Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Duplicate
-
2.6.0, 2.5.1
-
None
-
None
Description
For signature verification, only SHA1 is supported,The following code,the key parameter is the signature algorithm resolved from the server stream,Only the RSA algorithm is supported,In fact, the server-side signature algorithm might be SHA2-256
// String keyAlg = KeyUtils.getKeyType(serverKey); ****** Signature verif = ValidateUtils.checkNotNull( NamedFactory.create(session.getSignatureFactories(), keyAlg), "No verifier located for algorithm=%s", keyAlg);
///** * @param key a public or private key * @return the key type or {@code null} if cannot determine it */ public static String getKeyType(Key key) { if (key == null) { return null; } else if (key instanceof DSAKey) { return KeyPairProvider.SSH_DSS; } else if (key instanceof RSAKey) { return KeyPairProvider.SSH_RSA; } else if (key instanceof ECKey) { ECKey ecKey = (ECKey) key; ECParameterSpec ecSpec = ecKey.getParams(); ECCurves curve = ECCurves.fromCurveParameters(ecSpec); if (curve == null) { return null; // debug breakpoint } else { return curve.getKeyType(); } } else if (SecurityUtils.EDDSA.equalsIgnoreCase(key.getAlgorithm())) { return KeyPairProvider.SSH_ED25519; } else if (key instanceof OpenSshCertificate) { return ((OpenSshCertificate) key).getKeyType(); } return null; }
Attachments
Issue Links
- duplicates
-
SSHD-1163 Wrong server key algorithm choose
- Resolved