Re: [PATCH] rpc: libssh2: Enable EC host keys

Neal Gompa <ngompa13@xxxxxxxxx> · Sun, 28 Mar 2021 15:15:03 -0400

On Sun, Mar 28, 2021 at 9:17 AM Bastian Germann
<bastiangermann@xxxxxxxxxxx> wrote:
>
> libssh2 has ECDSA and ED25519 support beginning with v1.9.0. libvirt cannot
> make use of those because it will handle them as unknown key types.
>
> Add support for those host key types.
>
> Signed-off-by: Bastian Germann <bastiangermann@xxxxxxxxxxx>
> ---
>  libvirt.spec.in            |  2 +-
>  meson.build                |  2 +-
>  src/rpc/virnetsshsession.c | 12 ++++++++++++
>  3 files changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index f9af330186..8f5b3f126c 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -359,7 +359,7 @@ BuildRequires: libcap-ng-devel >= 0.5.0
>  BuildRequires: fuse-devel >= 2.8.6
>  %endif
>  %if %{with_libssh2}
> -BuildRequires: libssh2-devel >= 1.3.0
> +BuildRequires: libssh2-devel >= 1.9.0
>  %endif
>  %if %{with_netcf}
>  BuildRequires: netcf-devel >= 0.2.2
> diff --git a/meson.build b/meson.build
> index ea93a2a8ec..5e5b22107c 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -1142,7 +1142,7 @@ else
>    libssh_dep = dependency('', required: false)
>  endif
>
> -libssh2_version = '1.3'
> +libssh2_version = '1.9'
>  if get_option('driver_remote').enabled()
>    libssh2_dep = dependency('libssh2', version: '>=' + libssh2_version, required: get_option('libssh2'))
>    if libssh2_dep.found()
> diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c
> index fe77594f65..cb081bcf4f 100644
> --- a/src/rpc/virnetsshsession.c
> +++ b/src/rpc/virnetsshsession.c
> @@ -389,6 +389,18 @@ virNetSSHCheckHostKey(virNetSSHSessionPtr sess)
>          case LIBSSH2_HOSTKEY_TYPE_DSS:
>              keyType = LIBSSH2_KNOWNHOST_KEY_SSHDSS;
>              break;
> +        case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
> +            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
> +            break;
> +        case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
> +            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
> +            break;
> +        case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
> +            keyType = LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
> +            break;
> +        case LIBSSH2_HOSTKEY_TYPE_ED25519:
> +            keyType = LIBSSH2_KNOWNHOST_KEY_ED25519;
> +            break;
>
>          case LIBSSH2_HOSTKEY_TYPE_UNKNOWN:
>          default:
> --
> 2.30.2
>

While this looks good to me, could we have this adjusted so that this
would be supported only if libssh2 >= 1.9.0 is detected and just not
add these cases when an older version is present?

libssh2 is only at 1.8.0 on Ubuntu 20.04, so this would cause it to fail there.

--
真実はいつも一つ！/ Always, there's only one truth!