Merge ~cjwatson/twisted:conch-rsa-sha2-ed25519 into ~launchpad/twisted:lp-backport

Proposed by Colin Watson
Status: Merged
Merged at revision: 776cdd3f12b938b374c09889eb471dabe683c0be
Proposed branch: ~cjwatson/twisted:conch-rsa-sha2-ed25519
Merge into: ~launchpad/twisted:lp-backport
Diff against target: 3023 lines (+1672/-178)
23 files modified
docs/conch/examples/sshsimpleserver.py (+16/-9)
docs/installation/howto/optional.rst (+3/-0)
src/twisted/_version.py (+11/-5)
src/twisted/conch/newsfragments/10208.feature (+1/-0)
src/twisted/conch/newsfragments/10266.feature (+1/-0)
src/twisted/conch/newsfragments/8966.feature (+1/-0)
src/twisted/conch/newsfragments/9765.feature (+1/-0)
src/twisted/conch/scripts/ckeygen.py (+42/-4)
src/twisted/conch/ssh/_kex.py (+2/-1)
src/twisted/conch/ssh/_keys_pynacl.py (+196/-0)
src/twisted/conch/ssh/factory.py (+7/-1)
src/twisted/conch/ssh/keys.py (+218/-44)
src/twisted/conch/ssh/transport.py (+184/-35)
src/twisted/conch/ssh/userauth.py (+2/-2)
src/twisted/conch/test/keydata.py (+21/-0)
src/twisted/conch/test/test_ckeygen.py (+58/-7)
src/twisted/conch/test/test_keys.py (+506/-32)
src/twisted/conch/test/test_recvline.py (+1/-1)
src/twisted/conch/test/test_ssh.py (+36/-3)
src/twisted/conch/test/test_transport.py (+350/-28)
src/twisted/python/_setup.py (+6/-1)
src/twisted/python/test/test_setup.py (+4/-4)
tox.ini (+5/-1)
Reviewer Review Type Date Requested Status
Ioana Lasc (community) Approve
Review via email: mp+415186@code.staging.launchpad.net

Commit message

Add support for Ed25519 keys and RSA SHA-2 signatures

Description of the change

This consists of cherry-picks of four upstream PRs (all of which have landed on trunk), one extra piece of fallback code needed to get Curve25519 key exchange working on Ubuntu 16.04, and a few minor packaging tweaks. I've bundled it together, but it may be easiest to review the commits separately.

In combination with changes to lazr.sshserver and Launchpad, I've verified that this allows SSH authentication to Launchpad endpoints using both RSA SHA-2 signatures (OpenSSH 8.8 dropped support for RSA SHA-1 signatures) and Ed25519 keys.

I considered upgrading to Twisted 21.2.0 before starting on these backports, to minimize the patch stack and pick up other improvements. Unfortunately, the minimum Python version required by 21.2.0 is 3.5.4, and getting it to work on 3.5.2 in Ubuntu 16.04 is a messy process involving reverting a bunch of `typing`-related changes, so I think it will be better to wait until all of Launchpad is on Ubuntu 18.04 or newer before rebasing on 21.2.0. (At that point we can also drop the X25519 PyNaCl fallback patch.)

To post a comment you must log in.
Revision history for this message
Ioana Lasc (ilasc) wrote :

look good

review: Approve

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches