Commitb4f2b62

porridgewithraisins

authored and

gopherbot

committed

ssh: fix error message on unsupported cipher

Until now, when ssh keys using one of these[1] ciphers were passed, we weregiving a parse error "ssh: parse error in message type 0".With this fix, we parse it successfully and return the correct error message.[1] aes{128,256}-gcm@openssh.com and chacha20-poly1305@openssh.comFixesgolang/go#52135Change-Id: I3010fff43c48f29f21edb8d63f44e167861a054eGitHub-Last-Rev:14ac7e9GitHub-Pull-Request:#324Reviewed-on:https://go-review.googlesource.com/c/crypto/+/709275Reviewed-by: Nicola Murino <nicola.murino@gmail.com>Reviewed-by: Michael Pratt <mpratt@google.com>Reviewed-by: Junyang Shao <shaojunyang@google.com>Auto-Submit: Nicola Murino <nicola.murino@gmail.com>LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

1 parent79ec3a5 commitb4f2b62Copy full SHA for b4f2b62

File tree

3 files changed

+63

-0

lines changed

ssh
- keys.go
- keys_test.go
- testdata
  - keys.go

3 files changed

+63

-0

lines changed

`‎ssh/keys.go‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1490,6 +1490,7 @@ type openSSHEncryptedPrivateKey struct {`
`1490`	`1490`	`NumKeysuint32`
`1491`	`1491`	`PubKey []byte`
`1492`	`1492`	`PrivKeyBlock []byte`
	`1493`	+Rest []byte`ssh:"rest"`
`1493`	`1494`	`}`
`1494`	`1495`
`1495`	`1496`	`typeopenSSHPrivateKeystruct {`

`‎ssh/keys_test.go‎`

Lines changed: 15 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -271,6 +271,21 @@ func TestParseEncryptedPrivateKeysWithPassphrase(t *testing.T) {`
`271`	`271`	`}`
`272`	`272`	`}`
`273`	`273`
	`274`	`+funcTestParseEncryptedPrivateKeysWithUnsupportedCiphers(t*testing.T) {`
	`275`	`+for_,tt:=rangetestdata.UnsupportedCipherData {`
	`276`	`+t.Run(tt.Name,func(t*testing.T){`
	`277`	`+_,err:=ParsePrivateKeyWithPassphrase(tt.PEMBytes, []byte(tt.EncryptionKey))`
	`278`	`+iferr==nil {`
	`279`	`+t.Fatalf("expected 'unknown cipher' error for %q, got nil",tt.Name)`
	`280`	`+// If this cipher is now supported, remove it from testdata.UnsupportedCipherData`
	`281`	`+ }`
	`282`	`+if!strings.Contains(err.Error(),"unknown cipher") {`
	`283`	`+t.Errorf("wanted 'unknown cipher' error, got %v",err.Error())`
	`284`	`+ }`
	`285`	`+ })`
	`286`	`+ }`
	`287`	`+}`
	`288`	`+`
`274`	`289`	`funcTestParseEncryptedPrivateKeysWithIncorrectPassphrase(t*testing.T) {`
`275`	`290`	`pem:=testdata.PEMEncryptedKeys[0].PEMBytes`
`276`	`291`	`fori:=0;i<4096;i++ {`

`‎ssh/testdata/keys.go‎`

Lines changed: 47 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -310,6 +310,53 @@ gbDGyT3bXMQtagvCwoW+/oMTKXiZP5jCJpEO8=`
`310`	`310`	`},`
`311`	`311`	`}`
`312`	`312`
	`313`	`+varUnsupportedCipherData= []struct {`
	`314`	`+Namestring`
	`315`	`+EncryptionKeystring`
	`316`	`+PEMBytes []byte`
	`317`	`+} {`
	`318`	`+0: {`
	`319`	`+Name:"ed25519-encrypted-chacha20-poly1305",`
	`320`	`+EncryptionKey:"password",`
	`321`	+PEMBytes: []byte(`-----BEGIN OPENSSH PRIVATE KEY-----
	`322`	`+b3BlbnNzaC1rZXktdjEAAAAAHWNoYWNoYTIwLXBvbHkxMzA1QG9wZW5zc2guY29tAAAABm`
	`323`	`+JjcnlwdAAAABgAAAAQdPyPIjXDRAVHskY0yp9SWwAAAGQAAAABAAAAMwAAAAtzc2gtZWQy`
	`324`	`+NTUxOQAAACBi6qXITEUrmNce/c2lfozxALlKH3o/6sll8G7wzl1lvQAAAJDNlW1sEkvnK0`
	`325`	`+8EecF1vHdPk85yClbh3KkHv09mbGAX/Gk6cJpYEGgJSkO7OEF4kG9DVGGd17+TZbTnM4LD`
	`326`	`+vYAJZExx2XLgJFEtHCVmJjYzwxx7yC7+s6u/XjrSlZS60RHunOPKyq+C+s48sejXvmX+t5`
	`327`	`+0ZoVCI8aftT0ycis3gvLU9sCwJ2UnF6kAV226Z4g2aLkuJbgCDTEcYCRD64K1r`
	`328`	`+-----END OPENSSH PRIVATE KEY-----`
	`329`	+`),
	`330`	`+},`
	`331`	`+1: {`
	`332`	`+Name:"ed25519-encrypted-aes128-gcm",`
	`333`	`+EncryptionKey:"password",`
	`334`	+PEMBytes: []byte(`-----BEGIN OPENSSH PRIVATE KEY-----
	`335`	`+b3BlbnNzaC1rZXktdjEAAAAAFmFlczEyOC1nY21Ab3BlbnNzaC5jb20AAAAGYmNyeXB0AA`
	`336`	`+AAGAAAABBeMJIOqiyFwNCvDv6f8tQeAAAAZAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAA`
	`337`	`+IGYpUcb3tGp9kF6pppcUdq3EPMr85BaSUdhiXGbhS5YNAAAAkNBtMEu0UlLgToThuQc+4m`
	`338`	`+/o0DfFIERu0sspQivn5RJHCtulVKfU9BMiEnF0+LOMOABMlYesgLOtoMxwm4ZCSWH54kZk`
	`339`	`+vaFyyvvxY+RLDuWNQZCryffIA4+iLCUQR1EdxMDiJweKnGJuD64a+9xTJt47A3Vq4SYzji`
	`340`	`+EuVmM0FqS8lbT2ynYSe3va0Qyw13jEO5qbtCuyG+C5GejL7kX4Z64=`
	`341`	`+-----END OPENSSH PRIVATE KEY-----`
	`342`	+`),
	`343`	`+},`
	`344`	`+2: {`
	`345`	`+Name:"ed25519-encrypted-aes256-gcm",`
	`346`	`+EncryptionKey:"password",`
	`347`	+PEMBytes: []byte(`-----BEGIN OPENSSH PRIVATE KEY-----
	`348`	`+b3BlbnNzaC1rZXktdjEAAAAAFmFlczI1Ni1nY21Ab3BlbnNzaC5jb20AAAAGYmNyeXB0AA`
	`349`	`+AAGAAAABBR1p3vH2Wr/HPL+q20L2rjAAAAZAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAA`
	`350`	`+IM3tT1xrAuOHcrBdoLRo/ojWZsAw2lHfF5hJgFEOts5MAAAAkH/YGrDhDw8u+F8e4P+84B`
	`351`	`+tAzvp55Lf1Yl7y34BrVmqlWqw/7boqahOp6iYJHNpcuanzc5T6s7Z3wSSYodbY1uvFOfbj`
	`352`	`+rtP6rIHQIY5J2C40WOYJN8IkZlkwDXwZY0qoE9699ZYmWdwsXRZ7QDhjd2W8ziyZBsttiB`
	`353`	`+kv2ceuJMLT04TrKc2+RUkj4CQYnz7p8EkgZlUozx8wBSxKFGnkP7k=`
	`354`	`+-----END OPENSSH PRIVATE KEY-----`
	`355`	+`),
	`356`	`+},`
	`357`	`+}`
	`358`	`+`
	`359`	`+`
`313`	`360`	`// SKData contains a list of PubKeys backed by U2F/FIDO2 Security Keys and their test data.`
`314`	`361`	`varSKData= []struct {`
`315`	`362`	`Namestring`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb4f2b62

File tree

3 files changed

3 files changed

`‎ssh/keys.go‎`

`‎ssh/keys_test.go‎`

`‎ssh/testdata/keys.go‎`

0 commit comments