Ejemplo n.º 1
0
    def sign(self, data):
        """
        Sign some data with this key.

        SECSH-TRANS RFC 4253 Section 6.6.

        @type data: L{bytes}
        @param data: The data to sign.

        @rtype: L{bytes}
        @return: A signature for the given data.
        """
        if self.type() == 'RSA':
            signer = self._keyObject.signer(
                padding.PKCS1v15(), hashes.SHA1())
            signer.update(data)
            ret = common.NS(signer.finalize())

        elif self.type() == 'DSA':
            signer = self._keyObject.signer(hashes.SHA1())
            signer.update(data)
            signature = signer.finalize()
            (r, s) = decode_dss_signature(signature)
            # SSH insists that the DSS signature blob be two 160-bit integers
            # concatenated together. The sig[0], [1] numbers from obj.sign
            # are just numbers, and could be any length from 0 to 160 bits.
            # Make sure they are padded out to 160 bits (20 bytes each)
            ret = common.NS(int_to_bytes(r, 20) + int_to_bytes(s, 20))

        else:
            raise BadKeyError("unknown key type %s" % (self.type(),))
        return common.NS(self.sshType()) + ret
Ejemplo n.º 2
0
    def sign(self, data):
        """
        Sign some data with this key.

        SECSH-TRANS RFC 4253 Section 6.6.

        @type data: L{bytes}
        @param data: The data to sign.

        @rtype: L{bytes}
        @return: A signature for the given data.
        """
        if self.type() == 'RSA':
            signer = self._keyObject.signer(padding.PKCS1v15(), hashes.SHA1())
            signer.update(data)
            ret = common.NS(signer.finalize())

        elif self.type() == 'DSA':
            signer = self._keyObject.signer(hashes.SHA1())
            signer.update(data)
            signature = signer.finalize()
            (r, s) = decode_dss_signature(signature)
            # SSH insists that the DSS signature blob be two 160-bit integers
            # concatenated together. The sig[0], [1] numbers from obj.sign
            # are just numbers, and could be any length from 0 to 160 bits.
            # Make sure they are padded out to 160 bits (20 bytes each)
            ret = common.NS(int_to_bytes(r, 20) + int_to_bytes(s, 20))

        else:
            raise BadKeyError("unknown key type %s" % (self.type(), ))
        return common.NS(self.sshType()) + ret
Ejemplo n.º 3
0
    def sign(self, data):
        """
        Sign some data with this key.

        SECSH-TRANS RFC 4253 Section 6.6.

        @type data: L{bytes}
        @param data: The data to sign.

        @rtype: L{bytes}
        @return: A signature for the given data.
        """
        keyType = self.type()
        if keyType == 'RSA':
            sig = self._keyObject.sign(data, padding.PKCS1v15(), hashes.SHA1())
            ret = common.NS(sig)

        elif keyType == 'DSA':
            sig = self._keyObject.sign(data, hashes.SHA1())
            (r, s) = decode_dss_signature(sig)
            # SSH insists that the DSS signature blob be two 160-bit integers
            # concatenated together. The sig[0], [1] numbers from obj.sign
            # are just numbers, and could be any length from 0 to 160 bits.
            # Make sure they are padded out to 160 bits (20 bytes each)
            ret = common.NS(int_to_bytes(r, 20) + int_to_bytes(s, 20))

        elif keyType == 'EC':  # Pragma: no branch
            # Hash size depends on key size
            keySize = self.size()
            if keySize <= 256:
                hashSize = hashes.SHA256()
            elif keySize <= 384:
                hashSize = hashes.SHA384()
            else:
                hashSize = hashes.SHA512()
            signature = self._keyObject.sign(data, ec.ECDSA(hashSize))
            (r, s) = decode_dss_signature(signature)

            rb = int_to_bytes(r)
            sb = int_to_bytes(s)

            # Int_to_bytes returns rb[0] as a str in python2
            # and an as int in python3
            if type(rb[0]) is str:
                rcomp = ord(rb[0])
            else:
                rcomp = rb[0]

            # If the MSB is set, prepend a null byte for correct formatting.
            if rcomp & 0x80:
                rb = b"\x00" + rb

            if type(sb[0]) is str:
                scomp = ord(sb[0])
            else:
                scomp = sb[0]

            if scomp & 0x80:
                sb = b"\x00" + sb

            ret = common.NS(common.NS(rb) + common.NS(sb))
        return common.NS(self.sshType()) + ret