• R/O
  • SSH
  • HTTPS

ttssh2: コミット


コミットメタ情報

リビジョン10384 (tree)
日時2022-11-27 21:14:35
作者nmaya

ログメッセージ

公開鍵認証(RSA鍵)の署名方式の優先度を設定できるようにした

設定名は RSAPubkeySignAlgorithmOrder として、RSA 公開鍵専用とした

変更サマリ

差分

--- branches/4-stable/ttssh2/ttxssh/hostkey.c (revision 10383)
+++ branches/4-stable/ttssh2/ttxssh/hostkey.c (revision 10384)
@@ -264,10 +264,43 @@
264264 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = buf;
265265 }
266266
267-ssh_keyalgo choose_SSH2_keysign_algorithm(char *server_proposal, ssh_keytype keytype)
267+static void SSH2_rsa_pubkey_sign_algo_myproposal(PTInstVar pvar, char *buf, int buf_len)
268268 {
269+ int algo;
270+ int len, i;
271+ char *c_str;
272+
273+ // 設定された優先順位に応じて buf に並べる
274+ buf[0] = '\0';
275+ for (i = 0 ; pvar->settings.RSAPubkeySignAlgorithmOrder[i] != 0 ; i++) {
276+ algo = pvar->settings.RSAPubkeySignAlgorithmOrder[i] - '0';
277+ if (algo == 0) // disabled line
278+ break;
279+ switch (algo) {
280+ case RSA_PUBKEY_SIGN_ALGO_RSA:
281+ c_str = "ssh-rsa,";
282+ break;
283+ case RSA_PUBKEY_SIGN_ALGO_RSASHA256:
284+ c_str = "rsa-sha2-256,";
285+ break;
286+ case RSA_PUBKEY_SIGN_ALGO_RSASHA512:
287+ c_str = "rsa-sha2-512,";
288+ break;
289+ default:
290+ continue;
291+ }
292+ strncat_s(buf, buf_len, c_str, _TRUNCATE);
293+ }
294+ len = strlen(buf);
295+ if (len > 0)
296+ buf[len - 1] = '\0'; // get rid of comma
297+}
298+
299+ssh_keyalgo choose_SSH2_keysign_algorithm(PTInstVar pvar, ssh_keytype keytype)
300+{
269301 char buff[128];
270302 const struct ssh2_host_key_t *ptr = ssh2_host_key;
303+ char *server_proposal = pvar->server_sig_algs;
271304
272305 if (keytype == KEY_RSA) {
273306 if (server_proposal == NULL) {
@@ -275,7 +308,9 @@
275308 return KEY_ALGO_RSA;
276309 }
277310 else {
278- choose_SSH2_proposal(server_proposal, "rsa-sha2-512,rsa-sha2-256,ssh-rsa", buff, sizeof(buff));
311+ char rsa_myproposal[128];
312+ SSH2_rsa_pubkey_sign_algo_myproposal(pvar, rsa_myproposal, sizeof(rsa_myproposal));
313+ choose_SSH2_proposal(server_proposal, rsa_myproposal, buff, sizeof(buff));
279314 if (strlen(buff) == 0) {
280315 // not found.
281316 logprintf(LOG_LEVEL_WARNING, "%s: no match sign algorithm.", __FUNCTION__);
@@ -298,3 +333,15 @@
298333 // not reached
299334 return KEY_ALGO_UNSPEC;
300335 }
336+
337+void normalize_rsa_pubkey_sign_algo_order(char *buf)
338+{
339+ static char default_strings[] = {
340+ RSA_PUBKEY_SIGN_ALGO_RSASHA512,
341+ RSA_PUBKEY_SIGN_ALGO_RSASHA256,
342+ RSA_PUBKEY_SIGN_ALGO_RSA,
343+ RSA_PUBKEY_SIGN_ALGO_NONE,
344+ };
345+
346+ normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
347+}
--- branches/4-stable/ttssh2/ttxssh/hostkey.h (revision 10383)
+++ branches/4-stable/ttssh2/ttxssh/hostkey.h (revision 10384)
@@ -93,7 +93,15 @@
9393 SSH_DIGEST_MAX,
9494 } digest_algorithm;
9595
96+typedef enum {
97+ RSA_PUBKEY_SIGN_ALGO_NONE,
98+ RSA_PUBKEY_SIGN_ALGO_RSA,
99+ RSA_PUBKEY_SIGN_ALGO_RSASHA256,
100+ RSA_PUBKEY_SIGN_ALGO_RSASHA512,
101+ RSA_PUBKEY_SIGN_ALGO_MAX,
102+} ssh_rsapubkeysignalgo;
96103
104+
97105 ssh_keytype get_hostkey_type_from_name(char *name);
98106 char* get_ssh2_hostkey_type_name(ssh_keytype type);
99107 char *get_ssh2_hostkey_type_name_from_key(Key *key);
@@ -106,8 +114,9 @@
106114 char* get_digest_algorithm_name(digest_algorithm id);
107115
108116 void normalize_host_key_order(char *buf);
117+void normalize_rsa_pubkey_sign_algo_order(char *buf);
109118 ssh_keyalgo choose_SSH2_host_key_algorithm(char *server_proposal, char *my_proposal);
110-ssh_keyalgo choose_SSH2_keysign_algorithm(char *server_proposal, ssh_keytype keytype);
119+ssh_keyalgo choose_SSH2_keysign_algorithm(PTInstVar pvar, ssh_keytype keytype);
111120 void SSH2_update_host_key_myproposal(PTInstVar pvar);
112121
113122 #endif /* SSHCMAC_H */
--- branches/4-stable/ttssh2/ttxssh/ssh.c (revision 10383)
+++ branches/4-stable/ttssh2/ttxssh/ssh.c (revision 10384)
@@ -6310,7 +6310,7 @@
63106310 goto error;
63116311 }
63126312
6313- keyalgo = choose_SSH2_keysign_algorithm(pvar->server_sig_algs, keypair->type);
6313+ keyalgo = choose_SSH2_keysign_algorithm(pvar, keypair->type);
63146314 keyalgo_name = get_ssh2_hostkey_algorithm_name(keyalgo);
63156315
63166316 // step1
@@ -6384,7 +6384,7 @@
63846384 len = get_uint32_MSBfirst(puttykey+4);
63856385 keytype_name = puttykey + 8;
63866386 keytype = get_hostkey_type_from_name(keytype_name);
6387- keyalgo = choose_SSH2_keysign_algorithm(pvar->server_sig_algs, keytype);
6387+ keyalgo = choose_SSH2_keysign_algorithm(pvar, keytype);
63886388 keyalgo_name = get_ssh2_hostkey_algorithm_name(keyalgo);
63896389
63906390 // アルゴリズムをコピーする
@@ -7123,7 +7123,7 @@
71237123 len = get_uint32_MSBfirst(puttykey+4);
71247124 keytype_name = puttykey + 8;
71257125 keytype = get_hostkey_type_from_name(keytype_name);
7126- keyalgo = choose_SSH2_keysign_algorithm(pvar->server_sig_algs, keytype);
7126+ keyalgo = choose_SSH2_keysign_algorithm(pvar, keytype);
71277127 keyalgo_name = get_ssh2_hostkey_algorithm_name(keyalgo);
71287128 signflag = get_ssh2_agent_flag(keyalgo);
71297129
--- branches/4-stable/ttssh2/ttxssh/ttxssh.c (revision 10383)
+++ branches/4-stable/ttssh2/ttxssh/ttxssh.c (revision 10384)
@@ -292,6 +292,9 @@
292292 // Compression algorithm order
293293 READ_STD_STRING_OPTION(CompOrder);
294294 normalize_comp_order(settings->CompOrder);
295+ // Sign algorithm order of RSA publickey authentication
296+ READ_STD_STRING_OPTION(RSAPubkeySignAlgorithmOrder);
297+ normalize_rsa_pubkey_sign_algo_order(settings->RSAPubkeySignAlgorithmOrder);
295298
296299 read_string_option(fileName, "KnownHostsFiles", "ssh_known_hosts",
297300 settings->KnownHostsFiles,
@@ -425,6 +428,9 @@
425428 WritePrivateProfileString("TTSSH", "CompOrder",
426429 settings->CompOrder, fileName);
427430
431+ WritePrivateProfileString("TTSSH", "RSAPubkeySignAlgorithmOrder",
432+ settings->RSAPubkeySignAlgorithmOrder, fileName);
433+
428434 WritePrivateProfileString("TTSSH", "KnownHostsFiles",
429435 settings->KnownHostsFiles, fileName);
430436
--- branches/4-stable/ttssh2/ttxssh/ttxssh.h (revision 10383)
+++ branches/4-stable/ttssh2/ttxssh/ttxssh.h (revision 10384)
@@ -208,6 +208,11 @@
208208 int GexMinimalGroupSize;
209209
210210 int AuthBanner;
211+
212+ // Sign algorithm order
213+ // for publickey authentication (not for server hostkey)
214+ // for RSA key only
215+ char RSAPubkeySignAlgorithmOrder[RSA_PUBKEY_SIGN_ALGO_MAX+1];
211216 } TS_SSH;
212217
213218 typedef struct _TInstVar {
旧リポジトリブラウザで表示