diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2019-01-02 10:45:36 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2019-01-02 11:07:05 +0100 |
commit | 918094fde55fa0dbfd59a5f88d576efb513a88db (patch) | |
tree | 61e31656c60a6cc928c50cd633568043673e2cbd /src/libstrongswan/plugins/sshkey | |
parent | 69bc96f6b0b388d35e983f8d27224fa49d92918c (diff) | |
download | vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.tar.gz vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.zip |
New upstream version 5.7.2
Diffstat (limited to 'src/libstrongswan/plugins/sshkey')
-rw-r--r-- | src/libstrongswan/plugins/sshkey/sshkey_builder.c | 35 | ||||
-rw-r--r-- | src/libstrongswan/plugins/sshkey/sshkey_encoder.c | 38 |
2 files changed, 69 insertions, 4 deletions
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.c b/src/libstrongswan/plugins/sshkey/sshkey_builder.c index eab6559b3..934514249 100644 --- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c +++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2014 Tobias Brunner + * Copyright (C) 2013-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -89,6 +89,34 @@ static sshkey_public_key_t *parse_public_key(chunk_t blob) return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END); } + else if (chunk_equals(format, chunk_from_str("ssh-ed25519"))) + { + chunk_t blob; + + if (!reader->read_data32(reader, &blob)) + { + DBG1(DBG_LIB, "invalid Ed25519 key in SSH key"); + reader->destroy(reader); + return NULL; + } + reader->destroy(reader); + return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519, + BUILD_EDDSA_PUB, blob, BUILD_END); + } + else if (chunk_equals(format, chunk_from_str("ssh-ed448"))) + { + chunk_t blob; + + if (!reader->read_data32(reader, &blob)) + { + DBG1(DBG_LIB, "invalid Ed448 key in SSH key"); + reader->destroy(reader); + return NULL; + } + reader->destroy(reader); + return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED448, + BUILD_EDDSA_PUB, blob, BUILD_END); + } else if (format.len > strlen(ECDSA_PREFIX) && strpfx(format.ptr, ECDSA_PREFIX)) { @@ -140,8 +168,9 @@ static sshkey_public_key_t *load_from_stream(FILE *file) char line[1024], *token; while (!public && fgets(line, sizeof(line), file)) - { /* the format is: ssh-rsa|ecdsa-... <key(base64)> <identifier> */ - if (!strpfx(line, "ssh-rsa") && !strpfx(line, ECDSA_PREFIX)) + { /* the format is: ssh-<key-type> <key(base64)> <identifier> */ + if (!strpfx(line, "ssh-rsa") && !strpfx(line, ECDSA_PREFIX) && + !strpfx(line, "ssh-ed25519") && !strpfx(line, "ssh-ed448")) { continue; } diff --git a/src/libstrongswan/plugins/sshkey/sshkey_encoder.c b/src/libstrongswan/plugins/sshkey/sshkey_encoder.c index 9f5f8bd1f..ed35fc010 100644 --- a/src/libstrongswan/plugins/sshkey/sshkey_encoder.c +++ b/src/libstrongswan/plugins/sshkey/sshkey_encoder.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Tobias Brunner + * Copyright (C) 2013-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -72,6 +72,42 @@ static bool build_public_key(chunk_t *encoding, va_list args) writer->destroy(writer); return TRUE; } + else if (cred_encoding_args(args, CRED_PART_EDDSA_PUB_ASN1_DER, &n, + CRED_PART_END)) + { + chunk_t alg; + char *prefix; + int oid; + + /* parse subjectPublicKeyInfo */ + if (asn1_unwrap(&n, &n) != ASN1_SEQUENCE) + { + return FALSE; + } + oid = asn1_parse_algorithmIdentifier(n, 1, NULL); + switch (oid) + { + case OID_ED25519: + prefix = "ssh-ed25519"; + break; + case OID_ED448: + prefix = "ssh-ed448"; + break; + default: + return FALSE; + } + if (asn1_unwrap(&n, &alg) != ASN1_SEQUENCE || + asn1_unwrap(&n, &n) != ASN1_BIT_STRING || !n.len) + { + return FALSE; + } + writer = bio_writer_create(0); + writer->write_data32(writer, chunk_from_str(prefix)); + writer->write_data32(writer, chunk_skip(n, 1)); + *encoding = chunk_to_base64(writer->get_buf(writer), NULL); + writer->destroy(writer); + return TRUE; + } else if (cred_encoding_args(args, CRED_PART_ECDSA_PUB_ASN1_DER, &n, CRED_PART_END)) { |