From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 22 Oct 2018 13:15:13 +0000 (+0200)
Subject: agent: Support signatures with Ed25519/Ed448 keys
X-Git-Tag: 5.7.2dr1~8^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f23e64ee578942bf582c6599f994b28e10db229;p=thirdparty%2Fstrongswan.git

agent: Support signatures with Ed25519/Ed448 keys
---

diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index 961b30a044..db87affc92 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -248,6 +248,12 @@ static bool scheme_supported(private_agent_private_key_t *this,
 					break;
 			}
 			return FALSE;
+		case KEY_ED25519:
+			*prefix = "ssh-ed25519";
+			return scheme == SIGN_ED25519;
+		case KEY_ED448:
+			*prefix = "ssh-ed448";
+			return scheme == SIGN_ED448;
 		case KEY_ECDSA:
 			return scheme == SIGN_ECDSA_256 ||
 				   scheme == SIGN_ECDSA_384 ||
@@ -261,6 +267,7 @@ METHOD(private_key_t, sign, bool,
 	private_agent_private_key_t *this, signature_scheme_t scheme, void *params,
 	chunk_t data, chunk_t *signature)
 {
+	key_type_t type;
 	uint32_t len, flags = 0;
 	char buf[2048], *prefix = NULL;
 	chunk_t blob;
@@ -321,9 +328,9 @@ METHOD(private_key_t, sign, bool,
 		DBG1(DBG_LIB, "ssh-agent didn't return requested %s signature", prefix);
 		return FALSE;
 	}
-
-	if (this->pubkey->get_type(this->pubkey) == KEY_RSA)
-	{	/* for RSA, the signature has no special encoding */
+	type = this->pubkey->get_type(this->pubkey);
+	if (type == KEY_RSA || type == KEY_ED25519 || type == KEY_ED448)
+	{	/* for RSA/EdDSA, the signature has no special encoding */
 		blob = read_string(&blob);
 		if (blob.len)
 		{
@@ -429,12 +436,16 @@ static enumerator_t *create_rsa_enumerator(private_agent_private_key_t *this)
 METHOD(private_key_t, supported_signature_schemes, enumerator_t*,
 	private_agent_private_key_t *this)
 {
-	switch (get_type(this))
+	key_type_t type = get_type(this);
+
+	switch (type)
 	{
 		case KEY_RSA:
 			return create_rsa_enumerator(this);
+		case KEY_ED25519:
+		case KEY_ED448:
 		case KEY_ECDSA:
-			return signature_schemes_for_key(KEY_ECDSA, get_keysize(this));
+			return signature_schemes_for_key(type, get_keysize(this));
 		default:
 			break;
 	}