Tera TermRevision: 10070
https://osdn.net/projects/ttssh2/scm/svn/commits/10070
Author: doda
Date: 2022-07-18 00:40:17 +0900 (Mon, 18 Jul 2022)
Log Message:
-----------
pageant認証をrsa-sha2-256/512に対応させた
Modified Paths:
--------------
trunk/ttssh2/putty/libputty.c
trunk/ttssh2/putty/libputty.h
trunk/ttssh2/ttxssh/hostkey.c
trunk/ttssh2/ttxssh/hostkey.h
trunk/ttssh2/ttxssh/ssh.c
-------------- next part --------------
Modified: trunk/ttssh2/putty/libputty.c
===================================================================
--- trunk/ttssh2/putty/libputty.c 2022-07-17 15:40:06 UTC (rev 10069)
+++ trunk/ttssh2/putty/libputty.c 2022-07-17 15:40:17 UTC (rev 10070)
@@ -130,7 +130,8 @@
void *putty_sign_ssh2_key(unsigned char *pubkey /* length(4byte) + data */,
unsigned char *data,
int datalen,
- int *outlen)
+ int *outlen,
+ int signflags)
{
void *ret;
@@ -139,7 +140,6 @@
int response_len;
int pubkeylen;
strbuf *agentreq = strbuf_new_for_agent_query();
- int signflags = 0;
put_byte(agentreq, SSH2_AGENTC_SIGN_REQUEST);
pubkeylen = GET_32BIT_MSB_FIRST(pubkey);
Modified: trunk/ttssh2/putty/libputty.h
===================================================================
--- trunk/ttssh2/putty/libputty.h 2022-07-17 15:40:06 UTC (rev 10069)
+++ trunk/ttssh2/putty/libputty.h 2022-07-17 15:40:17 UTC (rev 10070)
@@ -31,7 +31,8 @@
void *putty_sign_ssh2_key(unsigned char *pubkey,
unsigned char *data,
int datalen,
- int *outlen);
+ int *outlen,
+ int signflags);
int putty_get_ssh1_keylist(unsigned char **keylist);
void *putty_hash_ssh1_challenge(unsigned char *pubkey,
int pubkeylen,
Modified: trunk/ttssh2/ttxssh/hostkey.c
===================================================================
--- trunk/ttssh2/ttxssh/hostkey.c 2022-07-17 15:40:06 UTC (rev 10069)
+++ trunk/ttssh2/ttxssh/hostkey.c 2022-07-17 15:40:17 UTC (rev 10070)
@@ -35,21 +35,22 @@
ssh_keyalgo algo;
ssh_keytype type;
int digest_type;
+ ssh_agentflag signflag;
char *name;
};
static const struct ssh2_host_key_t ssh2_host_key[] = {
- {KEY_ALGO_RSA1, KEY_RSA1, NID_sha1, "ssh-rsa1"}, // for SSH1 only
- {KEY_ALGO_RSA, KEY_RSA, NID_sha1, "ssh-rsa"}, // RFC4253
- {KEY_ALGO_DSA, KEY_DSA, NID_sha1, "ssh-dss"}, // RFC4253
- {KEY_ALGO_ECDSA256, KEY_ECDSA256, NID_sha256, "ecdsa-sha2-nistp256"}, // RFC5656
- {KEY_ALGO_ECDSA384, KEY_ECDSA384, NID_sha384, "ecdsa-sha2-nistp384"}, // RFC5656
- {KEY_ALGO_ECDSA521, KEY_ECDSA521, NID_sha512, "ecdsa-sha2-nistp521"}, // RFC5656
- {KEY_ALGO_ED25519, KEY_ED25519, NID_sha512, "ssh-ed25519"}, // RDC8709
- {KEY_ALGO_RSASHA256,KEY_RSA, NID_sha256, "rsa-sha2-256"}, // RFC8332
- {KEY_ALGO_RSASHA512,KEY_RSA, NID_sha512, "rsa-sha2-512"}, // RFC8332
- {KEY_ALGO_UNSPEC, KEY_UNSPEC, NID_undef, "ssh-unknown"},
- {KEY_ALGO_NONE, KEY_NONE, NID_undef, NULL},
+ {KEY_ALGO_RSA1, KEY_RSA1, NID_sha1, SSH_AGENT_SIGN_DEFAULT, "ssh-rsa1"}, // for SSH1 only
+ {KEY_ALGO_RSA, KEY_RSA, NID_sha1, SSH_AGENT_SIGN_DEFAULT, "ssh-rsa"}, // RFC4253
+ {KEY_ALGO_DSA, KEY_DSA, NID_sha1, SSH_AGENT_SIGN_DEFAULT, "ssh-dss"}, // RFC4253
+ {KEY_ALGO_ECDSA256, KEY_ECDSA256, NID_sha256, SSH_AGENT_SIGN_DEFAULT, "ecdsa-sha2-nistp256"}, // RFC5656
+ {KEY_ALGO_ECDSA384, KEY_ECDSA384, NID_sha384, SSH_AGENT_SIGN_DEFAULT, "ecdsa-sha2-nistp384"}, // RFC5656
+ {KEY_ALGO_ECDSA521, KEY_ECDSA521, NID_sha512, SSH_AGENT_SIGN_DEFAULT, "ecdsa-sha2-nistp521"}, // RFC5656
+ {KEY_ALGO_ED25519, KEY_ED25519, NID_sha512, SSH_AGENT_SIGN_DEFAULT, "ssh-ed25519"}, // RDC8709
+ {KEY_ALGO_RSASHA256,KEY_RSA, NID_sha256, SSH_AGENT_RSA_SHA2_256, "rsa-sha2-256"}, // RFC8332
+ {KEY_ALGO_RSASHA512,KEY_RSA, NID_sha512, SSH_AGENT_RSA_SHA2_512, "rsa-sha2-512"}, // RFC8332
+ {KEY_ALGO_UNSPEC, KEY_UNSPEC, NID_undef, SSH_AGENT_SIGN_DEFAULT, "ssh-unknown"},
+ {KEY_ALGO_NONE, KEY_NONE, NID_undef, SSH_AGENT_SIGN_DEFAULT, NULL},
};
struct ssh_digest_t {
@@ -158,6 +159,21 @@
return NID_sha1;
}
+int get_ssh2_agent_flag(ssh_keyalgo algo)
+{
+ const struct ssh2_host_key_t *ptr = ssh2_host_key;
+
+ while (ptr->name != NULL) {
+ if (algo == ptr->algo) {
+ return ptr->signflag;
+ }
+ ptr++;
+ }
+
+ // not found.
+ return SSH_AGENT_SIGN_DEFAULT;
+}
+
ssh_keytype get_ssh2_hostkey_type_from_algorithm(ssh_keyalgo algo)
{
const struct ssh2_host_key_t *ptr = ssh2_host_key;
Modified: trunk/ttssh2/ttxssh/hostkey.h
===================================================================
--- trunk/ttssh2/ttxssh/hostkey.h 2022-07-17 15:40:06 UTC (rev 10069)
+++ trunk/ttssh2/ttxssh/hostkey.h 2022-07-17 15:40:17 UTC (rev 10070)
@@ -58,6 +58,12 @@
KEY_ALGO_UNSPEC,
KEY_ALGO_MAX = KEY_ALGO_UNSPEC,
} ssh_keyalgo;
+
+typedef enum {
+ SSH_AGENT_SIGN_DEFAULT = 0,
+ SSH_AGENT_RSA_SHA2_256 = 2,
+ SSH_AGENT_RSA_SHA2_512 = 4,
+} ssh_agentflag;
#define isFixedLengthKey(type) ((type) >= KEY_DSA && (type) <= KEY_ED25519)
// fingerprint\x82̎\xED\x95\xCA
@@ -94,6 +100,7 @@
ssh_keyalgo get_ssh2_hostkey_algorithm_from_name(const char *name);
char* get_ssh2_hostkey_algorithm_name(ssh_keyalgo algo);
int get_ssh2_key_hashtype(ssh_keyalgo algo);
+int get_ssh2_agent_flag(ssh_keyalgo algo);
ssh_keytype get_ssh2_hostkey_type_from_algorithm(ssh_keyalgo algo);
const char* get_ssh2_hostkey_type_name_from_algorithm(ssh_keyalgo algo);
char* get_digest_algorithm_name(digest_algorithm id);
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c 2022-07-17 15:40:06 UTC (rev 10069)
+++ trunk/ttssh2/ttxssh/ssh.c 2022-07-17 15:40:17 UTC (rev 10070)
@@ -6778,6 +6778,9 @@
} else if (pvar->auth_state.cur_cred.method == SSH_AUTH_PAGEANT) { // Pageant
unsigned char *puttykey;
+ unsigned char *keytype_name, *keyalgo_name;
+ ssh_keytype keytype;
+ ssh_keyalgo keyalgo;
s = "publickey";
buffer_put_string(msg, s, strlen(s));
@@ -6794,10 +6797,17 @@
}
puttykey = pvar->pageant_curkey;
- // \x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xF0\x83R\x83s\x81[\x82\xB7\x82\xE9
+ // \x8C\xAE\x8E\xED\x95ʂ\xA9\x82痘\x97p\x82\xB7\x82鏐\x96\xBC\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xF0\x8C\x88\x92肷\x82\xE9
len = get_uint32_MSBfirst(puttykey+4);
- buffer_put_string(msg, puttykey+8, len);
+ keytype_name = puttykey + 8;
+ keytype = get_hostkey_type_from_name(keytype_name);
+ keyalgo = choose_SSH2_keysign_algorithm(pvar->server_sig_algs, keytype);
+ keyalgo_name = get_ssh2_hostkey_algorithm_name(keyalgo);
+ // \x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xF0\x83R\x83s\x81[\x82\xB7\x82\xE9
+ len = strlen(keyalgo_name);
+ buffer_put_string(msg, keyalgo_name, len);
+
// \x8C\xAE\x82\xF0\x83R\x83s\x81[\x82\xB7\x82\xE9
len = get_uint32_MSBfirst(puttykey);
puttykey += 4;
@@ -7502,6 +7512,11 @@
unsigned char *signedmsg;
int signedlen;
+ unsigned char *keytype_name, *keyalgo_name;
+ ssh_keytype keytype;
+ ssh_keyalgo keyalgo;
+ ssh_agentflag signflag;
+
logputs(LOG_LEVEL_VERBOSE, "SSH2_MSG_USERAUTH_PK_OK was received.");
username = pvar->auth_state.user; // \x83\x86\x81[\x83U\x96\xBC
@@ -7524,10 +7539,18 @@
puttykey = pvar->pageant_curkey;
- // \x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xF0\x83R\x83s\x81[\x82\xB7\x82\xE9
+ // \x8C\xAE\x8E\xED\x95ʂ\xA9\x82痘\x97p\x82\xB7\x82鏐\x96\xBC\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xF0\x8C\x88\x92肷\x82\xE9
len = get_uint32_MSBfirst(puttykey+4);
- buffer_put_string(signbuf, puttykey+8, len);
+ keytype_name = puttykey + 8;
+ keytype = get_hostkey_type_from_name(keytype_name);
+ keyalgo = choose_SSH2_keysign_algorithm(pvar->server_sig_algs, keytype);
+ keyalgo_name = get_ssh2_hostkey_algorithm_name(keyalgo);
+ signflag = get_ssh2_agent_flag(keyalgo);
+ // \x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xF0\x83R\x83s\x81[\x82\xB7\x82\xE9
+ len = strlen(keyalgo_name);
+ buffer_put_string(signbuf, keyalgo_name, len);
+
// \x8C\xAE\x82\xF0\x83R\x83s\x81[\x82\xB7\x82\xE9
len = get_uint32_MSBfirst(puttykey);
puttykey += 4;
@@ -7537,7 +7560,7 @@
// Pageant \x82ɏ\x90\x96\xBC\x82\xB5\x82Ă\xE0\x82炤
signedmsg = putty_sign_ssh2_key(pvar->pageant_curkey,
signbuf->buf, signbuf->len,
- &signedlen);
+ &signedlen, signflag);
buffer_free(signbuf);
if (signedmsg == NULL) {
safefree(pvar->pageant_key);
@@ -7563,8 +7586,8 @@
puttykey = pvar->pageant_curkey;
// \x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xF0\x83R\x83s\x81[\x82\xB7\x82\xE9
- len = get_uint32_MSBfirst(puttykey+4);
- buffer_put_string(msg, puttykey+8, len);
+ len = strlen(keyalgo_name);
+ buffer_put_string(msg, keyalgo_name, len);
// \x8C\xAE\x82\xF0\x83R\x83s\x81[\x82\xB7\x82\xE9
len = get_uint32_MSBfirst(puttykey);