[PATCH] rpc: libssh2: Enable EC host keys

Bastian Germann posted 1 patch 2 weeks, 2 days ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20210328211021.16932-1-bastiangermann@fishpost.de
src/rpc/virnetsshsession.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)

[PATCH] rpc: libssh2: Enable EC host keys

Posted by Bastian Germann 2 weeks, 2 days ago
libssh2 has ECDSA and ED25519 support beginning with v1.9.0. libvirt cannot
make use of those because it will handle them as unknown key types.

Add support for those host key types.

Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
---
 src/rpc/virnetsshsession.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c
index fe77594..c311e90 100644
--- a/src/rpc/virnetsshsession.c
+++ b/src/rpc/virnetsshsession.c
@@ -389,7 +389,21 @@ virNetSSHCheckHostKey(virNetSSHSessionPtr sess)
         case LIBSSH2_HOSTKEY_TYPE_DSS:
             keyType = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
             break;
-
+#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
+        /* defs from libssh2 v1.9.0 or later */
+        case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
+            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
+            break;
+        case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
+            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
+            break;
+        case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
+            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
+            break;
+        case LIBSSH2_HOSTKEY_TYPE_ED25519:
+            keyType = LIBSSH2_KNOWNHOST_KEY_ED25519;
+            break;
+#endif
         case LIBSSH2_HOSTKEY_TYPE_UNKNOWN:
         default:
             virReportError(VIR_ERR_SSH, "%s",
-- 
2.31.0

Re: [PATCH] rpc: libssh2: Enable EC host keys

Posted by Neal Gompa 2 weeks, 2 days ago
On Sun, Mar 28, 2021 at 5:10 PM Bastian Germann
<bastiangermann@fishpost.de> wrote:
>
> libssh2 has ECDSA and ED25519 support beginning with v1.9.0. libvirt cannot
> make use of those because it will handle them as unknown key types.
>
> Add support for those host key types.
>
> Signed-off-by: Bastian Germann <bastiangermann@fishpost.de>
> ---
>  src/rpc/virnetsshsession.c | 16 +++++++++++++++-
>  1 file changed, 15 insertions(+), 1 deletion(-)
>
> diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c
> index fe77594..c311e90 100644
> --- a/src/rpc/virnetsshsession.c
> +++ b/src/rpc/virnetsshsession.c
> @@ -389,7 +389,21 @@ virNetSSHCheckHostKey(virNetSSHSessionPtr sess)
>          case LIBSSH2_HOSTKEY_TYPE_DSS:
>              keyType = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
>              break;
> -
> +#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
> +        /* defs from libssh2 v1.9.0 or later */
> +        case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
> +            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
> +            break;
> +        case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
> +            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
> +            break;
> +        case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
> +            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
> +            break;
> +        case LIBSSH2_HOSTKEY_TYPE_ED25519:
> +            keyType = LIBSSH2_KNOWNHOST_KEY_ED25519;
> +            break;
> +#endif
>          case LIBSSH2_HOSTKEY_TYPE_UNKNOWN:
>          default:
>              virReportError(VIR_ERR_SSH, "%s",
> --
> 2.31.0
>

LGTM.

Reviewed-by: Neal Gompa <ngompa13@gmail.com>


-- 
真実はいつも一つ!/ Always, there's only one truth!