Fix invalid RSA key conversion in ssh_key

This solves signatures not working in the current version of russh_keys, which were previously incorrect due to an upstream bug (see RustCrypto/SSH#318)
Eugeny · Dec 1, 2024 · 9805a7e · 9805a7e
1 parent ff95994
commit 9805a7e
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 5 deletions.
diff --git a/cryptovec/src/platform/mod.rs b/cryptovec/src/platform/mod.rs
@@ -19,18 +19,16 @@ pub use windows::{memset, mlock, munlock};
 
 #[cfg(test)]
 mod tests {
-    use wasm_bindgen_test::wasm_bindgen_test;
-
     use super::*;
 
-    #[wasm_bindgen_test]
+    #[test]
     fn test_memset() {
         let mut buf = vec![0u8; 10];
         memset(buf.as_mut_ptr(), 0xff, buf.len());
         assert_eq!(buf, vec![0xff; 10]);
     }
 
-    #[wasm_bindgen_test]
+    #[test]
     fn test_memset_partial() {
         let mut buf = vec![0u8; 10];
         memset(buf.as_mut_ptr(), 0xff, 5);

diff --git a/russh-keys/src/agent/server.rs b/russh-keys/src/agent/server.rs
@@ -342,7 +342,35 @@ impl<S: AsyncRead + AsyncWrite + Send + Unpin + 'static, A: Agent + Send + Sync
         writebuf.push(msg::SIGN_RESPONSE);
         let data = Bytes::decode(r)?;
 
-        let signature = signature::Signer::try_sign(&*key, &data)?;
+        // TODO only needed until https://github.com/RustCrypto/SSH/pull/318 is released
+        let signature = match key.key_data() {
+            ssh_key::private::KeypairData::Rsa(rsa_keypair) => {
+                let pk = rsa::RsaPrivateKey::from_components(
+                    <rsa::BigUint as std::convert::TryFrom<_>>::try_from(&rsa_keypair.public.n)?,
+                    <rsa::BigUint as std::convert::TryFrom<_>>::try_from(&rsa_keypair.public.e)?,
+                    <rsa::BigUint as std::convert::TryFrom<_>>::try_from(&rsa_keypair.private.d)?,
+                    vec![
+                        <rsa::BigUint as std::convert::TryFrom<_>>::try_from(
+                            &rsa_keypair.private.p,
+                        )?,
+                        <rsa::BigUint as std::convert::TryFrom<_>>::try_from(
+                            &rsa_keypair.private.q,
+                        )?,
+                    ],
+                )?;
+                let signature = signature::Signer::try_sign(
+                    &mut rsa::pkcs1v15::SigningKey::<sha2::Sha512>::new(pk),
+                    &data,
+                )?;
+                ssh_key::Signature::new(
+                    ssh_key::Algorithm::Rsa {
+                        hash: Some(ssh_key::HashAlg::Sha512),
+                    },
+                    <rsa::pkcs1v15::Signature as signature::SignatureEncoding>::to_vec(&signature),
+                )?
+            }
+            keypair => signature::Signer::try_sign(keypair, &data)?,
+        };
         signature.encoded()?.encode(writebuf)?;
 
         let len = writebuf.len();