|
Lines 684-690
server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
Link Here
|
| 684 |
struct sshbuf *resp = NULL; |
684 |
struct sshbuf *resp = NULL; |
| 685 |
struct sshbuf *sigbuf = NULL; |
685 |
struct sshbuf *sigbuf = NULL; |
| 686 |
struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL; |
686 |
struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL; |
| 687 |
int r, ndx, kexsigtype, use_kexsigtype, success = 0; |
687 |
int r, ndx, success = 0; |
| 688 |
const u_char *blob; |
688 |
const u_char *blob; |
| 689 |
u_char *sig = 0; |
689 |
u_char *sig = 0; |
| 690 |
size_t blen, slen; |
690 |
size_t blen, slen; |
|
Lines 692-700
server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
Link Here
|
| 692 |
if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL) |
692 |
if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL) |
| 693 |
fatal_f("sshbuf_new"); |
693 |
fatal_f("sshbuf_new"); |
| 694 |
|
694 |
|
| 695 |
kexsigtype = sshkey_type_plain( |
|
|
| 696 |
sshkey_type_from_name(ssh->kex->hostkey_alg)); |
| 697 |
while (ssh_packet_remaining(ssh) > 0) { |
695 |
while (ssh_packet_remaining(ssh) > 0) { |
|
|
696 |
const char *pkexstr = NULL; |
| 697 |
const char *rsa_sha2_256 = "rsa-sha2-256"; |
| 698 |
const char *rsa_sha2_512 = "rsa-sha2-512"; |
| 699 |
|
| 698 |
sshkey_free(key); |
700 |
sshkey_free(key); |
| 699 |
key = NULL; |
701 |
key = NULL; |
| 700 |
if ((r = sshpkt_get_string_direct(ssh, &blob, &blen)) != 0 || |
702 |
if ((r = sshpkt_get_string_direct(ssh, &blob, &blen)) != 0 || |
|
Lines 726-733
server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
Link Here
|
| 726 |
* For RSA keys, prefer to use the signature type negotiated |
728 |
* For RSA keys, prefer to use the signature type negotiated |
| 727 |
* during KEX to the default (SHA1). |
729 |
* during KEX to the default (SHA1). |
| 728 |
*/ |
730 |
*/ |
| 729 |
use_kexsigtype = kexsigtype == KEY_RSA && |
731 |
if (sshkey_type_plain(key->type) == KEY_RSA) { |
| 730 |
sshkey_type_plain(key->type) == KEY_RSA; |
732 |
if (ssh->kex->flags & KEX_RSA_SHA2_512_SUPPORTED) |
|
|
733 |
pkexstr = rsa_sha2_512; |
| 734 |
else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED) |
| 735 |
pkexstr = rsa_sha2_256; |
| 736 |
} |
| 737 |
|
| 731 |
if ((r = sshbuf_put_cstring(sigbuf, |
738 |
if ((r = sshbuf_put_cstring(sigbuf, |
| 732 |
"hostkeys-prove-00@openssh.com")) != 0 || |
739 |
"hostkeys-prove-00@openssh.com")) != 0 || |
| 733 |
(r = sshbuf_put_stringb(sigbuf, |
740 |
(r = sshbuf_put_stringb(sigbuf, |
|
Lines 735-741
server_input_hostkeys_prove(struct ssh *ssh, struct sshbuf **respp)
Link Here
|
| 735 |
(r = sshkey_puts(key, sigbuf)) != 0 || |
742 |
(r = sshkey_puts(key, sigbuf)) != 0 || |
| 736 |
(r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen, |
743 |
(r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen, |
| 737 |
sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), |
744 |
sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), |
| 738 |
use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 || |
745 |
pkexstr)) != 0 || |
| 739 |
(r = sshbuf_put_string(resp, sig, slen)) != 0) { |
746 |
(r = sshbuf_put_string(resp, sig, slen)) != 0) { |
| 740 |
error_fr(r, "assemble signature"); |
747 |
error_fr(r, "assemble signature"); |
| 741 |
goto out; |
748 |
goto out; |