bool auth_publickey(AuthPolicy *ap, ptrlen username, ptrlen public_blob)
{
struct AuthPolicy_ssh2_pubkey *iter;
for (iter = ap->ssh2keys; iter; iter = iter->next) {
if (ptrlen_eq_ptrlen(public_blob, iter->public_blob))
return true;
}
return false;
}
static ssh_key *eddsa_new_priv_openssh(
const ssh_keyalg *alg, BinarySource *src)
{
const struct ecsign_extra *extra =
(const struct ecsign_extra *)alg->extra;
struct ec_curve *curve = extra->curve();
assert(curve->type == EC_EDWARDS);
ptrlen pubkey_pl = get_string(src);
ptrlen privkey_extended_pl = get_string(src);
if (get_err(src) || pubkey_pl.len != curve->fieldBytes)
return NULL;
/*
* The OpenSSH format for ed25519 private keys also for some
* reason encodes an extra copy of the public key in the second
* half of the secret-key string. Check that that's present and
* correct as well, otherwise the key we think we've imported
* won't behave identically to the way OpenSSH would have treated
* it.
*/
BinarySource subsrc[1];
BinarySource_BARE_INIT_PL(subsrc, privkey_extended_pl);
ptrlen privkey_pl = get_data(subsrc, curve->fieldBytes);
ptrlen pubkey_copy_pl = get_data(subsrc, curve->fieldBytes);
if (get_err(subsrc) || get_avail(subsrc))
return NULL;
if (!ptrlen_eq_ptrlen(pubkey_pl, pubkey_copy_pl))
return NULL;
struct eddsa_key *ek = snew(struct eddsa_key);
ek->sshk.vt = alg;
ek->curve = curve;
ek->privateKey = NULL;
ek->publicKey = eddsa_decode(pubkey_pl, curve);
if (!ek->publicKey) {
eddsa_freekey(&ek->sshk);
return NULL;
}
ek->privateKey = mp_from_bytes_le(privkey_pl);
return &ek->sshk;
}
