Allow limiting RSA key size used for authentication

Thanks to Harry Sintonen from WithSecure for pointing this out.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

include/libssh/libssh.h

@@ -406,6 +406,7 @@ enum ssh_options_e {
   SSH_OPTIONS_PROCESS_CONFIG,
   SSH_OPTIONS_REKEY_DATA,
   SSH_OPTIONS_REKEY_TIME,
+  SSH_OPTIONS_RSA_MIN_SIZE,
 };
 
 enum {

include/libssh/pki.h

@@ -176,6 +176,7 @@ ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key);
 ssh_private_key ssh_pki_convert_key_to_privatekey(const ssh_key key);
 
 int ssh_key_algorithm_allowed(ssh_session session, const char *type);
+bool ssh_key_size_allowed(ssh_session session, ssh_key key);
 
 /* Return the key size in bits */
 int ssh_key_size(ssh_key key);

include/libssh/pki_priv.h

@@ -165,4 +165,5 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
 /* URI Function */
 int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type);
 
+bool ssh_key_size_allowed_rsa(int min_size, ssh_key key);
 #endif /* PKI_PRIV_H_ */

include/libssh/session.h

@@ -233,6 +233,7 @@ struct ssh_session_struct {
         uint8_t options_seen[SOC_MAX];
         uint64_t rekey_data;
         uint32_t rekey_time;
+        unsigned int rsa_min_size;
     } opts;
     /* counters */
     ssh_counter socket_counter;