package reconcile import ( "crypto/ed25519" "crypto/rand" "crypto/sha256" "encoding/pem" "fmt" "testing" "time" "gitea.dooplex.hu/admin/felhom-agent/internal/authz" "golang.org/x/crypto/ssh" ) // In-test SSHSIG minter for the gate's adversarial matrix. It replicates the ~40 lines // of SSHSIG framing (porting internal/authz/sshsig.go + mint_test.go) so reconcile's // tests can produce valid AND adversarial signatures with now-relative timestamps. // This lives only in reconcile's test binary — production authz is untouched (no // signing capability is added to the verify-only security package), and the verifier's // unexported clock (not injectable cross-package) is why we mint live rather than reuse // the committed fixed-window fixture. // // The minted bytes round-trip through the REAL authz.Verifier, so a correct framing is // proven by the positive case verifying. const sshsigMagic = "SSHSIG" type sshsigBlob struct { Version uint32 PublicKey string Namespace string Reserved string HashAlgo string Signature string } // signedData recomputes the SSHSIG signed bytes: "SSHSIG" || marshal(ns, reserved, // hash, H(message)). Mirrors authz.signedData exactly (sha256). func signedDataForTest(ns string, msg []byte) []byte { h := sha256.Sum256(msg) body := ssh.Marshal(struct { Namespace string Reserved string HashAlgo string Hash []byte }{ns, "", "sha256", h[:]}) return append([]byte(sshsigMagic), body...) } // mintArmor builds an armored SSHSIG over message using sign. func mintArmor(pubMarshaled []byte, namespace string, message []byte, sign func([]byte) ssh.Signature) []byte { sb := &sshsigBlob{Version: 1, PublicKey: string(pubMarshaled), Namespace: namespace, Reserved: "", HashAlgo: "sha256"} sig := sign(signedDataForTest(namespace, message)) sb.Signature = string(ssh.Marshal(&sig)) raw := append([]byte(sshsigMagic), ssh.Marshal(sb)...) return pem.EncodeToMemory(&pem.Block{Type: "SSH SIGNATURE", Bytes: raw}) } // nonce returns a fresh 128-bit hex nonce (doc 04 §2.1: ≥128-bit random). func nonce() string { var b [16]byte if _, err := rand.Read(b[:]); err != nil { panic(err) } const hexdigits = "0123456789abcdef" out := make([]byte, 32) for i, x := range b { out[i*2] = hexdigits[x>>4] out[i*2+1] = hexdigits[x&0x0f] } return string(out) } // canonicalBlob builds an op blob in the doc 04 §2.1 canonical field order (keys // sorted at every level, no insignificant whitespace). func canonicalBlob(op, hostID, guestID, keyID, nonce, paramsJSON string, issued, expires time.Time) []byte { if paramsJSON == "" { paramsJSON = "{}" } return []byte(fmt.Sprintf( `{"expires_at":%q,"issued_at":%q,"key_id":%q,"nonce":%q,"op":%q,"params":%s,"target":{"guest_id":%q,"host_id":%q}}`, expires.UTC().Format(time.RFC3339), issued.UTC().Format(time.RFC3339), keyID, nonce, op, paramsJSON, guestID, hostID)) } // testSigner is a fresh ed25519 operator key: its public key, an authorized_keys line // to pin it, and a sign closure. type testSigner struct { pub ssh.PublicKey line string sign func([]byte) ssh.Signature } func newTestSigner(t *testing.T) testSigner { t.Helper() pub, priv, err := ed25519.GenerateKey(rand.Reader) if err != nil { t.Fatal(err) } sshPub, err := ssh.NewPublicKey(pub) if err != nil { t.Fatal(err) } return testSigner{ pub: sshPub, line: string(ssh.MarshalAuthorizedKey(sshPub)), sign: func(d []byte) ssh.Signature { return ssh.Signature{Format: ssh.KeyAlgoED25519, Blob: ed25519.Sign(priv, d)} }, } } // allowed builds a pinned AllowedSigner for this key with the given id+role. func (s testSigner) allowed(t *testing.T, keyID string, role authz.KeyRole) authz.AllowedSigner { t.Helper() as, err := authz.NewAllowedSigner(keyID, role, s.line) if err != nil { t.Fatalf("NewAllowedSigner: %v", err) } return as } // mint builds a SignedOp (canonical blob + armored sig) for this signer. func (s testSigner) mint(op, hostID, guestID, keyID, nonce, paramsJSON string, issued, expires time.Time) *SignedOp { blob := canonicalBlob(op, hostID, guestID, keyID, nonce, paramsJSON, issued, expires) sig := mintArmor(s.pub.Marshal(), authz.Namespace, blob, s.sign) return &SignedOp{Blob: blob, Sig: sig} }