From 066dcf4899366768b20cdfbd4195d2492739af00 Mon Sep 17 00:00:00 2001
From: dreizehnutters <reach.fmk@gmail.com>
Date: Sat, 22 Jun 2024 17:38:08 +0200
Subject: [PATCH] fix for https://github.com/jtesta/ssh-audit/issues/275

---
 src/ssh_audit/hostkeytest.py | 16 +++++++++++++---
 src/ssh_audit/ssh_audit.py   |  6 +-----
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/ssh_audit/hostkeytest.py b/src/ssh_audit/hostkeytest.py
index 094b2b7..e3ade55 100644
--- a/src/ssh_audit/hostkeytest.py
+++ b/src/ssh_audit/hostkeytest.py
@@ -50,9 +50,19 @@ class HostKeyTest:
         'rsa-sha2-256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
         'rsa-sha2-512-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
 
-        'ssh-ed25519':                      {'cert': False, 'variable_key_len': False},
-        'ssh-ed25519-cert-v01@openssh.com': {'cert': True, 'variable_key_len': False},
-    }
+        'ssh-ed25519':                      {'cert': False, 'variable_key_len': True},
+        'ssh-ed25519-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
+
+        'ecdsa-sha2-nistp256':              {'cert': False, 'variable_key_len': True},
+        'ecdsa-sha2-nistp256-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
+
+        'ecdsa-sha2-nistp384':              {'cert': False, 'variable_key_len': True},
+        'ecdsa-sha2-nistp384-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True},
+
+        'ecdsa-sha2-nistp521':              {'cert': False, 'variable_key_len': True},
+        'ecdsa-sha2-nistp521-cert-v01@openssh.com': {'cert': True, 'variable_key_len': True}
+}
+
 
     TWO2K_MODULUS_WARNING = '2048-bit modulus only provides 112-bits of symmetric strength'
     SMALL_ECC_MODULUS_WARNING = '224-bit ECC modulus only provides 112-bits of symmetric strength'
diff --git a/src/ssh_audit/ssh_audit.py b/src/ssh_audit/ssh_audit.py
index 4fff3ae..f6bb269 100755
--- a/src/ssh_audit/ssh_audit.py
+++ b/src/ssh_audit/ssh_audit.py
@@ -1148,17 +1148,13 @@ def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[s
             }
             if algorithm in host_keys:
                 hostkey_info = host_keys[algorithm]
-                hostkey_size = cast(int, hostkey_info['hostkey_size'])
-
+                entry['keysize'] = cast(int, hostkey_info['hostkey_size'])
                 ca_type = ''
                 ca_size = 0
                 if 'ca_key_type' in hostkey_info:
                     ca_type = cast(str, hostkey_info['ca_key_type'])
                 if 'ca_key_size' in hostkey_info:
                     ca_size = cast(int, hostkey_info['ca_key_size'])
-
-                if algorithm in HostKeyTest.RSA_FAMILY or algorithm.startswith('ssh-rsa-cert-v0'):
-                    entry['keysize'] = hostkey_size
                 if ca_size > 0:
                     entry['ca_algorithm'] = ca_type
                     entry['casize'] = ca_size