[PATCH] rpc: libssh2: Enable EC host keys

Bastian Germann posted 1 patch 2 weeks, 2 days ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20210328131656.1865-1-bastiangermann@fishpost.de
libvirt.spec.in            |  2 +-
meson.build                |  2 +-
src/rpc/virnetsshsession.c | 12 ++++++++++++
3 files changed, 14 insertions(+), 2 deletions(-)

[PATCH] rpc: libssh2: Enable EC host keys

Posted by Bastian Germann 2 weeks, 2 days ago
libssh2 has ECDSA and ED25519 support beginning with v1.9.0. libvirt cannot
make use of those because it will handle them as unknown key types.

Add support for those host key types.

Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
---
 libvirt.spec.in            |  2 +-
 meson.build                |  2 +-
 src/rpc/virnetsshsession.c | 12 ++++++++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index f9af330186..8f5b3f126c 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -359,7 +359,7 @@ BuildRequires: libcap-ng-devel >= 0.5.0
 BuildRequires: fuse-devel >= 2.8.6
 %endif
 %if %{with_libssh2}
-BuildRequires: libssh2-devel >= 1.3.0
+BuildRequires: libssh2-devel >= 1.9.0
 %endif
 %if %{with_netcf}
 BuildRequires: netcf-devel >= 0.2.2
diff --git a/meson.build b/meson.build
index ea93a2a8ec..5e5b22107c 100644
--- a/meson.build
+++ b/meson.build
@@ -1142,7 +1142,7 @@ else
   libssh_dep = dependency('', required: false)
 endif

-libssh2_version = '1.3'
+libssh2_version = '1.9'
 if get_option('driver_remote').enabled()
   libssh2_dep = dependency('libssh2', version: '>=' + libssh2_version, required: get_option('libssh2'))
   if libssh2_dep.found()
diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c
index fe77594f65..cb081bcf4f 100644
--- a/src/rpc/virnetsshsession.c
+++ b/src/rpc/virnetsshsession.c
@@ -389,6 +389,18 @@ virNetSSHCheckHostKey(virNetSSHSessionPtr sess)
         case LIBSSH2_HOSTKEY_TYPE_DSS:
             keyType = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
             break;
+        case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
+            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
+            break;
+        case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
+            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
+            break;
+        case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
+            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
+            break;
+        case LIBSSH2_HOSTKEY_TYPE_ED25519:
+            keyType = LIBSSH2_KNOWNHOST_KEY_ED25519;
+            break;

         case LIBSSH2_HOSTKEY_TYPE_UNKNOWN:
         default:
--
2.30.2

Re: [PATCH] rpc: libssh2: Enable EC host keys

Posted by Neal Gompa 2 weeks, 2 days ago
On Sun, Mar 28, 2021 at 9:17 AM Bastian Germann
<bastiangermann@fishpost.de> wrote:
>
> libssh2 has ECDSA and ED25519 support beginning with v1.9.0. libvirt cannot
> make use of those because it will handle them as unknown key types.
>
> Add support for those host key types.
>
> Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
> ---
>  libvirt.spec.in            |  2 +-
>  meson.build                |  2 +-
>  src/rpc/virnetsshsession.c | 12 ++++++++++++
>  3 files changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index f9af330186..8f5b3f126c 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -359,7 +359,7 @@ BuildRequires: libcap-ng-devel >= 0.5.0
>  BuildRequires: fuse-devel >= 2.8.6
>  %endif
>  %if %{with_libssh2}
> -BuildRequires: libssh2-devel >= 1.3.0
> +BuildRequires: libssh2-devel >= 1.9.0
>  %endif
>  %if %{with_netcf}
>  BuildRequires: netcf-devel >= 0.2.2
> diff --git a/meson.build b/meson.build
> index ea93a2a8ec..5e5b22107c 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -1142,7 +1142,7 @@ else
>    libssh_dep = dependency('', required: false)
>  endif
>
> -libssh2_version = '1.3'
> +libssh2_version = '1.9'
>  if get_option('driver_remote').enabled()
>    libssh2_dep = dependency('libssh2', version: '>=' + libssh2_version, required: get_option('libssh2'))
>    if libssh2_dep.found()
> diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c
> index fe77594f65..cb081bcf4f 100644
> --- a/src/rpc/virnetsshsession.c
> +++ b/src/rpc/virnetsshsession.c
> @@ -389,6 +389,18 @@ virNetSSHCheckHostKey(virNetSSHSessionPtr sess)
>          case LIBSSH2_HOSTKEY_TYPE_DSS:
>              keyType = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
>              break;
> +        case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
> +            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
> +            break;
> +        case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
> +            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
> +            break;
> +        case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
> +            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
> +            break;
> +        case LIBSSH2_HOSTKEY_TYPE_ED25519:
> +            keyType = LIBSSH2_KNOWNHOST_KEY_ED25519;
> +            break;
>
>          case LIBSSH2_HOSTKEY_TYPE_UNKNOWN:
>          default:
> --
> 2.30.2
>

While this looks good to me, could we have this adjusted so that this
would be supported only if libssh2 >= 1.9.0 is detected and just not
add these cases when an older version is present?

libssh2 is only at 1.8.0 on Ubuntu 20.04, so this would cause it to fail there.



--
真実はいつも一つ!/ Always, there's only one truth!