Merge pull request #5750 from arroz/missing_hostkey_types Add support for additional SSH hostkey types.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
diff --git a/ci/docker/focal b/ci/docker/focal
index c6fefc7..ce97268 100644
--- a/ci/docker/focal
+++ b/ci/docker/focal
@@ -48,9 +48,9 @@ RUN cd /tmp && \
FROM mbedtls AS libssh2
RUN cd /tmp && \
- curl --insecure --location --silent --show-error https://www.libssh2.org/download/libssh2-1.8.2.tar.gz | \
+ curl --insecure --location --silent --show-error https://www.libssh2.org/download/libssh2-1.9.0.tar.gz | \
tar -xz && \
- cd libssh2-1.8.2 && \
+ cd libssh2-1.9.0 && \
mkdir build build-msan && \
cd build && \
CC=clang-10 CFLAGS="-fPIC" cmake -G Ninja -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=Libgcrypt -DCMAKE_PREFIX_PATH=/usr/local -DCMAKE_INSTALL_PREFIX=/usr/local .. && \
@@ -59,7 +59,7 @@ RUN cd /tmp && \
CC=clang-10 CFLAGS="-fPIC -fsanitize=memory -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer" LDFLAGS="-fsanitize=memory" cmake -G Ninja -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=mbedTLS -DCMAKE_PREFIX_PATH=/usr/local/msan -DCMAKE_INSTALL_PREFIX=/usr/local/msan .. && \
ninja install && \
cd .. && \
- rm -rf libssh2-1.8.2
+ rm -rf libssh2-1.9.0
FROM libssh2 AS valgrind
RUN cd /tmp && \
diff --git a/include/git2/cert.h b/include/git2/cert.h
index 07ae8c9..f111b13 100644
--- a/include/git2/cert.h
+++ b/include/git2/cert.h
@@ -91,6 +91,14 @@ typedef enum {
GIT_CERT_SSH_RAW_TYPE_RSA = 1,
/** The raw key is a DSS key. */
GIT_CERT_SSH_RAW_TYPE_DSS = 2,
+ /** The raw key is a ECDSA 256 key. */
+ GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256 = 3,
+ /** The raw key is a ECDSA 384 key. */
+ GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384 = 4,
+ /** The raw key is a ECDSA 521 key. */
+ GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521 = 5,
+ /** The raw key is a ED25519 key. */
+ GIT_CERT_SSH_RAW_TYPE_KEY_ED25519 = 6
} git_cert_ssh_raw_type_t;
/**
diff --git a/src/transports/ssh.c b/src/transports/ssh.c
index c33c08a..71c37e7 100644
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@@ -580,6 +580,24 @@ post_extract:
case LIBSSH2_HOSTKEY_TYPE_DSS:
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_DSS;
break;
+
+#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
+ case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
+ cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256;
+ break;
+ case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
+ cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384;
+ break;
+ case LIBSSH2_KNOWNHOST_KEY_ECDSA_521:
+ cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521;
+ break;
+#endif
+
+#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
+ case LIBSSH2_HOSTKEY_TYPE_ED25519:
+ cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ED25519;
+ break;
+#endif
default:
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_UNKNOWN;
}