From f2c0f5105b2d766fc1220a6bb85b5cc748d590b6 Mon Sep 17 00:00:00 2001 From: Eugene Date: Sat, 28 Dec 2024 00:08:45 +0100 Subject: [PATCH 1/4] ssh-key: support making RSA-SHA1 signatures --- ssh-key/src/signature.rs | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/ssh-key/src/signature.rs b/ssh-key/src/signature.rs index db03fe4..4f851f6 100644 --- a/ssh-key/src/signature.rs +++ b/ssh-key/src/signature.rs @@ -663,11 +663,21 @@ impl Verifier for EcdsaPublicKey { } #[cfg(feature = "rsa")] -impl Signer for RsaKeypair { +impl Signer for (&RsaKeypair, Option) { fn try_sign(&self, message: &[u8]) -> signature::Result { - let data = rsa::pkcs1v15::SigningKey::::try_from(self)? - .try_sign(message) - .map_err(|_| signature::Error::new())?; + let data = match self.1 { + Some(HashAlg::Sha512) => { + rsa::pkcs1v15::SigningKey::::try_from(self.0)?.try_sign(message) + } + Some(HashAlg::Sha256) => { + rsa::pkcs1v15::SigningKey::::try_from(self.0)?.try_sign(message) + } + #[cfg(feature = "rsa-sha1")] + None => rsa::pkcs1v15::SigningKey::::try_from(self.0)?.try_sign(message), + #[cfg(not(feature = "rsa-sha1"))] + None => return Err(Algorithm::Rsa { hash: None }.unsupported_error().into()), + } + .map_err(|_| signature::Error::new())?; Ok(Signature { algorithm: Algorithm::Rsa { @@ -678,6 +688,13 @@ impl Signer for RsaKeypair { } } +#[cfg(feature = "rsa")] +impl Signer for RsaKeypair { + fn try_sign(&self, message: &[u8]) -> signature::Result { + (self, Some(HashAlg::Sha512)).try_sign(message) + } +} + #[cfg(feature = "rsa")] impl Verifier for RsaPublicKey { fn verify(&self, message: &[u8], signature: &Signature) -> signature::Result<()> { From 4954f629ea86e14ed51a7c34494deb4b499ad7bb Mon Sep 17 00:00:00 2001 From: Eugene Date: Fri, 3 Jan 2025 18:37:58 +0100 Subject: [PATCH 2/4] fixed rsa-sha1 signature --- ssh-key/src/signature.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssh-key/src/signature.rs b/ssh-key/src/signature.rs index 4f851f6..ead0836 100644 --- a/ssh-key/src/signature.rs +++ b/ssh-key/src/signature.rs @@ -681,7 +681,7 @@ impl Signer for (&RsaKeypair, Option) { Ok(Signature { algorithm: Algorithm::Rsa { - hash: Some(HashAlg::Sha512), + hash: self.1, }, data: data.to_vec(), }) From 80418dcba3624b9bb1b06d897fb33ee60a1d3e78 Mon Sep 17 00:00:00 2001 From: Eugene Date: Mon, 6 Jan 2025 02:40:56 +0100 Subject: [PATCH 3/4] fmt --- ssh-key/src/signature.rs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ssh-key/src/signature.rs b/ssh-key/src/signature.rs index ead0836..594886a 100644 --- a/ssh-key/src/signature.rs +++ b/ssh-key/src/signature.rs @@ -680,9 +680,7 @@ impl Signer for (&RsaKeypair, Option) { .map_err(|_| signature::Error::new())?; Ok(Signature { - algorithm: Algorithm::Rsa { - hash: self.1, - }, + algorithm: Algorithm::Rsa { hash: self.1 }, data: data.to_vec(), }) } From dcf47c98d314dacacc991d87efcb08b83e7384ce Mon Sep 17 00:00:00 2001 From: Eugene Date: Thu, 27 Mar 2025 23:41:18 +0100 Subject: [PATCH 4/4] promote sha1 to a feature --- ssh-key/src/signature.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh-key/src/signature.rs b/ssh-key/src/signature.rs index 594886a..a55c081 100644 --- a/ssh-key/src/signature.rs +++ b/ssh-key/src/signature.rs @@ -672,9 +672,9 @@ impl Signer for (&RsaKeypair, Option) { Some(HashAlg::Sha256) => { rsa::pkcs1v15::SigningKey::::try_from(self.0)?.try_sign(message) } - #[cfg(feature = "rsa-sha1")] + #[cfg(all(feature = "rsa", feature = "sha1"))] None => rsa::pkcs1v15::SigningKey::::try_from(self.0)?.try_sign(message), - #[cfg(not(feature = "rsa-sha1"))] + #[cfg(not(all(feature = "rsa", feature = "sha1")))] None => return Err(Algorithm::Rsa { hash: None }.unsupported_error().into()), } .map_err(|_| signature::Error::new())?;