[SSHD-1175] sshd support rsa-sha2-512 or ras-sha2-256 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: None
Labels:
None

Description

in class org.apache.sshd.client.kex.DHGEXClient

String keyAlg = KeyUtils.getKeyType(serverKey); // when chosen rsa-sha2-512， the keyAlg wouldb be ras-ssh，getKeyType form sig would be better.
if (GenericUtils.isEmpty(keyAlg))

{ throw new SshException( "Unsupported server key type: " + serverKey.getAlgorithm() + " [" + serverKey.getFormat() + "]"); }

buffer = new ByteArrayBuffer();
buffer.putBytes(v_c);
buffer.putBytes(v_s);
buffer.putBytes(i_c);
buffer.putBytes(i_s);
buffer.putBytes(k_s);
buffer.putInt(min);
buffer.putInt(prf);
buffer.putInt(max);
buffer.putMPInt(getP());
buffer.putMPInt(g);
buffer.putMPInt(getE());
buffer.putMPInt(f);
buffer.putMPInt(k);
hash.update(buffer.array(), 0, buffer.available());
h = hash.digest();

Signature verif = ValidateUtils.checkNotNull(
NamedFactory.create(session.getSignatureFactories(), keyAlg), // session.getSignatureFactories() would be [rsa-sha2-512], not macth keyAlg, so the return value would b null, the conection could not be created.
"No verifier located for algorithm=%s", keyAlg);
verif.initVerifier(session, serverKey);
verif.update(session, h);
if (!verif.verify(session, sig)) {

Attachments

Issue Links

duplicates

SSHD-1163 Wrong server key algorithm choose

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: tk0214

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/May/21 06:55

Updated:: 22/Jun/21 11:32

Resolved:: 16/Jun/21 19:52