[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ECC

Subject: Re: ECC
From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Sat, 15 Feb 2014 14:05:28 +0100
To: libssh@xxxxxxxxxx

Hi everybody,

This is also my fault, I worked a lot on server side last year and never
bothered checking if the server was accepting ecdsa keys.
Regarding the API, is there any advantage in adding an option specific
to ECDSA ?
I see there's already SSH_BIND_OPTIONS_HOSTKEY and if we follow
OpenSSH's semantics:
     HostKey
             Specifies a file containing a private host key used by
SSH.  The default is
             /etc/ssh/ssh_host_key for protocol version 1, and
/etc/ssh/ssh_host_dsa_key,
             /etc/ssh/ssh_host_ecdsa_key and /etc/ssh/ssh_host_rsa_key
for protocol version
             2.  Note that sshd(8) will refuse to use a file if it is
group/world-accessi-
             ble.  It is possible to have multiple host key files. 
``rsa1'' keys are used
             for version 1 and ``dsa'', ``ecdsa'' or ``rsa'' are used
for version 2 of the
             SSH protocol.
This option should also work with ecdsa, is standard (maps to an openssh
settings) and doesn't require the caller to know the type of key beforehand.

Aris

Le 15/02/14 11:27, Andreas Schneider a écrit :
> On Friday 14 February 2014 16:41:42 you wrote:
>> For what it's worth, the attached patch should at fix the missing
>> option (and remove some duplication in the key option code).
> Thanks for your patch. I have some comments.
>
> @@ -42,6 +42,7 @@ enum ssh_bind_options_e {
>    SSH_BIND_OPTIONS_HOSTKEY,
>    SSH_BIND_OPTIONS_DSAKEY,
>    SSH_BIND_OPTIONS_RSAKEY,
> +  SSH_BIND_OPTIONS_ECDSAKEY,
>    SSH_BIND_OPTIONS_BANNER,
>    SSH_BIND_OPTIONS_LOG_VERBOSITY,
>    SSH_BIND_OPTIONS_LOG_VERBOSITY_STR
>
> This will break the ABI. The option should be added at the end of the enum!
>
> I know that the style is pretty broken in libssh and I need to write a 
> styleguide. Please use 4 spaces and pki.c or pki_crypt.c should be the style 
> to use.
>
>
> if (ssh_bind_set_key(sshbind, &sshbind->dsakey, value) < 0) {
>
> should be:
>
> rc = ssh_bind_set_key(sshbind, &sshbind->dsakey, value);
> if (rc < 0) {}
>
> http://blog.cryptomilk.org/2013/03/28/writing-and-reading-code/
>
>
> I will integrate the full example soon. So we can work on that and extend it 
> with ecdsa support.
>
>
>
> 	-- andreas
>
>

Follow-Ups:
Re: ECC	Dustin Oprea <myselfasunder@xxxxxxxxx>
Re: ECC	Alan Dunn <amdunn@xxxxxxxxx>

References:
ECC	Dustin Oprea <myselfasunder@xxxxxxxxx>
Re: ECC	Andreas Schneider <asn@xxxxxxxxxxxxxx>
Re: ECC	Alan Dunn <amdunn@xxxxxxxxx>
Re: ECC	Andreas Schneider <asn@xxxxxxxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org