Noratrieb/cluelessh
1
0
Fork 0
mirror of https://github.com/Noratrieb/cluelessh.git synced 2026-01-14 16:35:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

changes

Browse source
This commit is contained in:
nora 2024-08-26 15:19:02 +02:00
parent 5f203d0f5b
commit dcba4931e5
23 changed files with 317 additions and 132 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/cluelessh-keys/Cargo.toml
View file

@ -10,10 +10,11 @@ ctr = "0.9.2"
ed25519-dalek = { version = "2.1.1", features = ["rand_core"] }
pem = "3.0.4"
rand = "0.8.5"
cluelessh-transport = { path = "../cluelessh-transport" }
thiserror = "1.0.63"
base64 = "0.22.1"
cluelessh-format = { version = "0.1.0", path = "../cluelessh-format" }
tracing.workspace = true
p256 = "0.13.2"
[lints]
workspace = true

61
lib/cluelessh-keys/src/authorized_keys.rs
View file

@ -1,7 +1,6 @@
use base64::Engine;
use cluelessh_transport::key::PublicKey;
use crate::PublicKeyWithComment;
use crate::{public::PublicKey, PublicKeyWithComment};
pub struct AuthorizedKeys {
pub keys: Vec<PublicKeyWithComment>,
@ -56,9 +55,7 @@ impl AuthorizedKeys {
#[cfg(test)]
mod tests {
use cluelessh_transport::key::PublicKey;
use crate::PublicKeyWithComment;
use crate::{public::PublicKey, PublicKeyWithComment};
use super::AuthorizedKeys;
@ -70,10 +67,16 @@ mod tests {
keys.keys.as_slice(),
[PublicKeyWithComment {
key: PublicKey::Ed25519 {
public_key: [
109, 39, 214, 41, 20, 27, 218, 216, 170, 134, 225, 237, 106, 64, 201, 122,
234, 102, 172, 80, 161, 13, 179, 52, 154, 197, 62, 61, 118, 129, 58, 79,
],
public_key: ed25519_dalek::VerifyingKey::from_bytes(
&[
109, 39, 214, 41, 20, 27, 218, 216, 170, 134, 225, 237, 106, 64, 201,
122, 234, 102, 172, 80, 161, 13, 179, 52, 154, 197, 62, 61, 118, 129,
58, 79,
]
.try_into()
.unwrap()
)
.unwrap(),
},
comment: "nora".into(),
}]
@ -86,17 +89,27 @@ mod tests {
let keys = AuthorizedKeys::parse(keys).unwrap();
let provided = PublicKey::Ed25519 {
public_key: [
109, 39, 214, 41, 20, 27, 218, 216, 170, 134, 225, 237, 106, 64, 201, 122, 234,
102, 172, 80, 161, 13, 179, 52, 154, 197, 62, 61, 118, 129, 58, 79,
],
public_key: ed25519_dalek::VerifyingKey::from_bytes(
&[
109, 39, 214, 41, 20, 27, 218, 216, 170, 134, 225, 237, 106, 64, 201, 122, 234,
102, 172, 80, 161, 13, 179, 52, 154, 197, 62, 61, 118, 129, 58, 79,
]
.try_into()
.unwrap(),
)
.unwrap(),
};
let flipped = PublicKey::Ed25519 {
public_key: [
0, 39, 214, 41, 20, 27, 218, 216, 170, 134, 225, 237, 106, 64, 201, 122, 234, 102,
172, 80, 161, 13, 179, 52, 154, 197, 62, 61, 118, 129, 58, 79,
],
public_key: ed25519_dalek::VerifyingKey::from_bytes(
&[
1, 39, 214, 41, 20, 27, 218, 216, 170, 134, 225, 237, 106, 64, 201, 122, 234,
102, 172, 80, 161, 13, 179, 52, 154, 197, 62, 61, 118, 129, 58, 79,
]
.try_into()
.unwrap(),
)
.unwrap(),
};
assert!(keys.contains(&provided).is_some());
@ -119,10 +132,16 @@ mod tests {
keys.keys.as_slice(),
[PublicKeyWithComment {
key: PublicKey::Ed25519 {
public_key: [
109, 39, 214, 41, 20, 27, 218, 216, 170, 134, 225, 237, 106, 64, 201, 122,
234, 102, 172, 80, 161, 13, 179, 52, 154, 197, 62, 61, 118, 129, 58, 79,
],
public_key: ed25519_dalek::VerifyingKey::from_bytes(
&[
109, 39, 214, 41, 20, 27, 218, 216, 170, 134, 225, 237, 106, 64, 201,
122, 234, 102, 172, 80, 161, 13, 179, 52, 154, 197, 62, 61, 118, 129,
58, 79,
]
.try_into()
.unwrap()
)
.unwrap(),
},
comment: "".into(),
}]

8
lib/cluelessh-keys/src/crypto.rs
View file

@ -3,7 +3,7 @@ use std::str::FromStr;
use aes::cipher::{KeySizeUser, StreamCipher};
use cluelessh_format::{Reader, Writer};
use crate::PrivateKeyType;
use crate::PrivateKey;
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum Cipher {
@ -141,13 +141,13 @@ pub struct KeyGenerationParams {
pub key_type: KeyType,
}
pub(crate) fn generate_private_key(params: KeyGenerationParams) -> PrivateKeyType {
pub(crate) fn generate_private_key(params: KeyGenerationParams) -> PrivateKey {
match params.key_type {
KeyType::Ed25519 => {
let private_key = ed25519_dalek::SigningKey::generate(&mut rand::rngs::OsRng);
PrivateKeyType::Ed25519 {
public_key: private_key.verifying_key().to_bytes(),
PrivateKey::Ed25519 {
public_key: private_key.verifying_key(),
private_key: private_key.to_bytes(),
}
}

162
lib/cluelessh-keys/src/lib.rs
View file

@ -1,11 +1,15 @@
pub mod authorized_keys;
mod crypto;
pub mod public;
pub mod signature;
use std::fmt::Debug;
use cluelessh_format::{Reader, Writer};
use cluelessh_transport::key::PublicKey;
use crypto::{Cipher, Kdf};
use crate::public::PublicKey;
// TODO: good typed error messages so the user knows what's going on
pub use crypto::{KeyGenerationParams, KeyType};
@ -23,16 +27,34 @@ pub struct EncryptedPrivateKeys {
pub encrypted_private_keys: Vec<u8>,
}
#[derive(Clone)]
pub struct PlaintextPrivateKey {
pub private_key: PrivateKeyType,
pub private_key: PrivateKey,
pub comment: String,
checkint: u32,
}
pub enum PrivateKeyType {
impl Debug for PlaintextPrivateKey {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
f.debug_struct("PlaintextPrivateKey")
.field(
"public_key",
&format_args!("{}", self.private_key.public_key()),
)
.field("comment", &self.comment)
.finish()
}
}
#[derive(Clone)]
pub enum PrivateKey {
Ed25519 {
public_key: [u8; 32],
private_key: [u8; 32],
public_key: ed25519_dalek::VerifyingKey,
private_key: [u8; 32], // TODO: store a signing key!
},
EcdsaSha2NistP256 {
public_key: p256::ecdsa::VerifyingKey,
private_key: p256::ecdsa::SigningKey,
},
}
@ -139,7 +161,7 @@ impl EncryptedPrivateKeys {
Ok(data)
}
pub fn parse_private(
pub fn decrypt(
&self,
passphrase: Option<&str>,
) -> cluelessh_format::Result<Vec<PlaintextPrivateKey>> {
@ -159,15 +181,17 @@ impl EncryptedPrivateKeys {
for pubkey in &self.public_keys {
let keytype = match pubkey {
PublicKey::Ed25519 { public_key } => {
// <https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent#section-3.2.3>
// <https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent#name-eddsa-keys>
let alg = p.utf8_string()?;
if alg != "ssh-ed25519" {
if alg != pubkey.algorithm_name() {
return Err(cluelessh_format::ParseError(format!(
"algorithm mismatch. pubkey: ssh-ed25519, privkey: {alg}"
"algorithm mismatch. pubkey: {}, privkey: {alg}",
pubkey.algorithm_name()
)));
}
let enc_a = p.string()?; // ENC(A)
if enc_a != public_key {
if enc_a != public_key.as_bytes() {
return Err(cluelessh_format::ParseError(format!("public key mismatch")));
}
let k_enc_a = p.string()?; // k || ENC(A)
@ -178,16 +202,42 @@ impl EncryptedPrivateKeys {
)));
}
let (k, enc_a) = k_enc_a.split_at(32);
if enc_a != public_key {
if enc_a != public_key.as_bytes() {
// Yes, ed25519 SSH keys seriously store the public key THREE TIMES.
return Err(cluelessh_format::ParseError(format!("public key mismatch")));
}
let private_key = k.try_into().unwrap();
PrivateKeyType::Ed25519 {
PrivateKey::Ed25519 {
public_key: *public_key,
private_key,
}
}
PublicKey::EcdsaSha2NistP256 { public_key } => {
// <https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent#name-ecdsa-keys>
let alg = p.utf8_string()?;
if alg != pubkey.algorithm_name() {
return Err(cluelessh_format::ParseError(format!(
"algorithm mismatch. pubkey: {}, privkey: {alg}",
pubkey.algorithm_name()
)));
}
let curve_name = p.utf8_string()?;
if curve_name != "nistp256" {
return Err(cluelessh_format::ParseError(format!(
"curve name mismatch. expected: nistp256, found: {curve_name}",
)));
}
let q = p.string()?;
if q != public_key.to_encoded_point(false).as_bytes() {
return Err(cluelessh_format::ParseError(format!("public key mismatch")));
}
let _d = p.mpint()?;
todo!()
}
};
let comment = p.utf8_string()?;
@ -262,22 +312,33 @@ impl PlaintextPrivateKey {
enc.u32(self.checkint);
enc.u32(self.checkint);
match self.private_key {
PrivateKeyType::Ed25519 {
match &self.private_key {
PrivateKey::Ed25519 {
public_key,
private_key,
} => {
// <https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent#section-3.2.3>
// <https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent#name-eddsa-keys>
enc.string(b"ssh-ed25519");
enc.string(public_key);
let combined = private_key.len() + public_key.len();
let combined = private_key.len() + public_key.as_bytes().len();
enc.u32(combined as u32);
enc.raw(&private_key);
enc.raw(&public_key);
enc.string(self.comment.as_bytes());
enc.raw(private_key);
enc.raw(public_key.as_bytes());
}
PrivateKey::EcdsaSha2NistP256 {
public_key,
private_key,
} => {
// <https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent#name-ecdsa-keys>
enc.string(self.private_key.algorithm_name());
enc.string("nistp256");
enc.string(public_key.to_encoded_point(false));
enc.mpint(p256::U256::from(private_key.as_nonzero_scalar().as_ref()));
}
}
enc.string(self.comment.as_bytes());
// uh..., i don't really now how much i need to pad so YOLO this here
// TODO: pad properly.
enc.u8(1);
@ -310,17 +371,24 @@ impl PlaintextPrivateKey {
}
}
impl PrivateKeyType {
impl PrivateKey {
pub fn public_key(&self) -> PublicKey {
match *self {
Self::Ed25519 { public_key, .. } => PublicKey::Ed25519 { public_key },
Self::EcdsaSha2NistP256 { public_key, .. } => {
PublicKey::EcdsaSha2NistP256 { public_key }
}
}
}
pub fn algorithm_name(&self) -> &'static str {
self.public_key().algorithm_name()
}
}
#[cfg(test)]
mod tests {
use crate::{Cipher, EncryptedPrivateKeys, Kdf, KeyEncryptionParams, PrivateKeyType};
use crate::{Cipher, EncryptedPrivateKeys, Kdf, KeyEncryptionParams, PrivateKey};
// ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHPaiIO6MePXM/QCJWVge1k4dsiefPr4taP9VJbCtXdx uwu
// Password: 'test'
@ -345,6 +413,17 @@ zukcSwhnKrg+wzw7/JZQAAAAA3V3dQEC
-----END OPENSSH PRIVATE KEY-----
";
// ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZTdlJoLNb701EWnahywBv032Aby+Piza7TzKW1H6Z//Hni/rBcUgnMmG+Kc4XWp6zgny3FMFpviuL01eJbpY8= uwu
// no password
const TEST_ECDSA_SHA2_NISTP256_NONE: &[u8] = b"-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQR2U3ZSaCzW+9NRFp2ocsAb9N9gG8vj
4s2u08yltR+mf/x54v6wXFIJzJhvinOF1qes4J8txTBab4ri9NXiW6WPAAAAoKQV4mmkFe
JpAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZTdlJoLNb701EW
nahywBv032Aby+Piza7TzKW1H6Z//Hni/rBcUgnMmG+Kc4XWp6zgny3FMFpviuL01eJbpY
8AAAAgVF0Z9J3CtkKpNt2IGTJZtBLK+QQKu/bUkp12gstIonUAAAADdXd1AQIDBAU=
-----END OPENSSH PRIVATE KEY-----";
#[test]
fn ed25519_none() {
let keys = EncryptedPrivateKeys::parse(TEST_ED25519_NONE).unwrap();
@ -352,17 +431,44 @@ zukcSwhnKrg+wzw7/JZQAAAAA3V3dQEC
assert_eq!(keys.cipher, Cipher::None);
assert_eq!(keys.kdf, Kdf::None);
let decrypted = keys.parse_private(None).unwrap();
let decrypted = keys.decrypt(None).unwrap();
assert_eq!(decrypted.len(), 1);
let key = decrypted.first().unwrap();
assert_eq!(key.comment, "uwu");
assert!(matches!(key.private_key, PrivateKeyType::Ed25519 { .. }));
assert!(matches!(key.private_key, PrivateKey::Ed25519 { .. }));
}
#[test]
fn roundtrip_ed25519_none() {
let keys = EncryptedPrivateKeys::parse(TEST_ED25519_NONE).unwrap();
let decrypted = keys.parse_private(None).unwrap();
let decrypted = keys.decrypt(None).unwrap();
let encrypted = decrypted[0]
.encrypt(KeyEncryptionParams::secure_or_none("".to_owned()))
.unwrap();
let bytes = encrypted.to_bytes();
assert_eq!(pem::parse(TEST_ED25519_NONE).unwrap().contents(), bytes);
}
#[test]
fn ecdsa_sha2_nistp256_none() {
let keys = EncryptedPrivateKeys::parse(TEST_ECDSA_SHA2_NISTP256_NONE).unwrap();
assert_eq!(keys.public_keys.len(), 1);
assert_eq!(keys.cipher, Cipher::None);
assert_eq!(keys.kdf, Kdf::None);
let decrypted = keys.decrypt(None).unwrap();
assert_eq!(decrypted.len(), 1);
let key = decrypted.first().unwrap();
assert_eq!(key.comment, "uwu");
assert!(matches!(key.private_key, PrivateKey::Ed25519 { .. }));
}
#[test]
fn roundtrip_ecdsa_sha2_nistp256_none() {
let keys = EncryptedPrivateKeys::parse(TEST_ECDSA_SHA2_NISTP256_NONE).unwrap();
let decrypted = keys.decrypt(None).unwrap();
let encrypted = decrypted[0]
.encrypt(KeyEncryptionParams::secure_or_none("".to_owned()))
@ -379,17 +485,17 @@ zukcSwhnKrg+wzw7/JZQAAAAA3V3dQEC
assert_eq!(keys.cipher, Cipher::Aes256Ctr);
assert!(matches!(keys.kdf, Kdf::BCrypt { .. }));
let decrypted = keys.parse_private(Some("test")).unwrap();
let decrypted = keys.decrypt(Some("test")).unwrap();
assert_eq!(decrypted.len(), 1);
let key = decrypted.first().unwrap();
assert_eq!(key.comment, "uwu");
assert!(matches!(key.private_key, PrivateKeyType::Ed25519 { .. }));
assert!(matches!(key.private_key, PrivateKey::Ed25519 { .. }));
}
#[test]
fn roundtrip_aes256ctr() {
fn roundtrip_ed25519_aes256ctr() {
let keys = EncryptedPrivateKeys::parse(TEST_ED25519_NONE).unwrap();
let decrypted = keys.parse_private(None).unwrap();
let decrypted = keys.decrypt(None).unwrap();
let encrypted = decrypted[0]
.encrypt(KeyEncryptionParams::secure_or_none("".to_owned()))

119
lib/cluelessh-keys/src/public.rs Normal file
View file

@ -0,0 +1,119 @@
//! Operations on SSH keys.
// <https://datatracker.ietf.org/doc/html/rfc4716> exists but is kinda weird
use std::fmt::Display;
use base64::Engine;
use ed25519_dalek::VerifyingKey;
use tracing::debug;
use cluelessh_format::{ParseError, Reader, Writer};
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum PublicKey {
Ed25519 {
public_key: ed25519_dalek::VerifyingKey,
},
EcdsaSha2NistP256 {
public_key: p256::ecdsa::VerifyingKey,
},
}
impl PublicKey {
/// Parses an SSH public key from its wire encoding as specified in
/// RFC4253, RFC5656, and RFC8709.
pub fn from_wire_encoding(bytes: &[u8]) -> cluelessh_format::Result<Self> {
let mut p = Reader::new(bytes);
let alg = p.utf8_string()?;
let k = match alg {
"ssh-ed25519" => {
let len = p.u32()?;
if len != 32 {
return Err(ParseError(format!("incorrect ed25519 len: {len}")));
}
let public_key = p.array::<32>()?;
let public_key = VerifyingKey::from_bytes(&public_key)
.map_err(|_| ParseError(format!("invalid ed25519 public key")))?;
Self::Ed25519 { public_key }
}
"ecdsa-sha2-nistp256" => {
todo!()
}
_ => return Err(ParseError(format!("unsupported key type: {alg}"))),
};
Ok(k)
}
pub fn to_wire_encoding(&self) -> Vec<u8> {
let mut p = Writer::new();
p.string(self.algorithm_name());
match self {
Self::Ed25519 { public_key } => {
p.string(public_key.as_bytes());
}
Self::EcdsaSha2NistP256 { public_key } => {
// <https://datatracker.ietf.org/doc/html/rfc5656#section-3.1>
p.string(b"nistp256");
// > point compression MAY be used.
// But OpenSSH does not appear to support that, so let's NOT use it.
p.string(public_key.to_encoded_point(false).as_bytes());
}
}
p.finish()
}
pub fn algorithm_name(&self) -> &'static str {
match self {
Self::Ed25519 { .. } => "ssh-ed25519",
Self::EcdsaSha2NistP256 { .. } => "ecdsa-sha2-nistp256",
}
}
pub fn verify_signature(&self, data: &[u8], signature: &[u8]) -> bool {
match self {
PublicKey::Ed25519 { public_key } => {
let mut s = Reader::new(signature);
let Ok(alg) = s.utf8_string() else {
return false;
};
if alg != "ssh-ed25519" {
return false;
}
let Ok(signature) = s.string() else {
return false;
};
let Ok(signature) = ed25519_dalek::Signature::from_slice(signature) else {
debug!("Invalid signature length");
return false;
};
public_key.verify_strict(data, &signature).is_ok()
}
PublicKey::EcdsaSha2NistP256 { .. } => {
todo!("ecdsa-sha2-nistp256 signature verification")
}
}
}
}
impl Display for PublicKey {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
Self::Ed25519 { .. } => {
let encoded_pubkey = b64encode(&self.to_wire_encoding());
write!(f, "{} {encoded_pubkey}", self.algorithm_name())
}
Self::EcdsaSha2NistP256 { .. } => {
let encoded_pubkey = b64encode(&self.to_wire_encoding());
write!(f, "{} {encoded_pubkey}", self.algorithm_name())
},
}
}
}
fn b64encode(bytes: &[u8]) -> String {
base64::prelude::BASE64_STANDARD_NO_PAD.encode(bytes)
}

3
lib/cluelessh-keys/src/signature.rs
View file

@ -1,5 +1,6 @@
use cluelessh_format::Writer;
use cluelessh_transport::key::PublicKey;
use crate::public::PublicKey;
// TODO SessionId newtype
pub fn signature_data(session_id: [u8; 32], username: &str, pubkey: &PublicKey) -> Vec<u8> {