Support ED25519 certificates.

2021-03-02 10:17:36 -05:00 · 2021-03-02 10:17:36 -05:00 · e7f046c9d4
--- a/lib/ssh_data/certificate.rb
+++ b/lib/ssh_data/certificate.rb
@ -19,10 +19,11 @@ module SSHData
    ALGO_ECDSA521    = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
    ALGO_ED25519     = "ssh-ed25519-cert-v01@openssh.com"
    ALGO_SK_ECDSA256 = "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
+    ALGO_SK_ED25519  = "sk-ssh-ed25519-cert-v01@openssh.com"

    ALGOS = [
      ALGO_RSA, ALGO_DSA, ALGO_ECDSA256, ALGO_ECDSA384, ALGO_ECDSA521,
-      ALGO_ED25519, ALGO_SK_ECDSA256
+      ALGO_ED25519, ALGO_SK_ECDSA256, ALGO_SK_ED25519
    ]

    CRITICAL_OPTION_FORCE_COMMAND  = "force-command"
--- a/lib/ssh_data/encoding.rb
+++ b/lib/ssh_data/encoding.rb
@ -87,17 +87,19 @@ module SSHData
      Certificate::ALGO_ECDSA384    => PublicKey::ALGO_ECDSA384,
      Certificate::ALGO_ECDSA521    => PublicKey::ALGO_ECDSA521,
      Certificate::ALGO_ED25519     => PublicKey::ALGO_ED25519,
-      Certificate::ALGO_SK_ECDSA256 => PublicKey::ALGO_SK_ECDSA256
+      Certificate::ALGO_SK_ECDSA256 => PublicKey::ALGO_SK_ECDSA256,
+      Certificate::ALGO_SK_ED25519  => PublicKey::ALGO_SK_ED25519,
    }

    CERT_ALGO_BY_PUBLIC_KEY_ALGO = {
-      PublicKey::ALGO_RSA      => Certificate::ALGO_RSA,
-      PublicKey::ALGO_DSA      => Certificate::ALGO_DSA,
-      PublicKey::ALGO_ECDSA256 => Certificate::ALGO_ECDSA256,
-      PublicKey::ALGO_ECDSA384 => Certificate::ALGO_ECDSA384,
-      PublicKey::ALGO_ECDSA521 => Certificate::ALGO_ECDSA521,
-      PublicKey::ALGO_ED25519  => Certificate::ALGO_ED25519,
-      PublicKey::ALGO_SK_ECDSA256 => Certificate::ALGO_SK_ECDSA256
+      PublicKey::ALGO_RSA         => Certificate::ALGO_RSA,
+      PublicKey::ALGO_DSA         => Certificate::ALGO_DSA,
+      PublicKey::ALGO_ECDSA256    => Certificate::ALGO_ECDSA256,
+      PublicKey::ALGO_ECDSA384    => Certificate::ALGO_ECDSA384,
+      PublicKey::ALGO_ECDSA521    => Certificate::ALGO_ECDSA521,
+      PublicKey::ALGO_ED25519     => Certificate::ALGO_ED25519,
+      PublicKey::ALGO_SK_ECDSA256 => Certificate::ALGO_SK_ECDSA256,
+      PublicKey::ALGO_SK_ED25519  => Certificate::ALGO_SK_ED25519,
    }

    KEY_FIELDS_BY_PUBLIC_KEY_ALGO = {
--- a/spec/certificate_spec.rb
+++ b/spec/certificate_spec.rb
@ -273,6 +273,14 @@ describe SSHData::Certificate do
    SSHData::PublicKey::RSA                 # ca key type
  ]

+  test_cases << [
+    :sked25519_leaf_for_rsa_ca,             # name
+    "sked25519_leaf_for_rsa_ca-cert.pub",   # fixture
+    SSHData::Certificate::ALGO_SK_ED25519,  # algo
+    SSHData::PublicKey::SKED25519,          # public key type
+    SSHData::PublicKey::RSA                 # ca key type
+  ]
+
  test_cases.each do |name, fixture_name, algo, public_key_class, ca_key_class|
    describe(name) do
      let(:openssh) { fixture(fixture_name).strip }