Noratrieb/cluelessh
1
0
Fork 0
mirror of https://github.com/Noratrieb/cluelessh.git synced 2026-01-14 16:35:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

more moves

Browse source
This commit is contained in:
nora 2024-08-25 23:34:33 +02:00
parent 8a627949a3
commit 362d8c57ce
16 changed files with 164 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

20
lib/cluelessh-keys/src/crypto.rs
View file

@ -81,14 +81,16 @@ impl Kdf {
let salt = opts.string()?;
let rounds = opts.u32()?;
Kdf::BCrypt {
salt: salt
.try_into()
.map_err(|_| cluelessh_format::ParseError(format!("incorrect bcrypt salt len")))?,
salt: salt.try_into().map_err(|_| {
cluelessh_format::ParseError(format!("incorrect bcrypt salt len"))
})?,
rounds,
}
}
_ => {
return Err(cluelessh_format::ParseError(format!("unsupported KDF: {kdfname}")));
return Err(cluelessh_format::ParseError(format!(
"unsupported KDF: {kdfname}"
)));
}
};
Ok(kdf)
@ -113,12 +115,18 @@ impl Kdf {
}
}
pub(crate) fn derive(&self, passphrase: &str, output: &mut [u8]) -> cluelessh_format::Result<()> {
pub(crate) fn derive(
&self,
passphrase: &str,
output: &mut [u8],
) -> cluelessh_format::Result<()> {
match self {
Self::None => unreachable!("should not attempt to derive passphrase from none"),
Self::BCrypt { salt, rounds } => {
bcrypt_pbkdf::bcrypt_pbkdf(passphrase, salt, *rounds, output).map_err(|err| {
cluelessh_format::ParseError(format!("error when performing key derivation: {err}"))
cluelessh_format::ParseError(format!(
"error when performing key derivation: {err}"
))
})
}
}

19
lib/cluelessh-keys/src/lib.rs
View file

@ -46,8 +46,9 @@ impl EncryptedPrivateKeys {
let content = if content.starts_with(b"openssh-key-v1") {
content
} else if content.starts_with(b"-----BEGIN OPENSSH PRIVATE KEY-----") {
pem = pem::parse(content)
.map_err(|err| cluelessh_format::ParseError(format!("invalid PEM format: {err}")))?;
pem = pem::parse(content).map_err(|err| {
cluelessh_format::ParseError(format!("invalid PEM format: {err}"))
})?;
pem.contents()
} else {
return Err(cluelessh_format::ParseError("invalid SSH key".to_owned()));
@ -115,7 +116,10 @@ impl EncryptedPrivateKeys {
(!matches!(self.kdf, Kdf::None)) && (!matches!(self.cipher, Cipher::None))
}
pub fn decrypt_encrypted_part(&self, passphrase: Option<&str>) -> cluelessh_format::Result<Vec<u8>> {
pub fn decrypt_encrypted_part(
&self,
passphrase: Option<&str>,
) -> cluelessh_format::Result<Vec<u8>> {
let mut data = self.encrypted_private_keys.clone();
if self.requires_passphrase() {
let Some(passphrase) = passphrase else {
@ -145,7 +149,9 @@ impl EncryptedPrivateKeys {
let checkint1 = p.u32()?;
let checkint2 = p.u32()?;
if checkint1 != checkint2 {
return Err(cluelessh_format::ParseError(format!("invalid key or password")));
return Err(cluelessh_format::ParseError(format!(
"invalid key or password"
)));
}
let mut result_keys = Vec::new();
@ -246,7 +252,10 @@ impl PlaintextPrivateKey {
}
}
pub fn encrypt(&self, params: KeyEncryptionParams) -> cluelessh_format::Result<EncryptedPrivateKeys> {
pub fn encrypt(
&self,
params: KeyEncryptionParams,
) -> cluelessh_format::Result<EncryptedPrivateKeys> {
let public_keys = vec![self.private_key.public_key()];
let mut enc = Writer::new();

2
lib/cluelessh-keys/src/signature.rs
View file

@ -6,7 +6,7 @@ pub fn signature_data(session_id: [u8; 32], username: &str, pubkey: &PublicKey)
let mut s = Writer::new();
s.string(session_id);
s.u8(cluelessh_transport::numbers::SSH_MSG_USERAUTH_REQUEST);
s.u8(cluelessh_format::numbers::SSH_MSG_USERAUTH_REQUEST);
s.string(username);
s.string("ssh-connection");
s.string("publickey");