Add method to use ed25519 ssh key

cmd/create.go

@@ -2,14 +2,17 @@ package cmd
 
 import (
 	"bytes"
+	"crypto/ed25519"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
 	"os"
 	"runtime"
+	"strings"
 	"sync"
 
+	"github.com/mikesmitty/edkey"
 	"github.com/pkg/errors"
 	"github.com/rancherlabs/corral/pkg/config"
 	"github.com/rancherlabs/corral/pkg/corral"
@@ -35,6 +38,7 @@ corral create k3s ghcr.io/rancher/k3s
 corral create k3s-ha -v controlplane_count=3 ghcr.io/rancher/k3s
 corral create k3s-custom /home/rancher/issue-1234
 `
+const ED25519_KEY_TYPE = "ed25519"
 
 func NewCommandCreate() *cobra.Command {
 	cmd := &cobra.Command{
@@ -138,10 +142,21 @@ func create(cmd *cobra.Command, args []string) error {
 
 	if corr.Vars["corral_private_key"] == nil && corr.Vars["corral_public_key"] == nil {
 		logrus.Info("generating ssh keys")
-		privkey, _ := generatePrivateKey(2048)
-		pubkey, _ := generatePublicKey(&privkey.PublicKey)
-		corr.PrivateKey = string(encodePrivateKeyToPEM(privkey))
-		corr.PublicKey = string(pubkey)
+		if corr.Vars["corral_ssh_key_type"] == ED25519_KEY_TYPE {
+			_, privkey, _ := ed25519.GenerateKey(nil)
+			pubkey, err := ssh.NewPublicKey(privkey.Public())
+			if err != nil {
+				logrus.Fatal("failed to generate public ed25519 key: ", err)
+			}
+			corr.PrivateKey = string(encodePrivateKeyToPEM(privkey, "OPENSSH"))
+			corr.PublicKey = string(ssh.MarshalAuthorizedKey(pubkey))
+		} else {
+			corr.Vars["corral_ssh_key_type"] = "rsa"
+			privkey, _ := generateRSAPrivateKey(2048)
+			pubkey, _ := generateRSAPublicKey(&privkey.PublicKey)
+			corr.PrivateKey = string(encodePrivateKeyToPEM(privkey, "RSA"))
+			corr.PublicKey = string(pubkey)
+		}
 		corr.Vars["corral_public_key"] = corr.PublicKey
 		corr.Vars["corral_private_key"] = corr.PrivateKey
 	} else {
@@ -360,7 +375,7 @@ func executeShellCommandSync(command string, shells []*shell.Shell, vs vars.VarS
 	return nil
 }
 
-func generatePrivateKey(bits int) (*rsa.PrivateKey, error) {
+func generateRSAPrivateKey(bits int) (*rsa.PrivateKey, error) {
 	privateKey, err := rsa.GenerateKey(rand.Reader, bits)
 	if err != nil {
 		return nil, err
@@ -374,7 +389,7 @@ func generatePrivateKey(bits int) (*rsa.PrivateKey, error) {
 	return privateKey, nil
 }
 
-func generatePublicKey(key *rsa.PublicKey) ([]byte, error) {
+func generateRSAPublicKey(key *rsa.PublicKey) ([]byte, error) {
 	publicRsaKey, err := ssh.NewPublicKey(key)
 	if err != nil {
 		return nil, err
@@ -385,11 +400,32 @@ func generatePublicKey(key *rsa.PublicKey) ([]byte, error) {
 	return pubKeyBytes, nil
 }
 
-func encodePrivateKeyToPEM(key *rsa.PrivateKey) []byte {
-	privDER := x509.MarshalPKCS1PrivateKey(key)
+func encodePrivateKeyToPEM(key any, blockType string) []byte {
+	blockTypeDefault := "PRIVATE KEY"
+
+	if len(blockType) > 0 {
+		blockTypeDefault = " " + blockTypeDefault
+	}
+	blockType = blockType + blockTypeDefault
+
+	var privDER []byte
+	var err error
+	if strings.Contains(blockType, "OPENSSH") {
+		logrus.Info("encoding openssh key")
+		privDER = edkey.MarshalED25519PrivateKey(key.(ed25519.PrivateKey))
+	} else if strings.Contains(blockType, "RSA") {
+		privDER = x509.MarshalPKCS1PrivateKey(key.(*rsa.PrivateKey))
+	} else {
+		logrus.Info("encoding PKCS8 key")
+		privDER, err = x509.MarshalPKCS8PrivateKey(key)
+	}
+
+	if err != nil {
+		logrus.Fatal("failed to marshal PKCS8 private key: ", err)
+	}
 
 	privBlock := pem.Block{
-		Type:    "RSA PRIVATE KEY",
+		Type:    blockType,
 		Headers: nil,
 		Bytes:   privDER,
 	}

go.mod

@@ -5,7 +5,7 @@ go 1.20
 require (
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/containerd/containerd v1.6.2
-	github.com/hashicorp/go-version v1.4.0
+	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/hc-install v0.3.2
 	github.com/hashicorp/terraform-exec v0.16.1
 	github.com/jedib0t/go-pretty/v6 v6.3.0
@@ -58,6 +58,9 @@ require (
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a // indirect
+	github.com/mitchellh/gox v1.0.1 // indirect
+	github.com/mitchellh/iochan v1.0.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect

go.sum

@@ -251,9 +251,12 @@ github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/S
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.0.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.4.0 h1:aAQzgqIrRKRa7w75CKpbBxYsmUoPjzVm1W59ca1L0J4=
 github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
+github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/hc-install v0.3.2 h1:oiQdJZvXmkNcRcEOOfM5n+VTsvNjWQeOjfAoO6dKSH8=
@@ -317,9 +320,15 @@ github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a h1:eU8j/ClY2Ty3qdHnn0TyW3ivFoPC/0F1gQZz8yTxbbE=
+github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a/go.mod h1:v8eSC2SMp9/7FTKUncp7fH9IwPfw+ysMObcEz5FWheQ=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/gox v1.0.1 h1:x0jD3dcHk9a9xPSDN6YEL4xL6Qz0dvNYm8yZqui5chI=
+github.com/mitchellh/gox v1.0.1/go.mod h1:ED6BioOGXMswlXa2zxfh/xdd5QhwYliBFn9V18Ap4z4=
+github.com/mitchellh/iochan v1.0.0 h1:C+X3KsSTLFVBr/tK1eYN/vs4rJcvsiLU338UhYPJWeY=
+github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=

pkg/corral/corral.go

@@ -25,10 +25,11 @@ type Corral struct {
 	RootPath string `yaml:"rootPath"`
 	Source   string `yaml:"source"`
 
-	Name       string `yaml:"name"`
-	Status     Status `yaml:"status" json:"status,omitempty"`
-	PublicKey  string `yaml:"public_key"`
-	PrivateKey string `yaml:"private_key"`
+	Name         string `yaml:"name"`
+	Status       Status `yaml:"status" json:"status,omitempty"`
+	PublicKey    string `yaml:"public_key"`
+	PrivateKey   string `yaml:"private_key"`
+	GoPrivateKey string `yaml:"go_private_key"`
 
 	NodePools map[string][]Node `yaml:"node_pools" json:"node_pools,omitempty"`
 	Vars      vars.VarSet       `yaml:"vars" json:"vars,omitempty"`