Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Key.privateBlob is wrong for ECDSA #9682

Closed
twisted-trac opened this issue Jul 31, 2019 · 3 comments
Closed

Key.privateBlob is wrong for ECDSA #9682

twisted-trac opened this issue Jul 31, 2019 · 3 comments
Labels
bug conch fixed priority-normal

Comments

@twisted-trac
Copy link

cjwatson's avatar @cjwatson reported
Trac ID trac#9682
Type defect
Created 2019-07-31 13:48:44Z

In ce1b014 and #1053, I successfully argued that the encoding of ECDSA keys expected by Key._fromString_PRIVATE_BLOB was wrong: this is currently only used by the agent protocol, and the de-facto implementation of that in OpenSSH differed from that previously implemented in Twisted. We changed Twisted to match.

However, when I was fixing the decoder, I missed that Key.privateBlob implements a corresponding encoder, so now round-tripping fails for ECDSA keys:

>>> from twisted.conch.ssh import keys
>>> from twisted.conch.test import keydata
>>> ecdsaKey = keys.Key._fromECComponents(**keydata.ECDatanistp256)
>>> keys.Key._fromString_PRIVATE_BLOB(ecdsaKey.privateBlob())
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/cjwatson/src/python/twisted/twisted/build/py36-alldeps-nocov/lib/python3.6/site-packages/twisted/conch/ssh/keys.py", line 292, in _fromString_PRIVATE_BLOB
    'type %r' % (curveName, keyType))
twisted.conch.ssh.keys.BadKeyError: ECDSA curve name b'\x00\xa8\xa6_P\xd9\xef\xe4#\xd1*_x\xf3\x1b\xa3Z[\xeb!\xa4\x01\xbee\xed\xdb\x82\xd6_9\xe7 \xfb' does not match key type b'ecdsa-sha2-nistp256'

This doesn't make much difference today because Key.privateBlob is unused outside tests, but failing to round-trip is clearly unhelpful. The most obvious use case for this method is in writing the OpenSSH v1 private key format, and I discovered this discrepancy in the process of doing that.

Searchable metadata 
trac-id__9682 9682
type__defect defect
reporter__cjwatson cjwatson
priority__normal normal
milestone__None None
branch__ 
branch_author__ 
status__closed closed
resolution__fixed fixed
component__conch conch
keywords__None None
time__1564580924631536 1564580924631536
changetime__1571655809872531 1571655809872531
version__None None
owner__Colin_Watson__cjwatson_____ Colin Watson <cjwatson@...>
@twisted-trac
Copy link
Author

cjwatson's avatar @cjwatson commented

#1172

@twisted-trac
Copy link
Author

hawkowl's avatar @hawkowl commented

lgtm

@twisted-trac
Copy link
Author

cjwatson's avatar @cjwatson set owner to @cjwatson
@cjwatson set status to closed

In changeset 1f9d14b

#!CommitTicketReference repository="" revision="1f9d14b1b32b1bc88d035f0994832172122a30bb"
Merge cjwatson:9682-conch-fix-ecdsa-private-blob: Fix writing of ECDSA private blob format (#1172)

Author: cjwatson
Reviewer: hawkowl
Fixes: ticket:9682

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug conch fixed priority-normal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@twisted-trac