Add NewCredentialSSHKeyFromSigner (#706)

This change adds `NewCredentialSSHKeyFromSigner`, which allows idiomatic
use of SSH keys from Go. This also lets us spin off an SSH server in the
tests.

(cherry picked from commit abf02bc)

Author: lhchavez

.github/workflows/ci.yml

@@ -34,6 +34,7 @@ jobs:
         GOPATH: /home/runner/work/git2go
       run: |
         git submodule update --init
+        sudo apt-get install -y --no-install-recommends libssh2-1-dev
         make build-libgit2-static
         go get -tags static -t github.com/${{ github.repository }}/...
         go build -tags static github.com/${{ github.repository }}/...
@@ -62,6 +63,7 @@ jobs:
     - name: Build
       run: |
         git submodule update --init
+        sudo apt-get install -y --no-install-recommends libssh2-1-dev
         make build-libgit2-static
     - name: Test
       run:  make TEST_ARGS=-test.v test-static
@@ -84,6 +86,7 @@ jobs:
     - name: Build
       run: |
         git submodule update --init
+        sudo apt-get install -y --no-install-recommends libssh2-1-dev
         make build-libgit2-dynamic
     - name: Test
       run: make TEST_ARGS=-test.v test-dynamic
@@ -106,6 +109,7 @@ jobs:
     - name: Build libgit2
       run: |
         git submodule update --init
+        sudo apt-get install -y --no-install-recommends libssh2-1-dev
         sudo ./script/build-libgit2.sh --dynamic --system
     - name: Test
       run: make TEST_ARGS=-test.v test
@@ -128,6 +132,7 @@ jobs:
     - name: Build libgit2
       run: |
         git submodule update --init
+        sudo apt-get install -y --no-install-recommends libssh2-1-dev
         sudo ./script/build-libgit2.sh --static --system
     - name: Test
       run: go test --count=1 --tags "static,system_libgit2" ./...

.travis.yml

@@ -8,6 +8,7 @@ go:
   - tip
 
 install:
+  - sudo apt-get install -y --no-install-recommends libssh2-1-dev
   - make build-libgit2-static
   - go get --tags "static" ./...
 

credentials.go

@@ -2,9 +2,16 @@ package git
 
 /*
 #include <git2.h>
+
+void _go_git_populate_credential_ssh_custom(git_cred_ssh_custom *cred);
 */
 import "C"
-import "unsafe"
+import (
+	"crypto/rand"
+	"unsafe"
+
+	"golang.org/x/crypto/ssh"
+)
 
 type CredType uint
 
@@ -89,3 +96,61 @@ func NewCredDefault() (int, Cred) {
 	ret := C.git_cred_default_new(&cred.ptr)
 	return int(ret), cred
 }
+
+type credentialSSHCustomData struct {
+	signer ssh.Signer
+}
+
+//export credentialSSHCustomFree
+func credentialSSHCustomFree(cred *C.git_cred_ssh_custom) {
+	if cred == nil {
+		return
+	}
+
+	C.free(unsafe.Pointer(cred.username))
+	C.free(unsafe.Pointer(cred.publickey))
+	pointerHandles.Untrack(cred.payload)
+	C.free(unsafe.Pointer(cred))
+}
+
+//export credentialSSHSignCallback
+func credentialSSHSignCallback(
+	errorMessage **C.char,
+	sig **C.uchar,
+	sig_len *C.size_t,
+	data *C.uchar,
+	data_len C.size_t,
+	handle unsafe.Pointer,
+) C.int {
+	signer := pointerHandles.Get(handle).(*credentialSSHCustomData).signer
+	signature, err := signer.Sign(rand.Reader, C.GoBytes(unsafe.Pointer(data), C.int(data_len)))
+	if err != nil {
+		return setCallbackError(errorMessage, err)
+	}
+	*sig = (*C.uchar)(C.CBytes(signature.Blob))
+	*sig_len = C.size_t(len(signature.Blob))
+	return C.int(ErrorCodeOK)
+}
+
+// NewCredentialSSHKeyFromSigner creates new SSH credentials using the provided signer.
+func NewCredentialSSHKeyFromSigner(username string, signer ssh.Signer) (*Cred, error) {
+	publicKey := signer.PublicKey().Marshal()
+
+	ccred := (*C.git_cred_ssh_custom)(C.calloc(1, C.size_t(unsafe.Sizeof(C.git_cred_ssh_custom{}))))
+	ccred.parent.credtype = C.GIT_CREDTYPE_SSH_CUSTOM
+	ccred.username = C.CString(username)
+	ccred.publickey = (*C.char)(C.CBytes(publicKey))
+	ccred.publickey_len = C.size_t(len(publicKey))
+	C._go_git_populate_credential_ssh_custom(ccred)
+
+	data := credentialSSHCustomData{
+		signer: signer,
+	}
+	ccred.payload = pointerHandles.Track(&data)
+
+	cred := Cred{
+		ptr: &ccred.parent,
+	}
+
+	return &cred, nil
+}

go.mod

@@ -1,3 +1,9 @@
 module github.com/libgit2/git2go/v28
 
 go 1.13
+
+require (
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+	golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c
+	golang.org/x/sys v0.0.0-20201204225414-ed752295db88 // indirect
+)

go.sum

@@ -0,0 +1,13 @@
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c h1:9HhBz5L/UjnK9XLtiZhYAdue5BVKep3PMmS2LuPDt8k=
+golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201204225414-ed752295db88 h1:KmZPnMocC93w341XZp26yTJg8Za7lhb2KhkYmixoeso=
+golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=