Tighten private key checking to reveal padding issue

Author: scott-xu

src/Renci.SshNet/Security/Cryptography/DsaKey.cs

@@ -113,16 +113,19 @@ public DsaKey(byte[] privateKeyData)
         {
             ThrowHelper.ThrowIfNull(privateKeyData);
 
-            var der = new AsnReader(privateKeyData, AsnEncodingRules.DER).ReadSequence();
-            _ = der.ReadInteger(); // skip version
+            var keyReader = new AsnReader(privateKeyData, AsnEncodingRules.DER);
+            var sequenceReader = keyReader.ReadSequence();
+            keyReader.ThrowIfNotEmpty();
 
-            P = der.ReadInteger();
-            Q = der.ReadInteger();
-            G = der.ReadInteger();
-            Y = der.ReadInteger();
-            X = der.ReadInteger();
+            _ = sequenceReader.ReadInteger(); // skip version
 
-            der.ThrowIfNotEmpty();
+            P = sequenceReader.ReadInteger();
+            Q = sequenceReader.ReadInteger();
+            G = sequenceReader.ReadInteger();
+            Y = sequenceReader.ReadInteger();
+            X = sequenceReader.ReadInteger();
+
+            sequenceReader.ThrowIfNotEmpty();
 
             DSA = LoadDSA();
         }

src/Renci.SshNet/Security/Cryptography/EcdsaKey.cs

@@ -218,18 +218,21 @@ public EcdsaKey(string curve, byte[] publickey, byte[] privatekey)
         /// <param name="data">DER encoded private key data.</param>
         public EcdsaKey(byte[] data)
         {
-            var der = new AsnReader(data, AsnEncodingRules.DER).ReadSequence();
-            _ = der.ReadInteger(); // skip version
+            var keyReader = new AsnReader(data, AsnEncodingRules.DER);
+            var sequenceReader = keyReader.ReadSequence();
+            keyReader.ThrowIfNotEmpty();
 
-            var privatekey = der.ReadOctetString().TrimLeadingZeros();
+            _ = sequenceReader.ReadInteger(); // skip version
 
-            var s0 = der.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0, isConstructed: true));
+            var privatekey = sequenceReader.ReadOctetString().TrimLeadingZeros();
+
+            var s0 = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0, isConstructed: true));
             var curve = s0.ReadObjectIdentifier();
 
-            var s1 = der.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 1, isConstructed: true));
+            var s1 = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 1, isConstructed: true));
             var pubkey = s1.ReadBitString(out _);
 
-            der.ThrowIfNotEmpty();
+            sequenceReader.ThrowIfNotEmpty();
 
             _impl = Import(curve, pubkey, privatekey);
         }

src/Renci.SshNet/Security/Cryptography/RsaKey.cs

@@ -161,19 +161,22 @@ public RsaKey(byte[] privateKeyData)
         {
             ThrowHelper.ThrowIfNull(privateKeyData);
 
-            var der = new AsnReader(privateKeyData, AsnEncodingRules.DER).ReadSequence();
-            _ = der.ReadInteger(); // skip version
-
-            Modulus = der.ReadInteger();
-            Exponent = der.ReadInteger();
-            D = der.ReadInteger();
-            P = der.ReadInteger();
-            Q = der.ReadInteger();
-            DP = der.ReadInteger();
-            DQ = der.ReadInteger();
-            InverseQ = der.ReadInteger();
-
-            der.ThrowIfNotEmpty();
+            var keyReader = new AsnReader(privateKeyData, AsnEncodingRules.DER);
+            var sequenceReader = keyReader.ReadSequence();
+            keyReader.ThrowIfNotEmpty();
+
+            _ = sequenceReader.ReadInteger(); // skip version
+
+            Modulus = sequenceReader.ReadInteger();
+            Exponent = sequenceReader.ReadInteger();
+            D = sequenceReader.ReadInteger();
+            P = sequenceReader.ReadInteger();
+            Q = sequenceReader.ReadInteger();
+            DP = sequenceReader.ReadInteger();
+            DQ = sequenceReader.ReadInteger();
+            InverseQ = sequenceReader.ReadInteger();
+
+            sequenceReader.ThrowIfNotEmpty();
 
             RSA = RSA.Create();
             RSA.ImportParameters(GetRSAParameters());