paramiko.rsakey

36 """ - 37 Representation of an RSA key which can be used to sign and verify SSH2 - 38 data. - 39 """ - 40 -

41 - def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None): -

42 self.n = None - 43 self.e = None - 44 self.d = None - 45 self.p = None - 46 self.q = None - 47 if file_obj is not None: - 48 self._from_private_key(file_obj, password) - 49 return - 50 if filename is not None: - 51 self._from_private_key_file(filename, password) - 52 return - 53 if (msg is None) and (data is not None): - 54 msg = Message(data) - 55 if vals is not None: - 56 self.e, self.n = vals - 57 else: - 58 if msg is None: - 59 raise SSHException('Key object may not be empty') - 60 if msg.get_string() != 'ssh-rsa': - 61 raise SSHException('Invalid key') - 62 self.e = msg.get_mpint() - 63 self.n = msg.get_mpint() - 64 self.size = util.bit_length(self.n) -

65 -

66 - def __str__(self): -

67 m = Message() - 68 m.add_string('ssh-rsa') - 69 m.add_mpint(self.e) - 70 m.add_mpint(self.n) - 71 return str(m) -

72 -

73 - def __hash__(self): -

74 h = hash(self.get_name()) - 75 h = h * 37 + hash(self.e) - 76 h = h * 37 + hash(self.n) - 77 return hash(h) -

78 -

79 - def get_name(self): -

80 return 'ssh-rsa' -

81 -

82 - def get_bits(self): -

83 return self.size -

84 -

85 - def can_sign(self): -

86 return self.d is not None -

87 -

88 - def sign_ssh_data(self, rpool, data): -

89 digest = SHA.new(data).digest() - 90 rsa = RSA.construct((long(self.n), long(self.e), long(self.d))) - 91 sig = util.deflate_long(rsa.sign(self._pkcs1imify(digest), '')[0], 0) - 92 m = Message() - 93 m.add_string('ssh-rsa') - 94 m.add_string(sig) - 95 return m -

96 -

97 - def verify_ssh_sig(self, data, msg): -

98 if msg.get_string() != 'ssh-rsa': - 99 return False -100 sig = util.inflate_long(msg.get_string(), True) -101 # verify the signature by SHA'ing the data and encrypting it using the -102 # public key. some wackiness ensues where we "pkcs1imify" the 20-byte -103 # hash into a string as long as the RSA key. -104 hash_obj = util.inflate_long(self._pkcs1imify(SHA.new(data).digest()), True) -105 rsa = RSA.construct((long(self.n), long(self.e))) -106 return rsa.verify(hash_obj, (sig,)) -

107 -

108 - def _encode_key(self): -

109 if (self.p is None) or (self.q is None): -110 raise SSHException('Not enough key info to write private key file') -111 keylist = [ 0, self.n, self.e, self.d, self.p, self.q, -112 self.d % (self.p - 1), self.d % (self.q - 1), -113 util.mod_inverse(self.q, self.p) ] -114 try: -115 b = BER() -116 b.encode(keylist) -117 except BERException: -118 raise SSHException('Unable to create ber encoding of key') -119 return str(b) -

120 -

121 - def write_private_key_file(self, filename, password=None): -

122 self._write_private_key_file('RSA', filename, self._encode_key(), password) -

123 -

124 - def write_private_key(self, file_obj, password=None): -

125 self._write_private_key('RSA', file_obj, self._encode_key(), password) -

126 -

127 - def generate(bits, progress_func=None): -

128 """ -129 Generate a new private RSA key. This factory function can be used to -130 generate a new host key or authentication key. -131 -132 @param bits: number of bits the generated key should be. -133 @type bits: int -134 @param progress_func: an optional function to call at key points in -135 key generation (used by C{pyCrypto.PublicKey}). -136 @type progress_func: function -137 @return: new private key -138 @rtype: L{RSAKey} -139 """ -140 rsa = RSA.generate(bits, rng.read, progress_func) -141 key = RSAKey(vals=(rsa.e, rsa.n)) -142 key.d = rsa.d -143 key.p = rsa.p -144 key.q = rsa.q -145 return key -

146 generate = staticmethod(generate) -147 -148 -149 ### internals... -150 -151 -

152 - def _pkcs1imify(self, data): -

153 """ -154 turn a 20-byte SHA1 hash into a blob of data as large as the key's N, -155 using PKCS1's \"emsa-pkcs1-v1_5\" encoding. totally bizarre. -156 """ -157 SHA1_DIGESTINFO = '\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14' -158 size = len(util.deflate_long(self.n, 0)) -159 filler = '\xff' * (size - len(SHA1_DIGESTINFO) - len(data) - 3) -160 return '\x00\x01' + filler + '\x00' + SHA1_DIGESTINFO + data -

161 -

162 - def _from_private_key_file(self, filename, password): -

163 data = self._read_private_key_file('RSA', filename, password) -164 self._decode_key(data) -

165 -

166 - def _from_private_key(self, file_obj, password): -

167 data = self._read_private_key('RSA', file_obj, password) -168 self._decode_key(data) -

169 -

170 - def _decode_key(self, data): -

171 # private key file contains: -172 # RSAPrivateKey = { version = 0, n, e, d, p, q, d mod p-1, d mod q-1, q**-1 mod p } -173 try: -174 keylist = BER(data).decode() -175 except BERException: -176 raise SSHException('Unable to parse key file') -177 if (type(keylist) is not list) or (len(keylist) < 4) or (keylist[0] != 0): -178 raise SSHException('Not a valid RSA private key file (bad ber encoding)') -179 self.n = keylist[1] -180 self.e = keylist[2] -181 self.d = keylist[3] -182 # not really needed -183 self.p = keylist[4] -184 self.q = keylist[5] -185 self.size = util.bit_length(self.n) -

Source Code for Module paramiko.rsakey