[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mina-commits
Subject:    [mina-sshd] 05/05: [SSHD-1219] RSA SHA2 signing via SSH agent
From:       twolf () apache ! org
Date:       2021-10-23 23:05:57
Message-ID: 20211023230552.DFD128225F () gitbox ! apache ! org
[Download RAW message or body]

This is an automated email from the ASF dual-hosted git repository.

twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git

commit 2e5e873a2f9999a2802e19bf0fe25a289cb0d5d7
Author: Thomas Wolf <twolf@apache.org>
AuthorDate: Sat Oct 23 21:42:57 2021 +0200

    [SSHD-1219] RSA SHA2 signing via SSH agent
    
    Compute the flags depending on the wanted signature algorithm, and
    set them in the request. Note that the old "IETF" SSH1 protocol does
    not support this.
---
 .../sshd/agent/common/AbstractAgentProxy.java      | 28 ++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java \
b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java index \
                da38c72..97e78b7 100644
--- a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java
+++ b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java
@@ -113,12 +113,37 @@ public abstract class AbstractAgentProxy extends \
AbstractLoggingBean implements  }
 
         Buffer buffer = createBuffer((byte) cmd);
+        String keyType = KeyUtils.getKeyType(key);
+        int flags = 0;
         if (CoreModuleProperties.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) {
             buffer.putString("sign");
+        } else {
+            String signatureAlgorithm;
+            if (!GenericUtils.isEmpty(algo)) {
+                if (!KeyUtils.getCanonicalKeyType(algo).equals(keyType)) {
+                    throw new IllegalArgumentException(
+                            "Bad signing request: signature algorithm '" + algo + "' \
not applicable to '" + keyType + "' key"); +                }
+                signatureAlgorithm = algo;
+            } else {
+                signatureAlgorithm = keyType;
+            }
+            switch (signatureAlgorithm) {
+                case KeyUtils.RSA_SHA512_KEY_TYPE_ALIAS:
+                case KeyUtils.RSA_SHA512_CERT_TYPE_ALIAS:
+                    flags = 4;
+                    break;
+                case KeyUtils.RSA_SHA256_KEY_TYPE_ALIAS:
+                case KeyUtils.RSA_SHA256_CERT_TYPE_ALIAS:
+                    flags = 2;
+                    break;
+                default:
+                    break;
+            }
         }
         buffer.putPublicKey(key);
         buffer.putBytes(data);
-        buffer.putInt(0);
+        buffer.putInt(flags);
         buffer = request(prepare(buffer));
 
         int responseType = buffer.getUByte();
@@ -128,7 +153,6 @@ public abstract class AbstractAgentProxy extends \
AbstractLoggingBean implements  
         byte[] signature = buffer.getBytes();
         boolean debugEnabled = log.isDebugEnabled();
-        String keyType = KeyUtils.getKeyType(key);
         if (CoreModuleProperties.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) {
             if (debugEnabled) {
                 log.debug("sign({}/{})[{}] : {}",


[prev in list] [next in list] [prev in thread] [next in thread]