1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
From 104d797096e966e91f777959d7cc5d8831c1a942 Mon Sep 17 00:00:00 2001
From: "Artyom V. Poptsov" <poptsov.artyom@gmail.com>
Date: Sun, 15 Sep 2019 21:03:07 +0300
Subject: [PATCH] key-type.c: Add new ECDSA key types from libssh 0.9
The Guile-SSH key procedures would fail when libssh 0.9 + openssl is used on
ECDSA keys because it was missing support of new ECDSA key subtypes. This
change fixes the library and the tests.
* libguile-ssh/key-type.c: Add new ECDSA key types from libssh 0.9
* tests/key.scm: Update tests.
* configure.ac: Check for libssh 0.9
---
configure.ac | 8 ++++++--
libguile-ssh/key-type.c | 12 +++++++++++-
tests/key.scm | 13 +++++++++----
3 files changed, 26 insertions(+), 7 deletions(-)
diff --git a/configure.ac b/configure.ac
index 74271f7..99d35af 100644
--- a/configure.ac
+++ b/configure.ac
@@ -69,7 +69,11 @@ PKG_CHECK_MODULES([LIBSSH_0_8], [libssh >= 0.8.0],
[AC_DEFINE(HAVE_LIBSSH_0_8, 1, [Use libssh 0.8])],
[AC_DEFINE(HAVE_LIBSSH_0_8, 0, [Use libssh < 0.8])])
-AM_CONDITIONAL(HAVE_LIBSSH_0_8, $HAVE_LIBSSH_0_8)
+PKG_CHECK_MODULES([LIBSSH_0_9], [libssh >= 0.9.0],
+ [AC_DEFINE(HAVE_LIBSSH_0_9, 1, [Use libssh 0.9])],
+ [AC_DEFINE(HAVE_LIBSSH_0_9, 0, [Use libssh < 0.9])])
+
+AM_CONDITIONAL(HAVE_LIBSSH_0_8, $HAVE_LIBSSH_0_8)
# -------------------------------------------------------------------------------
diff --git a/libguile-ssh/key-type.c b/libguile-ssh/key-type.c
index ab67ecd..12617ce 100644
--- a/libguile-ssh/key-type.c
+++ b/libguile-ssh/key-type.c
@@ -42,7 +42,17 @@ static const struct symbol_mapping key_types[] = {
{ "dss", SSH_KEYTYPE_DSS },
{ "rsa", SSH_KEYTYPE_RSA },
{ "rsa1", SSH_KEYTYPE_RSA1 },
- { "ecdsa", SSH_KEYTYPE_ECDSA },
+ { "ecdsa", SSH_KEYTYPE_ECDSA }, /* Deprecated in libssh 0.9 */
+
+#ifdef HAVE_LIBSSH_0_9
+ { "ecdsa-p256", SSH_KEYTYPE_ECDSA_P256 },
+ { "ecdsa-p384", SSH_KEYTYPE_ECDSA_P384 },
+ { "ecdsa-p521", SSH_KEYTYPE_ECDSA_P521 },
+ { "ecdsa-p256-cert01", SSH_KEYTYPE_ECDSA_P256_CERT01 },
+ { "ecdsa-p384-cert01", SSH_KEYTYPE_ECDSA_P384_CERT01 },
+ { "ecdsa-p521-cert01", SSH_KEYTYPE_ECDSA_P521_CERT01 },
+#endif
+
{ "ed25519", SSH_KEYTYPE_ED25519 },
{ "unknown", SSH_KEYTYPE_UNKNOWN },
{ NULL, -1 }
diff --git a/tests/key.scm b/tests/key.scm
index c4394b1..be31378 100644
--- a/tests/key.scm
+++ b/tests/key.scm
@@ -89,9 +89,11 @@
(test-assert-with-log "get-key-type"
(and (eq? 'rsa (get-key-type *rsa-key*))
- (eq? 'dss (get-key-type *dsa-key*))
+ (eq? 'dss (get-key-type *dsa-key*)) ;))
(when-openssl
- (eq? 'ecdsa (get-key-type *ecdsa-key*)))))
+ (or (eq? 'ecdsa-p256 (get-key-type *ecdsa-key*))
+ ;; For libssh versions prior to 0.9
+ (eq? 'ecdsa (get-key-type *ecdsa-key*))))))
�
(test-assert-with-log "private-key-to-file"
@@ -138,7 +140,9 @@
(when-openssl
(test-equal "string->public-key, ECDSA"
- (public-key->string (string->public-key %ecdsakey-pub-string 'ecdsa))
+ (if (string=? (cadr (string-split (get-libssh-version) #\.)) "9")
+ (public-key->string (string->public-key %ecdsakey-pub-string 'ecdsa-p256))
+ (public-key->string (string->public-key %ecdsakey-pub-string 'ecdsa)))
%ecdsakey-pub-string))
(test-assert-with-log "string->public-key, RSA, gc test"
@@ -162,7 +166,8 @@
(when-openssl
(let ((key (make-keypair 'ecdsa 256)))
(and (key? key)
- (eq? (get-key-type key) 'ecdsa))))))
+ (or (eq? (get-key-type key) 'ecdsa) ; libssh < 0.9
+ (eq? (get-key-type key) 'ecdsa-p256)))))))
;;;
|
