aboutsummaryrefslogtreecommitdiff
path: root/src/pki.c
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2018-08-06 14:32:28 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-08-31 14:18:34 +0200
commitb4c8bd9fe436c16956fb32574b3ec5928d601a82 (patch)
treefaf0dc28b61b74a418dc672246c5692a6cc51d5c /src/pki.c
parent5d1300665061736c3ebfb4728ee1a96a2a345f3f (diff)
downloadlibssh-b4c8bd9fe436c16956fb32574b3ec5928d601a82.tar.gz
libssh-b4c8bd9fe436c16956fb32574b3ec5928d601a82.tar.xz
libssh-b4c8bd9fe436c16956fb32574b3ec5928d601a82.zip
pki: Support RSA SHA2 signatures of sessionid for server
This involves mostly creation of host keys proofs but needs to follow the same procedure as the client authentication signatures. At the same time, the SHA2 extension is enabled in the pkd so we are able to atomicaly provide correct signatures and pass tests. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki.c')
-rw-r--r--src/pki.c33
1 files changed, 24 insertions, 9 deletions
diff --git a/src/pki.c b/src/pki.c
index 9e1bfc43..2531fbed 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -357,7 +357,7 @@ ssh_key_get_signature_algorithm(ssh_session session,
*
* @return The enum ssh key algorithm type.
*/
-static enum ssh_keytypes_e ssh_key_type_from_signature_name(const char *name) {
+enum ssh_keytypes_e ssh_key_type_from_signature_name(const char *name) {
if (name == NULL) {
return SSH_KEYTYPE_UNKNOWN;
}
@@ -2033,21 +2033,36 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
sig = NULL;
}
} else {
- unsigned char hash[SHA_DIGEST_LEN] = {0};
- SHACTX ctx;
+ unsigned char hash[SHA512_DIGEST_LEN] = {0};
+ uint32_t hlen = 0;
+ enum ssh_digest_e hash_type;
- ctx = sha1_init();
- if (ctx == NULL) {
+ hash_type = ssh_key_type_to_hash(session, privkey->type);
+ switch (hash_type) {
+ case SSH_DIGEST_SHA256:
+ sha256(crypto->secret_hash, crypto->digest_len, hash);
+ hlen = SHA256_DIGEST_LEN;
+ break;
+ case SSH_DIGEST_SHA512:
+ sha512(crypto->secret_hash, crypto->digest_len, hash);
+ hlen = SHA512_DIGEST_LEN;
+ break;
+ case SSH_DIGEST_SHA1:
+ case SSH_DIGEST_AUTO:
+ sha1(crypto->secret_hash, crypto->digest_len, hash);
+ hlen = SHA_DIGEST_LEN;
+ break;
+ default:
+ SSH_LOG(SSH_LOG_TRACE, "Unknown sig->type: %d", sig->type);
return NULL;
}
- sha1_update(ctx, crypto->secret_hash, crypto->digest_len);
- sha1_final(hash, ctx);
+
#ifdef DEBUG_CRYPTO
- ssh_print_hexa("Hash being signed", hash, SHA_DIGEST_LEN);
+ ssh_print_hexa("Hash being signed", hash, hlen);
#endif
- sig = pki_do_sign_sessionid(privkey, hash, SHA_DIGEST_LEN);
+ sig = pki_do_sign_sessionid_hash(privkey, hash, hlen, hash_type);
if (sig == NULL) {
return NULL;
}