diff options
author | u <u@billy> | 2023-11-24 19:28:10 -0500 |
---|---|---|
committer | u <u@billy> | 2023-11-24 19:28:10 -0500 |
commit | e245d4d143ec51554474f8503ec2f50092dca4b8 (patch) | |
tree | f29a88bd3c6633fe01541d8f6d5947ffac45fc56 | |
parent | d4910b2f19c34bc366b9d3af02669c6a40a14aec (diff) |
parse ssh keysign binary data
-rw-r--r-- | Makefile | 15 | ||||
-rwxr-xr-x | src/ssh-keysign.pk | 100 |
2 files changed, 110 insertions, 5 deletions
@@ -19,13 +19,13 @@ allowed = <(printf '"%s" ' $(quoted_identity); cat $(key).pub) | |||
19 | 19 | ||
20 | apt_dep_bins = /usr/bin/ssh-keygen /usr/sbin/sshd /usr/bin/basez | 20 | apt_dep_bins = /usr/bin/ssh-keygen /usr/sbin/sshd /usr/bin/basez |
21 | apt_deps = openssh-client openssh-server basez | 21 | apt_deps = openssh-client openssh-server basez |
22 | #apt_dep_bins += /usr/bin/sipcalc | 22 | apt_dep_bins += /usr/bin/poke # /usr/bin/sipcalc |
23 | #apt_deps += sipcalc | 23 | apt_deps += poke # sipcalc |
24 | 24 | ||
25 | .PHONY: testall clean install | 25 | .PHONY: testall clean install |
26 | .PHONY: validate check-novalidate find-principals verify | 26 | .PHONY: validate check-novalidate find-principals verify sigdump |
27 | 27 | ||
28 | testall: $(signature) check-novalidate find-principals verify | 28 | testall: $(signature) check-novalidate find-principals verify sigdump |
29 | validate: $(signature) verify | 29 | validate: $(signature) verify |
30 | 30 | ||
31 | $(dir $(target)): | 31 | $(dir $(target)): |
@@ -50,6 +50,12 @@ find-principals: $(signature) | /usr/bin/ssh-keygen | |||
50 | ssh-keygen -n file -s $(signature) -f $(allowed) \ | 50 | ssh-keygen -n file -s $(signature) -f $(allowed) \ |
51 | -Y $@ < $(target) | 51 | -Y $@ < $(target) |
52 | 52 | ||
53 | %.sig.bin: %.sig | /usr/bin/poke | ||
54 | grep -v -e '^-' $< | base64 -d > $@ | ||
55 | |||
56 | sigdump: $(signature).bin | /usr/bin/basez | ||
57 | ./src/ssh-keysign.pk $< | ||
58 | |||
53 | verify: | /usr/bin/ssh-keygen /usr/bin/basez | 59 | verify: | /usr/bin/ssh-keygen /usr/bin/basez |
54 | ssh-keygen -n file -I $(quoted_identity) -f $(allowed) -s $(signature) \ | 60 | ssh-keygen -n file -I $(quoted_identity) -f $(allowed) -s $(signature) \ |
55 | -Y $@ < $(target) | 61 | -Y $@ < $(target) |
@@ -59,7 +65,6 @@ verify: | /usr/bin/ssh-keygen /usr/bin/basez | |||
59 | sed -ne 's/^ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI/I/p' | \ | 65 | sed -ne 's/^ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI/I/p' | \ |
60 | basez -d | tail -c32 | basez -x | 66 | basez -d | tail -c32 | basez -x |
61 | 67 | ||
62 | |||
63 | /usr/bin/apt: | 68 | /usr/bin/apt: |
64 | $(warning Please install OpenSSH through your system package manager.) | 69 | $(warning Please install OpenSSH through your system package manager.) |
65 | @false | 70 | @false |
diff --git a/src/ssh-keysign.pk b/src/ssh-keysign.pk new file mode 100755 index 0000000..1c17110 --- /dev/null +++ b/src/ssh-keysign.pk | |||
@@ -0,0 +1,100 @@ | |||
1 | #!/usr/bin/poke -L | ||
2 | !# | ||
3 | |||
4 | type SSH_String = | ||
5 | struct | ||
6 | { | ||
7 | uint<32> size; | ||
8 | byte[size] data; | ||
9 | }; | ||
10 | |||
11 | type SSH_Publickey = | ||
12 | struct | ||
13 | { | ||
14 | SSH_String key_type : catos(key_type.data) == "ssh-ed25519"; | ||
15 | SSH_String key_data : key_data.size == 32; | ||
16 | }; | ||
17 | |||
18 | type SSH_Signature = | ||
19 | struct | ||
20 | { | ||
21 | SSH_String sig_type : catos(sig_type.data) == "ssh-ed25519"; | ||
22 | SSH_String sig_data; | ||
23 | }; | ||
24 | |||
25 | type SSH_Signature_String = | ||
26 | struct | ||
27 | { | ||
28 | uint<32> size; | ||
29 | union { | ||
30 | SSH_Signature sig; | ||
31 | byte[size] raw; | ||
32 | } data; | ||
33 | }; | ||
34 | |||
35 | type SSH_Publickey_String = | ||
36 | struct | ||
37 | { | ||
38 | uint<32> size; | ||
39 | union { | ||
40 | SSH_Publickey key; | ||
41 | byte[size] raw; | ||
42 | } data; | ||
43 | }; | ||
44 | |||
45 | type SSH_Signature = | ||
46 | struct | ||
47 | { | ||
48 | uint<32> size; | ||
49 | byte[size] data; | ||
50 | }; | ||
51 | |||
52 | type SSH_Signature_Blob = | ||
53 | struct | ||
54 | { | ||
55 | byte[6] MAGIC_PREAMBLE : catos(MAGIC_PREAMBLE) == "SSHSIG"; | ||
56 | uint<32> SIG_VERSION : SIG_VERSION == 1; | ||
57 | SSH_Publickey_String publickey; | ||
58 | SSH_String namespace; | ||
59 | SSH_String reserved; | ||
60 | SSH_String hash_algorithm; | ||
61 | SSH_Signature_String signature; | ||
62 | }; | ||
63 | |||
64 | if (!(argv'length in [1])) | ||
65 | { | ||
66 | print("Usage: ssh-keysign.pk FILE\n"); | ||
67 | exit(1); | ||
68 | } | ||
69 | |||
70 | var file_name = argv[0]; | ||
71 | |||
72 | try | ||
73 | { | ||
74 | var fd = open (file_name, IOS_M_RDONLY); | ||
75 | var sig = SSH_Signature_Blob @ fd : 0#B; | ||
76 | printf("%s: %s (%i32d bytes)\n", "publickey", | ||
77 | catos(sig.publickey.data.key.key_type.data), | ||
78 | sig.publickey.data.key.key_data.size); | ||
79 | printf("%s: %s\n", "namespace", | ||
80 | catos(sig.namespace.data)); | ||
81 | printf("%s: <%i32d bytes>\n", "reserved", | ||
82 | sig.reserved.size); | ||
83 | printf("%s: %s\n", "hash_algorithm", | ||
84 | catos(sig.hash_algorithm.data)); | ||
85 | printf("%s: %s (%i32d bytes)\n", "signature", | ||
86 | catos(sig.signature.data.sig.sig_type.data), | ||
87 | sig.signature.data.sig.sig_data.size); | ||
88 | close (fd); | ||
89 | } | ||
90 | catch (Exception e) | ||
91 | { | ||
92 | if (e == E_constraint) | ||
93 | printf ("error: invalid input: `%s'\n", file_name); | ||
94 | else if (e == E_io) | ||
95 | printf ("error: couldn't open file `%s'\n", file_name); | ||
96 | else | ||
97 | raise e; | ||
98 | |||
99 | exit (1); | ||
100 | } | ||