From a277e9f5bdd5247cb4f75f9adfd908931e400cfa Mon Sep 17 00:00:00 2001 From: Jovi Hsu Date: Sun, 10 Sep 2023 23:41:18 +0800 Subject: [PATCH] Fix for the broken ci test, also bump aes to v0.8 (#1) * fix workflows * bump aes to 0.8, fix workflows --- .github/workflows/build.yml | 2 +- Cargo.toml | 3 ++- build_check.sh | 8 ++++++++ changelog | 3 ++- src/algorithm/encryption/aes_ctr.rs | 18 +++++++++++------- src/algorithm/public_key/rsa.rs | 2 +- src/channel/local/channel_scp.rs | 2 +- src/config/auth.rs | 2 +- 8 files changed, 27 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2eacfee..912ad3e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -98,6 +98,6 @@ jobs: - name: run ssh run: mkdir /run/sshd && /usr/sbin/sshd -T &&/usr/sbin/sshd -D -p 8888 & - name: Test - run: cargo test --all-features + run: cargo test --all-features -- --test-threads 1 - name: Doc test run: cargo test --doc --all-features \ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml index f532ef5..abd9586 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,7 +28,8 @@ strum_macros = "0.25" sha1 = { version = "0.10.5", default-features = false, features = ["oid"], optional = true } sha2 = { version = "0.10.6", default-features = false, features = ["oid"]} rsa = "0.9" -aes = { version = "0.7", features = ["ctr"] } +aes = "0.8" +ctr = "0.9" ssh-key = { version = "0.6", features = ["rsa", "ed25519", "alloc"]} signature = "2.1" ring = "0.16" diff --git a/build_check.sh b/build_check.sh index 30eb09a..e30e664 100644 --- a/build_check.sh +++ b/build_check.sh @@ -5,6 +5,14 @@ cargo fmt --all -- --check > /dev/null echo done echo echo +echo clippy check +cargo clippy -- -D warnings > /dev/null +echo +echo +echo clippy all check +cargo clippy --all-features -- -D warnings > /dev/null +echo +echo echo linux build check cargo build --target x86_64-unknown-linux-gnu > /dev/null echo done diff --git a/changelog b/changelog index 1813849..f25ec4c 100644 --- a/changelog +++ b/changelog @@ -1,9 +1,10 @@ -v0.3.3 (TBD) +v0.3.3 (2023-09-10) 1. fix hang when tcp connects to a non-existent host 2. refactor aes_ctr file 3. translate the changelogs 4. use std::time::Duration as timeout rather than u128 5. add the support for ssh message `SSH_MSG_CHANNEL_EXTENDED_DATA` + 6. bump dependencies v0.3.2 (2023-01-10) 1. fix some error with hmac2 diff --git a/src/algorithm/encryption/aes_ctr.rs b/src/algorithm/encryption/aes_ctr.rs index 9b163df..e2d9976 100644 --- a/src/algorithm/encryption/aes_ctr.rs +++ b/src/algorithm/encryption/aes_ctr.rs @@ -3,8 +3,12 @@ use crate::algorithm::hash::Hash; use crate::algorithm::mac::Mac; use crate::error::SshError; use crate::SshResult; -use aes::cipher::{NewCipher, StreamCipher, StreamCipherSeek}; -use aes::{Aes128Ctr, Aes192Ctr, Aes256Ctr}; +use aes::cipher::{KeyIvInit, StreamCipher, StreamCipherSeek}; +use ctr; + +type Aes128Ctr64BE = ctr::Ctr64BE; +type Aes192Ctr64BE = ctr::Ctr64BE; +type Aes256Ctr64BE = ctr::Ctr64BE; const CTR128_BLOCK_SIZE: usize = 16; const CTR192_BLOCK_SIZE: usize = 24; @@ -65,8 +69,8 @@ macro_rules! crate_aes { siv.clone_from_slice(&hash.iv_s_c[..$iv_size]); // TODO unwrap - let c = $alg::new_from_slices(&ckey, &civ).unwrap(); - let r = $alg::new_from_slices(&skey, &siv).unwrap(); + let c = $alg::new(&ckey.into(), &civ.into()); + let r = $alg::new(&skey.into(), &siv.into()); // hmac let (ik_c_s, ik_s_c) = hash.mix_ik(mac.bsize()); $name { @@ -133,8 +137,8 @@ macro_rules! crate_aes { } // aes-128-ctr -crate_aes!(Ctr128, Aes128Ctr, CTR128_BLOCK_SIZE, IV_SIZE); +crate_aes!(Ctr128, Aes128Ctr64BE, CTR128_BLOCK_SIZE, IV_SIZE); // aes-192-ctr -crate_aes!(Ctr192, Aes192Ctr, CTR192_BLOCK_SIZE, IV_SIZE); +crate_aes!(Ctr192, Aes192Ctr64BE, CTR192_BLOCK_SIZE, IV_SIZE); // aes-256-ctr -crate_aes!(Ctr256, Aes256Ctr, CTR256_BLOCK_SIZE, IV_SIZE); +crate_aes!(Ctr256, Aes256Ctr64BE, CTR256_BLOCK_SIZE, IV_SIZE); diff --git a/src/algorithm/public_key/rsa.rs b/src/algorithm/public_key/rsa.rs index 4e6a958..5c901a1 100644 --- a/src/algorithm/public_key/rsa.rs +++ b/src/algorithm/public_key/rsa.rs @@ -47,7 +47,7 @@ impl PubK for RsaSha512 { let e = rsa::BigUint::from_bytes_be(data.get_u8s().as_slice()); let n = rsa::BigUint::from_bytes_be(data.get_u8s().as_slice()); let public_key = rsa::RsaPublicKey::new(n, e).unwrap(); - let scheme = Pkcs1v15Sign::new::(); + let scheme = Pkcs1v15Sign::new::(); let digest = ring::digest::digest(&ring::digest::SHA512, message); let msg = digest.as_ref(); diff --git a/src/channel/local/channel_scp.rs b/src/channel/local/channel_scp.rs index 472b554..7da2208 100644 --- a/src/channel/local/channel_scp.rs +++ b/src/channel/local/channel_scp.rs @@ -388,7 +388,7 @@ where self.save_file(scp_file) } - fn save_file(&mut self, scp_file: &ScpFile) -> SshResult<()> { + fn save_file(&mut self, scp_file: &mut ScpFile) -> SshResult<()> { log::debug!( "name: [{}] size: [{}] type: [file] start download.", scp_file.name, diff --git a/src/config/auth.rs b/src/config/auth.rs index 132e587..8314258 100644 --- a/src/config/auth.rs +++ b/src/config/auth.rs @@ -98,7 +98,7 @@ impl KeyPair { ring::digest::digest(&ring::digest::SHA512, sd), ), PubKey::RsaSha2_256 => ( - Pkcs1v15Sign::new::(), + Pkcs1v15Sign::new::(), ring::digest::digest(&ring::digest::SHA256, sd), ), #[cfg(feature = "dangerous-rsa-sha1")]