summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/sshkey
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2019-01-02 10:45:36 +0100
committerYves-Alexis Perez <corsac@debian.org>2019-01-02 11:07:05 +0100
commit918094fde55fa0dbfd59a5f88d576efb513a88db (patch)
tree61e31656c60a6cc928c50cd633568043673e2cbd /src/libstrongswan/plugins/sshkey
parent69bc96f6b0b388d35e983f8d27224fa49d92918c (diff)
downloadvyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.tar.gz
vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.zip
New upstream version 5.7.2
Diffstat (limited to 'src/libstrongswan/plugins/sshkey')
-rw-r--r--src/libstrongswan/plugins/sshkey/sshkey_builder.c35
-rw-r--r--src/libstrongswan/plugins/sshkey/sshkey_encoder.c38
2 files changed, 69 insertions, 4 deletions
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.c b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
index eab6559b3..934514249 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2014 Tobias Brunner
+ * Copyright (C) 2013-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -89,6 +89,34 @@ static sshkey_public_key_t *parse_public_key(chunk_t blob)
return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END);
}
+ else if (chunk_equals(format, chunk_from_str("ssh-ed25519")))
+ {
+ chunk_t blob;
+
+ if (!reader->read_data32(reader, &blob))
+ {
+ DBG1(DBG_LIB, "invalid Ed25519 key in SSH key");
+ reader->destroy(reader);
+ return NULL;
+ }
+ reader->destroy(reader);
+ return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519,
+ BUILD_EDDSA_PUB, blob, BUILD_END);
+ }
+ else if (chunk_equals(format, chunk_from_str("ssh-ed448")))
+ {
+ chunk_t blob;
+
+ if (!reader->read_data32(reader, &blob))
+ {
+ DBG1(DBG_LIB, "invalid Ed448 key in SSH key");
+ reader->destroy(reader);
+ return NULL;
+ }
+ reader->destroy(reader);
+ return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED448,
+ BUILD_EDDSA_PUB, blob, BUILD_END);
+ }
else if (format.len > strlen(ECDSA_PREFIX) &&
strpfx(format.ptr, ECDSA_PREFIX))
{
@@ -140,8 +168,9 @@ static sshkey_public_key_t *load_from_stream(FILE *file)
char line[1024], *token;
while (!public && fgets(line, sizeof(line), file))
- { /* the format is: ssh-rsa|ecdsa-... <key(base64)> <identifier> */
- if (!strpfx(line, "ssh-rsa") && !strpfx(line, ECDSA_PREFIX))
+ { /* the format is: ssh-<key-type> <key(base64)> <identifier> */
+ if (!strpfx(line, "ssh-rsa") && !strpfx(line, ECDSA_PREFIX) &&
+ !strpfx(line, "ssh-ed25519") && !strpfx(line, "ssh-ed448"))
{
continue;
}
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_encoder.c b/src/libstrongswan/plugins/sshkey/sshkey_encoder.c
index 9f5f8bd1f..ed35fc010 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_encoder.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_encoder.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2013-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -72,6 +72,42 @@ static bool build_public_key(chunk_t *encoding, va_list args)
writer->destroy(writer);
return TRUE;
}
+ else if (cred_encoding_args(args, CRED_PART_EDDSA_PUB_ASN1_DER, &n,
+ CRED_PART_END))
+ {
+ chunk_t alg;
+ char *prefix;
+ int oid;
+
+ /* parse subjectPublicKeyInfo */
+ if (asn1_unwrap(&n, &n) != ASN1_SEQUENCE)
+ {
+ return FALSE;
+ }
+ oid = asn1_parse_algorithmIdentifier(n, 1, NULL);
+ switch (oid)
+ {
+ case OID_ED25519:
+ prefix = "ssh-ed25519";
+ break;
+ case OID_ED448:
+ prefix = "ssh-ed448";
+ break;
+ default:
+ return FALSE;
+ }
+ if (asn1_unwrap(&n, &alg) != ASN1_SEQUENCE ||
+ asn1_unwrap(&n, &n) != ASN1_BIT_STRING || !n.len)
+ {
+ return FALSE;
+ }
+ writer = bio_writer_create(0);
+ writer->write_data32(writer, chunk_from_str(prefix));
+ writer->write_data32(writer, chunk_skip(n, 1));
+ *encoding = chunk_to_base64(writer->get_buf(writer), NULL);
+ writer->destroy(writer);
+ return TRUE;
+ }
else if (cred_encoding_args(args, CRED_PART_ECDSA_PUB_ASN1_DER, &n,
CRED_PART_END))
{