pki: Derive correct algorithm identification for certificate authentication with SHA2 extension

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

src/pki.c

@@ -213,10 +213,8 @@ const char *
 ssh_key_signature_to_char(enum ssh_keytypes_e type,
                           enum ssh_digest_e hash_type)
 {
-    if (type != SSH_KEYTYPE_RSA) {
+    switch (type) {
-        return ssh_key_type_to_char(type);
+    case SSH_KEYTYPE_RSA:
-    }
-
         switch (hash_type) {
         case SSH_DIGEST_SHA256:
             return "rsa-sha2-256";
@@ -228,6 +226,23 @@ ssh_key_signature_to_char(enum ssh_keytypes_e type,
         default:
             return NULL;
         }
+        break;
+    case SSH_KEYTYPE_RSA_CERT01:
+        switch (hash_type) {
+        case SSH_DIGEST_SHA256:
+            return "rsa-sha2-256-cert-v01@openssh.com";
+        case SSH_DIGEST_SHA512:
+            return "rsa-sha2-512-cert-v01@openssh.com";
+        case SSH_DIGEST_SHA1:
+        case SSH_DIGEST_AUTO:
+            return "ssh-rsa-cert-v01@openssh.com";
+        default:
+            return NULL;
+        }
+        break;
+    default:
+        return ssh_key_type_to_char(type);
+    }
 
     /* We should never reach this */
     return NULL;