[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ECC

Subject: Re: ECC
From: Jon Simons <jon@xxxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Fri, 14 Feb 2014 14:57:51 -0800
To: libssh@xxxxxxxxxx

On 2/14/14, 2:41 PM, Alan Dunn wrote:
> For what it's worth, the attached patch should at fix the missing
> option (and remove some duplication in the key option code).
> 
> However, when patching samplesshd to use an ECDSA key, however, I get
> "ssh_handle_key_exchange: Could not get the public key from the
> private key".  I suspect this is because if you look in pki_key_dup in
> pki_crypto.c it does not set a private key's ecdsa_nid, then the key
> is duplicated in bind.c (in ssh_bind_accept_fd), and then later
> pki_key_dup expects ecdsa_nid to be set in "demotion to a public key".
>  However, correcting this, I then get a signature failure on the
> client end during a (ECDH) key exchange (using an OpenSSH client).

Interesting timing -- FWIW, I had the exact same experience yesterday,
getting a little further with the fix to pki_key_dup, but ultimately
hit failure for an OpenSSH to validate the ECDSA signature sent back
by libssh.

My experience with ECDSA client keys so far has been good -- signature
validation seems to work for me in that path.  I'd guess this is a bug
specific to the host key paths.

-Jon

References:
ECC	Dustin Oprea <myselfasunder@xxxxxxxxx>
Re: ECC	Alan Dunn <amdunn@xxxxxxxxx>
Re: ECC	Dustin Oprea <myselfasunder@xxxxxxxxx>
Re: ECC	Andreas Schneider <asn@xxxxxxxxxxxxxx>
Re: ECC	Alan Dunn <amdunn@xxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org