Add support for rsa-sha2-256 & rsa-rsa2-512 to ChannelAgentForwarding.

mwiede · Sep 4, 2021 · bb76299 · bb76299
1 parent f824c38
commit bb76299
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 2 deletions.
diff --git a/Readme.md b/Readme.md
@@ -94,6 +94,7 @@ As I explained in a [blog post](http://www.matez.de/index.php/2020/06/22/the-fut
   * Added support for SHA224 to FingerprintHash
   * Fixing [#52](https://github.com/mwiede/jsch/issues/52)
   * Deprecate `void setFilenameEncoding(String encoding)` in favor of `void setFilenameEncoding(Charset encoding)` in `ChannelSftp`
+  * Added support for rsa-sha2-256 & rsa-rsa2-512 algorithms to `ChannelAgentForwarding`
 * [0.1.65](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.65)
   * Added system properties to allow manipulation of various crypto algorithms used by default
   * Integrated JZlib, allowing use of zlib@<!-- -->openssh.com & zlib compressions without the need to provide the JZlib jar-file

diff --git a/src/main/java/com/jcraft/jsch/ChannelAgentForwarding.java b/src/main/java/com/jcraft/jsch/ChannelAgentForwarding.java
@@ -57,6 +57,10 @@ class ChannelAgentForwarding extends Channel{
   private final byte SSH2_AGENTC_REMOVE_ALL_IDENTITIES=19;
   private final byte SSH2_AGENT_FAILURE=30;
 
+  //private final int SSH_AGENT_OLD_SIGNATURE=0x1;
+  private final int SSH_AGENT_RSA_SHA2_256=0x2;
+  private final int SSH_AGENT_RSA_SHA2_512=0x4;
+
   boolean init=true;
 
   private Buffer rbuf=null;
@@ -159,7 +163,7 @@ else if(typ==SSH2_AGENTC_SIGN_REQUEST){
       byte[] data=rbuf.getString();
       int flags=rbuf.getInt();
 
-//      if((flags & 1)!=0){ //SSH_AGENT_OLD_SIGNATURE // old OpenSSH 2.0, 2.1
+//      if((flags & SSH_AGENT_OLD_SIGNATURE)!=0){ //SSH_AGENT_OLD_SIGNATURE // old OpenSSH 2.0, 2.1
 //        datafellows = SSH_BUG_SIGBLOB;
 //      }
 
@@ -208,7 +212,22 @@ else if(typ==SSH2_AGENTC_SIGN_REQUEST){
       byte[] signature=null;
 
       if(identity!=null){
-        signature=identity.getSignature(data);
+        Buffer kbuf=new Buffer(blob);
+        String keytype=Util.byte2str(kbuf.getString());
+        if(keytype.equals("ssh-rsa")){
+          if((flags & SSH_AGENT_RSA_SHA2_256)!=0){
+            signature=identity.getSignature(data, "rsa-sha2-256");
+          }
+          else if((flags & SSH_AGENT_RSA_SHA2_512)!=0){
+            signature=identity.getSignature(data, "rsa-sha2-512");
+          }
+          else{
+            signature=identity.getSignature(data, "ssh-rsa");
+          }
+        }
+        else{
+          signature=identity.getSignature(data);
+        }
       }
 
       if(signature==null){