auths_core/crypto/ssh/encoding.rs
1//! SSH wire-format encoding for Ed25519 public keys and signatures.
2
3/// Encode an Ed25519 public key in SSH wire format.
4///
5/// Produces a byte blob with the key type string ("ssh-ed25519") followed
6/// by the raw public key, both length-prefixed as SSH strings.
7///
8/// Args:
9/// * `pubkey`: Raw 32-byte Ed25519 public key.
10///
11/// Usage:
12/// ```
13/// use auths_core::crypto::ssh::encode_ssh_pubkey;
14/// let blob = encode_ssh_pubkey(&[0x42u8; 32]);
15/// assert_eq!(&blob[4..15], b"ssh-ed25519");
16/// ```
17pub fn encode_ssh_pubkey(pubkey: &[u8]) -> Vec<u8> {
18 let mut blob = Vec::new();
19 let key_type = b"ssh-ed25519";
20 blob.extend_from_slice(&(key_type.len() as u32).to_be_bytes());
21 blob.extend_from_slice(key_type);
22 blob.extend_from_slice(&(pubkey.len() as u32).to_be_bytes());
23 blob.extend_from_slice(pubkey);
24 blob
25}
26
27/// Encode a raw Ed25519 signature in SSH signature wire format.
28///
29/// Produces a byte blob with the signature type string ("ssh-ed25519")
30/// followed by the raw signature bytes, both length-prefixed as SSH strings.
31///
32/// Args:
33/// * `signature`: Raw Ed25519 signature bytes.
34///
35/// Usage:
36/// ```
37/// use auths_core::crypto::ssh::encode_ssh_signature;
38/// let blob = encode_ssh_signature(&[0xAB; 64]);
39/// assert_eq!(&blob[4..15], b"ssh-ed25519");
40/// ```
41pub fn encode_ssh_signature(signature: &[u8]) -> Vec<u8> {
42 let mut blob = Vec::new();
43 let sig_type = b"ssh-ed25519";
44 blob.extend_from_slice(&(sig_type.len() as u32).to_be_bytes());
45 blob.extend_from_slice(sig_type);
46 blob.extend_from_slice(&(signature.len() as u32).to_be_bytes());
47 blob.extend_from_slice(signature);
48 blob
49}