diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index a6a83140f..67c897c74 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -1737,6 +1737,26 @@ static int load_key(byte isEcc, byte* buf, word32 bufSz) } +#ifndef WOLFSSH_NO_ED25519 +/* returns buffer size on success */ +static int load_key_ed25519(byte* buf, word32 bufSz) +{ + word32 sz = 0; + +#ifndef NO_FILESYSTEM + sz = load_file("./keys/server-key-ed25519.der", buf, &bufSz); +#else + if ((word32)sizeof_ed25519_key_der_ssh > bufSz) + return 0; + WMEMCPY(buf, ed25519_key_der_ssh, sizeof_ed25519_key_der_ssh); + sz = (word32)sizeof_ed25519_key_der_ssh; +#endif + + return sz; +} +#endif /* WOLFSSH_NO_ED25519 */ + + typedef struct StrList { const char* str; struct StrList* next; @@ -2954,6 +2974,18 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args) } #endif + #ifndef WOLFSSH_NO_ED25519 + bufSz = EXAMPLE_KEYLOAD_BUFFER_SZ; + bufSz = load_key_ed25519(keyLoadBuf, bufSz); + if (bufSz == 0) { + ES_ERROR("Couldn't load Ed25519 key file.\n"); + } + if (wolfSSH_CTX_UsePrivateKey_buffer(ctx, keyLoadBuf, bufSz, + WOLFSSH_FORMAT_ASN1) < 0) { + ES_ERROR("Couldn't use Ed25519 key buffer.\n"); + } + #endif /* WOLFSSH_NO_ED25519 */ + #ifndef NO_FILESYSTEM if (userPubKey) { byte* userBuf = NULL; diff --git a/keys/include.am b/keys/include.am index cc2aa720f..fd82f10c5 100644 --- a/keys/include.am +++ b/keys/include.am @@ -23,5 +23,6 @@ EXTRA_DIST+= \ keys/fred-cert.der keys/fred-cert.pem \ keys/server-key.pem keys/fred-key.der keys/fred-key.pem \ keys/id_ecdsa keys/id_ecdsa.pub keys/id_rsa keys/id_rsa.pub \ - keys/renewcerts.sh keys/renewcerts.cnf + keys/renewcerts.sh keys/renewcerts.cnf \ + keys/server-key-ed25519.der keys/server-key-ed25519.pem diff --git a/keys/server-key-ed25519.der b/keys/server-key-ed25519.der new file mode 100644 index 000000000..7719de44d Binary files /dev/null and b/keys/server-key-ed25519.der differ diff --git a/keys/server-key-ed25519.pem b/keys/server-key-ed25519.pem new file mode 100644 index 000000000..c4992f196 --- /dev/null +++ b/keys/server-key-ed25519.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MFACAQAwBQYDK2VwBCIEIGpn8w5k6lL+9K1lTUVgYThYEQeE8AOUkxR7ezMauvYZ +gSAPVgyffXpih/AmFhkx5LId6b3uSn9VriYtoSXk7kpRAA== +-----END PRIVATE KEY----- diff --git a/tests/kex.c b/tests/kex.c index 26dc1262a..97a813a99 100644 --- a/tests/kex.c +++ b/tests/kex.c @@ -305,6 +305,81 @@ static int wolfSSH_KexTest_Connect(const char* kex) return EXIT_SUCCESS; } + +#ifndef WOLFSSH_NO_ED25519 +static int wolfSSH_KexTest_Ed25519HostKey(void) +{ + tcp_ready ready; + THREAD_TYPE serverThread; + func_args serverArgs; + func_args clientArgs; + char sA[NUMARGS][ARGLEN]; + char *serverArgv[NUMARGS] = + { sA[0], sA[1], sA[2], sA[3], sA[4], sA[5], sA[6], sA[7], sA[8], + sA[9], sA[10], sA[11] }; + char cA[NUMARGS][ARGLEN]; + char *clientArgv[NUMARGS] = + { cA[0], cA[1], cA[2], cA[3], cA[4], cA[5], cA[6], cA[7], cA[8], + cA[9], cA[10], cA[11] }; + int serverArgc = 0; + int clientArgc = 0; + + InitTcpReady(&ready); + + ADD_ARG(serverArgv, serverArgc, "echoserver"); + ADD_ARG(serverArgv, serverArgc, "-1"); + ADD_ARG(serverArgv, serverArgc, "-f"); + #if !defined(USE_WINDOWS_API) && !defined(WOLFSSH_ZEPHYR) + ADD_ARG(serverArgv, serverArgc, "-p"); + ADD_ARG(serverArgv, serverArgc, "-0"); + #endif + ADD_ARG(serverArgv, serverArgc, "-k"); + ADD_ARG(serverArgv, serverArgc, "ssh-ed25519"); + + serverArgs.argc = serverArgc; + serverArgs.argv = serverArgv; + serverArgs.return_code = EXIT_SUCCESS; + serverArgs.signal = &ready; + serverArgs.user_auth = NULL; + ThreadStart(echoserver_test, &serverArgs, &serverThread); + WaitTcpReady(&ready); + + ADD_ARG(clientArgv, clientArgc, "client"); + ADD_ARG(clientArgv, clientArgc, "-u"); + ADD_ARG(clientArgv, clientArgc, "jill"); + #if !defined(USE_WINDOWS_API) && !defined(WOLFSSH_ZEPHYR) + ADD_ARG(clientArgv, clientArgc, "-p"); + ADD_ARG_INT(clientArgv, clientArgc, ready.port); + #endif + + clientArgs.argc = clientArgc; + clientArgs.argv = clientArgv; + clientArgs.return_code = EXIT_SUCCESS; + clientArgs.signal = &ready; + clientArgs.user_auth = tsClientUserAuth; + + client_test(&clientArgs); + +#ifdef WOLFSSH_ZEPHYR + k_sleep(Z_TIMEOUT_TICKS(100)); +#endif + ThreadJoin(serverThread); + + if (clientArgs.return_code == WS_SOCKET_ERROR_E) { + clientArgs.return_code = WS_SUCCESS; + } + if (serverArgs.return_code == WS_SOCKET_ERROR_E) { + serverArgs.return_code = WS_SUCCESS; + } + AssertIntEQ(WS_SUCCESS, clientArgs.return_code); + AssertIntEQ(WS_SUCCESS, serverArgs.return_code); + + FreeTcpReady(&ready); + + return EXIT_SUCCESS; +} +#endif /* WOLFSSH_NO_ED25519 */ + #endif /* KEXTEST_AVAILABLE */ int wolfSSH_KexTest(int argc, char** argv) @@ -353,6 +428,9 @@ int wolfSSH_KexTest(int argc, char** argv) AssertIntEQ(wolfSSH_KexTest_Connect("mlkem1024nistp384-sha384"), EXIT_SUCCESS); #endif +#ifndef WOLFSSH_NO_ED25519 + AssertIntEQ(wolfSSH_KexTest_Ed25519HostKey(), EXIT_SUCCESS); +#endif AssertIntEQ(wolfSSH_Cleanup(), WS_SUCCESS); diff --git a/wolfssh/certs_test.h b/wolfssh/certs_test.h index 5b39eb8ee..96f24f598 100644 --- a/wolfssh/certs_test.h +++ b/wolfssh/certs_test.h @@ -229,6 +229,21 @@ static const unsigned char ecc_key_der_521_ssh[] = }; #define sizeof_ecc_key_der_521_ssh (sizeof(ecc_key_der_521_ssh)) +#ifndef WOLFSSH_NO_ED25519 +/* ./keys/server-key-ed25519.der (private+public) */ +static const unsigned char ed25519_key_der_ssh[] = +{ + 0x30, 0x50, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, + 0x04, 0x22, 0x04, 0x20, 0x6a, 0x67, 0xf3, 0x0e, 0x64, 0xea, 0x52, 0xfe, + 0xf4, 0xad, 0x65, 0x4d, 0x45, 0x60, 0x61, 0x38, 0x58, 0x11, 0x07, 0x84, + 0xf0, 0x03, 0x94, 0x93, 0x14, 0x7b, 0x7b, 0x33, 0x1a, 0xba, 0xf6, 0x19, + 0x81, 0x20, 0x0f, 0x56, 0x0c, 0x9f, 0x7d, 0x7a, 0x62, 0x87, 0xf0, 0x26, + 0x16, 0x19, 0x31, 0xe4, 0xb2, 0x1d, 0xe9, 0xbd, 0xee, 0x4a, 0x7f, 0x55, + 0xae, 0x26, 0x2d, 0xa1, 0x25, 0xe4, 0xee, 0x4a, 0x51, 0x00 +}; +#define sizeof_ed25519_key_der_ssh (sizeof(ed25519_key_der_ssh)) +#endif /* WOLFSSH_NO_ED25519 */ + #endif /* NO_FILESYSTEM */ #endif /* _WOLFSSL_CERTS_TEST_H_ */