diff --git a/agentfwd.h b/agentfwd.h index eb12d7a..d913aea 100644 --- a/agentfwd.h +++ b/agentfwd.h @@ -32,6 +32,9 @@ #if DROPBEAR_CLI_AGENTFWD +/* From OpenSSH authfd.h */ +#define SSH_AGENT_RSA_SHA2_256 0x02 + /* An agent reply can be reasonably large, as it can * contain a list of all public keys held by the agent. * 10000 is arbitrary */ @@ -40,7 +43,7 @@ /* client functions */ void cli_load_agent_keys(m_list * ret_list); void agent_buf_sign(buffer *sigblob, sign_key *key, - const buffer *data_buf); + const buffer *data_buf, enum signature_type type); void cli_setup_agent(const struct Channel *channel); #ifdef __hpux diff --git a/cli-agentfwd.c b/cli-agentfwd.c index 2821f62..00454dc 100644 --- a/cli-agentfwd.c +++ b/cli-agentfwd.c @@ -255,11 +255,12 @@ void cli_load_agent_keys(m_list *ret_list) { } void agent_buf_sign(buffer *sigblob, sign_key *key, - const buffer *data_buf) { + const buffer *data_buf, enum signature_type sigtype) { buffer *request_data = NULL; buffer *response = NULL; unsigned int siglen; int packet_type; + int flags = 0; /* Request format byte SSH2_AGENTC_SIGN_REQUEST @@ -271,7 +272,12 @@ void agent_buf_sign(buffer *sigblob, sign_key *key, buf_put_pub_key(request_data, key, key->type); buf_putbufstring(request_data, data_buf); - buf_putint(request_data, 0); +#if DROPBEAR_RSA_SHA256 + if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) { + flags |= SSH_AGENT_RSA_SHA2_256; + } +#endif + buf_putint(request_data, flags); response = agent_request(SSH2_AGENTC_SIGN_REQUEST, request_data); diff --git a/cli-authpubkey.c b/cli-authpubkey.c index 49f79c3..fef0f27 100644 --- a/cli-authpubkey.c +++ b/cli-authpubkey.c @@ -130,7 +130,7 @@ static void cli_buf_put_sign(buffer* buf, sign_key *key, enum signature_type sig /* Format the agent signature ourselves, as buf_put_sign would. */ buffer *sigblob; sigblob = buf_new(MAX_PUBKEY_SIZE); - agent_buf_sign(sigblob, key, data_buf); + agent_buf_sign(sigblob, key, data_buf, sigtype); buf_putbufstring(buf, sigblob); buf_free(sigblob); } else