[mina-sshd] 01/02: [SSHD-1053] Fixed handling of certified keys authenticationFixed handling of certified keys authentication

Fri, 18 Sep 2020 08:34:11 -0700 

This is an automated email from the ASF dual-hosted git repository.

lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git

commit e59e5916e1eaccdd7db4d3f79a7f6d828d95953c
Author: FliegenKLATSCH <ch...@koras.de>
AuthorDate: Fri Sep 11 18:45:23 2020 +0300

    [SSHD-1053] Fixed handling of certified keys authenticationFixed handling 
of certified keys authentication
---
 CHANGES.md                                                    |  1 +
 .../main/java/org/apache/sshd/common/signature/Signature.java |  8 ++++++++
 .../java/org/apache/sshd/common/signature/SignatureRSA.java   | 11 ++++++++++-
 .../org/apache/sshd/common/signature/SignatureRSASHA1.java    |  4 +++-
 .../org/apache/sshd/common/signature/SignatureRSASHA256.java  |  4 +++-
 .../org/apache/sshd/common/signature/SignatureRSASHA512.java  |  4 +++-
 .../src/main/java/org/apache/sshd/server/kex/DHGServer.java   |  2 +-
 7 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 938bfd5..66e0cc4 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -45,6 +45,7 @@ or `-key-file` command line option.
 * [SSHD-1047](https://issues.apache.org/jira/browse/SSHD-1047) Support for SSH 
jumps.
 * [SSHD-1048](https://issues.apache.org/jira/browse/SSHD-1048) Wrap instead of 
rethrow IOException in Future.
 * [SSHD-1050](https://issues.apache.org/jira/browse/SSHD-1050) Fixed race 
condition in AuthFuture if exception caught before authentication started.
+* [SSHD-1053](https://issues.apache.org/jira/browse/SSHD-1053) Fixed handling 
of certified keys authentication.
 * [SSHD-1056](https://issues.apache.org/jira/browse/SSHD-1056) Added support 
for SCP remote-to-remote directory transfer - including '-3' option of SCP 
command CLI.
 * [SSHD-1057](https://issues.apache.org/jira/browse/SSHD-1057) Added 
capability to select a ShellFactory based on the current session + use it for 
"WinSCP"
 * [SSHD-1058](https://issues.apache.org/jira/browse/SSHD-1058) Improve 
exception logging strategy.
diff --git 
a/sshd-common/src/main/java/org/apache/sshd/common/signature/Signature.java 
b/sshd-common/src/main/java/org/apache/sshd/common/signature/Signature.java
index 1260e90..3f56eff 100644
--- a/sshd-common/src/main/java/org/apache/sshd/common/signature/Signature.java
+++ b/sshd-common/src/main/java/org/apache/sshd/common/signature/Signature.java
@@ -93,4 +93,12 @@ public interface Signature extends AlgorithmNameProvider {
      * @throws Exception If failed to calculate the signature
      */
     byte[] sign(SessionContext session) throws Exception;
+
+    /**
+     * @param  algo - the negotiated value
+     * @return      The original ssh name of the signature algorithm
+     */
+    default String getSshAlgorithmName(String algo) {
+        return algo;
+    }
 }
diff --git 
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSA.java 
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSA.java
index 0639a45..97f9ed9 100644
--- 
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSA.java
+++ 
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSA.java
@@ -52,8 +52,17 @@ public abstract class SignatureRSA extends AbstractSignature 
{
 
     private int verifierSignatureSize = -1;
 
-    protected SignatureRSA(String algorithm) {
+    private final String sshAlgorithmName;
+
+    protected SignatureRSA(String algorithm, String sshAlgorithmName) {
         super(algorithm);
+        this.sshAlgorithmName = 
ValidateUtils.checkNotNullAndNotEmpty(sshAlgorithmName,
+                "Missing protocol name of the signature algorithm.");
+    }
+
+    @Override
+    public String getSshAlgorithmName(String algo) {
+        return sshAlgorithmName;
     }
 
     /**
diff --git 
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA1.java
 
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA1.java
index a20278f..55bfa62 100644
--- 
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA1.java
+++ 
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA1.java
@@ -19,6 +19,8 @@
 
 package org.apache.sshd.common.signature;
 
+import org.apache.sshd.common.keyprovider.KeyPairProvider;
+
 /**
  * @author <a href="mailto:d...@mina.apache.org";>Apache MINA SSHD Project</a>
  */
@@ -26,6 +28,6 @@ public class SignatureRSASHA1 extends SignatureRSA {
     public static final String ALGORITHM = "SHA1withRSA";
 
     public SignatureRSASHA1() {
-        super(ALGORITHM);
+        super(ALGORITHM, KeyPairProvider.SSH_RSA);
     }
 }
diff --git 
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA256.java
 
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA256.java
index fae2354..a875262 100644
--- 
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA256.java
+++ 
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA256.java
@@ -19,6 +19,8 @@
 
 package org.apache.sshd.common.signature;
 
+import org.apache.sshd.common.config.keys.KeyUtils;
+
 /**
  * @author <a href="mailto:d...@mina.apache.org";>Apache MINA SSHD Project</a>
  */
@@ -26,6 +28,6 @@ public class SignatureRSASHA256 extends SignatureRSA {
     public static final String ALGORITHM = "SHA256withRSA";
 
     public SignatureRSASHA256() {
-        super(ALGORITHM);
+        super(ALGORITHM, KeyUtils.RSA_SHA256_KEY_TYPE_ALIAS);
     }
 }
diff --git 
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA512.java
 
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA512.java
index eff5b0f..dd40802 100644
--- 
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA512.java
+++ 
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSASHA512.java
@@ -19,6 +19,8 @@
 
 package org.apache.sshd.common.signature;
 
+import org.apache.sshd.common.config.keys.KeyUtils;
+
 /**
  * @author <a href="mailto:d...@mina.apache.org";>Apache MINA SSHD Project</a>
  */
@@ -26,6 +28,6 @@ public class SignatureRSASHA512 extends SignatureRSA {
     public static final String ALGORITHM = "SHA512withRSA";
 
     public SignatureRSASHA512() {
-        super(ALGORITHM);
+        super(ALGORITHM, KeyUtils.RSA_SHA512_KEY_TYPE_ALIAS);
     }
 }
diff --git a/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGServer.java 
b/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGServer.java
index 0afef93..d911f2f 100644
--- a/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGServer.java
+++ b/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGServer.java
@@ -129,7 +129,7 @@ public class DHGServer extends AbstractDHServerKeyExchange {
         sig.update(session, h);
 
         buffer.clear();
-        buffer.putString(algo);
+        buffer.putString(sig.getSshAlgorithmName(algo));
         byte[] sigBytes = sig.sign(session);
         buffer.putBytes(sigBytes);

Reply via email to