peridot/vendor/golang.org/x/crypto/ssh/agent/server.go

// Copyright 2012 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package agent

import (
	"crypto/dsa"
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rsa"
	"encoding/binary"
	"errors"
	"fmt"
	"io"
	"log"
	"math/big"

	"golang.org/x/crypto/ed25519"
	"golang.org/x/crypto/ssh"
)

// Server wraps an Agent and uses it to implement the agent side of
// the SSH-agent, wire protocol.
type server struct {
	agent Agent
}

func (s *server) processRequestBytes(reqData []byte) []byte {
	rep, err := s.processRequest(reqData)
	if err != nil {
		if err != errLocked {
			// TODO(hanwen): provide better logging interface?
			log.Printf("agent %d: %v", reqData[0], err)
		}
		return []byte{agentFailure}
	}

	if err == nil && rep == nil {
		return []byte{agentSuccess}
	}

	return ssh.Marshal(rep)
}

func marshalKey(k *Key) []byte {
	var record struct {
		Blob    []byte
		Comment string
	}
	record.Blob = k.Marshal()
	record.Comment = k.Comment

	return ssh.Marshal(&record)
}

// See [PROTOCOL.agent], section 2.5.1.
const agentV1IdentitiesAnswer = 2

type agentV1IdentityMsg struct {
	Numkeys uint32 `sshtype:"2"`
}

type agentRemoveIdentityMsg struct {
	KeyBlob []byte `sshtype:"18"`
}

type agentLockMsg struct {
	Passphrase []byte `sshtype:"22"`
}

type agentUnlockMsg struct {
	Passphrase []byte `sshtype:"23"`
}

func (s *server) processRequest(data []byte) (interface{}, error) {
	switch data[0] {
	case agentRequestV1Identities:
		return &agentV1IdentityMsg{0}, nil

	case agentRemoveAllV1Identities:
		return nil, nil

	case agentRemoveIdentity:
		var req agentRemoveIdentityMsg
		if err := ssh.Unmarshal(data, &req); err != nil {
			return nil, err
		}

		var wk wireKey
		if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {
			return nil, err
		}

		return nil, s.agent.Remove(&Key{Format: wk.Format, Blob: req.KeyBlob})

	case agentRemoveAllIdentities:
		return nil, s.agent.RemoveAll()

	case agentLock:
		var req agentLockMsg
		if err := ssh.Unmarshal(data, &req); err != nil {
			return nil, err
		}

		return nil, s.agent.Lock(req.Passphrase)

	case agentUnlock:
		var req agentUnlockMsg
		if err := ssh.Unmarshal(data, &req); err != nil {
			return nil, err
		}
		return nil, s.agent.Unlock(req.Passphrase)

	case agentSignRequest:
		var req signRequestAgentMsg
		if err := ssh.Unmarshal(data, &req); err != nil {
			return nil, err
		}

		var wk wireKey
		if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {
			return nil, err
		}

		k := &Key{
			Format: wk.Format,
			Blob:   req.KeyBlob,
		}

		var sig *ssh.Signature
		var err error
		if extendedAgent, ok := s.agent.(ExtendedAgent); ok {
			sig, err = extendedAgent.SignWithFlags(k, req.Data, SignatureFlags(req.Flags))
		} else {
			sig, err = s.agent.Sign(k, req.Data)
		}

		if err != nil {
			return nil, err
		}
		return &signResponseAgentMsg{SigBlob: ssh.Marshal(sig)}, nil

	case agentRequestIdentities:
		keys, err := s.agent.List()
		if err != nil {
			return nil, err
		}

		rep := identitiesAnswerAgentMsg{
			NumKeys: uint32(len(keys)),
		}
		for _, k := range keys {
			rep.Keys = append(rep.Keys, marshalKey(k)...)
		}
		return rep, nil

	case agentAddIDConstrained, agentAddIdentity:
		return nil, s.insertIdentity(data)

	case agentExtension:
		// Return a stub object where the whole contents of the response gets marshaled.
		var responseStub struct {
			Rest []byte `ssh:"rest"`
		}

		if extendedAgent, ok := s.agent.(ExtendedAgent); !ok {
			// If this agent doesn't implement extensions, [PROTOCOL.agent] section 4.7
			// requires that we return a standard SSH_AGENT_FAILURE message.
			responseStub.Rest = []byte{agentFailure}
		} else {
			var req extensionAgentMsg
			if err := ssh.Unmarshal(data, &req); err != nil {
				return nil, err
			}
			res, err := extendedAgent.Extension(req.ExtensionType, req.Contents)
			if err != nil {
				// If agent extensions are unsupported, return a standard SSH_AGENT_FAILURE
				// message as required by [PROTOCOL.agent] section 4.7.
				if err == ErrExtensionUnsupported {
					responseStub.Rest = []byte{agentFailure}
				} else {
					// As the result of any other error processing an extension request,
					// [PROTOCOL.agent] section 4.7 requires that we return a
					// SSH_AGENT_EXTENSION_FAILURE code.
					responseStub.Rest = []byte{agentExtensionFailure}
				}
			} else {
				if len(res) == 0 {
					return nil, nil
				}
				responseStub.Rest = res
			}
		}

		return responseStub, nil
	}

	return nil, fmt.Errorf("unknown opcode %d", data[0])
}

func parseConstraints(constraints []byte) (lifetimeSecs uint32, confirmBeforeUse bool, extensions []ConstraintExtension, err error) {
	for len(constraints) != 0 {
		switch constraints[0] {
		case agentConstrainLifetime:
			lifetimeSecs = binary.BigEndian.Uint32(constraints[1:5])
			constraints = constraints[5:]
		case agentConstrainConfirm:
			confirmBeforeUse = true
			constraints = constraints[1:]
		case agentConstrainExtension:
			var msg constrainExtensionAgentMsg
			if err = ssh.Unmarshal(constraints, &msg); err != nil {
				return 0, false, nil, err
			}
			extensions = append(extensions, ConstraintExtension{
				ExtensionName:    msg.ExtensionName,
				ExtensionDetails: msg.ExtensionDetails,
			})
			constraints = msg.Rest
		default:
			return 0, false, nil, fmt.Errorf("unknown constraint type: %d", constraints[0])
		}
	}
	return
}

func setConstraints(key *AddedKey, constraintBytes []byte) error {
	lifetimeSecs, confirmBeforeUse, constraintExtensions, err := parseConstraints(constraintBytes)
	if err != nil {
		return err
	}

	key.LifetimeSecs = lifetimeSecs
	key.ConfirmBeforeUse = confirmBeforeUse
	key.ConstraintExtensions = constraintExtensions
	return nil
}

func parseRSAKey(req []byte) (*AddedKey, error) {
	var k rsaKeyMsg
	if err := ssh.Unmarshal(req, &k); err != nil {
		return nil, err
	}
	if k.E.BitLen() > 30 {
		return nil, errors.New("agent: RSA public exponent too large")
	}
	priv := &rsa.PrivateKey{
		PublicKey: rsa.PublicKey{
			E: int(k.E.Int64()),
			N: k.N,
		},
		D:      k.D,
		Primes: []*big.Int{k.P, k.Q},
	}
	priv.Precompute()

	addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}
	if err := setConstraints(addedKey, k.Constraints); err != nil {
		return nil, err
	}
	return addedKey, nil
}

func parseEd25519Key(req []byte) (*AddedKey, error) {
	var k ed25519KeyMsg
	if err := ssh.Unmarshal(req, &k); err != nil {
		return nil, err
	}
	priv := ed25519.PrivateKey(k.Priv)

	addedKey := &AddedKey{PrivateKey: &priv, Comment: k.Comments}
	if err := setConstraints(addedKey, k.Constraints); err != nil {
		return nil, err
	}
	return addedKey, nil
}

func parseDSAKey(req []byte) (*AddedKey, error) {
	var k dsaKeyMsg
	if err := ssh.Unmarshal(req, &k); err != nil {
		return nil, err
	}
	priv := &dsa.PrivateKey{
		PublicKey: dsa.PublicKey{
			Parameters: dsa.Parameters{
				P: k.P,
				Q: k.Q,
				G: k.G,
			},
			Y: k.Y,
		},
		X: k.X,
	}

	addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}
	if err := setConstraints(addedKey, k.Constraints); err != nil {
		return nil, err
	}
	return addedKey, nil
}

func unmarshalECDSA(curveName string, keyBytes []byte, privScalar *big.Int) (priv *ecdsa.PrivateKey, err error) {
	priv = &ecdsa.PrivateKey{
		D: privScalar,
	}

	switch curveName {
	case "nistp256":
		priv.Curve = elliptic.P256()
	case "nistp384":
		priv.Curve = elliptic.P384()
	case "nistp521":
		priv.Curve = elliptic.P521()
	default:
		return nil, fmt.Errorf("agent: unknown curve %q", curveName)
	}

	priv.X, priv.Y = elliptic.Unmarshal(priv.Curve, keyBytes)
	if priv.X == nil || priv.Y == nil {
		return nil, errors.New("agent: point not on curve")
	}

	return priv, nil
}

func parseEd25519Cert(req []byte) (*AddedKey, error) {
	var k ed25519CertMsg
	if err := ssh.Unmarshal(req, &k); err != nil {
		return nil, err
	}
	pubKey, err := ssh.ParsePublicKey(k.CertBytes)
	if err != nil {
		return nil, err
	}
	priv := ed25519.PrivateKey(k.Priv)
	cert, ok := pubKey.(*ssh.Certificate)
	if !ok {
		return nil, errors.New("agent: bad ED25519 certificate")
	}

	addedKey := &AddedKey{PrivateKey: &priv, Certificate: cert, Comment: k.Comments}
	if err := setConstraints(addedKey, k.Constraints); err != nil {
		return nil, err
	}
	return addedKey, nil
}

func parseECDSAKey(req []byte) (*AddedKey, error) {
	var k ecdsaKeyMsg
	if err := ssh.Unmarshal(req, &k); err != nil {
		return nil, err
	}

	priv, err := unmarshalECDSA(k.Curve, k.KeyBytes, k.D)
	if err != nil {
		return nil, err
	}

	addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}
	if err := setConstraints(addedKey, k.Constraints); err != nil {
		return nil, err
	}
	return addedKey, nil
}

func parseRSACert(req []byte) (*AddedKey, error) {
	var k rsaCertMsg
	if err := ssh.Unmarshal(req, &k); err != nil {
		return nil, err
	}

	pubKey, err := ssh.ParsePublicKey(k.CertBytes)
	if err != nil {
		return nil, err
	}

	cert, ok := pubKey.(*ssh.Certificate)
	if !ok {
		return nil, errors.New("agent: bad RSA certificate")
	}

	// An RSA publickey as marshaled by rsaPublicKey.Marshal() in keys.go
	var rsaPub struct {
		Name string
		E    *big.Int
		N    *big.Int
	}
	if err := ssh.Unmarshal(cert.Key.Marshal(), &rsaPub); err != nil {
		return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)
	}

	if rsaPub.E.BitLen() > 30 {
		return nil, errors.New("agent: RSA public exponent too large")
	}

	priv := rsa.PrivateKey{
		PublicKey: rsa.PublicKey{
			E: int(rsaPub.E.Int64()),
			N: rsaPub.N,
		},
		D:      k.D,
		Primes: []*big.Int{k.Q, k.P},
	}
	priv.Precompute()

	addedKey := &AddedKey{PrivateKey: &priv, Certificate: cert, Comment: k.Comments}
	if err := setConstraints(addedKey, k.Constraints); err != nil {
		return nil, err
	}
	return addedKey, nil
}

func parseDSACert(req []byte) (*AddedKey, error) {
	var k dsaCertMsg
	if err := ssh.Unmarshal(req, &k); err != nil {
		return nil, err
	}
	pubKey, err := ssh.ParsePublicKey(k.CertBytes)
	if err != nil {
		return nil, err
	}
	cert, ok := pubKey.(*ssh.Certificate)
	if !ok {
		return nil, errors.New("agent: bad DSA certificate")
	}

	// A DSA publickey as marshaled by dsaPublicKey.Marshal() in keys.go
	var w struct {
		Name       string
		P, Q, G, Y *big.Int
	}
	if err := ssh.Unmarshal(cert.Key.Marshal(), &w); err != nil {
		return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)
	}

	priv := &dsa.PrivateKey{
		PublicKey: dsa.PublicKey{
			Parameters: dsa.Parameters{
				P: w.P,
				Q: w.Q,
				G: w.G,
			},
			Y: w.Y,
		},
		X: k.X,
	}

	addedKey := &AddedKey{PrivateKey: priv, Certificate: cert, Comment: k.Comments}
	if err := setConstraints(addedKey, k.Constraints); err != nil {
		return nil, err
	}
	return addedKey, nil
}

func parseECDSACert(req []byte) (*AddedKey, error) {
	var k ecdsaCertMsg
	if err := ssh.Unmarshal(req, &k); err != nil {
		return nil, err
	}

	pubKey, err := ssh.ParsePublicKey(k.CertBytes)
	if err != nil {
		return nil, err
	}
	cert, ok := pubKey.(*ssh.Certificate)
	if !ok {
		return nil, errors.New("agent: bad ECDSA certificate")
	}

	// An ECDSA publickey as marshaled by ecdsaPublicKey.Marshal() in keys.go
	var ecdsaPub struct {
		Name string
		ID   string
		Key  []byte
	}
	if err := ssh.Unmarshal(cert.Key.Marshal(), &ecdsaPub); err != nil {
		return nil, err
	}

	priv, err := unmarshalECDSA(ecdsaPub.ID, ecdsaPub.Key, k.D)
	if err != nil {
		return nil, err
	}

	addedKey := &AddedKey{PrivateKey: priv, Certificate: cert, Comment: k.Comments}
	if err := setConstraints(addedKey, k.Constraints); err != nil {
		return nil, err
	}
	return addedKey, nil
}

func (s *server) insertIdentity(req []byte) error {
	var record struct {
		Type string `sshtype:"17|25"`
		Rest []byte `ssh:"rest"`
	}

	if err := ssh.Unmarshal(req, &record); err != nil {
		return err
	}

	var addedKey *AddedKey
	var err error

	switch record.Type {
	case ssh.KeyAlgoRSA:
		addedKey, err = parseRSAKey(req)
	case ssh.KeyAlgoDSA:
		addedKey, err = parseDSAKey(req)
	case ssh.KeyAlgoECDSA256, ssh.KeyAlgoECDSA384, ssh.KeyAlgoECDSA521:
		addedKey, err = parseECDSAKey(req)
	case ssh.KeyAlgoED25519:
		addedKey, err = parseEd25519Key(req)
	case ssh.CertAlgoRSAv01:
		addedKey, err = parseRSACert(req)
	case ssh.CertAlgoDSAv01:
		addedKey, err = parseDSACert(req)
	case ssh.CertAlgoECDSA256v01, ssh.CertAlgoECDSA384v01, ssh.CertAlgoECDSA521v01:
		addedKey, err = parseECDSACert(req)
	case ssh.CertAlgoED25519v01:
		addedKey, err = parseEd25519Cert(req)
	default:
		return fmt.Errorf("agent: not implemented: %q", record.Type)
	}

	if err != nil {
		return err
	}
	return s.agent.Add(*addedKey)
}

// ServeAgent serves the agent protocol on the given connection. It
// returns when an I/O error occurs.
func ServeAgent(agent Agent, c io.ReadWriter) error {
	s := &server{agent}

	var length [4]byte
	for {
		if _, err := io.ReadFull(c, length[:]); err != nil {
			return err
		}
		l := binary.BigEndian.Uint32(length[:])
		if l == 0 {
			return fmt.Errorf("agent: request size is 0")
		}
		if l > maxAgentResponseBytes {
			// We also cap requests.
			return fmt.Errorf("agent: request too large: %d", l)
		}

		req := make([]byte, l)
		if _, err := io.ReadFull(c, req); err != nil {
			return err
		}

		repData := s.processRequestBytes(req)
		if len(repData) > maxAgentResponseBytes {
			return fmt.Errorf("agent: reply too large: %d bytes", len(repData))
		}

		binary.BigEndian.PutUint32(length[:], uint32(len(repData)))
		if _, err := c.Write(length[:]); err != nil {
			return err
		}
		if _, err := c.Write(repData); err != nil {
			return err
		}
	}
}
Initial commit 2022-07-07 20:11:50 +00:00			`// Copyright 2012 The Go Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`

			`package agent`

			`import (`
			`"crypto/dsa"`
			`"crypto/ecdsa"`
			`"crypto/elliptic"`
			`"crypto/rsa"`
			`"encoding/binary"`
			`"errors"`
			`"fmt"`
			`"io"`
			`"log"`
			`"math/big"`

			`"golang.org/x/crypto/ed25519"`
			`"golang.org/x/crypto/ssh"`
			`)`

			`// Server wraps an Agent and uses it to implement the agent side of`
			`// the SSH-agent, wire protocol.`
			`type server struct {`
			`agent Agent`
			`}`

			`func (s *server) processRequestBytes(reqData []byte) []byte {`
			`rep, err := s.processRequest(reqData)`
			`if err != nil {`
			`if err != errLocked {`
			`// TODO(hanwen): provide better logging interface?`
			`log.Printf("agent %d: %v", reqData[0], err)`
			`}`
			`return []byte{agentFailure}`
			`}`

			`if err == nil && rep == nil {`
			`return []byte{agentSuccess}`
			`}`

			`return ssh.Marshal(rep)`
			`}`

			`func marshalKey(k *Key) []byte {`
			`var record struct {`
			`Blob []byte`
			`Comment string`
			`}`
			`record.Blob = k.Marshal()`
			`record.Comment = k.Comment`

			`return ssh.Marshal(&record)`
			`}`

			`// See [PROTOCOL.agent], section 2.5.1.`
			`const agentV1IdentitiesAnswer = 2`

			`type agentV1IdentityMsg struct {`
			Numkeys uint32 `sshtype:"2"`
			`}`

			`type agentRemoveIdentityMsg struct {`
			KeyBlob []byte `sshtype:"18"`
			`}`

			`type agentLockMsg struct {`
			Passphrase []byte `sshtype:"22"`
			`}`

			`type agentUnlockMsg struct {`
			Passphrase []byte `sshtype:"23"`
			`}`

			`func (s *server) processRequest(data []byte) (interface{}, error) {`
			`switch data[0] {`
			`case agentRequestV1Identities:`
			`return &agentV1IdentityMsg{0}, nil`

			`case agentRemoveAllV1Identities:`
			`return nil, nil`

			`case agentRemoveIdentity:`
			`var req agentRemoveIdentityMsg`
			`if err := ssh.Unmarshal(data, &req); err != nil {`
			`return nil, err`
			`}`

			`var wk wireKey`
			`if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {`
			`return nil, err`
			`}`

			`return nil, s.agent.Remove(&Key{Format: wk.Format, Blob: req.KeyBlob})`

			`case agentRemoveAllIdentities:`
			`return nil, s.agent.RemoveAll()`

			`case agentLock:`
			`var req agentLockMsg`
			`if err := ssh.Unmarshal(data, &req); err != nil {`
			`return nil, err`
			`}`

			`return nil, s.agent.Lock(req.Passphrase)`

			`case agentUnlock:`
			`var req agentUnlockMsg`
			`if err := ssh.Unmarshal(data, &req); err != nil {`
			`return nil, err`
			`}`
			`return nil, s.agent.Unlock(req.Passphrase)`

			`case agentSignRequest:`
			`var req signRequestAgentMsg`
			`if err := ssh.Unmarshal(data, &req); err != nil {`
			`return nil, err`
			`}`

			`var wk wireKey`
			`if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {`
			`return nil, err`
			`}`

			`k := &Key{`
			`Format: wk.Format,`
			`Blob: req.KeyBlob,`
			`}`

			`var sig *ssh.Signature`
			`var err error`
			`if extendedAgent, ok := s.agent.(ExtendedAgent); ok {`
			`sig, err = extendedAgent.SignWithFlags(k, req.Data, SignatureFlags(req.Flags))`
			`} else {`
			`sig, err = s.agent.Sign(k, req.Data)`
			`}`

			`if err != nil {`
			`return nil, err`
			`}`
			`return &signResponseAgentMsg{SigBlob: ssh.Marshal(sig)}, nil`

			`case agentRequestIdentities:`
			`keys, err := s.agent.List()`
			`if err != nil {`
			`return nil, err`
			`}`

			`rep := identitiesAnswerAgentMsg{`
			`NumKeys: uint32(len(keys)),`
			`}`
			`for _, k := range keys {`
			`rep.Keys = append(rep.Keys, marshalKey(k)...)`
			`}`
			`return rep, nil`

			`case agentAddIDConstrained, agentAddIdentity:`
			`return nil, s.insertIdentity(data)`

			`case agentExtension:`
			`// Return a stub object where the whole contents of the response gets marshaled.`
			`var responseStub struct {`
			Rest []byte `ssh:"rest"`
			`}`

			`if extendedAgent, ok := s.agent.(ExtendedAgent); !ok {`
			`// If this agent doesn't implement extensions, [PROTOCOL.agent] section 4.7`
			`// requires that we return a standard SSH_AGENT_FAILURE message.`
			`responseStub.Rest = []byte{agentFailure}`
			`} else {`
			`var req extensionAgentMsg`
			`if err := ssh.Unmarshal(data, &req); err != nil {`
			`return nil, err`
			`}`
			`res, err := extendedAgent.Extension(req.ExtensionType, req.Contents)`
			`if err != nil {`
			`// If agent extensions are unsupported, return a standard SSH_AGENT_FAILURE`
			`// message as required by [PROTOCOL.agent] section 4.7.`
			`if err == ErrExtensionUnsupported {`
			`responseStub.Rest = []byte{agentFailure}`
			`} else {`
			`// As the result of any other error processing an extension request,`
			`// [PROTOCOL.agent] section 4.7 requires that we return a`
			`// SSH_AGENT_EXTENSION_FAILURE code.`
			`responseStub.Rest = []byte{agentExtensionFailure}`
			`}`
			`} else {`
			`if len(res) == 0 {`
			`return nil, nil`
			`}`
			`responseStub.Rest = res`
			`}`
			`}`

			`return responseStub, nil`
			`}`

			`return nil, fmt.Errorf("unknown opcode %d", data[0])`
			`}`

			`func parseConstraints(constraints []byte) (lifetimeSecs uint32, confirmBeforeUse bool, extensions []ConstraintExtension, err error) {`
			`for len(constraints) != 0 {`
			`switch constraints[0] {`
			`case agentConstrainLifetime:`
			`lifetimeSecs = binary.BigEndian.Uint32(constraints[1:5])`
			`constraints = constraints[5:]`
			`case agentConstrainConfirm:`
			`confirmBeforeUse = true`
			`constraints = constraints[1:]`
			`case agentConstrainExtension:`
			`var msg constrainExtensionAgentMsg`
			`if err = ssh.Unmarshal(constraints, &msg); err != nil {`
			`return 0, false, nil, err`
			`}`
			`extensions = append(extensions, ConstraintExtension{`
			`ExtensionName: msg.ExtensionName,`
			`ExtensionDetails: msg.ExtensionDetails,`
			`})`
			`constraints = msg.Rest`
			`default:`
			`return 0, false, nil, fmt.Errorf("unknown constraint type: %d", constraints[0])`
			`}`
			`}`
			`return`
			`}`

			`func setConstraints(key *AddedKey, constraintBytes []byte) error {`
			`lifetimeSecs, confirmBeforeUse, constraintExtensions, err := parseConstraints(constraintBytes)`
			`if err != nil {`
			`return err`
			`}`

			`key.LifetimeSecs = lifetimeSecs`
			`key.ConfirmBeforeUse = confirmBeforeUse`
			`key.ConstraintExtensions = constraintExtensions`
			`return nil`
			`}`

			`func parseRSAKey(req []byte) (*AddedKey, error) {`
			`var k rsaKeyMsg`
			`if err := ssh.Unmarshal(req, &k); err != nil {`
			`return nil, err`
			`}`
			`if k.E.BitLen() > 30 {`
			`return nil, errors.New("agent: RSA public exponent too large")`
			`}`
			`priv := &rsa.PrivateKey{`
			`PublicKey: rsa.PublicKey{`
			`E: int(k.E.Int64()),`
			`N: k.N,`
			`},`
			`D: k.D,`
			`Primes: []*big.Int{k.P, k.Q},`
			`}`
			`priv.Precompute()`

			`addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}`
			`if err := setConstraints(addedKey, k.Constraints); err != nil {`
			`return nil, err`
			`}`
			`return addedKey, nil`
			`}`

			`func parseEd25519Key(req []byte) (*AddedKey, error) {`
			`var k ed25519KeyMsg`
			`if err := ssh.Unmarshal(req, &k); err != nil {`
			`return nil, err`
			`}`
			`priv := ed25519.PrivateKey(k.Priv)`

			`addedKey := &AddedKey{PrivateKey: &priv, Comment: k.Comments}`
			`if err := setConstraints(addedKey, k.Constraints); err != nil {`
			`return nil, err`
			`}`
			`return addedKey, nil`
			`}`

			`func parseDSAKey(req []byte) (*AddedKey, error) {`
			`var k dsaKeyMsg`
			`if err := ssh.Unmarshal(req, &k); err != nil {`
			`return nil, err`
			`}`
			`priv := &dsa.PrivateKey{`
			`PublicKey: dsa.PublicKey{`
			`Parameters: dsa.Parameters{`
			`P: k.P,`
			`Q: k.Q,`
			`G: k.G,`
			`},`
			`Y: k.Y,`
			`},`
			`X: k.X,`
			`}`

			`addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}`
			`if err := setConstraints(addedKey, k.Constraints); err != nil {`
			`return nil, err`
			`}`
			`return addedKey, nil`
			`}`

			`func unmarshalECDSA(curveName string, keyBytes []byte, privScalar big.Int) (priv ecdsa.PrivateKey, err error) {`
			`priv = &ecdsa.PrivateKey{`
			`D: privScalar,`
			`}`

			`switch curveName {`
			`case "nistp256":`
			`priv.Curve = elliptic.P256()`
			`case "nistp384":`
			`priv.Curve = elliptic.P384()`
			`case "nistp521":`
			`priv.Curve = elliptic.P521()`
			`default:`
			`return nil, fmt.Errorf("agent: unknown curve %q", curveName)`
			`}`

			`priv.X, priv.Y = elliptic.Unmarshal(priv.Curve, keyBytes)`
			`if priv.X == nil \|\| priv.Y == nil {`
			`return nil, errors.New("agent: point not on curve")`
			`}`

			`return priv, nil`
			`}`

			`func parseEd25519Cert(req []byte) (*AddedKey, error) {`
			`var k ed25519CertMsg`
			`if err := ssh.Unmarshal(req, &k); err != nil {`
			`return nil, err`
			`}`
			`pubKey, err := ssh.ParsePublicKey(k.CertBytes)`
			`if err != nil {`
			`return nil, err`
			`}`
			`priv := ed25519.PrivateKey(k.Priv)`
			`cert, ok := pubKey.(*ssh.Certificate)`
			`if !ok {`
			`return nil, errors.New("agent: bad ED25519 certificate")`
			`}`

			`addedKey := &AddedKey{PrivateKey: &priv, Certificate: cert, Comment: k.Comments}`
			`if err := setConstraints(addedKey, k.Constraints); err != nil {`
			`return nil, err`
			`}`
			`return addedKey, nil`
			`}`

			`func parseECDSAKey(req []byte) (*AddedKey, error) {`
			`var k ecdsaKeyMsg`
			`if err := ssh.Unmarshal(req, &k); err != nil {`
			`return nil, err`
			`}`

			`priv, err := unmarshalECDSA(k.Curve, k.KeyBytes, k.D)`
			`if err != nil {`
			`return nil, err`
			`}`

			`addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}`
			`if err := setConstraints(addedKey, k.Constraints); err != nil {`
			`return nil, err`
			`}`
			`return addedKey, nil`
			`}`

			`func parseRSACert(req []byte) (*AddedKey, error) {`
			`var k rsaCertMsg`
			`if err := ssh.Unmarshal(req, &k); err != nil {`
			`return nil, err`
			`}`

			`pubKey, err := ssh.ParsePublicKey(k.CertBytes)`
			`if err != nil {`
			`return nil, err`
			`}`

			`cert, ok := pubKey.(*ssh.Certificate)`
			`if !ok {`
			`return nil, errors.New("agent: bad RSA certificate")`
			`}`

			`// An RSA publickey as marshaled by rsaPublicKey.Marshal() in keys.go`
			`var rsaPub struct {`
			`Name string`
			`E *big.Int`
			`N *big.Int`
			`}`
			`if err := ssh.Unmarshal(cert.Key.Marshal(), &rsaPub); err != nil {`
			`return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)`
			`}`

			`if rsaPub.E.BitLen() > 30 {`
			`return nil, errors.New("agent: RSA public exponent too large")`
			`}`

			`priv := rsa.PrivateKey{`
			`PublicKey: rsa.PublicKey{`
			`E: int(rsaPub.E.Int64()),`
			`N: rsaPub.N,`
			`},`
			`D: k.D,`
			`Primes: []*big.Int{k.Q, k.P},`
			`}`
			`priv.Precompute()`

			`addedKey := &AddedKey{PrivateKey: &priv, Certificate: cert, Comment: k.Comments}`
			`if err := setConstraints(addedKey, k.Constraints); err != nil {`
			`return nil, err`
			`}`
			`return addedKey, nil`
			`}`

			`func parseDSACert(req []byte) (*AddedKey, error) {`
			`var k dsaCertMsg`
			`if err := ssh.Unmarshal(req, &k); err != nil {`
			`return nil, err`
			`}`
			`pubKey, err := ssh.ParsePublicKey(k.CertBytes)`
			`if err != nil {`
			`return nil, err`
			`}`
			`cert, ok := pubKey.(*ssh.Certificate)`
			`if !ok {`
			`return nil, errors.New("agent: bad DSA certificate")`
			`}`

			`// A DSA publickey as marshaled by dsaPublicKey.Marshal() in keys.go`
			`var w struct {`
			`Name string`
			`P, Q, G, Y *big.Int`
			`}`
			`if err := ssh.Unmarshal(cert.Key.Marshal(), &w); err != nil {`
			`return nil, fmt.Errorf("agent: Unmarshal failed to parse public key: %v", err)`
			`}`

			`priv := &dsa.PrivateKey{`
			`PublicKey: dsa.PublicKey{`
			`Parameters: dsa.Parameters{`
			`P: w.P,`
			`Q: w.Q,`
			`G: w.G,`
			`},`
			`Y: w.Y,`
			`},`
			`X: k.X,`
			`}`

			`addedKey := &AddedKey{PrivateKey: priv, Certificate: cert, Comment: k.Comments}`
			`if err := setConstraints(addedKey, k.Constraints); err != nil {`
			`return nil, err`
			`}`
			`return addedKey, nil`
			`}`

			`func parseECDSACert(req []byte) (*AddedKey, error) {`
			`var k ecdsaCertMsg`
			`if err := ssh.Unmarshal(req, &k); err != nil {`
			`return nil, err`
			`}`

			`pubKey, err := ssh.ParsePublicKey(k.CertBytes)`
			`if err != nil {`
			`return nil, err`
			`}`
			`cert, ok := pubKey.(*ssh.Certificate)`
			`if !ok {`
			`return nil, errors.New("agent: bad ECDSA certificate")`
			`}`

			`// An ECDSA publickey as marshaled by ecdsaPublicKey.Marshal() in keys.go`
			`var ecdsaPub struct {`
			`Name string`
			`ID string`
			`Key []byte`
			`}`
			`if err := ssh.Unmarshal(cert.Key.Marshal(), &ecdsaPub); err != nil {`
			`return nil, err`
			`}`

			`priv, err := unmarshalECDSA(ecdsaPub.ID, ecdsaPub.Key, k.D)`
			`if err != nil {`
			`return nil, err`
			`}`

			`addedKey := &AddedKey{PrivateKey: priv, Certificate: cert, Comment: k.Comments}`
			`if err := setConstraints(addedKey, k.Constraints); err != nil {`
			`return nil, err`
			`}`
			`return addedKey, nil`
			`}`

			`func (s *server) insertIdentity(req []byte) error {`
			`var record struct {`
			Type string `sshtype:"17\|25"`
			Rest []byte `ssh:"rest"`
			`}`

			`if err := ssh.Unmarshal(req, &record); err != nil {`
			`return err`
			`}`

			`var addedKey *AddedKey`
			`var err error`

			`switch record.Type {`
			`case ssh.KeyAlgoRSA:`
			`addedKey, err = parseRSAKey(req)`
			`case ssh.KeyAlgoDSA:`
			`addedKey, err = parseDSAKey(req)`
			`case ssh.KeyAlgoECDSA256, ssh.KeyAlgoECDSA384, ssh.KeyAlgoECDSA521:`
			`addedKey, err = parseECDSAKey(req)`
			`case ssh.KeyAlgoED25519:`
			`addedKey, err = parseEd25519Key(req)`
			`case ssh.CertAlgoRSAv01:`
			`addedKey, err = parseRSACert(req)`
			`case ssh.CertAlgoDSAv01:`
			`addedKey, err = parseDSACert(req)`
			`case ssh.CertAlgoECDSA256v01, ssh.CertAlgoECDSA384v01, ssh.CertAlgoECDSA521v01:`
			`addedKey, err = parseECDSACert(req)`
			`case ssh.CertAlgoED25519v01:`
			`addedKey, err = parseEd25519Cert(req)`
			`default:`
			`return fmt.Errorf("agent: not implemented: %q", record.Type)`
			`}`

			`if err != nil {`
			`return err`
			`}`
			`return s.agent.Add(*addedKey)`
			`}`

			`// ServeAgent serves the agent protocol on the given connection. It`
			`// returns when an I/O error occurs.`
			`func ServeAgent(agent Agent, c io.ReadWriter) error {`
			`s := &server{agent}`

			`var length [4]byte`
			`for {`
			`if _, err := io.ReadFull(c, length[:]); err != nil {`
			`return err`
			`}`
			`l := binary.BigEndian.Uint32(length[:])`
			`if l == 0 {`
			`return fmt.Errorf("agent: request size is 0")`
			`}`
			`if l > maxAgentResponseBytes {`
			`// We also cap requests.`
			`return fmt.Errorf("agent: request too large: %d", l)`
			`}`

			`req := make([]byte, l)`
			`if _, err := io.ReadFull(c, req); err != nil {`
			`return err`
			`}`

			`repData := s.processRequestBytes(req)`
			`if len(repData) > maxAgentResponseBytes {`
			`return fmt.Errorf("agent: reply too large: %d bytes", len(repData))`
			`}`

			`binary.BigEndian.PutUint32(length[:], uint32(len(repData)))`
			`if _, err := c.Write(length[:]); err != nil {`
			`return err`
			`}`
			`if _, err := c.Write(repData); err != nil {`
			`return err`
			`}`
			`}`
			`}`