Noratrieb/cluelessh
1
0
Fork 0
mirror of https://github.com/Noratrieb/cluelessh.git synced 2026-01-14 16:35:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

get ecdsa working again

Browse source
This commit is contained in:
nora 2024-08-26 18:48:27 +02:00
parent 1a093aa536
commit 06c1f31dca
4 changed files with 28 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

18
bin/cluelessh-faked/src/main.rs
View file

@ -67,7 +67,11 @@ async fn main() -> eyre::Result<()> {
.decrypt(None) .decrypt(None)
.unwrap() .unwrap()
.remove(0), .remove(0),
// TODO: add ECDSA support again!! cluelessh_keys::EncryptedPrivateKeys::parse(ECDSA_PRIVKEY.as_bytes())
.unwrap()
.decrypt(None)
.unwrap()
.remove(0),
], ],
}; };
@ -349,3 +353,15 @@ AAAECSeskxuEtJrr9L7ZkbpogXC5pKRNVHx1ueMX2h1XUnmek5zfpvwNc3MztTTpE90zLI
1Ref4AwwRVdSFyJLGbj2AAAAB3Rlc3RrZXkBAgMEBQY= 1Ref4AwwRVdSFyJLGbj2AAAAB3Rlc3RrZXkBAgMEBQY=
-----END OPENSSH PRIVATE KEY----- -----END OPENSSH PRIVATE KEY-----
"; ";
const ECDSA_PRIVKEY: &str = "\
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTAzIMf0R8+7KPHyaad2AYc5PivpuiV
Agf2THXdwHOXWoZz3pG/QBRGx+9n+ucIVT0lkWiMMwV86lSg/6w/DWNuAAAAqP8RaNj/EW
jYAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMDMgx/RHz7so8fJ
pp3YBhzk+K+m6JUCB/ZMdd3Ac5dahnPekb9AFEbH72f65whVPSWRaIwzBXzqVKD/rD8NY2
4AAAAhANOCLkd997DYpaix3I0BYDXDccdnRQ3SIMevrXTO2r+fAAAACm5vcmFAbml4b3MB
AgMEBQ==
-----END OPENSSH PRIVATE KEY-----
";

7
bin/cluelesshd/test_ed25519_key Normal file
View file

@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCSSk9Z/sT8EuBAl1z1QeVOYFsDKamvhTL1bshcG37xIAAAAIi8BQZkvAUG
ZAAAAAtzc2gtZWQyNTUxOQAAACCSSk9Z/sT8EuBAl1z1QeVOYFsDKamvhTL1bshcG37xIA
AAAEC23OQtXd52ZO/Z4BuFfpi+p5+ffm8/a1/CsuBPduSs85JKT1n+xPwS4ECXXPVB5U5g
WwMpqa+FMvVuyFwbfvEgAAAABGhvc3QB
-----END OPENSSH PRIVATE KEY-----

1
bin/cluelesshd/test_ed25519_key.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJKT1n+xPwS4ECXXPVB5U5gWwMpqa+FMvVuyFwbfvEg host

14
lib/cluelessh-transport/src/crypto.rs
View file

@ -137,7 +137,6 @@ pub fn hostkey_ed25519(hostkey_private: Vec<u8>) -> HostKeySigningAlgorithm {
public_key: |key| { public_key: |key| {
let key = ed25519_dalek::SigningKey::from_bytes(key.try_into().unwrap()); let key = ed25519_dalek::SigningKey::from_bytes(key.try_into().unwrap());
let public_key = key.verifying_key(); let public_key = key.verifying_key();
PublicKey::Ed25519 { public_key } PublicKey::Ed25519 { public_key }
}, },
sign: |key, data| { sign: |key, data| {
@ -189,16 +188,9 @@ pub fn hostkey_ecdsa_sha2_p256(hostkey_private: Vec<u8>) -> HostKeySigningAlgori
hostkey_private, hostkey_private,
public_key: |key| { public_key: |key| {
let key = p256::ecdsa::SigningKey::from_slice(key).unwrap(); let key = p256::ecdsa::SigningKey::from_slice(key).unwrap();
let public_key = key.verifying_key(); PublicKey::EcdsaSha2NistP256 {
let mut data = Writer::new(); public_key: *key.verifying_key(),
}
// <https://datatracker.ietf.org/doc/html/rfc5656#section-3.1>
data.string(b"ecdsa-sha2-nistp256");
data.string(b"nistp256");
// > point compression MAY be used.
// But OpenSSH does not appear to support that, so let's NOT use it.
data.string(public_key.to_encoded_point(false).as_bytes());
todo!()
}, },
sign: |key, data| { sign: |key, data| {
let key = p256::ecdsa::SigningKey::from_slice(key).unwrap(); let key = p256::ecdsa::SigningKey::from_slice(key).unwrap();