Noratrieb/cluelessh
1
0
Fork 0
mirror of https://github.com/Noratrieb/cluelessh.git synced 2026-01-14 16:35:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add cluelessh-key debug create-fake-privkey

Browse source 
This command creates a fake private key that looks like it's the real
private key for a corresponding public key.
Even `ssh-keygen -y` gets confused.
This commit is contained in:
nora 2024-09-10 21:53:56 +02:00
parent e36f416c54
commit a03eb38461
5 changed files with 99 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

33
lib/cluelessh-keys/src/authorized_keys.rs
View file

@ -1,5 +1,3 @@
use base64::Engine;
use crate::public::{PublicKey, PublicKeyWithComment};
pub struct AuthorizedKeys {
@ -16,33 +14,10 @@ impl AuthorizedKeys {
let mut keys: Vec<PublicKeyWithComment> = Vec::new();
for line in lines {
let mut parts = line.split_whitespace();
let alg = parts
.next()
.ok_or_else(|| Error("missing algorithm on line".to_owned()))?;
let key_blob = parts
.next()
.ok_or_else(|| Error("missing key on line".to_owned()))?;
let key_blob = base64::prelude::BASE64_STANDARD
.decode(key_blob)
.map_err(|err| Error(format!("invalid base64 encoding for key: {err}")))?;
let comment = parts.next().unwrap_or_default();
let public_key = PublicKey::from_wire_encoding(&key_blob)
.map_err(|err| Error(format!("unsupported key: {err}")))?;
if public_key.algorithm_name() != alg {
return Err(Error(format!(
"algorithm name mismatch: {} != {}",
public_key.algorithm_name(),
alg
)));
}
keys.push(PublicKeyWithComment {
key: public_key,
comment: comment.to_owned(),
});
let key = line
.parse::<PublicKeyWithComment>()
.map_err(|err| Error(err.0))?;
keys.push(key);
}
Ok(Self { keys })

7
lib/cluelessh-keys/src/private.rs
View file

@ -108,7 +108,6 @@ impl EncryptedPrivateKeys {
p.array(*MAGIC);
p.string(self.cipher.name().as_bytes());
p.string(self.kdf.name().as_bytes());
dbg!(self.kdf.options());
p.string(self.kdf.options());
p.u32(self.public_keys.len() as u32);
@ -302,9 +301,13 @@ impl KeyEncryptionParams {
impl PlaintextPrivateKey {
pub fn generate(comment: String, params: KeyGenerationParams) -> Self {
let keytype = crypto::generate_private_key(params);
Self::new(comment, keytype)
}
pub fn new(comment: String, private_key: PrivateKey) -> Self {
Self {
comment,
private_key: keytype,
private_key,
checkint: rand::random(),
}
}

38
lib/cluelessh-keys/src/public.rs
View file

@ -2,7 +2,10 @@
// <https://datatracker.ietf.org/doc/html/rfc4716> exists but is kinda weird
use std::fmt::{Debug, Display};
use std::{
fmt::{Debug, Display},
str::FromStr,
};
use base64::Engine;
@ -26,6 +29,39 @@ pub struct PublicKeyWithComment {
pub comment: String,
}
impl FromStr for PublicKeyWithComment {
type Err = ParseError;
fn from_str(s: &str) -> Result<Self, Self::Err> {
let mut parts = s.split_ascii_whitespace();
let alg = parts
.next()
.ok_or_else(|| ParseError("missing algorithm on line".to_owned()))?;
let key_blob = parts
.next()
.ok_or_else(|| ParseError("missing key on line".to_owned()))?;
let key_blob = base64::prelude::BASE64_STANDARD
.decode(key_blob)
.map_err(|err| ParseError(format!("invalid base64 encoding for key: {err}")))?;
let comment = parts.next().unwrap_or_default();
let public_key = PublicKey::from_wire_encoding(&key_blob)
.map_err(|err| ParseError(format!("unsupported key: {err}")))?;
if public_key.algorithm_name() != alg {
return Err(ParseError(format!(
"algorithm name mismatch: {} != {}",
public_key.algorithm_name(),
alg
)));
}
Ok(Self {
key: public_key,
comment: comment.to_owned(),
})
}
}
impl PublicKey {
/// Parses an SSH public key from its wire encoding as specified in
/// RFC4253, RFC5656, and RFC8709.