Tera TermRevision: 10068
https://osdn.net/projects/ttssh2/scm/svn/commits/10068
Author: doda
Date: 2022-07-18 00:39:53 +0900 (Mon, 18 Jul 2022)
Log Message:
-----------
公開鍵認証で rsa-sha2-256/512 に対応した
Ticket: #36109
・優先度は rsa-sha2-512, rsa-sha2-256, ssh-rsa 固定
Ticket Links:
------------
https://osdn.net/projects/ttssh2/tracker/detail/36109
Modified Paths:
--------------
trunk/ttssh2/ttxssh/hostkey.c
trunk/ttssh2/ttxssh/hostkey.h
trunk/ttssh2/ttxssh/key.c
trunk/ttssh2/ttxssh/key.h
trunk/ttssh2/ttxssh/ssh.c
-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/hostkey.c
===================================================================
--- trunk/ttssh2/ttxssh/hostkey.c 2022-07-17 15:39:42 UTC (rev 10067)
+++ trunk/ttssh2/ttxssh/hostkey.c 2022-07-17 15:39:53 UTC (rev 10068)
@@ -247,3 +247,38 @@
buf[len - 1] = '\0'; // get rid of comma
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = buf;
}
+
+ssh_keyalgo choose_SSH2_keysign_algorithm(char *server_proposal, ssh_keytype keytype)
+{
+ char buff[128];
+ const struct ssh2_host_key_t *ptr = ssh2_host_key;
+
+ if (keytype == KEY_RSA) {
+ if (server_proposal == NULL) {
+ logprintf(LOG_LEVEL_VERBOSE, "%s: no server_sig_algs, ssh-rsa is selected.", __FUNCTION__);
+ return KEY_ALGO_RSA;
+ }
+ else {
+ choose_SSH2_proposal(server_proposal, "rsa-sha2-512,rsa-sha2-256,ssh-rsa", buff, sizeof(buff));
+ if (strlen(buff) == 0) {
+ // not found.
+ logprintf(LOG_LEVEL_WARNING, "%s: no match sign algorithm.", __FUNCTION__);
+ return KEY_ALGO_UNSPEC;
+ }
+ else {
+ logprintf(LOG_LEVEL_VERBOSE, "%s: %s is selected.", __FUNCTION__, buff);
+ return get_ssh2_keyalgo_from_name(buff);
+ }
+ }
+ }
+ else {
+ while (ptr->type != KEY_UNSPEC && ptr->type != keytype) {
+ ptr++;
+ }
+
+ return ptr->algo;
+ }
+
+ // not reached
+ return KEY_ALGO_UNSPEC;
+}
Modified: trunk/ttssh2/ttxssh/hostkey.h
===================================================================
--- trunk/ttssh2/ttxssh/hostkey.h 2022-07-17 15:39:42 UTC (rev 10067)
+++ trunk/ttssh2/ttxssh/hostkey.h 2022-07-17 15:39:53 UTC (rev 10068)
@@ -100,6 +100,7 @@
void normalize_host_key_order(char *buf);
ssh_keyalgo choose_SSH2_host_key_algorithm(char *server_proposal, char *my_proposal);
+ssh_keyalgo choose_SSH2_keysign_algorithm(char *server_proposal, ssh_keytype keytype);
void SSH2_update_host_key_myproposal(PTInstVar pvar);
#endif /* SSHCMAC_H */
Modified: trunk/ttssh2/ttxssh/key.c
===================================================================
--- trunk/ttssh2/ttxssh/key.c 2022-07-17 15:39:42 UTC (rev 10067)
+++ trunk/ttssh2/ttxssh/key.c 2022-07-17 15:39:53 UTC (rev 10068)
@@ -1563,7 +1563,7 @@
}
-BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen)
+BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen, ssh_keyalgo keyalgo)
{
buffer_t *msg = NULL;
char *s;
@@ -1578,12 +1578,28 @@
switch (keypair->type) {
case KEY_RSA: // RSA
{
- const EVP_MD *evp_md = EVP_sha1();
+ const EVP_MD *evp_md;
EVP_MD_CTX *md = NULL;
u_char digest[EVP_MAX_MD_SIZE], *sig;
u_int slen, dlen, len;
- int ok, nid = NID_sha1;
+ int ok, nid;
+ nid = get_ssh2_key_hashtype(keyalgo);
+
+ switch(nid) {
+ case NID_sha1:
+ evp_md = EVP_sha1();
+ break;
+ case NID_sha256:
+ evp_md = EVP_sha256();
+ break;
+ case NID_sha512:
+ evp_md = EVP_sha512();
+ break;
+ default:
+ goto error;
+ }
+
md = EVP_MD_CTX_new();
if (md == NULL)
goto error;
@@ -1622,7 +1638,7 @@
}
- s = get_ssh2_hostkey_type_name_from_key(keypair);
+ s = get_ssh2_keyalgo_name(keyalgo);
buffer_put_string(msg, s, strlen(s));
buffer_append_length(msg, sig, slen);
len = buffer_len(msg);
Modified: trunk/ttssh2/ttxssh/key.h
===================================================================
--- trunk/ttssh2/ttxssh/key.h 2022-07-17 15:39:42 UTC (rev 10067)
+++ trunk/ttssh2/ttxssh/key.h 2022-07-17 15:39:53 UTC (rev 10068)
@@ -57,7 +57,7 @@
int key_to_blob(Key *key, char **blobp, int *lenp);
Key *key_from_blob(char *data, int blen);
BOOL get_SSH2_publickey_blob(PTInstVar pvar, buffer_t **blobptr, int *bloblen);
-BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen);
+BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen, ssh_keyalgo keyalgo);
int kextype_to_cipher_nid(kex_algorithm type);
int keytype_to_hash_nid(ssh_keytype type);
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c 2022-07-17 15:39:42 UTC (rev 10067)
+++ trunk/ttssh2/ttxssh/ssh.c 2022-07-17 15:39:53 UTC (rev 10068)
@@ -6720,11 +6720,16 @@
char *signature = NULL;
int siglen;
Key *keypair = pvar->auth_state.cur_cred.key_pair;
+ ssh_keyalgo keyalgo;
+ char *keyalgo_name;
if (get_SSH2_publickey_blob(pvar, &blob, &bloblen) == FALSE) {
goto error;
}
+ keyalgo = choose_SSH2_keysign_algorithm(pvar->server_sig_algs, keypair->type);
+ keyalgo_name = get_ssh2_keyalgo_name(keyalgo);
+
// step1
signbuf = buffer_init();
if (signbuf == NULL) {
@@ -6741,13 +6746,15 @@
s = "publickey";
buffer_put_string(signbuf, s, strlen(s));
buffer_put_char(signbuf, 1); // true
- s = get_ssh2_hostkey_type_name_from_key(keypair); // key type\x82ɉ\x9E\x82\xB6\x82\xBD\x95\xB6\x8E\x9A\x97\xF1\x82\xE9
+
+ s = keyalgo_name;
buffer_put_string(signbuf, s, strlen(s));
+
s = buffer_ptr(blob);
buffer_append_length(signbuf, s, bloblen);
// \x8F\x90\x96\xBC\x82̍쐬
- if ( generate_SSH2_keysign(keypair, &signature, &siglen, buffer_ptr(signbuf), buffer_len(signbuf)) == FALSE) {
+ if (generate_SSH2_keysign(keypair, &signature, &siglen, buffer_ptr(signbuf), buffer_len(signbuf), keyalgo) == FALSE) {
buffer_free(blob);
buffer_free(signbuf);
goto error;
@@ -6757,8 +6764,10 @@
s = "publickey";
buffer_put_string(msg, s, strlen(s));
buffer_put_char(msg, 1); // true
- s = get_ssh2_hostkey_type_name_from_key(keypair); // key type\x82ɉ\x9E\x82\xB6\x82\xBD\x95\xB6\x8E\x9A\x97\xF1\x82\xE9
+
+ s = keyalgo_name;
buffer_put_string(msg, s, strlen(s));
+
s = buffer_ptr(blob);
buffer_append_length(msg, s, bloblen);
buffer_append_length(msg, signature, siglen);