From e7f046c9d43e30184780970fd303a524d707a620 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Tue, 2 Mar 2021 10:17:36 -0500 Subject: [PATCH] Support ED25519 certificates. --- lib/ssh_data/certificate.rb | 3 ++- lib/ssh_data/encoding.rb | 18 ++++++++++-------- spec/certificate_spec.rb | 8 ++++++++ 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/lib/ssh_data/certificate.rb b/lib/ssh_data/certificate.rb index 6a7ee4d..aafd8c9 100644 --- a/lib/ssh_data/certificate.rb +++ b/lib/ssh_data/certificate.rb @@ -19,10 +19,11 @@ module SSHData ALGO_ECDSA521 = "ecdsa-sha2-nistp521-cert-v01@openssh.com" ALGO_ED25519 = "ssh-ed25519-cert-v01@openssh.com" ALGO_SK_ECDSA256 = "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com" + ALGO_SK_ED25519 = "sk-ssh-ed25519-cert-v01@openssh.com" ALGOS = [ ALGO_RSA, ALGO_DSA, ALGO_ECDSA256, ALGO_ECDSA384, ALGO_ECDSA521, - ALGO_ED25519, ALGO_SK_ECDSA256 + ALGO_ED25519, ALGO_SK_ECDSA256, ALGO_SK_ED25519 ] CRITICAL_OPTION_FORCE_COMMAND = "force-command" diff --git a/lib/ssh_data/encoding.rb b/lib/ssh_data/encoding.rb index e808c1b..42bcdd5 100644 --- a/lib/ssh_data/encoding.rb +++ b/lib/ssh_data/encoding.rb @@ -87,17 +87,19 @@ module SSHData Certificate::ALGO_ECDSA384 => PublicKey::ALGO_ECDSA384, Certificate::ALGO_ECDSA521 => PublicKey::ALGO_ECDSA521, Certificate::ALGO_ED25519 => PublicKey::ALGO_ED25519, - Certificate::ALGO_SK_ECDSA256 => PublicKey::ALGO_SK_ECDSA256 + Certificate::ALGO_SK_ECDSA256 => PublicKey::ALGO_SK_ECDSA256, + Certificate::ALGO_SK_ED25519 => PublicKey::ALGO_SK_ED25519, } CERT_ALGO_BY_PUBLIC_KEY_ALGO = { - PublicKey::ALGO_RSA => Certificate::ALGO_RSA, - PublicKey::ALGO_DSA => Certificate::ALGO_DSA, - PublicKey::ALGO_ECDSA256 => Certificate::ALGO_ECDSA256, - PublicKey::ALGO_ECDSA384 => Certificate::ALGO_ECDSA384, - PublicKey::ALGO_ECDSA521 => Certificate::ALGO_ECDSA521, - PublicKey::ALGO_ED25519 => Certificate::ALGO_ED25519, - PublicKey::ALGO_SK_ECDSA256 => Certificate::ALGO_SK_ECDSA256 + PublicKey::ALGO_RSA => Certificate::ALGO_RSA, + PublicKey::ALGO_DSA => Certificate::ALGO_DSA, + PublicKey::ALGO_ECDSA256 => Certificate::ALGO_ECDSA256, + PublicKey::ALGO_ECDSA384 => Certificate::ALGO_ECDSA384, + PublicKey::ALGO_ECDSA521 => Certificate::ALGO_ECDSA521, + PublicKey::ALGO_ED25519 => Certificate::ALGO_ED25519, + PublicKey::ALGO_SK_ECDSA256 => Certificate::ALGO_SK_ECDSA256, + PublicKey::ALGO_SK_ED25519 => Certificate::ALGO_SK_ED25519, } KEY_FIELDS_BY_PUBLIC_KEY_ALGO = { diff --git a/spec/certificate_spec.rb b/spec/certificate_spec.rb index 7d62a83..9c3dfa2 100644 --- a/spec/certificate_spec.rb +++ b/spec/certificate_spec.rb @@ -273,6 +273,14 @@ describe SSHData::Certificate do SSHData::PublicKey::RSA # ca key type ] + test_cases << [ + :sked25519_leaf_for_rsa_ca, # name + "sked25519_leaf_for_rsa_ca-cert.pub", # fixture + SSHData::Certificate::ALGO_SK_ED25519, # algo + SSHData::PublicKey::SKED25519, # public key type + SSHData::PublicKey::RSA # ca key type + ] + test_cases.each do |name, fixture_name, algo, public_key_class, ca_key_class| describe(name) do let(:openssh) { fixture(fixture_name).strip }