Reimplement bindings for session_hostkey and knownhost_checkp #67
Conversation
refs #66 Although this is a bug fix, this changes Haskell type signatures of exported functions.
|
This will do! I chose a slightly different approach that I was going to upstream after some more testing. Adapting that to fit your code, I'd end up at this: {# fun libssh2_session_hostkey as getHostKey_
{ toPointer `Session', alloca- `CULong' peek*, alloca- `CInt' peek* } -> `Ptr CChar' id #}
-- | An SSH public host key.
data HostKey = HostKey
{ base64Key :: Text
-- ^ The base64-encoded host key.
, keyType :: KnownHostType
-- ^ The host key type.
}
deriving (Eq)
-- | Get the public host key.
getHostKey :: Session -> IO HostKey
getHostKey session = do
(cBytes, cBytesLen, intKeyType) <- getHostKey_ session
-- TODO: is fromEnum safe to convert a CULong to an Int? Seems to work for our uses.
keyBytes <- encodeBase64 <$> BSS.packCStringLen (cBytes, fromEnum cBytesLen)
pure (HostKey keyBytes (int2kht intKeyType))As you can see, it's pretty much equivalent. I also have some instance Show HostKey where
show (HostKey base64Key keyType) = show keyType ++ " " ++ T.unpack base64Key
instance Show KnownHostType where
show KEY_SSHRSA = "ssh-rsa"
show KEY_SSHDSS = "ssh-dss"
...I noticed libssh2-hs does not support other host key ciphers such as ED25519. Should I open a PR for that? I need it for my project :) |
| (hostkey, _keylen, _keytype) <- getHostKey s | ||
| result <- checkKnownHost kh host port hostkey [TYPE_PLAIN, KEYENC_RAW] | ||
| (hostkey, _keytype) <- getHostKey s | ||
| result <- checkKnownHost kh host port hostkey [TYPE_PLAIN, KEYENC_RAW, KEY_RSA1, KEY_SSHRSA, KEY_SSHDSS] |
There was a problem hiding this comment.
I think we also need KEYENC_BASE64, since the keys in the known hosts file are base64 encoded.
There was a problem hiding this comment.
I needed this in my implementation at least.
There was a problem hiding this comment.
Perhaps we should allow the user of this function to pass the flags, and add it as a parameter to the function.
There was a problem hiding this comment.
I thought maybe it would be better to do
(hostkey, keytype) <- getHostKey s
result <- checkKnownHost kh host port hostkey [keytype]what do you think?
There was a problem hiding this comment.
That is insufficient; the typemask details not just what key type is it, but also what format the host name is and what format the key is in. See
https://www.libssh2.org/libssh2_knownhost_check.html
For example, we'd pass [TYPE_PLAIN, KEYENC_BASE64, KEY_SSHRSA] to specify that the host name is plain (not hashed), that the key is base64 encoded and that the key is an ssh-rsa key.
|
Looking at https://github.com/libssh2/libssh2/blob/de7a74aff24c47b2f2e9815f0a98598195d602e4/include/libssh2.h, I think you are targeting the wrong values for Feel free to copy this which I have in my local branch: data HostKeyType =
UNKNOWN
| RSA
| DSS
| ECDSA_256
| ECDSA_384
| ECDSA_521
| ED25519
deriving (Enum, Eq, Ord)
instance Show HostKeyType where
show UNKNOWN = "unknown"
show RSA = "ssh-rsa"
show DSS = "ssh-dss"
show ECDSA_256 = "ecdsa-sha2-nistp256"
show ECDSA_384 = "ecdsa-sha2-nistp384"
show ECDSA_521 = "ecdsa-sha2-nistp521"
show ED25519 = "ssh-ed25519"
int2hostKeyType :: Integral n => n -> HostKeyType
int2hostKeyType = toEnum . fromIntegral |
|
Hey @portnov, is there anything I can do to help get this merged? :) |
|
You can create your own PR, based on this, with changes that you suggested. Unfortunately I did not have time to make them. |
|
Thanks! I opened #69. |
refs #66
Although this is a bug fix, this changes Haskell type signatures of
exported functions.