-
-
Notifications
You must be signed in to change notification settings - Fork 939
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for RSA SHA-2 public key algorithms #1177
Conversation
@Rob-Hague I've pushed some changes to this PR. Can you review this? |
Thanks! I should have paid more attention to |
Thanks to removing PubkeyAcceptedAlgorithms from the config file we know that SSH.NET supports the latest version of OpenSSH without any hack (configuration). |
@@ -14,13 +13,23 @@ public class RsaDigitalSignature : CipherDigitalSignature, IDisposable | |||
private HashAlgorithm _hash; | |||
|
|||
/// <summary> | |||
/// Initializes a new instance of the <see cref="RsaDigitalSignature"/> class. | |||
/// Initializes a new instance of the <see cref="RsaDigitalSignature"/> class with the SHA-1 hash algorithm. | |||
/// </summary> | |||
/// <param name="rsaKey">The RSA key.</param> | |||
public RsaDigitalSignature(RsaKey rsaKey) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about adding [Obsolete("Comment")]
and using always new constructor?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not think it is necessary here
(but I don't mind)
It looks that everything is ready. I have to look over |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work! Without you, we definitely wouldn't have rsa-sha-256 and rsa-sha-512 in this release. I'm merging this PR as is, but I will change the approach for IHostAlgorithmsProvide
in the next PR. I've done many tests and experiments and it turned out that this was not the best approach.
Awesome. Your approach to |
When are you thinking to release? |
This week or next. |
@WojciechNagorski I am very grateful about this release :) It will help us a lot. Thank you! |
Can you step through What are the algorithms returned in edit: your key path also says ed25519. Are you sure this is related to rsa? |
Your key is an ed25519 so I would suggest that it is not related to this PR. Would you mind opening another issue and pasting the result of ssh console command with "-v" (verbose) argument? |
Do you have any update to share on the delivery timeline please ? |
@YohanSciubukgian If it doesn't work out this week, I'll do it at the beginning of next week, regardless of the thing I'm waiting for. |
* Assets/logos (#782) * Added logo assets * Added PNG 1260x640 with white border Co-authored-by: 103filgualan <f.gualandi@crif.com> * OPENSSH KeyReader for more keys (#614) * OPENSSH KeyReader for more keys Add support to parse OpenSSH Keys with ECDSA 256/384/521 and RSA. https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key Change-Id: Iaa9cce0f2522e5fee377a82cb252f81f0b7cc563 * Fix ED25519Key KeyLength * Fix ED25519 PubKey-auth LeadingZeros of BigInteger-Conversion have to be removed before sending the Key. * Add interface to SftpFile #120 (#812) * Create ISftpFile interface. SftpFile sealed. Return ISftpFile from SftpClient instead of SftpFile. Make ISftpClient interface disposable. Co-authored-by: Wojciech Swieboda <wswieboda@chathamfinancial.com> * Start MessageListener with ThreadAbstraction.ExecuteThreadLongRunning (#902) * Fix Thread pool exhaustion due to MessageListener running on ThreadPool * Mark long running thread as background * Add async support to SftpClient and SftpFileStream (#819) * Add FEATURE_TAP and net472 target * Add TAP async support to SftpClient and SftpFileStream * Add async support to DnsAbstraction and SocketAbstraction * Add async support to *Connector and refactor the hierarchy * Add ConnectAsync to BaseClient * Add CODEOWNERS file. * Fix virus false-positive by Defender on Renci.SSHNet.Tests.dll (#867) Co-authored-by: Pedro Fonseca <pfonseca@qti.qualcomm.com> * Add unit tests for task-based asynchronous API (#906) * Fix runtime and culture dependant tests. * Set C# 7.3 in Tests.csproj to limit intellisense's suggestions under different targets * Add SftpClientTest.*Async * Add SftpFileStreamTest_OpenAsync_* * Add SftpFileStreamTest_WriteAsync_* * Add SftpFileStreamTest_ReadAsync_* * Align AppVeyor script with Test project target frameworks * correct 'Documenation' to 'Documentation' (#838) in the documentation's window title * Agent auth and Keygen (#794) * Allow to set PrivateKeyFile Key directly So you can add your own Key-Classes to SSH.NET * Add ED25519 ctor for just pub key part. * Make ECDSA Key Bits accessible You cant export imported CngKeys. To be able to export them to agent or Key-Files make the private bits also accessible. * Better NETFRAMEWORK vs NETSTANDARD handling * Add Comment Property to Key * Add IPrivateKeySource So Extension can add own PrivateKeyFiles, e.g. PuttyKeyFile. * Use cryptographically secure random number generator. Fixes CVE-2022-29245. * Remove unused import. * Add IBaseClient for BaseClient and ISftpClient to inherit from (#975) Add IBaseClient for BaseClient and ISftpClient to inherit from * fix typo (#999) * Fix Seek Operations in SftpFileStream (#910) * Fix offset operations in SftpFileStream.Seek * Fix seek exception message and add default case for invalid seek origin * Use named params when throwing ArgumentException * Add tests for seeking from end of file * Add back copyright to license. (#1060) Fixes #1059. * Removing old target frameworks (#1109) Remove support for legacy / deprecated target frameworks while adding support for .NET 6.0 (and higher). The supported target frameworks are now: * .NETFramework 4.6.2 (and higher) * .NET Standard 2.0 * .NET 6.0 (and higher) * Remove old features [Part 1] (#1117) Remove obsolete feature switches (now that we've remove support for legacy target frameworks) and remove corresponding conditional code. * Remove FEATURE_DIRECTORYINFO_ENUMERATEFILES (#1119) * Remove FEATURE_DIRECTORYINFO_ENUMERATEFILES * Add exception documentation * Fix some (lots of) issues reported by analyzers. (#1125) Fix some (lots of) issues reported by analyzers. * Round 2 of analyzer fixes and general cleanup. (#1132) * Analyzer fixes round 3. (#1135) * Replace Array<T>.Empty with Array.Empty<T>() (#1137) * Replace IsNullOrWhiteSpace extension (#1142) * Use License Expression for NuGet Package licenseUrl is deprecated, see NuGet/Announcements#32 * Integration tests * Remove todos * Update CODEOWNERS * Use correct SSH.NET * ListDirectoryAsync return IAsyncEnumerable (#1126) * ListDirectoryAsync return IAsyncEnumerable * Fix documentation * Update README.md * Fix * Add Sftp ListDirectoryAsync test * Revert * Integration tests for ListDirectoryAsync with IAsyncEnumerable * Fix the assembly resolution build warning (#1165) * Delete performance/longrunning tests (#1143) Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Move Integration tests (#1173) * Renci.SshNet.IntegrationTests * Renci.SshNet.TestTools.OpenSSH * Move integration tests to main repo * Move old tests to new integration tests * Move old integration tests to new integration tests * Move more tests * Move authentication tests * Move SshClientTests * Fix some tests * Remove duplicated test * Poc of ProcessDisruptor * Rename * Some fixes * Remove performance tests * Small improvements * Add a benchmarks project (#1151) * Add a benchmarks project * Small improvements --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Use ExceptionDispatchInfo to retain call stack in Session.WaitOnHandle() (#936) * Use ExceptionDispatchInfo to retain call stack in Session.WaitOnHandle() * merge * Update src/Renci.SshNet/Session.cs Co-authored-by: Rob Hague <rob.hague00@gmail.com> --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> Co-authored-by: Rob Hague <rob.hague00@gmail.com> * Support SHA256 fingerprints for host key validation (#1098) * Add tests for HostKeyEventArgs * Add SHA256 fingerprint support * Add support for RSA SHA-2 public key algorithms (#1177) * Abstract out the hash algorithm from RsaDigitalSignature * Add integration tests * Add DigitalSignature property to KeyHostAlgorithm * Add IHostAlgorithmsProvider interface * Verify the host signature * Fix HostKeyEventArgsTest after merge * Remove PubkeyAcceptedAlgorithms ssh-rsa * Add test coverage for RSA keys in PrivateKeyFile * Obsolete IPrivateKeySource --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Improvements after #1177 (#1180) * Use ExceptionDispatchInfo in more places (#1182) Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Try to "fix" the flaky test (#1185) * Enable DSA tests (#1181) Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * FingerPrints (#1186) * Use OS-agnostic socket error codes to allow tests run on different OSes (#1179) SocketErrorCode is OS agnostic, ErrorCode is OS specific. On Windows ErrorCode = (int) SocketErrorCode, but on Mac and Unix it is not. For example ExitCode for HostNotFound (11001) on Windows is 11001, on Mac & Unix is -131073. So testing for ExitCode == 11001 fails on Mac & Unix. Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Fix for channel session semaphore from thread blocking (#1071) * Merging fix from @clivetong into our own SSH.NET fork - The following article describes some of the issues with the double check lock that we have seen issues with: https://www.sudhanshutheone.com/posts/double-check-lock-csharp * Merging fix from @clivetong into our own SSH.NET fork - The following article describes some of the issues with the double check lock that we have seen issues with: https://www.sudhanshutheone.com/posts/double-check-lock-csharp * Update Channel to fix AppVeyor failure (field should be readonly) * Update ISftpClient for #120 (#1193) * Implement set last write and access time (#1194) * Add/migrate hmac+cipher integration tests (#1189) * Add/migrate hmac+cipher integration tests * fix integration tests --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Update tests for SetLastAccessTime(Utc) to also verify the time component and the Kind of the DateTime value returned by GetLastAccessTime(Utc). (#1198) --------- Co-authored-by: Filippo Gualandi <filippo.gualandi@gmail.com> Co-authored-by: 103filgualan <f.gualandi@crif.com> Co-authored-by: Stefan Rinkes <darinkes@users.noreply.github.com> Co-authored-by: wxtsxt <wojciech.swieboda@gmail.com> Co-authored-by: Wojciech Swieboda <wswieboda@chathamfinancial.com> Co-authored-by: Igor Milavec <igor.milavec@gmail.com> Co-authored-by: drieseng <gert.driesen@telenet.be> Co-authored-by: Pedro Fonseca <pbfonseca@gmail.com> Co-authored-by: Pedro Fonseca <pfonseca@qti.qualcomm.com> Co-authored-by: Maximiliano Jabase <maxijabase@gmail.com> Co-authored-by: Owen Krueger <37021716+Owen-Krueger@users.noreply.github.com> Co-authored-by: Masuri <psh0258@gmail.com> Co-authored-by: LemonPi314 <49930425+LemonPi314@users.noreply.github.com> Co-authored-by: Gert Driesen <gertdriesen@msn.com> Co-authored-by: Rob Hague <rob.hague00@gmail.com> Co-authored-by: Rob Hague <rh@johnstreetcapital.com> Co-authored-by: Marius Thesing <marius.thesing@gmail.com> Co-authored-by: Dāvis Mošenkovs <davikovs@gmail.com> Co-authored-by: Dmitry Tsarevich <dimhotepus@users.noreply.github.com> Co-authored-by: Patrick Yates <114094360+patrick-yates-redgate@users.noreply.github.com>
* Release 2023.0.0 (#1201) * Assets/logos (#782) * Added logo assets * Added PNG 1260x640 with white border Co-authored-by: 103filgualan <f.gualandi@crif.com> * OPENSSH KeyReader for more keys (#614) * OPENSSH KeyReader for more keys Add support to parse OpenSSH Keys with ECDSA 256/384/521 and RSA. https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key Change-Id: Iaa9cce0f2522e5fee377a82cb252f81f0b7cc563 * Fix ED25519Key KeyLength * Fix ED25519 PubKey-auth LeadingZeros of BigInteger-Conversion have to be removed before sending the Key. * Add interface to SftpFile #120 (#812) * Create ISftpFile interface. SftpFile sealed. Return ISftpFile from SftpClient instead of SftpFile. Make ISftpClient interface disposable. Co-authored-by: Wojciech Swieboda <wswieboda@chathamfinancial.com> * Start MessageListener with ThreadAbstraction.ExecuteThreadLongRunning (#902) * Fix Thread pool exhaustion due to MessageListener running on ThreadPool * Mark long running thread as background * Add async support to SftpClient and SftpFileStream (#819) * Add FEATURE_TAP and net472 target * Add TAP async support to SftpClient and SftpFileStream * Add async support to DnsAbstraction and SocketAbstraction * Add async support to *Connector and refactor the hierarchy * Add ConnectAsync to BaseClient * Add CODEOWNERS file. * Fix virus false-positive by Defender on Renci.SSHNet.Tests.dll (#867) Co-authored-by: Pedro Fonseca <pfonseca@qti.qualcomm.com> * Add unit tests for task-based asynchronous API (#906) * Fix runtime and culture dependant tests. * Set C# 7.3 in Tests.csproj to limit intellisense's suggestions under different targets * Add SftpClientTest.*Async * Add SftpFileStreamTest_OpenAsync_* * Add SftpFileStreamTest_WriteAsync_* * Add SftpFileStreamTest_ReadAsync_* * Align AppVeyor script with Test project target frameworks * correct 'Documenation' to 'Documentation' (#838) in the documentation's window title * Agent auth and Keygen (#794) * Allow to set PrivateKeyFile Key directly So you can add your own Key-Classes to SSH.NET * Add ED25519 ctor for just pub key part. * Make ECDSA Key Bits accessible You cant export imported CngKeys. To be able to export them to agent or Key-Files make the private bits also accessible. * Better NETFRAMEWORK vs NETSTANDARD handling * Add Comment Property to Key * Add IPrivateKeySource So Extension can add own PrivateKeyFiles, e.g. PuttyKeyFile. * Use cryptographically secure random number generator. Fixes CVE-2022-29245. * Remove unused import. * Add IBaseClient for BaseClient and ISftpClient to inherit from (#975) Add IBaseClient for BaseClient and ISftpClient to inherit from * fix typo (#999) * Fix Seek Operations in SftpFileStream (#910) * Fix offset operations in SftpFileStream.Seek * Fix seek exception message and add default case for invalid seek origin * Use named params when throwing ArgumentException * Add tests for seeking from end of file * Add back copyright to license. (#1060) Fixes #1059. * Removing old target frameworks (#1109) Remove support for legacy / deprecated target frameworks while adding support for .NET 6.0 (and higher). The supported target frameworks are now: * .NETFramework 4.6.2 (and higher) * .NET Standard 2.0 * .NET 6.0 (and higher) * Remove old features [Part 1] (#1117) Remove obsolete feature switches (now that we've remove support for legacy target frameworks) and remove corresponding conditional code. * Remove FEATURE_DIRECTORYINFO_ENUMERATEFILES (#1119) * Remove FEATURE_DIRECTORYINFO_ENUMERATEFILES * Add exception documentation * Fix some (lots of) issues reported by analyzers. (#1125) Fix some (lots of) issues reported by analyzers. * Round 2 of analyzer fixes and general cleanup. (#1132) * Analyzer fixes round 3. (#1135) * Replace Array<T>.Empty with Array.Empty<T>() (#1137) * Replace IsNullOrWhiteSpace extension (#1142) * Use License Expression for NuGet Package licenseUrl is deprecated, see NuGet/Announcements#32 * Integration tests * Remove todos * Update CODEOWNERS * Use correct SSH.NET * ListDirectoryAsync return IAsyncEnumerable (#1126) * ListDirectoryAsync return IAsyncEnumerable * Fix documentation * Update README.md * Fix * Add Sftp ListDirectoryAsync test * Revert * Integration tests for ListDirectoryAsync with IAsyncEnumerable * Fix the assembly resolution build warning (#1165) * Delete performance/longrunning tests (#1143) Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Move Integration tests (#1173) * Renci.SshNet.IntegrationTests * Renci.SshNet.TestTools.OpenSSH * Move integration tests to main repo * Move old tests to new integration tests * Move old integration tests to new integration tests * Move more tests * Move authentication tests * Move SshClientTests * Fix some tests * Remove duplicated test * Poc of ProcessDisruptor * Rename * Some fixes * Remove performance tests * Small improvements * Add a benchmarks project (#1151) * Add a benchmarks project * Small improvements --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Use ExceptionDispatchInfo to retain call stack in Session.WaitOnHandle() (#936) * Use ExceptionDispatchInfo to retain call stack in Session.WaitOnHandle() * merge * Update src/Renci.SshNet/Session.cs Co-authored-by: Rob Hague <rob.hague00@gmail.com> --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> Co-authored-by: Rob Hague <rob.hague00@gmail.com> * Support SHA256 fingerprints for host key validation (#1098) * Add tests for HostKeyEventArgs * Add SHA256 fingerprint support * Add support for RSA SHA-2 public key algorithms (#1177) * Abstract out the hash algorithm from RsaDigitalSignature * Add integration tests * Add DigitalSignature property to KeyHostAlgorithm * Add IHostAlgorithmsProvider interface * Verify the host signature * Fix HostKeyEventArgsTest after merge * Remove PubkeyAcceptedAlgorithms ssh-rsa * Add test coverage for RSA keys in PrivateKeyFile * Obsolete IPrivateKeySource --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Improvements after #1177 (#1180) * Use ExceptionDispatchInfo in more places (#1182) Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Try to "fix" the flaky test (#1185) * Enable DSA tests (#1181) Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * FingerPrints (#1186) * Use OS-agnostic socket error codes to allow tests run on different OSes (#1179) SocketErrorCode is OS agnostic, ErrorCode is OS specific. On Windows ErrorCode = (int) SocketErrorCode, but on Mac and Unix it is not. For example ExitCode for HostNotFound (11001) on Windows is 11001, on Mac & Unix is -131073. So testing for ExitCode == 11001 fails on Mac & Unix. Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Fix for channel session semaphore from thread blocking (#1071) * Merging fix from @clivetong into our own SSH.NET fork - The following article describes some of the issues with the double check lock that we have seen issues with: https://www.sudhanshutheone.com/posts/double-check-lock-csharp * Merging fix from @clivetong into our own SSH.NET fork - The following article describes some of the issues with the double check lock that we have seen issues with: https://www.sudhanshutheone.com/posts/double-check-lock-csharp * Update Channel to fix AppVeyor failure (field should be readonly) * Update ISftpClient for #120 (#1193) * Implement set last write and access time (#1194) * Add/migrate hmac+cipher integration tests (#1189) * Add/migrate hmac+cipher integration tests * fix integration tests --------- Co-authored-by: Wojciech Nagórski <wojtpl2@gmail.com> * Update tests for SetLastAccessTime(Utc) to also verify the time component and the Kind of the DateTime value returned by GetLastAccessTime(Utc). (#1198) --------- Co-authored-by: Filippo Gualandi <filippo.gualandi@gmail.com> Co-authored-by: 103filgualan <f.gualandi@crif.com> Co-authored-by: Stefan Rinkes <darinkes@users.noreply.github.com> Co-authored-by: wxtsxt <wojciech.swieboda@gmail.com> Co-authored-by: Wojciech Swieboda <wswieboda@chathamfinancial.com> Co-authored-by: Igor Milavec <igor.milavec@gmail.com> Co-authored-by: drieseng <gert.driesen@telenet.be> Co-authored-by: Pedro Fonseca <pbfonseca@gmail.com> Co-authored-by: Pedro Fonseca <pfonseca@qti.qualcomm.com> Co-authored-by: Maximiliano Jabase <maxijabase@gmail.com> Co-authored-by: Owen Krueger <37021716+Owen-Krueger@users.noreply.github.com> Co-authored-by: Masuri <psh0258@gmail.com> Co-authored-by: LemonPi314 <49930425+LemonPi314@users.noreply.github.com> Co-authored-by: Gert Driesen <gertdriesen@msn.com> Co-authored-by: Rob Hague <rob.hague00@gmail.com> Co-authored-by: Rob Hague <rh@johnstreetcapital.com> Co-authored-by: Marius Thesing <marius.thesing@gmail.com> Co-authored-by: Dāvis Mošenkovs <davikovs@gmail.com> Co-authored-by: Dmitry Tsarevich <dimhotepus@users.noreply.github.com> Co-authored-by: Patrick Yates <114094360+patrick-yates-redgate@users.noreply.github.com> * Remove code examples --------- Co-authored-by: Filippo Gualandi <filippo.gualandi@gmail.com> Co-authored-by: 103filgualan <f.gualandi@crif.com> Co-authored-by: Stefan Rinkes <darinkes@users.noreply.github.com> Co-authored-by: wxtsxt <wojciech.swieboda@gmail.com> Co-authored-by: Wojciech Swieboda <wswieboda@chathamfinancial.com> Co-authored-by: Igor Milavec <igor.milavec@gmail.com> Co-authored-by: drieseng <gert.driesen@telenet.be> Co-authored-by: Pedro Fonseca <pbfonseca@gmail.com> Co-authored-by: Pedro Fonseca <pfonseca@qti.qualcomm.com> Co-authored-by: Maximiliano Jabase <maxijabase@gmail.com> Co-authored-by: Owen Krueger <37021716+Owen-Krueger@users.noreply.github.com> Co-authored-by: Masuri <psh0258@gmail.com> Co-authored-by: LemonPi314 <49930425+LemonPi314@users.noreply.github.com> Co-authored-by: Gert Driesen <gertdriesen@msn.com> Co-authored-by: Rob Hague <rob.hague00@gmail.com> Co-authored-by: Rob Hague <rh@johnstreetcapital.com> Co-authored-by: Marius Thesing <marius.thesing@gmail.com> Co-authored-by: Dāvis Mošenkovs <davikovs@gmail.com> Co-authored-by: Dmitry Tsarevich <dimhotepus@users.noreply.github.com> Co-authored-by: Patrick Yates <114094360+patrick-yates-redgate@users.noreply.github.com>
See #1174 and RFC 8332 for details.
closes #1174
closes #1145
closes #1116
closes #1105
closes #956
closes #825
It may also close the following:
#1141
#1025
#1003
#858
#845