lib: add ed25519 key support

mscdex · Apr 2, 2019 · e40ca05 · e40ca05
1 parent 3b3a7a7
commit e40ca05
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/lib/client.js b/lib/client.js
@@ -11,6 +11,7 @@ var SFTPStream = ssh2_streams.SFTPStream;
 var consts = ssh2_streams.constants;
 var BUGS = consts.BUGS;
 var ALGORITHMS = consts.ALGORITHMS;
+var EDDSA_SUPPORTED = consts.EDDSA_SUPPORTED;
 var parseKey = ssh2_streams.utils.parseKey;
 
 var Channel = require('./Channel');
@@ -522,6 +523,7 @@ Client.prototype.connect = function(cfg) {
       var pubKeyFullType = agentKey.toString('ascii', 4, 4 + keyLen);
       var pubKeyType = pubKeyFullType.slice(4);
       // Check that we support the key type first
+      // TODO: move key type checking logic to ssh2-streams
       switch (pubKeyFullType) {
         case 'ssh-rsa':
         case 'ssh-dss':
@@ -530,6 +532,8 @@ Client.prototype.connect = function(cfg) {
         case 'ecdsa-sha2-nistp521':
           break;
         default:
+          if (EDDSA_SUPPORTED && pubKeyFullType === 'ssh-ed25519')
+            break;
           debug('DEBUG: Agent: Skipping unsupported key type: '
                 + pubKeyFullType);
           return tryNextAgentKey();

diff --git a/lib/server.js b/lib/server.js
@@ -28,6 +28,7 @@ function Server(cfg, listener) {
   var hostKeys = {
     'ssh-rsa': null,
     'ssh-dss': null,
+    'ssh-ed25519': null,
     'ecdsa-sha2-nistp256': null,
     'ecdsa-sha2-nistp384': null,
     'ecdsa-sha2-nistp521': null
@@ -992,11 +993,15 @@ function PKAuthContext(stream, username, service, method, pkInfo, cb) {
   this.signature = pkInfo.signature;
   var sigAlgo;
   if (this.signature) {
+    // TODO: move key type checking logic to ssh2-streams
     switch (pkInfo.keyAlgo) {
       case 'ssh-rsa':
       case 'ssh-dss':
         sigAlgo = 'sha1';
         break;
+      case 'ssh-ed25519':
+        sigAlgo = null;
+        break;
       case 'ecdsa-sha2-nistp256':
         sigAlgo = 'sha256';
         break;
@@ -1016,8 +1021,9 @@ PKAuthContext.prototype.accept = function() {
   if (!this.signature) {
     this._initialResponse = true;
     this._stream.authPKOK(this.key.algo, this.key.data);
-  } else
+  } else {
     AuthContext.prototype.accept.call(this);
+  }
 };
 
 function HostbasedAuthContext(stream, username, service, method, pkInfo, cb) {
@@ -1027,11 +1033,15 @@ function HostbasedAuthContext(stream, username, service, method, pkInfo, cb) {
   this.signature = pkInfo.signature;
   var sigAlgo;
   if (this.signature) {
+    // TODO: move key type checking logic to ssh2-streams
     switch (pkInfo.keyAlgo) {
       case 'ssh-rsa':
       case 'ssh-dss':
         sigAlgo = 'sha1';
         break;
+      case 'ssh-ed25519':
+        sigAlgo = null;
+        break;
       case 'ecdsa-sha2-nistp256':
         sigAlgo = 'sha256';
         break;