File 3871-Support-Ed25519-Ed448-SSH-host-keys-in-Ope... of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 3871-Support-Ed25519-Ed448-SSH-host-keys-in-OpenSSL-forma.patch of Package erlang

From d450ebc24ec469e00cb487c8c5027d158e1f1246 Mon Sep 17 00:00:00 2001
From: Jon Carstens <jjcarstens@me.com>
Date: Thu, 16 Dec 2021 20:12:36 -0700
Subject: [PATCH] Support Ed25519/Ed448 SSH host keys in OpenSSL format

---
 lib/ssh/src/ssh_transport.erl                  | 18 ++++++++++++++++++
 lib/ssh/test/ssh_pubkey_SUITE.erl              | 18 +++++++++---------
 .../old_format/ssh_host_ed25519_key            |  4 ++++
 .../old_format/ssh_host_ed25519_key.pub        |  1 +
 .../old_format/ssh_host_ed448_key              |  5 +++++
 .../old_format/ssh_host_ed448_key.pub          |  1 +
 .../old_format_passphrase/ssh_host_ed25519_key |  4 ++++
 .../ssh_host_ed25519_key.pub                   |  1 +
 .../old_format_passphrase/ssh_host_ed448_key   |  5 +++++
 .../ssh_host_ed448_key.pub                     |  1 +
 10 files changed, 49 insertions(+), 9 deletions(-)
 create mode 100644 lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed25519_key
 create mode 100644 lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed25519_key.pub
 create mode 100644 lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed448_key
 create mode 100644 lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed448_key.pub
 create mode 100644 lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed25519_key
 create mode 100644 lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed25519_key.pub
 create mode 100644 lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed448_key
 create mode 100644 lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed448_key.pub

diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 13c6c67134..e43c345130 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -930,6 +930,19 @@ extract_public_key(#'RSAPrivateKey'{modulus = N, publicExponent = E}) ->
     #'RSAPublicKey'{modulus = N, publicExponent = E};
 extract_public_key(#'DSAPrivateKey'{y = Y, p = P, q = Q, g = G}) ->
     {Y,  #'Dss-Parms'{p=P, q=Q, g=G}};
+extract_public_key(#'ECPrivateKey'{parameters = {namedCurve,OID},
+				   publicKey = Pub0, privateKey = Priv}) when
+      OID == ?'id-Ed25519'orelse
+      OID == ?'id-Ed448' ->
+    case {pubkey_cert_records:namedCurves(OID), Pub0} of
+        {Alg, asn1_NOVALUE} ->
+            %% If we're missing the public key, we can create it with
+            %% the private key.
+            {Pub, Priv} = crypto:generate_key(eddsa, Alg, Priv),
+            {ed_pub, Alg, Pub};
+        {Alg, Pub} ->
+            {ed_pub, Alg, Pub}
+    end;
 extract_public_key(#'ECPrivateKey'{parameters = {namedCurve,OID},
 				   publicKey = Q}) when is_tuple(OID) ->
     {#'ECPoint'{point=Q}, {namedCurve,OID}};
@@ -1505,6 +1518,9 @@ sign(SigData, HashAlg, #{algorithm:=SigAlg} = Key) ->
     crypto:sign(SigAlg, HashAlg, SigData, Key);
 sign(SigData, HashAlg,  #'DSAPrivateKey'{} = Key) ->
     mk_dss_sig(public_key:sign(SigData, HashAlg, Key));
+sign(SigData, HashAlg, Key = #'ECPrivateKey'{parameters = {namedCurve, Curve}})
+  when (Curve == ?'id-Ed25519') orelse (Curve == ?'id-Ed448') ->
+    public_key:sign(SigData, HashAlg, Key);
 sign(SigData, HashAlg, Key = #'ECPrivateKey'{}) ->
     DerEncodedSign =  public_key:sign(SigData, HashAlg, Key),
     #'ECDSA-Sig-Value'{r=R, s=S} = public_key:der_decode('ECDSA-Sig-Value', DerEncodedSign),
@@ -2047,8 +2063,10 @@ valid_key_sha_alg(private, #'DSAPrivateKey'{},  'ssh-dss') -> true;
 
 valid_key_sha_alg(public, {ed_pub, ed25519,_},  'ssh-ed25519') -> true;
 valid_key_sha_alg(private, {ed_pri, ed25519,_,_},'ssh-ed25519') -> true;
+valid_key_sha_alg(private, #'ECPrivateKey'{parameters = {namedCurve,OID}},'ssh-ed25519') when OID == ?'id-Ed25519' -> true;
 valid_key_sha_alg(public, {ed_pub, ed448,_},    'ssh-ed448') -> true;
 valid_key_sha_alg(private, {ed_pri, ed448,_,_},  'ssh-ed448') -> true;
+valid_key_sha_alg(private, #'ECPrivateKey'{parameters = {namedCurve,OID}},'ssh-ed448') when OID == ?'id-Ed448' -> true;
 
 valid_key_sha_alg(public, {#'ECPoint'{},{namedCurve,OID}}, Alg) when is_tuple(OID) ->
     valid_key_sha_alg_ec(OID, Alg);
diff --git a/lib/ssh/test/ssh_pubkey_SUITE.erl b/lib/ssh/test/ssh_pubkey_SUITE.erl
index 6c78cd2d68..81c32e0197 100644
--- a/lib/ssh/test/ssh_pubkey_SUITE.erl
+++ b/lib/ssh/test/ssh_pubkey_SUITE.erl
@@ -119,14 +119,16 @@ all() ->
                     connect_dsa_to_ecdsa,
                     connect_ecdsa_to_rsa_sha2,
                     connect_ecdsa_to_dsa,
-                    connect_ecdsa_to_ecdsa
-                   ]).
-
--define(tests_new, [connect_dsa_to_ed25519,
-                    connect_dsa_to_ed448,
+                    connect_ecdsa_to_ecdsa,
+                    connect_dsa_to_ed25519,
                     connect_ecdsa_to_ed25519,
+                    connect_rsa_sha2_to_ed25519,
+                    connect_dsa_to_ed448,
                     connect_ecdsa_to_ed448,
-                    connect_ed25519_to_dsa,
+                    connect_rsa_sha2_to_ed448
+                   ]).
+
+-define(tests_new, [connect_ed25519_to_dsa,
                     connect_ed25519_to_ecdsa,
                     connect_ed25519_to_ed448,
                     connect_ed25519_to_ed25519,
@@ -135,9 +137,7 @@ all() ->
                     connect_ed448_to_ecdsa,
                     connect_ed448_to_ed25519,
                     connect_ed448_to_ed448,
-                    connect_ed448_to_rsa_sha2,
-                    connect_rsa_sha2_to_ed25519,
-                    connect_rsa_sha2_to_ed448
+                    connect_ed448_to_rsa_sha2
                     | ?tests_old % but taken from the new format directory
                    ]).
 
diff --git a/lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed25519_key b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed25519_key
new file mode 100644
index 0000000000..6542cc7218
--- /dev/null
+++ b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed25519_key
@@ -0,0 +1,4 @@
+-----BEGIN EC PRIVATE KEY-----
+MFECAQEEIFZTDpCko9CxtWW5UKzRqvMXPTJZfIdcA5u/IOV3EmU4oAUGAytlcKEj
+AyEAIAJ1D3OUNmUJRCDQ8uPkVCeTV6oNOtpubn2I7x2VxM0=
+-----END EC PRIVATE KEY-----
diff --git a/lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed25519_key.pub b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000000..4a1b4c7f3d
--- /dev/null
+++ b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICACdQ9zlDZlCUQg0PLj5FQnk1eqDTrabm59iO8dlcTN uabhnil@elxadlj3q32
diff --git a/lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed448_key b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed448_key
new file mode 100644
index 0000000000..ac7320e12c
--- /dev/null
+++ b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed448_key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGDAgEBBDlf6cdZBOKnN7msVY8oloq9Se2ee5RBXGf3Ofs96djk8uqEAyQdWUe+
+fWMNDPVnyViy7qceZkECkf6gBQYDK2VxoTwDOgCLHixRiwKzXM1/OOTdsC1L06OS
+3BntXrBWpqKU2Xhr1acxidyCB/0hhtf89NtZVm0zkXBf/zL6jQA=
+-----END EC PRIVATE KEY-----
diff --git a/lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed448_key.pub b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed448_key.pub
new file mode 100644
index 0000000000..c97f1e3003
--- /dev/null
+++ b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format/ssh_host_ed448_key.pub
@@ -0,0 +1 @@
+ssh-ed448 AAAACXNzaC1lZDQ0OAAAADmLHixRiwKzXM1/OOTdsC1L06OS3BntXrBWpqKU2Xhr1acxidyCB/0hhtf89NtZVm0zkXBf/zL6jQA= uabhnil@elxadlj3q32
diff --git a/lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed25519_key b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed25519_key
new file mode 100644
index 0000000000..6542cc7218
--- /dev/null
+++ b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed25519_key
@@ -0,0 +1,4 @@
+-----BEGIN EC PRIVATE KEY-----
+MFECAQEEIFZTDpCko9CxtWW5UKzRqvMXPTJZfIdcA5u/IOV3EmU4oAUGAytlcKEj
+AyEAIAJ1D3OUNmUJRCDQ8uPkVCeTV6oNOtpubn2I7x2VxM0=
+-----END EC PRIVATE KEY-----
diff --git a/lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed25519_key.pub b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000000..4a1b4c7f3d
--- /dev/null
+++ b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICACdQ9zlDZlCUQg0PLj5FQnk1eqDTrabm59iO8dlcTN uabhnil@elxadlj3q32
diff --git a/lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed448_key b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed448_key
new file mode 100644
index 0000000000..ac7320e12c
--- /dev/null
+++ b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed448_key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGDAgEBBDlf6cdZBOKnN7msVY8oloq9Se2ee5RBXGf3Ofs96djk8uqEAyQdWUe+
+fWMNDPVnyViy7qceZkECkf6gBQYDK2VxoTwDOgCLHixRiwKzXM1/OOTdsC1L06OS
+3BntXrBWpqKU2Xhr1acxidyCB/0hhtf89NtZVm0zkXBf/zL6jQA=
+-----END EC PRIVATE KEY-----
diff --git a/lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed448_key.pub b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed448_key.pub
new file mode 100644
index 0000000000..c97f1e3003
--- /dev/null
+++ b/lib/ssh/test/ssh_pubkey_SUITE_data/old_format_passphrase/ssh_host_ed448_key.pub
@@ -0,0 +1 @@
+ssh-ed448 AAAACXNzaC1lZDQ0OAAAADmLHixRiwKzXM1/OOTdsC1L06OS3BntXrBWpqKU2Xhr1acxidyCB/0hhtf89NtZVm0zkXBf/zL6jQA= uabhnil@elxadlj3q32
-- 
2.31.1

Places

File 3871-Support-Ed25519-Ed448-SSH-host-keys-in-OpenSSL-forma.patch of Package erlang

Places