From 50a1262772fd9cdbdd8f747958e42ef480aecb2b Mon Sep 17 00:00:00 2001 From: Ian Hattendorf Date: Thu, 13 Jan 2022 16:05:53 -0700 Subject: [PATCH] Support rsa-sha2 agent flags (#661) File: agent.c Notes: implements rsa-sha2 flags used to tell the agent which signing algo to use. https://tools.ietf.org/id/draft-miller-ssh-agent-01.html#rfc.section.4.5.1 Credit: Ian Hattendorf Conflict:NA Reference:https://github.com/libssh2/commit/50a1262772fd9cdbdd8f747958e42ef480aecb2b --- src/agent.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/agent.c b/src/agent.c index a526c77..bce7175 100644 --- a/src/agent.c +++ b/src/agent.c @@ -94,6 +94,10 @@ #define SSH_AGENT_CONSTRAIN_LIFETIME 1 #define SSH_AGENT_CONSTRAIN_CONFIRM 2 +/* Signature request methods */ +#define SSH_AGENT_RSA_SHA2_256 2 +#define SSH_AGENT_RSA_SHA2_512 4 + #ifdef PF_UNIX static int agent_connect_unix(LIBSSH2_AGENT *agent) @@ -375,6 +379,7 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, ssize_t method_len; unsigned char *s; int rc; + uint32_t sign_flags = 0; /* Create a request to sign the data */ if(transctx->state == agent_NB_state_init) { @@ -391,7 +396,18 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, _libssh2_store_str(&s, (const char *)data, data_len); /* flags */ - _libssh2_store_u32(&s, 0); + if(session->userauth_pblc_method_len > 0 && + session->userauth_pblc_method) { + if(session->userauth_pblc_method_len == 12 && + !memcmp(session->userauth_pblc_method, "rsa-sha2-512", 12)) { + sign_flags = SSH_AGENT_RSA_SHA2_512; + } + else if(session->userauth_pblc_method_len == 12 && + !memcmp(session->userauth_pblc_method, "rsa-sha2-256", 12)) { + sign_flags = SSH_AGENT_RSA_SHA2_256; + } + } + _libssh2_store_u32(&s, sign_flags); transctx->request_len = s - transctx->request; transctx->send_recv_total = 0; -- 2.23.0