tls_private_key resource: adding support for ED25519 key algorithm
#151
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kmoe
approved these changes
Feb 21, 2022
detro
force-pushed
the
detro/ed25516-tls_private_key
branch
from
0cb8f85
to
415c170
Compare
bflad
reviewed
Feb 22, 2022
cipherboy
reviewed
Feb 22, 2022
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
This is a temporary solution. The content is cherry-picked from Cherry-picking from https://go-review.googlesource.com/c/crypto/+/218620. Once that is upstreamed, we can remove this and use methods from the official `x/crypto/ssh` module.
…temporary) `openssh` package
The purpose of this is to reduce the reliance on generic `string` and lean a bit more on the compiler.
…matted keys Notice the "gotchas" around ECDSA elliptic P-224 curves
…data source This is necessary as the function `readPublicKey()` is shared between resources and data sources.
…s_public_key` data source. They are both getting updated as they share the `utils.go#readPublicKey()` function.
Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
detro
force-pushed
the
detro/ed25516-tls_private_key
branch
from
415c170
to
c9e8373
Compare
detro
changed the title
tsl_private_key resourcetsl_private_key resource: adding support for ED25519 key algorithm
1 task
added 4 commits
February 23, 2022 17:50
…this is a temporary solution We want to get rid of it as soon as #154 becomes actionable
detro
changed the title
tsl_private_key resource: adding support for ED25519 key algorithmtls_private_key resource: adding support for ED25519 key algorithm
bookshelfdave
approved these changes
Feb 23, 2022
cipherboy
approved these changes
Feb 23, 2022
5 tasks
1 task
13 tasks
jackivanov
pushed a commit
to jackivanov/terraform-provider-tls
that referenced
this pull request
Aug 4, 2022
…ashicorp#151) * r/private_key: Add support for ed25519 algorithm This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs hashicorp#26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com> * r/private_key: Add private_key_openssh attribute This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs hashicorp#26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com> * Utility package to marshal `crypto.PrivateKey` to OpenSSH PEM format This is a temporary solution. The content is cherry-picked from Cherry-picking from https://go-review.googlesource.com/c/crypto/+/218620. Once that is upstreamed, we can remove this and use methods from the official `x/crypto/ssh` module. * Removing `marshalED25519PrivateKey` from `util.go` in favour of the (temporary) `openssh` package * Adding type `Algorithm` to use in maps and signatures The purpose of this is to reduce the reliance on generic `string` and lean a bit more on the compiler. * Switching to use the `openssh` package for generating OpenSSH PEM formatted keys Notice the "gotchas" around ECDSA elliptic P-224 curves * Adding `public_key_fingerprint_sha256` attribute to `tls_private_key` resource * Update `tls_private_key` resource testing to reflect all the recent changes * Adding attribute `public_key_fingerprint_sha256` to `tls_public_key` data source This is necessary as the function `readPublicKey()` is shared between resources and data sources. * Updating website documentation for `tls_private_key` resource and `tls_public_key` data source. They are both getting updated as they share the `utils.go#readPublicKey()` function. * Update internal/openssh/lib_test.go (typo) Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Update website/docs/r/private_key.html.md Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Update internal/openssh/lib_test.go Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Fixing indentation * Removing dependency on `testify` as requested by Katy Moe * Rewarding description for 2 fields * Moving "types" into "types.go" and out of "util.go" * Adding input argument validations to `tls_private_key` * Updating markdown documentation to address PR feedback * Avoided creating exported constants in `internal/openssh` library as this is a temporary solution We want to get rid of it as soon as hashicorp#154 becomes actionable * Fix typo: marshall -> marshal * Adding a 'copyright header' on the 'internal/openssh/lib.go' file Co-authored-by: Mateusz Gozdek <mgozdekof@gmail.com> Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
11 tasks
12 tasks
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context: #150
This PR starts from the work of #59 (thank you!) and moves towards the use of upcoming features of
x/crypto/ssh(link).A configuration like this will now be possible:
Subtasks in this PR:
private_key_opensshfor all key algorithm that we can generate OpenSSH PEM format for (i.e. this excludes ECDSA P-224, because of SSH limitations)public_key_fingerprint_sha256for all key algorithms that we can generate OpenSSH PEM format for (same as above)tls_private_keydocumentationPLEASE NOTE: This PR does NOT cover everything we want to address in #150 but focuses around
tls_private_key. This means that we will not be cutting a release until all the items in #150 are addressed.