Merge pull request #74 from HsuJv/v0_4_1

add zlib, [email protected] support

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ssh-rs"
-version = "0.4.0"
+version = "0.4.1"
 edition = "2021"
 authors = [
     "Gao Xiang Kang <[email protected]>",
@@ -24,6 +24,7 @@ deprecated-rsa-sha1 = ["dep:sha1"]
 deprecated-dh-group1-sha1 = ["dep:sha1"]
 deprecated-aes-cbc = ["dep:cbc", "dep:cipher"]
 deprecated-des-cbc = ["dep:cbc", "dep:cipher", "dep:des"]
+deprecated-zlib = []
 scp = ["dep:filetime"]
 
 [lib]
@@ -57,6 +58,9 @@ ssh-key = { version = "0.6", features = ["rsa", "ed25519", "alloc"]}
 signature = "2.1"
 ring = "0.16"
 
+## compression
+flate2 = "^1.0"
+
 ## utils
 filetime = { version = "0.2", optional = true }
 

README.md

@@ -198,6 +198,8 @@ match ssh::create_session()
 ### 5. Compression algorithms
 
 * `none`
+* `[email protected]`
+* `zlib` (behind feature "zlib")
 
 ---
 

README_ZH.md

@@ -117,6 +117,7 @@ ssh::create_session().timeout(Some(std::time::Duration::from_secs(5)));
 #### 5. 压缩算法
 
 * `none`
+* `zlib` (behind feature "zlib")
 
 ---
 

changelog

@@ -1,3 +1,6 @@
+v0.4.1 (2023-09-20)
+    1. Add zlib, [email protected] support
+
 v0.4.0 (2023-09-16)
     1. remove chinese comments
     2. add RFC links

src/algorithm/compression/mod.rs

@@ -0,0 +1,43 @@
+use super::Compress;
+use crate::SshResult;
+
+mod zlib;
+/// <https://www.rfc-editor.org/rfc/rfc4253#section-6.2>
+pub(crate) trait Compression: Send + Sync {
+    fn new() -> Self
+    where
+        Self: Sized;
+    // The "[email protected]" method operates identically to the "zlib"
+    // method described in [RFC4252] except that packet compression does not
+    // start until the server sends a SSH_MSG_USERAUTH_SUCCESS packet
+    // so
+    // fn start();
+    fn compress(&mut self, buf: &[u8]) -> SshResult<Vec<u8>>;
+    fn decompress(&mut self, buf: &[u8]) -> SshResult<Vec<u8>>;
+}
+
+pub(crate) fn from(comp: &Compress) -> Box<dyn Compression> {
+    match comp {
+        Compress::None => Box::new(CompressNone::new()),
+        #[cfg(feature = "deprecated-zlib")]
+        Compress::Zlib => Box::new(zlib::CompressZlib::new()),
+        Compress::ZlibOpenSsh => Box::new(zlib::CompressZlib::new()),
+    }
+}
+
+#[derive(Default)]
+pub(crate) struct CompressNone {}
+
+impl Compression for CompressNone {
+    fn new() -> Self {
+        Self {}
+    }
+
+    fn compress(&mut self, buf: &[u8]) -> SshResult<Vec<u8>> {
+        Ok(buf.to_vec())
+    }
+
+    fn decompress(&mut self, buf: &[u8]) -> SshResult<Vec<u8>> {
+        Ok(buf.to_vec())
+    }
+}

src/algorithm/compression/zlib.rs

@@ -0,0 +1,118 @@
+use flate2;
+
+use crate::SshError;
+
+use super::Compression;
+
+/// The "zlib" compression is described in [RFC1950] and in [RFC1951].
+/// The compression context is initialized after each key exchange, and
+/// is passed from one packet to the next, with only a partial flush
+/// being performed at the end of each packet.  A partial flush means
+/// that the current compressed block is ended and all data will be
+/// output.  If the current block is not a stored block, one or more
+/// empty blocks are added after the current block to ensure that there
+/// are at least 8 bits, counting from the start of the end-of-block code
+/// of the current block to the end of the packet payload.
+///
+/// <https://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt>
+/// The "[email protected]" method operates identically to the "zlib"
+/// method described in [RFC4252] except that packet compression does not
+/// start until the server sends a SSH_MSG_USERAUTH_SUCCESS packet,
+/// replacing the "zlib" method's start of compression when the server
+/// sends SSH_MSG_NEWKEYS.
+pub(super) struct CompressZlib {
+    decompressor: flate2::Decompress,
+    compressor: flate2::Compress,
+}
+
+impl Compression for CompressZlib {
+    fn new() -> Self
+    where
+        Self: Sized,
+    {
+        Self {
+            decompressor: flate2::Decompress::new(true),
+            compressor: flate2::Compress::new(flate2::Compression::fast(), true),
+        }
+    }
+
+    fn decompress(&mut self, buf: &[u8]) -> crate::SshResult<Vec<u8>> {
+        let mut buf_in = buf;
+        let mut buf_once = [0; 4096];
+        let mut buf_out = vec![];
+        loop {
+            let in_before = self.decompressor.total_in();
+            let out_before = self.decompressor.total_out();
+
+            let result =
+                self.decompressor
+                    .decompress(buf_in, &mut buf_once, flate2::FlushDecompress::Sync);
+
+            let consumed = (self.decompressor.total_in() - in_before) as usize;
+            let produced = (self.decompressor.total_out() - out_before) as usize;
+
+            match result {
+                Ok(flate2::Status::Ok) => {
+                    buf_in = &buf_in[consumed..];
+                    buf_out.extend(&buf_once[..produced]);
+                }
+                Ok(flate2::Status::StreamEnd) => {
+                    return Err(SshError::CompressionError(
+                        "Stream ends during the decompress".to_owned(),
+                    ));
+                }
+                Ok(flate2::Status::BufError) => {
+                    break;
+                }
+                Err(e) => return Err(SshError::CompressionError(e.to_string())),
+            }
+        }
+
+        Ok(buf_out)
+    }
+
+    fn compress(&mut self, buf: &[u8]) -> crate::SshResult<Vec<u8>> {
+        let mut buf_in = buf;
+        let mut buf_once = [0; 4096];
+        let mut buf_out = vec![];
+        loop {
+            let in_before = self.compressor.total_in();
+            let out_before = self.compressor.total_out();
+
+            let result =
+                self.compressor
+                    .compress(buf_in, &mut buf_once, flate2::FlushCompress::Partial);
+
+            let consumed = (self.compressor.total_in() - in_before) as usize;
+            let produced = (self.compressor.total_out() - out_before) as usize;
+
+            // tracing::info!(consumed);
+            // tracing::info!(produced);
+
+            // means an empty compress
+            // 2 bytes ZLIB header at the start of the stream
+            // 4 bytes CRC checksum at the end of the stream
+            if produced == 6 {
+                break;
+            }
+
+            match result {
+                Ok(flate2::Status::Ok) => {
+                    buf_in = &buf_in[consumed..];
+                    buf_out.extend(&buf_once[..produced]);
+                }
+                Ok(flate2::Status::StreamEnd) => {
+                    return Err(SshError::CompressionError(
+                        "Stream ends during the compress".to_owned(),
+                    ));
+                }
+                Ok(flate2::Status::BufError) => {
+                    break;
+                }
+                Err(e) => return Err(SshError::CompressionError(e.to_string())),
+            }
+        }
+
+        Ok(buf_out)
+    }
+}

src/algorithm/mod.rs

@@ -1,3 +1,4 @@
+pub(crate) mod compression;
 pub(crate) mod encryption;
 pub(crate) mod hash;
 pub(crate) mod key_exchange;
@@ -79,6 +80,11 @@ pub enum Mac {
 pub enum Compress {
     #[strum(serialize = "none")]
     None,
+    #[cfg(feature = "deprecated-zlib")]
+    #[strum(serialize = "zlib")]
+    Zlib,
+    #[strum(serialize = "[email protected]")]
+    ZlibOpenSsh,
 }
 
 #[derive(Default)]

src/client/client.rs

@@ -1,4 +1,7 @@
-use crate::config::algorithm::AlgList;
+use crate::{
+    algorithm::compression::{CompressNone, Compression},
+    config::algorithm::AlgList,
+};
 use crate::{algorithm::encryption::Encryption, config::Config};
 use crate::{algorithm::encryption::EncryptionNone, model::Sequence};
 use std::time::Duration;
@@ -9,6 +12,7 @@ pub(crate) struct Client {
     pub(super) config: Config,
     pub(super) negotiated: AlgList,
     pub(super) encryptor: Box<dyn Encryption>,
+    pub(super) compressor: Box<dyn Compression>,
     pub(super) session_id: Vec<u8>,
 }
 
@@ -17,6 +21,7 @@ impl Client {
         Self {
             config,
             encryptor: Box::<EncryptionNone>::default(),
+            compressor: Box::<CompressNone>::default(),
             negotiated: AlgList::new(),
             session_id: vec![],
             sequence: Sequence::new(),
@@ -27,6 +32,10 @@ impl Client {
         self.encryptor.as_mut()
     }
 
+    pub fn get_compressor(&mut self) -> &mut dyn Compression {
+        self.compressor.as_mut()
+    }
+
     pub fn get_seq(&mut self) -> &mut Sequence {
         &mut self.sequence
     }

src/client/client_auth.rs

@@ -2,7 +2,7 @@ use std::io::{Read, Write};
 use tracing::*;
 
 use crate::{
-    algorithm::Digest,
+    algorithm::{compression, Compress, Digest},
     constant::{ssh_connection_code, ssh_str, ssh_transport_code, ssh_user_auth_code},
     error::{SshError, SshResult},
     model::{Data, Packet, SecPacket},
@@ -58,6 +58,12 @@ impl Client {
                 }
                 ssh_user_auth_code::SUCCESS => {
                     info!("user auth successful.");
+                    // <https://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt>
+                    // Now we need turn on the compressor if any
+                    if let Compress::ZlibOpenSsh = self.negotiated.c_compress[0] {
+                        let comp = compression::from(&Compress::ZlibOpenSsh);
+                        self.compressor = comp;
+                    }
                     return Ok(());
                 }
                 ssh_connection_code::GLOBAL_REQUEST => {

src/client/client_kex.rs

@@ -1,3 +1,5 @@
+#[cfg(feature = "deprecated-zlib")]
+use crate::algorithm::{compression, Compress};
 use crate::{
     algorithm::{
         encryption,
@@ -78,6 +80,15 @@ impl Client {
         self.session_id = session_id;
         self.negotiated = negotiated;
         self.encryptor = encryption;
+
+        #[cfg(feature = "deprecated-zlib")]
+        {
+            if let Compress::Zlib = self.negotiated.c_compress[0] {
+                let comp = compression::from(&Compress::Zlib);
+                self.compressor = comp;
+            }
+        }
+
         digest.key_exchange = Some(key_exchange);
 
         info!("key negotiation successful.");

src/config/algorithm.rs

@@ -127,8 +127,8 @@ impl AlgList {
             .into(),
             c_mac: vec![Mac::HmacSha2_256, Mac::HmacSha2_512, Mac::HmacSha1].into(),
             s_mac: vec![Mac::HmacSha2_256, Mac::HmacSha2_512, Mac::HmacSha1].into(),
-            c_compress: vec![Compress::None].into(),
-            s_compress: vec![Compress::None].into(),
+            c_compress: vec![Compress::None, Compress::ZlibOpenSsh].into(),
+            s_compress: vec![Compress::None, Compress::ZlibOpenSsh].into(),
         }
     }
 

src/constant.rs

@@ -1,5 +1,5 @@
 /// The client version
-pub(crate) const CLIENT_VERSION: &str = "SSH-2.0-SSH_RS-0.4.0";
+pub(crate) const CLIENT_VERSION: &str = "SSH-2.0-SSH_RS-0.4.1";
 pub(crate) const SSH_MAGIC: &[u8] = b"SSH-";
 
 /// The constant strings that used for ssh communication

src/error.rs

@@ -21,6 +21,8 @@ pub enum SshError {
     DataFormatError(#[from] std::string::FromUtf8Error),
     #[error("Encryption error: {0}")]
     EncryptionError(String),
+    #[error("Compression error: {0}")]
+    CompressionError(String),
     #[cfg(feature = "scp")]
     #[error(transparent)]
     SystemTimeError(#[from] std::time::SystemTimeError),

src/lib.rs

@@ -1,6 +1,6 @@
 //! Dependencies
 //! ```toml
-//! ssh-rs = "0.4.0"
+//! ssh-rs = "0.4.1"
 //! ```
 //!
 //!Rust implementation of ssh2.0 client.

src/model/packet.rs

@@ -154,7 +154,8 @@ impl<'a> SecPacket<'a> {
         S: Write,
     {
         let tm = self.client.get_timeout();
-        let payload_len = self.payload.len() as u32;
+        let payload = self.client.get_compressor().compress(&self.payload)?;
+        let payload_len = payload.len() as u32;
         let pad_len = {
             let mut pad = payload_len as i32 + 1;
             let block_size = Self::get_align(self.client.get_encryptor().bsize());
@@ -167,7 +168,7 @@ impl<'a> SecPacket<'a> {
         let mut buf = vec![];
         buf.extend(packet_len.to_be_bytes());
         buf.extend([pad_len]);
-        buf.extend(self.payload.iter());
+        buf.extend(payload);
         buf.extend(vec![0; pad_len as usize]);
         let seq = self.client.get_seq().get_client();
         self.client.get_encryptor().encrypt(seq, &mut buf);
@@ -203,6 +204,7 @@ impl<'a> SecPacket<'a> {
         let payload_len = pkt_len - pad_len as u32 - 1;
 
         let payload = data[5..payload_len as usize + 5].into();
+        let payload = client.get_compressor().decompress(payload)?.into();
 
         Ok(Self { payload, client })
     }

tests/algorithms.rs

@@ -231,6 +231,22 @@ mod test {
         session.close();
     }
 
+    #[test]
+    fn test_zlib_openssh_com() {
+        let session = ssh::create_session_without_default()
+            .username(&get_username())
+            .private_key_path(get_pem_rsa())
+            .add_kex_algorithms(algorithm::Kex::DiffieHellmanGroup14Sha256)
+            .add_pubkey_algorithms(algorithm::PubKey::RsaSha2_256)
+            .add_enc_algorithms(algorithm::Enc::Chacha20Poly1305Openssh)
+            .add_compress_algorithms(algorithm::Compress::ZlibOpenSsh)
+            .add_mac_algortihms(algorithm::Mac::HmacSha1)
+            .connect(get_server())
+            .unwrap()
+            .run_local();
+        session.close();
+    }
+
     #[test]
     fn test_hmac_sha256() {
         let session = ssh::create_session_without_default()

version

@@ -1 +1 @@
-0.4.0
+0.4.1