SSH2: rsa-sha2-256 and rsa-sha2-512 sigs weren't verifying

This commit is contained in:
terrafrost 2022-01-27 05:51:06 -06:00
parent 7c000843ab
commit decbde4f5d

View File

@ -4968,12 +4968,10 @@ class SSH2
case 'ssh-rsa': case 'ssh-rsa':
case 'rsa-sha2-256': case 'rsa-sha2-256':
case 'rsa-sha2-512': case 'rsa-sha2-512':
if (strlen($signature) < 15) { // could be ssh-rsa, rsa-sha2-256, rsa-sha2-512
return false; // we don't check here because we already checked in key_exchange
} // some signatures have the type embedded within the message and some don't
Strings::shift($signature, 11); Strings::unpackSSH2('s', $signature);
$temp = unpack('Nlength', Strings::shift($signature, 4));
$signature = Strings::shift($signature, $temp['length']);
$key = RSA::loadFormat('OpenSSH', $server_public_host_key) $key = RSA::loadFormat('OpenSSH', $server_public_host_key)
->withPadding(RSA::SIGNATURE_PKCS1); ->withPadding(RSA::SIGNATURE_PKCS1);