From a3ddc48cb02c5e5835e24a9280da3bbfe7f30e5d Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 29 May 2019 16:04:42 +0200
Subject: [PATCH] pki: Derive correct algorithm identification for certificate
 authentication with SHA2 extension

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/pki.c | 41 ++++++++++++++++++++++++++++-------------
 1 file changed, 28 insertions(+), 13 deletions(-)

diff --git a/src/pki.c b/src/pki.c
index d49eaa19..62d7de41 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -213,20 +213,35 @@ const char *
 ssh_key_signature_to_char(enum ssh_keytypes_e type,
                           enum ssh_digest_e hash_type)
 {
-    if (type != SSH_KEYTYPE_RSA) {
-        return ssh_key_type_to_char(type);
-    }
-
-    switch (hash_type) {
-    case SSH_DIGEST_SHA256:
-        return "rsa-sha2-256";
-    case SSH_DIGEST_SHA512:
-        return "rsa-sha2-512";
-    case SSH_DIGEST_SHA1:
-    case SSH_DIGEST_AUTO:
-        return "ssh-rsa";
+    switch (type) {
+    case SSH_KEYTYPE_RSA:
+        switch (hash_type) {
+        case SSH_DIGEST_SHA256:
+            return "rsa-sha2-256";
+        case SSH_DIGEST_SHA512:
+            return "rsa-sha2-512";
+        case SSH_DIGEST_SHA1:
+        case SSH_DIGEST_AUTO:
+            return "ssh-rsa";
+        default:
+            return NULL;
+        }
+        break;
+    case SSH_KEYTYPE_RSA_CERT01:
+        switch (hash_type) {
+        case SSH_DIGEST_SHA256:
+            return "rsa-sha2-256-cert-v01@openssh.com";
+        case SSH_DIGEST_SHA512:
+            return "rsa-sha2-512-cert-v01@openssh.com";
+        case SSH_DIGEST_SHA1:
+        case SSH_DIGEST_AUTO:
+            return "ssh-rsa-cert-v01@openssh.com";
+        default:
+            return NULL;
+        }
+        break;
     default:
-        return NULL;
+        return ssh_key_type_to_char(type);
     }
 
     /* We should never reach this */