Add ECDSA keys

honzasp · Jul 3, 2022 · 6bac2e8 · 6bac2e8
1 parent 3dc46f9
commit 6bac2e8
Show file tree

Hide file tree

Showing 24 changed files with 513 additions and 79 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -29,13 +29,16 @@ cipher = "0.4"
 ctr = "0.9"
 derivative = "2.2"
 digest = "0.10"
+ecdsa = {version = "0.14", features = ["sign", "verify"]}
 ed25519-dalek = "1.0"
 futures-core = "0.3"
 guard = "0.5"
 hex-literal = "0.3"
 hmac = "0.12"
 log = "0.4"
 num-bigint-dig = {version = "0.8", features = ["rand"]}
+p256 = "0.11"
+p384 = "0.11"
 parking_lot = "0.12"
 pin-project = "1.0"
 poly1305 = "0.7"

diff --git a/src/cipher/mod.rs b/src/cipher/mod.rs
@@ -10,8 +10,8 @@
 //! # Supported algorithms
 //!
 //! - "chacha20-poly1305" ([`CHACHA20_POLY1305`])
-//! - "aes128-gcm" ([`AES128_GCM`])
-//! - "aes256-gcm" ([`AES256_GCM`])
+//! - "aes128-gcm@openssh.com" ([`AES128_GCM`])
+//! - "aes256-gcm@openssh.com" ([`AES256_GCM`])
 //! - "aes128-ctr" ([`AES128_CTR`])
 //! - "aes192-ctr" ([`AES192_CTR`])
 //! - "aes256-ctr" ([`AES256_CTR`])

diff --git a/src/client/channel.rs b/src/client/channel.rs
@@ -258,7 +258,7 @@ pub const DATA_STANDARD: DataType = DataType::Standard;
 /// This is part of a **low level [`Channel`] API** that gives you direct access to an SSH channel.
 pub const DATA_STDERR: DataType = DataType::Extended(1);
 
-/// Configuration of a [`Channel`] (or a [`Session`]).
+/// Configuration of a [`Channel`] (or a [`Session`][crate::Session]).
 ///
 /// You should start from the [default][Default] instance, which has reasonable default
 /// configuration, and modify it according to your needs. You may also find the method

diff --git a/src/client/client.rs b/src/client/client.rs
@@ -326,7 +326,11 @@ impl<IO> Future for ClientFuture<IO>
     fn poll(self: Pin<&mut Self>, cx: &mut Context) -> Poll<Result<()>> {
         let this = self.project();
         let mut client_st = this.client_st.lock();
-        client_state::poll_client(&mut client_st, this.stream, cx)
+        let res = client_state::poll_client(&mut client_st, this.stream, cx);
+        if let Poll::Ready(Err(ref err)) = res {
+            log::debug!("client future returned error: {:#}", err);
+        }
+        res
     }
 }
 
@@ -430,12 +434,16 @@ impl ClientConfig {
                 &kex::DIFFIE_HELLMAN_GROUP18_SHA512,
                 &kex::DIFFIE_HELLMAN_GROUP14_SHA1,
             ]);
-            c.server_pubkey_algos.push(&pubkey::SSH_RSA_SHA1);
+            c.server_pubkey_algos.extend_from_slice(&[
+                &pubkey::ECDSA_SHA2_NISTP256,
+                &pubkey::ECDSA_SHA2_NISTP384,
+                &pubkey::SSH_RSA_SHA1,
+            ]);
             c.cipher_algos.extend_from_slice(&[
-                &cipher::AES128_CBC, &cipher::AES192_CBC, &cipher::AES256_CBC
+                &cipher::AES128_CBC, &cipher::AES192_CBC, &cipher::AES256_CBC,
             ]);
             c.mac_algos.extend_from_slice(&[
-                &mac::HMAC_SHA1_ETM, &mac::HMAC_SHA1
+                &mac::HMAC_SHA1_ETM, &mac::HMAC_SHA1,
             ]);
         })
     }

diff --git a/src/lib.rs b/src/lib.rs
@@ -28,6 +28,10 @@ pub use self::pubkey::{PubkeyAlgo, Pubkey, Privkey};
 pub use bytes;
 pub use ed25519_dalek;
 pub use rsa;
+pub use p256;
+pub use p384;
+pub use ecdsa;
+pub use ecdsa::elliptic_curve;
 
 pub mod cipher;
 mod client;

diff --git a/src/pubkey/codec.rs b/src/pubkey/codec.rs