Expand native auth and benchmark gates
This commit is contained in:
+21
-18
@@ -10,9 +10,10 @@ use dosh::config::{expand_tilde, load_client_config, load_hosts_config, load_ser
|
||||
use dosh::crypto;
|
||||
use dosh::native::{
|
||||
EnvVar, ForwardingKind, ForwardingRequest, KnownHostStatus, TrustResult,
|
||||
derive_native_session_key, generate_native_ephemeral, host_fingerprint, load_ed25519_identity,
|
||||
load_ed25519_identity_with_passphrase, parse_host_public_key_line, remove_trusted_host,
|
||||
sign_user_auth, trust_host, verify_known_host, verify_server_hello,
|
||||
derive_native_session_key, generate_native_ephemeral, host_fingerprint, load_native_identity,
|
||||
load_native_identity_with_passphrase, parse_host_public_key_line, remove_trusted_host,
|
||||
sign_user_auth_with_private_key, supported_user_key_algorithms, trust_host, verify_known_host,
|
||||
verify_server_hello,
|
||||
};
|
||||
use dosh::protocol::{
|
||||
self, AttachOk, AttachReject, BootstrapAttachRequest, CLIENT_TO_SERVER, Frame, Input,
|
||||
@@ -1486,7 +1487,7 @@ async fn try_native_auth(
|
||||
requested_mode: mode.to_string(),
|
||||
terminal_size: (cols, rows),
|
||||
supported_aead: vec!["chacha20poly1305".to_string()],
|
||||
supported_user_key_algorithms: vec!["ssh-ed25519".to_string()],
|
||||
supported_user_key_algorithms: supported_user_key_algorithms(),
|
||||
cached_host_key_fingerprint: None,
|
||||
attach_ticket_envelope: None,
|
||||
requested_env,
|
||||
@@ -1642,7 +1643,7 @@ async fn try_native_auth_check(
|
||||
requested_mode: "doctor".to_string(),
|
||||
terminal_size: (80, 24),
|
||||
supported_aead: vec!["chacha20poly1305".to_string()],
|
||||
supported_user_key_algorithms: vec!["ssh-ed25519".to_string()],
|
||||
supported_user_key_algorithms: supported_user_key_algorithms(),
|
||||
cached_host_key_fingerprint: None,
|
||||
attach_ticket_envelope: None,
|
||||
requested_env: Vec::new(),
|
||||
@@ -1766,7 +1767,9 @@ fn sign_native_user_auth(
|
||||
}
|
||||
|
||||
match load_first_native_identity(config, cli_identity, ssh_config) {
|
||||
Ok(identity) => sign_user_auth(&identity, hello, server_hello, requested_forwardings),
|
||||
Ok(identity) => {
|
||||
sign_user_auth_with_private_key(&identity, hello, server_hello, requested_forwardings)
|
||||
}
|
||||
Err(err) => {
|
||||
errors.push(format!("identity files: {err:#}"));
|
||||
Err(anyhow!(
|
||||
@@ -1781,7 +1784,7 @@ fn load_first_native_identity(
|
||||
config: &dosh::config::ClientConfig,
|
||||
cli_identity: Option<&Path>,
|
||||
ssh_config: &SshConfig,
|
||||
) -> Result<ed25519_dalek::SigningKey> {
|
||||
) -> Result<ssh_key::PrivateKey> {
|
||||
load_first_native_identity_with_prompt(
|
||||
config,
|
||||
cli_identity,
|
||||
@@ -1795,7 +1798,7 @@ fn load_first_native_identity_with_prompt<F>(
|
||||
cli_identity: Option<&Path>,
|
||||
ssh_config: &SshConfig,
|
||||
mut prompt: F,
|
||||
) -> Result<ed25519_dalek::SigningKey>
|
||||
) -> Result<ssh_key::PrivateKey>
|
||||
where
|
||||
F: FnMut(&Path) -> Result<String>,
|
||||
{
|
||||
@@ -1817,11 +1820,11 @@ where
|
||||
if !path.exists() {
|
||||
continue;
|
||||
}
|
||||
match load_ed25519_identity(&path) {
|
||||
match load_native_identity(&path) {
|
||||
Ok(identity) => return Ok(identity),
|
||||
Err(err) if err.to_string().contains(" is encrypted") => {
|
||||
match prompt(&path).and_then(|passphrase| {
|
||||
load_ed25519_identity_with_passphrase(&path, Some(&passphrase))
|
||||
load_native_identity_with_passphrase(&path, Some(&passphrase))
|
||||
}) {
|
||||
Ok(identity) => return Ok(identity),
|
||||
Err(err) => errors.push(format!("{}: {err:#}", path.display())),
|
||||
@@ -1831,10 +1834,10 @@ where
|
||||
}
|
||||
}
|
||||
if errors.is_empty() {
|
||||
Err(anyhow!("no usable ssh-ed25519 identity found"))
|
||||
Err(anyhow!("no usable native identity found"))
|
||||
} else {
|
||||
Err(anyhow!(
|
||||
"no usable ssh-ed25519 identity found: {}",
|
||||
"no usable native identity found: {}",
|
||||
errors.join("; ")
|
||||
))
|
||||
}
|
||||
@@ -4222,8 +4225,8 @@ mod tests {
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(
|
||||
VerifyingKey::from(&loaded).to_bytes(),
|
||||
VerifyingKey::from(&signing).to_bytes()
|
||||
loaded.public_key().key_data().ed25519().unwrap().as_ref(),
|
||||
VerifyingKey::from(&signing).as_bytes()
|
||||
);
|
||||
}
|
||||
|
||||
@@ -4243,7 +4246,7 @@ mod tests {
|
||||
)
|
||||
.unwrap_err();
|
||||
|
||||
assert!(err.to_string().contains("no usable ssh-ed25519 identity"));
|
||||
assert!(err.to_string().contains("no usable native identity"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
@@ -4263,7 +4266,7 @@ mod tests {
|
||||
})
|
||||
.unwrap_err();
|
||||
|
||||
assert!(err.to_string().contains("no usable ssh-ed25519 identity"));
|
||||
assert!(err.to_string().contains("no usable native identity"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
@@ -4285,8 +4288,8 @@ mod tests {
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(
|
||||
VerifyingKey::from(&loaded).to_bytes(),
|
||||
VerifyingKey::from(&signing).to_bytes()
|
||||
loaded.public_key().key_data().ed25519().unwrap().as_ref(),
|
||||
VerifyingKey::from(&signing).as_bytes()
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user