Expand native auth and benchmark gates

This commit is contained in:
DuProcess
2026-06-18 09:29:06 -04:00
parent 2835da76b0
commit 25d9a6aefa
13 changed files with 1036 additions and 178 deletions
+21 -18
View File
@@ -10,9 +10,10 @@ use dosh::config::{expand_tilde, load_client_config, load_hosts_config, load_ser
use dosh::crypto;
use dosh::native::{
EnvVar, ForwardingKind, ForwardingRequest, KnownHostStatus, TrustResult,
derive_native_session_key, generate_native_ephemeral, host_fingerprint, load_ed25519_identity,
load_ed25519_identity_with_passphrase, parse_host_public_key_line, remove_trusted_host,
sign_user_auth, trust_host, verify_known_host, verify_server_hello,
derive_native_session_key, generate_native_ephemeral, host_fingerprint, load_native_identity,
load_native_identity_with_passphrase, parse_host_public_key_line, remove_trusted_host,
sign_user_auth_with_private_key, supported_user_key_algorithms, trust_host, verify_known_host,
verify_server_hello,
};
use dosh::protocol::{
self, AttachOk, AttachReject, BootstrapAttachRequest, CLIENT_TO_SERVER, Frame, Input,
@@ -1486,7 +1487,7 @@ async fn try_native_auth(
requested_mode: mode.to_string(),
terminal_size: (cols, rows),
supported_aead: vec!["chacha20poly1305".to_string()],
supported_user_key_algorithms: vec!["ssh-ed25519".to_string()],
supported_user_key_algorithms: supported_user_key_algorithms(),
cached_host_key_fingerprint: None,
attach_ticket_envelope: None,
requested_env,
@@ -1642,7 +1643,7 @@ async fn try_native_auth_check(
requested_mode: "doctor".to_string(),
terminal_size: (80, 24),
supported_aead: vec!["chacha20poly1305".to_string()],
supported_user_key_algorithms: vec!["ssh-ed25519".to_string()],
supported_user_key_algorithms: supported_user_key_algorithms(),
cached_host_key_fingerprint: None,
attach_ticket_envelope: None,
requested_env: Vec::new(),
@@ -1766,7 +1767,9 @@ fn sign_native_user_auth(
}
match load_first_native_identity(config, cli_identity, ssh_config) {
Ok(identity) => sign_user_auth(&identity, hello, server_hello, requested_forwardings),
Ok(identity) => {
sign_user_auth_with_private_key(&identity, hello, server_hello, requested_forwardings)
}
Err(err) => {
errors.push(format!("identity files: {err:#}"));
Err(anyhow!(
@@ -1781,7 +1784,7 @@ fn load_first_native_identity(
config: &dosh::config::ClientConfig,
cli_identity: Option<&Path>,
ssh_config: &SshConfig,
) -> Result<ed25519_dalek::SigningKey> {
) -> Result<ssh_key::PrivateKey> {
load_first_native_identity_with_prompt(
config,
cli_identity,
@@ -1795,7 +1798,7 @@ fn load_first_native_identity_with_prompt<F>(
cli_identity: Option<&Path>,
ssh_config: &SshConfig,
mut prompt: F,
) -> Result<ed25519_dalek::SigningKey>
) -> Result<ssh_key::PrivateKey>
where
F: FnMut(&Path) -> Result<String>,
{
@@ -1817,11 +1820,11 @@ where
if !path.exists() {
continue;
}
match load_ed25519_identity(&path) {
match load_native_identity(&path) {
Ok(identity) => return Ok(identity),
Err(err) if err.to_string().contains(" is encrypted") => {
match prompt(&path).and_then(|passphrase| {
load_ed25519_identity_with_passphrase(&path, Some(&passphrase))
load_native_identity_with_passphrase(&path, Some(&passphrase))
}) {
Ok(identity) => return Ok(identity),
Err(err) => errors.push(format!("{}: {err:#}", path.display())),
@@ -1831,10 +1834,10 @@ where
}
}
if errors.is_empty() {
Err(anyhow!("no usable ssh-ed25519 identity found"))
Err(anyhow!("no usable native identity found"))
} else {
Err(anyhow!(
"no usable ssh-ed25519 identity found: {}",
"no usable native identity found: {}",
errors.join("; ")
))
}
@@ -4222,8 +4225,8 @@ mod tests {
.unwrap();
assert_eq!(
VerifyingKey::from(&loaded).to_bytes(),
VerifyingKey::from(&signing).to_bytes()
loaded.public_key().key_data().ed25519().unwrap().as_ref(),
VerifyingKey::from(&signing).as_bytes()
);
}
@@ -4243,7 +4246,7 @@ mod tests {
)
.unwrap_err();
assert!(err.to_string().contains("no usable ssh-ed25519 identity"));
assert!(err.to_string().contains("no usable native identity"));
}
#[test]
@@ -4263,7 +4266,7 @@ mod tests {
})
.unwrap_err();
assert!(err.to_string().contains("no usable ssh-ed25519 identity"));
assert!(err.to_string().contains("no usable native identity"));
}
#[test]
@@ -4285,8 +4288,8 @@ mod tests {
.unwrap();
assert_eq!(
VerifyingKey::from(&loaded).to_bytes(),
VerifyingKey::from(&signing).to_bytes()
loaded.public_key().key_data().ed25519().unwrap().as_ref(),
VerifyingKey::from(&signing).as_bytes()
);
}