Tera TermRevision: 10384
https://osdn.net/projects/ttssh2/scm/svn/commits/10384
Author: nmaya
Date: 2022-11-27 21:14:35 +0900 (Sun, 27 Nov 2022)
Log Message:
-----------
公開鍵認証(RSA鍵)の署名方式の優先度を設定できるようにした
設定名は RSAPubkeySignAlgorithmOrder として、RSA 公開鍵専用とした
Modified Paths:
--------------
branches/4-stable/ttssh2/ttxssh/hostkey.c
branches/4-stable/ttssh2/ttxssh/hostkey.h
branches/4-stable/ttssh2/ttxssh/ssh.c
branches/4-stable/ttssh2/ttxssh/ttxssh.c
branches/4-stable/ttssh2/ttxssh/ttxssh.h
-------------- next part --------------
Modified: branches/4-stable/ttssh2/ttxssh/hostkey.c
===================================================================
--- branches/4-stable/ttssh2/ttxssh/hostkey.c 2022-11-26 12:07:09 UTC (rev 10383)
+++ branches/4-stable/ttssh2/ttxssh/hostkey.c 2022-11-27 12:14:35 UTC (rev 10384)
@@ -264,10 +264,43 @@
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = buf;
}
-ssh_keyalgo choose_SSH2_keysign_algorithm(char *server_proposal, ssh_keytype keytype)
+static void SSH2_rsa_pubkey_sign_algo_myproposal(PTInstVar pvar, char *buf, int buf_len)
{
+ int algo;
+ int len, i;
+ char *c_str;
+
+ // \x90ݒ肳\x82ꂽ\x97D\x90揇\x88ʂɉ\x9E\x82\xB6\x82\xC4 buf \x82ɕ\xC0\x82ׂ\xE9
+ buf[0] = '\0';
+ for (i = 0 ; pvar->settings.RSAPubkeySignAlgorithmOrder[i] != 0 ; i++) {
+ algo = pvar->settings.RSAPubkeySignAlgorithmOrder[i] - '0';
+ if (algo == 0) // disabled line
+ break;
+ switch (algo) {
+ case RSA_PUBKEY_SIGN_ALGO_RSA:
+ c_str = "ssh-rsa,";
+ break;
+ case RSA_PUBKEY_SIGN_ALGO_RSASHA256:
+ c_str = "rsa-sha2-256,";
+ break;
+ case RSA_PUBKEY_SIGN_ALGO_RSASHA512:
+ c_str = "rsa-sha2-512,";
+ break;
+ default:
+ continue;
+ }
+ strncat_s(buf, buf_len, c_str, _TRUNCATE);
+ }
+ len = strlen(buf);
+ if (len > 0)
+ buf[len - 1] = '\0'; // get rid of comma
+}
+
+ssh_keyalgo choose_SSH2_keysign_algorithm(PTInstVar pvar, ssh_keytype keytype)
+{
char buff[128];
const struct ssh2_host_key_t *ptr = ssh2_host_key;
+ char *server_proposal = pvar->server_sig_algs;
if (keytype == KEY_RSA) {
if (server_proposal == NULL) {
@@ -275,7 +308,9 @@
return KEY_ALGO_RSA;
}
else {
- choose_SSH2_proposal(server_proposal, "rsa-sha2-512,rsa-sha2-256,ssh-rsa", buff, sizeof(buff));
+ char rsa_myproposal[128];
+ SSH2_rsa_pubkey_sign_algo_myproposal(pvar, rsa_myproposal, sizeof(rsa_myproposal));
+ choose_SSH2_proposal(server_proposal, rsa_myproposal, buff, sizeof(buff));
if (strlen(buff) == 0) {
// not found.
logprintf(LOG_LEVEL_WARNING, "%s: no match sign algorithm.", __FUNCTION__);
@@ -298,3 +333,15 @@
// not reached
return KEY_ALGO_UNSPEC;
}
+
+void normalize_rsa_pubkey_sign_algo_order(char *buf)
+{
+ static char default_strings[] = {
+ RSA_PUBKEY_SIGN_ALGO_RSASHA512,
+ RSA_PUBKEY_SIGN_ALGO_RSASHA256,
+ RSA_PUBKEY_SIGN_ALGO_RSA,
+ RSA_PUBKEY_SIGN_ALGO_NONE,
+ };
+
+ normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
+}
Modified: branches/4-stable/ttssh2/ttxssh/hostkey.h
===================================================================
--- branches/4-stable/ttssh2/ttxssh/hostkey.h 2022-11-26 12:07:09 UTC (rev 10383)
+++ branches/4-stable/ttssh2/ttxssh/hostkey.h 2022-11-27 12:14:35 UTC (rev 10384)
@@ -93,7 +93,15 @@
SSH_DIGEST_MAX,
} digest_algorithm;
+typedef enum {
+ RSA_PUBKEY_SIGN_ALGO_NONE,
+ RSA_PUBKEY_SIGN_ALGO_RSA,
+ RSA_PUBKEY_SIGN_ALGO_RSASHA256,
+ RSA_PUBKEY_SIGN_ALGO_RSASHA512,
+ RSA_PUBKEY_SIGN_ALGO_MAX,
+} ssh_rsapubkeysignalgo;
+
ssh_keytype get_hostkey_type_from_name(char *name);
char* get_ssh2_hostkey_type_name(ssh_keytype type);
char *get_ssh2_hostkey_type_name_from_key(Key *key);
@@ -106,8 +114,9 @@
char* get_digest_algorithm_name(digest_algorithm id);
void normalize_host_key_order(char *buf);
+void normalize_rsa_pubkey_sign_algo_order(char *buf);
ssh_keyalgo choose_SSH2_host_key_algorithm(char *server_proposal, char *my_proposal);
-ssh_keyalgo choose_SSH2_keysign_algorithm(char *server_proposal, ssh_keytype keytype);
+ssh_keyalgo choose_SSH2_keysign_algorithm(PTInstVar pvar, ssh_keytype keytype);
void SSH2_update_host_key_myproposal(PTInstVar pvar);
#endif /* SSHCMAC_H */
Modified: branches/4-stable/ttssh2/ttxssh/ssh.c
===================================================================
--- branches/4-stable/ttssh2/ttxssh/ssh.c 2022-11-26 12:07:09 UTC (rev 10383)
+++ branches/4-stable/ttssh2/ttxssh/ssh.c 2022-11-27 12:14:35 UTC (rev 10384)
@@ -6310,7 +6310,7 @@
goto error;
}
- keyalgo = choose_SSH2_keysign_algorithm(pvar->server_sig_algs, keypair->type);
+ keyalgo = choose_SSH2_keysign_algorithm(pvar, keypair->type);
keyalgo_name = get_ssh2_hostkey_algorithm_name(keyalgo);
// step1
@@ -6384,7 +6384,7 @@
len = get_uint32_MSBfirst(puttykey+4);
keytype_name = puttykey + 8;
keytype = get_hostkey_type_from_name(keytype_name);
- keyalgo = choose_SSH2_keysign_algorithm(pvar->server_sig_algs, keytype);
+ keyalgo = choose_SSH2_keysign_algorithm(pvar, keytype);
keyalgo_name = get_ssh2_hostkey_algorithm_name(keyalgo);
// \x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82\xF0\x83R\x83s\x81[\x82\xB7\x82\xE9
@@ -7123,7 +7123,7 @@
len = get_uint32_MSBfirst(puttykey+4);
keytype_name = puttykey + 8;
keytype = get_hostkey_type_from_name(keytype_name);
- keyalgo = choose_SSH2_keysign_algorithm(pvar->server_sig_algs, keytype);
+ keyalgo = choose_SSH2_keysign_algorithm(pvar, keytype);
keyalgo_name = get_ssh2_hostkey_algorithm_name(keyalgo);
signflag = get_ssh2_agent_flag(keyalgo);
Modified: branches/4-stable/ttssh2/ttxssh/ttxssh.c
===================================================================
--- branches/4-stable/ttssh2/ttxssh/ttxssh.c 2022-11-26 12:07:09 UTC (rev 10383)
+++ branches/4-stable/ttssh2/ttxssh/ttxssh.c 2022-11-27 12:14:35 UTC (rev 10384)
@@ -292,6 +292,9 @@
// Compression algorithm order
READ_STD_STRING_OPTION(CompOrder);
normalize_comp_order(settings->CompOrder);
+ // Sign algorithm order of RSA publickey authentication
+ READ_STD_STRING_OPTION(RSAPubkeySignAlgorithmOrder);
+ normalize_rsa_pubkey_sign_algo_order(settings->RSAPubkeySignAlgorithmOrder);
read_string_option(fileName, "KnownHostsFiles", "ssh_known_hosts",
settings->KnownHostsFiles,
@@ -425,6 +428,9 @@
WritePrivateProfileString("TTSSH", "CompOrder",
settings->CompOrder, fileName);
+ WritePrivateProfileString("TTSSH", "RSAPubkeySignAlgorithmOrder",
+ settings->RSAPubkeySignAlgorithmOrder, fileName);
+
WritePrivateProfileString("TTSSH", "KnownHostsFiles",
settings->KnownHostsFiles, fileName);
Modified: branches/4-stable/ttssh2/ttxssh/ttxssh.h
===================================================================
--- branches/4-stable/ttssh2/ttxssh/ttxssh.h 2022-11-26 12:07:09 UTC (rev 10383)
+++ branches/4-stable/ttssh2/ttxssh/ttxssh.h 2022-11-27 12:14:35 UTC (rev 10384)
@@ -208,6 +208,11 @@
int GexMinimalGroupSize;
int AuthBanner;
+
+ // Sign algorithm order
+ // for publickey authentication (not for server hostkey)
+ // for RSA key only
+ char RSAPubkeySignAlgorithmOrder[RSA_PUBKEY_SIGN_ALGO_MAX+1];
} TS_SSH;
typedef struct _TInstVar {