|
37 | 37 | /// OpenSSH certificate with RSA public key |
38 | 38 | const CERT_RSA: &str = "[email protected]"; |
39 | 39 |
|
| 40 | +/// OpenSSH certificate with RSA + SHA-256 as described in RFC8332 § 3 |
| 41 | +const CERT_RSA_SHA2_256: &str = "[email protected]"; |
| 42 | + |
| 43 | +/// OpenSSH certificate with RSA + SHA-512 as described in RFC8332 § 3 |
| 44 | +const CERT_RSA_SHA2_512: &str = "[email protected]"; |
| 45 | + |
40 | 46 | /// OpenSSH certificate for ECDSA (NIST P-256) U2F/FIDO security key |
41 | 47 | const CERT_SK_ECDSA_SHA2_P256: &str = "[email protected]"; |
42 | 48 |
|
@@ -176,6 +182,12 @@ impl Algorithm { |
176 | 182 | }), |
177 | 183 | CERT_ED25519 => Ok(Algorithm::Ed25519), |
178 | 184 | CERT_RSA => Ok(Algorithm::Rsa { hash: None }), |
| 185 | + CERT_RSA_SHA2_256 => Ok(Algorithm::Rsa { |
| 186 | + hash: Some(HashAlg::Sha256), |
| 187 | + }), |
| 188 | + CERT_RSA_SHA2_512 => Ok(Algorithm::Rsa { |
| 189 | + hash: Some(HashAlg::Sha512), |
| 190 | + }), |
179 | 191 | CERT_SK_ECDSA_SHA2_P256 => Ok(Algorithm::SkEcdsaSha2NistP256), |
180 | 192 | CERT_SK_SSH_ED25519 => Ok(Algorithm::SkEd25519), |
181 | 193 | #[cfg(feature = "alloc")] |
@@ -224,7 +236,13 @@ impl Algorithm { |
224 | 236 | EcdsaCurve::NistP521 => CERT_ECDSA_SHA2_P521, |
225 | 237 | }, |
226 | 238 | Algorithm::Ed25519 => CERT_ED25519, |
227 | | - Algorithm::Rsa { .. } => CERT_RSA, |
| 239 | + Algorithm::Rsa { hash: None } => CERT_RSA, |
| 240 | + Algorithm::Rsa { |
| 241 | + hash: Some(HashAlg::Sha256), |
| 242 | + } => CERT_RSA_SHA2_256, |
| 243 | + Algorithm::Rsa { |
| 244 | + hash: Some(HashAlg::Sha512), |
| 245 | + } => CERT_RSA_SHA2_512, |
228 | 246 | Algorithm::SkEcdsaSha2NistP256 => CERT_SK_ECDSA_SHA2_P256, |
229 | 247 | Algorithm::SkEd25519 => CERT_SK_SSH_ED25519, |
230 | 248 | Algorithm::Other(algorithm) => return algorithm.certificate_type(), |
|
0 commit comments