From 104d797096e966e91f777959d7cc5d8831c1a942 Mon Sep 17 00:00:00 2001
From: "Artyom V. Poptsov" <poptsov.artyom@gmail.com>
Date: Sun, 15 Sep 2019 21:03:07 +0300
Subject: [PATCH] key-type.c: Add new ECDSA key types from libssh 0.9

The Guile-SSH key procedures would fail when libssh 0.9 + openssl is used on
ECDSA keys because it was missing support of new ECDSA key subtypes. This
change fixes the library and the tests.

* libguile-ssh/key-type.c: Add new ECDSA key types from libssh 0.9
* tests/key.scm: Update tests.
* configure.ac: Check for libssh 0.9
---
 configure.ac            |  8 ++++++--
 libguile-ssh/key-type.c | 12 +++++++++++-
 tests/key.scm           | 13 +++++++++----
 3 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index 74271f7..99d35af 100644
--- a/configure.ac
+++ b/configure.ac
@@ -69,7 +69,11 @@ PKG_CHECK_MODULES([LIBSSH_0_8], [libssh >= 0.8.0],
                                 [AC_DEFINE(HAVE_LIBSSH_0_8, 1, [Use libssh 0.8])],
                                 [AC_DEFINE(HAVE_LIBSSH_0_8, 0, [Use libssh < 0.8])])
 
-AM_CONDITIONAL(HAVE_LIBSSH_0_8, $HAVE_LIBSSH_0_8)
+PKG_CHECK_MODULES([LIBSSH_0_9], [libssh >= 0.9.0],
+                                [AC_DEFINE(HAVE_LIBSSH_0_9, 1, [Use libssh 0.9])],
+                                [AC_DEFINE(HAVE_LIBSSH_0_9, 0, [Use libssh < 0.9])])
+
+AM_CONDITIONAL(HAVE_LIBSSH_0_8, $HAVE_LIBSSH_0_8)
 
 # -------------------------------------------------------------------------------
 
diff --git a/libguile-ssh/key-type.c b/libguile-ssh/key-type.c
index ab67ecd..12617ce 100644
--- a/libguile-ssh/key-type.c
+++ b/libguile-ssh/key-type.c
@@ -42,7 +42,17 @@ static const struct symbol_mapping key_types[] = {
   { "dss",     SSH_KEYTYPE_DSS     },
   { "rsa",     SSH_KEYTYPE_RSA     },
   { "rsa1",    SSH_KEYTYPE_RSA1    },
-  { "ecdsa",   SSH_KEYTYPE_ECDSA   },
+  { "ecdsa",   SSH_KEYTYPE_ECDSA   }, /* Deprecated in libssh 0.9 */
+
+#ifdef HAVE_LIBSSH_0_9
+  { "ecdsa-p256",        SSH_KEYTYPE_ECDSA_P256        },
+  { "ecdsa-p384",        SSH_KEYTYPE_ECDSA_P384        },
+  { "ecdsa-p521",        SSH_KEYTYPE_ECDSA_P521        },
+  { "ecdsa-p256-cert01", SSH_KEYTYPE_ECDSA_P256_CERT01 },
+  { "ecdsa-p384-cert01", SSH_KEYTYPE_ECDSA_P384_CERT01 },
+  { "ecdsa-p521-cert01", SSH_KEYTYPE_ECDSA_P521_CERT01 },
+#endif
+
   { "ed25519", SSH_KEYTYPE_ED25519 },
   { "unknown", SSH_KEYTYPE_UNKNOWN },
   { NULL,      -1                  }
diff --git a/tests/key.scm b/tests/key.scm
index c4394b1..be31378 100644
--- a/tests/key.scm
+++ b/tests/key.scm
@@ -89,9 +89,11 @@
 
 (test-assert-with-log "get-key-type"
   (and (eq? 'rsa   (get-key-type *rsa-key*))
-       (eq? 'dss   (get-key-type *dsa-key*))
+       (eq? 'dss   (get-key-type *dsa-key*)) ;))
        (when-openssl
-        (eq? 'ecdsa (get-key-type *ecdsa-key*)))))
+        (or (eq? 'ecdsa-p256 (get-key-type *ecdsa-key*))
+            ;; For libssh versions prior to 0.9
+            (eq? 'ecdsa (get-key-type *ecdsa-key*))))))
 
 
 (test-assert-with-log "private-key-to-file"
@@ -138,7 +140,9 @@
 
 (when-openssl
  (test-equal "string->public-key, ECDSA"
-   (public-key->string (string->public-key %ecdsakey-pub-string 'ecdsa))
+   (if (string=? (cadr (string-split (get-libssh-version) #\.)) "9")
+       (public-key->string (string->public-key %ecdsakey-pub-string 'ecdsa-p256))
+       (public-key->string (string->public-key %ecdsakey-pub-string 'ecdsa)))
    %ecdsakey-pub-string))
 
 (test-assert-with-log "string->public-key, RSA, gc test"
@@ -162,7 +166,8 @@
        (when-openssl
         (let ((key (make-keypair 'ecdsa 256)))
           (and (key? key)
-               (eq? (get-key-type key) 'ecdsa))))))
+               (or (eq? (get-key-type key) 'ecdsa) ; libssh < 0.9
+                   (eq? (get-key-type key) 'ecdsa-p256)))))))
 
 ;;;