[mina-sshd] 05/05: [SSHD-1219] RSA SHA2 signing via SSH agent

[twolf]

This is an automated email from the ASF dual-hosted git repository.

twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git

commit 2e5e873a2f9999a2802e19bf0fe25a289cb0d5d7
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Sat Oct 23 21:42:57 2021 +0200

    [SSHD-1219] RSA SHA2 signing via SSH agent
    
    Compute the flags depending on the wanted signature algorithm, and
    set them in the request. Note that the old "IETF" SSH1 protocol does
    not support this.
---
 .../sshd/agent/common/AbstractAgentProxy.java      | 28 ++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git 
a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java 
b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java
index da38c72..97e78b7 100644
--- 
a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java
+++ 
b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java
@@ -113,12 +113,37 @@ public abstract class AbstractAgentProxy extends 
AbstractLoggingBean implements
         }
 
         Buffer buffer = createBuffer((byte) cmd);
+        String keyType = KeyUtils.getKeyType(key);
+        int flags = 0;
         if 
(CoreModuleProperties.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) {
             buffer.putString("sign");
+        } else {
+            String signatureAlgorithm;
+            if (!GenericUtils.isEmpty(algo)) {
+                if (!KeyUtils.getCanonicalKeyType(algo).equals(keyType)) {
+                    throw new IllegalArgumentException(
+                            "Bad signing request: signature algorithm '" + 
algo + "' not applicable to '" + keyType + "' key");
+                }
+                signatureAlgorithm = algo;
+            } else {
+                signatureAlgorithm = keyType;
+            }
+            switch (signatureAlgorithm) {
+                case KeyUtils.RSA_SHA512_KEY_TYPE_ALIAS:
+                case KeyUtils.RSA_SHA512_CERT_TYPE_ALIAS:
+                    flags = 4;
+                    break;
+                case KeyUtils.RSA_SHA256_KEY_TYPE_ALIAS:
+                case KeyUtils.RSA_SHA256_CERT_TYPE_ALIAS:
+                    flags = 2;
+                    break;
+                default:
+                    break;
+            }
         }
         buffer.putPublicKey(key);
         buffer.putBytes(data);
-        buffer.putInt(0);
+        buffer.putInt(flags);
         buffer = request(prepare(buffer));
 
         int responseType = buffer.getUByte();
@@ -128,7 +153,6 @@ public abstract class AbstractAgentProxy extends 
AbstractLoggingBean implements
 
         byte[] signature = buffer.getBytes();
         boolean debugEnabled = log.isDebugEnabled();
-        String keyType = KeyUtils.getKeyType(key);
         if 
(CoreModuleProperties.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) {
             if (debugEnabled) {
                 log.debug("sign({}/{})[{}] : {}",