mirror of
https://github.com/warp-tech/warpgate.git
synced 2024-11-10 09:12:56 +08:00
re-save ed25519 keys to fix the encoding error
This commit is contained in:
Eugene
parent
571abb1cb1
commit
ebb6956b82
5 changed files with 35 additions and 12 deletions
17
Cargo.lock
generated
17
Cargo.lock
generated
|
|
@ -552,6 +552,12 @@ dependencies = [
|
|||
"shlex",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "bit-vec"
|
||||
version = "0.6.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
|
||||
|
||||
[[package]]
|
||||
name = "bitflags"
|
||||
version = "1.3.2"
|
||||
|
|
@ -3723,9 +3729,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "russh"
|
||||
version = "0.44.0-beta.4"
|
||||
version = "0.44.0-beta.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5c0c8b1a1213ee9cbae3c644c76f304ddfff8de66c1e7194626e511e9e5c91f7"
|
||||
checksum = "2f5827ad9882c902e17911af4db2995bf6247e333f6615668a39df31d94262cd"
|
||||
dependencies = [
|
||||
"aes",
|
||||
"aes-gcm",
|
||||
|
|
@ -3775,9 +3781,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "russh-keys"
|
||||
version = "0.44.0-beta.4"
|
||||
version = "0.44.0-beta.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "65d9d07bb169099e6e0ae7e30b64965f005d613170c6e019586cd30be596e2ee"
|
||||
checksum = "e86b69bb1b6a00b3ce02a6d4e9152a4bc39350847e9170c19caa9bc3e363a608"
|
||||
dependencies = [
|
||||
"aes",
|
||||
"async-trait",
|
||||
|
|
@ -3821,6 +3827,7 @@ dependencies = [
|
|||
"tokio",
|
||||
"tokio-stream",
|
||||
"typenum",
|
||||
"yasna",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
|
|
@ -6234,6 +6241,8 @@ version = "0.5.2"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd"
|
||||
dependencies = [
|
||||
"bit-vec",
|
||||
"num-bigint",
|
||||
"time",
|
||||
]
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ poem-openapi = { version = "2.0", features = [
|
|||
"uuid",
|
||||
"static-files",
|
||||
] }
|
||||
russh-keys = { version = "0.44.0-beta.4" }
|
||||
russh-keys = { version = "0.44.0-beta.5", features = ["legacy-ed25519-pkcs8-parser"] }
|
||||
# russh-keys = { version = "0.23.0-beta.1", path = "../../russh/russh-keys" }
|
||||
rust-embed = "8.3"
|
||||
sea-orm = { version = "0.12.2", features = [
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@ dialoguer = "0.10"
|
|||
curve25519-dalek = "4.0.0" # pin due to build fail on x86
|
||||
ed25519-dalek = "2.0.0" # pin due to build fail on x86 in 2.1
|
||||
futures = "0.3"
|
||||
russh = { version = "0.44.0-beta.4" }
|
||||
russh = { version = "0.44.0-beta.5" }
|
||||
# russh = { version = "0.35.0-beta.6", path = "../../russh/russh"}
|
||||
russh-keys = { version = "0.44.0-beta.4" }
|
||||
russh-keys = { version = "0.44.0-beta.5", features = ["legacy-ed25519-pkcs8-parser"] }
|
||||
# russh-keys = { version = "0.23.0-beta.1", path = "../../russh/russh-keys" }
|
||||
sea-orm = { version = "0.12.2", features = [
|
||||
"runtime-tokio-rustls",
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
use std::fs::{create_dir_all, File};
|
||||
use std::path::PathBuf;
|
||||
use std::path::{Path, PathBuf};
|
||||
|
||||
use anyhow::{Context, Result};
|
||||
use russh_keys::key::{KeyPair, SignatureHash};
|
||||
|
|
@ -46,7 +46,7 @@ pub fn load_host_keys(config: &WarpgateConfig) -> Result<Vec<KeyPair>, russh_key
|
|||
let mut keys = Vec::new();
|
||||
|
||||
let key_path = path.join("host-ed25519");
|
||||
keys.push(load_secret_key(key_path, None)?);
|
||||
keys.push(load_and_maybe_resave_ed25519_key(key_path)?);
|
||||
|
||||
let key_path = path.join("host-rsa");
|
||||
let key = load_secret_key(key_path, None)?;
|
||||
|
|
@ -94,11 +94,25 @@ pub fn load_client_keys(config: &WarpgateConfig) -> Result<Vec<KeyPair>, russh_k
|
|||
let path = get_keys_path(config);
|
||||
let mut keys = Vec::new();
|
||||
|
||||
let key_path = path.join("client-ed25519");
|
||||
keys.push(load_secret_key(key_path, None)?);
|
||||
let key_path: PathBuf = path.join("client-ed25519");
|
||||
keys.push(load_and_maybe_resave_ed25519_key(key_path)?);
|
||||
|
||||
let key_path = path.join("client-rsa");
|
||||
keys.push(load_secret_key(key_path, None)?);
|
||||
|
||||
Ok(keys)
|
||||
}
|
||||
|
||||
/// russh 0.43 has a bug that generates incorrect PKCS#8 encoding for Ed25519 keys
|
||||
/// This will preemptively try to correctly re-encode and save the key
|
||||
fn load_and_maybe_resave_ed25519_key<P: AsRef<Path>>(p: P) -> Result<KeyPair, russh_keys::Error> {
|
||||
let key = load_secret_key(&p, None)?;
|
||||
if let KeyPair::Ed25519(_) = &key {
|
||||
if let Ok(f) = File::create(p) {
|
||||
if let Err(e) = encode_pkcs8_pem(&key, f) {
|
||||
error!("Failed to re-save the Ed25519 key: {e:?}");
|
||||
}
|
||||
}
|
||||
};
|
||||
Ok(key)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
#![feature(type_alias_impl_trait)]
|
||||
#![feature(type_alias_impl_trait, try_blocks)]
|
||||
mod client;
|
||||
mod common;
|
||||
mod compat;
|
||||
|
|
|
|||
Loading…
Reference in a new issue