Ticket: Check for ED25519 support in ssh keynexus/ed25519

Added ED25519 support.
config.lua:
    Changed the manual keytype check into a function call from util.lua

usercommand:
    Changed the manual keytype check into a function call from util.lua

util.lua:
    Added a keycheck function that returns true if an invalid keytype is detected

library.yarn:
    Added implementation of createsshkey which uses ED25519 as a parameter

02-commands-sshkey.yarn:
    Modified the "ssh key basics" Scenario to create a second key of type ED25519 and test it

10 files changed, 52 insertions, 15 deletions

diff --git a/lib/gitano/config.lua b/lib/gitano/config.lua
index 7227866..b42bfba 100644
--- a/lib/gitano/config.lua
+++ b/lib/gitano/config.lua
@@ -39,6 +39,7 @@ local log = require 'gitano.log'
 local lace = require 'gitano.lace'
 local i18n = require 'gitano.i18n'
 local pat = require 'gitano.patterns'
+local util = require 'gitano.util'
 local luxio = require 'luxio'
 local sio = require 'luxio.simple'
 local clod = require 'clod'
@@ -163,12 +164,10 @@ local function parse_admin_config(commit)
          if not (keytype and keydata and keytag) then
             return nil, i18n.expand("ERROR_BAD_KEY_SMELL", {filename=filename})
          end
-         if (keytype ~= "ssh-rsa") and (keytype ~= "ssh-dss") and
-            (keytype ~= "ecdsa-sha2-nistp256") and
-            (keytype ~= "ecdsa-sha2-nistp384") and
-         (keytype ~= "ecdsa-sha2-nistp521") then
-            return nil, i18n.expand("ERROR_BAD_KEY_TYPE",
-                                    {keytype=keytype, filename=filename})
+         
+         if util.ssh_type_is_invalid(keytype) then
+           return nil, i18n.expand("ERROR_BAD_KEY_TYPE",
+                        {keytype=keytype, filename=filename})
          end
 
          if all_keys[this_key] then
diff --git a/lib/gitano/sssc b/lib/gitano/sssc
new file mode 100644
index 0000000..fc7698f
--- /dev/null
+++ b/lib/gitano/sssc
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABB9boSOPS
++mgFH73l4a0IuEAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIIrdZLaik3mrc173
+N+GlqEjroqCbDUNmtVHDWrF74W85AAAAoKS76JOFvqS6YW/J0jFgbcURVWT0Tjfd+Z+qS/
+uMt+5DDkzAE1f/Z69Fc3GB03tN7TVlnEeVDkPhFk+BmCddef9vg7c1pOeU1ENtGc+5KAVP
+MVmurIQEu9r9qUJjntz61joGnF+WdOUFMGrv79lyciInB9F7ObEpB/XksWLX5V/+PFdBFF
+gdmvs3hAbkANNYlpvao0w0kyD/HZOfh7kkykY=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/lib/gitano/sssc.pub b/lib/gitano/sssc.pub
new file mode 100644
index 0000000..3fe440d
--- /dev/null
+++ b/lib/gitano/sssc.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrdZLaik3mrc173N+GlqEjroqCbDUNmtVHDWrF74W85 phillipsmyth@ct-lt-577
diff --git a/lib/gitano/usercommand.lua b/lib/gitano/usercommand.lua
index af7141c..9c005a0 100644
--- a/lib/gitano/usercommand.lua
+++ b/lib/gitano/usercommand.lua
@@ -218,12 +218,9 @@ local function builtin_sshkey_run(conf, _, cmdline, env)
                    "did not smell like an OpenSSH v2 key")
          return "exit", 1
       end
-
-      if (keytype ~= "ssh-rsa") and (keytype ~= "ssh-dss") and
-         (keytype ~= "ecdsa-sha2-nistp256") and
-         (keytype ~= "ecdsa-sha2-nistp384") and
-      (keytype ~= "ecdsa-sha2-nistp521") then
-         log.error("Unknown key type", keytype)
+      
+      if util.ssh_type_is_invalid(keytype) then
+         log.error("Unknown key type", keytype) 
          return "exit", 1
       end
 
diff --git a/lib/gitano/util.lua b/lib/gitano/util.lua
index 76183e3..7e34178 100644
--- a/lib/gitano/util.lua
+++ b/lib/gitano/util.lua
@@ -584,6 +584,18 @@ local function unlockfile(fh)
    fh:close()
 end
 
+local function ssh_type_is_invalid(keytype)
+    if  (keytype ~= "ssh-rsa") and
+        (keytype ~= "ssh-dss") and
+        (keytype ~= "ecdsa-sha2-nistp256") and
+        (keytype ~= "ecdsa-sha2-nistp384") and
+        (keytype ~= "ecdsa-sha2-nistp521") and
+        (keytype ~= "ssh-ed25519") then
+        return true
+    end
+    return false
+end
+
 return {
    parse_cmdline = _parse_cmdline,
 
@@ -623,4 +635,6 @@ return {
 
    lockfile = lockfile,
    unlockfile = unlockfile,
-}
+   ssh_type_is_invalid = ssh_type_is_invalid, 
+}        
+
diff --git a/testing/.library.yarn.swp b/testing/.library.yarn.swp
new file mode 100644
index 0000000..d62016e
--- /dev/null
+++ b/testing/.library.yarn.swp
diff --git a/testing/02-commands-sshkey.yarn b/testing/02-commands-sshkey.yarn
index da8a309..fc024b4 100644
--- a/testing/02-commands-sshkey.yarn
+++ b/testing/02-commands-sshkey.yarn
@@ -24,15 +24,20 @@ This information is also shown in `sshkey list`.
 
 New keys can be added.
 
-    GIVEN testinstance has keys called newkey
+    GIVEN testinstance has keys called newkey 
+      AND testinstance has keys called edkey of type Ed25519 
      WHEN testinstance uses their ssh public key called newkey as stdin
       AND testinstance adminkey runs sshkey add newkey
+     THEN the output contains SSH authorised key file updated 
+     WHEN testinstance uses their ssh public key called edkey as stdin
+      AND testinstance adminkey runs sshkey add edkey
      THEN the output contains SSH authorised key file updated
 
 Verify the new keys are listed for the user.
 
     WHEN testinstance adminkey runs sshkey list
     THEN the output contains newkey
+     AND the output contains edkey
 
 We can delete the old key and proceed with the new key in future.
 
@@ -44,6 +49,7 @@ We can delete the old key and proceed with the new key in future.
 
     FINALLY the instance is torn down
 
+
 SSH key tracking
 ----------------
 
diff --git a/testing/keys/testinstance@newkey_Ed25519 b/testing/keys/testinstance@newkey_Ed25519
new file mode 100644
index 0000000..369d60b
--- /dev/null
+++ b/testing/keys/testinstance@newkey_Ed25519
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAwGjSnIXXiyuszXalOR24kstP2q5z/eUz3czF1Co6FjgAAAKCJ+h3Zifod
+2QAAAAtzc2gtZWQyNTUxOQAAACAwGjSnIXXiyuszXalOR24kstP2q5z/eUz3czF1Co6Fjg
+AAAECwQpGPDj/DisyXljioqnTv+MdCuBc9SKDBco/qOQ3gZDAaNKchdeLK6zNdqU5HbiSy
+0/arnP95TPdzMXUKjoWOAAAAG3Rlc3RpbnN0YW5jZS1FZDI1NTE5QG5ld2tleQEC
+-----END OPENSSH PRIVATE KEY-----
diff --git a/testing/keys/testinstance@newkey_Ed25519.pub b/testing/keys/testinstance@newkey_Ed25519.pub
new file mode 100644
index 0000000..94ff2bc
--- /dev/null
+++ b/testing/keys/testinstance@newkey_Ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAaNKchdeLK6zNdqU5HbiSy0/arnP95TPdzMXUKjoWO testinstance-Ed25519@newkey
diff --git a/testing/library.yarn b/testing/library.yarn
index cc03122..85e1523 100644
--- a/testing/library.yarn
+++ b/testing/library.yarn
@@ -43,9 +43,13 @@ SSH keys.  Sometimes it's helpful to be able to work with these...
     IMPLEMENTS GIVEN a unix user called ([a-z][a-z0-9]*)
     $GTT createunixuser "$MATCH_1"
 
-    IMPLEMENTS GIVEN ([a-z][a-z0-9]*) has keys called ([a-z][a-z0-9]*)
+    IMPLEMENTS GIVEN ([a-z][a-z0-9]*) has keys called ([a-z][a-z0-9]*) 
     $GTT createsshkey "$MATCH_1" "$MATCH_2"
 
+    IMPLEMENTS GIVEN ([a-z][a-z0-9]*) has keys called ([a-z][a-z0-9]*) of type ([a-z][a-z0-9]*)? 
+    $GTT createsshkey "$MATCH_1" "$MATCH_2" "$MATCH_3"
+
+
     IMPLEMENTS WHEN ([a-z][a-z0-9]*) uses their ssh public key called ([a-z][a-z0-9]*) as stdin
     cp "$DATADIR/user-home-$MATCH_1/.ssh/$MATCH_2.pub" "$DATADIR/stdin"