Add Ed25519

1. Add testing key for user barney. 2. Remove some instances of the incorrect macro guard WOLFSSH_NO_ECC. We deal in ECDSA or ECDHE separately only. 3. Add WIP function for decoding the OpenSSH format Ed25519 key.
ejohnstown · May 10, 2024 · 6197246 · 6197246
1 parent fd317d2
commit 6197246
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 5 deletions.
diff --git a/src/internal.c b/src/internal.c
@@ -1375,8 +1375,7 @@ static int GetOpenSshKeyRsa(RsaKey* key,
 }
 #endif
 
-
-#if !defined(WOLFSSH_NO_ECDSA) && !defined(WOLFSSH_NO_ECC)
+#ifndef WOLFSSH_NO_ECDSA
 /*
  * Utility for GetOpenSshKey() to read in ECDSA keys.
  */
@@ -1406,6 +1405,35 @@ static int GetOpenSshKeyEcc(ecc_key* key,
 }
 #endif
 
+#ifndef WOLFSSH_NO_ED25519
+/*
+ * Utility for GetOpenSshKey() to read in Ed25519 keys.
+ */
+static int GetOpenSshKeyEd25519(ed25519_key* key,
+        const byte* buf, word32 len, word32* idx)
+{
+    const byte *name = NULL, *priv = NULL, *pub = NULL;
+    word32 nameSz = 0, privSz = 0, pubSz = 0;
+    int ret;
+
+    ret = wc_ed25519_init_ex(key, ssh->ctx->heap, INVALID_DEVID);
+    if (ret == WS_SUCCESS)
+        ret = GetStringRef(&nameSz, &name, buf, len, idx); /* curve name */
+    if (ret == WS_SUCCESS)
+        ret = GetStringRef(&pubSz, &pub, buf, len, idx); /* ENC(A) */
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&privSz, &priv, buf, len, idx); /* k || ENC(A) */
+
+    if (ret == WS_SUCCESS)
+        ret = wc_ecc_import_private_key_ex(priv, privSz, pub, pubSz,
+                key, ECC_CURVE_DEF);
+
+    if (ret != WS_SUCCESS)
+        ret = WS_ECC_E;
+
+    return ret;
+}
+#endif
 /*
  * Decodes an OpenSSH format key.
  */
@@ -1488,11 +1516,18 @@ static int GetOpenSshKey(WS_KeySignature *key,
                                         str, strSz, &subIdx);
                                 break;
                         #endif
-                        #if !defined(WOLFSSH_NO_ECDSA) && !defined(WOLFSSH_NO_ECC)
+                        #ifndef WOLFSSH_NO_ECDSA
                             case ID_ECDSA_SHA2_NISTP256:
+                            case ID_ECDSA_SHA2_NISTP384:
+                            case ID_ECDSA_SHA2_NISTP521:
                                 ret = GetOpenSshKeyEcc(&key->ks.ecc.key,
                                         str, strSz, &subIdx);
                                 break;
+                        #endif
+                        #ifndef WOLFSSH_NO_ED25519
+                                ret = GetOpenSshKeyEd25519(&key->ks.ed25519.key,
+                                        str, strSz, &subIdx);
+                                break;
                         #endif
                             default:
                                 ret = WS_UNIMPLEMENTED_E;

diff --git a/wolfssh/internal.h b/wolfssh/internal.h
@@ -239,8 +239,7 @@ extern "C" {
 #endif
 #if defined(WOLFSSH_NO_ECDSA_SHA2_NISTP256) && \
     defined(WOLFSSH_NO_ECDSA_SHA2_NISTP384) && \
-    defined(WOLFSSH_NO_ECDSA_SHA2_NISTP521) && \
-    !defined(HAVE_ED25519)
+    defined(WOLFSSH_NO_ECDSA_SHA2_NISTP521)
     #undef WOLFSSH_NO_ECDSA
     #define WOLFSSH_NO_ECDSA
 #endif