changes

2026-01-14 16:35:06 +01:00 · 2024-08-26 15:19:02 +02:00 · 2024-08-26 15:19:02 +02:00 · dcba4931e5
commit dcba4931e5
parent 5f203d0f5b
23 changed files with 317 additions and 132 deletions
--- a/bin/cluelessh-agentctl/Cargo.toml
+++ b/bin/cluelessh-agentctl/Cargo.toml
@ -6,6 +6,7 @@ edition = "2021"
 [dependencies]
 cluelessh-agent-client = { path = "../../lib/cluelessh-agent-client" } 
 cluelessh-transport = { path = "../../lib/cluelessh-transport" } 
+cluelessh-keys = { path = "../../lib/cluelessh-keys" }

 clap = { version = "4.5.16", features = ["derive"] }
 eyre.workspace = true
--- a/bin/cluelessh-agentctl/src/main.rs
+++ b/bin/cluelessh-agentctl/src/main.rs
@ -3,7 +3,7 @@ use std::{io::Write, path::PathBuf};
 use clap::Parser;
 use cluelessh_agent_client::{IdentityAnswer, SocketAgentConnection};
 use cluelessh_format::Writer;
-use cluelessh_transport::key::PublicKey;
+use cluelessh_keys::public::PublicKey;
 use eyre::{bail, Context};
 use sha2::Digest;

--- a/bin/cluelessh-faked/Cargo.toml
+++ b/bin/cluelessh-faked/Cargo.toml
@ -9,7 +9,7 @@ hex-literal = "0.4.1"
 rand = "0.8.5"
 cluelessh-protocol = { path = "../../lib/cluelessh-protocol" }
 cluelessh-tokio = { path = "../../lib/cluelessh-tokio" }
-
+cluelessh-keys = { path = "../../lib/cluelessh-keys" }
 tokio = { version = "1.39.2", features = ["full"] }
 tracing-subscriber = { version = "0.3.18", features = ["env-filter", "json"] }

--- a/bin/cluelessh-faked/src/main.rs
+++ b/bin/cluelessh-faked/src/main.rs
@ -60,7 +60,18 @@ async fn main() -> eyre::Result<()> {
        ),
    };

-    let mut listener = cluelessh_tokio::server::ServerListener::new(listener, auth_verify);
+    let transport_config = cluelessh_protocol::transport::server::ServerConfig {
+        host_keys: vec![
+            cluelessh_keys::EncryptedPrivateKeys::parse(ED25519_PRIVKEY.as_bytes())
+                .unwrap()
+                .decrypt(None)
+                .unwrap()
+                .remove(0),
+        ],
+    };
+
+    let mut listener =
+        cluelessh_tokio::server::ServerListener::new(listener, auth_verify, transport_config);

    loop {
        let next = listener.accept().await?;
@ -327,3 +338,18 @@ fn execute_command(command: &[u8]) -> ProcessOutput {
        },
    }
 }
+
+const ED25519_PRIVKEY: &str = "\
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACDpOc36b8DXNzM7U06RPdMyyNUXn+AMMEVXUhciSxm49gAAAJDpgLSk6YC0
+pAAAAAtzc2gtZWQyNTUxOQAAACDpOc36b8DXNzM7U06RPdMyyNUXn+AMMEVXUhciSxm49g
+AAAECSeskxuEtJrr9L7ZkbpogXC5pKRNVHx1ueMX2h1XUnmek5zfpvwNc3MztTTpE90zLI
+1Ref4AwwRVdSFyJLGbj2AAAAB3Rlc3RrZXkBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----
+";
+
+pub(crate) const ECDSA_P256_PRIVKEY_BYTES: &[u8; 32] = &[
+    0x89, 0xdd, 0x0c, 0x96, 0x22, 0x85, 0x10, 0xec, 0x3c, 0xa4, 0xa1, 0xb8, 0xac, 0x2a, 0x77, 0xa8,
+    0xd4, 0x4d, 0xcb, 0x9d, 0x90, 0x25, 0xc6, 0xd8, 0x3a, 0x02, 0x74, 0x4f, 0x9e, 0x44, 0xcd, 0xa3,
+];
--- a/bin/cluelessh-key/src/main.rs
+++ b/bin/cluelessh-key/src/main.rs
@ -6,7 +6,7 @@ use std::{

 use base64::Engine;
 use clap::Parser;
-use cluelessh_keys::{KeyEncryptionParams, PrivateKeyType};
+use cluelessh_keys::{KeyEncryptionParams, PrivateKey};
 use eyre::{bail, Context};

 #[derive(clap::Parser)]
@ -125,17 +125,23 @@ fn info(id_file: &Path, decrypt: bool, show_private: bool) -> eyre::Result<()> {
            None
        };

-        let keys = keys.parse_private(passphrase.as_deref())?;
+        let keys = keys.decrypt(passphrase.as_deref())?;
        for key in keys {
            println!("{} {}", key.private_key.public_key(), key.comment);
            if show_private {
                match key.private_key {
-                    PrivateKeyType::Ed25519 { private_key, .. } => {
+                    PrivateKey::Ed25519 { private_key, .. } => {
                        println!(
                            "  private key: {}",
                            base64::prelude::BASE64_STANDARD_NO_PAD.encode(private_key)
                        )
                    }
+                    PrivateKey::EcdsaSha2NistP256 { private_key, .. } => {
+                        println!(
+                            "  private key: {}",
+                            base64::prelude::BASE64_STANDARD_NO_PAD.encode(private_key.to_bytes())
+                        )
+                    }
                }
            }
        }
--- a/bin/cluelessh/src/main.rs
+++ b/bin/cluelessh/src/main.rs
@ -2,9 +2,9 @@ use std::{collections::HashSet, sync::Arc};

 use clap::Parser;

+use cluelessh_keys::public::PublicKey;
 use cluelessh_tokio::client::SignatureResult;
 use cluelessh_tokio::PendingChannel;
-use cluelessh_transport::key::PublicKey;
 use eyre::{bail, Context, ContextCompat, OptionExt, Result};
 use tokio::net::TcpStream;
 use tracing::{debug, error};
--- a/bin/cluelesshd/src/auth.rs
+++ b/bin/cluelesshd/src/auth.rs
@ -3,10 +3,8 @@
 use std::io;

 use cluelessh_keys::{
-    authorized_keys::{self, AuthorizedKeys},
-    PublicKeyWithComment,
+    authorized_keys::{self, AuthorizedKeys}, public::PublicKey, PublicKeyWithComment
 };
-use cluelessh_transport::key::PublicKey;
 use users::os::unix::UserExt;

 /// A known-authorized public key for a user.
--- a/bin/cluelesshd/src/main.rs
+++ b/bin/cluelesshd/src/main.rs
@ -4,8 +4,8 @@ mod pty;
 use std::{io, net::SocketAddr, process::ExitStatus, sync::Arc};

 use auth::AuthError;
+use cluelessh_keys::public::PublicKey;
 use cluelessh_tokio::{server::ServerAuthVerify, Channel};
-use cluelessh_transport::key::PublicKey;
 use eyre::{bail, eyre, Context, OptionExt, Result};
 use pty::Pty;
 use rustix::termios::Winsize;
@ -109,7 +109,9 @@ async fn main() -> eyre::Result<()> {
        auth_banner: Some("welcome to my server!!!\r\ni hope you enjoy your stay.\r\n".to_owned()),
    };

-    let mut listener = cluelessh_tokio::server::ServerListener::new(listener, auth_verify);
+    let config = todo!();
+
+    let mut listener = cluelessh_tokio::server::ServerListener::new(listener, auth_verify, config);

    loop {
        let next = listener.accept().await?;