openssl-additions 0.7.1 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 960c29488ad97c87c67fa2b6aa7a286a51b4678ab190ebc628a3d55efcb9125a
-  data.tar.gz: 284c3dc79c7325406e06567c7e2c34d6439b3050f8bf25202b088e5a1fe802f7
+  metadata.gz: 9d01b46bfb7b9b7ede0a8bb827bcd9471fc77b9b742e0c05f48e3f087d5825fe
+  data.tar.gz: 997750442f217b63103d55aef642d668f2979075cf8e7d96fd50e4e00e13ee5e
 SHA512:
-  metadata.gz: 578c11f9214f96bb30aed6332fb8893fdd547a66b5d0c6c10fff5df39dbcc5d48d71966dce0f88b2e52344d7ac4cf126fd829939fbf75783b61ae801b93eebb7
-  data.tar.gz: 788e22b2e62c2d1573ce49d4c6de45f56af518f1bb0476e7a83856164480d81a9f3cfbd6cad41b4d801817078069c75d76c7b20d8603ba8f9720bc9d9184fd83
+  metadata.gz: 9baca53d9a137c51dc68e1dc57187864cad7aba656616752a7d5c7d8493a0650372923969313f080623283990e31d81d4fe6ecdf55b28d31b8cb8a5c9e160b1a
+  data.tar.gz: 0a6ce69fa390f8295e81dad132b5994031eeb28fa8df962c6aad957404bf3eb36e7f877a37e9e4d96f82a08b6d95567187bfdc14ed17006d314af85f373aa04d

data/lib/openssl/ssh_pkey.rb

@@ -296,7 +296,7 @@ module OpenSSL::PKey
   end
 
   def self.decode_public_ssh_key(s)
-    if s =~ /\A(ssh|ecdsa)-[a-z0-9-]+ /
+    if s =~ /\A(sk-)?(ssh|ecdsa)-/
       # WHOOP WHOOP prefixed key detected.
       s = s.split(" ")[1]
     else
@@ -313,27 +313,50 @@ module OpenSSL::PKey
 
     case parts.first
     when "ssh-rsa"
-      OpenSSL::PKey::RSA.new.tap do |k|
-        # n, e
-        k.set_key(ssh_key_mpi_decode(parts[2]), ssh_key_mpi_decode(parts[1]), nil)
-      end
-    when "ssh-dss"
-      OpenSSL::PKey::DSA.new.tap do |k|
-        # Self-explanatory, one would hope
-        k.set_pqg(ssh_key_mpi_decode(parts[1]), ssh_key_mpi_decode(parts[2]), ssh_key_mpi_decode(parts[3]))
-      end
+      e = ssh_key_mpi_decode(parts[1])
+      n = ssh_key_mpi_decode(parts[2])
+
+      # OpenSSL 3.0 stole our set_key, so we now have to play silly DER round-trip games... sigh
+      OpenSSL::PKey.read(
+        OpenSSL::ASN1::Sequence.new([
+          OpenSSL::ASN1::Sequence.new([
+            OpenSSL::ASN1::ObjectId.new("rsaEncryption"),
+            OpenSSL::ASN1::Null.new(nil),
+          ]),
+          OpenSSL::ASN1::BitString.new(
+            OpenSSL::ASN1::Sequence.new([
+              OpenSSL::ASN1::Integer.new(n),
+              OpenSSL::ASN1::Integer.new(e),
+            ]).to_der
+          ),
+        ]).to_der
+      )
     when /ecdsa-sha2-/
-      begin
-        OpenSSL::PKey::EC.new(SSH_CURVE_NAME_MAP[parts[1]]).tap do |k|
-          k.public_key = OpenSSL::PKey::EC::Point.new(k.group, parts[2])
-        end
-      rescue TypeError
-        raise OpenSSL::PKey::PKeyError.new,
-              "Unknown curve identifier #{parts[1]}"
+      curve_name = SSH_CURVE_NAME_MAP[parts[1]]
+      if curve_name.nil?
+        raise OpenSSL::PKey::PKeyError.new, "Unknown curve identifier #{parts[1]}"
       end
+      point = parts[2]
+
+      # OpenSSL 3.0 stole our set_key, so we now have to play silly DER round-trip games... sigh
+      OpenSSL::PKey.read(
+        OpenSSL::ASN1::Sequence.new([
+          OpenSSL::ASN1::Sequence.new([
+            OpenSSL::ASN1::ObjectId.new("id-ecPublicKey"),
+            OpenSSL::ASN1::ObjectId.new(curve_name),
+          ]),
+          OpenSSL::ASN1::BitString.new(point),
+        ]).to_der
+      )
+    when "ssh-ed25519", "sk-ssh-ed25519@openssh.com"
+      # The Ruby OpenSSL bindings don't appear to provide a way to directly construct
+      # an ed25519 key from its parts; instead, we've got to encode our own public key
+      # DER and then get OpenSSL to read it.  Thankfully, ed25519 keys aren't too
+      # complicated to construct in DER.
+      OpenSSL::PKey.read(OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::ObjectId.new("ED25519")]), OpenSSL::ASN1::BitString.new(parts[1])]).to_der)
     else
       raise OpenSSL::PKey::PKeyError,
-            "Unknown key type #{parts.first.inspect}"
+            "Unsupported key type #{parts.first.inspect}"
     end
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openssl-additions
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.8.0
 platform: ruby
 authors:
 - Matt Palmer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-05-13 00:00:00.000000000 Z
+date: 2024-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler