You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "poppinlong (Jira)" <ji...@apache.org> on 2021/08/20 08:20:00 UTC

[jira] [Created] (SSHD-1210) Sha2 algorithm is not supported for signature verification

poppinlong created SSHD-1210:
--------------------------------

             Summary: Sha2 algorithm is not supported for signature verification
                 Key: SSHD-1210
                 URL: https://issues.apache.org/jira/browse/SSHD-1210
             Project: MINA SSHD
          Issue Type: Bug
    Affects Versions: 2.5.1, 2.6.0
            Reporter: poppinlong


For signature verification, only SHA1 is supported,The following code,the key parameter is the signature algorithm resolved from the server stream,Only the RSA algorithm is supported,In fact, the server-side signature algorithm might be SHA2-256
{code:java}
//
String keyAlg = KeyUtils.getKeyType(serverKey);
******
Signature verif = ValidateUtils.checkNotNull(
        NamedFactory.create(session.getSignatureFactories(), keyAlg),
        "No verifier located for algorithm=%s", keyAlg);{code}
{code:java}
///**
 * @param  key a public or private key
 * @return     the key type or {@code null} if cannot determine it
 */
public static String getKeyType(Key key) {
    if (key == null) {
        return null;
    } else if (key instanceof DSAKey) {
        return KeyPairProvider.SSH_DSS;
    } else if (key instanceof RSAKey) {
        return KeyPairProvider.SSH_RSA;
    } else if (key instanceof ECKey) {
        ECKey ecKey = (ECKey) key;
        ECParameterSpec ecSpec = ecKey.getParams();
        ECCurves curve = ECCurves.fromCurveParameters(ecSpec);
        if (curve == null) {
            return null; // debug breakpoint
        } else {
            return curve.getKeyType();
        }
    } else if (SecurityUtils.EDDSA.equalsIgnoreCase(key.getAlgorithm())) {
        return KeyPairProvider.SSH_ED25519;
    } else if (key instanceof OpenSshCertificate) {
        return ((OpenSshCertificate) key).getKeyType();
    }

    return null;
}{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org