Skip to content

Raise on unknown private key PEM types #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
btoews merged 2 commits into from
Feb 5, 2019
Merged

Raise on unknown private key PEM types #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bea4818
raise on unknown private key PEM types
btoews Feb 5, 2019
93d6584
raise on encyrpted private key PEM type
btoews Feb 5, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions lib/ssh_data/encoding.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ def decode_public_key(raw, algo=nil, offset=0)
end

unless fields = KEY_FIELDS_BY_PUBLIC_KEY_ALGO[algo]
raise AlgorithmError, "unknown algorithm: #{algo}"
raise AlgorithmError, "unknown algorithm: #{algo.inspect}"
end

data, read = decode_fields(raw, fields, offset + total_read)
Expand Down Expand Up @@ -282,7 +282,7 @@ def decode_certificate(raw, offset=0)
total_read += read

unless key_algo = PUBLIC_KEY_ALGO_BY_CERT_ALGO[data[:algo]]
raise AlgorithmError
raise AlgorithmError, "unknown algorithm: #{key_algo.inspect}"
end

data[:key_data], read = decode_public_key(raw, key_algo, offset + total_read)
Expand Down
16 changes: 11 additions & 5 deletions lib/ssh_data/private_key.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,19 @@
module SSHData
module PrivateKey
OPENSSH_PEM_TYPE = "OPENSSH PRIVATE KEY"
RSA_PEM_TYPE = "RSA PRIVATE KEY"
DSA_PEM_TYPE = "DSA PRIVATE KEY"
ECDSA_PEM_TYPE = "EC PRIVATE KEY"
OPENSSH_PEM_TYPE = "OPENSSH PRIVATE KEY"
RSA_PEM_TYPE = "RSA PRIVATE KEY"
DSA_PEM_TYPE = "DSA PRIVATE KEY"
ECDSA_PEM_TYPE = "EC PRIVATE KEY"
ENCRYPTED_PEM_TYPE = "ENCRYPTED PRIVATE KEY"

# Parse an SSH private key.
#
# key - An PEM encoded OpenSSH private key.
#
# Returns an Array of PrivateKey::Base subclass instances.
def self.parse(key)
case Encoding.pem_type(key)
pem_type = Encoding.pem_type(key)
case pem_type
when OPENSSH_PEM_TYPE
parse_openssh(key)
when RSA_PEM_TYPE
Expand All @@ -20,6 +22,10 @@ def self.parse(key)
[DSA.from_openssl(OpenSSL::PKey::DSA.new(key))]
when ECDSA_PEM_TYPE
[ECDSA.from_openssl(OpenSSL::PKey::EC.new(key))]
when ENCRYPTED_PEM_TYPE
raise DecryptError, "cannot decode encrypted private keys"
else
raise AlgorithmError, "unknown PEM type: #{pem_type.inspect}"
end
rescue OpenSSL::PKey::PKeyError => e
raise DecodeError, "bad private key. maybe encrypted?"
Expand Down
46 changes: 46 additions & 0 deletions spec/private_key_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,50 @@
end
end
end

it "raises on unknown PEM types" do
expect {
described_class.parse(<<-PEM.gsub(/^ /, ""))
-----BEGIN FOOBAR-----
asdf
-----END FOOBAR-----
PEM
}.to raise_error(SSHData::AlgorithmError)
end

it "raises on encrypted PEM type" do
expect {
described_class.parse(<<-PEM.gsub(/^ /, ""))
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE6TAbBgkqhkiG9w0BBQMwDgQIcWWgZeQYPTcCAggABIIEyLoa5b3ktcPmy4VB
hHkpHzVSEsKJPmQTUaQvUwIp6+hYZeuOk78EPehrYJ/QezwJRdyBoD51oOxqWCE2
fZ5Wf6Mi/9NIuPyqQccP2ouErcMAcDLaAx9C0Ot37yoG0S6hOZgaxqwnCdGYKHgS
7cYUv40kLOJmTOJlHJbatfXHocrHcHkCBJ1q8wApA1KVQIZsqmyBUBuwbrfFwpC9
d/R674XxCWJpXvU63VNZRFYUvd7YEWCrdSeleb99p0Vn1kxI5463PXurgs/7GPiO
SLSdX44DESP9l7lXenC4gbuT8P0xQRDzGrB5l9HHoV3KMXFODWTMnLcp1nuhA0OT
fPS2yzT9zJgqHiVKWgcUUJ5uDelVfnsmDhnh428p0GBFbniH07qREC9kq78UqQNI
Kybp4jQ4sPs64zdYm/VyLWtAYz8QNAKHLcnPwmTPr/XlJmox8rlQhuSQTK8E+lDr
TOKpydrijN3lF+pgyUuUj6Ha8TLMcOOwqcrpBig4SGYoB56gjAO0yTE9uCPdBakj
yxi3ksn51ErigGM2pGMNcVdwkpJ/x+DEBBO0auy3t9xqM6LK8pwNcOT1EWO+16zY
79LVSavc49t+XxMc3Xasz/G5xQgD1FBp6pEnsg5JhTTG/ih6Y/DQD8z3prjC3qKc
rpL4NA9KBI/IF1iIXlrfmN/zCKbBuEOEGqwcHBDHPySZbhL2XLSpGcK/NBl1bo1Z
G+2nUTauoC67Qb0+fnzTcvOiMNAbHMiqkirs4anHX33MKL2gR/3dp8ca9hhWWXZz
Mkk2FK9sC/ord9F6mTtvTiOSDzpiEhb94uTxXqBhIbsrGXCUUd0QQN5s2dmW2MfS
M35KeSv2rwDGzC1+Qf3MhHGIZDqoQwuZEzM5yHHafCatAbZd2sjaFWegg0r2ca7a
eZkZFj3ZuDYXJFnL82guOASh7rElWO2Ys7ncXAKnaV3WkkF+JDv/CUHr+Q/h6Ae5
qEvgubTCVSYHzRP37XJItlcdywTIcTY+t6jymmyEBJ66LmUoD47gt/vDUSbhT6Oa
GlcZ+MZGlUnPOSq4YknOgwKH8izboY4UgVCrmXvlaZYQhZemNDkVbpYVDf+s6cPf
tJwVoZf+qf2SsRTUsI10isoIzCyGw2ie8kmipdP434Z/99uVU3zxD6raNDlyp33q
FWMgpr2JU6NVAla7N51g7Jk8VjIIn7SvCYyWkmvv4kLB1UHl3NFqYb9YuIZUaDyt
j/NMcKMLLOaEorRZ2N2mDNoihMxMf8J3J9APnzUigAtaalGKNOrd2Fom5OVADePv
Tb5sg1uVQzfcpFrjIlLVh+2cekX0JM84phbMpHmm5vCjjfYvUvcMy0clCf0x3jz6
LZf5Fzc8xbZmpse5OnOrsDLCNh+SlcYOzsagSZq4TgvSeI9Tr4lv48dLJHCCcYKL
eymS9nhlCFuuHbi7zI7edcI49wKUW1Sj+kvKq3LMIEkMlgzqGKA6JqSVxHP51VH5
FqV4aKq70H6dNJ43bLVRPhtF5Bip5P7k/6KIsGTPUd54PHey+DuWRjitfheL0G2w
GF/qoZyC1mbqdtyyeWgHtVbJVUORmpbNnXOII9duEqBUNDiO9VSZNn/8h/VsYeAB
xryZaRDVmtMuf/OZBQ==
-----END ENCRYPTED PRIVATE KEY-----
PEM
}.to raise_error(SSHData::DecryptError)
end
end