fix loading ECDSA keys in new openssh private key format

(also Blacken new ecdsa format key test)
author: Pierce Lopez <pierce.lopez@gmail.com> 2019-12-05 17:19:35 -0500
committer: Pierce Lopez <pierce.lopez@gmail.com> 2019-12-05 18:00:20 -0500
commit: 59c1c9e2fca05609fc88ad14e3fa752b5651ef9f (patch)
tree: e2fc3ac20e0a010afd89a243bae80b128414d0ea
parent: bc6a789041a6d9ccaabeb7841be4781008cd5772 (diff)
2 files changed, 17 insertions, 6 deletions
diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py
index 28d1222b..3d3d09be 100644
--- a/paramiko/ecdsakey.py
+++ b/paramiko/ecdsakey.py
@@ -292,10 +292,21 @@ class ECDSAKey(PKey):
             except (ValueError, AssertionError) as e:
                 raise SSHException(str(e))
         elif pkformat == self._PRIVATE_KEY_FORMAT_OPENSSH:
-            curve, verkey, sigkey = self._uint32_cstruct_unpack(data, "sss")
             try:
-                key = ec.derive_private_key(sigkey, curve, default_backend())
-            except (AttributeError, TypeError) as e:
+                msg = Message(data)
+                curve_name = msg.get_text()
+                verkey = msg.get_binary()  # noqa: F841
+                sigkey = msg.get_mpint()
+                name = "ecdsa-sha2-" + curve_name
+                curve = self._ECDSA_CURVES.get_by_key_format_identifier(name)
+                if not curve:
+                    raise SSHException("Invalid key curve identifier")
+                key = ec.derive_private_key(
+                    sigkey, curve.curve_class(), default_backend()
+                )
+            except Exception as e:
+                # PKey._read_private_key_openssh() should check or return
+                # keytype - parsing could fail for any reason due to wrong type
                 raise SSHException(str(e))
         else:
             self._got_bad_key_format_id(pkformat)
diff --git a/tests/test_pkey.py b/tests/test_pkey.py
index 086319ce..17893ca2 100644
--- a/tests/test_pkey.py
+++ b/tests/test_pkey.py
@@ -467,12 +467,12 @@ class KeyTest(unittest.TestCase):
 
     def test_load_openssh_format_EC_key(self):
         key = ECDSAKey.from_private_key_file(
-            _support('test_ecdsa_384_openssh.key'), b'television'
+            _support("test_ecdsa_384_openssh.key"), b"television"
         )
-        self.assertEqual('ecdsa-sha2-nistp384', key.get_name())
+        self.assertEqual("ecdsa-sha2-nistp384", key.get_name())
         self.assertEqual(PUB_EC_384_OPENSSH.split()[1], key.get_base64())
         self.assertEqual(384, key.get_bits())
-        exp_fp = b(FINGER_EC_384_OPENSSH.split()[1].replace(':', ''))
+        exp_fp = b(FINGER_EC_384_OPENSSH.split()[1].replace(":", ""))
         my_fp = hexlify(key.get_fingerprint())
         self.assertEqual(exp_fp, my_fp)
author	Pierce Lopez <pierce.lopez@gmail.com>	2019-12-05 17:19:35 -0500
committer	Pierce Lopez <pierce.lopez@gmail.com>	2019-12-05 18:00:20 -0500
commit	59c1c9e2fca05609fc88ad14e3fa752b5651ef9f (patch)
tree	e2fc3ac20e0a010afd89a243bae80b128414d0ea
parent	bc6a789041a6d9ccaabeb7841be4781008cd5772 (diff)