Update SSH.NET

- Adjust version to be in sync with SSH.NET - Add ssh-rsa hash signatures
darinkes · Mar 9, 2024 · e3168e2 · e3168e2
1 parent 49494fb
commit e3168e2
Show file tree

Hide file tree

Showing 13 changed files with 71 additions and 102 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
diff --git a/.gitmodules b/.gitmodules
diff --git a/README.md b/README.md
@@ -7,7 +7,6 @@ SshNet.Agent
 [![NuGet](https://img.shields.io/nuget/v/SshNet.Agent.svg?style=flat)](https://www.nuget.org/packages/SshNet.Agent)
 ![Nuget](https://img.shields.io/nuget/dt/SshNet.Agent)
 
-![CodeQL](https://github.com/darinkes/SshNet.Agent/workflows/CodeQL/badge.svg)
 ![.NET-Ubuntu](https://github.com/darinkes/SshNet.Agent/workflows/.NET-Ubuntu/badge.svg)
 ![.NET-Windows](https://github.com/darinkes/SshNet.Agent/workflows/.NET-Windows/badge.svg)
 ![NuGet](https://github.com/darinkes/SshNet.Agent/workflows/NuGet/badge.svg)

diff --git a/SshNet.Agent.Sample/Program.cs b/SshNet.Agent.Sample/Program.cs
@@ -2,7 +2,6 @@
 using System.IO;
 using System.Linq;
 using System.Reflection;
-using System.Runtime.InteropServices;
 using Renci.SshNet;
 
 // ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5W6BcNnMuNgLYuUa18F/Ci8dzPqeIO/H333n0yv4o6
@@ -25,7 +24,7 @@ static void Main(string[] args)
 #if NETFRAMEWORK
                 var agent = new Pageant();
 #else
-                var agent = RuntimeInformation.IsOSPlatform(OSPlatform.Windows) ? new Pageant() : new SshAgent();
+                var agent = new SshAgent();
 #endif
 
                 agent.RemoveAllIdentities();
@@ -45,7 +44,7 @@ static void Main(string[] args)
 
                     try
                     {
-                        using var client = new SshClient("localhost", Environment.GetEnvironmentVariable("USER"), keys.ToArray<IPrivateKeySource>());
+                        using var client = new SshClient("localhost", Environment.GetEnvironmentVariable("USER") ?? Environment.GetEnvironmentVariable("USERNAME"), keys.ToArray<IPrivateKeySource>());
                         client.Connect();
                         Console.WriteLine(client.RunCommand("hostname").Result.Trim());
                         Console.WriteLine($"Key {testKey} worked!");

diff --git a/SshNet.Agent/AgentMessage/RequestIdentities.cs b/SshNet.Agent/AgentMessage/RequestIdentities.cs
@@ -1,8 +1,10 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Security.Cryptography;
 using Renci.SshNet;
 using Renci.SshNet.Security;
+using Renci.SshNet.Security.Cryptography;
 using SshNet.Agent.Keys;
 
 namespace SshNet.Agent.AgentMessage
@@ -34,6 +36,7 @@ public object From(AgentReader reader)
             var i = 0;
             while (i < numKeys)
             {
+                var hostAlgorithms = new List<HostAlgorithm>();
                 var keyData = reader.ReadStringAsBytes();
                 using var keyStream = new MemoryStream(keyData);
                 using var keyReader = new AgentReader(keyStream);
@@ -43,28 +46,26 @@ public object From(AgentReader reader)
                 switch (keyType)
                 {
                     case "ssh-rsa":
-                        var exponent = keyReader.ReadBignum();
-                        var modulus = keyReader.ReadBignum();
-                        key = new RsaAgentKey(modulus, exponent, _agent, keyData);
+                        var rsaKey = new RsaAgentKey(_agent, keyData);
+                        key = rsaKey;
+                        hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", key, new AgentRsaSignature(_agent, rsaKey, HashAlgorithmName.SHA512)));
+                        hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", key, new AgentRsaSignature(_agent, rsaKey, HashAlgorithmName.SHA256)));
                         break;
                     case "ecdsa-sha2-nistp256":
                         // Fallthrough
                     case "ecdsa-sha2-nistp384":
                         // Fallthrough
                     case "ecdsa-sha2-nistp521":
-                        var curve = keyReader.ReadString();
-                        var q = keyReader.ReadBignum2();
-                        key = new EcdsaAgentKey(curve, q, _agent, keyData);
+                        key = new EcdsaAgentKey(_agent, keyData);
                         break;
                     case "ssh-ed25519":
-                        var pK = keyReader.ReadBignum2();
-                        key = new ED25519AgentKey(pK, _agent, keyData);
+                        key = new ED25519AgentKey(_agent, keyData);
                         break;
                     default:
                         throw new Exception($"Unsupported KeyType {keyType}");
                 }
                 key.Comment = reader.ReadString();
-                keys.Add(new PrivateKeyAgent(key));
+                keys.Add(new PrivateKeyAgent(key, hostAlgorithms));
                 i++;
             }
 

diff --git a/SshNet.Agent/AgentMessage/RequestSign.cs b/SshNet.Agent/AgentMessage/RequestSign.cs
@@ -8,11 +8,13 @@ internal class RequestSign : IAgentMessage
     {
         private readonly IAgentKey _key;
         private readonly byte[] _data;
+        private readonly uint _flags;
 
-        public RequestSign(IAgentKey key, byte[] data)
+        public RequestSign(IAgentKey key, byte[] data, uint flags = 0)
         {
             _key = key;
             _data = data;
+            _flags = flags;
         }
 
         public void To(AgentWriter writer)
@@ -21,7 +23,7 @@ public void To(AgentWriter writer)
             using var signWriter = new AgentWriter(signStream);
             signWriter.EncodeString(_key.KeyData);
             signWriter.EncodeString(_data);
-            signWriter.Write((uint)0);
+            signWriter.Write(_flags);
             var signData = signStream.ToArray();
 
             writer.Write((uint)(1 + signData.Length));

diff --git a/SshNet.Agent/Keys/AgentRsaSignature.cs b/SshNet.Agent/Keys/AgentRsaSignature.cs
@@ -0,0 +1,40 @@
+using System.Security.Cryptography;
+using Renci.SshNet.Security.Cryptography;
+
+namespace SshNet.Agent.Keys
+{
+    internal class AgentRsaSignature : DigitalSignature
+    {
+        private readonly SshAgent _agent;
+        private readonly IAgentKey _agentKey;
+        private readonly HashAlgorithmName _hashAlgorithmName;
+
+        public AgentRsaSignature(SshAgent agent, RsaAgentKey agentKey)
+            : this(agent, agentKey, HashAlgorithmName.SHA1)
+        {
+        }
+
+        public AgentRsaSignature(SshAgent agent, RsaAgentKey agentKey, HashAlgorithmName hashAlgorithmName)
+        {
+            _agent = agent;
+            _agentKey = agentKey;
+            _hashAlgorithmName = hashAlgorithmName;
+        }
+
+        public override bool Verify(byte[] input, byte[] signature)
+        {
+            throw new System.NotImplementedException();
+        }
+
+        public override byte[] Sign(byte[] input)
+        {
+            uint flags = 0;
+            if (_hashAlgorithmName == HashAlgorithmName.SHA256)
+                flags = 2; // SSH_AGENT_RSA_SHA2_256
+            else if (_hashAlgorithmName == HashAlgorithmName.SHA512)
+                flags = 4; // SSH_AGENT_RSA_SHA2_512
+
+            return _agent.Sign(_agentKey, input, flags);
+        }
+    }
+}
diff --git a/SshNet.Agent/Keys/ED25519AgentKey.cs b/SshNet.Agent/Keys/ED25519AgentKey.cs
@@ -15,7 +15,7 @@ protected override DigitalSignature DigitalSignature
             get { return _signature ??= new AgentSignature(Agent, this); }
         }
 
-        public ED25519AgentKey(byte[] pk, SshAgent agent, byte[] keyData) : base(pk)
+        public ED25519AgentKey(SshAgent agent, byte[] keyData) : base(new SshKeyData(keyData))
         {
             Agent = agent;
             KeyData = keyData;

diff --git a/SshNet.Agent/Keys/EcdsaAgentKey.cs b/SshNet.Agent/Keys/EcdsaAgentKey.cs
@@ -15,8 +15,7 @@ protected override DigitalSignature DigitalSignature
             get { return _signature ??= new AgentSignature(Agent, this); }
         }
 
-        public EcdsaAgentKey(string curve, byte[] uncompressedCoords, SshAgent agent, byte[] keyData)
-            : base(curve, uncompressedCoords, null)
+        public EcdsaAgentKey(SshAgent agent, byte[] keyData) : base(new SshKeyData(keyData))
         {
             KeyData = keyData;
             Agent = agent;

diff --git a/SshNet.Agent/Keys/RsaAgentKey.cs b/SshNet.Agent/Keys/RsaAgentKey.cs
@@ -1,5 +1,4 @@
-using Renci.SshNet.Common;
-using Renci.SshNet.Security;
+using Renci.SshNet.Security;
 using Renci.SshNet.Security.Cryptography;
 
 namespace SshNet.Agent.Keys
@@ -10,19 +9,16 @@ internal class RsaAgentKey : RsaKey, IAgentKey
 
         public SshAgent Agent { get; }
 
-        private AgentSignature? _signature;
+        private AgentRsaSignature? _signature;
         protected override DigitalSignature DigitalSignature
         {
-            get { return _signature ??= new AgentSignature(Agent, this); }
+            get { return _signature ??= new AgentRsaSignature(Agent, this); }
         }
 
-        public RsaAgentKey(BigInteger modulus, BigInteger exponent, SshAgent agent, byte[] keyData)
+        public RsaAgentKey(SshAgent agent, byte[] keyData) : base(new SshKeyData(keyData))
         {
             KeyData = keyData;
             Agent = agent;
-            _privateKey = new BigInteger[2];
-            _privateKey[0] = modulus;
-            _privateKey[1] = exponent;
         }
     }
 }
diff --git a/SshNet.Agent/PrivateKeyAgent.cs b/SshNet.Agent/PrivateKeyAgent.cs
@@ -6,16 +6,17 @@ namespace SshNet.Agent
 {
     public class PrivateKeyAgent : IPrivateKeySource
     {
-        private readonly List<HostAlgorithm> _hostAlgorithms = new();
+        private readonly List<HostAlgorithm> _hostAlgorithms;
 
         public IReadOnlyCollection<HostAlgorithm> HostKeyAlgorithms => _hostAlgorithms;
 
         public Key Key { get; }
 
-        public PrivateKeyAgent(Key key)
+        public PrivateKeyAgent(Key key, List<HostAlgorithm> hostAlgorithms)
         {
             Key = key;
-            _hostAlgorithms.Add(new KeyHostAlgorithm(key.ToString(), key));
+            _hostAlgorithms = hostAlgorithms;
+            _hostAlgorithms.Insert(0, new KeyHostAlgorithm(key.ToString(), key));
         }
     }
 }
diff --git a/SshNet.Agent/SshAgent.cs b/SshNet.Agent/SshAgent.cs
@@ -55,9 +55,9 @@ public void AddIdentity(IPrivateKeySource keyFile)
             _ = Send(new AddIdentity(keyFile));
         }
 
-        internal byte[] Sign(IAgentKey key, byte[] data)
+        internal byte[] Sign(IAgentKey key, byte[] data, uint flags = 0)
         {
-            var signature = Send(new RequestSign(key, data));
+            var signature = Send(new RequestSign(key, data, flags));
             if (signature is null)
                 return Array.Empty<byte>();
             return (byte[])signature;

diff --git a/SshNet.Agent/SshNet.Agent.csproj b/SshNet.Agent/SshNet.Agent.csproj
@@ -5,12 +5,12 @@
         <LangVersion>9</LangVersion>
         <Nullable>enable</Nullable>
         <PackageId>SshNet.Agent</PackageId>
-        <Version>0.4.0-beta</Version>
+        <Version>2024.0.0-beta</Version>
         <PackageVersion>$(Version)</PackageVersion>
         <PackageTags>ssh;scp;sftp</PackageTags>
         <Description>SSH.NET Extension to authenticate via OpenSSH Agent and PuTTY Pageant</Description>
         <PackageReleaseNotes>https://github.com/darinkes/SshNet.Agent/releases/tag/$(PackageVersion)</PackageReleaseNotes>
-        <Copyright>Copyright (c) 2021 - 2023 Stefan Rinkes</Copyright>
+        <Copyright>Copyright (c) 2021 - 2024 Stefan Rinkes</Copyright>
         <PackageLicenseExpression>MIT</PackageLicenseExpression>
         <PackageProjectUrl>https://github.com/darinkes/SshNet.Agent/</PackageProjectUrl>
         <GeneratePackageOnBuild>false</GeneratePackageOnBuild>
@@ -19,6 +19,6 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="SSH.NET" Version="2023.0.0" />
+        <PackageReference Include="SSH.NET" Version="2024.0.0" />
     </ItemGroup>
 </Project>