merge russh-keys into russh (#450)

Cargo.toml

@@ -1,6 +1,5 @@
 [workspace]
 members = [
-    "russh-keys",
     "russh",
     "russh-config",
     "cryptovec",

russh/Cargo.toml

@@ -14,52 +14,87 @@ rust-version = "1.65"
 
 [features]
 default = ["flate2"]
-legacy-ed25519-pkcs8-parser = ["russh-keys/legacy-ed25519-pkcs8-parser"]
+legacy-ed25519-pkcs8-parser = ["yasna"]
 # Danger: 3DES cipher is insecure.
 des = ["dep:des"]
 
 [dependencies]
-aes.workspace = true
 aes-gcm = "0.10"
-cbc = { version = "0.1" }
+aes.workspace = true
 async-trait.workspace = true
 bitflags = "2.0"
+block-padding = { version = "0.3", features = ["std"] }
 byteorder.workspace = true
 bytes.workspace = true
+cbc = { version = "0.1" }
 chacha20 = "0.9"
 ctr = "0.9"
 curve25519-dalek = "4.1.3"
+data-encoding = "2.3"
 delegate.workspace = true
 digest.workspace = true
+der = "0.7"
+des = { version = "0.8.1", optional = true }
+ecdsa = "0.16"
+ed25519-dalek = { version = "2.0", features = ["rand_core", "pkcs8"] }
 elliptic-curve = { version = "0.13", features = ["ecdh"] }
+enum_dispatch = "0.3.13"
 flate2 = { version = "1.0.15", optional = true }
 futures.workspace = true
 generic-array = "0.14"
+getrandom = { version = "0.2.15", features = ["js"] }
 hex-literal = "0.4"
 hmac.workspace = true
+inout = { version = "0.1", features = ["std"] }
 log.workspace = true
+md5 = "0.7"
 num-bigint = { version = "0.4.2", features = ["rand"] }
+# num-integer = "0.1"
 once_cell = "1.13"
 p256 = { version = "0.13", features = ["ecdh"] }
 p384 = { version = "0.13", features = ["ecdh"] }
 p521 = { version = "0.13", features = ["ecdh"] }
+pbkdf2 = "0.12"
+pkcs1 = "0.7"
+pkcs5 = "0.7"
+pkcs8 = { version = "0.10", features = ["pkcs5", "encryption"] }
 poly1305 = "0.8"
+rand_core = { version = "0.6.4", features = ["getrandom", "std"] }
 rand.workspace = true
-rand_core = { version = "0.6.4", features = ["getrandom"] }
 rsa.workspace = true
-russh-cryptovec = { version = "0.48.0", path = "../cryptovec" }
-russh-keys = { version = "0.50.0-beta.7", path = "../russh-keys" }
+russh-cryptovec = { version = "0.48.0", path = "../cryptovec", features = [
+  "ssh-encoding",
+] }
+russh-util = { version = "0.48.0", path = "../russh-util" }
+sec1 = { version = "0.7", features = ["pkcs8", "der"] }
 sha1.workspace = true
 sha2.workspace = true
 signature.workspace = true
+spki = "0.7"
 ssh-encoding.workspace = true
 ssh-key.workspace = true
 subtle = "2.4"
 thiserror.workspace = true
-russh-util = { version = "0.48.0", path = "../russh-util" }
-des = { version = "0.8.1", optional = true }
 tokio = { workspace = true, features = ["io-util", "sync", "time"] }
-enum_dispatch = "0.3.13"
+typenum = "1.17"
+yasna = { version = "0.5.0", features = [
+    "bit-vec",
+    "num-bigint",
+], optional = true }
+zeroize = "1.7"
+
+[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
+tokio = { workspace = true, features = [
+  "io-util",
+  "rt-multi-thread",
+  "time",
+  "net",
+] }
+tokio-stream.workspace = true
+home.workspace = true
+
+[target.'cfg(windows)'.dependencies]
+pageant = { version = "0.0.2", path = "../pageant" }
 
 [dev-dependencies]
 anyhow = "1.0.4"
@@ -79,6 +114,7 @@ shell-escape = "0.1"
 tokio-fd = "0.3"
 termion = "2"
 ratatui = "0.29.0"
+tempfile = "3.14.0"
 
 [target.'cfg(not(target_arch = "wasm32"))'.dev-dependencies]
 russh-sftp = "2.0.5"

russh/examples/echoserver.rs

@@ -3,10 +3,9 @@ use std::sync::Arc;
 
 use async_trait::async_trait;
 use rand_core::OsRng;
-use russh::keys::*;
+use russh::keys::{Certificate, *};
 use russh::server::{Msg, Server as _, Session};
 use russh::*;
-use russh_keys::Certificate;
 use tokio::sync::Mutex;
 
 #[tokio::main]
@@ -20,7 +19,7 @@ async fn main() {
         auth_rejection_time: std::time::Duration::from_secs(3),
         auth_rejection_time_initial: Some(std::time::Duration::from_secs(0)),
         keys: vec![
-            russh_keys::PrivateKey::random(&mut OsRng, russh_keys::Algorithm::Ed25519).unwrap(),
+            russh::keys::PrivateKey::random(&mut OsRng, russh::keys::Algorithm::Ed25519).unwrap(),
         ],
         preferred: Preferred {
             // kex: std::borrow::Cow::Owned(vec![russh::kex::DH_GEX_SHA256]),

russh/examples/ratatui_app.rs

@@ -121,7 +121,7 @@ impl AppServer {
             auth_rejection_time: std::time::Duration::from_secs(3),
             auth_rejection_time_initial: Some(std::time::Duration::from_secs(0)),
             keys: vec![
-                russh_keys::PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap(),
+                russh::keys::PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap(),
             ],
             nodelay: true,
             ..Default::default()

russh/examples/ratatui_shared_app.rs

@@ -123,7 +123,7 @@ impl AppServer {
             auth_rejection_time: std::time::Duration::from_secs(3),
             auth_rejection_time_initial: Some(std::time::Duration::from_secs(0)),
             keys: vec![
-                russh_keys::PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap(),
+                russh::keys::PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap(),
             ],
             nodelay: true,
             ..Default::default()

russh/examples/sftp_client.rs

@@ -2,8 +2,8 @@ use std::sync::Arc;
 
 use async_trait::async_trait;
 use log::{error, info, LevelFilter};
+use russh::keys::*;
 use russh::*;
-use russh_keys::*;
 use russh_sftp::client::SftpSession;
 use russh_sftp::protocol::OpenFlags;
 use tokio::io::{AsyncReadExt, AsyncSeekExt, AsyncWriteExt};

russh/examples/sftp_server.rs

@@ -53,7 +53,7 @@ impl russh::server::Handler for SshSession {
     async fn auth_publickey(
         &mut self,
         user: &str,
-        public_key: &russh_keys::ssh_key::PublicKey,
+        public_key: &russh::keys::ssh_key::PublicKey,
     ) -> Result<Auth, Self::Error> {
         info!("credentials: {}, {:?}", user, public_key);
         Ok(Auth::Accept)
@@ -182,7 +182,7 @@ async fn main() {
         auth_rejection_time: Duration::from_secs(3),
         auth_rejection_time_initial: Some(Duration::from_secs(0)),
         keys: vec![
-            russh_keys::PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap(),
+            russh::keys::PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap(),
         ],
         ..Default::default()
     };

russh/examples/test.rs

@@ -15,7 +15,7 @@ async fn main() -> anyhow::Result<()> {
     config.auth_rejection_time = std::time::Duration::from_secs(3);
     config
         .keys
-        .push(russh_keys::PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap());
+        .push(russh::keys::PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap());
     let config = Arc::new(config);
     let mut sh = Server {
         clients: Arc::new(Mutex::new(HashMap::new())),

russh/src/auth.rs

@@ -18,12 +18,12 @@ use std::str::FromStr;
 use std::sync::Arc;
 
 use async_trait::async_trait;
-use russh_keys::helpers::NameList;
-use russh_keys::key::PrivateKeyWithHashAlg;
 use ssh_key::{Certificate, PrivateKey};
 use thiserror::Error;
 use tokio::io::{AsyncRead, AsyncWrite};
 
+use crate::helpers::NameList;
+use crate::keys::key::PrivateKeyWithHashAlg;
 use crate::CryptoVec;
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
@@ -163,12 +163,12 @@ pub enum AgentAuthError {
     #[error(transparent)]
     Send(#[from] crate::SendError),
     #[error(transparent)]
-    Key(#[from] russh_keys::Error),
+    Key(#[from] crate::keys::Error),
 }
 
 #[async_trait]
 impl<R: AsyncRead + AsyncWrite + Unpin + Send + 'static> Signer
-    for russh_keys::agent::client::AgentClient<R>
+    for crate::keys::agent::client::AgentClient<R>
 {
     type Error = AgentAuthError;
 

russh/src/cert.rs

@@ -1,11 +1,12 @@
-use russh_keys::key::PrivateKeyWithHashAlg;
 use ssh_key::{Certificate, HashAlg, PublicKey};
 #[cfg(not(target_arch = "wasm32"))]
 use {
-    russh_keys::helpers::AlgorithmExt, ssh_encoding::Decode, ssh_key::public::KeyData,
+    crate::helpers::AlgorithmExt, ssh_encoding::Decode, ssh_key::public::KeyData,
     ssh_key::Algorithm,
 };
 
+use crate::keys::key::PrivateKeyWithHashAlg;
+
 #[derive(Debug)]
 pub(crate) enum PublicKeyOrCertificate {
     PublicKey {

russh/src/client/encrypted.rs

@@ -18,12 +18,12 @@ use std::ops::Deref;
 
 use bytes::Bytes;
 use log::{debug, error, info, trace, warn};
-use russh_keys::helpers::{map_err, sign_with_hash_alg, AlgorithmExt, EncodedExt, NameList};
 use ssh_encoding::{Decode, Encode};
 
 use super::IncomingSshPacket;
 use crate::cert::PublicKeyOrCertificate;
 use crate::client::{Handler, Msg, Prompt, Reply, Session};
+use crate::helpers::{map_err, sign_with_hash_alg, AlgorithmExt, EncodedExt, NameList};
 use crate::keys::key::parse_public_key;
 use crate::parsing::{ChannelOpenConfirmation, ChannelType, OpenChannelMessage};
 use crate::session::{Encrypted, EncryptedState, GlobalRequestResponse};

russh/src/client/kex.rs

@@ -5,8 +5,6 @@ use std::sync::Arc;
 
 use bytes::Bytes;
 use log::{debug, error, warn};
-use russh_cryptovec::CryptoVec;
-use russh_keys::key::parse_public_key;
 use signature::Verifier;
 use ssh_encoding::{Decode, Encode};
 use ssh_key::{Mpint, PublicKey, Signature};
@@ -15,10 +13,11 @@ use super::IncomingSshPacket;
 use crate::client::{Config, NewKeys};
 use crate::kex::dh::groups::DhGroup;
 use crate::kex::{KexAlgorithm, KexAlgorithmImplementor, KexCause, KexProgress, KEXES};
+use crate::keys::key::parse_public_key;
 use crate::negotiation::{Names, Select};
 use crate::session::Exchange;
 use crate::sshbuffer::PacketWriter;
-use crate::{msg, negotiation, strict_kex_violation, Error, SshId};
+use crate::{msg, negotiation, strict_kex_violation, CryptoVec, Error, SshId};
 
 thread_local! {
     static HASH_BUFFER: RefCell<CryptoVec> = RefCell::new(CryptoVec::new());

russh/src/client/mod.rs

@@ -45,8 +45,6 @@ use futures::task::{Context, Poll};
 use futures::Future;
 use kex::ClientKex;
 use log::{debug, error, trace};
-use russh_keys::key::PrivateKeyWithHashAlg;
-use russh_keys::map_err;
 use russh_util::time::Instant;
 use ssh_encoding::Decode;
 use ssh_key::{Certificate, PrivateKey, PublicKey};
@@ -61,13 +59,14 @@ pub use crate::auth::AuthResult;
 use crate::channels::{Channel, ChannelMsg, ChannelRef, WindowSizeRef};
 use crate::cipher::{self, clear, OpeningKey};
 use crate::kex::{KexCause, KexProgress, SessionKexState};
+use crate::keys::key::PrivateKeyWithHashAlg;
 use crate::msg::{is_kex_msg, validate_server_msg_strict_kex};
 use crate::session::{CommonSession, EncryptedState, GlobalRequestResponse, NewKeys};
 use crate::ssh_read::SshRead;
 use crate::sshbuffer::{IncomingSshPacket, PacketWriter, SSHBuffer, SshId};
 use crate::{
-    auth, msg, negotiation, ChannelId, ChannelOpenFailure, CryptoVec, Disconnect, Error, Limits,
-    MethodSet, Sig,
+    auth, map_err, msg, negotiation, ChannelId, ChannelOpenFailure, CryptoVec, Disconnect, Error,
+    Limits, MethodSet, Sig,
 };
 
 mod encrypted;
@@ -397,7 +396,7 @@ impl<H: Handler> Handle<H> {
 
     /// Authenticate using a custom method that implements the
     /// [`Signer`][auth::Signer] trait. Currently, this crate only provides an
-    /// implementation for an [SSH agent][russh_keys::agent::client::AgentClient].
+    /// implementation for an [SSH agent][crate::keys::agent::client::AgentClient].
     pub async fn authenticate_publickey_with<U: Into<String>, S: auth::Signer>(
         &mut self,
         user: U,