ssh_keyalg: new method 'alternate_ssh_id'.

Previously, the fact that "ssh-rsa" sometimes comes with two subtypes
"rsa-sha2-256" and "rsa-sha2-512" was known to three different parts
of the code - two in userauth and one in transport. Now the knowledge
of what those ids are, which one goes with which signing flags, and
which key types have subtypes at all, is centralised into a method of
the key algorithm, and all those locations just query it.

This will enable the introduction of further key algorithms that have
a parallel upgrade system.

crypto/dsa.c

@@ -499,6 +499,7 @@ const ssh_keyalg ssh_dsa = {
     .components = dsa_components,
     .pubkey_bits = dsa_pubkey_bits,
     .supported_flags = nullkey_supported_flags,
+    .alternate_ssh_id = nullkey_alternate_ssh_id,
     .ssh_id = "ssh-dss",
     .cache_id = "dss",
 };

crypto/ecc-ssh.c

@@ -1258,6 +1258,7 @@ const ssh_keyalg ssh_ecdsa_ed25519 = {
     .components = eddsa_components,
     .pubkey_bits = ec_shared_pubkey_bits,
     .supported_flags = nullkey_supported_flags,
+    .alternate_ssh_id = nullkey_alternate_ssh_id,
     .ssh_id = "ssh-ed25519",
     .cache_id = "ssh-ed25519",
     .extra = &sign_extra_ed25519,
@@ -1282,6 +1283,7 @@ const ssh_keyalg ssh_ecdsa_ed448 = {
     .components = eddsa_components,
     .pubkey_bits = ec_shared_pubkey_bits,
     .supported_flags = nullkey_supported_flags,
+    .alternate_ssh_id = nullkey_alternate_ssh_id,
     .ssh_id = "ssh-ed448",
     .cache_id = "ssh-ed448",
     .extra = &sign_extra_ed448,
@@ -1310,6 +1312,7 @@ const ssh_keyalg ssh_ecdsa_nistp256 = {
     .components = ecdsa_components,
     .pubkey_bits = ec_shared_pubkey_bits,
     .supported_flags = nullkey_supported_flags,
+    .alternate_ssh_id = nullkey_alternate_ssh_id,
     .ssh_id = "ecdsa-sha2-nistp256",
     .cache_id = "ecdsa-sha2-nistp256",
     .extra = &sign_extra_nistp256,
@@ -1338,6 +1341,7 @@ const ssh_keyalg ssh_ecdsa_nistp384 = {
     .components = ecdsa_components,
     .pubkey_bits = ec_shared_pubkey_bits,
     .supported_flags = nullkey_supported_flags,
+    .alternate_ssh_id = nullkey_alternate_ssh_id,
     .ssh_id = "ecdsa-sha2-nistp384",
     .cache_id = "ecdsa-sha2-nistp384",
     .extra = &sign_extra_nistp384,
@@ -1366,6 +1370,7 @@ const ssh_keyalg ssh_ecdsa_nistp521 = {
     .components = ecdsa_components,
     .pubkey_bits = ec_shared_pubkey_bits,
     .supported_flags = nullkey_supported_flags,
+    .alternate_ssh_id = nullkey_alternate_ssh_id,
     .ssh_id = "ecdsa-sha2-nistp521",
     .cache_id = "ecdsa-sha2-nistp521",
     .extra = &sign_extra_nistp521,

crypto/rsa.c

@@ -844,6 +844,15 @@ static unsigned ssh_rsa_supported_flags(const ssh_keyalg *self)
     return SSH_AGENT_RSA_SHA2_256 | SSH_AGENT_RSA_SHA2_512;
 }
 
+const char *ssh_rsa_alternate_ssh_id(const ssh_keyalg *self, unsigned flags)
+{
+    if (flags & SSH_AGENT_RSA_SHA2_512)
+        return ssh_rsa_sha512.ssh_id;
+    if (flags & SSH_AGENT_RSA_SHA2_256)
+        return ssh_rsa_sha256.ssh_id;
+    return self->ssh_id;
+}
+
 static const struct ssh2_rsa_extra
     rsa_extra = { 0 },
     rsa_sha256_extra = { SSH_AGENT_RSA_SHA2_256 },
@@ -869,6 +878,7 @@ const ssh_keyalg ssh_rsa = {
     COMMON_KEYALG_FIELDS,
     .ssh_id = "ssh-rsa",
     .supported_flags = ssh_rsa_supported_flags,
+    .alternate_ssh_id = ssh_rsa_alternate_ssh_id,
     .extra = &rsa_extra,
 };
 
@@ -876,6 +886,7 @@ const ssh_keyalg ssh_rsa_sha256 = {
     COMMON_KEYALG_FIELDS,
     .ssh_id = "rsa-sha2-256",
     .supported_flags = nullkey_supported_flags,
+    .alternate_ssh_id = nullkey_alternate_ssh_id,
     .extra = &rsa_sha256_extra,
 };
 
@@ -883,6 +894,7 @@ const ssh_keyalg ssh_rsa_sha512 = {
     COMMON_KEYALG_FIELDS,
     .ssh_id = "rsa-sha2-512",
     .supported_flags = nullkey_supported_flags,
+    .alternate_ssh_id = nullkey_alternate_ssh_id,
     .extra = &rsa_sha512_extra,
 };