[
https://issues.apache.org/jira/browse/SSHD-1210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17402091#comment-17402091
]
poppinlong commented on SSHD-1210:
----------------------------------
Here I extend the DHGEXClient class, when getting the signature algorithm, I
get the server signature algorithm directly from the server data stream
{code:java}
//
byte[] sig = buffer.getBytes();
***
String realKeyType = getRealKeyType(sig);
private String getRealKeyType(byte[] sig) {
int dataLen = NumberUtils.length(sig);
// if it is encoded then we must have at least 2 UINT32 values
if (dataLen < (2 * Integer.BYTES)) {
return null;
}
long keyTypeLen = BufferUtils.getUInt(sig, 0, dataLen);
// after the key type we MUST have data bytes
if (keyTypeLen >= (dataLen - Integer.BYTES)) {
return null;
}
int keyTypeStartPos = Integer.BYTES;
int keyTypeEndPos = keyTypeStartPos + (int) keyTypeLen;
int remainLen = dataLen - keyTypeEndPos;
// must have UINT32 with the data bytes length
if (remainLen < Integer.BYTES) {
return null;
}
long dataBytesLen = BufferUtils.getUInt(sig, keyTypeEndPos, remainLen);
// make sure reported number of bytes does not exceed available
if (dataBytesLen > (remainLen - Integer.BYTES)) {
return null;
}
return new String(sig, keyTypeStartPos, (int) keyTypeLen,
StandardCharsets.UTF_8);
}{code}
> Sha2 algorithm is not supported for signature verification
> ----------------------------------------------------------
>
> Key: SSHD-1210
> URL: https://issues.apache.org/jira/browse/SSHD-1210
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.6.0, 2.5.1
> Reporter: poppinlong
> Priority: Major
>
> For signature verification, only SHA1 is supported,The following code,the key
> parameter is the signature algorithm resolved from the server stream,Only the
> RSA algorithm is supported,In fact, the server-side signature algorithm might
> be SHA2-256
> {code:java}
> //
> String keyAlg = KeyUtils.getKeyType(serverKey);
> ******
> Signature verif = ValidateUtils.checkNotNull(
> NamedFactory.create(session.getSignatureFactories(), keyAlg),
> "No verifier located for algorithm=%s", keyAlg);{code}
> {code:java}
> ///**
> * @param key a public or private key
> * @return the key type or {@code null} if cannot determine it
> */
> public static String getKeyType(Key key) {
> if (key == null) {
> return null;
> } else if (key instanceof DSAKey) {
> return KeyPairProvider.SSH_DSS;
> } else if (key instanceof RSAKey) {
> return KeyPairProvider.SSH_RSA;
> } else if (key instanceof ECKey) {
> ECKey ecKey = (ECKey) key;
> ECParameterSpec ecSpec = ecKey.getParams();
> ECCurves curve = ECCurves.fromCurveParameters(ecSpec);
> if (curve == null) {
> return null; // debug breakpoint
> } else {
> return curve.getKeyType();
> }
> } else if (SecurityUtils.EDDSA.equalsIgnoreCase(key.getAlgorithm())) {
> return KeyPairProvider.SSH_ED25519;
> } else if (key instanceof OpenSshCertificate) {
> return ((OpenSshCertificate) key).getKeyType();
> }
> return null;
> }{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
