support ed25519 keys (hostkeys and user identities) using the public domain

ed25519 reference code from SUPERCOP, see http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@

1 files changed, 11 insertions, 5 deletions

diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c
index 137674cf69b..97ee9ee745c 100644
--- a/usr.bin/ssh/ssh-keyscan.c
+++ b/usr.bin/ssh/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.88 2013/11/02 21:59:15 markus Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.89 2013/12/06 13:39:49 markus Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -51,6 +51,7 @@ int ssh_port = SSH_DEFAULT_PORT;
 #define KT_DSA		2
 #define KT_RSA		4
 #define KT_ECDSA	8
+#define KT_ED25519	16
 
 int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */
 
@@ -230,9 +231,11 @@ keygrab_ssh2(con *c)
 
 	packet_set_connection(c->c_fd, c->c_fd);
 	enable_compat20();
-	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
-	    "ssh-dss" : (c->c_keytype == KT_RSA ? "ssh-rsa" :
-	    "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521");
+	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+	    c->c_keytype == KT_DSA ?  "ssh-dss" :
+	    (c->c_keytype == KT_RSA ? "ssh-rsa" :
+	    (c->c_keytype == KT_ED25519 ? "ssh-ed25519" :
+	    "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"));
 	c->c_kex = kex_setup(myproposal);
 	c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
 	c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
@@ -560,7 +563,7 @@ do_host(char *host)
 
 	if (name == NULL)
 		return;
-	for (j = KT_RSA1; j <= KT_ECDSA; j *= 2) {
+	for (j = KT_RSA1; j <= KT_ED25519; j *= 2) {
 		if (get_keytypes & j) {
 			while (ncon >= MAXCON)
 				conloop();
@@ -665,6 +668,9 @@ main(int argc, char **argv)
 				case KEY_RSA:
 					get_keytypes |= KT_RSA;
 					break;
+				case KEY_ED25519:
+					get_keytypes |= KT_ED25519;
+					break;
 				case KEY_UNSPEC:
 					fatal("unknown key type %s", tname);
 				}