From c02b260e7ef8548d61d6491d76d0150da66c19c7 Mon Sep 17 00:00:00 2001 From: Aris Adamantiadis Date: Wed, 3 Sep 2014 09:32:32 +0200 Subject: [PATCH] server: Add support for ed25519 keys in the server. Signed-off-by: Aris Adamantiadis Reviewed-by: Andreas Schneider --- include/libssh/bind.h | 2 ++ include/libssh/session.h | 2 +- src/bind.c | 11 +++++++++++ src/options.c | 4 ++++ src/server.c | 14 ++++++++++++-- src/session.c | 2 ++ 6 files changed, 32 insertions(+), 3 deletions(-) diff --git a/include/libssh/bind.h b/include/libssh/bind.h index ced1c494..edbc7b77 100644 --- a/include/libssh/bind.h +++ b/include/libssh/bind.h @@ -36,9 +36,11 @@ struct ssh_bind_struct { char *ecdsakey; char *dsakey; char *rsakey; + char *ed25519key; ssh_key ecdsa; ssh_key dsa; ssh_key rsa; + ssh_key ed25519; char *bindaddr; socket_t bindfd; unsigned int bindport; diff --git a/include/libssh/session.h b/include/libssh/session.h index 29bdd60b..60d78578 100644 --- a/include/libssh/session.h +++ b/include/libssh/session.h @@ -156,7 +156,7 @@ struct ssh_session_struct { ssh_key rsa_key; ssh_key dsa_key; ssh_key ecdsa_key; - + ssh_key ed25519_key; /* The type of host key wanted by client */ enum ssh_keytypes_e hostkey; } srv; diff --git a/src/bind.c b/src/bind.c index b3239462..be348651 100644 --- a/src/bind.c +++ b/src/bind.c @@ -365,6 +365,7 @@ void ssh_bind_free(ssh_bind sshbind){ SAFE_FREE(sshbind->dsakey); SAFE_FREE(sshbind->rsakey); SAFE_FREE(sshbind->ecdsakey); + SAFE_FREE(sshbind->ed25519key); ssh_key_free(sshbind->dsa); sshbind->dsa = NULL; @@ -372,6 +373,8 @@ void ssh_bind_free(ssh_bind sshbind){ sshbind->rsa = NULL; ssh_key_free(sshbind->ecdsa); sshbind->ecdsa = NULL; + ssh_key_free(sshbind->ed25519); + sshbind->ed25519 = NULL; for (i = 0; i < 10; i++) { if (sshbind->wanted_methods[i]) { @@ -459,6 +462,14 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){ return SSH_ERROR; } } + if (sshbind->ed25519 != NULL) { + session->srv.ed25519_key = ssh_key_dup(sshbind->ed25519); + if (session->srv.ed25519_key == NULL){ + ssh_set_error_oom(sshbind); + return SSH_ERROR; + } + } + /* force PRNG to change state in case we fork after ssh_bind_accept */ ssh_reseed(); return SSH_OK; diff --git a/src/options.c b/src/options.c index 2b8abb48..44b1a888 100644 --- a/src/options.c +++ b/src/options.c @@ -1436,6 +1436,10 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type, bind_key_loc = &sshbind->rsa; bind_key_path_loc = &sshbind->rsakey; break; + case SSH_KEYTYPE_ED25519: + bind_key_loc = &sshbind->ed25519; + bind_key_path_loc = &sshbind->ed25519key; + break; default: ssh_set_error(sshbind, SSH_FATAL, diff --git a/src/server.c b/src/server.c index 3a38fc7b..61641a6e 100644 --- a/src/server.c +++ b/src/server.c @@ -94,10 +94,17 @@ static int server_set_kex(ssh_session session) { ZERO_STRUCTP(server); ssh_get_random(server->cookie, 16, 0); + if (session->srv.ed25519_key != NULL) { + snprintf(hostkeys, + sizeof(hostkeys), + "%s", + ssh_key_type_to_char(ssh_key_type(session->srv.ed25519_key))); + } #ifdef HAVE_ECC if (session->srv.ecdsa_key != NULL) { - snprintf(hostkeys, sizeof(hostkeys), - "%s", session->srv.ecdsa_key->type_c); + len = strlen(hostkeys); + snprintf(hostkeys + len, sizeof(hostkeys) - len, + ",%s", session->srv.ecdsa_key->type_c); } #endif if (session->srv.dsa_key != NULL) { @@ -225,6 +232,9 @@ int ssh_get_key_params(ssh_session session, ssh_key *privkey){ case SSH_KEYTYPE_ECDSA: *privkey = session->srv.ecdsa_key; break; + case SSH_KEYTYPE_ED25519: + *privkey = session->srv.ed25519_key; + break; case SSH_KEYTYPE_UNKNOWN: default: *privkey = NULL; diff --git a/src/session.c b/src/session.c index 63364c51..ad1b3a87 100644 --- a/src/session.c +++ b/src/session.c @@ -231,6 +231,8 @@ void ssh_free(ssh_session session) { session->srv.rsa_key = NULL; ssh_key_free(session->srv.ecdsa_key); session->srv.ecdsa_key = NULL; + ssh_key_free(session->srv.ed25519_key); + session->srv.ed25519_key = NULL; if (session->ssh_message_list) { ssh_message msg;