Avoid external call to ssh-keygen.

author: Joe Crayne <joe@jerkface.net> 2019-07-13 06:19:11 -0400
committer: Joe Crayne <joe@jerkface.net> 2019-07-13 06:19:11 -0400
commit: 142352043699520d3cc3f1c6f1ff4fba585014a8 (patch)
tree: fd413440226e5e9749df050237d16242cb020102
parent: 6d421d484821c2e92430c2702949dd2e9f5ae8a4 (diff)
3 files changed, 27 insertions, 14 deletions
diff --git a/kiki.hs b/kiki.hs
index a8f1bc6..fb4b878 100644
--- a/kiki.hs
+++ b/kiki.hs
@@ -1218,6 +1218,7 @@ kiki "show" args = do
                   , ("--pem",1)
                   , ("--dns",1)
                   , ("--ssh",1)
+                   , ("--sshfp",1)
                   , ("--wip",1)
                   , ("--cert",1)
                   , ("--torhash",1)
@@ -1270,6 +1271,7 @@ kiki "show" args = do
                                      ,("--pem",\[x] -> show_pem x $ fromMaybe "" grip)
                                      ,("--dns",\[x] -> show_dns x $ fromMaybe "" grip)
                                      ,("--ssh",\[x] -> show_ssh x $ fromMaybe "" grip)
+                                      ,("--sshfp",\[x] -> show_sshfp x $ fromMaybe "" grip)
                                      ,("--wip",\[x] -> show_wip x $ fromMaybe "" grip)
                                      ,("--cert",\[x] -> show_cert x $ fromMaybe "" grip)
                                      ,("--torhash",\[x] -> show_torhash x)
diff --git a/lib/Kiki.hs b/lib/Kiki.hs
index 324efc4..1cc387b 100644
--- a/lib/Kiki.hs
+++ b/lib/Kiki.hs
@@ -13,6 +13,7 @@ import           Codec.Encryption.OpenPGP.ASCIIArmor.Types
 import           Control.Applicative
 import           Control.Exception
 import           Control.Monad
+import qualified Crypto.Hash as C
 import           Data.ASN1.BinaryEncoding
 import           Data.ASN1.Encoding
 import           Data.ASN1.Types
@@ -37,6 +38,7 @@ import           System.Posix.Types         (FileMode)
 import           System.Posix.IO            as Posix (createPipe)
 import           System.Posix.User
 #if defined(VERSION_memory)
+import           Data.ByteArray (convert)
 import           Data.ByteArray.Encoding
 import qualified Data.ByteString.Char8      as S8
 #elif defined(VERSION_dataenc)
@@ -582,14 +584,15 @@ writePublicKeyFiles rt fw grip myId = do
    installIpsecConf fw myId cs
    fileWriterCommit fw
-sshKeyToHostname :: Packet -> IO Char8.ByteString
+sshKeyToHostname :: Applicative m => Packet -> m Char8.ByteString
 sshKeyToHostname sshkey = do
-  (_, (sout, _serr)) <- runExternal shellScript (Just $ sshblobFromPacket sshkey)
+  case rsaKeyFromPacket sshkey of
-  return $ Char8.fromChunks [sout]
+    Just (RSAKey (MPI n) (MPI e)) -> do
-  where
+        let blob = SSH.sshrsa e n
-    shellScript =
+            sha1 = C.hashlazy blob :: C.Digest C.SHA1
-      "f=$(mktemp) && cat > \"$f\" && ssh-keygen -r _ -f \"$f\"  |" ++
+        pure $ Char8.fromStrict (convertToBase Base16 sha1) <> ".ssh.cryptonomic.net"
-      " (read _ _ _ _ _ hash _ && echo -n $hash.ssh.cryptonomic.net); r=$?; rm -f \"$f\"; exit $r"
+    Nothing   -> pure ""
 peerConnectionName :: Peer -> Char8.ByteString
 peerConnectionName = coerce . peerAddress
@@ -653,6 +656,13 @@ show_pem' keyspec wkgrip db keyfmt = do
 warn :: String -> IO ()
 warn str = hPutStrLn stderr str
+show_sshfp :: String -> String -> KeyDB -> IO ()
+show_sshfp keyspec wkgrip db = do
+    let s = parseSpec wkgrip keyspec
+    case selectPublicKey s db of
+        Nothing -> hPutStrLn stderr $ keyspec ++ ": not found"
+        Just k  -> Char8.putStrLn =<< sshKeyToHostname k
 show_ssh :: String -> String -> KeyDB -> IO ()
 show_ssh keyspec wkgrip db = either warn putStrLn $ show_ssh' keyspec wkgrip db
diff --git a/lib/SSHKey.hs b/lib/SSHKey.hs
index bd47169..0ded986 100644
--- a/lib/SSHKey.hs
+++ b/lib/SSHKey.hs
@@ -22,6 +22,14 @@ import LengthPrefixedBE
 type Key = (Integer,Integer)
+sshrsa :: Integer -> Integer -> L.ByteString
+sshrsa e n = runPut $ do
+    putWord32be 7
+    putByteString "ssh-rsa"
+    put (LengthPrefixedBE e)
+    put (LengthPrefixedBE n)
 keyblob :: Key -> L.ByteString
 keyblob (n,e) = "ssh-rsa " <> blob
 where
@@ -32,13 +40,6 @@ keyblob (n,e) = "ssh-rsa " <> blob
    blob = L8.pack $ Base64.encode (L.unpack bs)
 #endif
-    sshrsa :: Integer -> Integer -> L.ByteString
-    sshrsa e n = runPut $ do
-        putWord32be 7
-        putByteString "ssh-rsa"
-        put (LengthPrefixedBE e)
-        put (LengthPrefixedBE n)
 blobkey :: L8.ByteString -> Maybe Key
 blobkey bs = do
    let (pre,bs1) = L8.splitAt 7 bs
author	Joe Crayne <joe@jerkface.net>	2019-07-13 06:19:11 -0400
committer	Joe Crayne <joe@jerkface.net>	2019-07-13 06:19:11 -0400
commit	142352043699520d3cc3f1c6f1ff4fba585014a8 (patch)
tree	fd413440226e5e9749df050237d16242cb020102
parent	6d421d484821c2e92430c2702949dd2e9f5ae8a4 (diff)

diff --git a/kiki.hs b/kiki.hs index a8f1bc6..fb4b878 100644 --- a/kiki.hs +++ b/kiki.hs
@@ -1218,6 +1218,7 @@ kiki "show" args = do
1218	, ("--pem",1)	1218	, ("--pem",1)
1219	, ("--dns",1)	1219	, ("--dns",1)
1220	, ("--ssh",1)	1220	, ("--ssh",1)
		1221	, ("--sshfp",1)
1221	, ("--wip",1)	1222	, ("--wip",1)
1222	, ("--cert",1)	1223	, ("--cert",1)
1223	, ("--torhash",1)	1224	, ("--torhash",1)
@@ -1270,6 +1271,7 @@ kiki "show" args = do
1270	,("--pem",\[x] -> show_pem x $ fromMaybe "" grip)	1271	,("--pem",\[x] -> show_pem x $ fromMaybe "" grip)
1271	,("--dns",\[x] -> show_dns x $ fromMaybe "" grip)	1272	,("--dns",\[x] -> show_dns x $ fromMaybe "" grip)
1272	,("--ssh",\[x] -> show_ssh x $ fromMaybe "" grip)	1273	,("--ssh",\[x] -> show_ssh x $ fromMaybe "" grip)
		1274	,("--sshfp",\[x] -> show_sshfp x $ fromMaybe "" grip)
1273	,("--wip",\[x] -> show_wip x $ fromMaybe "" grip)	1275	,("--wip",\[x] -> show_wip x $ fromMaybe "" grip)
1274	,("--cert",\[x] -> show_cert x $ fromMaybe "" grip)	1276	,("--cert",\[x] -> show_cert x $ fromMaybe "" grip)
1275	,("--torhash",\[x] -> show_torhash x)	1277	,("--torhash",\[x] -> show_torhash x)


diff --git a/lib/Kiki.hs b/lib/Kiki.hs index 324efc4..1cc387b 100644 --- a/lib/Kiki.hs +++ b/lib/Kiki.hs
@@ -13,6 +13,7 @@ import Codec.Encryption.OpenPGP.ASCIIArmor.Types
13	import Control.Applicative	13	import Control.Applicative
14	import Control.Exception	14	import Control.Exception
15	import Control.Monad	15	import Control.Monad
		16	import qualified Crypto.Hash as C
16	import Data.ASN1.BinaryEncoding	17	import Data.ASN1.BinaryEncoding
17	import Data.ASN1.Encoding	18	import Data.ASN1.Encoding
18	import Data.ASN1.Types	19	import Data.ASN1.Types
@@ -37,6 +38,7 @@ import System.Posix.Types (FileMode)
37	import System.Posix.IO as Posix (createPipe)	38	import System.Posix.IO as Posix (createPipe)
38	import System.Posix.User	39	import System.Posix.User
39	#if defined(VERSION_memory)	40	#if defined(VERSION_memory)
		41	import Data.ByteArray (convert)
40	import Data.ByteArray.Encoding	42	import Data.ByteArray.Encoding
41	import qualified Data.ByteString.Char8 as S8	43	import qualified Data.ByteString.Char8 as S8
42	#elif defined(VERSION_dataenc)	44	#elif defined(VERSION_dataenc)
@@ -582,14 +584,15 @@ writePublicKeyFiles rt fw grip myId = do
582	installIpsecConf fw myId cs	584	installIpsecConf fw myId cs
583	fileWriterCommit fw	585	fileWriterCommit fw
584		586
585	sshKeyToHostname :: Packet -> IO Char8.ByteString	587
		588	sshKeyToHostname :: Applicative m => Packet -> m Char8.ByteString
586	sshKeyToHostname sshkey = do	589	sshKeyToHostname sshkey = do
587	(_, (sout, _serr)) <- runExternal shellScript (Just $ sshblobFromPacket sshkey)	590	case rsaKeyFromPacket sshkey of
588	return $ Char8.fromChunks [sout]	591	Just (RSAKey (MPI n) (MPI e)) -> do
589	where	592	let blob = SSH.sshrsa e n
590	shellScript =	593	sha1 = C.hashlazy blob :: C.Digest C.SHA1
591	"f=$(mktemp) && cat > \"$f\" && ssh-keygen -r _ -f \"$f\" \|" ++	594	pure $ Char8.fromStrict (convertToBase Base16 sha1) <> ".ssh.cryptonomic.net"
592	" (read _ _ _ _ _ hash _ && echo -n $hash.ssh.cryptonomic.net); r=$?; rm -f \"$f\"; exit $r"	595	Nothing -> pure ""
593		596
594	peerConnectionName :: Peer -> Char8.ByteString	597	peerConnectionName :: Peer -> Char8.ByteString
595	peerConnectionName = coerce . peerAddress	598	peerConnectionName = coerce . peerAddress
@@ -653,6 +656,13 @@ show_pem' keyspec wkgrip db keyfmt = do
653	warn :: String -> IO ()	656	warn :: String -> IO ()
654	warn str = hPutStrLn stderr str	657	warn str = hPutStrLn stderr str
655		658
		659	show_sshfp :: String -> String -> KeyDB -> IO ()
		660	show_sshfp keyspec wkgrip db = do
		661	let s = parseSpec wkgrip keyspec
		662	case selectPublicKey s db of
		663	Nothing -> hPutStrLn stderr $ keyspec ++ ": not found"
		664	Just k -> Char8.putStrLn =<< sshKeyToHostname k
		665
656	show_ssh :: String -> String -> KeyDB -> IO ()	666	show_ssh :: String -> String -> KeyDB -> IO ()
657	show_ssh keyspec wkgrip db = either warn putStrLn $ show_ssh' keyspec wkgrip db	667	show_ssh keyspec wkgrip db = either warn putStrLn $ show_ssh' keyspec wkgrip db
658		668


diff --git a/lib/SSHKey.hs b/lib/SSHKey.hs index bd47169..0ded986 100644 --- a/lib/SSHKey.hs +++ b/lib/SSHKey.hs
@@ -22,6 +22,14 @@ import LengthPrefixedBE
22		22
23	type Key = (Integer,Integer)	23	type Key = (Integer,Integer)
24		24
		25
		26	sshrsa :: Integer -> Integer -> L.ByteString
		27	sshrsa e n = runPut $ do
		28	putWord32be 7
		29	putByteString "ssh-rsa"
		30	put (LengthPrefixedBE e)
		31	put (LengthPrefixedBE n)
		32
25	keyblob :: Key -> L.ByteString	33	keyblob :: Key -> L.ByteString
26	keyblob (n,e) = "ssh-rsa " <> blob	34	keyblob (n,e) = "ssh-rsa " <> blob
27	where	35	where
@@ -32,13 +40,6 @@ keyblob (n,e) = "ssh-rsa " <> blob
32	blob = L8.pack $ Base64.encode (L.unpack bs)	40	blob = L8.pack $ Base64.encode (L.unpack bs)
33	#endif	41	#endif
34		42
35	sshrsa :: Integer -> Integer -> L.ByteString
36	sshrsa e n = runPut $ do
37	putWord32be 7
38	putByteString "ssh-rsa"
39	put (LengthPrefixedBE e)
40	put (LengthPrefixedBE n)
41
42	blobkey :: L8.ByteString -> Maybe Key	43	blobkey :: L8.ByteString -> Maybe Key
43	blobkey bs = do	44	blobkey bs = do
44	let (pre,bs1) = L8.splitAt 7 bs	45	let (pre,bs1) = L8.splitAt 7 bs