feat: updates ssh agent

2025-05-26 00:06:11 +08:00
parent 5b3e0bc8cb
commit 149650bf15
1 changed files with 37 additions and 9 deletions
--- a/src/cmd_ssh_agent.rs
+++ b/src/cmd_ssh_agent.rs
@@ -3,7 +3,7 @@ use std::path::PathBuf;

 use clap::{App, Arg, ArgMatches, SubCommand};

-use crate::ecdsautil::{generate_ecdsa_keypair, EcdsaAlgorithm};
+use crate::ecdsautil::{generate_ecdsa_keypair, parse_ecdsa_r_and_s, EcdsaAlgorithm};
 use crate::util::base64_encode;
 use rust_util::util_clap::{Command, CommandError};
 use rust_util::XResult;
@@ -13,6 +13,7 @@ use ssh_agent_lib::proto::{Extension, Identity, SignRequest};
 use ssh_agent_lib::ssh_encoding::Encode;
 use ssh_agent_lib::ssh_key::public::KeyData;
 use ssh_agent_lib::ssh_key::{Algorithm, Signature};
+use ssh_key::{EcdsaCurve, Mpint};
 use tokio::net::UnixListener as Listener;

 #[derive(Default, Clone)]
@@ -34,9 +35,9 @@ impl MySshAgent {
 #[ssh_agent_lib::async_trait]
 impl Session for MySshAgent {
    async fn request_identities(&mut self) -> Result<Vec<Identity>, AgentError> {
-        debugging!("request_identities");
+        information!("request_identities");
        // let p256_private_key_d = ecdsautil::parse_p256_private_key(&self.private_key_pem).unwrap();
-        let public_key_point = hex::decode("0474b7b8dcac7587afc8c461e96d713d05a4caae9dc4188924697fcb8dec2b8001d337e9ff4da1fb30042fef53375bde0cbe4964c71298b9d56bd9131c347119f3").unwrap();
+        let public_key_point = hex::decode("04f17326c188b9d0cffeddd8ff935f24f2074bbef128ac5b04b9cac05de967df5dbfd065698dce3b8c1f451bb9a1593ace13360bbc49c51f5213777fd873932efa44763bfcc1c764b122a8a8977bcb3e0ad099d652e63db1c5a1bda02120a16dc5").unwrap();
        let identity = Identity {
            pubkey: KeyData::Ecdsa(
                ssh_key::public::EcdsaPublicKey::from_sec1_bytes(&public_key_point).unwrap(),
@@ -50,18 +51,45 @@ impl Session for MySshAgent {
    }

    async fn sign(&mut self, request: SignRequest) -> Result<Signature, AgentError> {
-        debugging!("sign, request: {:?}", request);
-        // get the signature by signing `request.data`
-        let signature = vec![];
+        information!("sign, request: {:?}", request);
+
+        let algorithm = &request.pubkey.algorithm();
+        match algorithm {
+            Algorithm::Dsa => {}
+            Algorithm::Ecdsa { curve: _ } => {}
+            Algorithm::Ed25519 => {}
+            Algorithm::Rsa { hash: _ } => {}
+            Algorithm::SkEcdsaSha2NistP256 => {}
+            Algorithm::SkEd25519 => {}
+            Algorithm::Other(_) => {}
+            &_ => {}
+        }
+
+        let signature = external_command_rs::external_sign(
+            "card-cli",
+            "key://yubikey4-5010220:piv/p384::authentication",
+            "ES384",
+            &request.data,
+        )
+        .unwrap();
+        information!("{}", hex::encode(&signature));
+        let (r, s) = parse_ecdsa_r_and_s(signature.as_slice()).unwrap();
+        let mut ssh_signature = vec![];
+        let r_mpint = Mpint::from_bytes(&r).unwrap();
+        let s_mpint = Mpint::from_bytes(&s).unwrap();
+        r_mpint.encode(&mut ssh_signature).unwrap();
+        s_mpint.encode(&mut ssh_signature).unwrap();
        Ok(Signature::new(
-            Algorithm::new("algorithm").map_err(AgentError::other)?,
-            signature,
+            Algorithm::Ecdsa {
+                curve: EcdsaCurve::NistP384,
+            },
+            ssh_signature,
        )
        .map_err(AgentError::other)?)
    }

    async fn extension(&mut self, extension: Extension) -> Result<Option<Extension>, AgentError> {
-        debugging!("extension: {:?}", extension);
+        information!("extension: {:?}", extension);
        Ok(None)
    }
 }