ssh-key: support for undersized ECDSA/P-521 keys #351
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
zaczkows
commented
Apr 15, 2025
zaczkows
commented
- fixes Failed to process python's paramiko ecdsa key #350
- I still need to investigate key encoding to ensure code is even remotely correct
added 2 commits
April 15, 2025 13:39
tarcieri
reviewed
Apr 15, 2025
ssh-key/src/private/ecdsa.rs
Outdated
Comment on lines
52
to
56
| if len < SIZE { | ||
| reader.read(&mut bytes[0..len])?; | ||
| } else { | ||
| reader.read(&mut bytes)?; | ||
| } |
There was a problem hiding this comment.
Seems like this could just be:
Suggested change
| if len < SIZE { | |
| reader.read(&mut bytes[0..len])?; | |
| } else { | |
| reader.read(&mut bytes)?; | |
| } | |
| reader.read(&mut bytes[..len])?; |
...but also it would be good to also check that len <= SIZE? (unless that check is happening elsewhere)
It would also be good to enforce a minimum size.
There was a problem hiding this comment.
This is what I'm trying to check and how much smaller the key can be.
zaczkows
changed the title
zaczkows
changed the title
tarcieri
changed the title
tarcieri
changed the title
tarcieri
approved these changes
Apr 19, 2025
tarcieri
added a commit
that referenced
this pull request
Apr 19, 2025
tarcieri
added a commit
that referenced
this pull request
Apr 19, 2025
tarcieri
added a commit
that referenced
this pull request
Apr 19, 2025
tarcieri
reviewed
Apr 19, 2025
| // https://stackoverflow.com/questions/50002149/why-p-521-public-key-x-y-some-time-is-65-bytes-some-time-is-66-bytes | ||
| // although lower keys than 64 are vanishingly possible, but lets stop here | ||
| if len > 63 { | ||
| reader.read(&mut bytes[..core::cmp::min(len, SIZE)])?; |
There was a problem hiding this comment.
Hmm, upon further reflection this seems wrong: the key is supposed to be big endian, so the array should contain leading zeros, not trailing zeros, in the event the input document's key is too short.
It would also be good to add a test that the key is decoded correctly.
I'll try to take care of this in #356
tarcieri
added a commit
that referenced
this pull request
Apr 19, 2025
Followup to #351 Also includes a fix and test to ensure that short keys zero-pad MSB rather than LSB, since they're encoded as big endian.
tarcieri
added a commit
that referenced
this pull request
Apr 19, 2025
Followup to #351 Also includes a fix and test to ensure that short keys zero-pad MSB rather than LSB, since they're encoded as big endian.
tarcieri
added a commit
that referenced
this pull request
Apr 19, 2025
Followup to #351 Also includes a fix and test to ensure that short keys zero-pad MSB rather than LSB, since they're encoded as big endian.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.