proposal: x/crypto/ssh: add SSHSIG support

[caarlos0]

Proposal Details

I'd like to propose we support encoding and decoding SSHSIG signature format.

I already have a working implementation (armoring a *ssh.Signature and then parsing it back into the signed data), but I'm not sure what the api should look like.

We have a couple of steps to create a signature:

• create a blob
• sign the blob (this signing step is already implemented here)
• create the signed data
• encode it into a PEM format

To verify a signature, we need to:

• create a blob
• decode the previously created PEM formatted signature
• call publickey.Verify(blob, decodedBlod)

Given all this, I'd suggest the following functions:

func CreateBlob(r io.Reader) ([]byte, error) // or (io.Reader, error)
func Encode(pk ssh.PublicKey, sig *ssh.Signature) ([]byte, error) // or (io.Reader, error)
func Decode(r io.Reader) (*ssh.Signature, ssh.PublicKey, error)

We would also need these two structs:

// Blob according to the SSHSIG protocol.
type Blob struct {
    Namespace     string
    Reserved      string
    HashAlgorithm string
    Hash          string
}

// SignedData according to the SSHSIG protocol.
type SignedData struct {
    MagicPreamble [6]byte
    Version       uint32
    PublicKey     string
    Namespace     string
    Reserved      string
    HashAlgorithm string
    Signature     string
}

and some constants:

const (
    magicPreamble = "SSHSIG"
    version       = 1
    namespace     = "file"
    hashAlgorithm = "sha512"
    armorType     = "SSH SIGNATURE"
)

There's also the discussion of which hash algorithms to support... only rsa-sha2-512 or rsa-sha2-256, which I think it's easy enough to support both.

Finally, the namespace, not sure if we allow to customize that or not.

---

Anyway, I would love to work on this, just need some direction on how the API should look like.

[ianlancetaylor]

CC @golang/security @drakkan