# HG changeset patch # User Matt Johnston # Date 1590409382 -28800 # Node ID a53e7d2d60be5dd1c2d676159563a2f567659bd2 # Parent 435cfb9ec96ec6c491ade6129426fabe34ad8973 rsa-sha256 for ssh-agent diff -r 435cfb9ec96e -r a53e7d2d60be agentfwd.h --- a/agentfwd.h Sun May 24 14:16:58 2020 +0800 +++ b/agentfwd.h Mon May 25 20:23:02 2020 +0800 @@ -32,6 +32,9 @@ #if DROPBEAR_CLI_AGENTFWD +/* From OpenSSH authfd.h */ +#define SSH_AGENT_RSA_SHA2_256 0x02 + /* An agent reply can be reasonably large, as it can * contain a list of all public keys held by the agent. * 10000 is arbitrary */ @@ -40,7 +43,7 @@ /* client functions */ void cli_load_agent_keys(m_list * ret_list); void agent_buf_sign(buffer *sigblob, sign_key *key, - const buffer *data_buf); + const buffer *data_buf, enum signature_type type); void cli_setup_agent(const struct Channel *channel); #ifdef __hpux diff -r 435cfb9ec96e -r a53e7d2d60be cli-agentfwd.c --- a/cli-agentfwd.c Sun May 24 14:16:58 2020 +0800 +++ b/cli-agentfwd.c Mon May 25 20:23:02 2020 +0800 @@ -255,11 +255,12 @@ } void agent_buf_sign(buffer *sigblob, sign_key *key, - const buffer *data_buf) { + const buffer *data_buf, enum signature_type sigtype) { buffer *request_data = NULL; buffer *response = NULL; unsigned int siglen; int packet_type; + int flags = 0; /* Request format byte SSH2_AGENTC_SIGN_REQUEST @@ -271,7 +272,12 @@ buf_put_pub_key(request_data, key, key->type); buf_putbufstring(request_data, data_buf); - buf_putint(request_data, 0); +#if DROPBEAR_RSA_SHA256 + if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) { + flags |= SSH_AGENT_RSA_SHA2_256; + } +#endif + buf_putint(request_data, flags); response = agent_request(SSH2_AGENTC_SIGN_REQUEST, request_data); diff -r 435cfb9ec96e -r a53e7d2d60be cli-authpubkey.c --- a/cli-authpubkey.c Sun May 24 14:16:58 2020 +0800 +++ b/cli-authpubkey.c Mon May 25 20:23:02 2020 +0800 @@ -130,7 +130,7 @@ /* Format the agent signature ourselves, as buf_put_sign would. */ buffer *sigblob; sigblob = buf_new(MAX_PUBKEY_SIZE); - agent_buf_sign(sigblob, key, data_buf); + agent_buf_sign(sigblob, key, data_buf, sigtype); buf_putbufstring(buf, sigblob); buf_free(sigblob); } else