From 210f2e13ade80fbb39e6d1f9b2235ba098f2c780 Mon Sep 17 00:00:00 2001
From: Dorin Pleava <dorin.pleava@puppet.com>
Date: Mon, 25 May 2020 15:09:02 +0300
Subject: (MODULES-10671) New SSH key types for OpenSSH 8.2

Two new SSH key types were added on OpenSSH 8.2:
sk-ecdsa-sha2-nistp256@openssh.com(alias ecdsa-sk) and
sk-ssh-ed25519@openssh.com(alias ed25519-sk)
---
 lib/puppet/type/ssh_authorized_key.rb | 9 +++++++--
 lib/puppet/type/sshkey.rb             | 7 +++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb
index 648055c..953b1a6 100644
--- a/lib/puppet/type/ssh_authorized_key.rb
+++ b/lib/puppet/type/ssh_authorized_key.rb
@@ -62,11 +62,14 @@ module Puppet
     newproperty(:type) do
       desc 'The encryption type used.'
 
-      newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519'
+      newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519',
+                :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com'
 
       aliasvalue(:dsa, :'ssh-dss')
       aliasvalue(:ed25519, :'ssh-ed25519')
       aliasvalue(:rsa, :'ssh-rsa')
+      aliasvalue(:'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com')
+      aliasvalue(:'ed25519-sk', :'sk-ssh-ed25519@openssh.com')
     end
 
     newproperty(:key) do
@@ -159,7 +162,9 @@ module Puppet
     end
 
     # regular expression suitable for use by a ParsedFile based provider
-    REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)\s+([^ ]+)\s*(.*)$}
+    REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|
+            ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ecdsa-sk|ed25519-sk|
+            sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com)\s+([^ ]+)\s*(.*)$}x
     def self.keyline_regex
       REGEX
     end
diff --git a/lib/puppet/type/sshkey.rb b/lib/puppet/type/sshkey.rb
index c3cce5d..eeca5fe 100644
--- a/lib/puppet/type/sshkey.rb
+++ b/lib/puppet/type/sshkey.rb
@@ -15,7 +15,7 @@ module Puppet
     def self.title_patterns
       [
         [
-          %r{^(.*)@(.*)$},
+          %r{^(.*?)@(.*)$},
           [
             [:name],
             [:type],
@@ -35,11 +35,14 @@ module Puppet
 
       isnamevar
 
-      newvalues :'ssh-dss', :'ssh-ed25519', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521'
+      newvalues :'ssh-dss', :'ssh-ed25519', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521',
+                :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com'
 
       aliasvalue(:dsa, :'ssh-dss')
       aliasvalue(:ed25519, :'ssh-ed25519')
       aliasvalue(:rsa, :'ssh-rsa')
+      aliasvalue(:'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com')
+      aliasvalue(:'ed25519-sk', :'sk-ssh-ed25519@openssh.com')
     end
 
     newproperty(:key) do
-- 
cgit v1.2.3