From 149650bf1560227d3f5d9eaa0cbe383d8b80d6d9 Mon Sep 17 00:00:00 2001 From: Hatter Jiang Date: Mon, 26 May 2025 00:06:11 +0800 Subject: [PATCH] feat: updates ssh agent --- src/cmd_ssh_agent.rs | 46 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 9 deletions(-) diff --git a/src/cmd_ssh_agent.rs b/src/cmd_ssh_agent.rs index 1a8196c..c891cad 100644 --- a/src/cmd_ssh_agent.rs +++ b/src/cmd_ssh_agent.rs @@ -3,7 +3,7 @@ use std::path::PathBuf; use clap::{App, Arg, ArgMatches, SubCommand}; -use crate::ecdsautil::{generate_ecdsa_keypair, EcdsaAlgorithm}; +use crate::ecdsautil::{generate_ecdsa_keypair, parse_ecdsa_r_and_s, EcdsaAlgorithm}; use crate::util::base64_encode; use rust_util::util_clap::{Command, CommandError}; use rust_util::XResult; @@ -13,6 +13,7 @@ use ssh_agent_lib::proto::{Extension, Identity, SignRequest}; use ssh_agent_lib::ssh_encoding::Encode; use ssh_agent_lib::ssh_key::public::KeyData; use ssh_agent_lib::ssh_key::{Algorithm, Signature}; +use ssh_key::{EcdsaCurve, Mpint}; use tokio::net::UnixListener as Listener; #[derive(Default, Clone)] @@ -34,9 +35,9 @@ impl MySshAgent { #[ssh_agent_lib::async_trait] impl Session for MySshAgent { async fn request_identities(&mut self) -> Result, AgentError> { - debugging!("request_identities"); + information!("request_identities"); // let p256_private_key_d = ecdsautil::parse_p256_private_key(&self.private_key_pem).unwrap(); - let public_key_point = hex::decode("0474b7b8dcac7587afc8c461e96d713d05a4caae9dc4188924697fcb8dec2b8001d337e9ff4da1fb30042fef53375bde0cbe4964c71298b9d56bd9131c347119f3").unwrap(); + let public_key_point = hex::decode("04f17326c188b9d0cffeddd8ff935f24f2074bbef128ac5b04b9cac05de967df5dbfd065698dce3b8c1f451bb9a1593ace13360bbc49c51f5213777fd873932efa44763bfcc1c764b122a8a8977bcb3e0ad099d652e63db1c5a1bda02120a16dc5").unwrap(); let identity = Identity { pubkey: KeyData::Ecdsa( ssh_key::public::EcdsaPublicKey::from_sec1_bytes(&public_key_point).unwrap(), @@ -50,18 +51,45 @@ impl Session for MySshAgent { } async fn sign(&mut self, request: SignRequest) -> Result { - debugging!("sign, request: {:?}", request); - // get the signature by signing `request.data` - let signature = vec![]; + information!("sign, request: {:?}", request); + + let algorithm = &request.pubkey.algorithm(); + match algorithm { + Algorithm::Dsa => {} + Algorithm::Ecdsa { curve: _ } => {} + Algorithm::Ed25519 => {} + Algorithm::Rsa { hash: _ } => {} + Algorithm::SkEcdsaSha2NistP256 => {} + Algorithm::SkEd25519 => {} + Algorithm::Other(_) => {} + &_ => {} + } + + let signature = external_command_rs::external_sign( + "card-cli", + "key://yubikey4-5010220:piv/p384::authentication", + "ES384", + &request.data, + ) + .unwrap(); + information!("{}", hex::encode(&signature)); + let (r, s) = parse_ecdsa_r_and_s(signature.as_slice()).unwrap(); + let mut ssh_signature = vec![]; + let r_mpint = Mpint::from_bytes(&r).unwrap(); + let s_mpint = Mpint::from_bytes(&s).unwrap(); + r_mpint.encode(&mut ssh_signature).unwrap(); + s_mpint.encode(&mut ssh_signature).unwrap(); Ok(Signature::new( - Algorithm::new("algorithm").map_err(AgentError::other)?, - signature, + Algorithm::Ecdsa { + curve: EcdsaCurve::NistP384, + }, + ssh_signature, ) .map_err(AgentError::other)?) } async fn extension(&mut self, extension: Extension) -> Result, AgentError> { - debugging!("extension: {:?}", extension); + information!("extension: {:?}", extension); Ok(None) } }