lazr.sshserver

Merge ~cjwatson/lazr.sshserver:rsa-sha2 into lazr.sshserver:main

  1. Git
  2. lp:~cjwatson/lazr.sshserver
  3. rsa-sha2
  4. Merge into main
Proposed by Colin Watson
Status: Merged
Merged at revision: dceaa092b52cc97eb4045188593264ec85591e0d
Proposed branch: ~cjwatson/lazr.sshserver:rsa-sha2
Merge into: lazr.sshserver:main
Diff against target: 45 lines (+6/-3)
2 files modified
NEWS.txt (+2/-0)
src/lazr/sshserver/auth.py (+4/-3)
Reviewer Review Type Date Requested Status
Ioana Lasc (community) Approve
Review via email: mp+415187@code.launchpad.net

Commit message

Add support for RSA keys with SHA-2 signatures

Description of the change

This parallels a change in https://github.com/twisted/twisted/pull/1692, and requires a version of Twisted with that PR in order to actually provide this support (although it will still work as before with older versions of Twisted).

To post a comment you must log in.
Revision history for this message
Ioana Lasc (ilasc) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/NEWS.txt b/NEWS.txt
index 821a9cc..32da7e1 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -10,6 +10,8 @@ NEWS for lazr.sshserver
10- Apply black code formatter.10- Apply black code formatter.
11- Add isort pre-commit hook.11- Add isort pre-commit hook.
12- Apply inclusive naming via the woke pre-commit hook.12- Apply inclusive naming via the woke pre-commit hook.
13- Add support for RSA keys with SHA-2 signatures (given corresponding
14 Twisted support).
1315
140.1.12 (2021-09-13)160.1.12 (2021-09-13)
15===================17===================
diff --git a/src/lazr/sshserver/auth.py b/src/lazr/sshserver/auth.py
index 3d88930..f0dee0e 100644
--- a/src/lazr/sshserver/auth.py
+++ b/src/lazr/sshserver/auth.py
@@ -273,7 +273,7 @@ class SSHUserAuthServer(userauth.SSHUserAuthServer):
273 # Work around a bug in paramiko < 2.0.0: if the most significant273 # Work around a bug in paramiko < 2.0.0: if the most significant
274 # byte of an RSA signature is zero, then it strips leading zero274 # byte of an RSA signature is zero, then it strips leading zero
275 # bytes rather than zero-padding it to the correct length.275 # bytes rather than zero-padding it to the correct length.
276 if algName == b"ssh-rsa":276 if algName in (b"ssh-rsa", b"rsa-sha2-256", b"rsa-sha2-512"):
277 signatureType, rawSignature, rest = getNS(signature, 2)277 signatureType, rawSignature, rest = getNS(signature, 2)
278 pubKeyLen = (pubKey.size() + 7) // 8278 pubKeyLen = (pubKey.size() + 7) // 8
279 if len(rawSignature) < pubKeyLen:279 if len(rawSignature) < pubKeyLen:
@@ -289,7 +289,7 @@ class SSHUserAuthServer(userauth.SSHUserAuthServer):
289 + NS(self.nextService)289 + NS(self.nextService)
290 + NS(b"publickey")290 + NS(b"publickey")
291 + _bytesChr(hasSig)291 + _bytesChr(hasSig)
292 + NS(pubKey.sshType())292 + NS(algName)
293 + NS(blob)293 + NS(blob)
294 )294 )
295 # The next three lines are different from the original.295 # The next three lines are different from the original.
@@ -366,7 +366,8 @@ class PublicKeyFromLaunchpadChecker:
366 """Check the key data in credentials against the keys found in LP."""366 """Check the key data in credentials against the keys found in LP."""
367 if credentials.algName == b"ssh-dss":367 if credentials.algName == b"ssh-dss":
368 wantKeyType = "DSA"368 wantKeyType = "DSA"
369 elif credentials.algName == b"ssh-rsa":369 elif credentials.algName in (
370 b"ssh-rsa", b"rsa-sha2-256", b"rsa-sha2-512"):
370 wantKeyType = "RSA"371 wantKeyType = "RSA"
371 elif credentials.algName.startswith(b"ecdsa-sha2-"):372 elif credentials.algName.startswith(b"ecdsa-sha2-"):
372 wantKeyType = "ECDSA"373 wantKeyType = "ECDSA"

Subscribers

People subscribed via source and target branches