Add gssapi key exchange, including ECDH

Pavol Žáčikrequested to merge
pzacik/libssh-mirror:gssapi into master

This PR builds on top of !505, adding support for gss-nistp256-sha256-* and gss-curve25519-sha256-* (these two methods are also supported by OpenSSH).

The original PR was rebased onto current master with no changes. I include also patches from https://gitlab.com/jjelen/libssh-mirror/-/tree/gssapi-key-exchange, one test case fix related to those patches, and two self-contained updates of curve25519.h/libgcrypt.h.

All 4 supported GSSAPI KEX methods share most of their implementation in kex-gss.c. The file now also contains some helper static functions used only by GSSAPI Diffie-Hellman KEX (dh_init and dh_import_peer_key). These could technically be moved to dh.c and be used to de-duplicate some code there, but this would require considerable refactoring as they treat keys primarily as SSH strings instead of bignums. Let me know as part of review whether the current state of these is appropriate or not.

The torture_gssapi_key_exchange_null test is currently failing for all Fedora builds in the CI. I haven't yet investigated this, but it seems related to this commit included in OpenSSH 10.

Checklist

  • Commits have Signed-off-by: with name/author being identical to the commit author
  • Code modified for feature
  • Test suite updated with functionality tests
  • Test suite updated with negative tests
  • Documentation updated

Reviewer's checklist:

  • Any issues marked for closing are addressed
  • There is a test suite reasonably covering new functionality or modifications
  • Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTING.md
  • This feature/change has adequate documentation added
  • No obvious mistakes in the code
Edited by Pavol Žáčik

Merge request reports