コミット
10fde50588
|
@ -5,6 +5,7 @@ import (
|
|||
"crypto/ecdsa"
|
||||
"crypto/hmac"
|
||||
"crypto/rsa"
|
||||
"crypto/sha1"
|
||||
"crypto/sha256"
|
||||
"crypto/sha512"
|
||||
"crypto/subtle" // Use should trigger great care
|
||||
|
@ -27,6 +28,7 @@ import (
|
|||
const (
|
||||
hmacPrefix = "hmac"
|
||||
rsaPrefix = "rsa"
|
||||
sshPrefix = "ssh"
|
||||
ecdsaPrefix = "ecdsa"
|
||||
ed25519Prefix = "ed25519"
|
||||
md4String = "md4"
|
||||
|
@ -66,9 +68,10 @@ var hashToDef = map[crypto.Hash]struct {
|
|||
// http://www.iana.org/assignments/signature-algorithms
|
||||
//
|
||||
// Note that the forbidden hashes have an invalid 'new' function.
|
||||
crypto.MD4: {md4String, func(key []byte) (hash.Hash, error) { return nil, nil }},
|
||||
crypto.MD5: {md5String, func(key []byte) (hash.Hash, error) { return nil, nil }},
|
||||
crypto.SHA1: {sha1String, func(key []byte) (hash.Hash, error) { return nil, nil }},
|
||||
crypto.MD4: {md4String, func(key []byte) (hash.Hash, error) { return nil, nil }},
|
||||
crypto.MD5: {md5String, func(key []byte) (hash.Hash, error) { return nil, nil }},
|
||||
// Temporarily enable SHA1 because of issue https://github.com/golang/go/issues/37278
|
||||
crypto.SHA1: {sha1String, func(key []byte) (hash.Hash, error) { return sha1.New(), nil }},
|
||||
crypto.SHA224: {sha224String, func(key []byte) (hash.Hash, error) { return sha256.New224(), nil }},
|
||||
crypto.SHA256: {sha256String, func(key []byte) (hash.Hash, error) { return sha256.New(), nil }},
|
||||
crypto.SHA384: {sha384String, func(key []byte) (hash.Hash, error) { return sha512.New384(), nil }},
|
||||
|
@ -115,8 +118,6 @@ func isForbiddenHash(h crypto.Hash) bool {
|
|||
fallthrough
|
||||
case crypto.MD5:
|
||||
fallthrough
|
||||
case crypto.SHA1:
|
||||
fallthrough
|
||||
case crypto.MD5SHA1: // shorthand for crypto/tls, not actually implemented
|
||||
return true
|
||||
}
|
||||
|
@ -175,7 +176,8 @@ var _ signer = &rsaAlgorithm{}
|
|||
|
||||
type rsaAlgorithm struct {
|
||||
hash.Hash
|
||||
kind crypto.Hash
|
||||
kind crypto.Hash
|
||||
sshSigner ssh.Signer
|
||||
}
|
||||
|
||||
func (r *rsaAlgorithm) setSig(b []byte) error {
|
||||
|
@ -191,7 +193,16 @@ func (r *rsaAlgorithm) setSig(b []byte) error {
|
|||
}
|
||||
|
||||
func (r *rsaAlgorithm) Sign(rand io.Reader, p crypto.PrivateKey, sig []byte) ([]byte, error) {
|
||||
if r.sshSigner != nil {
|
||||
sshsig, err := r.sshSigner.Sign(rand, sig)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return sshsig.Blob, nil
|
||||
}
|
||||
defer r.Reset()
|
||||
|
||||
if err := r.setSig(sig); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -430,12 +441,18 @@ func newAlgorithm(algo string, key []byte) (hash.Hash, crypto.Hash, error) {
|
|||
}
|
||||
|
||||
func signerFromSSHSigner(sshSigner ssh.Signer, s string) (signer, error) {
|
||||
if !strings.HasPrefix(s, ed25519Prefix) {
|
||||
switch {
|
||||
case strings.HasPrefix(s, rsaPrefix):
|
||||
return &rsaAlgorithm{
|
||||
sshSigner: sshSigner,
|
||||
}, nil
|
||||
case strings.HasPrefix(s, ed25519Prefix):
|
||||
return &ed25519Algorithm{
|
||||
sshSigner: sshSigner,
|
||||
}, nil
|
||||
default:
|
||||
return nil, fmt.Errorf("no signer matching %q", s)
|
||||
}
|
||||
return &ed25519Algorithm{
|
||||
sshSigner: sshSigner,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// signerFromString is an internally public method constructor
|
||||
|
|
|
@ -42,6 +42,7 @@ const (
|
|||
BLAKE2B_384 Algorithm = blake2b_384String
|
||||
BLAKE2B_512 Algorithm = blake2b_512String
|
||||
// RSA-based algorithms.
|
||||
RSA_SHA1 Algorithm = rsaPrefix + "-" + sha1String
|
||||
RSA_SHA224 Algorithm = rsaPrefix + "-" + sha224String
|
||||
// RSA_SHA256 is the default algorithm.
|
||||
RSA_SHA256 Algorithm = rsaPrefix + "-" + sha256String
|
||||
|
@ -229,8 +230,10 @@ func NewSSHSigner(s ssh.Signer, dAlgo DigestAlgorithm, headers []string, scheme
|
|||
|
||||
func getSSHAlgorithm(pkType string) Algorithm {
|
||||
switch pkType {
|
||||
case "ssh-ed25519":
|
||||
case sshPrefix + "-" + ed25519Prefix:
|
||||
return ED25519
|
||||
case sshPrefix + "-" + rsaPrefix:
|
||||
return RSA_SHA1
|
||||
}
|
||||
|
||||
return ""
|
||||
|
|
読み込み中…
新しいイシューから参照