Re: RSA signatures with SHA2 (RFC 8332 and RFC 8308) (Was: (Client side) RSA signatures with SHA2 (RFC 8332 and RFC 8308))
- Subject: Re: RSA signatures with SHA2 (RFC 8332 and RFC 8308) (Was: (Client side) RSA signatures with SHA2 (RFC 8332 and RFC 8308))
- From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Thu, 02 Aug 2018 17:25:03 +0200
- To: libssh@xxxxxxxxxx
- Cc: jakuje@xxxxxxxxx
On Wednesday, 1 August 2018 18:26:34 CEST Andreas Schneider wrote:
> On Thursday, 26 July 2018 17:45:12 CEST Jakub Jelen wrote:
> > Hello,
> Hi Jakub,
> > the current patch-set provides also the server side implementation of
> > the SHA2 extension, which is tested with current tests against OpenSSH.
> > There are few partially related changes, such as follow up on SSH1
> > removal and support for PubkeyAcceptedTypes as discussed before.
> > While testing server, I noticed some issues with incomplete support for
> > the ed25519 keys so this is also in.
> I've already pushed the fixes, however the rsa sha2 stuff needs some more
> love. The individual commits should compile at least.
> See the TODO commit which should be squashed, once squashed you need to add
> the missing functions. You can find the code here:
I've worked a bit on this and I'm not happy with the pki stuff. The first
extension negotiation with SHA2 extension for RSA keys
is too big. I don't like how the pki stuff is implemented. When we add new
functions there we need tests for it.
I think the rsa keys should be handled like ecdsa -> ssh_pki_key_ecdsa_name()
Let me know as soon as you're back and we can have a phone call over this.
Andreas Schneider asn@xxxxxxxxxxxxxx
Archive administrator: email@example.com