Merge branch 'warp-tech:main' into main

.all-contributorsrc

@@ -292,6 +292,24 @@
       "contributions": [
         "code"
       ]
+    },
+    {
+      "login": "Barre",
+      "name": "Pierre Barre",
+      "avatar_url": "https://avatars.githubusercontent.com/u/45085843?v=4",
+      "profile": "https://www.legaltile.com/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "spoutn1k",
+      "name": "Jean-Baptiste Skutnik",
+      "avatar_url": "https://avatars.githubusercontent.com/u/22240065?v=4",
+      "profile": "http://skutnik.page",
+      "contributions": [
+        "code"
+      ]
     }
   ],
   "contributorsPerLine": 7,

README.md

@@ -1,6 +1,6 @@
 # Russh
 [![Rust](https://github.com/warp-tech/russh/actions/workflows/rust.yml/badge.svg)](https://github.com/warp-tech/russh/actions/workflows/rust.yml)  <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
-[![All Contributors](https://img.shields.io/badge/all_contributors-32-orange.svg?style=flat-square)](#contributors-)
+[![All Contributors](https://img.shields.io/badge/all_contributors-34-orange.svg?style=flat-square)](#contributors-)
 <!-- ALL-CONTRIBUTORS-BADGE:END -->
 
 Low-level Tokio SSH2 client and server implementation.
@@ -129,6 +129,8 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/gleason-m"><img src="https://avatars.githubusercontent.com/u/86493344?v=4?s=100" width="100px;" alt="Michael Gleason"/><br /><sub><b>Michael Gleason</b></sub></a><br /><a href="https://github.com/warp-tech/russh/commits?author=gleason-m" title="Code">💻</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://ana.gelez.xyz"><img src="https://avatars.githubusercontent.com/u/16254623?v=4?s=100" width="100px;" alt="Ana Gelez"/><br /><sub><b>Ana Gelez</b></sub></a><br /><a href="https://github.com/warp-tech/russh/commits?author=elegaanz" title="Code">💻</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/tomknig"><img src="https://avatars.githubusercontent.com/u/3586316?v=4?s=100" width="100px;" alt="Tom König"/><br /><sub><b>Tom König</b></sub></a><br /><a href="https://github.com/warp-tech/russh/commits?author=tomknig" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://www.legaltile.com/"><img src="https://avatars.githubusercontent.com/u/45085843?v=4?s=100" width="100px;" alt="Pierre Barre"/><br /><sub><b>Pierre Barre</b></sub></a><br /><a href="https://github.com/warp-tech/russh/commits?author=Barre" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="http://skutnik.page"><img src="https://avatars.githubusercontent.com/u/22240065?v=4?s=100" width="100px;" alt="Jean-Baptiste Skutnik"/><br /><sub><b>Jean-Baptiste Skutnik</b></sub></a><br /><a href="https://github.com/warp-tech/russh/commits?author=spoutn1k" title="Code">💻</a></td>
     </tr>
   </tbody>
 </table>

russh-keys/src/lib.rs

@@ -389,20 +389,20 @@ pub fn learn_known_hosts_path<P: AsRef<Path>>(
 }
 
 /// Get the server key that matches the one recorded in the user's known_hosts file.
-pub fn known_host_key(host: &str, port: u16) -> Result<Option<(usize, key::PublicKey)>, Error> {
-    known_host_key_path(host, port, known_hosts_path()?)
+pub fn known_host_keys(host: &str, port: u16) -> Result<Vec<(usize, key::PublicKey)>, Error> {
+    known_host_keys_path(host, port, known_hosts_path()?)
 }
 
 /// Get the server key that matches the one recorded in `path`.
-pub fn known_host_key_path<P: AsRef<Path>>(
+pub fn known_host_keys_path<P: AsRef<Path>>(
     host: &str,
     port: u16,
     path: P,
-) -> Result<Option<(usize, key::PublicKey)>, Error> {
+) -> Result<Vec<(usize, key::PublicKey)>, Error> {
     let mut f = if let Ok(f) = File::open(path) {
         BufReader::new(f)
     } else {
-        return Ok(None);
+        return Ok(vec![]);
     };
     let mut buffer = String::new();
 
@@ -413,6 +413,7 @@ pub fn known_host_key_path<P: AsRef<Path>>(
     };
     debug!("host_port = {:?}", host_port);
     let mut line = 1;
+    let mut matches = vec![];
     while f.read_line(&mut buffer)? > 0 {
         {
             if buffer.as_bytes().first() == Some(&b'#') {
@@ -427,14 +428,14 @@ pub fn known_host_key_path<P: AsRef<Path>>(
             if let (Some(h), Some(k)) = (hosts, key) {
                 debug!("{:?} {:?}", h, k);
                 if match_hostname(&host_port, h) {
-                    return Ok(Some((line, parse_public_key_base64(k)?)));
+                    matches.push((line, parse_public_key_base64(k)?));
                 }
             }
         }
         buffer.clear();
         line += 1;
     }
-    Ok(None)
+    Ok(matches)
 }
 
 fn match_hostname(host: &str, pattern: &str) -> bool {
@@ -471,15 +472,22 @@ pub fn check_known_hosts_path<P: AsRef<Path>>(
     pubkey: &key::PublicKey,
     path: P,
 ) -> Result<bool, Error> {
-    if let Some((line, recorded)) = known_host_key_path(host, port, path)? {
-        if recorded == *pubkey {
-            Ok(true)
-        } else {
-            Err(Error::KeyChanged { line })
-        }
-    } else {
-        Ok(false)
-    }
+    let check = known_host_keys_path(host, port, path)?
+        .into_iter()
+        .map(
+            |(line, recorded)| match (pubkey.name() == recorded.name(), *pubkey == recorded) {
+                (true, true) => Ok(true),
+                (true, false) => Err(Error::KeyChanged { line }),
+                _ => Ok(false),
+            },
+        )
+        // If any Err was returned, we stop here
+        .collect::<Result<Vec<bool>, Error>>()?
+        .into_iter()
+        // Now we check the results for a match
+        .any(|x| x);
+
+    Ok(check)
 }
 
 #[cfg(target_os = "windows")]

russh/src/mac/mod.rs

@@ -74,7 +74,7 @@ static _HMAC_SHA256: CryptoMacAlgorithm<Hmac<Sha256>, U32> =
     CryptoMacAlgorithm(PhantomData, PhantomData);
 static _HMAC_SHA512: CryptoMacAlgorithm<Hmac<Sha512>, U64> =
     CryptoMacAlgorithm(PhantomData, PhantomData);
-static _HMAC_SHA1_ETM: CryptoEtmMacAlgorithm<Hmac<Sha1>, U64> =
+static _HMAC_SHA1_ETM: CryptoEtmMacAlgorithm<Hmac<Sha1>, U20> =
     CryptoEtmMacAlgorithm(PhantomData, PhantomData);
 static _HMAC_SHA256_ETM: CryptoEtmMacAlgorithm<Hmac<Sha256>, U32> =
     CryptoEtmMacAlgorithm(PhantomData, PhantomData);