shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 09:54:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

feat(pki): add support for SK key types in signature handling

Browse Source 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Praneeth Sarode
2025-07-30 23:00:53 +05:30
parent 22c1b6970c
commit bb85492d4f
4 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/pki.c
View File

@@ -506,6 +506,7 @@ static enum ssh_digest_e key_type_to_hash(enum ssh_keytypes_e type)
return SSH_DIGEST_SHA512; return SSH_DIGEST_SHA512;
case SSH_KEYTYPE_ECDSA_P256_CERT01: case SSH_KEYTYPE_ECDSA_P256_CERT01:
case SSH_KEYTYPE_ECDSA_P256: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_SK_ECDSA:
return SSH_DIGEST_SHA256; return SSH_DIGEST_SHA256;
case SSH_KEYTYPE_ECDSA_P384_CERT01: case SSH_KEYTYPE_ECDSA_P384_CERT01:
case SSH_KEYTYPE_ECDSA_P384: case SSH_KEYTYPE_ECDSA_P384:
@@ -515,6 +516,7 @@ static enum ssh_digest_e key_type_to_hash(enum ssh_keytypes_e type)
return SSH_DIGEST_SHA512; return SSH_DIGEST_SHA512;
case SSH_KEYTYPE_ED25519_CERT01: case SSH_KEYTYPE_ED25519_CERT01:
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
case SSH_KEYTYPE_SK_ED25519:
return SSH_DIGEST_AUTO; return SSH_DIGEST_AUTO;
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_DSS: /* deprecated */ case SSH_KEYTYPE_DSS: /* deprecated */
@@ -2508,6 +2510,15 @@ int ssh_pki_export_signature_blob(const ssh_signature sig,
return SSH_ERROR; return SSH_ERROR;
} }
if (is_sk_key_type(sig->type)) {
/* Add flags and counter for SK keys */
rc = ssh_buffer_pack(buf, "bd", sig->sk_flags, sig->sk_counter);
if (rc < 0) {
SSH_BUFFER_FREE(buf);
return SSH_ERROR;
}
}
str = ssh_string_new(ssh_buffer_get_len(buf)); str = ssh_string_new(ssh_buffer_get_len(buf));
if (str == NULL) { if (str == NULL) {
SSH_BUFFER_FREE(buf); SSH_BUFFER_FREE(buf);

5
src/pki_crypto.c
View File

@@ -2158,6 +2158,11 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
sig_blob = pki_ecdsa_signature_to_blob(sig); sig_blob = pki_ecdsa_signature_to_blob(sig);
break; break;
#endif /* HAVE_OPENSSL_ECC */ #endif /* HAVE_OPENSSL_ECC */
case SSH_KEYTYPE_SK_ECDSA:
case SSH_KEYTYPE_SK_ED25519:
/* For SK keys, signature data is already in raw_sig */
sig_blob = ssh_string_copy(sig->raw_sig);
break;
default: default:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %s", sig->type_c); SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %s", sig->type_c);

5
src/pki_gcrypt.c
View File

@@ -1809,6 +1809,11 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
break; break;
} }
#endif #endif
case SSH_KEYTYPE_SK_ECDSA:
case SSH_KEYTYPE_SK_ED25519:
/* For SK keys, signature data is already in raw_sig */
sig_blob = ssh_string_copy(sig->raw_sig);
break;
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
default: default:

5
src/pki_mbedcrypto.c
View File

@@ -1215,6 +1215,11 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
sig_blob = pki_ed25519_signature_to_blob(sig); sig_blob = pki_ed25519_signature_to_blob(sig);
break; break;
case SSH_KEYTYPE_SK_ECDSA:
case SSH_KEYTYPE_SK_ED25519:
/* For SK keys, signature data is already in raw_sig */
sig_blob = ssh_string_copy(sig->raw_sig);
break;
default: default:
SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %s", SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %s",
sig->type_c); sig->type_c);