[prev in list] [next in list] [prev in thread] [next in thread]
List: mina-commits
Subject: [mina-sshd] 05/05: [SSHD-1219] RSA SHA2 signing via SSH agent
From: twolf () apache ! org
Date: 2021-10-23 23:05:57
Message-ID: 20211023230552.DFD128225F () gitbox ! apache ! org
[Download RAW message or body]
This is an automated email from the ASF dual-hosted git repository.
twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit 2e5e873a2f9999a2802e19bf0fe25a289cb0d5d7
Author: Thomas Wolf <twolf@apache.org>
AuthorDate: Sat Oct 23 21:42:57 2021 +0200
[SSHD-1219] RSA SHA2 signing via SSH agent
Compute the flags depending on the wanted signature algorithm, and
set them in the request. Note that the old "IETF" SSH1 protocol does
not support this.
---
.../sshd/agent/common/AbstractAgentProxy.java | 28 ++++++++++++++++++++--
1 file changed, 26 insertions(+), 2 deletions(-)
diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java \
b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java index \
da38c72..97e78b7 100644
--- a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java
+++ b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java
@@ -113,12 +113,37 @@ public abstract class AbstractAgentProxy extends \
AbstractLoggingBean implements }
Buffer buffer = createBuffer((byte) cmd);
+ String keyType = KeyUtils.getKeyType(key);
+ int flags = 0;
if (CoreModuleProperties.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) {
buffer.putString("sign");
+ } else {
+ String signatureAlgorithm;
+ if (!GenericUtils.isEmpty(algo)) {
+ if (!KeyUtils.getCanonicalKeyType(algo).equals(keyType)) {
+ throw new IllegalArgumentException(
+ "Bad signing request: signature algorithm '" + algo + "' \
not applicable to '" + keyType + "' key"); + }
+ signatureAlgorithm = algo;
+ } else {
+ signatureAlgorithm = keyType;
+ }
+ switch (signatureAlgorithm) {
+ case KeyUtils.RSA_SHA512_KEY_TYPE_ALIAS:
+ case KeyUtils.RSA_SHA512_CERT_TYPE_ALIAS:
+ flags = 4;
+ break;
+ case KeyUtils.RSA_SHA256_KEY_TYPE_ALIAS:
+ case KeyUtils.RSA_SHA256_CERT_TYPE_ALIAS:
+ flags = 2;
+ break;
+ default:
+ break;
+ }
}
buffer.putPublicKey(key);
buffer.putBytes(data);
- buffer.putInt(0);
+ buffer.putInt(flags);
buffer = request(prepare(buffer));
int responseType = buffer.getUByte();
@@ -128,7 +153,6 @@ public abstract class AbstractAgentProxy extends \
AbstractLoggingBean implements
byte[] signature = buffer.getBytes();
boolean debugEnabled = log.isDebugEnabled();
- String keyType = KeyUtils.getKeyType(key);
if (CoreModuleProperties.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) {
if (debugEnabled) {
log.debug("sign({}/{})[{}] : {}",
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic