2 files changed, 71 insertions, 9 deletions

diff --git a/src/cryptography/hazmat/primitives/serialization.py b/src/cryptography/hazmat/primitives/serialization.py
index 083f17e5..67f8a644 100644
--- a/src/cryptography/hazmat/primitives/serialization.py
+++ b/src/cryptography/hazmat/primitives/serialization.py
@@ -7,11 +7,10 @@ from __future__ import absolute_import, division, print_function
 import base64
 import struct
 
+import six
+
 from cryptography.exceptions import UnsupportedAlgorithm
-from cryptography.hazmat.primitives.asymmetric.dsa import (
-    DSAParameterNumbers, DSAPublicNumbers
-)
-from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers
+from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
 
 
 def load_pem_private_key(data, password, backend):
@@ -41,6 +40,10 @@ def load_ssh_public_key(data, backend):
         return _load_ssh_rsa_public_key(decoded_data, backend)
     elif key_type == b'ssh-dss':
         return _load_ssh_dss_public_key(decoded_data, backend)
+    elif key_type in [
+        b'ecdsa-sha2-nistp256', b'ecdsa-sha2-nistp384', b'ecdsa-sha2-nistp521',
+    ]:
+        return _load_ssh_ecdsa_public_key(key_type, decoded_data, backend)
     else:
         raise UnsupportedAlgorithm(
             'Only RSA and DSA keys are currently supported.'
@@ -59,7 +62,7 @@ def _load_ssh_rsa_public_key(decoded_data, backend):
     if rest:
         raise ValueError('Key body contains extra bytes.')
 
-    return RSAPublicNumbers(e, n).public_key(backend)
+    return rsa.RSAPublicNumbers(e, n).public_key(backend)
 
 
 def _load_ssh_dss_public_key(decoded_data, backend):
@@ -71,17 +74,51 @@ def _load_ssh_dss_public_key(decoded_data, backend):
 
     if key_type != b'ssh-dss':
         raise ValueError(
-            'Key header and key body contain different key type values.')
+            'Key header and key body contain different key type values.'
+        )
 
     if rest:
         raise ValueError('Key body contains extra bytes.')
 
-    parameter_numbers = DSAParameterNumbers(p, q, g)
-    public_numbers = DSAPublicNumbers(y, parameter_numbers)
+    parameter_numbers = dsa.DSAParameterNumbers(p, q, g)
+    public_numbers = dsa.DSAPublicNumbers(y, parameter_numbers)
 
     return public_numbers.public_key(backend)
 
 
+def _load_ssh_ecdsa_public_key(expected_key_type, decoded_data, backend):
+    key_type, rest = _read_next_string(decoded_data)
+    curve_name, rest = _read_next_string(rest)
+    data, rest = _read_next_string(rest)
+
+    if key_type != expected_key_type != b"ecdsa-sha2" + curve_name:
+        raise ValueError(
+            'Key header and key body contain different key type values.'
+        )
+
+    if rest:
+        raise ValueError('Key body contains extra bytes.')
+
+    if key_type == "ecdsa-sha2-nistp256":
+        curve = ec.SECP256R1()
+    elif key_type == "ecdsa-sha2-nistp384":
+        curve = ec.SECP384R1()
+    elif key_type == "ecdsa-sha2-nistp521":
+        curve = ec.SECP521R1()
+
+    if len(data) != 1 + 2 * (curve.key_size // 8):
+        raise ValueError("Malformed key bytes")
+
+    if six.indexbytes(data, 0) != 4:
+        raise NotImplementedError(
+            "Compressed elliptic curve points are not supported"
+        )
+
+    x = _int_from_bytes(data[1:1 + curve.key_size // 8], byteorder='big')
+    y = _int_from_bytes(data[1 + curve.key_size // 8:], byteorder='big')
+    return ec.EllipticCurvePublicNumbers(x, y, curve).public_key(backend)
+
+
 def _read_next_string(data):
     """Retrieves the next RFC 4251 string value from the data."""
     str_len, = struct.unpack('>I', data[:4])
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
index f3166d7b..10afa9d5 100644
--- a/tests/hazmat/primitives/test_serialization.py
+++ b/tests/hazmat/primitives/test_serialization.py
@@ -576,7 +576,7 @@ class TestPEMSerialization(object):
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 class TestRSASSHSerialization(object):
     def test_load_ssh_public_key_unsupported(self, backend):
-        ssh_key = b'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTY='
+        ssh_key = b'ecdsa-sha2-junk AAAAE2VjZHNhLXNoYTItbmlzdHAyNTY='
 
         with pytest.raises(UnsupportedAlgorithm):
             load_ssh_public_key(ssh_key, backend)
@@ -784,3 +784,28 @@ class TestDSSSSHSerialization(object):
         )
 
         assert numbers == expected
+
+
+@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
+class TestECDSASSHSerialization(object):
+    def test_load_ssh_public_key_ecdsa_nist_p256(self, backend):
+        ssh_key = (
+            b"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAy"
+            b"NTYAAABBBGG2MfkHXp0UkxUyllDzWNBAImsvt5t7pFtTXegZK2WbGxml8zMrgWi5"
+            b"teIg1TO03/FD9hbpBFgBeix3NrCFPls= root@cloud-server-01"
+        )
+        key = load_ssh_public_key(ssh_key, backend)
+        assert isinstance(key, interfaces.EllipticCurvePublicKey)
+
+        expected_x = int(
+            "44196257377740326295529888716212621920056478823906609851236662550"
+            "785814128027", 10
+        )
+        expected_y = int(
+            "12257763433170736656417248739355923610241609728032203358057767672"
+            "925775019611", 10
+        )
+
+        assert key.public_numbers() == ec.EllipticCurvePublicNumbers(
+            expected_x, expected_y, ec.SECP256R1()
+        )