validate that ec curve matches algo

2019-01-28 10:59:23 -07:00 · 2019-01-28 10:59:23 -07:00 · 322c6c64fb
--- a/lib/ssh_data/public_key/dsa.rb
+++ b/lib/ssh_data/public_key/dsa.rb
@ -51,7 +51,7 @@ module SSHData

      def initialize(algo:, p:, q:, g:, y:)
        unless algo == ALGO_DSA
-          raise DecodeError, "bad algorithm: #{algo.inpsect}"
+          raise DecodeError, "bad algorithm: #{algo.inspect}"
        end

        @algo = algo
--- a/lib/ssh_data/public_key/ecdsa.rb
+++ b/lib/ssh_data/public_key/ecdsa.rb
@ -57,7 +57,11 @@ module SSHData

      def initialize(algo:, curve:, public_key:)
        unless [ALGO_ECDSA256, ALGO_ECDSA384, ALGO_ECDSA521].include?(algo)
-          raise DecodeError, "bad algorithm: #{algo.inpsect}"
+          raise DecodeError, "bad algorithm: #{algo.inspect}"
+        end
+
+        unless algo == "ecdsa-sha2-#{curve}"
+          raise DecodeError, "bad curve: #{curve.inspect}"
        end

        @algo = algo
--- a/lib/ssh_data/public_key/ed25519.rb
+++ b/lib/ssh_data/public_key/ed25519.rb
@ -11,7 +11,7 @@ module SSHData

      def initialize(algo:, pk:)
        unless algo == ALGO_ED25519
-          raise DecodeError, "bad algorithm: #{algo.inpsect}"
+          raise DecodeError, "bad algorithm: #{algo.inspect}"
        end

        @algo = algo
--- a/lib/ssh_data/public_key/rsa.rb
+++ b/lib/ssh_data/public_key/rsa.rb
@ -5,7 +5,7 @@ module SSHData

      def initialize(algo:, e:, n:)
        unless algo == ALGO_RSA
-          raise DecodeError, "bad algorithm: #{algo.inpsect}"
+          raise DecodeError, "bad algorithm: #{algo.inspect}"
        end

        @algo = algo
--- a/spec/public_key/ecdsa_spec.rb
+++ b/spec/public_key/ecdsa_spec.rb
@ -77,4 +77,17 @@ describe SSHData::PublicKey::ECDSA do
    }.not_to raise_error

  end
+
+  it "blows up if the curve doesn't match the key type" do
+    # outer layer claims to be p384, but curve and public key are p256
+    malformed = [SSHData::PublicKey::ALGO_ECDSA384, Base64.strict_encode64([
+      SSHData::Encoding.encode_string(SSHData::PublicKey::ALGO_ECDSA384),
+      SSHData::Encoding.encode_string(openssh_key.curve),
+      SSHData::Encoding.encode_string(openssh_key.public_key),
+    ].join)].join(" ")
+
+    expect {
+      SSHData::PublicKey.parse(malformed)
+    }.to raise_error(SSHData::DecodeError)
+  end
 end