From 0020b51aab067b4ff37d4ed66b06ebc3d5bea5f5 Mon Sep 17 00:00:00 2001 From: Arin Ghazarian Date: Wed, 26 Jun 2024 18:45:29 -0700 Subject: [PATCH 1/4] Remove rsa-sha2-256 workaround --- src/bbs2gh/RsaWithSha256SignatureKey.cs | 76 ------------------- .../Services/BbsSshArchiveDownloader.cs | 49 +----------- src/bbs2gh/bbs2gh.csproj | 2 +- 3 files changed, 5 insertions(+), 122 deletions(-) delete mode 100644 src/bbs2gh/RsaWithSha256SignatureKey.cs diff --git a/src/bbs2gh/RsaWithSha256SignatureKey.cs b/src/bbs2gh/RsaWithSha256SignatureKey.cs deleted file mode 100644 index 7589efbd1..000000000 --- a/src/bbs2gh/RsaWithSha256SignatureKey.cs +++ /dev/null @@ -1,76 +0,0 @@ -using System; -using System.Security.Cryptography; -using Renci.SshNet.Common; -using Renci.SshNet.Security; -using Renci.SshNet.Security.Cryptography; -using Renci.SshNet.Security.Cryptography.Ciphers; - -namespace OctoshiftCLI.BbsToGithub; - -// workaround for RSA keys on Ubuntu 22.04 -// https://github.com/sshnet/SSH.NET/issues/825#issuecomment-1139440419 - -public class RsaWithSha256SignatureKey : RsaKey -{ - public RsaWithSha256SignatureKey(BigInteger modulus, BigInteger exponent, BigInteger d, BigInteger p, BigInteger q, - BigInteger inverseQ) : base(modulus, exponent, d, p, q, inverseQ) - { - } - - private RsaSha256DigitalSignature _digitalSignature; - - protected override DigitalSignature DigitalSignature - { - get - { - _digitalSignature ??= new RsaSha256DigitalSignature(this); - - return _digitalSignature; - } - } - - public override string ToString() => "rsa-sha2-256"; -} - -public class RsaSha256DigitalSignature : CipherDigitalSignature, IDisposable -{ - private HashAlgorithm _hash; - - public RsaSha256DigitalSignature(RsaWithSha256SignatureKey rsaKey) - // custom OID - : base(new ObjectIdentifier(2, 16, 840, 1, 101, 3, 4, 2, 1), new RsaCipher(rsaKey)) - { - // custom - _hash = SHA256.Create(); - } - - protected override byte[] Hash(byte[] input) => _hash.ComputeHash(input); - - private bool _isDisposed; - - public void Dispose() - { - Dispose(true); - GC.SuppressFinalize(this); - } - - protected virtual void Dispose(bool disposing) - { - if (_isDisposed) - { - return; - } - - if (disposing) - { - var hash = _hash; - if (hash != null) - { - hash.Dispose(); - _hash = null; - } - - _isDisposed = true; - } - } -} diff --git a/src/bbs2gh/Services/BbsSshArchiveDownloader.cs b/src/bbs2gh/Services/BbsSshArchiveDownloader.cs index ba71b24c0..28bad6c6a 100644 --- a/src/bbs2gh/Services/BbsSshArchiveDownloader.cs +++ b/src/bbs2gh/Services/BbsSshArchiveDownloader.cs @@ -14,9 +14,6 @@ public sealed class BbsSshArchiveDownloader : IBbsArchiveDownloader, IDisposable private const int DOWNLOAD_PROGRESS_REPORT_INTERVAL_IN_SECONDS = 10; private readonly ISftpClient _sftpClient; - private readonly RsaKey _rsaKey; - private readonly PrivateKeyFile _privateKey; - private readonly PrivateKeyAuthenticationMethod _authenticationMethodRsa; private readonly OctoLogger _log; private readonly FileSystemProvider _fileSystemProvider; private readonly object _mutex = new(); @@ -26,43 +23,7 @@ public BbsSshArchiveDownloader(OctoLogger log, FileSystemProvider fileSystemProv { _log = log; _fileSystemProvider = fileSystemProvider; - - _privateKey = new PrivateKeyFile(privateKeyFileFullPath); - - if (IsRsaKey(_privateKey)) - { - _rsaKey = UpdatePrivateKeyFileToRsaSha256(_privateKey); - _authenticationMethodRsa = new PrivateKeyAuthenticationMethod(sshUser, _privateKey); - var connection = new ConnectionInfo(host, sshPort, sshUser, _authenticationMethodRsa); - connection.HostKeyAlgorithms["rsa-sha2-256"] = data => new KeyHostAlgorithm("rsa-sha2-256", _rsaKey, data); - _sftpClient = new SftpClient(connection); - } - else - { - _sftpClient = new SftpClient(host, sshPort, sshUser, _privateKey); - } - } - - private bool IsRsaKey(PrivateKeyFile privateKeyFile) => privateKeyFile.HostKey is KeyHostAlgorithm keyHostAlgorithm && keyHostAlgorithm.Key is RsaKey; - - private RsaWithSha256SignatureKey UpdatePrivateKeyFileToRsaSha256(PrivateKeyFile privateKeyFile) - { - if ((privateKeyFile.HostKey as KeyHostAlgorithm).Key is not RsaKey oldRsaKey) - { - throw new ArgumentException("The private key file is not an RSA key.", nameof(privateKeyFile)); - } - - var rsaKey = new RsaWithSha256SignatureKey(oldRsaKey.Modulus, oldRsaKey.Exponent, oldRsaKey.D, oldRsaKey.P, oldRsaKey.Q, oldRsaKey.InverseQ); - - var keyHostAlgorithm = new KeyHostAlgorithm(rsaKey.ToString(), rsaKey); - - var hostKeyProperty = typeof(PrivateKeyFile).GetProperty(nameof(PrivateKeyFile.HostKey)); - hostKeyProperty.SetValue(privateKeyFile, keyHostAlgorithm); - - var keyField = typeof(PrivateKeyFile).GetField("_key", BindingFlags.NonPublic | BindingFlags.Instance); - keyField.SetValue(privateKeyFile, rsaKey); - - return rsaKey; + _sftpClient = new SftpClient(host, sshPort, sshUser, new PrivateKeyFile(privateKeyFileFullPath)); } internal BbsSshArchiveDownloader(OctoLogger log, FileSystemProvider fileSystemProvider, ISftpClient sftpClient) @@ -125,7 +86,8 @@ private void LogProgress(ulong downloadedBytes, ulong totalBytes) return; } - _log.LogInformation($"Archive download in progress, {GetLogFriendlySize(downloadedBytes)} out of {GetLogFriendlySize(totalBytes)} ({GetPercentage(downloadedBytes, totalBytes)}) completed..."); + _log.LogInformation( + $"Archive download in progress, {GetLogFriendlySize(downloadedBytes)} out of {GetLogFriendlySize(totalBytes)} ({GetPercentage(downloadedBytes, totalBytes)}) completed..."); _nextProgressReport = _nextProgressReport.AddSeconds(DOWNLOAD_PROGRESS_REPORT_INTERVAL_IN_SECONDS); } @@ -159,9 +121,6 @@ private string GetLogFriendlySize(ulong size) public void Dispose() { - (_sftpClient as IDisposable)?.Dispose(); - (_rsaKey as IDisposable)?.Dispose(); - (_authenticationMethodRsa as IDisposable)?.Dispose(); - (_privateKey as IDisposable)?.Dispose(); + _sftpClient?.Dispose(); } } diff --git a/src/bbs2gh/bbs2gh.csproj b/src/bbs2gh/bbs2gh.csproj index 6a46031e8..1c25ff12a 100644 --- a/src/bbs2gh/bbs2gh.csproj +++ b/src/bbs2gh/bbs2gh.csproj @@ -13,7 +13,7 @@ - + From 718a3b6d391e6639358bccfecd60539a83fdb766 Mon Sep 17 00:00:00 2001 From: Arin Ghazarian Date: Wed, 26 Jun 2024 18:54:06 -0700 Subject: [PATCH 2/4] dotnet format --- src/bbs2gh/Services/BbsSshArchiveDownloader.cs | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/bbs2gh/Services/BbsSshArchiveDownloader.cs b/src/bbs2gh/Services/BbsSshArchiveDownloader.cs index 28bad6c6a..d9901c4b4 100644 --- a/src/bbs2gh/Services/BbsSshArchiveDownloader.cs +++ b/src/bbs2gh/Services/BbsSshArchiveDownloader.cs @@ -1,11 +1,9 @@ using System; using System.IO; -using System.Reflection; using System.Threading.Tasks; using OctoshiftCLI.Extensions; using OctoshiftCLI.Services; using Renci.SshNet; -using Renci.SshNet.Security; namespace OctoshiftCLI.BbsToGithub.Services; From 052fa1a7ff377a39bdb9e37abc08c788d6060fb1 Mon Sep 17 00:00:00 2001 From: Arin Ghazarian Date: Wed, 18 Dec 2024 12:16:53 -0800 Subject: [PATCH 3/4] Upgrade ssh.net to 2024.2.0 --- src/bbs2gh/bbs2gh.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bbs2gh/bbs2gh.csproj b/src/bbs2gh/bbs2gh.csproj index d6ab17cf3..803f9e731 100644 --- a/src/bbs2gh/bbs2gh.csproj +++ b/src/bbs2gh/bbs2gh.csproj @@ -13,7 +13,7 @@ - + From b98ae1a79f0c3a0b605f4563fb72bd59b2688540 Mon Sep 17 00:00:00 2001 From: Arin Ghazarian Date: Wed, 18 Dec 2024 13:47:40 -0800 Subject: [PATCH 4/4] Dispose the private key --- src/bbs2gh/Services/BbsSshArchiveDownloader.cs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/bbs2gh/Services/BbsSshArchiveDownloader.cs b/src/bbs2gh/Services/BbsSshArchiveDownloader.cs index d9901c4b4..0d6dacc12 100644 --- a/src/bbs2gh/Services/BbsSshArchiveDownloader.cs +++ b/src/bbs2gh/Services/BbsSshArchiveDownloader.cs @@ -12,6 +12,7 @@ public sealed class BbsSshArchiveDownloader : IBbsArchiveDownloader, IDisposable private const int DOWNLOAD_PROGRESS_REPORT_INTERVAL_IN_SECONDS = 10; private readonly ISftpClient _sftpClient; + private readonly PrivateKeyFile _privateKey; private readonly OctoLogger _log; private readonly FileSystemProvider _fileSystemProvider; private readonly object _mutex = new(); @@ -21,7 +22,8 @@ public BbsSshArchiveDownloader(OctoLogger log, FileSystemProvider fileSystemProv { _log = log; _fileSystemProvider = fileSystemProvider; - _sftpClient = new SftpClient(host, sshPort, sshUser, new PrivateKeyFile(privateKeyFileFullPath)); + _privateKey = new PrivateKeyFile(privateKeyFileFullPath); + _sftpClient = new SftpClient(host, sshPort, sshUser, _privateKey); } internal BbsSshArchiveDownloader(OctoLogger log, FileSystemProvider fileSystemProvider, ISftpClient sftpClient) @@ -120,5 +122,6 @@ private string GetLogFriendlySize(ulong size) public void Dispose() { _sftpClient?.Dispose(); + _privateKey?.Dispose(); } }