pijul/thrussh - Change ZZHLVXTPSMXE4F446Z2YEWUJWDODZA36FNJH3LRHKKPG2C3QGOPAC

Add sk-ssh-ed25519@openssh.com (FIDO2/U2F security key) support

Created by DzmingLi on March 19, 2026

ZZHLVXTPSMXE4F446Z2YEWUJWDODZA36FNJH3LRHKKPG2C3QGOPAC

Dependencies

In discussions

#88 Add sk-ssh-ed25519@openssh.com (FIDO2 security key) support

Change contents

Insertion in thrussh-keys/src/signature.rs at line 23 [3.5821]

[2.144]

[3.6370]

    /// An SK-Ed25519 signature (FIDO/U2F security key)
    SKEd25519 {
        signature: SignatureBytes,
        flags: u8,
        counter: u32,
    },

Insertion in thrussh-keys/src/signature.rs at line 66 [3.5821]

[2.480]

[3.7453]

            }
            Signature::SKEd25519 {
                ref signature,
                flags,
                counter,
            } => {
                let t = b"sk-ssh-ed25519@openssh.com";
                // sig blob: type string + sig string + flags byte + counter u32
                let total = t.len() + signature.0.len() + 8 + 1 + 4;
                bytes_.write_u32::<BigEndian>(total as u32).unwrap();
                bytes_.extend_ssh_string(t);
                bytes_.extend_ssh_string(&signature.0[..]);
                bytes_.push(*flags);
                bytes_.write_u32::<BigEndian>(*counter).unwrap();

Insertion in thrussh-keys/src/signature.rs at line 108 [3.5821]

[2.556]

[3.8412]

            b"sk-ssh-ed25519@openssh.com" => {
                let mut sig_bytes = [0; 64];
                sig_bytes.clone_from_slice(bytes);
                let flags = r.read_byte()?;
                let counter = r.read_u32()?;
                Ok(Signature::SKEd25519 {
                    signature: SignatureBytes(sig_bytes),
                    flags,
                    counter,
                })
            }

Insertion in thrussh-keys/src/signature.rs at line 128 [3.5821]

[3.8631]

    /// Returns the raw signature bytes.
    ///
    /// **Note:** For `SKEd25519`, this returns only the 64-byte Ed25519
    /// signature, without the flags and counter fields. Use
    /// [`Signature::to_base64`] or pattern matching to access the full
    /// SK signature data.

Insertion in thrussh-keys/src/signature.rs at line 139 [3.5821]

[2.615]

[3.8808]

            Signature::SKEd25519 { ref signature, .. } => &signature.0,

Insertion in thrussh-keys/src/lib.rs at line 115 [3.21590]
[3.27374]
[4.59]
```
    #[error("FIDO2 error: {0}")]
    Fido2(String),
```

Insertion in thrussh-keys/src/lib.rs at line 157 [3.21590]

[2.986]

[3.27479]

const KEYTYPE_SK_ED25519: &'static [u8] = b"sk-ssh-ed25519@openssh.com";

Insertion in thrussh-keys/src/lib.rs at line 227 [3.21590]

[2.1322]

[3.29595]

            }
            key::PublicKey::SKEd25519 {
                ref key,
                ref application,
            } => {
                use encoding::Encoding;
                let name = b"sk-ssh-ed25519@openssh.com";
                s.extend_ssh_string(name);
                s.extend_ssh_string(&key.key);
                s.extend_ssh_string(application.as_bytes());

Insertion in thrussh-keys/src/lib.rs at line 271 [3.21590]

[2.1755]

[3.30339]

            key::KeyPair::SKEd25519 {
                ref public_key,
                ref application,
                ..
            } => {
                use encoding::Encoding;
                s.extend_ssh_string(&public_key.key);
                s.extend_ssh_string(application.as_bytes());
            }

Insertion in thrussh-keys/src/key.rs at line 23 [3.57451]
[2.3743]
[5.2869]
```
use sha2::{Digest, Sha256};
```

Insertion in thrussh-keys/src/key.rs at line 51 [3.57451]

[2.3870]

[3.58872]

/// The name of the sk-ssh-ed25519 algorithm for SSH (FIDO/U2F security keys).
pub const SK_ED25519: Name = Name("sk-ssh-ed25519@openssh.com");

Insertion in thrussh-keys/src/key.rs at line 63 [3.57451]
[3.59172]
[3.59172]
```
            SK_ED25519 => "id_ed25519_sk",
```

Insertion in thrussh-keys/src/key.rs at line 121 [3.57451]

[2.3946]

[3.60477]

    #[doc(hidden)]
    SKEd25519 {
        key: thrussh_libsodium::ed25519::PublicKey,
        application: String,
    },

Insertion in thrussh-keys/src/key.rs at line 225 [3.57451]

[2.4948]

            }
            b"sk-ssh-ed25519@openssh.com" => {
                let mut p = pubkey.reader(0);
                let key_algo = p.read_string()?;
                let key_bytes = p.read_string()?;
                if key_algo != b"sk-ssh-ed25519@openssh.com"
                    || key_bytes.len() != sodium::ed25519::PUBLICKEY_BYTES
                {
                    return Err(Error::CouldNotReadKey.into());
                }
                let application = std::str::from_utf8(p.read_string()?)
                    .map_err(|_| Error::CouldNotReadKey)?
                    .to_string();
                let mut pk = sodium::ed25519::PublicKey {
                    key: [0; sodium::ed25519::PUBLICKEY_BYTES],
                };
                pk.key.clone_from_slice(key_bytes);
                Ok(PublicKey::SKEd25519 {
                    key: pk,
                    application,
                })

Insertion in thrussh-keys/src/key.rs at line 259 [3.57451]
[2.5057]
[3.63304]
```
            PublicKey::SKEd25519 { .. } => SK_ED25519.0,
```

Insertion in thrussh-keys/src/key.rs at line 278 [3.57451]

[3.63941]

[2.5058]

            }
            &PublicKey::SKEd25519 {
                ref key,
                ref application,
            } => {
                // ed25519_sig(64) + flags(1) + counter(4)
                if sig.len() != 64 + 1 + 4 {
                    return false;
                }
                let ed25519_sig = &sig[..64];
                let flags = sig[64];
                let counter = u32::from_be_bytes([sig[65], sig[66], sig[67], sig[68]]);
                // Construct the verification message:
                // SHA256(application) || flags || counter || SHA256(original_message)
                let app_hash = Sha256::digest(application.as_bytes());
                let msg_hash = Sha256::digest(buffer);
                let mut verify_buf = Vec::with_capacity(32 + 1 + 4 + 32);
                verify_buf.extend_from_slice(&app_hash);
                verify_buf.push(flags);
                verify_buf.extend_from_slice(&counter.to_be_bytes());
                verify_buf.extend_from_slice(&msg_hash);
                sodium::ed25519::verify_detached(ed25519_sig, &verify_buf, key)

Insertion in thrussh-keys/src/key.rs at line 388 [3.57451]

[2.6718]

[3.64687]

    /// SK-Ed25519 key (FIDO2/U2F security key).
    /// The private key material is on the hardware token;
    /// `key_handle` is the credential ID used to identify the key on the token.
    SKEd25519 {
        public_key: sodium::ed25519::PublicKey,
        application: String,
        key_handle: Vec<u8>,
    },

Insertion in thrussh-keys/src/key.rs at line 410 [3.57451]

[2.6819]

[3.65062]

            KeyPair::SKEd25519 { ref application, .. } => {
                write!(f, "SKEd25519 {{ application: {:?} }}", application)
            }

Insertion in thrussh-keys/src/key.rs at line 448 [3.57451]

[2.6942]

[3.66079]

            &KeyPair::SKEd25519 {
                ref public_key,
                ref application,
                ..
            } => {
                let mut key = sodium::ed25519::PublicKey { key: [0; 32] };
                key.key.clone_from_slice(&public_key.key);
                PublicKey::SKEd25519 {
                    key,
                    application: application.clone(),
                }
            }

Insertion in thrussh-keys/src/key.rs at line 471 [3.57451]
[2.7035]
[3.66301]
```
            KeyPair::SKEd25519 { .. } => SK_ED25519.0,
```

Insertion in thrussh-keys/src/key.rs at line 519 [3.57451]

[2.7685]

[3.67252]


            &KeyPair::SKEd25519 {
                ref application,
                ref key_handle,
                ..
            } => sk_ed25519_sign(to_sign, application, key_handle),

Insertion in thrussh-keys/src/key.rs at line 564 [3.57451]

[3.68461]

            &KeyPair::SKEd25519 {
                ref application,
                ref key_handle,
                ..
            } => {
                let sig = sk_ed25519_sign(to_sign.as_ref(), application, key_handle)?;
                write_sk_ed25519_signature(buffer, &sig);
            }

Insertion in thrussh-keys/src/key.rs at line 606 [3.57451]

[2.8636]

            }
            &KeyPair::SKEd25519 {
                ref application,
                ref key_handle,
                ..
            } => {
                let sig = sk_ed25519_sign(&buffer, application, key_handle)?;
                write_sk_ed25519_signature(buffer, &sig);

Insertion in thrussh-keys/src/key.rs at line 617 [3.57451]

[3.69615]

    }
}
fn write_sk_ed25519_signature(buffer: &mut CryptoVec, sig: &Signature) {
    if let Signature::SKEd25519 {
        ref signature,
        flags,
        counter,
    } = *sig
    {
        let name = SK_ED25519.0.as_bytes();
        let total = name.len() + signature.0.len() + 8 + 1 + 4;
        buffer.push_u32_be(total as u32);
        buffer.extend_ssh_string(name);
        buffer.extend_ssh_string(&signature.0);
        buffer.push(flags);
        buffer.push_u32_be(counter);
    }
}
/// Sign using a FIDO2 hardware security key.
///
/// Performs synchronous USB HID I/O on a dedicated thread to avoid blocking
/// the async executor.
fn sk_ed25519_sign(
    to_sign: &[u8],
    application: &str,
    key_handle: &[u8],
) -> Result<Signature, Error> {
    use ctap_hid_fido2::{FidoKeyHid, HidParam, LibCfg};
    // The FIDO2 authenticator signs: SHA256(application) || flags || counter || SHA256(message)
    // We pass SHA256(message) as the challenge; the authenticator handles the rest.
    let challenge: Vec<u8> = Sha256::digest(to_sign).to_vec();
    let application = application.to_string();
    let key_handle = key_handle.to_vec();
    // Spawn a dedicated thread so that synchronous USB HID I/O does not
    // block the tokio executor if called from an async context.
    let result = std::thread::spawn(move || -> Result<(Vec<u8>, u8, u32), Error> {
        let device = FidoKeyHid::new(&HidParam::get(), &LibCfg::init()).map_err(|e| {
            debug!("FIDO2 device error: {:?}", e);
            Error::Fido2(format!("failed to open FIDO2 device: {:?}", e))
        })?;
        let assertion = device
            .get_assertion(
                &application,
                &challenge,
                &[key_handle],
                None, // PIN
            )
            .map_err(|e| {
                debug!("FIDO2 assertion error: {:?}", e);
                Error::Fido2(format!(
                    "FIDO2 assertion failed (is a PIN required?): {:?}",
                    e
                ))
            })?;
        Ok((
            assertion.signature,
            assertion.flags.as_u8(),
            assertion.sign_count,
        ))
    })
    .join()
    .map_err(|_| Error::Fido2("FIDO2 signing thread panicked".into()))??;
    let (sig_vec, flags, counter) = result;
    let mut sig_bytes = [0u8; 64];
    if sig_vec.len() != 64 {
        return Err(Error::Fido2(format!(
            "unexpected FIDO2 signature length: {} (expected 64)",
            sig_vec.len()
        )));

Insertion in thrussh-keys/src/key.rs at line 694 [3.57451]

[3.69621]

    sig_bytes.clone_from_slice(&sig_vec);
    Ok(Signature::SKEd25519 {
        signature: SignatureBytes(sig_bytes),
        flags,
        counter,
    })

Insertion in thrussh-keys/src/key.rs at line 770 [3.57451]

[2.8952]

[3.71277]

    if t == b"sk-ssh-ed25519@openssh.com" {
        if let Ok(pubkey) = pos.read_string() {
            if pubkey.len() != sodium::ed25519::PUBLICKEY_BYTES {
                return Err(Error::CouldNotReadKey);
            }
            let application = std::str::from_utf8(pos.read_string()?)
                .map_err(|_| Error::CouldNotReadKey)?
                .to_string();
            let mut p = sodium::ed25519::PublicKey {
                key: [0; sodium::ed25519::PUBLICKEY_BYTES],
            };
            p.key.clone_from_slice(pubkey);
            return Ok(PublicKey::SKEd25519 {
                key: p,
                application,
            });
        }
    }

Insertion in thrussh-keys/src/format/pkcs8.rs at line 273 [3.71340]
[2.11433]
[3.80833]
```
        key::KeyPair::SKEd25519 { .. } => println!("SKEd25519"),
```
Replacement in thrussh-keys/src/format/pkcs8.rs at line 298 [3.71340]
∅:D[5.7013] → [3.81381:81424]
B:BD[3.81381] → [3.81381:81424]
```
    let mut plaintext = encode_pkcs8(key);
```
[5.7013]
[3.81424]
```
    let mut plaintext = encode_pkcs8(key)?;
```

Replacement in thrussh-keys/src/format/pkcs8.rs at line 322 [3.71340]

B:BD[3.82124] → [3.82124:82263]

/// Encode a Decode a PKCS#8-encoded private key.
pub fn encode_pkcs8(key: &key::KeyPair) -> Vec<u8> {
    yasna::construct_der(|writer| {

[3.82124]

[3.82263]

/// Encode a PKCS#8-encoded private key.
pub fn encode_pkcs8(key: &key::KeyPair) -> Result<Vec<u8>, Error> {
    if let key::KeyPair::SKEd25519 { .. } = *key {
        return Err(Error::Fido2(
            "SK keys cannot be encoded as PKCS#8; they are hardware-bound".into(),
        ));
    }
    Ok(yasna::construct_der(|writer| {

Insertion in thrussh-keys/src/format/pkcs8.rs at line 340 [3.71340]
[2.11705]
[3.82470]
```
            key::KeyPair::SKEd25519 { .. } => unreachable!(),
```
Replacement in thrussh-keys/src/format/pkcs8.rs at line 342 [3.71340]
B:BD[3.82481] → [3.82481:82488]
```
    })
```
[3.82481]
[3.82488]
```
    }))
```

Replacement in thrussh-keys/src/format/openssh.rs at line 3 [3.86809]

B:BD[3.86880] → [2.11706:11770]

use crate::{Error, KEYTYPE_ED25519, KEYTYPE_P256, KEYTYPE_RSA};

[3.86880]

[5.8678]

use crate::{Error, KEYTYPE_ED25519, KEYTYPE_P256, KEYTYPE_RSA, KEYTYPE_SK_ED25519};

Insertion in thrussh-keys/src/format/openssh.rs at line 93 [3.86809]

[5.10472]

[3.89939]

            } else if key_type == KEYTYPE_SK_ED25519 {
                // OpenSSH SK-Ed25519 private key format:
                //   string  ed25519_public_key (32 bytes)
                //   string  application
                //   uint8   flags
                //   string  key_handle
                //   string  reserved (empty)
                //   string  comment
                let pubkey = position.read_string()?;
                let application = std::str::from_utf8(position.read_string()?)
                    .map_err(|_| Error::CouldNotReadKey)?
                    .to_string();
                let _flags = position.read_byte()?;
                let key_handle = position.read_string()?.to_vec();
                let _reserved = position.read_string()?;
                let _comment = position.read_string()?;
                let mut public_key = key::ed25519::PublicKey::new_zeroed();
                public_key.key.clone_from_slice(pubkey);
                return Ok(key::KeyPair::SKEd25519 {
                    public_key,
                    application,
                    key_handle,
                });

Replacement in thrussh-keys/src/format/mod.rs at line 108 [3.92032]
∅:D[4.2294] → [3.94922:94966]
B:BD[3.94922] → [3.94922:94966]
```
    let x = self::pkcs8::encode_pkcs8(key);
```
[4.2294]
[3.94966]
```
    let x = self::pkcs8::encode_pkcs8(key)?;
```

Insertion in thrussh-keys/src/agent/client.rs at line 138 [3.139093]

[3.143038]

            key::KeyPair::SKEd25519 {
                ref public_key,
                ref application,
                ref key_handle,
            } => {
                self.buf
                    .extend_ssh_string(b"sk-ssh-ed25519@openssh.com");
                self.buf.extend_ssh_string(&public_key.key);
                self.buf.extend_ssh_string(application.as_bytes());
                // SK keys: flags + key_handle + reserved + comment
                self.buf.push(0x01); // flags: user presence required
                self.buf.extend_ssh_string(key_handle);
                self.buf.extend_ssh_string(b""); // reserved
                self.buf.extend_ssh_string(b""); // comment
            }

Insertion in thrussh-keys/src/agent/client.rs at line 290 [3.139093]

[3.148374]

[2.14098]

                    b"sk-ssh-ed25519@openssh.com" => {
                        let mut p = key::ed25519::PublicKey::new_zeroed();
                        p.key.clone_from_slice(r.read_string()?);
                        let app_bytes = r.read_string()?;
                        let application = std::str::from_utf8(app_bytes)
                            .map_err(|_| Error::CouldNotReadKey)?
                            .to_string();
                        keys.push(PublicKey::SKEd25519 {
                            key: p,
                            application,
                        })
                    }

Replacement in thrussh-keys/src/agent/client.rs at line 377 [3.139093]

B:BD[3.150566] → [3.150566:150667]

        if (hash == 2 && t == b"rsa-sha2-256") || (hash == 4 && t == b"rsa-sha2-512") || hash == 0 {

[3.150566]

[3.150667]

        if t == b"sk-ssh-ed25519@openssh.com" {
            let sig = resp.read_string()?;
            let flags = resp.read_byte()?;
            let counter = resp.read_u32()?;
            // Write the full SK signature blob: type + sig + flags + counter
            let total = t.len() + sig.len() + 8 + 1 + 4;
            data.push_u32_be(total as u32);
            data.extend_ssh_string(t);
            data.extend_ssh_string(sig);
            data.push(flags);
            data.push_u32_be(counter);
        } else if (hash == 2 && t == b"rsa-sha2-256")
            || (hash == 4 && t == b"rsa-sha2-512")
            || hash == 0
        {

Insertion in thrussh-keys/src/agent/client.rs at line 460 [3.139093]

[2.14665]

[3.153322]

                        b"sk-ssh-ed25519@openssh.com" => {
                            let mut sig_bytes = [0; 64];
                            sig_bytes.clone_from_slice(sig);
                            let flags = resp.read_byte()?;
                            let counter = resp.read_u32()?;
                            Ok(Signature::SKEd25519 {
                                signature: crate::signature::SignatureBytes(sig_bytes),
                                flags,
                                counter,
                            })
                        }

Insertion in thrussh-keys/src/agent/client.rs at line 580 [3.139093]

[2.15062]

            let len1 = buf.len();
            BigEndian::write_u32(&mut buf[5..], (len1 - len0) as u32);
        }
        PublicKey::SKEd25519 {
            ref key,
            ref application,
        } => {
            buf.extend(&[0, 0, 0, 0]);
            let len0 = buf.len();
            buf.extend_ssh_string(b"sk-ssh-ed25519@openssh.com");
            buf.extend_ssh_string(&key.key[0..]);
            buf.extend_ssh_string(application.as_bytes());

Insertion in thrussh-keys/Cargo.toml at line 58 [3.157024]
[6.32]
[3.158187]
```
ctap-hid-fido2 = "3.5"
```

Replacement in thrussh/src/server/encrypted.rs at line 341 [3.230083]

B:BD[3.241574] → [4.7547:7623]

                    let sig = s.read_string().map_err(crate::Error::from)?;

[3.241574]

[3.241622]

                    let inner_sig = s.read_string().map_err(crate::Error::from)?;
                    // For SK keys, the signature blob also contains flags (1 byte) + counter (4 bytes)
                    let sig: std::borrow::Cow<[u8]> =
                        if algo_ == b"sk-ssh-ed25519@openssh.com" {
                            let flags = s.read_byte().map_err(crate::Error::from)?;
                            let counter = s.read_u32().map_err(crate::Error::from)?;
                            // Pack as: ed25519_sig(64) + flags(1) + counter(4)
                            let mut sk_sig = Vec::with_capacity(69);
                            sk_sig.extend_from_slice(inner_sig);
                            sk_sig.push(flags);
                            sk_sig.extend_from_slice(&counter.to_be_bytes());
                            std::borrow::Cow::Owned(sk_sig)
                        } else {
                            std::borrow::Cow::Borrowed(inner_sig)
                        };

Replacement in thrussh/src/server/encrypted.rs at line 378 [3.230083]

B:BD[3.242641] → [3.242641:242706]

                            pubkey.verify_client_auth(&buf, sig)

[3.242641]

[3.242706]

                            pubkey.verify_client_auth(&buf, &sig)

Insertion in thrussh/src/negotiation.rs at line 153 [3.268386]
[7.1206]
[8.513]
```
use thrussh_keys::key::SK_ED25519;
```
Insertion in thrussh/src/negotiation.rs at line 165 [3.268386]
[2.16520]
[3.271178]
```
            &PublicKey::SKEd25519 { .. } => SK_ED25519.0,
```
Insertion in thrussh/src/negotiation.rs at line 178 [3.268386]
[2.16614]
[3.271392]
```
            &KeyPair::SKEd25519 { .. } => SK_ED25519.0,
```

Insertion in thrussh/src/key.rs at line 44 [3.304500]

[2.16703]

                use thrussh_keys::PublicKeyBase64;
                buffer.extend(&self.public_key_bytes());
            }
            &PublicKey::SKEd25519 { .. } => {

Insertion in thrussh/src/key.rs at line 75 [3.304500]

[2.16884]

                use thrussh_keys::PublicKeyBase64;
                buffer.extend(&self.public_key_bytes());
            }
            &KeyPair::SKEd25519 { .. } => {