Skip to content

ssh-key: support for undersized ECDSA/P-521 keys #351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tarcieri merged 7 commits into from
Apr 19, 2025
Merged

ssh-key: support for undersized ECDSA/P-521 keys #351

tarcieri merged 7 commits into from
Apr 19, 2025

Conversation

@zaczkows
Copy link
Contributor

@zaczkows zaczkows commented Apr 15, 2025

tarcieri
tarcieri reviewed Apr 15, 2025
View reviewed changes
ssh-key/src/private/ecdsa.rs Outdated
Comment on lines 52 to 56
if len < SIZE {
reader.read(&mut bytes[0..len])?;
} else {
reader.read(&mut bytes)?;
}
Copy link
Member

@tarcieri tarcieri Apr 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like this could just be:

Suggested change
if len < SIZE {
reader.read(&mut bytes[0..len])?;
} else {
reader.read(&mut bytes)?;
}
reader.read(&mut bytes[..len])?;

...but also it would be good to also check that len <= SIZE? (unless that check is happening elsewhere)

It would also be good to enforce a minimum size.

Copy link
Contributor Author

@zaczkows zaczkows Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what I'm trying to check and how much smaller the key can be.

@zaczkows zaczkows marked this pull request as ready for review April 18, 2025 18:43
@zaczkows zaczkows changed the title PoC: decode ecdsa key when encoded key size is smaller than expected … Decode ecdsa P-521 key when encoded key size is smaller than 66 bytes Apr 18, 2025
@zaczkows zaczkows changed the title Decode ecdsa P-521 key when encoded key size is smaller than 66 bytes Decode ecdsa P-521 key when encoded keys size is smaller than 66 bytes Apr 18, 2025
@tarcieri tarcieri changed the title Decode ecdsa P-521 key when encoded keys size is smaller than 66 bytes ssh-key: support for undersized P-521 keys Apr 19, 2025
@tarcieri tarcieri changed the title ssh-key: support for undersized P-521 keys ssh-key: support for undersized ECDSA/P-521 keys Apr 19, 2025
@tarcieri tarcieri merged commit bf080c9 into RustCrypto:master Apr 19, 2025
14 checks passed
tarcieri added a commit that referenced this pull request Apr 19, 2025
@tarcieri
ssh-key: simplified ECDSA private key decoding logic
643c78f 
Followup to #351
@tarcieri tarcieri mentioned this pull request Apr 19, 2025
Merged
tarcieri added a commit that referenced this pull request Apr 19, 2025
@tarcieri
ssh-key: simplified ECDSA private key decoding logic
3139b99 
Followup to #351
tarcieri added a commit that referenced this pull request Apr 19, 2025
@tarcieri
ssh-key: simplified ECDSA private key decoding logic
d465f08 
Followup to #351
tarcieri
tarcieri reviewed Apr 19, 2025
View reviewed changes
ssh-key/src/private/ecdsa.rs
// https://stackoverflow.com/questions/50002149/why-p-521-public-key-x-y-some-time-is-65-bytes-some-time-is-66-bytes
// although lower keys than 64 are vanishingly possible, but lets stop here
if len > 63 {
reader.read(&mut bytes[..core::cmp::min(len, SIZE)])?;
Copy link
Member

@tarcieri tarcieri Apr 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, upon further reflection this seems wrong: the key is supposed to be big endian, so the array should contain leading zeros, not trailing zeros, in the event the input document's key is too short.

It would also be good to add a test that the key is decoded correctly.

I'll try to take care of this in #356

tarcieri added a commit that referenced this pull request Apr 19, 2025
@tarcieri
ssh-key: simplified ECDSA private key decoding logic
ee5af6f 
Followup to #351

Also includes a fix and test to ensure that short keys zero-pad MSB
rather than LSB, since they're encoded as big endian.
tarcieri added a commit that referenced this pull request Apr 19, 2025
@tarcieri
ssh-key: simplified ECDSA private key decoding logic
dd30015 
Followup to #351

Also includes a fix and test to ensure that short keys zero-pad MSB
rather than LSB, since they're encoded as big endian.
tarcieri added a commit that referenced this pull request Apr 19, 2025
@tarcieri
ssh-key: simplified ECDSA private key decoding logic (#356)
f0b55c8 
Followup to #351

Also includes a fix and test to ensure that short keys zero-pad MSB
rather than LSB, since they're encoded as big endian.
@zaczkows zaczkows deleted the ecdsa_fix branch April 26, 2025 09:18
@coelho coelho mentioned this pull request Jun 20, 2025
Closed
Eugeny added a commit to Eugeny/russh that referenced this pull request Jun 28, 2025
@Eugeny
fixed #531 - merge fix from RustCrypto/SSH#351
052109c
Eugeny pushed a commit to Eugeny/RustCrypto-SSH that referenced this pull request Dec 22, 2025
@zaczkows @Eugeny
ssh-key: support for undersized ECDSA/P-521 keys (RustCrypto#351)
648f233 
Fixes RustCrypto#350
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tarcieri tarcieri tarcieri approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Failed to process python's paramiko ecdsa key

2 participants

@zaczkows @tarcieri