mirror of
https://github.com/Noratrieb/cluelessh.git
synced 2026-01-16 09:25:04 +01:00
start support for kex
This commit is contained in:
parent
18993f3a00
commit
11fcb4cd84
4 changed files with 48 additions and 5 deletions
|
|
@ -220,6 +220,10 @@ fn execute_command(command: &[u8]) -> ProcessOutput {
|
||||||
status: 0,
|
status: 0,
|
||||||
stdout: CPUINFO_UNAME_A.to_vec(),
|
stdout: CPUINFO_UNAME_A.to_vec(),
|
||||||
},
|
},
|
||||||
|
"true" => ProcessOutput {
|
||||||
|
status: 0,
|
||||||
|
stdout: b"".to_vec(),
|
||||||
|
},
|
||||||
_ => {
|
_ => {
|
||||||
let argv0 = command.split_ascii_whitespace().next().unwrap_or("");
|
let argv0 = command.split_ascii_whitespace().next().unwrap_or("");
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,10 +3,38 @@ use sha2::Digest;
|
||||||
use subtle::ConstantTimeEq;
|
use subtle::ConstantTimeEq;
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
|
client_error,
|
||||||
packet::{EncryptedPacket, MsgKind, Packet, RawPacket},
|
packet::{EncryptedPacket, MsgKind, Packet, RawPacket},
|
||||||
Msg, Result,
|
Msg, Result,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#[derive(Clone, Copy)]
|
||||||
|
pub struct KexAlgorithm {
|
||||||
|
pub name: &'static str,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub const KEX_CURVE_25519_SHA256: KexAlgorithm = KexAlgorithm {
|
||||||
|
name: "curve25519-sha256",
|
||||||
|
};
|
||||||
|
|
||||||
|
pub struct AlgorithmNegotiation<T> {
|
||||||
|
pub supported: Vec<(&'static str, T)>,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<T: Copy> AlgorithmNegotiation<T> {
|
||||||
|
pub fn find<'a>(&self, client_supports: &str) -> Result<T> {
|
||||||
|
for client_alg in client_supports.split(',') {
|
||||||
|
if let Some(alg) = self.supported.iter().find(|alg| alg.0 == client_alg) {
|
||||||
|
return Ok(alg.1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Err(client_error!(
|
||||||
|
"client does not support any matching algorithm: supported: {client_supports:?}"
|
||||||
|
))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
pub(crate) struct Session {
|
pub(crate) struct Session {
|
||||||
session_id: [u8; 32],
|
session_id: [u8; 32],
|
||||||
encryption_key_client_to_server: SshChaCha20Poly1305,
|
encryption_key_client_to_server: SshChaCha20Poly1305,
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ use core::str;
|
||||||
use std::{collections::VecDeque, mem::take};
|
use std::{collections::VecDeque, mem::take};
|
||||||
|
|
||||||
use ed25519_dalek::ed25519::signature::Signer;
|
use ed25519_dalek::ed25519::signature::Signer;
|
||||||
|
use keys::AlgorithmNegotiation;
|
||||||
use packet::{
|
use packet::{
|
||||||
DhKeyExchangeInitPacket, DhKeyExchangeInitReplyPacket, KeyExchangeInitPacket, Packet,
|
DhKeyExchangeInitPacket, DhKeyExchangeInitReplyPacket, KeyExchangeInitPacket, Packet,
|
||||||
PacketTransport, SshPublicKey, SshSignature,
|
PacketTransport, SshPublicKey, SshSignature,
|
||||||
|
|
@ -169,14 +170,24 @@ impl ServerConnection {
|
||||||
Ok(expected)
|
Ok(expected)
|
||||||
} else {
|
} else {
|
||||||
Err(client_error!(
|
Err(client_error!(
|
||||||
"client does not supported algorithm {expected}. supported: {list:?}",
|
"client does not supporte algorithm {expected}. supported: {list:?}",
|
||||||
))
|
))
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
let key_algorithm = require_algorithm("curve25519-sha256", kex.kex_algorithms)?;
|
// TODO: support ecdh-sha2-nistp256
|
||||||
|
let kex_algorithms = AlgorithmNegotiation {
|
||||||
|
supported: vec![(
|
||||||
|
keys::KEX_CURVE_25519_SHA256.name,
|
||||||
|
keys::KEX_CURVE_25519_SHA256,
|
||||||
|
)],
|
||||||
|
};
|
||||||
|
let kex_algorithm = kex_algorithms.find(kex.kex_algorithms.0)?;
|
||||||
|
|
||||||
let server_host_key_algorithm =
|
let server_host_key_algorithm =
|
||||||
require_algorithm("ssh-ed25519", kex.server_host_key_algorithms)?;
|
require_algorithm("ssh-ed25519", kex.server_host_key_algorithms)?;
|
||||||
|
|
||||||
|
// TODO: support aes128-ctr (aes-gcm is not supported by everyone)
|
||||||
let encryption_algorithm_client_to_server = require_algorithm(
|
let encryption_algorithm_client_to_server = require_algorithm(
|
||||||
"chacha20-poly1305@openssh.com",
|
"chacha20-poly1305@openssh.com",
|
||||||
kex.encryption_algorithms_client_to_server,
|
kex.encryption_algorithms_client_to_server,
|
||||||
|
|
@ -205,7 +216,7 @@ impl ServerConnection {
|
||||||
|
|
||||||
let server_kexinit = KeyExchangeInitPacket {
|
let server_kexinit = KeyExchangeInitPacket {
|
||||||
cookie: [0; 16],
|
cookie: [0; 16],
|
||||||
kex_algorithms: NameList::one(key_algorithm),
|
kex_algorithms: NameList::one(kex_algorithm.name),
|
||||||
server_host_key_algorithms: NameList::one(server_host_key_algorithm),
|
server_host_key_algorithms: NameList::one(server_host_key_algorithm),
|
||||||
encryption_algorithms_client_to_server: NameList::one(
|
encryption_algorithms_client_to_server: NameList::one(
|
||||||
encryption_algorithm_client_to_server,
|
encryption_algorithm_client_to_server,
|
||||||
|
|
|
||||||
|
|
@ -120,7 +120,7 @@ impl Writer {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Clone, Copy)]
|
#[derive(Clone, Copy)]
|
||||||
pub struct NameList<'a>(&'a str);
|
pub struct NameList<'a>(pub &'a str);
|
||||||
|
|
||||||
impl<'a> NameList<'a> {
|
impl<'a> NameList<'a> {
|
||||||
pub fn one(item: &'a str) -> Self {
|
pub fn one(item: &'a str) -> Self {
|
||||||
|
|
@ -132,7 +132,7 @@ impl<'a> NameList<'a> {
|
||||||
pub fn none() -> NameList<'static> {
|
pub fn none() -> NameList<'static> {
|
||||||
NameList("")
|
NameList("")
|
||||||
}
|
}
|
||||||
pub fn iter(&self) -> std::str::Split<char> {
|
pub fn iter(&self) -> std::str::Split<'a, char> {
|
||||||
self.0.split(',')
|
self.0.split(',')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue