Add NewCredentialSSHKeyFromSigner (#706)

This change adds `NewCredentialSSHKeyFromSigner`, which allows idiomatic
use of SSH keys from Go. This also lets us spin off an SSH server in the
tests.

(cherry picked from commit abf02bc)

Author: lhchavez

.github/workflows/ci.yml

@@ -34,6 +34,7 @@ jobs:
         GOPATH: /home/runner/work/git2go
       run: |
         git submodule update --init
+        sudo apt-get install -y --no-install-recommends libssh2-1-dev
         make build-libgit2-static
         go get -tags static -t github.com/${{ github.repository }}/...
         go build -tags static github.com/${{ github.repository }}/...
@@ -62,6 +63,7 @@ jobs:
     - name: Build
       run: |
         git submodule update --init
+        sudo apt-get install -y --no-install-recommends libssh2-1-dev
         make build-libgit2-static
     - name: Test
       run:  make TEST_ARGS=-test.v test-static
@@ -84,6 +86,7 @@ jobs:
     - name: Build
       run: |
         git submodule update --init
+        sudo apt-get install -y --no-install-recommends libssh2-1-dev
         make build-libgit2-dynamic
     - name: Test
       run: make TEST_ARGS=-test.v test-dynamic
@@ -108,6 +111,7 @@ jobs:
     - name: Build libgit2 ${{ matrix.libgit2 }}
       run: |
         git submodule update --init
+        sudo apt-get install -y --no-install-recommends libssh2-1-dev
         sudo env BUILD_LIBGIT_REF=v${{ matrix.libgit2 }} ./script/build-libgit2.sh --dynamic --system
     - name: Test
       run: make TEST_ARGS=-test.v test
@@ -130,6 +134,7 @@ jobs:
     - name: Build libgit2
       run: |
         git submodule update --init
+        sudo apt-get install -y --no-install-recommends libssh2-1-dev
         sudo ./script/build-libgit2.sh --static --system
     - name: Test
       run: go test --count=1 --tags "static,system_libgit2" ./...

.travis.yml

@@ -8,6 +8,7 @@ go:
   - tip
 
 install:
+  - sudo apt-get install -y --no-install-recommends libssh2-1-dev
   - make build-libgit2-static
   - go get --tags "static" ./...
 

credentials.go

@@ -3,15 +3,20 @@ package git
 /*
 #include <git2.h>
 #include <git2/credential.h>
+#include <git2/sys/credential.h>
 
 git_credential_t _go_git_credential_credtype(git_credential *cred);
+void _go_git_populate_credential_ssh_custom(git_credential_ssh_custom *cred);
 */
 import "C"
 import (
+	"crypto/rand"
 	"fmt"
 	"runtime"
 	"strings"
 	"unsafe"
+
+	"golang.org/x/crypto/ssh"
 )
 
 // CredentialType is a bitmask of supported credential types.
@@ -192,6 +197,63 @@ func NewCredentialSSHKeyFromAgent(username string) (*Credential, error) {
 	return cred, nil
 }
 
+type credentialSSHCustomData struct {
+	signer ssh.Signer
+}
+
+//export credentialSSHCustomFree
+func credentialSSHCustomFree(cred *C.git_credential_ssh_custom) {
+	if cred == nil {
+		return
+	}
+
+	C.free(unsafe.Pointer(cred.username))
+	C.free(unsafe.Pointer(cred.publickey))
+	pointerHandles.Untrack(cred.payload)
+	C.free(unsafe.Pointer(cred))
+}
+
+//export credentialSSHSignCallback
+func credentialSSHSignCallback(
+	errorMessage **C.char,
+	sig **C.uchar,
+	sig_len *C.size_t,
+	data *C.uchar,
+	data_len C.size_t,
+	handle unsafe.Pointer,
+) C.int {
+	signer := pointerHandles.Get(handle).(*credentialSSHCustomData).signer
+	signature, err := signer.Sign(rand.Reader, C.GoBytes(unsafe.Pointer(data), C.int(data_len)))
+	if err != nil {
+		return setCallbackError(errorMessage, err)
+	}
+	*sig = (*C.uchar)(C.CBytes(signature.Blob))
+	*sig_len = C.size_t(len(signature.Blob))
+	return C.int(ErrorCodeOK)
+}
+
+// NewCredentialSSHKeyFromSigner creates new SSH credentials using the provided signer.
+func NewCredentialSSHKeyFromSigner(username string, signer ssh.Signer) (*Credential, error) {
+	publicKey := signer.PublicKey().Marshal()
+
+	ccred := (*C.git_credential_ssh_custom)(C.calloc(1, C.size_t(unsafe.Sizeof(C.git_credential_ssh_custom{}))))
+	ccred.parent.credtype = C.GIT_CREDENTIAL_SSH_CUSTOM
+	ccred.username = C.CString(username)
+	ccred.publickey = (*C.char)(C.CBytes(publicKey))
+	ccred.publickey_len = C.size_t(len(publicKey))
+	C._go_git_populate_credential_ssh_custom(ccred)
+
+	data := credentialSSHCustomData{
+		signer: signer,
+	}
+	ccred.payload = pointerHandles.Track(&data)
+
+	cred := newCredential()
+	cred.ptr = &ccred.parent
+
+	return cred, nil
+}
+
 func NewCredentialDefault() (*Credential, error) {
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()

go.mod

@@ -2,4 +2,8 @@ module github.com/libgit2/git2go/v30
 
 go 1.13
 
-require golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
+require (
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+	golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c
+	golang.org/x/sys v0.0.0-20201204225414-ed752295db88 // indirect
+)

go.sum

@@ -1,7 +1,13 @@
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
-golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c h1:9HhBz5L/UjnK9XLtiZhYAdue5BVKep3PMmS2LuPDt8k=
+golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201204225414-ed752295db88 h1:KmZPnMocC93w341XZp26yTJg8Za7lhb2KhkYmixoeso=
+golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=