From c8429113faddce47db2f5cabd6f544564c2c3770 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 13 Jul 2018 16:21:29 +0200
Subject: [PATCH] bind: Complete loading ed25519 in server

Previously, the support was only partial and if the ed25519 key was
the only one, the internal checks were failing the tests.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/bind.c | 36 ++++++++++++++++++++++++++++++++----
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/src/bind.c b/src/bind.c
index 47837259..7b350d9a 100644
--- a/src/bind.c
+++ b/src/bind.c
@@ -149,9 +149,10 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
 
   if (sshbind->ecdsakey == NULL &&
       sshbind->dsakey == NULL &&
-      sshbind->rsakey == NULL) {
+      sshbind->rsakey == NULL &&
+      sshbind->ed25519key == NULL) {
       ssh_set_error(sshbind, SSH_FATAL,
-                    "ECDSA, DSA, or RSA host key file must be set");
+                    "ECDSA, ED25519, DSA, or RSA host key file must be set");
       return SSH_ERROR;
   }
 
@@ -223,6 +224,27 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
       }
   }
 
+  if (sshbind->ed25519 == NULL && sshbind->ed25519key != NULL) {
+      rc = ssh_pki_import_privkey_file(sshbind->ed25519key,
+                                       NULL,
+                                       NULL,
+                                       NULL,
+                                       &sshbind->ed25519);
+      if (rc == SSH_ERROR || rc == SSH_EOF) {
+          ssh_set_error(sshbind, SSH_FATAL,
+                  "Failed to import private ED25519 host key");
+          return SSH_ERROR;
+      }
+
+      if (ssh_key_type(sshbind->ed25519) != SSH_KEYTYPE_ED25519) {
+          ssh_set_error(sshbind, SSH_FATAL,
+                  "The ED25519 host key has the wrong type");
+          ssh_key_free(sshbind->ed25519);
+          sshbind->ed25519 = NULL;
+          return SSH_ERROR;
+      }
+  }
+
   return SSH_OK;
 }
 
@@ -236,7 +258,10 @@ int ssh_bind_listen(ssh_bind sshbind) {
     return -1;
   }
 
-  if (sshbind->rsa == NULL && sshbind->dsa == NULL && sshbind->ecdsa == NULL) {
+  if (sshbind->rsa == NULL &&
+      sshbind->dsa == NULL &&
+      sshbind->ecdsa == NULL &&
+      sshbind->ed25519 == NULL) {
       rc = ssh_bind_import_keys(sshbind);
       if (rc != SSH_OK) {
           return SSH_ERROR;
@@ -255,6 +280,7 @@ int ssh_bind_listen(ssh_bind sshbind) {
           sshbind->dsa = NULL;
           ssh_key_free(sshbind->rsa);
           sshbind->rsa = NULL;
+          /* XXX should this clear also other structures that were allocated */
           return -1;
       }
 
@@ -267,6 +293,7 @@ int ssh_bind_listen(ssh_bind sshbind) {
           sshbind->dsa = NULL;
           ssh_key_free(sshbind->rsa);
           sshbind->rsa = NULL;
+          /* XXX should this clear also other structures that were allocated */
           return -1;
       }
 
@@ -434,7 +461,8 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
      */
     if (sshbind->rsa == NULL &&
         sshbind->dsa == NULL &&
-        sshbind->ecdsa == NULL) {
+        sshbind->ecdsa == NULL &&
+        sshbind->ed25519 == NULL) {
         rc = ssh_bind_import_keys(sshbind);
         if (rc != SSH_OK) {
             return SSH_ERROR;