Read ecdsa private key in openssh format

Fixes #657.

2 files changed, 69 insertions, 0 deletions

diff --git a/lib/net/ssh/buffer.rb b/lib/net/ssh/buffer.rb
index b68d656..6ed5789 100644
--- a/lib/net/ssh/buffer.rb
+++ b/lib/net/ssh/buffer.rb
@@ -283,6 +283,12 @@ module Net
             key.iqmp = iqmp
           end
           key
+        when /^ecdsa\-sha2\-(\w*)$/
+          key = OpenSSL::PKey::EC.read_keyblob($1, self)
+          key.private_key = read_bignum
+          _key_comment = read_string
+
+          key
         else
           raise Exception, "Cannot decode private key of type #{type}"
         end
diff --git a/test/test_key_factory.rb b/test/test_key_factory.rb
index c6f7705..51f5d9b 100644
--- a/test/test_key_factory.rb
+++ b/test/test_key_factory.rb
@@ -130,6 +130,12 @@ class TestKeyFactory < NetSSHTest
     assert_equal ecdsa_sha2_nistp256_key_fingerprint_sha256, Net::SSH::KeyFactory.load_private_key('/key-file').fingerprint('sha256')
   end
 
+  def test_load_should_parse_openssh_format_private_ecdsa_sha2_nistp256_key
+    File.expects(:read).with(@key_file).returns(ecdsa_sha2_nistp256_key_openssh)
+    assert_equal ecdsa_sha2_nistp256_key.to_blob,
+      Net::SSH::KeyFactory.load_private_key('/key-file').to_blob
+  end
+
   def test_load_unencrypted_private_ecdsa_sha2_nistp384_key_should_have_fp_md5
     File.expects(:read).with(@key_file).returns(ecdsa_sha2_nistp384_key.to_pem)
     assert_equal ecdsa_sha2_nistp384_key_fingerprint_md5, Net::SSH::KeyFactory.load_private_key('/key-file').fingerprint
@@ -140,6 +146,12 @@ class TestKeyFactory < NetSSHTest
     assert_equal ecdsa_sha2_nistp384_key_fingerprint_sha256, Net::SSH::KeyFactory.load_private_key('/key-file').fingerprint('sha256')
   end
 
+  def test_load_should_parse_openssh_format_private_ecdsa_sha2_nistp384_key
+    File.expects(:read).with(@key_file).returns(ecdsa_sha2_nistp384_key_openssh)
+    assert_equal ecdsa_sha2_nistp384_key.to_blob,
+      Net::SSH::KeyFactory.load_private_key('/key-file').to_blob
+  end
+
   def test_load_unencrypted_private_ecdsa_sha2_nistp521_key_should_have_fp_md5
     File.expects(:read).with(@key_file).returns(ecdsa_sha2_nistp521_key.to_pem)
     assert_equal ecdsa_sha2_nistp521_key_fingerprint_md5, Net::SSH::KeyFactory.load_private_key('/key-file').fingerprint
@@ -150,6 +162,12 @@ class TestKeyFactory < NetSSHTest
     assert_equal ecdsa_sha2_nistp521_key_fingerprint_sha256, Net::SSH::KeyFactory.load_private_key('/key-file').fingerprint('sha256')
   end
 
+  def test_load_should_parse_openssh_format_private_ecdsa_sha2_nistp521_key
+    File.expects(:read).with(@key_file).returns(ecdsa_sha2_nistp521_key_openssh)
+    assert_equal ecdsa_sha2_nistp521_key.to_blob,
+      Net::SSH::KeyFactory.load_private_key('/key-file').to_blob
+  end
+
   def test_load_public_ecdsa_sha2_nistp256_key_should_return_key
     File.expects(:read).with(@key_file).returns(public(ecdsa_sha2_nistp256_key))
     assert_equal ecdsa_sha2_nistp256_key.to_blob, Net::SSH::KeyFactory.load_public_key('/key-file').to_blob
@@ -206,6 +224,19 @@ class TestKeyFactory < NetSSHTest
     @ecdsa_sha2_nistp256_key ||= OpenSSL::PKey::EC.new("-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINv6pPVLlkqvT1v5MJlWgaSWGwqupISG4U79bUXQDNCaoAoGCCqGSM49\nAwEHoUQDQgAElqubvi/GkSme+bwtncU1NiE0dWQ0EO07VufUQg8lUJ5+Fi6f96qa\n95T1zwOMQhY1h8PP9rQIZr4S48vN/ZnQLw==\n-----END EC PRIVATE KEY-----\n")
   end
 
+  def ecdsa_sha2_nistp256_key_openssh
+    @ecdsa_sha2_nistp256_key_openssh ||= <<~EOF
+      -----BEGIN OPENSSH PRIVATE KEY-----
+      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+      1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSWq5u+L8aRKZ75vC2dxTU2ITR1ZDQQ
+      7TtW59RCDyVQnn4WLp/3qpr3lPXPA4xCFjWHw8/2tAhmvhLjy839mdAvAAAAoN5nLLHeZy
+      yxAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJarm74vxpEpnvm8
+      LZ3FNTYhNHVkNBDtO1bn1EIPJVCefhYun/eqmveU9c8DjEIWNYfDz/a0CGa+EuPLzf2Z0C
+      8AAAAhANv6pPVLlkqvT1v5MJlWgaSWGwqupISG4U79bUXQDNCaAAAAAAECAwQFBgc=
+      -----END OPENSSH PRIVATE KEY-----
+    EOF
+  end
+
   def ecdsa_sha2_nistp256_key_fingerprint_md5
     'ed:9e:cd:74:41:a4:37:ae:99:9e:9a:c3:de:04:c9:e1'
   end
@@ -218,6 +249,21 @@ class TestKeyFactory < NetSSHTest
     @ecdsa_sha2_nistp384_key ||= OpenSSL::PKey::EC.new("-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDBxwkmydCn4mP4KMhlMpeBvIroQolWKVNoRPXpG7brFgK+Yiikqw8wd\nIZW5OlL4y3mgBwYFK4EEACKhZANiAARkoIR1oABi+aQJbKcmvzeYSKURQOyXM0HU\nR4T68v4hd/lJE4fFQRczj3wAaECe9u3CWI/oDlow4Vr0vab82ZGjIoblxblKQWYl\nyzENgzl226waGg1bLBo8Auilyf1B5yI=\n-----END EC PRIVATE KEY-----\n")
   end
 
+  def ecdsa_sha2_nistp384_key_openssh
+    @ecdsa_sha2_nistp384_key_openssh ||= <<~EOF
+      -----BEGIN OPENSSH PRIVATE KEY-----
+      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
+      1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQRkoIR1oABi+aQJbKcmvzeYSKURQOyX
+      M0HUR4T68v4hd/lJE4fFQRczj3wAaECe9u3CWI/oDlow4Vr0vab82ZGjIoblxblKQWYlyz
+      ENgzl226waGg1bLBo8Auilyf1B5yIAAADI+tMSfPrTEnwAAAATZWNkc2Etc2hhMi1uaXN0
+      cDM4NAAAAAhuaXN0cDM4NAAAAGEEZKCEdaAAYvmkCWynJr83mEilEUDslzNB1EeE+vL+IX
+      f5SROHxUEXM498AGhAnvbtwliP6A5aMOFa9L2m/NmRoyKG5cW5SkFmJcsxDYM5dtusGhoN
+      WywaPALopcn9QeciAAAAMHHCSbJ0KfiY/goyGUyl4G8iuhCiVYpU2hE9ekbtusWAr5iKKS
+      rDzB0hlbk6UvjLeQAAAAA=
+      -----END OPENSSH PRIVATE KEY-----
+    EOF
+  end
+
   def ecdsa_sha2_nistp384_key_fingerprint_md5
     '87:5a:c0:a0:23:55:22:05:ca:16:4d:cc:0c:e5:e7:74'
   end
@@ -230,6 +276,23 @@ class TestKeyFactory < NetSSHTest
     @ecdsa_sha2_nistp521_key ||= OpenSSL::PKey::EC.new("-----BEGIN EC PRIVATE KEY-----\nMIHbAgEBBEHQ2i7kjEGQHQB4pUQW9a2eCLWR2S5Go8U3CDyfbRCrYEp/pTSgI8uu\nMXyR3bf3SjqFQgZ6MZk5lkyrissJuwmvZKAHBgUrgQQAI6GBiQOBhgAEAN14FACK\nbs/KTqw4rxijeozGTVJTh1hNzBl2XaIhM4Fv8o3fE/pvogymyFu53GCng6gC4dmx\n/hycF41iIM29xVKPAeBnRNl6MdFBjuthOmE8eCRezgk1Bak8aBDUrzNT8OQssscw\npvQK4nc6ga/wTDaQGy5kV8tCOHNs2wKH+p2LpWTJ\n-----END EC PRIVATE KEY-----\n")
   end
 
+  def ecdsa_sha2_nistp521_key_openssh
+    @ecdsa_sha2_nistp384_key_openssh ||= <<~EOF
+      -----BEGIN OPENSSH PRIVATE KEY-----
+      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS
+      1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQA3XgUAIpuz8pOrDivGKN6jMZNUlOH
+      WE3MGXZdoiEzgW/yjd8T+m+iDKbIW7ncYKeDqALh2bH+HJwXjWIgzb3FUo8B4GdE2Xox0U
+      GO62E6YTx4JF7OCTUFqTxoENSvM1Pw5CyyxzCm9AridzqBr/BMNpAbLmRXy0I4c2zbAof6
+      nYulZMkAAAEA7yORv+8jkb8AAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ
+      AAAIUEAN14FACKbs/KTqw4rxijeozGTVJTh1hNzBl2XaIhM4Fv8o3fE/pvogymyFu53GCn
+      g6gC4dmx/hycF41iIM29xVKPAeBnRNl6MdFBjuthOmE8eCRezgk1Bak8aBDUrzNT8OQsss
+      cwpvQK4nc6ga/wTDaQGy5kV8tCOHNs2wKH+p2LpWTJAAAAQgDQ2i7kjEGQHQB4pUQW9a2e
+      CLWR2S5Go8U3CDyfbRCrYEp/pTSgI8uuMXyR3bf3SjqFQgZ6MZk5lkyrissJuwmvZAAAAA
+      ABAg==
+      -----END OPENSSH PRIVATE KEY-----
+    EOF
+  end
+
   def ecdsa_sha2_nistp521_key_fingerprint_md5
     '6d:5f:10:80:18:4a:69:f3:e3:70:a3:87:90:81:9a:11'
   end