From 91254c72586179469ee59e4b0bd1d54960ce8d88 Mon Sep 17 00:00:00 2001 From: Zdenek Zambersky Date: Thu, 6 May 2021 13:50:20 +0200 Subject: Added support for RSA client authentication with SHA-2 --- lib/net/ssh/authentication/key_manager.rb | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'lib/net/ssh/authentication/key_manager.rb') diff --git a/lib/net/ssh/authentication/key_manager.rb b/lib/net/ssh/authentication/key_manager.rb index ac86cc8..563702c 100644 --- a/lib/net/ssh/authentication/key_manager.rb +++ b/lib/net/ssh/authentication/key_manager.rb @@ -158,7 +158,7 @@ module Net # Regardless of the identity's origin or who does the signing, this # will always return the signature in an SSH2-specified "signature # blob" format. - def sign(identity, data) + def sign(identity, data, sig_alg = nil) info = known_identities[identity] or raise KeyManagerError, "the given identity is unknown to the key manager" if info[:key].nil? && info[:from] == :file @@ -170,14 +170,27 @@ module Net end if info[:key] - return Net::SSH::Buffer.from(:string, identity.ssh_signature_type, - :mstring, info[:key].ssh_do_sign(data.to_s)).to_s + if sig_alg.nil? + signed = info[:key].ssh_do_sign(data.to_s) + sig_alg = identity.ssh_signature_type + else + signed = info[:key].ssh_do_sign(data.to_s, sig_alg) + end + return Net::SSH::Buffer.from(:string, sig_alg, + :mstring, signed).to_s end if info[:from] == :agent raise KeyManagerError, "the agent is no longer available" unless agent - return agent.sign(info[:identity], data.to_s) + case sig_alg + when "rsa-sha2-512" + return agent.sign(info[:identity], data.to_s, Net::SSH::Authentication::Agent::SSH_AGENT_RSA_SHA2_512) + when "rsa-sha2-256" + return agent.sign(info[:identity], data.to_s, Net::SSH::Authentication::Agent::SSH_AGENT_RSA_SHA2_256) + else + return agent.sign(info[:identity], data.to_s) + end end raise KeyManagerError, "[BUG] can't determine identity origin (#{info.inspect})" -- cgit v1.2.1