Merge pull request #924 from yosuke-wolfssl/f_2485

Add kex integration test for ed25519 server key

Author: ejohnstown

examples/echoserver/echoserver.c

@@ -1737,6 +1737,26 @@ static int load_key(byte isEcc, byte* buf, word32 bufSz)
 }
 
 
+#ifndef WOLFSSH_NO_ED25519
+/* returns buffer size on success */
+static int load_key_ed25519(byte* buf, word32 bufSz)
+{
+    word32 sz = 0;
+
+#ifndef NO_FILESYSTEM
+    sz = load_file("./keys/server-key-ed25519.der", buf, &bufSz);
+#else
+    if ((word32)sizeof_ed25519_key_der_ssh > bufSz)
+        return 0;
+    WMEMCPY(buf, ed25519_key_der_ssh, sizeof_ed25519_key_der_ssh);
+    sz = (word32)sizeof_ed25519_key_der_ssh;
+#endif
+
+    return sz;
+}
+#endif /* WOLFSSH_NO_ED25519 */
+
+
 typedef struct StrList {
     const char* str;
     struct StrList* next;
@@ -2954,6 +2974,18 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args)
         }
         #endif
 
+        #ifndef WOLFSSH_NO_ED25519
+        bufSz = EXAMPLE_KEYLOAD_BUFFER_SZ;
+        bufSz = load_key_ed25519(keyLoadBuf, bufSz);
+        if (bufSz == 0) {
+            ES_ERROR("Couldn't load Ed25519 key file.\n");
+        }
+        if (wolfSSH_CTX_UsePrivateKey_buffer(ctx, keyLoadBuf, bufSz,
+                                             WOLFSSH_FORMAT_ASN1) < 0) {
+            ES_ERROR("Couldn't use Ed25519 key buffer.\n");
+        }
+        #endif /* WOLFSSH_NO_ED25519 */
+
         #ifndef NO_FILESYSTEM
         if (userPubKey) {
             byte* userBuf = NULL;

keys/include.am

@@ -23,5 +23,6 @@ EXTRA_DIST+= \
             keys/fred-cert.der keys/fred-cert.pem \
             keys/server-key.pem keys/fred-key.der keys/fred-key.pem \
             keys/id_ecdsa keys/id_ecdsa.pub keys/id_rsa keys/id_rsa.pub \
-            keys/renewcerts.sh keys/renewcerts.cnf
+            keys/renewcerts.sh keys/renewcerts.cnf \
+            keys/server-key-ed25519.der keys/server-key-ed25519.pem
 

keys/server-key-ed25519.der

@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MFACAQAwBQYDK2VwBCIEIGpn8w5k6lL+9K1lTUVgYThYEQeE8AOUkxR7ezMauvYZ
+gSAPVgyffXpih/AmFhkx5LId6b3uSn9VriYtoSXk7kpRAA==
+-----END PRIVATE KEY-----

keys/server-key-ed25519.pem

@@ -305,6 +305,81 @@ static int wolfSSH_KexTest_Connect(const char* kex)
     return EXIT_SUCCESS;
 }
 
+
+#ifndef WOLFSSH_NO_ED25519
+static int wolfSSH_KexTest_Ed25519HostKey(void)
+{
+    tcp_ready ready;
+    THREAD_TYPE serverThread;
+    func_args serverArgs;
+    func_args clientArgs;
+    char sA[NUMARGS][ARGLEN];
+    char *serverArgv[NUMARGS] =
+        { sA[0], sA[1], sA[2], sA[3], sA[4], sA[5], sA[6], sA[7], sA[8],
+          sA[9], sA[10], sA[11] };
+    char cA[NUMARGS][ARGLEN];
+    char *clientArgv[NUMARGS] =
+        { cA[0], cA[1], cA[2], cA[3], cA[4], cA[5], cA[6], cA[7], cA[8],
+          cA[9], cA[10], cA[11] };
+    int serverArgc = 0;
+    int clientArgc = 0;
+
+    InitTcpReady(&ready);
+
+    ADD_ARG(serverArgv, serverArgc, "echoserver");
+    ADD_ARG(serverArgv, serverArgc, "-1");
+    ADD_ARG(serverArgv, serverArgc, "-f");
+    #if !defined(USE_WINDOWS_API) && !defined(WOLFSSH_ZEPHYR)
+        ADD_ARG(serverArgv, serverArgc, "-p");
+        ADD_ARG(serverArgv, serverArgc, "-0");
+    #endif
+    ADD_ARG(serverArgv, serverArgc, "-k");
+    ADD_ARG(serverArgv, serverArgc, "ssh-ed25519");
+
+    serverArgs.argc = serverArgc;
+    serverArgs.argv = serverArgv;
+    serverArgs.return_code = EXIT_SUCCESS;
+    serverArgs.signal = &ready;
+    serverArgs.user_auth = NULL;
+    ThreadStart(echoserver_test, &serverArgs, &serverThread);
+    WaitTcpReady(&ready);
+
+    ADD_ARG(clientArgv, clientArgc, "client");
+    ADD_ARG(clientArgv, clientArgc, "-u");
+    ADD_ARG(clientArgv, clientArgc, "jill");
+    #if !defined(USE_WINDOWS_API) && !defined(WOLFSSH_ZEPHYR)
+        ADD_ARG(clientArgv, clientArgc, "-p");
+        ADD_ARG_INT(clientArgv, clientArgc, ready.port);
+    #endif
+
+    clientArgs.argc = clientArgc;
+    clientArgs.argv = clientArgv;
+    clientArgs.return_code = EXIT_SUCCESS;
+    clientArgs.signal = &ready;
+    clientArgs.user_auth = tsClientUserAuth;
+
+    client_test(&clientArgs);
+
+#ifdef WOLFSSH_ZEPHYR
+    k_sleep(Z_TIMEOUT_TICKS(100));
+#endif
+    ThreadJoin(serverThread);
+
+    if (clientArgs.return_code == WS_SOCKET_ERROR_E) {
+        clientArgs.return_code = WS_SUCCESS;
+    }
+    if (serverArgs.return_code == WS_SOCKET_ERROR_E) {
+        serverArgs.return_code = WS_SUCCESS;
+    }
+    AssertIntEQ(WS_SUCCESS, clientArgs.return_code);
+    AssertIntEQ(WS_SUCCESS, serverArgs.return_code);
+
+    FreeTcpReady(&ready);
+
+    return EXIT_SUCCESS;
+}
+#endif /* WOLFSSH_NO_ED25519 */
+
 #endif /* KEXTEST_AVAILABLE */
 
 int wolfSSH_KexTest(int argc, char** argv)
@@ -353,6 +428,9 @@ int wolfSSH_KexTest(int argc, char** argv)
     AssertIntEQ(wolfSSH_KexTest_Connect("mlkem1024nistp384-sha384"),
             EXIT_SUCCESS);
 #endif
+#ifndef WOLFSSH_NO_ED25519
+    AssertIntEQ(wolfSSH_KexTest_Ed25519HostKey(), EXIT_SUCCESS);
+#endif
 
     AssertIntEQ(wolfSSH_Cleanup(), WS_SUCCESS);
 

tests/kex.c

@@ -229,6 +229,21 @@ static const unsigned char ecc_key_der_521_ssh[] =
 };
 #define sizeof_ecc_key_der_521_ssh (sizeof(ecc_key_der_521_ssh))
 
+#ifndef WOLFSSH_NO_ED25519
+/* ./keys/server-key-ed25519.der (private+public) */
+static const unsigned char ed25519_key_der_ssh[] =
+{
+    0x30, 0x50, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
+    0x04, 0x22, 0x04, 0x20, 0x6a, 0x67, 0xf3, 0x0e, 0x64, 0xea, 0x52, 0xfe,
+    0xf4, 0xad, 0x65, 0x4d, 0x45, 0x60, 0x61, 0x38, 0x58, 0x11, 0x07, 0x84,
+    0xf0, 0x03, 0x94, 0x93, 0x14, 0x7b, 0x7b, 0x33, 0x1a, 0xba, 0xf6, 0x19,
+    0x81, 0x20, 0x0f, 0x56, 0x0c, 0x9f, 0x7d, 0x7a, 0x62, 0x87, 0xf0, 0x26,
+    0x16, 0x19, 0x31, 0xe4, 0xb2, 0x1d, 0xe9, 0xbd, 0xee, 0x4a, 0x7f, 0x55,
+    0xae, 0x26, 0x2d, 0xa1, 0x25, 0xe4, 0xee, 0x4a, 0x51, 0x00
+};
+#define sizeof_ed25519_key_der_ssh (sizeof(ed25519_key_der_ssh))
+#endif /* WOLFSSH_NO_ED25519 */
+
 #endif /* NO_FILESYSTEM */
 
 #endif /* _WOLFSSL_CERTS_TEST_H_ */