SFTP: Add support for SHA256withRSA signature

2025-08-30 21:55:10 +00:00 · 2023-10-01 16:24:16 +02:00
parent 44103d3f83
commit a93c66b535
2 changed files with 57 additions and 3 deletions
--- a/src/org/kde/kdeconnect/Plugins/SftpPlugin/SignatureRSASHA256.java
+++ b/src/org/kde/kdeconnect/Plugins/SftpPlugin/SignatureRSASHA256.java
@@ -0,0 +1,40 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Albert Vaca Cintora <albertvaka@gmail.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
+ */
+
+package org.kde.kdeconnect.Plugins.SftpPlugin;
+
+import org.apache.sshd.common.NamedFactory;
+import org.apache.sshd.common.Signature;
+import org.apache.sshd.common.signature.AbstractSignature;
+
+public class SignatureRSASHA256 extends AbstractSignature {
+
+    public static class Factory implements NamedFactory<Signature> {
+
+        public String getName() {
+            return "rsa-sha2-256";
+        }
+
+        public Signature create() {
+            return new SignatureRSASHA256();
+        }
+
+    }
+
+    public SignatureRSASHA256() {
+        super("SHA256withRSA");
+    }
+
+    public byte[] sign() throws Exception {
+        return signature.sign();
+    }
+
+    public boolean verify(byte[] sig) throws Exception {
+        sig = extractSig(sig);
+        return signature.verify(sig);
+    }
+
+}
--- a/src/org/kde/kdeconnect/Plugins/SftpPlugin/SimpleSftpServer.java
+++ b/src/org/kde/kdeconnect/Plugins/SftpPlugin/SimpleSftpServer.java
@@ -13,6 +13,9 @@ import android.util.Log;
 import org.apache.sshd.SshServer;
 import org.apache.sshd.common.file.nativefs.NativeFileSystemFactory;
 import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
+import org.apache.sshd.common.signature.SignatureDSA;
+import org.apache.sshd.common.signature.SignatureECDSA;
+import org.apache.sshd.common.signature.SignatureRSA;
 import org.apache.sshd.common.util.SecurityUtils;
 import org.apache.sshd.server.PasswordAuthenticator;
 import org.apache.sshd.server.PublickeyAuthenticator;
@@ -20,6 +23,7 @@ import org.apache.sshd.server.command.ScpCommandFactory;
 import org.apache.sshd.server.kex.DHG14;
 import org.apache.sshd.server.kex.ECDHP256;
 import org.apache.sshd.server.kex.ECDHP384;
+import org.apache.sshd.server.kex.ECDHP521;
 import org.apache.sshd.server.session.ServerSession;
 import org.apache.sshd.server.sftp.SftpSubsystem;
 import org.kde.kdeconnect.Device;
@@ -62,11 +66,21 @@ class SimpleSftpServer {

    void initialize(Context context, Device device) throws GeneralSecurityException {

+        sshd.setSignatureFactories(Arrays.asList(
+            new SignatureECDSA.NISTP256Factory(),
+            new SignatureECDSA.NISTP384Factory(),
+            new SignatureECDSA.NISTP521Factory(),
+            new SignatureDSA.Factory(),
+            new SignatureRSASHA256.Factory(),
+            new SignatureRSA.Factory() // Insecure SHA1, left for backwards compatibility
+        ));
+
        sshd.setKeyExchangeFactories(Arrays.asList(
-                new ECDHP256.Factory(), // ecdh-sha2-nistp256
-                new ECDHP384.Factory(), // ecdh-sha2-nistp384
+                new ECDHP256.Factory(),  // ecdh-sha2-nistp256
+                new ECDHP384.Factory(),  // ecdh-sha2-nistp384
+                new ECDHP521.Factory(),  // ecdh-sha2-nistp521
                new DHG14_256.Factory(), // diffie-hellman-group14-sha256
-                new DHG14.Factory() // diffie-hellman-group14-sha1. Left for backwards-compatibility.
+                new DHG14.Factory()      // Insecure diffie-hellman-group14-sha1, left for backwards-compatibility.
        ));

        //Reuse this device keys for the ssh connection as well