Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

cryptosign: reading private ssh key is broken

See original GitHub issue

Using this example but replacing a call to cryptosign.SigningKey.from_raw_key with cryptosign.SigningKey.from_ssh_key (as I had my private ssh key as a text file) fails, as there is an apparent bug out there, I narrowed it down to a simple test case below.

>>> from autobahn.wamp.cryptosign import SigningKey
>>> SigningKey.from_ssh_key('/home/om26er/.ssh/id_ed25519')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.5/dist-packages/autobahn/wamp/cryptosign.py", line 561, in from_ssh_key
    keydata, comment = _read_ssh_ed25519_privkey(keydata)
  File "/usr/local/lib/python3.5/dist-packages/autobahn/wamp/cryptosign.py", line 244, in _read_ssh_ed25519_privkey
    raise Exception('invalid OpenSSH private key (padlen={}, actual_pad={}, expected_pad={})'.format(len(pad), pad, _makepad(len(pad))))
Exception: invalid OpenSSH private key (padlen=7, actual_pad=b'\x01\x02\x03\x04\x05\x06\x07', expected_pad=)

The hack was to comment out this condition. I believe we are making some assumptions there that may not be always correct.

Issue Analytics

State:
Created 6 years ago
Comments:9 (5 by maintainers)

Top GitHub Comments

2reactions

sethrhcommented, Feb 13, 2018

The autobahn.wamp.cryptosign._makepad function doesn’t work properly in Python 3.

_makepad(6) returns '\x01\x02\x03\x04\x05\x06' (a str) rather than b'\x01\x02\x03\x04\x05\x06' (bytes). The str/bytes type difference causes the pad != _makepad(len(pad)) the statement to fail.

My workaround is to monkey patch it:

import autobahn.wamp.cryptosign
def _makepad_py3(size):
    return bytes(range(1, size + 1))
autobahn.wamp.cryptosign._makepad = _makepad_py3

This solution unfortunately does not work in Python2. To make it compatible with both, you’d need to do something like this:

def _makepad_py23(size): 
    ''.join([chr(x) for x in range(1, size + 1)]).encode('ascii')

(I would hope there is a cleaner-looking solution, but that seems to work.)

0reactions

oberstetcommented, Apr 9, 2022

fixed via https://github.com/crossbario/autobahn-python/pull/1543

test:

(cpy39_1) (base) oberstet@intel-nuci7:~/scm/crossbario/autobahn-python$ ssh-keygen -t ed25519 -f /tmp/id_ed25519
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /tmp/id_ed25519
Your public key has been saved in /tmp/id_ed25519.pub
The key fingerprint is:
SHA256:6ce5TX9KqKZAtEVk31ktodyrfbG0OPM8iZHtLh1ox7w oberstet@intel-nuci7
The key's randomart image is:
+--[ED25519 256]--+
|       .+     oo |
|       o . o =. .|
|      . . . = .. |
|     . o .     . |
|      o S     Bo |
|     . . . . Oo*+|
|      . . + =+Oo=|
|       . ..= ==E.|
|        .oo . =*.|
+----[SHA256]-----+
(cpy39_1) (base) oberstet@intel-nuci7:~/scm/crossbario/autobahn-python$ python -c "from autobahn.wamp.cryptosign import SigningKey; SigningKey.from_ssh_key('/tmp/id_ed25519')"
(cpy39_1) (base) oberstet@intel-nuci7:~/scm/crossbario/autobahn-python$ make test_cryptosign
USE_ASYNCIO=1 trial autobahn.wamp.test.test_wamp_cryptosign
autobahn.wamp.test.test_wamp_cryptosign
  TestAuth
    test_authenticator ...                                                 [OK]
    test_testvectors ...                                                   [OK]
    test_valid ...                                                         [OK]
  TestKey
    test_key ...                                                           [OK]
    test_pad ...                                                           [OK]
    test_pubkey ...                                                        [OK]

-------------------------------------------------------------------------------
Ran 6 tests in 0.087s

PASSED (successes=6)
USE_TWISTED=1 trial autobahn.wamp.test.test_wamp_cryptosign
autobahn.wamp.test.test_wamp_cryptosign
  TestAuth
    test_authenticator ...                                                 [OK]
    test_testvectors ...                                                   [OK]
    test_valid ...                                                         [OK]
  TestKey
    test_key ...                                                           [OK]
    test_pad ...                                                           [OK]
    test_pubkey ...                                                        [OK]

-------------------------------------------------------------------------------
Ran 6 tests in 0.089s

PASSED (successes=6)
(cpy39_1) (base) oberstet@intel-nuci7:~/scm/crossbario/autobahn-python$