moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-02-28 17:31:46 -05:00
Code Issues Releases Wiki Activity

libssh2: add support for ECDSA and ed25519 knownhost keys

Browse Source 
... if a new enough libssh2 version is present.

Source: https://curl.haxx.se/mail/archive-2019-12/0023.html
Co-Authored-by: Daniel Stenberg
Closes #4714
This commit is contained in:
Santino Keupp 2019-12-13 22:55:18 +01:00 committed by Daniel Stenberg
parent 38797e8811
commit 1d2d3feb21
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 82 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
lib/vssh/libssh2.c
View File

@ -466,61 +466,95 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
struct curl_khkey *knownkeyp = NULL; struct curl_khkey *knownkeyp = NULL;
struct curl_khkey foundkey; struct curl_khkey foundkey;
keybit = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)? switch(keytype) {
LIBSSH2_KNOWNHOST_KEY_SSHRSA:LIBSSH2_KNOWNHOST_KEY_SSHDSS; case LIBSSH2_HOSTKEY_TYPE_RSA:
keybit = LIBSSH2_KNOWNHOST_KEY_SSHRSA;
break;
case LIBSSH2_HOSTKEY_TYPE_DSS:
keybit = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
break;
#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
break;
#endif
#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_384
case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
break;
#endif
#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_521
case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
keybit = LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
break;
#endif
#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
case LIBSSH2_HOSTKEY_TYPE_ED25519:
keybit = LIBSSH2_KNOWNHOST_KEY_ED25519;
break;
#endif
default:
infof(data, "unsupported key type, can't check knownhosts!\n");
keybit = 0;
break;
}
if(!keybit)
/* no check means failure! */
rc = CURLKHSTAT_REJECT;
else {
#ifdef HAVE_LIBSSH2_KNOWNHOST_CHECKP #ifdef HAVE_LIBSSH2_KNOWNHOST_CHECKP
keycheck = libssh2_knownhost_checkp(sshc->kh, keycheck = libssh2_knownhost_checkp(sshc->kh,
conn->host.name, conn->host.name,
(conn->remote_port != PORT_SSH)? (conn->remote_port != PORT_SSH)?
conn->remote_port:-1, conn->remote_port:-1,
remotekey, keylen, remotekey, keylen,
LIBSSH2_KNOWNHOST_TYPE_PLAIN| LIBSSH2_KNOWNHOST_TYPE_PLAIN|
LIBSSH2_KNOWNHOST_KEYENC_RAW| LIBSSH2_KNOWNHOST_KEYENC_RAW|
keybit, keybit,
&host); &host);
#else #else
keycheck = libssh2_knownhost_check(sshc->kh, keycheck = libssh2_knownhost_check(sshc->kh,
conn->host.name, conn->host.name,
remotekey, keylen, remotekey, keylen,
LIBSSH2_KNOWNHOST_TYPE_PLAIN| LIBSSH2_KNOWNHOST_TYPE_PLAIN|
LIBSSH2_KNOWNHOST_KEYENC_RAW| LIBSSH2_KNOWNHOST_KEYENC_RAW|
keybit, keybit,
&host); &host);
#endif #endif
infof(data, "SSH host check: %d, key: %s\n", keycheck, infof(data, "SSH host check: %d, key: %s\n", keycheck,
(keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)? (keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)?
host->key:"<none>"); host->key:"<none>");
/* setup 'knownkey' */ /* setup 'knownkey' */
if(keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH) { if(keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH) {
knownkey.key = host->key; knownkey.key = host->key;
knownkey.len = 0; knownkey.len = 0;
knownkey.keytype = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)? knownkey.keytype = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
CURLKHTYPE_RSA : CURLKHTYPE_DSS;
knownkeyp = &knownkey;
}
/* setup 'foundkey' */
foundkey.key = remotekey;
foundkey.len = keylen;
foundkey.keytype = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
CURLKHTYPE_RSA : CURLKHTYPE_DSS; CURLKHTYPE_RSA : CURLKHTYPE_DSS;
knownkeyp = &knownkey;
/*
* if any of the LIBSSH2_KNOWNHOST_CHECK_* defines and the
* curl_khmatch enum are ever modified, we need to introduce a
* translation table here!
*/
keymatch = (enum curl_khmatch)keycheck;
/* Ask the callback how to behave */
Curl_set_in_callback(data, true);
rc = func(data, knownkeyp, /* from the knownhosts file */
&foundkey, /* from the remote host */
keymatch, data->set.ssh_keyfunc_userp);
Curl_set_in_callback(data, false);
} }
/* setup 'foundkey' */
foundkey.key = remotekey;
foundkey.len = keylen;
foundkey.keytype = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
CURLKHTYPE_RSA : CURLKHTYPE_DSS;
/*
* if any of the LIBSSH2_KNOWNHOST_CHECK_* defines and the
* curl_khmatch enum are ever modified, we need to introduce a
* translation table here!
*/
keymatch = (enum curl_khmatch)keycheck;
/* Ask the callback how to behave */
Curl_set_in_callback(data, true);
rc = func(data, knownkeyp, /* from the knownhosts file */
&foundkey, /* from the remote host */
keymatch, data->set.ssh_keyfunc_userp);
Curl_set_in_callback(data, false);
} }
else else
/* no remotekey means failure! */ /* no remotekey means failure! */