parse ssh keysign binary data

author: u <u@billy> 2023-11-24 19:28:10 -0500
committer: u <u@billy> 2023-11-24 19:28:10 -0500
commit: e245d4d143ec51554474f8503ec2f50092dca4b8 (patch)
tree: f29a88bd3c6633fe01541d8f6d5947ffac45fc56
parent: d4910b2f19c34bc366b9d3af02669c6a40a14aec (diff)
2 files changed, 110 insertions, 5 deletions
diff --git a/Makefile b/Makefile
index 927f567..55bb8d8 100644
--- a/Makefile
+++ b/Makefile
@@ -19,13 +19,13 @@ allowed = <(printf '"%s" ' $(quoted_identity); cat $(key).pub)
 apt_dep_bins = /usr/bin/ssh-keygen /usr/sbin/sshd /usr/bin/basez
 apt_deps = openssh-client openssh-server basez
-#apt_dep_bins += /usr/bin/sipcalc
+apt_dep_bins += /usr/bin/poke # /usr/bin/sipcalc
-#apt_deps += sipcalc
+apt_deps += poke # sipcalc
 .PHONY: testall clean install
-.PHONY: validate check-novalidate find-principals verify
+.PHONY: validate check-novalidate find-principals verify sigdump
-testall: $(signature) check-novalidate find-principals verify
+testall: $(signature) check-novalidate find-principals verify sigdump
 validate: $(signature) verify
 $(dir $(target)):
@@ -50,6 +50,12 @@ find-principals: $(signature) | /usr/bin/ssh-keygen
        ssh-keygen -n file -s $(signature) -f $(allowed) \
          -Y $@ < $(target)
+%.sig.bin: %.sig | /usr/bin/poke
+        grep -v -e '^-' $< | base64 -d > $@
+sigdump: $(signature).bin | /usr/bin/basez
+        ./src/ssh-keysign.pk $<
 verify: | /usr/bin/ssh-keygen /usr/bin/basez
        ssh-keygen -n file -I $(quoted_identity) -f $(allowed) -s $(signature) \
          -Y $@ < $(target)
@@ -59,7 +65,6 @@ verify: | /usr/bin/ssh-keygen /usr/bin/basez
          sed -ne 's/^ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI/I/p' | \
          basez -d | tail -c32 | basez -x
 /usr/bin/apt:
        $(warning Please install OpenSSH through your system package manager.)
        @false
diff --git a/src/ssh-keysign.pk b/src/ssh-keysign.pk
new file mode 100755
index 0000000..1c17110
--- /dev/null
+++ b/src/ssh-keysign.pk
@@ -0,0 +1,100 @@
+#!/usr/bin/poke -L
+!#
+type SSH_String =
+struct
+{
+   uint<32> size;
+   byte[size] data;
+};
+type SSH_Publickey =
+struct
+{
+   SSH_String key_type : catos(key_type.data) == "ssh-ed25519";
+   SSH_String key_data : key_data.size == 32;
+};
+type SSH_Signature =
+struct
+{
+   SSH_String sig_type : catos(sig_type.data) == "ssh-ed25519";
+   SSH_String sig_data;
+};
+type SSH_Signature_String =
+struct
+{
+   uint<32> size;
+   union {
+     SSH_Signature sig;
+     byte[size] raw;
+   } data;
+};
+type SSH_Publickey_String =
+struct
+{
+   uint<32> size;
+   union {
+     SSH_Publickey key;
+     byte[size] raw;
+   } data;
+};
+type SSH_Signature =
+struct
+{
+   uint<32> size;
+   byte[size] data;
+};
+type SSH_Signature_Blob =
+struct
+{
+   byte[6] MAGIC_PREAMBLE : catos(MAGIC_PREAMBLE) == "SSHSIG";
+   uint<32> SIG_VERSION : SIG_VERSION == 1;
+   SSH_Publickey_String publickey;
+   SSH_String namespace;
+   SSH_String reserved;
+   SSH_String hash_algorithm;
+   SSH_Signature_String signature;
+};
+if (!(argv'length in [1]))
+  {
+    print("Usage: ssh-keysign.pk FILE\n");
+    exit(1);
+  }
+var file_name = argv[0];
+try
+  {
+    var fd = open (file_name, IOS_M_RDONLY);
+    var sig = SSH_Signature_Blob @ fd : 0#B;
+    printf("%s: %s (%i32d bytes)\n", "publickey",
+           catos(sig.publickey.data.key.key_type.data),
+           sig.publickey.data.key.key_data.size);
+    printf("%s: %s\n", "namespace",
+           catos(sig.namespace.data));
+    printf("%s: <%i32d bytes>\n", "reserved",
+           sig.reserved.size);
+    printf("%s: %s\n", "hash_algorithm",
+           catos(sig.hash_algorithm.data));
+    printf("%s: %s (%i32d bytes)\n", "signature",
+           catos(sig.signature.data.sig.sig_type.data),
+           sig.signature.data.sig.sig_data.size);
+    close (fd);
+  }
+catch (Exception e)
+  {
+    if (e == E_constraint)
+      printf ("error: invalid input: `%s'\n", file_name);
+    else if (e == E_io)
+      printf ("error: couldn't open file `%s'\n", file_name);
+    else
+      raise e;
+    exit (1);
+  }
author	u <u@billy>	2023-11-24 19:28:10 -0500
committer	u <u@billy>	2023-11-24 19:28:10 -0500
commit	e245d4d143ec51554474f8503ec2f50092dca4b8 (patch)
tree	f29a88bd3c6633fe01541d8f6d5947ffac45fc56
parent	d4910b2f19c34bc366b9d3af02669c6a40a14aec (diff)

diff --git a/Makefile b/Makefile index 927f567..55bb8d8 100644 --- a/Makefile +++ b/Makefile
@@ -19,13 +19,13 @@ allowed = <(printf '"%s" ' $(quoted_identity); cat $(key).pub)
19		19
20	apt_dep_bins = /usr/bin/ssh-keygen /usr/sbin/sshd /usr/bin/basez	20	apt_dep_bins = /usr/bin/ssh-keygen /usr/sbin/sshd /usr/bin/basez
21	apt_deps = openssh-client openssh-server basez	21	apt_deps = openssh-client openssh-server basez
22	#apt_dep_bins += /usr/bin/sipcalc	22	apt_dep_bins += /usr/bin/poke # /usr/bin/sipcalc
23	#apt_deps += sipcalc	23	apt_deps += poke # sipcalc
24		24
25	.PHONY: testall clean install	25	.PHONY: testall clean install
26	.PHONY: validate check-novalidate find-principals verify	26	.PHONY: validate check-novalidate find-principals verify sigdump
27		27
28	testall: $(signature) check-novalidate find-principals verify	28	testall: $(signature) check-novalidate find-principals verify sigdump
29	validate: $(signature) verify	29	validate: $(signature) verify
30		30
31	$(dir $(target)):	31	$(dir $(target)):
@@ -50,6 +50,12 @@ find-principals: $(signature) \| /usr/bin/ssh-keygen
50	ssh-keygen -n file -s $(signature) -f $(allowed) \	50	ssh-keygen -n file -s $(signature) -f $(allowed) \
51	-Y $@ < $(target)	51	-Y $@ < $(target)
52		52
		53	%.sig.bin: %.sig \| /usr/bin/poke
		54	grep -v -e '^-' $< \| base64 -d > $@
		55
		56	sigdump: $(signature).bin \| /usr/bin/basez
		57	./src/ssh-keysign.pk $<
		58
53	verify: \| /usr/bin/ssh-keygen /usr/bin/basez	59	verify: \| /usr/bin/ssh-keygen /usr/bin/basez
54	ssh-keygen -n file -I $(quoted_identity) -f $(allowed) -s $(signature) \	60	ssh-keygen -n file -I $(quoted_identity) -f $(allowed) -s $(signature) \
55	-Y $@ < $(target)	61	-Y $@ < $(target)
@@ -59,7 +65,6 @@ verify: \| /usr/bin/ssh-keygen /usr/bin/basez
59	sed -ne 's/^ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI/I/p' \| \	65	sed -ne 's/^ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI/I/p' \| \
60	basez -d \| tail -c32 \| basez -x	66	basez -d \| tail -c32 \| basez -x
61		67
62
63	/usr/bin/apt:	68	/usr/bin/apt:
64	$(warning Please install OpenSSH through your system package manager.)	69	$(warning Please install OpenSSH through your system package manager.)
65	@false	70	@false


diff --git a/src/ssh-keysign.pk b/src/ssh-keysign.pk new file mode 100755 index 0000000..1c17110 --- /dev/null +++ b/src/ssh-keysign.pk
@@ -0,0 +1,100 @@
		1	#!/usr/bin/poke -L
		2	!#
		3
		4	type SSH_String =
		5	struct
		6	{
		7	uint<32> size;
		8	byte[size] data;
		9	};
		10
		11	type SSH_Publickey =
		12	struct
		13	{
		14	SSH_String key_type : catos(key_type.data) == "ssh-ed25519";
		15	SSH_String key_data : key_data.size == 32;
		16	};
		17
		18	type SSH_Signature =
		19	struct
		20	{
		21	SSH_String sig_type : catos(sig_type.data) == "ssh-ed25519";
		22	SSH_String sig_data;
		23	};
		24
		25	type SSH_Signature_String =
		26	struct
		27	{
		28	uint<32> size;
		29	union {
		30	SSH_Signature sig;
		31	byte[size] raw;
		32	} data;
		33	};
		34
		35	type SSH_Publickey_String =
		36	struct
		37	{
		38	uint<32> size;
		39	union {
		40	SSH_Publickey key;
		41	byte[size] raw;
		42	} data;
		43	};
		44
		45	type SSH_Signature =
		46	struct
		47	{
		48	uint<32> size;
		49	byte[size] data;
		50	};
		51
		52	type SSH_Signature_Blob =
		53	struct
		54	{
		55	byte[6] MAGIC_PREAMBLE : catos(MAGIC_PREAMBLE) == "SSHSIG";
		56	uint<32> SIG_VERSION : SIG_VERSION == 1;
		57	SSH_Publickey_String publickey;
		58	SSH_String namespace;
		59	SSH_String reserved;
		60	SSH_String hash_algorithm;
		61	SSH_Signature_String signature;
		62	};
		63
		64	if (!(argv'length in [1]))
		65	{
		66	print("Usage: ssh-keysign.pk FILE\n");
		67	exit(1);
		68	}
		69
		70	var file_name = argv[0];
		71
		72	try
		73	{
		74	var fd = open (file_name, IOS_M_RDONLY);
		75	var sig = SSH_Signature_Blob @ fd : 0#B;
		76	printf("%s: %s (%i32d bytes)\n", "publickey",
		77	catos(sig.publickey.data.key.key_type.data),
		78	sig.publickey.data.key.key_data.size);
		79	printf("%s: %s\n", "namespace",
		80	catos(sig.namespace.data));
		81	printf("%s: <%i32d bytes>\n", "reserved",
		82	sig.reserved.size);
		83	printf("%s: %s\n", "hash_algorithm",
		84	catos(sig.hash_algorithm.data));
		85	printf("%s: %s (%i32d bytes)\n", "signature",
		86	catos(sig.signature.data.sig.sig_type.data),
		87	sig.signature.data.sig.sig_data.size);
		88	close (fd);
		89	}
		90	catch (Exception e)
		91	{
		92	if (e == E_constraint)
		93	printf ("error: invalid input: `%s'\n", file_name);
		94	else if (e == E_io)
		95	printf ("error: couldn't open file `%s'\n", file_name);
		96	else
		97	raise e;
		98
		99	exit (1);
		100	}