4.3 Authentication algorithms
Modules of this type implement signature algorithms that are used during the key-exchange process.
The authentication algorithms can also be involved in the user authentication process, even though the key-exchange process only designate the specific algorithm used to authenticate the server host.
Signature generation and checking primitives are implemented. Companions modules with ability to create, load and save keys using various key formats are provided along.
Signature related declarations can be found in assh/assh_sign.h.
DSA signature [link]
These are implementations of the Digitial Signature Algorithm as specified in [21].
The original rfc4253 only specifies use of 1024 bits DSA keys for ssh2. The last version of the DSA standard [21] specifies larger key sizes, implemented here as extensions. The additional algorithms accept any key size greater than their base key size and reject shorter keys.
ssh-dss (use sha1, 1024 bits key),
dsa2048-sha224@libassh.org (key size >= 2048 bits),
dsa2048-sha256@libassh.org (key size >= 2048 bits),
dsa3072-sha256@libassh.org (key size >= 3072 bits).
RSA signature [link]
These are implementations of the RSA signature algorithm as specified in [21].
The original RSA signature algorithm specified in rfc4253 relies on md5 and sha1 hashes. Additional algorithms using the sha2-256 and the sha2-512 hashes are implemented as proposed in [22].
ssh-rsa,
rsa-sha2-256 (key size >= 2048 bits),
rsa-sha2-512 (key size >= 2048 bits).
The ssh-rsa algorithm was originally designed to accept different signature formats, but some formats are no more accepted by recent implementations due to security concerns. This may yield compatibility issues because the algorithm name has not changed. That's why libassh provides variants of this algorithm. Depending on the variant retained on algorithm registration, lower key sizes and weak hash algorithms will be rejected. Here is the behavior of the provided variants:
generate sha1, accept sha* or md5, accept keys size >= 768 bits,
generate sha1, accept sha*, accept keys size >= 1024 bits,
generate sha1, accept sha*, accept keys size >= 2048 bits,
The retained variant depends of the safety value passed to the assh_algo_register_va function.
In addition to the builtin implementation, an OpenSSL based implementation of ssh-rsa is also provided.
EdDSA signature [link]
These are signature algorithms based on Edward elliptic curve as proposed in [24].
Two additional sets of curve parameters with larger key sizes are proposed as extensions, as described in [19]. Unlike Ed25519 that relies on the sha2-512 hash, the sha3 hash is used for the extensions, as suggested in [24]. Variable output length variants of the sha3 hash are needed here because the output of fixed size hash functions is not large enough for the implemented curves.
ssh-ed25519,
eddsa-e382-shake256@libassh.org,
eddsa-e521-shake256@libassh.org.
In addition to the builtin implementation, a libsodium based implementation of ssh-ed25519 is also provided.