summaryrefslogtreecommitdiffstats
path: root/vendor/golang.org/x/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/golang.org/x/crypto')
-rw-r--r--vendor/golang.org/x/crypto/ssh/certs.go24
-rw-r--r--vendor/golang.org/x/crypto/ssh/client.go15
-rw-r--r--vendor/golang.org/x/crypto/ssh/common.go30
-rw-r--r--vendor/golang.org/x/crypto/ssh/handshake.go29
-rw-r--r--vendor/golang.org/x/crypto/ssh/keys.go9
-rw-r--r--vendor/golang.org/x/crypto/ssh/server.go2
6 files changed, 89 insertions, 20 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/certs.go b/vendor/golang.org/x/crypto/ssh/certs.go
index 916c840b..6605bf64 100644
--- a/vendor/golang.org/x/crypto/ssh/certs.go
+++ b/vendor/golang.org/x/crypto/ssh/certs.go
@@ -14,7 +14,7 @@ import (
"time"
)
-// These constants from [PROTOCOL.certkeys] represent the algorithm names
+// These constants from [PROTOCOL.certkeys] represent the key algorithm names
// for certificate types supported by this package.
const (
CertAlgoRSAv01 = "ssh-rsa-cert-v01@openssh.com"
@@ -27,6 +27,14 @@ const (
CertAlgoSKED25519v01 = "sk-ssh-ed25519-cert-v01@openssh.com"
)
+// These constants from [PROTOCOL.certkeys] represent additional signature
+// algorithm names for certificate types supported by this package.
+const (
+ CertSigAlgoRSAv01 = "ssh-rsa-cert-v01@openssh.com"
+ CertSigAlgoRSASHA2256v01 = "rsa-sha2-256-cert-v01@openssh.com"
+ CertSigAlgoRSASHA2512v01 = "rsa-sha2-512-cert-v01@openssh.com"
+)
+
// Certificate types distinguish between host and user
// certificates. The values can be set in the CertType field of
// Certificate.
@@ -423,6 +431,12 @@ func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {
}
c.SignatureKey = authority.PublicKey()
+ if v, ok := authority.(AlgorithmSigner); ok {
+ if v.PublicKey().Type() == KeyAlgoRSA {
+ authority = &rsaSigner{v, SigAlgoRSASHA2512}
+ }
+ }
+
sig, err := authority.Sign(rand, c.bytesForSigning())
if err != nil {
return err
@@ -431,8 +445,14 @@ func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {
return nil
}
+// certAlgoNames includes a mapping from signature algorithms to the
+// corresponding certificate signature algorithm. When a key type (such
+// as ED25516) is associated with only one algorithm, the KeyAlgo
+// constant is used instead of the SigAlgo.
var certAlgoNames = map[string]string{
- KeyAlgoRSA: CertAlgoRSAv01,
+ SigAlgoRSA: CertSigAlgoRSAv01,
+ SigAlgoRSASHA2256: CertSigAlgoRSASHA2256v01,
+ SigAlgoRSASHA2512: CertSigAlgoRSASHA2512v01,
KeyAlgoDSA: CertAlgoDSAv01,
KeyAlgoECDSA256: CertAlgoECDSA256v01,
KeyAlgoECDSA384: CertAlgoECDSA384v01,
diff --git a/vendor/golang.org/x/crypto/ssh/client.go b/vendor/golang.org/x/crypto/ssh/client.go
index 99f68bd3..ba8621a8 100644
--- a/vendor/golang.org/x/crypto/ssh/client.go
+++ b/vendor/golang.org/x/crypto/ssh/client.go
@@ -115,12 +115,25 @@ func (c *connection) clientHandshake(dialAddress string, config *ClientConfig) e
// verifyHostKeySignature verifies the host key obtained in the key
// exchange.
-func verifyHostKeySignature(hostKey PublicKey, result *kexResult) error {
+func verifyHostKeySignature(hostKey PublicKey, algo string, result *kexResult) error {
sig, rest, ok := parseSignatureBody(result.Signature)
if len(rest) > 0 || !ok {
return errors.New("ssh: signature parse error")
}
+ // For keys, underlyingAlgo is exactly algo. For certificates,
+ // we have to look up the underlying key algorithm that SSH
+ // uses to evaluate signatures.
+ underlyingAlgo := algo
+ for sigAlgo, certAlgo := range certAlgoNames {
+ if certAlgo == algo {
+ underlyingAlgo = sigAlgo
+ }
+ }
+ if sig.Format != underlyingAlgo {
+ return fmt.Errorf("ssh: invalid signature algorithm %q, expected %q", sig.Format, underlyingAlgo)
+ }
+
return hostKey.Verify(result.H, sig)
}
diff --git a/vendor/golang.org/x/crypto/ssh/common.go b/vendor/golang.org/x/crypto/ssh/common.go
index 290382d0..5ae22757 100644
--- a/vendor/golang.org/x/crypto/ssh/common.go
+++ b/vendor/golang.org/x/crypto/ssh/common.go
@@ -69,11 +69,13 @@ var preferredKexAlgos = []string{
// supportedHostKeyAlgos specifies the supported host-key algorithms (i.e. methods
// of authenticating servers) in preference order.
var supportedHostKeyAlgos = []string{
- CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01,
+ CertSigAlgoRSASHA2512v01, CertSigAlgoRSASHA2256v01,
+ CertSigAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01,
CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01,
KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521,
- KeyAlgoRSA, KeyAlgoDSA,
+ SigAlgoRSASHA2512, SigAlgoRSASHA2256,
+ SigAlgoRSA, KeyAlgoDSA,
KeyAlgoED25519,
}
@@ -90,16 +92,20 @@ var supportedCompressions = []string{compressionNone}
// hashFuncs keeps the mapping of supported algorithms to their respective
// hashes needed for signature verification.
var hashFuncs = map[string]crypto.Hash{
- KeyAlgoRSA: crypto.SHA1,
- KeyAlgoDSA: crypto.SHA1,
- KeyAlgoECDSA256: crypto.SHA256,
- KeyAlgoECDSA384: crypto.SHA384,
- KeyAlgoECDSA521: crypto.SHA512,
- CertAlgoRSAv01: crypto.SHA1,
- CertAlgoDSAv01: crypto.SHA1,
- CertAlgoECDSA256v01: crypto.SHA256,
- CertAlgoECDSA384v01: crypto.SHA384,
- CertAlgoECDSA521v01: crypto.SHA512,
+ SigAlgoRSA: crypto.SHA1,
+ SigAlgoRSASHA2256: crypto.SHA256,
+ SigAlgoRSASHA2512: crypto.SHA512,
+ KeyAlgoDSA: crypto.SHA1,
+ KeyAlgoECDSA256: crypto.SHA256,
+ KeyAlgoECDSA384: crypto.SHA384,
+ KeyAlgoECDSA521: crypto.SHA512,
+ CertSigAlgoRSAv01: crypto.SHA1,
+ CertSigAlgoRSASHA2256v01: crypto.SHA256,
+ CertSigAlgoRSASHA2512v01: crypto.SHA512,
+ CertAlgoDSAv01: crypto.SHA1,
+ CertAlgoECDSA256v01: crypto.SHA256,
+ CertAlgoECDSA384v01: crypto.SHA384,
+ CertAlgoECDSA521v01: crypto.SHA512,
}
// unexpectedMessageError results when the SSH message that we received didn't
diff --git a/vendor/golang.org/x/crypto/ssh/handshake.go b/vendor/golang.org/x/crypto/ssh/handshake.go
index 2b10b05a..05ad49c3 100644
--- a/vendor/golang.org/x/crypto/ssh/handshake.go
+++ b/vendor/golang.org/x/crypto/ssh/handshake.go
@@ -457,8 +457,15 @@ func (t *handshakeTransport) sendKexInit() error {
if len(t.hostKeys) > 0 {
for _, k := range t.hostKeys {
- msg.ServerHostKeyAlgos = append(
- msg.ServerHostKeyAlgos, k.PublicKey().Type())
+ algo := k.PublicKey().Type()
+ switch algo {
+ case KeyAlgoRSA:
+ msg.ServerHostKeyAlgos = append(msg.ServerHostKeyAlgos, []string{SigAlgoRSASHA2512, SigAlgoRSASHA2256, SigAlgoRSA}...)
+ case CertAlgoRSAv01:
+ msg.ServerHostKeyAlgos = append(msg.ServerHostKeyAlgos, []string{CertSigAlgoRSASHA2512v01, CertSigAlgoRSASHA2256v01, CertSigAlgoRSAv01}...)
+ default:
+ msg.ServerHostKeyAlgos = append(msg.ServerHostKeyAlgos, algo)
+ }
}
} else {
msg.ServerHostKeyAlgos = t.hostKeyAlgorithms
@@ -614,8 +621,22 @@ func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
func (t *handshakeTransport) server(kex kexAlgorithm, algs *algorithms, magics *handshakeMagics) (*kexResult, error) {
var hostKey Signer
for _, k := range t.hostKeys {
- if algs.hostKey == k.PublicKey().Type() {
+ kt := k.PublicKey().Type()
+ if kt == algs.hostKey {
hostKey = k
+ } else if signer, ok := k.(AlgorithmSigner); ok {
+ // Some signature algorithms don't show up as key types
+ // so we have to manually check for a compatible host key.
+ switch kt {
+ case KeyAlgoRSA:
+ if algs.hostKey == SigAlgoRSASHA2256 || algs.hostKey == SigAlgoRSASHA2512 {
+ hostKey = &rsaSigner{signer, algs.hostKey}
+ }
+ case CertAlgoRSAv01:
+ if algs.hostKey == CertSigAlgoRSASHA2256v01 || algs.hostKey == CertSigAlgoRSASHA2512v01 {
+ hostKey = &rsaSigner{signer, certToPrivAlgo(algs.hostKey)}
+ }
+ }
}
}
@@ -634,7 +655,7 @@ func (t *handshakeTransport) client(kex kexAlgorithm, algs *algorithms, magics *
return nil, err
}
- if err := verifyHostKeySignature(hostKey, result); err != nil {
+ if err := verifyHostKeySignature(hostKey, algs.hostKey, result); err != nil {
return nil, err
}
diff --git a/vendor/golang.org/x/crypto/ssh/keys.go b/vendor/golang.org/x/crypto/ssh/keys.go
index 31f26349..c67d3a31 100644
--- a/vendor/golang.org/x/crypto/ssh/keys.go
+++ b/vendor/golang.org/x/crypto/ssh/keys.go
@@ -939,6 +939,15 @@ func newDSAPrivateKey(key *dsa.PrivateKey) (Signer, error) {
return &dsaPrivateKey{key}, nil
}
+type rsaSigner struct {
+ AlgorithmSigner
+ defaultAlgorithm string
+}
+
+func (s *rsaSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {
+ return s.AlgorithmSigner.SignWithAlgorithm(rand, data, s.defaultAlgorithm)
+}
+
type wrappedSigner struct {
signer crypto.Signer
pubKey PublicKey
diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go
index b6911e83..6a58e120 100644
--- a/vendor/golang.org/x/crypto/ssh/server.go
+++ b/vendor/golang.org/x/crypto/ssh/server.go
@@ -284,7 +284,7 @@ func (s *connection) serverHandshake(config *ServerConfig) (*Permissions, error)
func isAcceptableAlgo(algo string) bool {
switch algo {
- case KeyAlgoRSA, KeyAlgoDSA, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, KeyAlgoSKECDSA256, KeyAlgoED25519, KeyAlgoSKED25519,
+ case SigAlgoRSA, SigAlgoRSASHA2256, SigAlgoRSASHA2512, KeyAlgoDSA, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, KeyAlgoSKECDSA256, KeyAlgoED25519, KeyAlgoSKED25519,
CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoSKECDSA256v01, CertAlgoED25519v01, CertAlgoSKED25519v01:
return true
}