verify signature

2026-01-16 17:35:04 +01:00 · 2024-08-25 22:50:34 +02:00 · 2024-08-25 22:50:34 +02:00 · 3124e6a2ab
commit 3124e6a2ab
parent ae425fdefa
14 changed files with 373 additions and 36 deletions
--- a/bin/cluelessh/Cargo.toml
+++ b/bin/cluelessh/Cargo.toml
@ -18,6 +18,7 @@ tracing-subscriber = { version = "0.3.18", features = ["json", "env-filter"] }
 tracing.workspace = true
 rpassword = "7.3.1"
 users = "0.11.0"
+cluelessh-keys = { version = "0.1.0", path = "../../lib/cluelessh-keys" }

 [lints]
 workspace = true
--- a/bin/cluelessh/src/main.rs
+++ b/bin/cluelessh/src/main.rs
@ -4,7 +4,7 @@ use clap::Parser;

 use cluelessh_tokio::client::SignatureResult;
 use cluelessh_tokio::PendingChannel;
-use cluelessh_transport::{key::PublicKey, numbers, parse::Writer};
+use cluelessh_transport::key::PublicKey;
 use eyre::{bail, Context, ContextCompat, OptionExt, Result};
 use tokio::net::TcpStream;
 use tracing::{debug, error};
@ -70,7 +70,6 @@ async fn main() -> eyre::Result<()> {
                })
            }),
            sign_pubkey: Arc::new(move |session_identifier| {
-                let session_identifier = session_identifier.to_vec();
                let mut attempted_public_keys = HashSet::new();
                let username = username.clone();
                Box::pin(async move {
@ -94,19 +93,13 @@ async fn main() -> eyre::Result<()> {
                    }
                    let pubkey = PublicKey::from_wire_encoding(&identity.key_blob)?;

-                    let mut sign_data = Writer::new();
-                    sign_data.string(session_identifier);
-                    sign_data.u8(numbers::SSH_MSG_USERAUTH_REQUEST);
-                    sign_data.string(&username);
-                    sign_data.string("ssh-connection");
-                    sign_data.string("publickey");
-                    sign_data.bool(true);
-                    sign_data.string(pubkey.algorithm_name());
-                    sign_data.string(&identity.key_blob);
-
-                    let data = sign_data.finish();
+                    let sign_data = cluelessh_keys::signature::signature_data(
+                        session_identifier,
+                        &username,
+                        &pubkey,
+                    );
                    let signature = agent
-                        .sign(&identity.key_blob, &data, 0)
+                        .sign(&identity.key_blob, &sign_data, 0)
                        .await
                        .wrap_err("signing for authentication")?;