:HasPIN,
124+
Type:tpm2.TPMAlgRSA,
125+
Public:mustPublic([]byte("public")),
126+
Private:mustPrivate([]byte("private")),
127+
Comment: []byte("This is a comment"),
128+
},
129+
},
104130
}
105131

106132
for_,c:=rangecases {
107-
b:=EncodeKey(c.k)
108-
k,err:=DecodeKey(b)
109-
iferr!=nil {
110-
t.Fatalf("test failed: %v",err)
111-
}
112-
113-
if!reflect.DeepEqual(k,c.k) {
114-
t.Fatalf("keys are not the same")
115-
}
133+
t.Run(c.text,func(t*testing.T) {
134+
b:=EncodeKey(c.k)
135+
k,err:=DecodeKey(b)
136+
iferr!=nil {
137+
t.Fatalf("test failed: %v",err)
138+
}
139+
140+
if!reflect.DeepEqual(k,c.k) {
141+
t.Fatalf("keys are not the same")
142+
}
143+
})
116144
}
117145
}
118146

@@ -127,7 +155,7 @@ func TestECDSAImportKey(t *testing.T) {
127155
t.Fatal(err)
128156
}
129157
defertpm.Close()
130-
k,err:=ImportKey(tpm,*pk, []byte(""))
158+
k,err:=ImportKey(tpm,*pk, []byte(""), []byte(""))
131159
iferr!=nil {
132160
t.Fatalf("failed key import: %v",err)
133161
}
@@ -151,7 +179,7 @@ func TestRSAImportKey(t *testing.T) {
151179
t.Fatal(err)
152180
}
153181
defertpm.Close()
154-
k,err:=ImportKey(tpm,*pk, []byte(""))
182+
k,err:=ImportKey(tpm,*pk, []byte(""), []byte(""))
155183
iferr!=nil {
156184
t.Fatalf("failed key import: %v",err)
157185
}

‎signer/signer_test.go‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,7 @@ func TestSigning(t *testing.T) {
9292

9393
b:=sha256.Sum256([]byte("heyho"))
9494

95-
k,err:=key.CreateKey(tpm,c.keytype,c.pin)
95+
k,err:=key.CreateKey(tpm,c.keytype,c.pin, []byte(""))
9696
iferr!=nil {
9797
t.Fatalf("%v",err)
9898
}
@@ -236,7 +236,7 @@ func TestSigningWithImportedKey(t *testing.T) {
236236
pk=*p
237237
}
238238

239-
k,err:=key.ImportKey(tpm,pk,c.pin)
239+
k,err:=key.ImportKey(tpm,pk,c.pin, []byte(""))
240240
iferr!=nil {
241241
t.Fatalf("failed key import: %v",err)
242242
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp