mysticmode/plan9port
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

ssh-agent: add rsa-sha2-256 and rsa-sha2-512 support

Browse Source 
Modern OpenSSH servers reject ssh-rsa (SHA-1) signatures.
Import SHA-2 support to libsec from Plan 9, teach factotum
to sign with SHA256 and SHA512, and handle the
SSH_AGENT_RSA_SHA2_256/512 flags in ssh-agent.

Strip role and hash from factotum RSA key lookups so a
single key can serve both sign and decrypt operations.

Increase _attrfmt buffer from 1024 to 8192 so large RSA
key attributes are not truncated during factotum ctl reads.

The following files were imported from Plan 9 :

 - src/libsec/port/sha2block64.c
 - src/libsec/port/sha2block128.c
 - src/libsec/port/sha2_64.c
 - src/libsec/port/sha2_128.c
This commit is contained in:
David du Colombier
2026-03-16 20:57:42 +01:00
committed by Dan Cross
parent 44f780a10f
commit 7ed1f0cb5b
11 changed files with 690 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
include/libsec.h
View File

@@ -135,6 +135,10 @@ void des3ECBdecrypt(uchar*, int, DES3state*);
enum
{
SHA1dlen= 20, /* SHA digest length */
SHA2_224dlen= 28, /* SHA-224 digest length */
SHA2_256dlen= 32, /* SHA-256 digest length */
SHA2_384dlen= 48, /* SHA-384 digest length */
SHA2_512dlen= 64, /* SHA-512 digest length */
MD4dlen= 16, /* MD4 digest length */
MD5dlen= 16 /* MD5 digest length */
};
@@ -143,22 +147,39 @@ typedef struct DigestState DigestState;
struct DigestState
{
ulong len;
u32int state[5];
uchar buf[128];
union {
u32int state[8];
u64int bstate[8];
};
uchar buf[256];
int blen;
char malloced;
char seeded;
};
typedef struct DigestState SHAstate; /* obsolete name */
typedef struct DigestState SHA1state;
typedef struct DigestState SHA2_224state;
typedef struct DigestState SHA2_256state;
typedef struct DigestState SHA2_384state;
typedef struct DigestState SHA2_512state;
typedef struct DigestState MD5state;
typedef struct DigestState MD4state;
DigestState* md4(uchar*, ulong, uchar*, DigestState*);
DigestState* md5(uchar*, ulong, uchar*, DigestState*);
DigestState* sha1(uchar*, ulong, uchar*, DigestState*);
DigestState* sha2_224(uchar*, ulong, uchar*, DigestState*);
DigestState* sha2_256(uchar*, ulong, uchar*, DigestState*);
DigestState* sha2_384(uchar*, ulong, uchar*, DigestState*);
DigestState* sha2_512(uchar*, ulong, uchar*, DigestState*);
DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
DigestState* hmac_sha2_224(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
DigestState* hmac_sha2_256(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
DigestState* hmac_sha2_384(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
DigestState* hmac_sha2_512(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
DigestState* hmac_x(uchar*, ulong, uchar*, ulong, uchar*, DigestState*,
DigestState*(*)(uchar*, ulong, uchar*, DigestState*), int);
char* sha1pickle(SHA1state*);
SHA1state* sha1unpickle(char*);