Migrate ssh key generation to use ecdsa if the ssh-keygen binary is not available

This repo used to use rsa keys on windows and ed25519 keys on not-windows. This behavior was
controlled by compile time flags. This was non-optimal for two reasons. One, it used rsa keys
which are not preferred. Two, it meant that windows users who had the ssh-keygen binary
installed were not getting the benefits of using ed25519 keys even though their system does
support generating them. Now it is determined at run time whether to use ssh-keygen to generate
an ed25519 key or to generate an ecdsa key in pure go (without a dependency on ssh-keygen).

Author: ddworken

src/keybaseca/sshutils/generate.go

@@ -0,0 +1,83 @@
+package sshutils
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"strings"
+
+	"golang.org/x/crypto/ssh"
+
+	"github.com/keybase/bot-sshca/src/shared"
+)
+
+// Generate a new SSH key and store the private key at filename and the public key at filename.pub
+// If the ssh-keygen binary exists, generates an ed25519 ssh key using ssh-keygen. Otherwise,
+// generates an ecdsa key using go's crypto library. Note that we use ecdsa rather than ed25519
+// in this case since go's crypto library does not support marshalling ed25519 keys into the format
+// expected by openssh. github.com/ScaleFT/sshkeys claims to support this but does not reliably
+// work with all versions of ssh.
+func generateNewSSHKey(filename string) error {
+	if sshKeygenBinaryExists() {
+		return generateNewSSHKeyEd25519(filename)
+	}
+
+	return generateNewSSHKeyEcdsa(filename)
+}
+
+// Returns true iff the ssh-keygen binary exists and is in the user's path
+func sshKeygenBinaryExists() bool {
+	_, err := exec.LookPath("ssh-keygen")
+	return err == nil
+}
+
+// Generate an ed25519 ssh key via ssh-keygen. Stores the private key at filename and the public key at filename.pub
+func generateNewSSHKeyEd25519(filename string) error {
+	cmd := exec.Command("ssh-keygen", "-t", "ed25519", "-f", filename, "-m", "PEM", "-N", "")
+	bytes, err := cmd.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("ssh-keygen failed: %s (%v)", strings.TrimSpace(string(bytes)), err)
+	}
+	return nil
+}
+
+// Generate an ecdsa ssh key in pure go code. Stores the private key at filename and the public key at filename.pub
+// Note that if you are editing this code, be careful to ensure you test it manually since the integration tests
+// run in an environment with ssh-keygen and thus do not call this function. This function is manually used on windows.
+func generateNewSSHKeyEcdsa(filename string) error {
+	// ssh-keygen -t ecdsa uses P256 by default
+	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return err
+	}
+
+	// 0600 are the correct permissions for an ssh private key
+	privateKeyFile, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		return err
+	}
+	defer privateKeyFile.Close()
+
+	bytes, err := x509.MarshalECPrivateKey(privateKey)
+	if err != nil {
+		return err
+	}
+
+	privateKeyPEM := &pem.Block{Type: "EC PRIVATE KEY", Bytes: bytes}
+	err = pem.Encode(privateKeyFile, privateKeyPEM)
+	if err != nil {
+		return err
+	}
+
+	pub, err := ssh.NewPublicKey(&privateKey.PublicKey)
+	if err != nil {
+		return err
+	}
+	return ioutil.WriteFile(shared.KeyPathToPubKey(filename), ssh.MarshalAuthorizedKey(pub), 0600)
+}

src/keybaseca/sshutils/generate_test.go

@@ -31,5 +31,5 @@ func TestGenerateNewSSHKey(t *testing.T) {
 	bytes, err = ioutil.ReadFile(shared.KeyPathToPubKey(filename))
 	require.NoError(t, err)
 	require.False(t, strings.Contains(string(bytes), "PRIVATE"))
-	require.True(t, strings.HasPrefix(string(bytes), "ssh-"))
+	require.True(t, strings.HasPrefix(string(bytes), "ssh-ed25519") || strings.HasPrefix(string(bytes), "ecdsa-sha2-nistp256"))
 }

src/keybaseca/sshutils/generate_unix.go

@@ -137,7 +137,7 @@ def outputs_audit_log(tc: TestConfig, filename: str, expected_number: int):
     cnt = 0
     for line in new_lines:
         line = line.decode('utf-8')
-        if line and f"Processing SignatureRequest from user={tc.username}" in line and f"principals:{tc.subteam}.ssh.staging,{tc.subteam}.ssh.root_everywhere, expiration:+1h, pubkey:ssh-ed25519" in line:
+        if line and f"Processing SignatureRequest from user={tc.username}" in line and f"principals:{tc.subteam}.ssh.staging,{tc.subteam}.ssh.root_everywhere, expiration:+1h, pubkey:" in line:
             cnt += 1
 
     if cnt != expected_number:

src/keybaseca/sshutils/generate_windows.go

@@ -121,7 +121,7 @@ def test_keybaseca_backup(self):
                 if "----" in line and "PRIVATE" in line and "BEGIN" in line:
                     add = True
                 if add:
-                    keyLines.append(line)
+                    keyLines.append(line.strip())
                 if "----" in line and "PRIVATE" in line and "END" in line:
                     add = False
         key = '\n'.join(keyLines)