Mercurial > kallithea
changeset 7989:e7be0cbb7850 stable
ssh: fix parsing of ed25519 keys
When attempting to use ed25519 SSH keys, parse_pub_key() failed with:
SshKeyParseError: Incorrect SSH key - base64 part is not 'ssh-ed25519' as claimed but 'ssh-ed25519'
The problem was the hardcoding of the string length of the key type -- 7 or
'\x07' -- which fits ssh-rsa and ssh-dss but not ssh-ed25519.
(Fix was simplified by Mads Kiilerich.)
author | Adi Kriegisch <adi@cg.tuwien.ac.at> |
---|---|
date | Fri, 06 Dec 2019 21:21:24 +0100 |
parents | 690e7a035521 |
children | 01dbd21d206c 353c8f419553 |
files | kallithea/lib/ssh.py |
diffstat | 1 files changed, 2 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/ssh.py Fri Dec 06 21:13:41 2019 +0100 +++ b/kallithea/lib/ssh.py Fri Dec 06 21:21:24 2019 +0100 @@ -66,11 +66,8 @@ >>> parse_pub_key(''' ssh-rsa AAAAB3NzaC1yc2EAAAALVGhpcyBpcyBmYWtlIQ== and a comment ... ''') ('ssh-rsa', '\x00\x00\x00\x07ssh-rsa\x00\x00\x00\x0bThis is fake!', 'and a comment\n') - >>> # FIXME below test shows incorrect behavior -- to be fixed in a subsequent commit >>> parse_pub_key('''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP1NA2kBQIKe74afUXmIWD9ByDYQJqUwW44Y4gJOBRuo''') - Traceback (most recent call last): - ... - SshKeyParseError: Incorrect SSH key - base64 part is not 'ssh-ed25519' as claimed but 'ssh-ed25519' + ('ssh-ed25519', '\x00\x00\x00\x0bssh-ed25519\x00\x00\x00 \xfdM\x03i\x01@\x82\x9e\xef\x86\x9fQy\x88X?A\xc86\x10&\xa50[\x8e\x18\xe2\x02N\x05\x1b\xa8', '') """ if not ssh_key: raise SshKeyParseError(_("SSH key is missing")) @@ -91,7 +88,7 @@ except binascii.Error: raise SshKeyParseError(_("Incorrect SSH key - failed to decode base64 part %r") % keyvalue) - if not decoded.startswith('\x00\x00\x00\x07' + str(keytype) + '\x00'): + if not decoded.startswith('\x00\x00\x00' + chr(len(keytype)) + str(keytype) + '\x00'): raise SshKeyParseError(_("Incorrect SSH key - base64 part is not %r as claimed but %r") % (str(keytype), str(decoded[4:].split('\0', 1)[0]))) return keytype, decoded, comment