warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2024-09-20 06:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

re-save ed25519 keys to fix the encoding error

Browse source
This commit is contained in:
Eugene 2024-07-16 22:01:07 +02:00
parent 571abb1cb1
commit ebb6956b82
No known key found for this signature in database
GPG key ID: 5896FCBBDD1CF4F4
5 changed files with 35 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
Cargo.lock generated
View file

@ -552,6 +552,12 @@ dependencies = [
"shlex", "shlex",
] ]
[[package]]
name = "bit-vec"
version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
[[package]] [[package]]
name = "bitflags" name = "bitflags"
version = "1.3.2" version = "1.3.2"
@ -3723,9 +3729,9 @@ dependencies = [
[[package]] [[package]]
name = "russh" name = "russh"
version = "0.44.0-beta.4" version = "0.44.0-beta.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c0c8b1a1213ee9cbae3c644c76f304ddfff8de66c1e7194626e511e9e5c91f7" checksum = "2f5827ad9882c902e17911af4db2995bf6247e333f6615668a39df31d94262cd"
dependencies = [ dependencies = [
"aes", "aes",
"aes-gcm", "aes-gcm",
@ -3775,9 +3781,9 @@ dependencies = [
[[package]] [[package]]
name = "russh-keys" name = "russh-keys"
version = "0.44.0-beta.4" version = "0.44.0-beta.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "65d9d07bb169099e6e0ae7e30b64965f005d613170c6e019586cd30be596e2ee" checksum = "e86b69bb1b6a00b3ce02a6d4e9152a4bc39350847e9170c19caa9bc3e363a608"
dependencies = [ dependencies = [
"aes", "aes",
"async-trait", "async-trait",
@ -3821,6 +3827,7 @@ dependencies = [
"tokio", "tokio",
"tokio-stream", "tokio-stream",
"typenum", "typenum",
"yasna",
"zeroize", "zeroize",
] ]
@ -6234,6 +6241,8 @@ version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd" checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd"
dependencies = [ dependencies = [
"bit-vec",
"num-bigint",
"time", "time",
] ]

2
warpgate-admin/Cargo.toml
View file

@ -24,7 +24,7 @@ poem-openapi = { version = "2.0", features = [
"uuid", "uuid",
"static-files", "static-files",
] } ] }
russh-keys = { version = "0.44.0-beta.4" } russh-keys = { version = "0.44.0-beta.5", features = ["legacy-ed25519-pkcs8-parser"] }
# russh-keys = { version = "0.23.0-beta.1", path = "../../russh/russh-keys" } # russh-keys = { version = "0.23.0-beta.1", path = "../../russh/russh-keys" }
rust-embed = "8.3" rust-embed = "8.3"
sea-orm = { version = "0.12.2", features = [ sea-orm = { version = "0.12.2", features = [

4
warpgate-protocol-ssh/Cargo.toml
View file

@ -14,9 +14,9 @@ dialoguer = "0.10"
curve25519-dalek = "4.0.0" # pin due to build fail on x86 curve25519-dalek = "4.0.0" # pin due to build fail on x86
ed25519-dalek = "2.0.0" # pin due to build fail on x86 in 2.1 ed25519-dalek = "2.0.0" # pin due to build fail on x86 in 2.1
futures = "0.3" futures = "0.3"
russh = { version = "0.44.0-beta.4" } russh = { version = "0.44.0-beta.5" }
# russh = { version = "0.35.0-beta.6", path = "../../russh/russh"} # russh = { version = "0.35.0-beta.6", path = "../../russh/russh"}
russh-keys = { version = "0.44.0-beta.4" } russh-keys = { version = "0.44.0-beta.5", features = ["legacy-ed25519-pkcs8-parser"] }
# russh-keys = { version = "0.23.0-beta.1", path = "../../russh/russh-keys" } # russh-keys = { version = "0.23.0-beta.1", path = "../../russh/russh-keys" }
sea-orm = { version = "0.12.2", features = [ sea-orm = { version = "0.12.2", features = [
"runtime-tokio-rustls", "runtime-tokio-rustls",

22
warpgate-protocol-ssh/src/keys.rs
View file

@ -1,5 +1,5 @@
use std::fs::{create_dir_all, File}; use std::fs::{create_dir_all, File};
use std::path::PathBuf; use std::path::{Path, PathBuf};
use anyhow::{Context, Result}; use anyhow::{Context, Result};
use russh_keys::key::{KeyPair, SignatureHash}; use russh_keys::key::{KeyPair, SignatureHash};
@ -46,7 +46,7 @@ pub fn load_host_keys(config: &WarpgateConfig) -> Result<Vec<KeyPair>, russh_key
let mut keys = Vec::new(); let mut keys = Vec::new();
let key_path = path.join("host-ed25519"); let key_path = path.join("host-ed25519");
keys.push(load_secret_key(key_path, None)?); keys.push(load_and_maybe_resave_ed25519_key(key_path)?);
let key_path = path.join("host-rsa"); let key_path = path.join("host-rsa");
let key = load_secret_key(key_path, None)?; let key = load_secret_key(key_path, None)?;
@ -94,11 +94,25 @@ pub fn load_client_keys(config: &WarpgateConfig) -> Result<Vec<KeyPair>, russh_k
let path = get_keys_path(config); let path = get_keys_path(config);
let mut keys = Vec::new(); let mut keys = Vec::new();
let key_path = path.join("client-ed25519"); let key_path: PathBuf = path.join("client-ed25519");
keys.push(load_secret_key(key_path, None)?); keys.push(load_and_maybe_resave_ed25519_key(key_path)?);
let key_path = path.join("client-rsa"); let key_path = path.join("client-rsa");
keys.push(load_secret_key(key_path, None)?); keys.push(load_secret_key(key_path, None)?);
Ok(keys) Ok(keys)
} }
/// russh 0.43 has a bug that generates incorrect PKCS#8 encoding for Ed25519 keys
/// This will preemptively try to correctly re-encode and save the key
fn load_and_maybe_resave_ed25519_key<P: AsRef<Path>>(p: P) -> Result<KeyPair, russh_keys::Error> {
let key = load_secret_key(&p, None)?;
if let KeyPair::Ed25519(_) = &key {
if let Ok(f) = File::create(p) {
if let Err(e) = encode_pkcs8_pem(&key, f) {
error!("Failed to re-save the Ed25519 key: {e:?}");
}
}
};
Ok(key)
}

2
warpgate-protocol-ssh/src/lib.rs
View file

@ -1,4 +1,4 @@
#![feature(type_alias_impl_trait)] #![feature(type_alias_impl_trait, try_blocks)]
mod client; mod client;
mod common; mod common;
mod compat; mod compat;