Allow ssh-rsa keys to be used for rsa-sha2-* auth (#290)

This worked before [this change](194430b#diff-81b0128d04a2d9a37bdc6931dec1cb426a8ff7c6ad4ef10e1555ca3e29f08380L159), and is permitted by the specification, as can be seen in [the example in section 3.2 of RFC8332](https://www.rfc-editor.org/rfc/rfc8332#section-3.2).
warp-tech · May 26, 2024 · 9cce48c · 9cce48c
1 parent 7e407d2
commit 9cce48c
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/russh-keys/src/key.rs b/russh-keys/src/key.rs
@@ -136,7 +136,16 @@ impl PublicKey {
     pub fn parse(algo: &[u8], pubkey: &[u8]) -> Result<Self, Error> {
         use ssh_encoding::Decode;
         let key_data = &ssh_key::public::KeyData::decode(&mut pubkey.reader(0))?;
-        if key_data.algorithm().as_str().as_bytes() != algo {
+        let key_algo = key_data.algorithm();
+        let key_algo = key_algo.as_str().as_bytes();
+        if key_algo == b"ssh-rsa" {
+            if algo != SSH_RSA.as_ref().as_bytes()
+                && algo != RSA_SHA2_256.as_ref().as_bytes()
+                && algo != RSA_SHA2_512.as_ref().as_bytes()
+            {
+                return Err(Error::KeyIsCorrupt);
+            }
+        } else if key_algo != algo {
             return Err(Error::KeyIsCorrupt);
         }
         Self::try_from(key_data)