support ed25519 openssh public keys (#4785)

* support ed25519 openssh public keys * don't need this check
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2019-02-27 20:44:06 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2019-02-27 07:44:06 -0500
commit: 1f4e64615836dc59968ca104b19461caee477f3f (patch)
tree: e4ee8644954c3ced0e2b6fe621b3ea3f431f996c /src
parent: 871e97a89f0276e57c01f7692111fca42e819b59 (diff)
download: cryptography-1f4e64615836dc59968ca104b19461caee477f3f.tar.gz
cryptography-1f4e64615836dc59968ca104b19461caee477f3f.tar.bz2
cryptography-1f4e64615836dc59968ca104b19461caee477f3f.zip
4 files changed, 21 insertions, 9 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index eab60778..b040b809 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -38,7 +38,7 @@ from cryptography.hazmat.backends.openssl.ec import (
     _EllipticCurvePrivateKey, _EllipticCurvePublicKey
 )
 from cryptography.hazmat.backends.openssl.ed25519 import (
-    _ED25519_KEY_SIZE, _Ed25519PrivateKey, _Ed25519PublicKey
+    _Ed25519PrivateKey, _Ed25519PublicKey
 )
 from cryptography.hazmat.backends.openssl.ed448 import (
     _ED448_KEY_SIZE, _Ed448PrivateKey, _Ed448PublicKey
@@ -70,7 +70,7 @@ from cryptography.hazmat.backends.openssl.x509 import (
 )
 from cryptography.hazmat.bindings.openssl import binding
 from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
+from cryptography.hazmat.primitives.asymmetric import dsa, ec, ed25519, rsa
 from cryptography.hazmat.primitives.asymmetric.padding import (
     MGF1, OAEP, PKCS1v15, PSS
 )
@@ -2212,7 +2212,7 @@ class Backend(object):
     def ed25519_load_public_bytes(self, data):
         utils._check_bytes("data", data)
 
-        if len(data) != _ED25519_KEY_SIZE:
+        if len(data) != ed25519._ED25519_KEY_SIZE:
             raise ValueError("An Ed25519 public key is 32 bytes long")
 
         evp_pkey = self._lib.EVP_PKEY_new_raw_public_key(
@@ -2224,7 +2224,7 @@ class Backend(object):
         return _Ed25519PublicKey(self, evp_pkey)
 
     def ed25519_load_private_bytes(self, data):
-        if len(data) != _ED25519_KEY_SIZE:
+        if len(data) != ed25519._ED25519_KEY_SIZE:
             raise ValueError("An Ed25519 private key is 32 bytes long")
 
         utils._check_byteslike("data", data)
diff --git a/src/cryptography/hazmat/backends/openssl/ed25519.py b/src/cryptography/hazmat/backends/openssl/ed25519.py
index 15c1b1ec..f02f5622 100644
--- a/src/cryptography/hazmat/backends/openssl/ed25519.py
+++ b/src/cryptography/hazmat/backends/openssl/ed25519.py
@@ -7,12 +7,9 @@ from __future__ import absolute_import, division, print_function
 from cryptography import exceptions, utils
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric.ed25519 import (
-    Ed25519PrivateKey, Ed25519PublicKey
+    Ed25519PrivateKey, Ed25519PublicKey, _ED25519_KEY_SIZE, _ED25519_SIG_SIZE
 )
 
-_ED25519_KEY_SIZE = 32
-_ED25519_SIG_SIZE = 64
-
 
 @utils.register_interface(Ed25519PublicKey)
 class _Ed25519PublicKey(object):
diff --git a/src/cryptography/hazmat/primitives/asymmetric/ed25519.py b/src/cryptography/hazmat/primitives/asymmetric/ed25519.py
index 96be9c58..d89445fa 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/ed25519.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/ed25519.py
@@ -11,6 +11,10 @@ import six
 from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
 
 
+_ED25519_KEY_SIZE = 32
+_ED25519_SIG_SIZE = 64
+
+
 @six.add_metaclass(abc.ABCMeta)
 class Ed25519PublicKey(object):
     @classmethod
diff --git a/src/cryptography/hazmat/primitives/serialization/ssh.py b/src/cryptography/hazmat/primitives/serialization/ssh.py
index cb838927..a1d6c8c9 100644
--- a/src/cryptography/hazmat/primitives/serialization/ssh.py
+++ b/src/cryptography/hazmat/primitives/serialization/ssh.py
@@ -11,7 +11,7 @@ import six
 
 from cryptography import utils
 from cryptography.exceptions import UnsupportedAlgorithm
-from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
+from cryptography.hazmat.primitives.asymmetric import dsa, ec, ed25519, rsa
 
 
 def load_ssh_public_key(data, backend):
@@ -31,6 +31,8 @@ def load_ssh_public_key(data, backend):
         b'ecdsa-sha2-nistp256', b'ecdsa-sha2-nistp384', b'ecdsa-sha2-nistp521',
     ]:
         loader = _load_ssh_ecdsa_public_key
+    elif key_type == b'ssh-ed25519':
+        loader = _load_ssh_ed25519_public_key
     else:
         raise UnsupportedAlgorithm('Key type is not supported.')
 
@@ -102,6 +104,15 @@ def _load_ssh_ecdsa_public_key(expected_key_type, decoded_data, backend):
     return ec.EllipticCurvePublicKey.from_encoded_point(curve, data)
 
 
+def _load_ssh_ed25519_public_key(expected_key_type, decoded_data, backend):
+    data, rest = _ssh_read_next_string(decoded_data)
+
+    if rest:
+        raise ValueError('Key body contains extra bytes.')
+
+    return ed25519.Ed25519PublicKey.from_public_bytes(data)
+
+
 def _ssh_read_next_string(data):
     """
     Retrieves the next RFC 4251 string value from the data.
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2019-02-27 20:44:06 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2019-02-27 07:44:06 -0500
commit	1f4e64615836dc59968ca104b19461caee477f3f (patch)
tree	e4ee8644954c3ced0e2b6fe621b3ea3f431f996c /src
parent	871e97a89f0276e57c01f7692111fca42e819b59 (diff)
download	cryptography-1f4e64615836dc59968ca104b19461caee477f3f.tar.gz cryptography-1f4e64615836dc59968ca104b19461caee477f3f.tar.bz2 cryptography-1f4e64615836dc59968ca104b19461caee477f3f.zip