From 4c298e6e67716829dcdb2f5a6c9b57e04bb91604 Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 31 Oct 2012 17:57:26 +0000
Subject: [PATCH] Add support for ECDSA to ssh-hostkey.nse.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Patch by Adam Števko. http://seclists.org/nmap-dev/2012/q4/181
---
 CHANGELOG               | 2 ++
 nselib/ssh2.lua         | 9 +++++++++
 scripts/ssh-hostkey.nse | 9 +++++++++
 3 files changed, 20 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index fe66b1f8a..6fc31c952 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,7 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Added support for ECDSA keys to ssh-hostkey.nse. [Adam Števko]
+
 o [Nsock] Added new poll and kqueue engines. [Henri Doreau]
 
 o [Zenmap] Corrected some typos in the Japanese translation.
diff --git a/nselib/ssh2.lua b/nselib/ssh2.lua
index 346e93f02..263bb77bb 100644
--- a/nselib/ssh2.lua
+++ b/nselib/ssh2.lua
@@ -215,6 +215,15 @@ fetch_host_key = function( host, port, key_type )
     local n
     _, _, _, n = bin.unpack( ">aaa", public_host_key )
     bits = openssl.bignum_bin2bn( n ):num_bits()
+  elseif key_type == 'ecdsa-sha2-nistp256' then
+    algorithm = "ECDSA"
+    bits = "256"
+  elseif key_type == 'ecdsa-sha2-nistp384' then
+    algorithm = "ECDSA"
+    bits = "384"
+  elseif key_type == 'ecdsa-sha2-nistp521' then
+    algorithm = "ECDSA"
+    bits = "521"
   else
     stdnse.print_debug( "Unsupported key type: %s", key_type )
   end
diff --git a/scripts/ssh-hostkey.nse b/scripts/ssh-hostkey.nse
index 7069e99fa..0dd615b77 100644
--- a/scripts/ssh-hostkey.nse
+++ b/scripts/ssh-hostkey.nse
@@ -136,6 +136,15 @@ local function portaction(host, port)
   key = ssh2.fetch_host_key( host, port, "ssh-rsa" )
   if key then table.insert( keys, key ) end
 
+  key = ssh2.fetch_host_key( host, port, "ecdsa-sha2-nistp256" )
+  if key then table.insert( keys, key ) end
+
+  key = ssh2.fetch_host_key( host, port, "ecdsa-sha2-nistp384" )
+  if key then table.insert( keys, key ) end
+
+  key = ssh2.fetch_host_key( host, port, "ecdsa-sha2-nistp521" )
+  if key then table.insert( keys, key ) end
+
   for _, key in ipairs( keys ) do
     add_key_to_registry( host, key )
     table.insert(output_tab, {