refactor

2026-01-14 16:35:06 +01:00 · 2024-08-26 19:46:44 +02:00 · 2024-08-26 19:46:44 +02:00 · ca4213ba81
commit ca4213ba81
parent d5794d3ef0
7 changed files with 130 additions and 111 deletions
--- a/lib/cluelessh-keys/src/crypto.rs
+++ b/lib/cluelessh-keys/src/crypto.rs
@ -157,7 +157,7 @@ pub(crate) fn generate_private_key(params: KeyGenerationParams) -> PrivateKey {

            PrivateKey::Ed25519 {
                public_key: private_key.verifying_key(),
-                private_key: private_key.to_bytes(),
+                private_key,
            }
        }
        KeyType::Ecdsa => {
--- a/lib/cluelessh-keys/src/private.rs
+++ b/lib/cluelessh-keys/src/private.rs
@ -36,7 +36,7 @@ impl Debug for PlaintextPrivateKey {
 pub enum PrivateKey {
    Ed25519 {
        public_key: ed25519_dalek::VerifyingKey,
-        private_key: [u8; 32], // TODO: store a signing key!
+        private_key: ed25519_dalek::SigningKey,
    },
    EcdsaSha2NistP256 {
        public_key: p256::ecdsa::VerifyingKey,
@ -326,9 +326,9 @@ impl PlaintextPrivateKey {
                // <https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent#name-eddsa-keys>
                enc.string(b"ssh-ed25519");
                enc.string(public_key);
-                let combined = private_key.len() + public_key.as_bytes().len();
+                let combined = private_key.as_bytes().len() + public_key.as_bytes().len();
                enc.u32(combined as u32);
-                enc.raw(private_key);
+                enc.raw(private_key.as_bytes());
                enc.raw(public_key.as_bytes());
            }
            PrivateKey::EcdsaSha2NistP256 {
--- a/lib/cluelessh-keys/src/signature.rs
+++ b/lib/cluelessh-keys/src/signature.rs
@ -1,6 +1,6 @@
 use cluelessh_format::Writer;

-use crate::public::PublicKey;
+use crate::{private::PrivateKey, public::PublicKey};

 // TODO SessionId newtype
 pub fn signature_data(session_id: [u8; 32], username: &str, pubkey: &PublicKey) -> Vec<u8> {
@ -17,3 +17,58 @@ pub fn signature_data(session_id: [u8; 32], username: &str, pubkey: &PublicKey)

    s.finish()
 }
+
+pub enum Signature {
+    Ed25519 { signature: ed25519_dalek::Signature },
+    EcdsaSha2NistP256 { signature: p256::ecdsa::Signature },
+}
+
+impl Signature {
+    pub fn to_wire_encoding(&self) -> Vec<u8> {
+        let mut data = Writer::new();
+        data.string(self.algorithm_name());
+        match self {
+            Self::Ed25519 { signature } => {
+                // <https://datatracker.ietf.org/doc/html/rfc8709#name-signature-format>
+                data.string(signature.to_bytes());
+            }
+            Self::EcdsaSha2NistP256 { signature } => {
+                // <https://datatracker.ietf.org/doc/html/rfc5656#section-3.1.2>
+
+                let (r, s) = signature.split_scalars();
+
+                let mut signature_blob = Writer::new();
+                signature_blob.mpint(p256::U256::from(r.as_ref()));
+                signature_blob.mpint(p256::U256::from(s.as_ref()));
+                data.string(signature_blob.finish());
+            }
+        }
+        data.finish()
+    }
+
+    pub fn algorithm_name(&self) -> &'static str {
+        match self {
+            Self::Ed25519 { .. } => "ssh-ed25519",
+            Self::EcdsaSha2NistP256 { .. } => "ecdsa-sha2-nistp256",
+        }
+    }
+}
+
+impl PrivateKey {
+    pub fn sign(&self, data: &[u8]) -> Signature {
+        match self {
+            Self::Ed25519 { private_key, .. } => {
+                use ed25519_dalek::Signer;
+
+                let sig = private_key.sign(data);
+                Signature::Ed25519 { signature: sig }
+            }
+            Self::EcdsaSha2NistP256 { private_key, .. } => {
+                use p256::ecdsa::signature::Signer;
+
+                let sig = private_key.sign(data);
+                Signature::EcdsaSha2NistP256 { signature: sig }
+            }
+        }
+    }
+}