fix RSA key signatures

2024-07-04 21:57:27 -04:00
parent 10231df860
commit a32e36be7e
8 changed files with 124 additions and 32 deletions
--- a/src-tauri/src/srv/agent.rs
+++ b/src-tauri/src/srv/agent.rs
@ -1,5 +1,4 @@
 use futures::SinkExt;
-use signature::Signer;
 use ssh_agent_lib::agent::MessageCodec;
 use ssh_agent_lib::proto::message::{
    Message,
@ -36,12 +35,21 @@ async fn handle(
                adapter.send(resp).await?;
            },
            Message::SignRequest(req) => {
-                // CloseWaiter could corrupt the framing, but this doesn't matter
-                // since we don't plan to pull any more frames out of the stream
+                // Note: If the client writes more data to the stream *while* at the
+                // same time waiting for a resopnse to a previous request, this will
+                // corrupt the framing. Clients don't seem to behave that way though?
                let waiter = CloseWaiter { stream: adapter.get_mut() };
                let resp = sign_request(req, app_handle.clone(), client_pid, waiter).await?;
+                
+                // have to do this before we send since we can't inspect the message after
+                let is_failure = matches!(resp, Message::Failure);
                adapter.send(resp).await?;
-                break;
+
+                if is_failure {
+                    // this way we don't get spammed with requests for other keys
+                    // after denying the first
+                    break
+                }
            },
            _ => adapter.send(Message::Failure).await?,
        };
@ -93,15 +101,8 @@ async fn sign_request(
        }

        let key = state.sshkey_by_name(&key_name).await?;
-        let sig = Signer::sign(&key.private_key, &req.data);
-        let key_type = key.algorithm.as_str().as_bytes();
-
-        let payload_len = key_type.len() + sig.as_bytes().len() + 8;
-        let mut payload = Vec::with_capacity(payload_len);
-        encode_string(&mut payload, key.algorithm.as_str().as_bytes());
-        encode_string(&mut payload, sig.as_bytes());
-
-        Ok(Message::SignResponse(payload))
+        let sig = key.sign_request(&req)?;
+        Ok(Message::SignResponse(sig))
    };

    let res = proceed.await;
@ -112,10 +113,3 @@ async fn sign_request(
    lease.release();
    res
 }
-
-
-fn encode_string(buf: &mut Vec<u8>, s: &[u8]) {
-    let len = s.len() as u32;
-    buf.extend(len.to_be_bytes());
-    buf.extend(s);
-}