[crypto] #29286: proposal for interface which exposes either callback or db.
Gerrit Bot (Gerrit)
Gerrit Bot has uploaded this change for review.
#29286: proposal for interface which exposes either callback or db.
https://github.com/golang/go/issues/29286
Change-Id: I36458d88170147d2394832b6a9daa95b324015ec
GitHub-Last-Rev: 19b2e7ecb2c88ce500efd673f2c313c957740144
GitHub-Pull-Request: golang/crypto#68
---
M ssh/knownhosts/knownhosts.go
1 file changed, 58 insertions(+), 0 deletions(-)
diff --git a/ssh/knownhosts/knownhosts.go b/ssh/knownhosts/knownhosts.go
index bc3db73..c4851b5 100644
--- a/ssh/knownhosts/knownhosts.go
+++ b/ssh/knownhosts/knownhosts.go
@@ -124,6 +124,13 @@
return l.matcher.match(a)
}
+type KnownHostDB interface {
+ // HostKeyCallback is knownhosts.New without the DB initialization.
+ HostKeyCallback() ssh.HostKeyCallback
+ // HostKeyAlgorithms takes an address and returns a list of matching key types.
+ HostKeyAlgorithms(address string) ([]string, error)
+}
+
type hostKeyDB struct {
// Serialized version of revoked keys
revoked map[string]*KnownKey
@@ -350,6 +357,30 @@
return db.checkAddr(hostToCheck, remoteKey)
}
+// HostKeyAlgorithms returns a list of host key algorithms associated
+// with the given address to ensure we try to match keys we have
+func (db *hostKeyDB) HostKeyAlgorithms(address string) ([]string, error) {
+ // This can be refactored but illustrating that the code is
+ // from check().
+ // Give preference to the hostname if available.
+ knownTypes := []string{}
+
+ host, port, err := net.SplitHostPort(address)
+ if err != nil {
+ return knownTypes, fmt.Errorf("knownhosts: SplitHostPort(%s): %v", address, err)
+ }
+
+ a := addr{host, port}
+
+ // a used here to illustrate similarity to checkAddr
+ for _, l := range db.lines {
+ if l.match(a) {
+ knownTypes = append(knownTypes, l.knownKey.Key.Type())
+ }
+ }
+ return knownTypes, nil
+}
+
// checkAddrs checks if we can find the given public key for any of
// the given addresses. If we only find an entry for the IP address,
// or only the hostname, then this still succeeds.
@@ -408,6 +439,23 @@
return scanner.Err()
}
+// NewDB creates a new Host Key database from the files given and returns it.
+// New could be composed from this and db.HostKeyCallback()
+func NewDB(files ...string) (KnownHostDB, error) {
+ db := newHostKeyDB()
+ for _, fn := range files {
+ f, err := os.Open(fn)
+ if err != nil {
+ return nil, err
+ }
+ defer f.Close()
+ if err := db.Read(f, fn); err != nil {
+ return nil, err
+ }
+ }
+ return db, nil
+}
+
// New creates a host key callback from the given OpenSSH host key
// files. The returned callback is for use in
// ssh.ClientConfig.HostKeyCallback. By preference, the key check
@@ -435,6 +483,16 @@
return certChecker.CheckHostKey, nil
}
+// HostKeyCallback is the way to get the ssh.HostKeyCallback if you have used NewDB
+func (db *hostKeyDB) HostKeyCallback() ssh.HostKeyCallback {
+ var certChecker ssh.CertChecker
+ certChecker.IsHostAuthority = db.IsHostAuthority
+ certChecker.IsRevoked = db.IsRevoked
+ certChecker.HostKeyFallback = db.check
+
+ return certChecker.CheckHostKey
+}
+
// Normalize normalizes an address into the form used in known_hosts
func Normalize(address string) string {
host, port, err := net.SplitHostPort(address)
To view, visit change 154458. To unsubscribe, or for help writing mail filters, visit settings.
Gobot Gobot (Gerrit)
Congratulations on opening your first change. Thank you for your contribution!
Next steps:
Within the next week or so, a maintainer will review your change and provide
feedback. See https://golang.org/doc/contribute.html#review for more info and
tips to get your patch through code review.
Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.
During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11, it means that this CL will be reviewed as part of the next development
cycle. See https://golang.org/s/release for more details.
Bryan C. Mills (Gerrit)
2 comments:
Patch Set #1, Line 7:
proposal“Proposal” means something specific within the Go project, and is done via the issue tracker rather than a pull request. See https://golang.org/s/proposal.
#29286: proposal for interface which exposes either callback or db.
https://github.com/golang/go/issues/29286
Please format the commit message according to https://github.com/golang/go/wiki/CommitMessage.
The first line should start with the name of the primary package being changed. The issue reference should be:
Fixes golang/go#29286
or
Updates golang/go#29286
To view, visit change 154458. To unsubscribe, or for help writing mail filters, visit settings.
M Shulhan (Gerrit)
M Shulhan voted Code-Review+1![]( "Open in Gerrit")
| Code-Review | +1 |
Related details
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |