diff options
Diffstat (limited to 'paramiko/ecdsakey.py')
-rw-r--r-- | paramiko/ecdsakey.py | 59 |
1 files changed, 29 insertions, 30 deletions
diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py index ac840ab..6736315 100644 --- a/paramiko/ecdsakey.py +++ b/paramiko/ecdsakey.py @@ -21,16 +21,15 @@ L{ECDSAKey} """ import binascii +from hashlib import sha256 + from ecdsa import SigningKey, VerifyingKey, der, curves -from ecdsa.util import number_to_string, sigencode_string, sigencode_strings, sigdecode_strings -from Crypto.Hash import SHA256, MD5 -from Crypto.Cipher import DES3 +from ecdsa.test_pyecdsa import ECDSA -from paramiko.common import * -from paramiko import util +from paramiko.common import four_byte, one_byte from paramiko.message import Message -from paramiko.ber import BER, BERException from paramiko.pkey import PKey +from paramiko.py3compat import byte_chr, u from paramiko.ssh_exception import SSHException @@ -56,30 +55,33 @@ class ECDSAKey (PKey): else: if msg is None: raise SSHException('Key object may not be empty') - if msg.get_string() != 'ecdsa-sha2-nistp256': + if msg.get_text() != 'ecdsa-sha2-nistp256': raise SSHException('Invalid key') - curvename = msg.get_string() + curvename = msg.get_text() if curvename != 'nistp256': raise SSHException("Can't handle curve of type %s" % curvename) - pointinfo = msg.get_string() - if pointinfo[0] != "\x04": - raise SSHException('Point compression is being used: %s'% + pointinfo = msg.get_binary() + if pointinfo[0:1] != four_byte: + raise SSHException('Point compression is being used: %s' % binascii.hexlify(pointinfo)) self.verifying_key = VerifyingKey.from_string(pointinfo[1:], - curve=curves.NIST256p) + curve=curves.NIST256p) self.size = 256 - def __str__(self): + def asbytes(self): key = self.verifying_key m = Message() m.add_string('ecdsa-sha2-nistp256') m.add_string('nistp256') - point_str = "\x04" + key.to_string() + point_str = four_byte + key.to_string() m.add_string(point_str) - return str(m) + return m.asbytes() + + def __str__(self): + return self.asbytes() def __hash__(self): h = hash(self.get_name()) @@ -96,23 +98,22 @@ class ECDSAKey (PKey): def can_sign(self): return self.signing_key is not None - def sign_ssh_data(self, rpool, data): - digest = SHA256.new(data).digest() - sig = self.signing_key.sign_digest(digest, entropy=rpool.read, - sigencode=self._sigencode) + def sign_ssh_data(self, data): + sig = self.signing_key.sign_deterministic( + data, sigencode=self._sigencode, hashfunc=sha256) m = Message() m.add_string('ecdsa-sha2-nistp256') m.add_string(sig) return m def verify_ssh_sig(self, data, msg): - if msg.get_string() != 'ecdsa-sha2-nistp256': + if msg.get_text() != 'ecdsa-sha2-nistp256': return False - sig = msg.get_string() + sig = msg.get_binary() # verify the signature by SHA'ing the data and encrypting it # using the public key. - hash_obj = SHA256.new(data).digest() + hash_obj = sha256(data).digest() return self.verifying_key.verify_digest(sig, hash_obj, sigdecode=self._sigdecode) @@ -142,10 +143,8 @@ class ECDSAKey (PKey): return key generate = staticmethod(generate) - ### internals... - def _from_private_key_file(self, filename, password): data = self._read_private_key_file('EC', filename, password) self._decode_key(data) @@ -154,14 +153,14 @@ class ECDSAKey (PKey): data = self._read_private_key('EC', file_obj, password) self._decode_key(data) - ALLOWED_PADDINGS = ['\x01', '\x02\x02', '\x03\x03\x03', '\x04\x04\x04\x04', - '\x05\x05\x05\x05\x05', '\x06\x06\x06\x06\x06\x06', - '\x07\x07\x07\x07\x07\x07\x07'] + ALLOWED_PADDINGS = [one_byte, byte_chr(2) * 2, byte_chr(3) * 3, byte_chr(4) * 4, + byte_chr(5) * 5, byte_chr(6) * 6, byte_chr(7) * 7] + def _decode_key(self, data): s, padding = der.remove_sequence(data) if padding: if padding not in self.ALLOWED_PADDINGS: - raise ValueError, "weird padding: %s" % (binascii.hexlify(empty)) + raise ValueError("weird padding: %s" % u(binascii.hexlify(data))) data = data[:-len(padding)] key = SigningKey.from_der(data) self.signing_key = key @@ -172,10 +171,10 @@ class ECDSAKey (PKey): msg = Message() msg.add_mpint(r) msg.add_mpint(s) - return str(msg) + return msg.asbytes() def _sigdecode(self, sig, order): msg = Message(sig) r = msg.get_mpint() s = msg.get_mpint() - return (r, s) + return r, s |