Skip to content

G
git2
Commit 29fe5f61 by lhchavez
Options

Also add the raw hostkey to `git_cert_hostkey` 

`git_cert_x509` has the raw encoded certificate. Let's do the same for
the SSH certificate for symmetry.
parent 4fadd594
Showing with 52 additions and 5 deletions
include/git2/cert.h
...@@ -80,8 +80,19 @@ typedef enum { ...@@ -80,8 +80,19 @@ typedef enum {
GIT_CERT_SSH_SHA1 = (1 << 1), GIT_CERT_SSH_SHA1 = (1 << 1),
/** SHA-256 is available */ /** SHA-256 is available */
GIT_CERT_SSH_SHA256 = (1 << 2), GIT_CERT_SSH_SHA256 = (1 << 2),
/** Raw hostkey is available */
GIT_CERT_SSH_RAW = (1 << 3),
} git_cert_ssh_t; } git_cert_ssh_t;
typedef enum {
/** The raw key is of an unknown type. */
GIT_CERT_SSH_RAW_TYPE_UNKNOWN = 0,
/** The raw key is an RSA key. */
GIT_CERT_SSH_RAW_TYPE_RSA = 1,
/** The raw key is a DSS key. */
GIT_CERT_SSH_RAW_TYPE_DSS = 2,
} git_cert_ssh_raw_type_t;
/** /**
* Hostkey information taken from libssh2 * Hostkey information taken from libssh2
*/ */
...@@ -89,28 +100,45 @@ typedef struct { ...@@ -89,28 +100,45 @@ typedef struct {
git_cert parent; /**< The parent cert */ git_cert parent; /**< The parent cert */
/** /**
* A hostkey type from libssh2, either * A bitmask containing the available fields.
* `GIT_CERT_SSH_MD5` or `GIT_CERT_SSH_SHA1`
*/ */
git_cert_ssh_t type; git_cert_ssh_t type;
/** /**
* Hostkey hash. If type has `GIT_CERT_SSH_MD5` set, this will * Hostkey hash. If `type` has `GIT_CERT_SSH_MD5` set, this will
* have the MD5 hash of the hostkey. * have the MD5 hash of the hostkey.
*/ */
unsigned char hash_md5[16]; unsigned char hash_md5[16];
/** /**
* Hostkey hash. If type has `GIT_CERT_SSH_SHA1` set, this will * Hostkey hash. If `type` has `GIT_CERT_SSH_SHA1` set, this will
* have the SHA-1 hash of the hostkey. * have the SHA-1 hash of the hostkey.
*/ */
unsigned char hash_sha1[20]; unsigned char hash_sha1[20];
/** /**
* Hostkey hash. If type has `GIT_CERT_SSH_SHA256` set, this will * Hostkey hash. If `type` has `GIT_CERT_SSH_SHA256` set, this will
* have the SHA-256 hash of the hostkey. * have the SHA-256 hash of the hostkey.
*/ */
unsigned char hash_sha256[32]; unsigned char hash_sha256[32];
/**
* Raw hostkey type. If `type` has `GIT_CERT_SSH_RAW` set, this will
* have the type of the raw hostkey.
*/
git_cert_ssh_raw_type_t raw_type;
/**
* Pointer to the raw hostkey. If `type` has `GIT_CERT_SSH_RAW` set,
* this will have the raw contents of the hostkey.
*/
const char *hostkey;
/**
* Raw hostkey length. If `type` has `GIT_CERT_SSH_RAW` set, this will
* have the length of the raw contents of the hostkey.
*/
size_t hostkey_len;
} git_cert_hostkey; } git_cert_hostkey;
/** /**
......
src/transports/ssh.c
...@@ -563,9 +563,28 @@ post_extract: ...@@ -563,9 +563,28 @@ post_extract:
if (t->owner->certificate_check_cb != NULL) { if (t->owner->certificate_check_cb != NULL) {
git_cert_hostkey cert = {{ 0 }}, *cert_ptr; git_cert_hostkey cert = {{ 0 }}, *cert_ptr;
const char *key; const char *key;
size_t cert_len;
int cert_type;
cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2; cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
key = libssh2_session_hostkey(session, &cert_len, &cert_type);
if (key != NULL) {
cert.type |= GIT_CERT_SSH_RAW;
cert.hostkey = key;
cert.hostkey_len = cert_len;
switch (cert_type) {
case LIBSSH2_HOSTKEY_TYPE_RSA:
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_RSA;
break;
case LIBSSH2_HOSTKEY_TYPE_DSS:
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_DSS;
break;
default:
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_UNKNOWN;
}
}
#ifdef LIBSSH2_HOSTKEY_HASH_SHA256 #ifdef LIBSSH2_HOSTKEY_HASH_SHA256
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256); key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256);
if (key != NULL) { if (key != NULL) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment