From 263f6c7610d9ca97c2caa4c653ff73421a982e3a Mon Sep 17 00:00:00 2001
From: Eric Rodrigues Pires <eric@eric.dev.br>
Date: Sat, 30 Nov 2024 19:56:07 -0300
Subject: [PATCH] Fix invalid RSA key conversion in ssh_key

This solves signatures not working in the current version of russh_keys,
which were previously incorrect due to an upstream bug
(see https://github.com/RustCrypto/SSH/pull/318)
---
 cryptovec/src/platform/mod.rs  |  6 ++----
 russh-keys/src/agent/server.rs | 30 +++++++++++++++++++++++++++++-
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/cryptovec/src/platform/mod.rs b/cryptovec/src/platform/mod.rs
index 03ca1099..0ffa16bc 100644
--- a/cryptovec/src/platform/mod.rs
+++ b/cryptovec/src/platform/mod.rs
@@ -19,18 +19,16 @@ pub use windows::{memset, mlock, munlock};
 
 #[cfg(test)]
 mod tests {
-    use wasm_bindgen_test::wasm_bindgen_test;
-
     use super::*;
 
-    #[wasm_bindgen_test]
+    #[test]
     fn test_memset() {
         let mut buf = vec![0u8; 10];
         memset(buf.as_mut_ptr(), 0xff, buf.len());
         assert_eq!(buf, vec![0xff; 10]);
     }
 
-    #[wasm_bindgen_test]
+    #[test]
     fn test_memset_partial() {
         let mut buf = vec![0u8; 10];
         memset(buf.as_mut_ptr(), 0xff, 5);
diff --git a/russh-keys/src/agent/server.rs b/russh-keys/src/agent/server.rs
index 984310a1..615fb3c8 100644
--- a/russh-keys/src/agent/server.rs
+++ b/russh-keys/src/agent/server.rs
@@ -342,7 +342,35 @@ impl<S: AsyncRead + AsyncWrite + Send + Unpin + 'static, A: Agent + Send + Sync
         writebuf.push(msg::SIGN_RESPONSE);
         let data = Bytes::decode(r)?;
 
-        let signature = signature::Signer::try_sign(&*key, &data)?;
+        // TODO only needed until https://github.com/RustCrypto/SSH/pull/318 is released
+        let signature = match key.key_data() {
+            ssh_key::private::KeypairData::Rsa(rsa_keypair) => {
+                let pk = rsa::RsaPrivateKey::from_components(
+                    <rsa::BigUint as std::convert::TryFrom<_>>::try_from(&rsa_keypair.public.n)?,
+                    <rsa::BigUint as std::convert::TryFrom<_>>::try_from(&rsa_keypair.public.e)?,
+                    <rsa::BigUint as std::convert::TryFrom<_>>::try_from(&rsa_keypair.private.d)?,
+                    vec![
+                        <rsa::BigUint as std::convert::TryFrom<_>>::try_from(
+                            &rsa_keypair.private.p,
+                        )?,
+                        <rsa::BigUint as std::convert::TryFrom<_>>::try_from(
+                            &rsa_keypair.private.q,
+                        )?,
+                    ],
+                )?;
+                let signature = signature::Signer::try_sign(
+                    &rsa::pkcs1v15::SigningKey::<sha2::Sha512>::new(pk),
+                    &data,
+                )?;
+                ssh_key::Signature::new(
+                    ssh_key::Algorithm::Rsa {
+                        hash: Some(ssh_key::HashAlg::Sha512),
+                    },
+                    <rsa::pkcs1v15::Signature as signature::SignatureEncoding>::to_vec(&signature),
+                )?
+            }
+            keypair => signature::Signer::try_sign(keypair, &data)?,
+        };
         signature.encoded()?.encode(writebuf)?;
 
         let len = writebuf.len();