Merge pull request #1202 from Scalingo/feat/1182/ed25519_support

feat(sshkeys): add support for ed25519 keys

Author: EtienneM

CHANGELOG.md

@@ -7,6 +7,7 @@
 * refactor: autofix by `go fix` and golangci-lint
 * fix(error): correctly parse in case of `RequestFailedError`
 * feat(run): add a `bash` alias for us out there often forgetting the `run` in front
+* feat(sshkeys): add support for ed25519 keys
 
 ## 1.43.3
 

crypto/sshkeys/private_key.go

@@ -38,15 +38,11 @@ func (p *PrivateKey) signer(ctx context.Context) (ssh.Signer, error) {
 		return nil, errors.Wrapf(ctx, err, "parse encrypted private key")
 	}
 
-	signer, ok := parsedPrivateKey.(ssh.Signer)
-	if !ok {
-		// ssh.ParseRawPrivateKeyWithPassphrase returns an empty interface for
-		// retro-compatibility reasons, all private key types in the standard library implement
-		// [...] interfaces such as Signer.
-		// Hence this error should never happen.
-		// https://pkg.go.dev/crypto@go1.20.2#PrivateKey
-		return nil, errors.New(ctx, "not a valid signer")
+	signer, err := ssh.NewSignerFromKey(parsedPrivateKey)
+	if err != nil {
+		return nil, errors.Wrap(ctx, err, "not a valid signer")
 	}
+
 	return signer, nil
 }
 

crypto/sshkeys/private_key_test.go

@@ -1,6 +1,7 @@
 package sshkeys
 
 import (
+	"context"
 	"encoding/pem"
 	"testing"
 
@@ -88,3 +89,73 @@ func TestPrivateKey_IsEncrypted(t *testing.T) {
 		})
 	}
 }
+
+func TestPrivateKey_signer(t *testing.T) {
+	const encryptedFixturePassphrase = "pipomolo"
+	const macOSYosemitePassphrase = "scalingo"
+	const longPassphrase = "TrushorbifbixMytyubDaphnacFoldacdeirnAykEtHyacobuc"
+
+	tests := map[string]struct {
+		block      *pem.Block
+		passphrase string
+		signerType string
+	}{
+		"Encrypted AES RSA Key": {
+			block:      pemDecode(aesRSA),
+			passphrase: encryptedFixturePassphrase,
+			signerType: "ssh-rsa",
+		},
+		"Encrypted AES RSA Key (Mac OS Maverick)": {
+			block:      pemDecode(aesRSAMacOSMaverick),
+			passphrase: encryptedFixturePassphrase,
+			signerType: "ssh-rsa",
+		},
+		"Encrypted AES RSA Key (Mac OS Yosemite)": {
+			block:      pemDecode(aesRSAMacOSYosemite),
+			passphrase: macOSYosemitePassphrase,
+			signerType: "ssh-rsa",
+		},
+		"Encrypted DES3 RSA Key": {
+			block:      pemDecode(des3RSA),
+			passphrase: encryptedFixturePassphrase,
+			signerType: "ssh-rsa",
+		},
+		"Encrypted DES3 RSA Key with Long Passphrase": {
+			block:      pemDecode(des3RSALongPassphrase),
+			passphrase: longPassphrase,
+			signerType: "ssh-rsa",
+		},
+		"Encrypted OpenSSH RSA Key": {
+			block:      pemDecode(openSSHRSA),
+			passphrase: encryptedFixturePassphrase,
+			signerType: "ssh-rsa",
+		},
+		"Encrypted OpenSSH ecdsa Key": {
+			block:      pemDecode(openSSHecdsa),
+			passphrase: encryptedFixturePassphrase,
+			signerType: "ecdsa-sha2-nistp256",
+		},
+		"Encrypted OpenSSH ed25519 Key": {
+			block:      pemDecode(openSSHed25519),
+			passphrase: encryptedFixturePassphrase,
+			signerType: "ssh-ed25519",
+		},
+	}
+
+	for name, test := range tests {
+		t.Run(name, func(t *testing.T) {
+			privateKey := &PrivateKey{
+				Path:  "n/a",
+				Block: test.block,
+				PasswordMethod: func(ctx context.Context, prompt string) (string, error) {
+					return test.passphrase, nil
+				},
+			}
+
+			signer, err := privateKey.signer(t.Context())
+			require.NoError(t, err)
+			require.NotNil(t, signer)
+			require.Equal(t, test.signerType, signer.PublicKey().Type())
+		})
+	}
+}