Add support for ECDSA keys and host keys (#41)

This commit lands full ECDSA key support when using the OpenSSL backend. Which includes: New KEX methods: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 Can now read OpenSSL formatted ECDSA key files. Now supports known host keys of type ecdsa-sha2-nistp256. New curve types: NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1 Default host key preferred ordering is now nistp256, nistp384, nistp521, rsa, dss. Ref: https://github.com/libssh2/libssh2/issues/41 Closes https://github.com/libssh2/libssh2/pull/206
2025-11-20 02:42:09 +03:00 · 2017-08-31 14:57:40 -07:00
parent bcd492163b
commit aba34f5f56
13 changed files with 2087 additions and 110 deletions
--- a/src/libssh2_priv.h
+++ b/src/libssh2_priv.h
@@ -154,7 +154,7 @@ static inline int writev(int sock, struct iovec *iov, int nvecs)
 * padding length, payload, padding, and MAC.)."
 */
 #define MAX_SSH_PACKET_LEN 35000
-#define MAX_SHA_DIGEST_LEN SHA256_DIGEST_LENGTH
+#define MAX_SHA_DIGEST_LEN SHA512_DIGEST_LENGTH

 #define LIBSSH2_ALLOC(session, count) \
  session->alloc((count), &(session)->abstract)
@@ -271,10 +271,13 @@ typedef struct key_exchange_state_low_t
    kmdhgGPshakex_state_t exchange_state;
    _libssh2_bn *p;             /* SSH2 defined value (p_value) */
    _libssh2_bn *g;             /* SSH2 defined value (2) */
-    unsigned char request[13];
+    unsigned char request[256]; /* Must fit EC_MAX_POINT_LEN + data */
    unsigned char *data;
    size_t request_len;
    size_t data_len;
+    _libssh2_ec_key *private_key;   /* SSH2 ecdh private key */
+    unsigned char *public_key_oct;  /* SSH2 ecdh public key octal value */
+    size_t public_key_oct_len;      /* SSH2 ecdh public key octal value length */
 } key_exchange_state_low_t;

 typedef struct key_exchange_state_t
@@ -987,6 +990,10 @@ _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...)
 #define SSH_MSG_KEX_DH_GEX_INIT                     32
 #define SSH_MSG_KEX_DH_GEX_REPLY                    33

+/* ecdh */
+#define SSH2_MSG_KEX_ECDH_INIT                      30
+#define SSH2_MSG_KEX_ECDH_REPLY                     31
+
 /* User Authentication */
 #define SSH_MSG_USERAUTH_REQUEST                    50
 #define SSH_MSG_USERAUTH_FAILURE                    51