-
Notifications
You must be signed in to change notification settings - Fork 280
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The libssh2 story #648
Comments
cc @ethomson, since we spoke about it a few weeks back. |
AFAICS, CommonCrypto has nothing in the way of elliptic curves. Ref: rdar://38635282, for clarification about the comment as well as usage on iOS. |
Okay, got the backend to work. It looks like it's missing support for passworded RSA keys though… @keithduncan Just noticed there's no licensing header in your securetransport file. Is this an oversight ? |
I can try to take a look at this if I can refresh my memory on how all this works. I wrote some backend tests in https://github.com/keithduncan/libssh2-securetransport-tests to try and exercise all the different private key encodings that are supported. Could you add a failing test there?
I added a BSD license in https://github.com/keithduncan/libssh2/pull/2/commits/5341020182f63d42f57a20b8b92bb83ced5dbf49 in keeping with the project license. Thank you for letting me know 🙇 I’d love to see this backend merged upstream I just haven’t had the time to chase it down to completion 😅 let me know if I can help. |
Thanks for the license clarification, that's ✨. I'll cherrypick that on top of my work. The test failing It had completely slipped my mind that you had written tests. If you don't mind, I think I'd prefer them to be merged in the libssh2 "suite" instead, so other backends benefit (if that's doable though). Right now it runs, provided you comment out the remnants of the DH-specific BN functions. I'm still waiting on an answer from Apple about using BigNum though, which means I'm still hanging between using CommonCrypto on macOS and ditching it altogether in favor of mbedTLS. And I have concerns on the speed at which CommonCrypto gains the features we need, like EC, which seems to have support in corecrypto, but it's not available in CC. |
I'm filing that here for ease of documentation (since macOS is obviously the biggest user of the SecureTransport/CommonCrypto "backend" combination in libgit2-land).
The reference implementation I started with is here, and I have a rebased but not-working libssh2 branch of it here.
The current problem with that implementation is that it depends on this header for its BigNum implementation, which (might) mean a definitive NACK when iOS-ing. Also, there's a vague and "concerning" comment (hence the might).
Additionally, libssh2 recently changed its crypto layer a year ago so that backends now are responsible for doing the DH computations themselves (which either requires BigNum, or could be implemented using another private header.
The text was updated successfully, but these errors were encountered: