9494#define SSH_AGENT_CONSTRAIN_LIFETIME 1
9595#define SSH_AGENT_CONSTRAIN_CONFIRM 2
9696
97+ /* Signature request methods */
98+ #define SSH_AGENT_RSA_SHA2_256 2
99+ #define SSH_AGENT_RSA_SHA2_512 4
100+
97101#ifdef PF_UNIX
98102static int
99103agent_connect_unix (LIBSSH2_AGENT * agent )
@@ -375,6 +379,8 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
375379 ssize_t method_len ;
376380 unsigned char * s ;
377381 int rc ;
382+ unsigned char * method_name ;
383+ uint32_t sign_flags = 0 ;
378384
379385 /* Create a request to sign the data */
380386 if (transctx -> state == agent_NB_state_init ) {
@@ -391,7 +397,18 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
391397 _libssh2_store_str (& s , (const char * )data , data_len );
392398
393399 /* flags */
394- _libssh2_store_u32 (& s , 0 );
400+ if (session -> userauth_pblc_method_len > 0 &&
401+ session -> userauth_pblc_method ) {
402+ if (session -> userauth_pblc_method_len == 12 &&
403+ !memcmp (session -> userauth_pblc_method , "rsa-sha2-512" , 12 )) {
404+ sign_flags = SSH_AGENT_RSA_SHA2_512 ;
405+ }
406+ else if (session -> userauth_pblc_method_len == 12 &&
407+ !memcmp (session -> userauth_pblc_method , "rsa-sha2-256" , 12 )) {
408+ sign_flags = SSH_AGENT_RSA_SHA2_256 ;
409+ }
410+ }
411+ _libssh2_store_u32 (& s , sign_flags );
395412
396413 transctx -> request_len = s - transctx -> request ;
397414 transctx -> send_recv_total = 0 ;
@@ -449,8 +466,38 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
449466 rc = LIBSSH2_ERROR_AGENT_PROTOCOL ;
450467 goto error ;
451468 }
469+
470+ /* method name */
471+ method_name = LIBSSH2_ALLOC (session , method_len );
472+ if (!method_name ) {
473+ rc = LIBSSH2_ERROR_ALLOC ;
474+ goto error ;
475+ }
476+ memcpy (method_name , s , method_len );
452477 s += method_len ;
453478
479+ /* check to see if we match requested */
480+ if ((size_t )method_len == session -> userauth_pblc_method_len ) {
481+ if (memcmp (method_name , session -> userauth_pblc_method , method_len )) {
482+ _libssh2_debug (session ,
483+ LIBSSH2_TRACE_KEX ,
484+ "Agent sign method %.*s" ,
485+ method_len , method_name );
486+
487+ rc = LIBSSH2_ERROR_ALGO_UNSUPPORTED ;
488+ goto error ;
489+ }
490+ }
491+ else {
492+ _libssh2_debug (session ,
493+ LIBSSH2_TRACE_KEX ,
494+ "Agent sign method %.*s" ,
495+ method_len , method_name );
496+
497+ rc = LIBSSH2_ERROR_ALGO_UNSUPPORTED ;
498+ goto error ;
499+ }
500+
454501 /* Read the signature */
455502 len -= 4 ;
456503 if (len < 0 ) {
@@ -479,6 +526,8 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
479526 LIBSSH2_FREE (session , transctx -> response );
480527 transctx -> response = NULL ;
481528
529+ transctx -> state = agent_NB_state_init ;
530+
482531 return _libssh2_error (session , rc , "agent sign failure" );
483532}
484533
0 commit comments