Re: RSA signatures with SHA2 (RFC 8332 and RFC 8308) (Was: (Client side) RSA signatures with SHA2 (RFC 8332 and RFC 8308))

[Andreas Schneider <asn@xxxxxxxxxxxxxx>]

On Wednesday, 1 August 2018 18:26:34 CEST Andreas Schneider wrote:
> On Thursday, 26 July 2018 17:45:12 CEST Jakub Jelen wrote:
> > Hello,
> 
> Hi Jakub,
> 
> > the current patch-set provides also the server side implementation of
> > the SHA2 extension, which is tested with current tests against OpenSSH.
> > 
> > There are few partially related changes, such as follow up on SSH1
> > removal and support for PubkeyAcceptedTypes as discussed before.
> > 
> > While testing server, I noticed some issues with incomplete support for
> > the ed25519 keys so this is also in.
> 
> I've already pushed the fixes, however the rsa sha2 stuff needs some more
> love. The individual commits should compile at least.
> 
> See the TODO commit which should be squashed, once squashed you need to add
> the missing functions. You can find the code here:
> 
> https://git.libssh.org/users/asn/libssh.git/log/?h=master-fix

I've worked a bit on this and I'm not happy with the pki stuff. The first 
patch:

extension negotiation with SHA2 extension for RSA keys

is too big. I don't like how the pki stuff is implemented. When we add new 
functions there we need tests for it.

I think the rsa keys should be handled like ecdsa -> ssh_pki_key_ecdsa_name() 
for example.

Let me know as soon as you're back and we can have a phone call over this.



	Andreas


-- 
Andreas Schneider                 asn@xxxxxxxxxxxxxx
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D