Support SHA-256 and SHA-512 based RSA signatures.

Now the RSA signing function supports the two flags defined in draft-miller-ssh-agent-02, and uses them to generate RSA signatures based on SHA-256 and SHA-512, which look exactly like the ordinary kind of RSA SHA-1 signature except that the decoded signature integer has a different hash at the bottom and an ASN.1 identifying prefix to match, and also the signature-type string prefixing the integer changes from "ssh-rsa" to "rsa-sha2-256" or "rsa-sha2-512" as appropriate. We don't _accept_ signatures of these new types - that would need an entirely different protocol extension - and we don't generate them under any circumstances other than Pageant receiving a sign request with one of those flags set.
2025-07-03 20:42:48 -05:00 · 2018-11-19 20:46:59 +00:00
parent 7d4a276fc1
commit 13b29008b4
2 changed files with 62 additions and 15 deletions
--- a/ssh.h
+++ b/ssh.h
@ -807,6 +807,12 @@ struct ssh_keyalg {
 #define ssh_key_ssh_id(key) ((*(key))->ssh_id)
 #define ssh_key_cache_id(key) ((*(key))->cache_id)

+/*
+ * Enumeration of signature flags from draft-miller-ssh-agent-02
+ */
+#define SSH_AGENT_RSA_SHA2_256 2
+#define SSH_AGENT_RSA_SHA2_512 4
+
 typedef struct ssh_compressor {
    const struct ssh_compression_alg *vt;
 } ssh_compressor;