ssh-key: simplified ECDSA private key decoding logic

tarcieri · tarcieri · commit 643c78f80749 · 2025-04-19T10:02:07.000-06:00
Followup to #351
diff --git a/ssh-key/src/private/ecdsa.rs b/ssh-key/src/private/ecdsa.rs
@@ -1,6 +1,6 @@
 //! Elliptic Curve Digital Signature Algorithm (ECDSA) private keys.
 
-use crate::{Algorithm, EcdsaCurve, Error, Result, public::EcdsaPublicKey};
+use crate::{public::EcdsaPublicKey, Algorithm, EcdsaCurve, Error, Result};
 use core::fmt;
 use encoding::{CheckedSum, Decode, Encode, Reader, Writer};
 use sec1::consts::{U32, U48, U66};
@@ -39,27 +39,26 @@ impl<const SIZE: usize> Decode for EcdsaPrivateKey<SIZE> {
 
     fn decode(reader: &mut impl Reader) -> Result<Self> {
         reader.read_prefixed(|reader| {
-            let len = reader.remaining_len();
+            let mut len = reader.remaining_len();
+
             if len == SIZE.checked_add(1).ok_or(encoding::Error::Length)? {
                 // Strip leading zero
                 // TODO(tarcieri): make sure leading zero was necessary
                 if u8::decode(reader)? != 0 {
                     return Err(Error::FormatEncoding);
                 }
+
+                len -= 1;
             }
 
-            let mut bytes = [0u8; SIZE];
-            if SIZE == 66 {
-                // https://stackoverflow.com/questions/50002149/why-p-521-public-key-x-y-some-time-is-65-bytes-some-time-is-66-bytes
-                // although lower keys than 64 are vanishingly possible, but lets stop here
-                if len > 63 {
-                    reader.read(&mut bytes[..core::cmp::min(len, SIZE)])?;
-                } else {
-                    return Err(encoding::Error::Length.into());
-                }
-            } else {
-                reader.read(&mut bytes)?;
+            // Minimum allowed key size: may be smaller than modulus size
+            const MIN_SIZE: usize = 32;
+            if len < MIN_SIZE || len > SIZE {
+                return Err(encoding::Error::Length.into());
             }
+
+            let mut bytes = [0u8; SIZE];
+            reader.read(&mut bytes[..len])?;
             Ok(Self { bytes })
         })
     }
