Fix for the broken ci test, also bump aes to v0.8 (#1)

HsuJv · web-flow · commit a277e9f5bdd5 · 2023-09-10T17:41:18.000+02:00
* fix workflows

* bump aes to 0.8, fix workflows
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -98,6 +98,6 @@ jobs:
       - name: run ssh
         run: mkdir /run/sshd && /usr/sbin/sshd -T &&/usr/sbin/sshd -D -p 8888 &
       - name: Test
-        run: cargo test --all-features
+        run: cargo test --all-features -- --test-threads 1
       - name: Doc test
         run: cargo test --doc --all-features
diff --git a/Cargo.toml b/Cargo.toml
@@ -28,7 +28,8 @@ strum_macros = "0.25"
 sha1  = { version = "0.10.5", default-features = false, features = ["oid"], optional = true }
 sha2  = { version = "0.10.6", default-features = false, features = ["oid"]}
 rsa = "0.9"
-aes = { version = "0.7", features = ["ctr"] }
+aes = "0.8"
+ctr = "0.9"
 ssh-key = { version = "0.6", features = ["rsa", "ed25519", "alloc"]}
 signature = "2.1"
 ring = "0.16"
diff --git a/build_check.sh b/build_check.sh
@@ -5,6 +5,14 @@ cargo fmt --all -- --check > /dev/null
 echo done
 echo
 echo
+echo clippy check
+cargo clippy -- -D warnings > /dev/null
+echo
+echo
+echo clippy all check
+cargo clippy --all-features -- -D warnings > /dev/null
+echo
+echo
 echo linux build check
 cargo build --target x86_64-unknown-linux-gnu > /dev/null
 echo done
diff --git a/changelog b/changelog
@@ -1,9 +1,10 @@
-v0.3.3 (TBD)
+v0.3.3 (2023-09-10)
     1. fix hang when tcp connects to a non-existent host
     2. refactor aes_ctr file
     3. translate the changelogs
     4. use std::time::Duration as timeout rather than u128
     5. add the support for ssh message `SSH_MSG_CHANNEL_EXTENDED_DATA`
+    6. bump dependencies
 
 v0.3.2 (2023-01-10)
     1. fix some error with hmac2
diff --git a/src/algorithm/encryption/aes_ctr.rs b/src/algorithm/encryption/aes_ctr.rs
@@ -3,8 +3,12 @@ use crate::algorithm::hash::Hash;
 use crate::algorithm::mac::Mac;
 use crate::error::SshError;
 use crate::SshResult;
-use aes::cipher::{NewCipher, StreamCipher, StreamCipherSeek};
-use aes::{Aes128Ctr, Aes192Ctr, Aes256Ctr};
+use aes::cipher::{KeyIvInit, StreamCipher, StreamCipherSeek};
+use ctr;
+
+type Aes128Ctr64BE = ctr::Ctr64BE<aes::Aes128>;
+type Aes192Ctr64BE = ctr::Ctr64BE<aes::Aes192>;
+type Aes256Ctr64BE = ctr::Ctr64BE<aes::Aes256>;
 
 const CTR128_BLOCK_SIZE: usize = 16;
 const CTR192_BLOCK_SIZE: usize = 24;
@@ -65,8 +69,8 @@ macro_rules! crate_aes {
                 siv.clone_from_slice(&hash.iv_s_c[..$iv_size]);
 
                 // TODO unwrap
-                let c = $alg::new_from_slices(&ckey, &civ).unwrap();
-                let r = $alg::new_from_slices(&skey, &siv).unwrap();
+                let c = $alg::new(&ckey.into(), &civ.into());
+                let r = $alg::new(&skey.into(), &siv.into());
                 // hmac
                 let (ik_c_s, ik_s_c) = hash.mix_ik(mac.bsize());
                 $name {
@@ -133,8 +137,8 @@ macro_rules! crate_aes {
 }
 
 // aes-128-ctr
-crate_aes!(Ctr128, Aes128Ctr, CTR128_BLOCK_SIZE, IV_SIZE);
+crate_aes!(Ctr128, Aes128Ctr64BE, CTR128_BLOCK_SIZE, IV_SIZE);
 // aes-192-ctr
-crate_aes!(Ctr192, Aes192Ctr, CTR192_BLOCK_SIZE, IV_SIZE);
+crate_aes!(Ctr192, Aes192Ctr64BE, CTR192_BLOCK_SIZE, IV_SIZE);
 // aes-256-ctr
-crate_aes!(Ctr256, Aes256Ctr, CTR256_BLOCK_SIZE, IV_SIZE);
+crate_aes!(Ctr256, Aes256Ctr64BE, CTR256_BLOCK_SIZE, IV_SIZE);
diff --git a/src/algorithm/public_key/rsa.rs b/src/algorithm/public_key/rsa.rs
@@ -47,7 +47,7 @@ impl PubK for RsaSha512 {
         let e = rsa::BigUint::from_bytes_be(data.get_u8s().as_slice());
         let n = rsa::BigUint::from_bytes_be(data.get_u8s().as_slice());
         let public_key = rsa::RsaPublicKey::new(n, e).unwrap();
-        let scheme = Pkcs1v15Sign::new::<sha2::Sha256>();
+        let scheme = Pkcs1v15Sign::new::<sha2::Sha512>();
 
         let digest = ring::digest::digest(&ring::digest::SHA512, message);
         let msg = digest.as_ref();
diff --git a/src/channel/local/channel_scp.rs b/src/channel/local/channel_scp.rs
@@ -388,7 +388,7 @@ where
         self.save_file(scp_file)
     }
 
-    fn save_file(&mut self, scp_file: &ScpFile) -> SshResult<()> {
+    fn save_file(&mut self, scp_file: &mut ScpFile) -> SshResult<()> {
         log::debug!(
             "name: [{}] size: [{}] type: [file] start download.",
             scp_file.name,
diff --git a/src/config/auth.rs b/src/config/auth.rs
@@ -98,7 +98,7 @@ impl KeyPair {
                         ring::digest::digest(&ring::digest::SHA512, sd),
                     ),
                     PubKey::RsaSha2_256 => (
-                        Pkcs1v15Sign::new::<sha2::Sha512>(),
+                        Pkcs1v15Sign::new::<sha2::Sha256>(),
                         ring::digest::digest(&ring::digest::SHA256, sd),
                     ),
                     #[cfg(feature = "dangerous-rsa-sha1")]

Original file line number	Diff line number	Diff line change
`@@ -388,7 +388,7 @@ where`
`388`	`388`	`self.save_file(scp_file)`
`389`	`389`	`}`
`390`	`390`
`391`		`- fn save_file(&mut self, scp_file: &ScpFile) -> SshResult<()> {`
	`391`	`+ fn save_file(&mut self, scp_file: &mut ScpFile) -> SshResult<()> {`
`392`	`392`	`log::debug!(`
`393`	`393`	`"name: [{}] size: [{}] type: [file] start download.",`
`394`	`394`	`scp_file.name,`