Morten Linderud
2024-Nov-23 15:37 UTC
[PATCH] sshsig: check hashalg before selecting the RSA signature algorithm
Hi, I sent this patch back inn april and I still have a need for this. Would it be possible to get any pointers how we can have `hashalg` selectable by `ssh-keygen -Y`? -- Morten Linderud PGP: 9C02FF419FECBE16 On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote:> `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` > and this prevents ssh-agent implementations that can't support sha512 > from signing messages. > > An example of this is TPMs which mostly only really supports sha256 > widely. > > This change enables `ssh-keygen -Y sign` to honor the `hashalg` option > for the signing algorithm. > > Signed-off-by: Morten Linderud <morten at linderud.pw> > --- > sshsig.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/sshsig.c b/sshsig.c > index 470b286a3..033b43353 100644 > --- a/sshsig.c > +++ b/sshsig.c > @@ -190,8 +190,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, > } > > /* If using RSA keys then default to a good signature algorithm */ > - if (sshkey_type_plain(key->type) == KEY_RSA) > - sign_alg = RSA_SIGN_ALG; > + if (sshkey_type_plain(key->type) == KEY_RSA){ > + if (hashalg == NULL) > + sign_alg = RSA_SIGN_ALG; > + else if (strcmp(hashalg, "sha256") == 0) > + sign_alg = "rsa-sha2-256"; > + else if (strcmp(hashalg, "sha512") == 0) > + sign_alg = "rsa-sha2-512"; > + } > > if (signer != NULL) { > if ((r = signer(key, &sig, &slen, > -- > 2.44.0 > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20241123/f62f7654/attachment.asc>
Ron Frederick
2024-Nov-23 15:55 UTC
[PATCH] sshsig: check hashalg before selecting the RSA signature algorithm
There is no hash algorithm associated with SSH keys. The key format for RSA keys
is always ?ssh-rsa?, and it is capable of being used with any of the available
signature algorithms (ssh-rsa for SHA-1 and rsa-sha2-256 or rsa-sha2-512 for
SHA-2).
See section 3 in https://www.rfc-editor.org/rfc/rfc8332:
rsa-sha2-256 RECOMMENDED sign Raw RSA key
rsa-sha2-512 OPTIONAL sign Raw RSA key
These algorithms are suitable for use both in the SSH transport layer
[RFC4253 <https://www.rfc-editor.org/rfc/rfc4253>] for server
authentication and in the authentication layer
[RFC4252 <https://www.rfc-editor.org/rfc/rfc4252>] for client
authentication.
Since RSA keys are not dependent on the choice of hash function, the
new public key algorithms reuse the "ssh-rsa" public key format as
defined in [RFC4253 <https://www.rfc-editor.org/rfc/rfc4253>]:
string "ssh-rsa"
mpint e
mpint n
It is only RSA signature blobs that will show the new signature algorithm names.
On Nov 23, 2024, at 7:37?AM, Morten Linderud <morten at linderud.pw>
wrote:> I sent this patch back inn april and I still have a need for this. Would it
be
> possible to get any pointers how we can have `hashalg` selectable by
`ssh-keygen -Y`?
>
> --
> Morten Linderud
> PGP: 9C02FF419FECBE16
>
> On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote:
>> `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512`
>> and this prevents ssh-agent implementations that can't support
sha512
>> from signing messages.
>>
>> An example of this is TPMs which mostly only really supports sha256
>> widely.
>>
>> This change enables `ssh-keygen -Y sign` to honor the `hashalg` option
>> for the signing algorithm.
>>
>> Signed-off-by: Morten Linderud <morten at linderud.pw>
>> ---
>> sshsig.c | 10 ++++++++--
>> 1 file changed, 8 insertions(+), 2 deletions(-)
>>
>> diff --git a/sshsig.c b/sshsig.c
>> index 470b286a3..033b43353 100644
>> --- a/sshsig.c
>> +++ b/sshsig.c
>> @@ -190,8 +190,14 @@ sshsig_wrap_sign(struct sshkey *key, const char
*hashalg,
>> }
>>
>> /* If using RSA keys then default to a good signature algorithm */
>> - if (sshkey_type_plain(key->type) == KEY_RSA)
>> - sign_alg = RSA_SIGN_ALG;
>> + if (sshkey_type_plain(key->type) == KEY_RSA){
>> + if (hashalg == NULL)
>> + sign_alg = RSA_SIGN_ALG;
>> + else if (strcmp(hashalg, "sha256") == 0)
>> + sign_alg = "rsa-sha2-256";
>> + else if (strcmp(hashalg, "sha512") == 0)
>> + sign_alg = "rsa-sha2-512";
>> + }
>>
>> if (signer != NULL) {
>> if ((r = signer(key, &sig, &slen,
>> --
>> 2.44.0
--
Ron Frederick
ronf at timeheart.net
Damien Miller
2024-Nov-26 21:25 UTC
[PATCH] sshsig: check hashalg before selecting the RSA signature algorithm
Sorry, this now been committed and will be in openssh-10.0 On Sat, 23 Nov 2024, Morten Linderud wrote:> Hi, > > I sent this patch back inn april and I still have a need for this. Would it be > possible to get any pointers how we can have `hashalg` selectable by `ssh-keygen -Y`? > > -- > Morten Linderud > PGP: 9C02FF419FECBE16 > > On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: > > `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` > > and this prevents ssh-agent implementations that can't support sha512 > > from signing messages. > > > > An example of this is TPMs which mostly only really supports sha256 > > widely. > > > > This change enables `ssh-keygen -Y sign` to honor the `hashalg` option > > for the signing algorithm. > > > > Signed-off-by: Morten Linderud <morten at linderud.pw> > > --- > > sshsig.c | 10 ++++++++-- > > 1 file changed, 8 insertions(+), 2 deletions(-) > > > > diff --git a/sshsig.c b/sshsig.c > > index 470b286a3..033b43353 100644 > > --- a/sshsig.c > > +++ b/sshsig.c > > @@ -190,8 +190,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, > > } > > > > /* If using RSA keys then default to a good signature algorithm */ > > - if (sshkey_type_plain(key->type) == KEY_RSA) > > - sign_alg = RSA_SIGN_ALG; > > + if (sshkey_type_plain(key->type) == KEY_RSA){ > > + if (hashalg == NULL) > > + sign_alg = RSA_SIGN_ALG; > > + else if (strcmp(hashalg, "sha256") == 0) > > + sign_alg = "rsa-sha2-256"; > > + else if (strcmp(hashalg, "sha512") == 0) > > + sign_alg = "rsa-sha2-512"; > > + } > > > > if (signer != NULL) { > > if ((r = signer(key, &sig, &slen, > > -- > > 2.44.0 > > _______________________________________________ > > openssh-unix-dev mailing list > > openssh-unix-dev at mindrot.org > > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
Seemingly Similar Threads
- [PATCH] sshsig: check hashalg before selecting the RSA signature algorithm
- [PATCH] sshsig: check hashalg before selecting the RSA signature algorithm
- [PATCH] sshsig: check hashalg before selecting the RSA signature algorithm
- [PATCH] sshsig: check hashalg before selecting the RSA signature algorithm
- [Bug 3829] New: SSH signature armor protocol documentation issue