server ssh UPDATE authentication with ECDSA keys
ECDSA keys can now be used both as a hostkey and for client
authentication. Three key pairs added for a new test.
diff --git a/src/config_new.c b/src/config_new.c
index 0224a00..f8db1da 100644
--- a/src/config_new.c
+++ b/src/config_new.c
@@ -607,25 +607,40 @@
}
start = buffer;
- if (!strncmp(buffer, "ssh-rsa ", 8)) {
+ if (!strncmp(buffer, "ssh-dss ", 8)) {
+ ERR(NULL, "DSA public keys not supported.");
+ ret = 1;
+ goto cleanup;
+ } else if (!strncmp(buffer, "ssh-rsa ", 8)) {
start += strlen("ssh-rsa ");
- end = strchr(start, ' ');
- if (!end) {
- ERR(NULL, "Unexpected public key format.");
- ret = 1;
- goto cleanup;
- }
-
- *pubkey = strdup(start);
- if (!*pubkey) {
- ERRMEM;
- ret = 1;
- goto cleanup;
- }
-
- (*pubkey)[strlen(*pubkey) - strlen(end)] = '\0';
+ } else if (!strncmp(buffer, "ecdsa-sha2-nistp256 ", 20)) {
+ start += strlen("ecdsa-sha2-nistp256 ");
+ } else if (!strncmp(buffer, "ecdsa-sha2-nistp384 ", 20)) {
+ start += strlen("ecdsa-sha2-nistp384 ");
+ } else if (!strncmp(buffer, "ecdsa-sha2-nistp521 ", 20)) {
+ start += strlen("ecdsa-sha2-nistp521 ");
+ } else {
+ ERR(NULL, "Unknown public key type.");
+ ret = 1;
+ goto cleanup;
}
+ end = strchr(start, ' ');
+ if (!end) {
+ ERR(NULL, "Unexpected public key format.");
+ ret = 1;
+ goto cleanup;
+ }
+
+ *pubkey = strdup(start);
+ if (!*pubkey) {
+ ERRMEM;
+ ret = 1;
+ goto cleanup;
+ }
+
+ (*pubkey)[strlen(*pubkey) - strlen(end)] = '\0';
+
cleanup:
free(buffer);
return ret;
diff --git a/src/session.c b/src/session.c
index 1a7f1e5..d5d4886 100644
--- a/src/session.c
+++ b/src/session.c
@@ -107,16 +107,30 @@
}
}
+/**
+ * @brief Convert key type to string.
+ *
+ * @param[in] type Type of the key.
+ * @return String literal representing the key type or NULL.
+ */
const char *
nc_keytype2str(NC_SSH_KEY_TYPE type)
{
switch (type) {
+ case NC_SSH_KEY_UNKNOWN:
+ return "unknown";
case NC_SSH_KEY_DSA:
return "DSA";
case NC_SSH_KEY_RSA:
return "RSA";
case NC_SSH_KEY_ECDSA:
return "EC";
+ case NC_SSH_KEY_ECDSA_P256:
+ return "ECDSA_P256";
+ case NC_SSH_KEY_ECDSA_P384:
+ return "ECDSA_P384";
+ case NC_SSH_KEY_ECDSA_P521:
+ return "ECDSA_P521";
default:
break;
}
diff --git a/src/session.h b/src/session.h
index 55f4a0d..d487ea4 100644
--- a/src/session.h
+++ b/src/session.h
@@ -116,7 +116,10 @@
NC_SSH_KEY_UNKNOWN = 0,
NC_SSH_KEY_DSA,
NC_SSH_KEY_RSA,
- NC_SSH_KEY_ECDSA
+ NC_SSH_KEY_ECDSA, /**< only for private key */
+ NC_SSH_KEY_ECDSA_P256,
+ NC_SSH_KEY_ECDSA_P384,
+ NC_SSH_KEY_ECDSA_P521
} NC_SSH_KEY_TYPE;
/**
diff --git a/src/session_client_ssh.c b/src/session_client_ssh.c
index 23ee58c..3bb5faf 100644
--- a/src/session_client_ssh.c
+++ b/src/session_client_ssh.c
@@ -311,7 +311,7 @@
ret = ssh_get_publickey(session, &srv_pubkey);
#endif
if (ret < 0) {
- ERR(NULL, "Unable to get server public key.");
+ ERR(NULL, "Unable to get server's public key.");
return -1;
}