Add support for ECDSA keys and host keys (#41)

This commit lands full ECDSA key support when using the OpenSSL backend. Which includes: New KEX methods: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 Can now read OpenSSL formatted ECDSA key files. Now supports known host keys of type ecdsa-sha2-nistp256. New curve types: NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1 Default host key preferred ordering is now nistp256, nistp384, nistp521, rsa, dss. Ref: https://github.com/libssh2/libssh2/issues/41 Closes https://github.com/libssh2/libssh2/pull/206
2025-08-05 20:55:47 +03:00 · 2017-08-31 14:57:40 -07:00
parent bcd492163b
commit aba34f5f56
13 changed files with 2087 additions and 110 deletions
--- a/include/libssh2.h
+++ b/include/libssh2.h
@@ -404,11 +404,12 @@ typedef struct _LIBSSH2_POLLFD {
 #define LIBSSH2_HOSTKEY_HASH_MD5                            1
 #define LIBSSH2_HOSTKEY_HASH_SHA1                           2
 #define LIBSSH2_HOSTKEY_HASH_SHA256                         3
-    
+
 /* Hostkey Types */
-#define LIBSSH2_HOSTKEY_TYPE_UNKNOWN			    0
-#define LIBSSH2_HOSTKEY_TYPE_RSA			    1
-#define LIBSSH2_HOSTKEY_TYPE_DSS			    2
+#define LIBSSH2_HOSTKEY_TYPE_UNKNOWN            0
+#define LIBSSH2_HOSTKEY_TYPE_RSA                1
+#define LIBSSH2_HOSTKEY_TYPE_DSS                2
+#define LIBSSH2_HOSTKEY_TYPE_ECDSA              3

 /* Disconnect Codes (defined by SSH protocol) */
 #define SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT          1
@@ -967,6 +968,7 @@ libssh2_knownhost_init(LIBSSH2_SESSION *session);
 #define LIBSSH2_KNOWNHOST_KEY_RSA1     (1<<18)
 #define LIBSSH2_KNOWNHOST_KEY_SSHRSA   (2<<18)
 #define LIBSSH2_KNOWNHOST_KEY_SSHDSS   (3<<18)
+#define LIBSSH2_KNOWNHOST_KEY_ECDSA	   (4<<18)
 #define LIBSSH2_KNOWNHOST_KEY_UNKNOWN  (7<<18)

 LIBSSH2_API int