This is an automated email from the ASF dual-hosted git repository.
twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit c80b88f933c8aadca2e4d908bf3bcab1f03065c5
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Mon Nov 22 19:52:53 2021 +0100
Fix Buffer.putRawPublicKey() for hardware keys
Buffer.putRawPublicKey() did not account for sk-* keys. Apache MINA
sshd supports these keys only on the server side; so the worst effect
was that the fingerprint was reported as "BufferException". (Supporting
these keys on the client side would involve calling a dynamic native
library (with address space protection, i.e., via a separate process)).
Also make KeyUtils.getKeyType return the correct string for sk-* keys,
and at least report the exception and its message in the fingerprint
when computing the fingerprint fails.
Note that Apache MINA sshd does not support the sk-* certificate key
types yet.
---
.../src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java | 6 +++++-
.../src/main/java/org/apache/sshd/common/util/buffer/Buffer.java | 4 ++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java
index 0e711b0..5d5502e 100644
--- a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java
+++ b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java
@@ -651,7 +651,7 @@ public final class KeyUtils {
buffer.putRawPublicKey(key);
return DigestUtils.getFingerPrint(d, buffer.array(), 0,
buffer.wpos());
} catch (Exception e) {
- return e.getClass().getSimpleName();
+ return e.toString();
}
}
@@ -841,8 +841,12 @@ public final class KeyUtils {
} else {
return curve.getKeyType();
}
+ } else if (key instanceof SkEcdsaPublicKey) {
+ return SkECDSAPublicKeyEntryDecoder.KEY_TYPE;
} else if (SecurityUtils.EDDSA.equalsIgnoreCase(key.getAlgorithm())) {
return KeyPairProvider.SSH_ED25519;
+ } else if (key instanceof SkED25519PublicKey) {
+ return SkED25519PublicKeyEntryDecoder.KEY_TYPE;
} else if (key instanceof OpenSshCertificate) {
return ((OpenSshCertificate) key).getKeyType();
}
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java
b/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java
index 55e419f..4c30537 100644
--- a/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java
+++ b/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/Buffer.java
@@ -61,6 +61,7 @@ import org.apache.sshd.common.SshException;
import org.apache.sshd.common.cipher.ECCurves;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.OpenSshCertificate;
+import org.apache.sshd.common.config.keys.u2f.SecurityKeyPublicKey;
import org.apache.sshd.common.keyprovider.KeyPairProvider;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.NumberUtils;
@@ -990,6 +991,9 @@ public abstract class Buffer implements Readable {
putBytes(ecPoint);
} else if (SecurityUtils.EDDSA.equals(key.getAlgorithm())) {
SecurityUtils.putRawEDDSAPublicKey(this, key);
+ } else if (key instanceof SecurityKeyPublicKey) {
+ putRawPublicKeyBytes(((SecurityKeyPublicKey<?>)
key).getDelegatePublicKey());
+ putString(((SecurityKeyPublicKey<?>) key).getAppName());
} else if (key instanceof OpenSshCertificate) {
OpenSshCertificate cert = (OpenSshCertificate) key;
