Re: [PATCH] ssh signing: support non ssh-* keytypes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 17.11.2021 22:39, Junio C Hamano wrote:
Junio C Hamano <gitster@xxxxxxxxx> writes:

Fabian Stelzer <fs@xxxxxxxxxxxx> writes:

+/* Determines wether key contains a literal ssh key or a path to a file */
+static int is_literal_ssh_key(const char *key) {
+	return (
+		starts_with(key, "ssh-") ||
+		starts_with(key, "ecdsa-") ||
+		starts_with(key, "sk-ssh-") ||
+		starts_with(key, "sk-ecdsa-")
+	);
+}

A more forward looking thing you could do is to

 (1) grandfather the convention "any string that begins with 'ssh-'
     is taken as a ssh literal key".

 (2) refrain from spreading such an unstructured mess by picking a
     reserved prefix, say "ssh-key::" and have all other kinds of
     ssh keys use the convention.

making the above function look more like

    static int is_literal_ssh_key(const char *string, const char **key)
    {
	if (skip_prefix(string, "ssh-key::", key)
	    return 1;
	if (starts_with(string, "ssh-")) {
	    key = string;
	    return 1;
	}
	return 0;
    }

Given that this ONLY gets called from ssh codepath, I think the
special prefix can just be "key::", and when a new crypto suite
is introduced to sit next to GPG and SSH, presumably the code
structure to support it will be similar to that of ssh's, and it
can also use "key::" prefix for their literal keys.  That design
may be cleaner.

Thanks.

Thanks both for your review. I will use the key:: suggestion and also
add tests for this. For now i guess we will have to keep the ssh- since
it's already out there :/ Will reroll soon.

Fabian



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux