- markus@cvs.openbsd.org 2013/12/06 13:39:49
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
[servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
[ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
[sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
[fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
support ed25519 keys (hostkeys and user identities) using the public
domain ed25519 reference code from SUPERCOP, see
http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index c5f658d..8d0a6b8 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.88 2013/11/02 21:59:15 markus Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.89 2013/12/06 13:39:49 markus Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
@@ -56,6 +56,7 @@
#define KT_DSA 2
#define KT_RSA 4
#define KT_ECDSA 8
+#define KT_ED25519 16
int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */
@@ -245,9 +246,11 @@
packet_set_connection(c->c_fd, c->c_fd);
enable_compat20();
- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
- "ssh-dss" : (c->c_keytype == KT_RSA ? "ssh-rsa" :
- "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521");
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ c->c_keytype == KT_DSA ? "ssh-dss" :
+ (c->c_keytype == KT_RSA ? "ssh-rsa" :
+ (c->c_keytype == KT_ED25519 ? "ssh-ed25519" :
+ "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"));
c->c_kex = kex_setup(myproposal);
c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
@@ -575,7 +578,7 @@
if (name == NULL)
return;
- for (j = KT_RSA1; j <= KT_ECDSA; j *= 2) {
+ for (j = KT_RSA1; j <= KT_ED25519; j *= 2) {
if (get_keytypes & j) {
while (ncon >= MAXCON)
conloop();
@@ -682,6 +685,9 @@
case KEY_RSA:
get_keytypes |= KT_RSA;
break;
+ case KEY_ED25519:
+ get_keytypes |= KT_ED25519;
+ break;
case KEY_UNSPEC:
fatal("unknown key type %s", tname);
}