Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: x/crypto/ssh: add ParseAllowedSigners #59210

Open
hiddeco opened this issue Mar 24, 2023 · 1 comment
Open

proposal: x/crypto/ssh: add ParseAllowedSigners #59210

hiddeco opened this issue Mar 24, 2023 · 1 comment
Labels
Milestone

Comments

@hiddeco
Copy link

hiddeco commented Mar 24, 2023

While x/crypto/ssh has at present ParseKnownHosts and ParseAuthorizedKey functions, it lacks support for parsing the allowed_signers format as documented in the ssh-keygen(1) manual page.

Proposal is to add a ParseAllowedSigners function, with a likewise signature as ParseKnownHosts:

// ParseAllowedSigners parses an entry in the format of the allowed_signers file.
//
// The allowed_signers format is documented in the ssh-keygen(1) manual page.
// This function will parse a single entry from in. On successful return,
// principals will contain the list of principals that this entry matches,
// options will contain the list of options that this entry matches (i.e.
// "cert-authority", "namespaces=file,git"), and pubKey will contain the
// public key. See the ssh-keygen(1) manual page for the various forms that a
// principal string can take, and further details on the options.
//
// The unparsed remainder of the input will be returned in rest. This function
// can be called repeatedly to parse multiple entries.
//
// If no entries were found in the input then err will be io.EOF. Otherwise, a
// non-nil err value indicates a parse error.
func ParseAllowedSigners(in []byte) (principals []string, options []string, pubKey ssh.PublicKey, rest []byte, err error)

Adding this would compliment the existing API, and would help facilitate working with the SSH signing features the library has to offer. While leaving the implementation of the actual SSH Signature format as an exercise for another time.

@gopherbot gopherbot added this to the Proposal milestone Mar 24, 2023
@ianlancetaylor
Copy link
Contributor

CC @golang/security

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: Incoming
Development

No branches or pull requests

3 participants