bool auth_publickey(AuthPolicy *ap, ptrlen username, ptrlen public_blob) { struct AuthPolicy_ssh2_pubkey *iter; for (iter = ap->ssh2keys; iter; iter = iter->next) { if (ptrlen_eq_ptrlen(public_blob, iter->public_blob)) return true; } return false; }
static ssh_key *eddsa_new_priv_openssh( const ssh_keyalg *alg, BinarySource *src) { const struct ecsign_extra *extra = (const struct ecsign_extra *)alg->extra; struct ec_curve *curve = extra->curve(); assert(curve->type == EC_EDWARDS); ptrlen pubkey_pl = get_string(src); ptrlen privkey_extended_pl = get_string(src); if (get_err(src) || pubkey_pl.len != curve->fieldBytes) return NULL; /* * The OpenSSH format for ed25519 private keys also for some * reason encodes an extra copy of the public key in the second * half of the secret-key string. Check that that's present and * correct as well, otherwise the key we think we've imported * won't behave identically to the way OpenSSH would have treated * it. */ BinarySource subsrc[1]; BinarySource_BARE_INIT_PL(subsrc, privkey_extended_pl); ptrlen privkey_pl = get_data(subsrc, curve->fieldBytes); ptrlen pubkey_copy_pl = get_data(subsrc, curve->fieldBytes); if (get_err(subsrc) || get_avail(subsrc)) return NULL; if (!ptrlen_eq_ptrlen(pubkey_pl, pubkey_copy_pl)) return NULL; struct eddsa_key *ek = snew(struct eddsa_key); ek->sshk.vt = alg; ek->curve = curve; ek->privateKey = NULL; ek->publicKey = eddsa_decode(pubkey_pl, curve); if (!ek->publicKey) { eddsa_freekey(&ek->sshk); return NULL; } ek->privateKey = mp_from_bytes_le(privkey_pl); return &ek->sshk; }