Add Support for NIST256 ssh-certificates #373
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
romanz
requested changes
Dec 13, 2021
libagent/formats.py
Outdated
| if key_type == SSH_NIST256_KEY_TYPE or key_type == SSH_NIST256_CERT_TYPE: | ||
| if key_type == SSH_NIST256_CERT_TYPE: | ||
| # nonce | ||
| _ = util.read_frame(s) |
There was a problem hiding this comment.
Please remove the comment and use a dummy variable (here and below):
Suggested change
| _ = util.read_frame(s) | |
| _nonce = util.read_frame(s) |
| curve_name = util.read_frame(s) | ||
| log.debug('curve name: %s', curve_name) | ||
| point = util.read_frame(s) | ||
|
|
||
| if key_type == SSH_NIST256_CERT_TYPE: |
There was a problem hiding this comment.
Please add a unit test for the new code.
There was a problem hiding this comment.
Do you mean assertions?
If yes, what could I assert as most of the new code is to ignore data which is not needed and the remaining changes only adds ecdsa-sha2-nistp256-cert-v01@openssh.com to SUPPORTED_KEY_TYPES.
There was a problem hiding this comment.
Do you mean
assertions?
Similar to how it's done here:
romanz
reviewed
Dec 17, 2021
Adopt suggested naming scheme Adding new unit tests
Senjuu
force-pushed
the
ssh-certificates
branch
from
d06fe29 to
d12f95d
Compare
|
The rebase and squash are done as requested. |
romanz
approved these changes
Dec 21, 2021
|
Thanks for the contribution! |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This should enable the usage of SSH-certificates using the NIST256 curve. By Testing this I found out that the payload to be signed is too big for the Trezor One but it is usable using a Trezor Model T.
This should also closes #372