diff options
author | Martin Sander <mrt.sander@gmail.com> | 2022-03-26 18:48:50 +0100 |
---|---|---|
committer | Florian Wininger <fw.centrale@gmail.com> | 2022-04-12 14:14:54 +0200 |
commit | 89037977e9f80a7199f0ebfed27e515db4ea0f6a (patch) | |
tree | 5e03435de55ac6920b367de9ce1fc998a66e32e2 | |
parent | 413d3aa3f1effab8636bad40a660ace34dc0aede (diff) | |
download | net-ssh-89037977e9f80a7199f0ebfed27e515db4ea0f6a.tar.gz |
Read ecdsa private key in openssh format
Fixes #657.
-rw-r--r-- | lib/net/ssh/buffer.rb | 6 | ||||
-rw-r--r-- | test/test_key_factory.rb | 63 |
2 files changed, 69 insertions, 0 deletions
diff --git a/lib/net/ssh/buffer.rb b/lib/net/ssh/buffer.rb index b68d656..6ed5789 100644 --- a/lib/net/ssh/buffer.rb +++ b/lib/net/ssh/buffer.rb @@ -283,6 +283,12 @@ module Net key.iqmp = iqmp end key + when /^ecdsa\-sha2\-(\w*)$/ + key = OpenSSL::PKey::EC.read_keyblob($1, self) + key.private_key = read_bignum + _key_comment = read_string + + key else raise Exception, "Cannot decode private key of type #{type}" end diff --git a/test/test_key_factory.rb b/test/test_key_factory.rb index c6f7705..51f5d9b 100644 --- a/test/test_key_factory.rb +++ b/test/test_key_factory.rb @@ -130,6 +130,12 @@ class TestKeyFactory < NetSSHTest assert_equal ecdsa_sha2_nistp256_key_fingerprint_sha256, Net::SSH::KeyFactory.load_private_key('/key-file').fingerprint('sha256') end + def test_load_should_parse_openssh_format_private_ecdsa_sha2_nistp256_key + File.expects(:read).with(@key_file).returns(ecdsa_sha2_nistp256_key_openssh) + assert_equal ecdsa_sha2_nistp256_key.to_blob, + Net::SSH::KeyFactory.load_private_key('/key-file').to_blob + end + def test_load_unencrypted_private_ecdsa_sha2_nistp384_key_should_have_fp_md5 File.expects(:read).with(@key_file).returns(ecdsa_sha2_nistp384_key.to_pem) assert_equal ecdsa_sha2_nistp384_key_fingerprint_md5, Net::SSH::KeyFactory.load_private_key('/key-file').fingerprint @@ -140,6 +146,12 @@ class TestKeyFactory < NetSSHTest assert_equal ecdsa_sha2_nistp384_key_fingerprint_sha256, Net::SSH::KeyFactory.load_private_key('/key-file').fingerprint('sha256') end + def test_load_should_parse_openssh_format_private_ecdsa_sha2_nistp384_key + File.expects(:read).with(@key_file).returns(ecdsa_sha2_nistp384_key_openssh) + assert_equal ecdsa_sha2_nistp384_key.to_blob, + Net::SSH::KeyFactory.load_private_key('/key-file').to_blob + end + def test_load_unencrypted_private_ecdsa_sha2_nistp521_key_should_have_fp_md5 File.expects(:read).with(@key_file).returns(ecdsa_sha2_nistp521_key.to_pem) assert_equal ecdsa_sha2_nistp521_key_fingerprint_md5, Net::SSH::KeyFactory.load_private_key('/key-file').fingerprint @@ -150,6 +162,12 @@ class TestKeyFactory < NetSSHTest assert_equal ecdsa_sha2_nistp521_key_fingerprint_sha256, Net::SSH::KeyFactory.load_private_key('/key-file').fingerprint('sha256') end + def test_load_should_parse_openssh_format_private_ecdsa_sha2_nistp521_key + File.expects(:read).with(@key_file).returns(ecdsa_sha2_nistp521_key_openssh) + assert_equal ecdsa_sha2_nistp521_key.to_blob, + Net::SSH::KeyFactory.load_private_key('/key-file').to_blob + end + def test_load_public_ecdsa_sha2_nistp256_key_should_return_key File.expects(:read).with(@key_file).returns(public(ecdsa_sha2_nistp256_key)) assert_equal ecdsa_sha2_nistp256_key.to_blob, Net::SSH::KeyFactory.load_public_key('/key-file').to_blob @@ -206,6 +224,19 @@ class TestKeyFactory < NetSSHTest @ecdsa_sha2_nistp256_key ||= OpenSSL::PKey::EC.new("-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINv6pPVLlkqvT1v5MJlWgaSWGwqupISG4U79bUXQDNCaoAoGCCqGSM49\nAwEHoUQDQgAElqubvi/GkSme+bwtncU1NiE0dWQ0EO07VufUQg8lUJ5+Fi6f96qa\n95T1zwOMQhY1h8PP9rQIZr4S48vN/ZnQLw==\n-----END EC PRIVATE KEY-----\n") end + def ecdsa_sha2_nistp256_key_openssh + @ecdsa_sha2_nistp256_key_openssh ||= <<~EOF + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS + 1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSWq5u+L8aRKZ75vC2dxTU2ITR1ZDQQ + 7TtW59RCDyVQnn4WLp/3qpr3lPXPA4xCFjWHw8/2tAhmvhLjy839mdAvAAAAoN5nLLHeZy + yxAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJarm74vxpEpnvm8 + LZ3FNTYhNHVkNBDtO1bn1EIPJVCefhYun/eqmveU9c8DjEIWNYfDz/a0CGa+EuPLzf2Z0C + 8AAAAhANv6pPVLlkqvT1v5MJlWgaSWGwqupISG4U79bUXQDNCaAAAAAAECAwQFBgc= + -----END OPENSSH PRIVATE KEY----- + EOF + end + def ecdsa_sha2_nistp256_key_fingerprint_md5 'ed:9e:cd:74:41:a4:37:ae:99:9e:9a:c3:de:04:c9:e1' end @@ -218,6 +249,21 @@ class TestKeyFactory < NetSSHTest @ecdsa_sha2_nistp384_key ||= OpenSSL::PKey::EC.new("-----BEGIN EC PRIVATE KEY-----\nMIGkAgEBBDBxwkmydCn4mP4KMhlMpeBvIroQolWKVNoRPXpG7brFgK+Yiikqw8wd\nIZW5OlL4y3mgBwYFK4EEACKhZANiAARkoIR1oABi+aQJbKcmvzeYSKURQOyXM0HU\nR4T68v4hd/lJE4fFQRczj3wAaECe9u3CWI/oDlow4Vr0vab82ZGjIoblxblKQWYl\nyzENgzl226waGg1bLBo8Auilyf1B5yI=\n-----END EC PRIVATE KEY-----\n") end + def ecdsa_sha2_nistp384_key_openssh + @ecdsa_sha2_nistp384_key_openssh ||= <<~EOF + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS + 1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQRkoIR1oABi+aQJbKcmvzeYSKURQOyX + M0HUR4T68v4hd/lJE4fFQRczj3wAaECe9u3CWI/oDlow4Vr0vab82ZGjIoblxblKQWYlyz + ENgzl226waGg1bLBo8Auilyf1B5yIAAADI+tMSfPrTEnwAAAATZWNkc2Etc2hhMi1uaXN0 + cDM4NAAAAAhuaXN0cDM4NAAAAGEEZKCEdaAAYvmkCWynJr83mEilEUDslzNB1EeE+vL+IX + f5SROHxUEXM498AGhAnvbtwliP6A5aMOFa9L2m/NmRoyKG5cW5SkFmJcsxDYM5dtusGhoN + WywaPALopcn9QeciAAAAMHHCSbJ0KfiY/goyGUyl4G8iuhCiVYpU2hE9ekbtusWAr5iKKS + rDzB0hlbk6UvjLeQAAAAA= + -----END OPENSSH PRIVATE KEY----- + EOF + end + def ecdsa_sha2_nistp384_key_fingerprint_md5 '87:5a:c0:a0:23:55:22:05:ca:16:4d:cc:0c:e5:e7:74' end @@ -230,6 +276,23 @@ class TestKeyFactory < NetSSHTest @ecdsa_sha2_nistp521_key ||= OpenSSL::PKey::EC.new("-----BEGIN EC PRIVATE KEY-----\nMIHbAgEBBEHQ2i7kjEGQHQB4pUQW9a2eCLWR2S5Go8U3CDyfbRCrYEp/pTSgI8uu\nMXyR3bf3SjqFQgZ6MZk5lkyrissJuwmvZKAHBgUrgQQAI6GBiQOBhgAEAN14FACK\nbs/KTqw4rxijeozGTVJTh1hNzBl2XaIhM4Fv8o3fE/pvogymyFu53GCng6gC4dmx\n/hycF41iIM29xVKPAeBnRNl6MdFBjuthOmE8eCRezgk1Bak8aBDUrzNT8OQssscw\npvQK4nc6ga/wTDaQGy5kV8tCOHNs2wKH+p2LpWTJ\n-----END EC PRIVATE KEY-----\n") end + def ecdsa_sha2_nistp521_key_openssh + @ecdsa_sha2_nistp384_key_openssh ||= <<~EOF + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS + 1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQA3XgUAIpuz8pOrDivGKN6jMZNUlOH + WE3MGXZdoiEzgW/yjd8T+m+iDKbIW7ncYKeDqALh2bH+HJwXjWIgzb3FUo8B4GdE2Xox0U + GO62E6YTx4JF7OCTUFqTxoENSvM1Pw5CyyxzCm9AridzqBr/BMNpAbLmRXy0I4c2zbAof6 + nYulZMkAAAEA7yORv+8jkb8AAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ + AAAIUEAN14FACKbs/KTqw4rxijeozGTVJTh1hNzBl2XaIhM4Fv8o3fE/pvogymyFu53GCn + g6gC4dmx/hycF41iIM29xVKPAeBnRNl6MdFBjuthOmE8eCRezgk1Bak8aBDUrzNT8OQsss + cwpvQK4nc6ga/wTDaQGy5kV8tCOHNs2wKH+p2LpWTJAAAAQgDQ2i7kjEGQHQB4pUQW9a2e + CLWR2S5Go8U3CDyfbRCrYEp/pTSgI8uuMXyR3bf3SjqFQgZ6MZk5lkyrissJuwmvZAAAAA + ABAg== + -----END OPENSSH PRIVATE KEY----- + EOF + end + def ecdsa_sha2_nistp521_key_fingerprint_md5 '6d:5f:10:80:18:4a:69:f3:e3:70:a3:87:90:81:9a:11' end |