mirror of
https://github.com/warp-tech/warpgate.git
synced 2024-09-20 06:46:17 +08:00
re-save ed25519 keys to fix the encoding error
This commit is contained in:
parent
571abb1cb1
commit
ebb6956b82
17
Cargo.lock
generated
17
Cargo.lock
generated
|
@ -552,6 +552,12 @@ dependencies = [
|
||||||
"shlex",
|
"shlex",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "bit-vec"
|
||||||
|
version = "0.6.3"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "bitflags"
|
name = "bitflags"
|
||||||
version = "1.3.2"
|
version = "1.3.2"
|
||||||
|
@ -3723,9 +3729,9 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "russh"
|
name = "russh"
|
||||||
version = "0.44.0-beta.4"
|
version = "0.44.0-beta.5"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "5c0c8b1a1213ee9cbae3c644c76f304ddfff8de66c1e7194626e511e9e5c91f7"
|
checksum = "2f5827ad9882c902e17911af4db2995bf6247e333f6615668a39df31d94262cd"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"aes",
|
"aes",
|
||||||
"aes-gcm",
|
"aes-gcm",
|
||||||
|
@ -3775,9 +3781,9 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "russh-keys"
|
name = "russh-keys"
|
||||||
version = "0.44.0-beta.4"
|
version = "0.44.0-beta.5"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "65d9d07bb169099e6e0ae7e30b64965f005d613170c6e019586cd30be596e2ee"
|
checksum = "e86b69bb1b6a00b3ce02a6d4e9152a4bc39350847e9170c19caa9bc3e363a608"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"aes",
|
"aes",
|
||||||
"async-trait",
|
"async-trait",
|
||||||
|
@ -3821,6 +3827,7 @@ dependencies = [
|
||||||
"tokio",
|
"tokio",
|
||||||
"tokio-stream",
|
"tokio-stream",
|
||||||
"typenum",
|
"typenum",
|
||||||
|
"yasna",
|
||||||
"zeroize",
|
"zeroize",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -6234,6 +6241,8 @@ version = "0.5.2"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd"
|
checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
"bit-vec",
|
||||||
|
"num-bigint",
|
||||||
"time",
|
"time",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@ poem-openapi = { version = "2.0", features = [
|
||||||
"uuid",
|
"uuid",
|
||||||
"static-files",
|
"static-files",
|
||||||
] }
|
] }
|
||||||
russh-keys = { version = "0.44.0-beta.4" }
|
russh-keys = { version = "0.44.0-beta.5", features = ["legacy-ed25519-pkcs8-parser"] }
|
||||||
# russh-keys = { version = "0.23.0-beta.1", path = "../../russh/russh-keys" }
|
# russh-keys = { version = "0.23.0-beta.1", path = "../../russh/russh-keys" }
|
||||||
rust-embed = "8.3"
|
rust-embed = "8.3"
|
||||||
sea-orm = { version = "0.12.2", features = [
|
sea-orm = { version = "0.12.2", features = [
|
||||||
|
|
|
@ -14,9 +14,9 @@ dialoguer = "0.10"
|
||||||
curve25519-dalek = "4.0.0" # pin due to build fail on x86
|
curve25519-dalek = "4.0.0" # pin due to build fail on x86
|
||||||
ed25519-dalek = "2.0.0" # pin due to build fail on x86 in 2.1
|
ed25519-dalek = "2.0.0" # pin due to build fail on x86 in 2.1
|
||||||
futures = "0.3"
|
futures = "0.3"
|
||||||
russh = { version = "0.44.0-beta.4" }
|
russh = { version = "0.44.0-beta.5" }
|
||||||
# russh = { version = "0.35.0-beta.6", path = "../../russh/russh"}
|
# russh = { version = "0.35.0-beta.6", path = "../../russh/russh"}
|
||||||
russh-keys = { version = "0.44.0-beta.4" }
|
russh-keys = { version = "0.44.0-beta.5", features = ["legacy-ed25519-pkcs8-parser"] }
|
||||||
# russh-keys = { version = "0.23.0-beta.1", path = "../../russh/russh-keys" }
|
# russh-keys = { version = "0.23.0-beta.1", path = "../../russh/russh-keys" }
|
||||||
sea-orm = { version = "0.12.2", features = [
|
sea-orm = { version = "0.12.2", features = [
|
||||||
"runtime-tokio-rustls",
|
"runtime-tokio-rustls",
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
use std::fs::{create_dir_all, File};
|
use std::fs::{create_dir_all, File};
|
||||||
use std::path::PathBuf;
|
use std::path::{Path, PathBuf};
|
||||||
|
|
||||||
use anyhow::{Context, Result};
|
use anyhow::{Context, Result};
|
||||||
use russh_keys::key::{KeyPair, SignatureHash};
|
use russh_keys::key::{KeyPair, SignatureHash};
|
||||||
|
@ -46,7 +46,7 @@ pub fn load_host_keys(config: &WarpgateConfig) -> Result<Vec<KeyPair>, russh_key
|
||||||
let mut keys = Vec::new();
|
let mut keys = Vec::new();
|
||||||
|
|
||||||
let key_path = path.join("host-ed25519");
|
let key_path = path.join("host-ed25519");
|
||||||
keys.push(load_secret_key(key_path, None)?);
|
keys.push(load_and_maybe_resave_ed25519_key(key_path)?);
|
||||||
|
|
||||||
let key_path = path.join("host-rsa");
|
let key_path = path.join("host-rsa");
|
||||||
let key = load_secret_key(key_path, None)?;
|
let key = load_secret_key(key_path, None)?;
|
||||||
|
@ -94,11 +94,25 @@ pub fn load_client_keys(config: &WarpgateConfig) -> Result<Vec<KeyPair>, russh_k
|
||||||
let path = get_keys_path(config);
|
let path = get_keys_path(config);
|
||||||
let mut keys = Vec::new();
|
let mut keys = Vec::new();
|
||||||
|
|
||||||
let key_path = path.join("client-ed25519");
|
let key_path: PathBuf = path.join("client-ed25519");
|
||||||
keys.push(load_secret_key(key_path, None)?);
|
keys.push(load_and_maybe_resave_ed25519_key(key_path)?);
|
||||||
|
|
||||||
let key_path = path.join("client-rsa");
|
let key_path = path.join("client-rsa");
|
||||||
keys.push(load_secret_key(key_path, None)?);
|
keys.push(load_secret_key(key_path, None)?);
|
||||||
|
|
||||||
Ok(keys)
|
Ok(keys)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// russh 0.43 has a bug that generates incorrect PKCS#8 encoding for Ed25519 keys
|
||||||
|
/// This will preemptively try to correctly re-encode and save the key
|
||||||
|
fn load_and_maybe_resave_ed25519_key<P: AsRef<Path>>(p: P) -> Result<KeyPair, russh_keys::Error> {
|
||||||
|
let key = load_secret_key(&p, None)?;
|
||||||
|
if let KeyPair::Ed25519(_) = &key {
|
||||||
|
if let Ok(f) = File::create(p) {
|
||||||
|
if let Err(e) = encode_pkcs8_pem(&key, f) {
|
||||||
|
error!("Failed to re-save the Ed25519 key: {e:?}");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
Ok(key)
|
||||||
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#![feature(type_alias_impl_trait)]
|
#![feature(type_alias_impl_trait, try_blocks)]
|
||||||
mod client;
|
mod client;
|
||||||
mod common;
|
mod common;
|
||||||
mod compat;
|
mod compat;
|
||||||
|
|
Loading…
Reference in a new issue