From a453d8709763badde325568c13961bb6745f333c Mon Sep 17 00:00:00 2001
From: bernhl <15350042+bernhl@users.noreply.github.com>
Date: Mon, 18 Mar 2019 03:03:16 +0100
Subject: add OpenSSH serialization for ed25519 keys (#4808) (#4811)

* add OpenSSH serialization for ed25519 keys (#4808)

* address review comments
---
 src/cryptography/hazmat/backends/openssl/backend.py |  7 +++++++
 tests/hazmat/primitives/test_serialization.py       | 11 +++++++++++
 2 files changed, 18 insertions(+)

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 15eff837..779d2ee1 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1885,6 +1885,13 @@ class Backend(object):
                 ssh._ssh_write_mpint(parameter_numbers.g) +
                 ssh._ssh_write_mpint(public_numbers.y)
             )
+        elif isinstance(key, ed25519.Ed25519PublicKey):
+            raw_bytes = key.public_bytes(serialization.Encoding.Raw,
+                                         serialization.PublicFormat.Raw)
+            return b"ssh-ed25519 " + base64.b64encode(
+                ssh._ssh_write_string(b"ssh-ed25519") +
+                ssh._ssh_write_string(raw_bytes)
+            )
         else:
             assert isinstance(key, ec.EllipticCurvePublicKey)
             public_numbers = key.public_numbers()
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
index c5ce258c..f7d186e8 100644
--- a/tests/hazmat/primitives/test_serialization.py
+++ b/tests/hazmat/primitives/test_serialization.py
@@ -1293,6 +1293,17 @@ class TestEd25519SSHSerialization(object):
             b"N\x06G\xecV\xbc\x19\xaf\xc6<k\x07[\xc6"
         )
 
+    def test_public_bytes_openssh(self, backend):
+        ssh_key = (
+            b"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG2fgpmpYO61qeAxGd0wgRaN/E4"
+            b"GR+xWvBmvxjxrB1vG"
+        )
+        key = load_ssh_public_key(ssh_key, backend)
+        assert isinstance(key, ed25519.Ed25519PublicKey)
+        assert key.public_bytes(
+            Encoding.OpenSSH, PublicFormat.OpenSSH
+        ) == ssh_key
+
     def test_load_ssh_public_key_not_32_bytes(self, backend):
         ssh_key = (
             b"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI22fgpmpYO61qeAxGd0wgRaN/E4"
-- 
cgit v1.2.3