1 files changed, 57 insertions, 36 deletions
diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl
index 216f65f33a..510269bbb1 100644
--- a/lib/ssh/src/ssh_file.erl
+++ b/lib/ssh/src/ssh_file.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2005-2016. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2018. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -39,32 +39,29 @@
 	 is_auth_key/3]).
 
 
--define(PERM_700, 8#700).
--define(PERM_644, 8#644).
+-export_type([system_dir_daemon_option/0,
+              user_dir_common_option/0,
+              user_dir_fun_common_option/0,
+              pubkey_passphrase_client_options/0
+             ]).
 
+-type system_dir_daemon_option()   :: {system_dir, string()}.
+-type user_dir_common_option()     :: {user_dir,  string()}.
+-type user_dir_fun_common_option() :: {user_dir_fun, user2dir()}.
+-type user2dir() :: fun((RemoteUserName::string()) -> UserDir :: string()) .
 
-%%% API
-
-%%% client
--spec add_host_key(string(),
-		   public_key:public_key(),
-		   proplists:proplist()) -> ok | {error,term()}.
+-type pubkey_passphrase_client_options() ::   {dsa_pass_phrase,      string()}
+                                            | {rsa_pass_phrase,      string()}
+%% Not yet implemented:                     | {ed25519_pass_phrase,  string()}
+%% Not yet implemented:                     | {ed448_pass_phrase,    string()}
+                                            | {ecdsa_pass_phrase,    string()} .
 
--spec is_host_key(public_key:public_key(),
-		  string(),
-		  ssh_client_key_api:algorithm(),
-		  proplists:proplist()) -> boolean().
 
--spec user_key(ssh_client_key_api:algorithm(),
-	       proplists:proplist()) -> {ok, public_key:private_key()} | {error,term()}.
-
-%%% server
--spec host_key(ssh_server_key_api:algorithm(),
-	       proplists:proplist()) ->  {ok, public_key:private_key()} | {error,term()}.
+-define(PERM_700, 8#700).
+-define(PERM_644, 8#644).
 
--spec is_auth_key(public_key:public_key(),
-		  string(), proplists:proplist()) -> boolean().
 
+%%% API
 
 %% Used by server
 host_key(Algorithm, Opts) ->
@@ -75,17 +72,9 @@ host_key(Algorithm, Opts) ->
     Password = proplists:get_value(identity_pass_phrase(Algorithm), Opts, ignore),
     case decode(File, Password) of
 	{ok,Key} ->
-	    case {Key,Algorithm} of
-		{#'RSAPrivateKey'{}, 'ssh-rsa'} -> {ok,Key};
-		{#'DSAPrivateKey'{}, 'ssh-dss'} -> {ok,Key};
-		{#'ECPrivateKey'{parameters = {namedCurve, ?'secp256r1'}}, 'ecdsa-sha2-nistp256'} -> {ok,Key};
-		{#'ECPrivateKey'{parameters = {namedCurve, ?'secp384r1'}}, 'ecdsa-sha2-nistp384'} -> {ok,Key};
-		{#'ECPrivateKey'{parameters = {namedCurve, ?'secp521r1'}}, 'ecdsa-sha2-nistp521'} -> {ok,Key};
-		_ -> 
-		    {error,bad_keytype_in_file}
-	    end;
-	Other ->
-	    Other
+            check_key_type(Key, Algorithm);
+	{error,DecodeError} ->
+            {error,DecodeError}
     end.
 
 is_auth_key(Key, User,Opts) ->
@@ -109,16 +98,31 @@ is_host_key(Key, PeerName, Algorithm, Opts) ->
 user_key(Algorithm, Opts) ->
     File = file_name(user, identity_key_filename(Algorithm), Opts),
     Password = proplists:get_value(identity_pass_phrase(Algorithm), Opts, ignore),
-    decode(File, Password).
+    case decode(File, Password) of
+        {ok, Key} ->
+            check_key_type(Key, Algorithm);
+        Error ->
+            Error
+    end.
 
 
 %% Internal functions %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+check_key_type(Key, Algorithm) ->
+    case ssh_transport:valid_key_sha_alg(Key,Algorithm) of
+        true -> {ok,Key};
+        false -> {error,bad_keytype_in_file}
+    end.
 
 file_base_name('ssh-rsa'            ) -> "ssh_host_rsa_key";
+file_base_name('rsa-sha2-256'       ) -> "ssh_host_rsa_key";
+file_base_name('rsa-sha2-384'       ) -> "ssh_host_rsa_key";
+file_base_name('rsa-sha2-512'       ) -> "ssh_host_rsa_key";
 file_base_name('ssh-dss'            ) -> "ssh_host_dsa_key";
 file_base_name('ecdsa-sha2-nistp256') -> "ssh_host_ecdsa_key";
 file_base_name('ecdsa-sha2-nistp384') -> "ssh_host_ecdsa_key";
 file_base_name('ecdsa-sha2-nistp521') -> "ssh_host_ecdsa_key";
+file_base_name('ssh-ed25519'        ) -> "ssh_host_ed25519_key";
+file_base_name('ssh-ed448'          ) -> "ssh_host_ed448_key";
 file_base_name(_                    ) -> "ssh_host_key".
 
 decode(File, Password) ->
@@ -192,8 +196,8 @@ lookup_user_key(Key, User, Opts) ->
 ssh_dir({remoteuser, User}, Opts) ->
     case proplists:get_value(user_dir_fun, Opts) of
 	undefined ->
-	    case proplists:get_value(user_dir, Opts) of
-		undefined ->
+	    case proplists:get_value(user_dir, Opts, false) of
+		false ->
 		    default_user_dir();
 		Dir ->
 		    Dir
@@ -221,6 +225,8 @@ file_name(Type, Name, Opts) ->
 
 
 %% in: "host" out: "host,1.2.3.4.
+add_ip(IP) when is_tuple(IP) ->
+    ssh_connection:encode_ip(IP);
 add_ip(Host)                                                             ->
     case inet:getaddr(Host, inet) of
 	{ok, Addr} ->
@@ -251,15 +257,26 @@ do_lookup_host_key(KeyToMatch, Host, Alg, Opts) ->
 
 identity_key_filename('ssh-dss'            ) -> "id_dsa";
 identity_key_filename('ssh-rsa'            ) -> "id_rsa";
+identity_key_filename('rsa-sha2-256'       ) -> "id_rsa";
+identity_key_filename('rsa-sha2-384'       ) -> "id_rsa";
+identity_key_filename('rsa-sha2-512'       ) -> "id_rsa";
+identity_key_filename('ssh-ed25519'        ) -> "id_ed25519";
+identity_key_filename('ssh-ed448'          ) -> "id_ed448";
 identity_key_filename('ecdsa-sha2-nistp256') -> "id_ecdsa";
 identity_key_filename('ecdsa-sha2-nistp384') -> "id_ecdsa";
 identity_key_filename('ecdsa-sha2-nistp521') -> "id_ecdsa".
 
 identity_pass_phrase("ssh-dss"       ) -> dsa_pass_phrase;
 identity_pass_phrase("ssh-rsa"       ) -> rsa_pass_phrase;
+identity_pass_phrase("rsa-sha2-256"  ) -> rsa_pass_phrase;
+identity_pass_phrase("rsa-sha2-384"  ) -> rsa_pass_phrase;
+identity_pass_phrase("rsa-sha2-512"  ) -> rsa_pass_phrase;
+%% Not yet implemented: identity_pass_phrase("ssh-ed25519"   ) -> ed25519_pass_phrase;
+%% Not yet implemented: identity_pass_phrase("ssh-ed448"     ) -> ed448_pass_phrase;
 identity_pass_phrase("ecdsa-sha2-"++_) -> ecdsa_pass_phrase;
 identity_pass_phrase(P) when is_atom(P) -> 
-    identity_pass_phrase(atom_to_list(P)).
+    identity_pass_phrase(atom_to_list(P));
+identity_pass_phrase(_) -> undefined.
     
 lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) ->
     case io:get_line(Fd, '') of
@@ -309,6 +326,10 @@ key_match({#'ECPoint'{},{namedCurve,Curve}}, Alg) ->
 	_ ->
 	    false
     end;
+key_match({ed_pub,ed25519,_}, 'ssh-ed25519') ->
+    true;
+key_match({ed_pub,ed448,_}, 'ssh-ed448') ->
+    true;
 key_match(_, _) ->
     false.