-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/ssh: doesn't always return x509.IncorrectPasswordError when it should #62265
Comments
@sqweek I would like to take a look, but I need a reproducer. Can you please share more details about your key and/or create a new similar key that allow us to investigate this issue? I have tested the keys in our testdata package and I cannot replicate the reported issue. Thank you! |
IIRC this key started its life unencrypted and I added the passphrase later which may be related, but it also might rely on software versions which are many years old. I know that's not much but that's all the details I have sorry. I do have time to experiment with code if you can offer any suggestions around what circumstance might trigger a "length too large" false positive. |
Yep I found a go debugger (delve) and your suspicion is correct. Specifically the second byte in the slice passed into
I don't think If I trace the execution when using a different incorrect passphrase that does produce an In the case where
And also:
I would be very surprised if SSH keys do not have a mechanism to authenticate the ciphertext, so this suggests that the fault really lies with Based on the mechanism here I suspect this can be reproduced with any key, simply by trying enough passphrases. I'll have a quick go at building a reproducer against a junk key using this hypothesis. |
Yep. Here's a key which can be used to reproduce: junk_key.txt The correct key for this passphrase is
|
Change https://go.dev/cl/538835 mentions this issue: |
@sqweek do you have time to test the linked CL? Thank you! |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I'm working with SSH private keys encrypted by passphrases, and thus using
ssh.ParseRawPrivateKeyWithPassphrase
during the decryption process. In some cases when an incorrect passphrase is provided, the function does not honour its interface.What did you expect to see?
The documentation for the function says:
What did you see instead?
With one specific passphrase/key combination, I instead saw this error:
This is a key I use every day with normal SSH tools so I know it is valid. Also if I provide the correct passphrase to the function then everything works, and other incorrect passhprases do result in an
x509.IncorrectPasswordError
as expected -- it's quite an obscure failure.Unfortunately I cannot provide the key itself to reproduce, for obvious reasons. I spent some time tracing the decryption code path but was unable to get clarity myself. It may relate to the slightly antiquated/odd structure of my SSH key, which I am happy to share:
No idea how I generated this one, it was a long time ago. The incorrect passphrase which generated the asn1 structure error was
ooooo
.The text was updated successfully, but these errors were encountered: