def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None): self.p = None self.q = None self.g = None self.y = None self.x = None self.public_blob = None if file_obj is not None: self._from_private_key(file_obj, password) return if filename is not None: self._from_private_key_file(filename, password) return if (msg is None) and (data is not None): msg = Message(data) if vals is not None: self.p, self.q, self.g, self.y = vals else: self._check_type_and_load_cert( msg=msg, key_type='ssh-dss', cert_type='*****@*****.**', ) self.p = msg.get_mpint() self.q = msg.get_mpint() self.g = msg.get_mpint() self.y = msg.get_mpint() self.size = util.bit_length(self.p)
def _decode_key(self, data): pkformat, data = data if pkformat == self.FORMAT_ORIGINAL: try: key = serialization.load_der_private_key( data, password=None, backend=default_backend()) except ValueError as e: raise SSHException(str(e)) elif pkformat == self.FORMAT_OPENSSH: msg = Message(data) n = msg.get_mpint() e = msg.get_mpint() d = msg.get_mpint() iqmp = msg.get_mpint() p = msg.get_mpint() q = msg.get_mpint() public_numbers = rsa.RSAPublicNumbers(e=e, n=n) key = rsa.RSAPrivateNumbers( p=p, q=q, d=d, dmp1=d % (p - 1), dmq1=d % (q - 1), iqmp=iqmp, public_numbers=public_numbers, ).private_key(default_backend()) else: raise SSHException('unknown private key format.') if not isinstance(key, rsa.RSAPrivateKey): raise SSHException("Invalid key type") self.key = key
def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None): self.p = None self.q = None self.g = None self.y = None self.x = None if file_obj is not None: self._from_private_key(file_obj, password) return if filename is not None: self._from_private_key_file(filename, password) return if (msg is None) and (data is not None): msg = Message(data) if vals is not None: self.p, self.q, self.g, self.y = vals else: if msg is None: raise SSHException('Key object may not be empty') if msg.get_text() != 'ssh-dss': raise SSHException('Invalid key') self.p = msg.get_mpint() self.q = msg.get_mpint() self.g = msg.get_mpint() self.y = msg.get_mpint() self.size = paramiko.util.bit_length(self.p)
def __init__( self, msg=None, data=None, filename=None, password=None, key=None, file_obj=None, ): self.key = None self.public_blob = None if file_obj is not None: self._from_private_key(file_obj, password) return if filename is not None: self._from_private_key_file(filename, password) return if (msg is None) and (data is not None): msg = Message(data) if key is not None: self.key = key else: self._check_type_and_load_cert( msg=msg, key_type="ssh-rsa", cert_type="*****@*****.**", ) self.key = rsa.RSAPublicNumbers( e=msg.get_mpint(), n=msg.get_mpint() ).public_key(default_backend())
def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None): self.p = None self.q = None self.g = None self.y = None self.x = None if file_obj is not None: self._from_private_key(file_obj, password) return if filename is not None: self._from_private_key_file(filename, password) return if (msg is None) and (data is not None): msg = Message(data) if vals is not None: self.p, self.q, self.g, self.y = vals else: if msg is None: raise SSHException('Key object may not be empty') if msg.get_text() != 'ssh-dss': raise SSHException('Invalid key') self.p = msg.get_mpint() self.q = msg.get_mpint() self.g = msg.get_mpint() self.y = msg.get_mpint() self.size = util.bit_length(self.p)
def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None, filecontent=None): self.n = None self.e = None self.d = None self.p = None self.q = None if file_obj is not None: self._from_private_key(file_obj, password) return if filename is not None: self._from_private_key_file(filename, password) return if filecontent is not None: self._decode_key(base64.decodestring(filecontent)) return if (msg is None) and (data is not None): msg = Message(data) if vals is not None: self.e, self.n = vals else: if msg is None: raise SSHException('Key object may not be empty') if msg.get_string() != 'ssh-rsa': raise SSHException('Invalid key') self.e = msg.get_mpint() self.n = msg.get_mpint() self.size = util.bit_length(self.n)
def __init__( self, msg=None, data=None, filename=None, password=None, key=None, file_obj=None, ): self.key = None self.public_blob = None if file_obj is not None: self._from_private_key(file_obj, password) return if filename is not None: self._from_private_key_file(filename, password) return if (msg is None) and (data is not None): msg = Message(data) if key is not None: self.key = key else: self._check_type_and_load_cert( msg=msg, # NOTE: this does NOT change when using rsa2 signatures; it's # purely about key loading, not exchange or verification key_type="ssh-rsa", cert_type="*****@*****.**", ) self.key = rsa.RSAPublicNumbers(e=msg.get_mpint(), n=msg.get_mpint()).public_key( default_backend())
def _decode_key(self, data): pkformat, data = data # private key file contains: # DSAPrivateKey = { version = 0, p, q, g, y, x } if pkformat == self.FORMAT_ORIGINAL: try: keylist = BER(data).decode() except BERException as e: raise SSHException("Unable to parse key file: " + str(e)) elif pkformat == self.FORMAT_OPENSSH: msg = Message(data) keylist = [0] + [msg.get_mpint() for _ in range(5)] else: raise SSHException('private key format.') if type(keylist) is not list or len(keylist) < 6 or keylist[0] != 0: raise SSHException( 'not a valid DSA private key file (bad ber encoding)') self.p = keylist[1] self.q = keylist[2] self.g = keylist[3] self.y = keylist[4] self.x = keylist[5] self.size = util.bit_length(self.p)
def _decode_key(self, _raw): pkformat, data = _raw if pkformat == self.FORMAT_ORIGINAL: try: key = serialization.load_der_private_key( data, password=None, backend=default_backend() ) except (ValueError, TypeError, AssertionError, UnsupportedAlgorithm) as e: raise SSHException(str(e)) elif pkformat == self.FORMAT_OPENSSH: msg = Message(data) curve_name = msg.get_text() verkey = msg.get_binary() # noqa: F841 sigkey = msg.get_mpint() curve = self._ECDSA_CURVES.get_by_key_format_identifier("ecdsa-sha2-" + curve_name) if not curve: raise SSHException("Invalid key curve identifier") try: key = ec.derive_private_key(sigkey, curve.curve_class(), default_backend()) except (AttributeError, TypeError) as e: raise SSHException(str(e)) else: raise SSHException('unknown private key format.') if not isinstance(key, ec.EllipticCurvePrivateKey): raise SSHException("Invalid key type") self.signing_key = key self.verifying_key = key.public_key() curve_class = key.curve.__class__ self.ecdsa_curve = self._ECDSA_CURVES.get_by_curve_class(curve_class)
def __init__(self, msg=None, data=None, filename=None, password=None, key=None, file_obj=None): self.key = None if file_obj is not None: self._from_private_key(file_obj, password) return if filename is not None: self._from_private_key_file(filename, password) return if (msg is None) and (data is not None): msg = Message(data) if key is not None: self.key = key else: if msg is None: raise SSHException('Key object may not be empty') if msg.get_text() != 'ssh-rsa': raise SSHException('Invalid key') self.key = rsa.RSAPublicNumbers(e=msg.get_mpint(), n=msg.get_mpint()).public_key( default_backend())
def _decode_key(self, data): pkformat, data = data if pkformat == self._PRIVATE_KEY_FORMAT_ORIGINAL: try: key = serialization.load_der_private_key( data, password=None, backend=default_backend()) except (ValueError, AssertionError) as e: raise SSHException(str(e)) elif pkformat == self._PRIVATE_KEY_FORMAT_OPENSSH: try: msg = Message(data) curve_name = msg.get_text() verkey = msg.get_binary() # noqa: F841 sigkey = msg.get_mpint() name = "ecdsa-sha2-" + curve_name curve = self._ECDSA_CURVES.get_by_key_format_identifier(name) if not curve: raise SSHException("Invalid key curve identifier") key = ec.derive_private_key(sigkey, curve.curve_class(), default_backend()) except Exception as e: # PKey._read_private_key_openssh() should check or return # keytype - parsing could fail for any reason due to wrong type raise SSHException(str(e)) else: self._got_bad_key_format_id(pkformat) self.signing_key = key self.verifying_key = key.public_key() curve_class = key.curve.__class__ self.ecdsa_curve = self._ECDSA_CURVES.get_by_curve_class(curve_class)
def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None): self.n = None self.e = None self.d = None self.p = None self.q = None if file_obj is not None: self._from_private_key(file_obj, password) return if filename is not None: self._from_private_key_file(filename, password) return if (msg is None) and (data is not None): msg = Message(data) if vals is not None: self.e, self.n = vals else: if msg is None: raise SSHException('Key object may not be empty') if msg.get_string() != 'ssh-rsa': raise SSHException('Invalid key') self.e = msg.get_mpint() self.n = msg.get_mpint() self.size = util.bit_length(self.n)
def test_4_misc(self): msg = Message(self.__d) self.assertEquals(msg.get_int(), 5) self.assertEquals(msg.get_mpint(), 0x1122334455) self.assertEquals(msg.get_so_far(), self.__d[:13]) self.assertEquals(msg.get_remainder(), self.__d[13:]) msg.rewind() self.assertEquals(msg.get_int(), 5) self.assertEquals(msg.get_so_far(), self.__d[:4]) self.assertEquals(msg.get_remainder(), self.__d[4:])
def test_4_misc(self): msg = Message(self.__d) self.assertEquals(msg.get_int(), 5) self.assertEquals(msg.get_mpint(), 0x1122334455L) self.assertEquals(msg.get_so_far(), self.__d[:13]) self.assertEquals(msg.get_remainder(), self.__d[13:]) msg.rewind() self.assertEquals(msg.get_int(), 5) self.assertEquals(msg.get_so_far(), self.__d[:4]) self.assertEquals(msg.get_remainder(), self.__d[4:])
def ecdsa_sig_from_agent_signed_response(response): msg = Message(response) algo = msg.get_text() sig = msg.get_binary() sig_msg = Message(sig) r = sig_msg.get_mpint() s = sig_msg.get_mpint() signature = encode_dss_signature(r, s) return signature
def __init__(self, msg=None, data=None, filename=None, password=None, key=None, file_obj=None): self.key = None if file_obj is not None: self._from_private_key(file_obj, password) return if filename is not None: self._from_private_key_file(filename, password) return if (msg is None) and (data is not None): msg = Message(data) if key is not None: self.key = key else: if msg is None: raise SSHException('Key object may not be empty') if msg.get_text() != 'ssh-rsa': raise SSHException('Invalid key') self.key = rsa.RSAPublicNumbers( e=msg.get_mpint(), n=msg.get_mpint() ).public_key(default_backend())
def test_2_decode(self): msg = Message(self.__a) self.assertEquals(msg.get_int(), 23) self.assertEquals(msg.get_int(), 123789456) self.assertEquals(msg.get_string(), 'q') self.assertEquals(msg.get_string(), 'hello') self.assertEquals(msg.get_string(), 'x' * 1000) msg = Message(self.__b) self.assertEquals(msg.get_boolean(), True) self.assertEquals(msg.get_boolean(), False) self.assertEquals(msg.get_byte(), '\xf3') self.assertEquals(msg.get_bytes(2), '\x00\x3f') self.assertEquals(msg.get_list(), ['huey', 'dewey', 'louie']) msg = Message(self.__c) self.assertEquals(msg.get_int64(), 5) self.assertEquals(msg.get_int64(), 0xf5e4d3c2b109L) self.assertEquals(msg.get_mpint(), 17) self.assertEquals(msg.get_mpint(), 0xf5e4d3c2b109L) self.assertEquals(msg.get_mpint(), -0x65e4d3c2b109L)
def test_decode(self): msg = Message(self.__a) self.assertEqual(msg.get_int(), 23) self.assertEqual(msg.get_int(), 123789456) self.assertEqual(msg.get_text(), 'q') self.assertEqual(msg.get_text(), 'hello') self.assertEqual(msg.get_text(), 'x' * 1000) msg = Message(self.__b) self.assertEqual(msg.get_boolean(), True) self.assertEqual(msg.get_boolean(), False) self.assertEqual(msg.get_byte(), byte_chr(0xf3)) self.assertEqual(msg.get_bytes(2), zero_byte + byte_chr(0x3f)) self.assertEqual(msg.get_list(), ['huey', 'dewey', 'louie']) msg = Message(self.__c) self.assertEqual(msg.get_int64(), 5) self.assertEqual(msg.get_int64(), 0xf5e4d3c2b109) self.assertEqual(msg.get_mpint(), 17) self.assertEqual(msg.get_mpint(), 0xf5e4d3c2b109) self.assertEqual(msg.get_mpint(), -0x65e4d3c2b109)
def test_2_decode(self): msg = Message(self.__a) self.assertEqual(msg.get_int(), 23) self.assertEqual(msg.get_int(), 123789456) self.assertEqual(msg.get_text(), "q") self.assertEqual(msg.get_text(), "hello") self.assertEqual(msg.get_text(), "x" * 1000) msg = Message(self.__b) self.assertEqual(msg.get_boolean(), True) self.assertEqual(msg.get_boolean(), False) self.assertEqual(msg.get_byte(), byte_chr(0xf3)) self.assertEqual(msg.get_bytes(2), zero_byte + byte_chr(0x3f)) self.assertEqual(msg.get_list(), ["huey", "dewey", "louie"]) msg = Message(self.__c) self.assertEqual(msg.get_int64(), 5) self.assertEqual(msg.get_int64(), 0xf5e4d3c2b109) self.assertEqual(msg.get_mpint(), 17) self.assertEqual(msg.get_mpint(), 0xf5e4d3c2b109) self.assertEqual(msg.get_mpint(), -0x65e4d3c2b109)
def test_2_decode(self): msg = Message(self.__a) self.assertEquals(msg.get_int(), 23) self.assertEquals(msg.get_int(), 123789456) self.assertEquals(msg.get_string(), "q") self.assertEquals(msg.get_string(), "hello") self.assertEquals(msg.get_string(), "x" * 1000) msg = Message(self.__b) self.assertEquals(msg.get_boolean(), True) self.assertEquals(msg.get_boolean(), False) self.assertEquals(msg.get_byte(), "\xf3") self.assertEquals(msg.get_bytes(2), "\x00\x3f") self.assertEquals(msg.get_list(), ["huey", "dewey", "louie"]) msg = Message(self.__c) self.assertEquals(msg.get_int64(), 5) self.assertEquals(msg.get_int64(), 0xF5E4D3C2B109L) self.assertEquals(msg.get_mpint(), 17) self.assertEquals(msg.get_mpint(), 0xF5E4D3C2B109L) self.assertEquals(msg.get_mpint(), -0x65E4D3C2B109L)
def test_2_decode(self): msg = Message(self.__a) self.assertEqual(msg.get_int(), 23) self.assertEqual(msg.get_int(), 123789456) self.assertEqual(msg.get_text(), 'q') self.assertEqual(msg.get_text(), 'hello') self.assertEqual(msg.get_text(), 'x' * 1000) msg = Message(self.__b) self.assertEqual(msg.get_boolean(), True) self.assertEqual(msg.get_boolean(), False) self.assertEqual(msg.get_byte(), byte_chr(0xf3)) self.assertEqual(msg.get_bytes(2), zero_byte + byte_chr(0x3f)) self.assertEqual(msg.get_list(), ['huey', 'dewey', 'louie']) msg = Message(self.__c) self.assertEqual(msg.get_int64(), 5) self.assertEqual(msg.get_int64(), 0xf5e4d3c2b109) self.assertEqual(msg.get_mpint(), 17) self.assertEqual(msg.get_mpint(), 0xf5e4d3c2b109) self.assertEqual(msg.get_mpint(), -0x65e4d3c2b109)
def test_2_decode(self): msg = Message(self.__a) self.assertEquals(msg.get_int(), 23) self.assertEquals(msg.get_int(), 123789456) self.assertEquals(msg.get_string(), b'q') self.assertEquals(msg.get_string(), b'hello') self.assertEquals(msg.get_string(), b'x' * 1000) msg = Message(self.__b) self.assertEquals(msg.get_boolean(), True) self.assertEquals(msg.get_boolean(), False) self.assertEquals(msg.get_byte(), b'\xf3') self.assertEquals(msg.get_bytes(2), b'\x00\x3f') self.assertEquals(msg.get_list(), [b'huey', b'dewey', b'louie']) msg = Message(self.__c) self.assertEquals(msg.get_int64(), 5) self.assertEquals(msg.get_int64(), 0xf5e4d3c2b109) self.assertEquals(msg.get_mpint(), 17) self.assertEquals(msg.get_mpint(), 0xf5e4d3c2b109) self.assertEquals(msg.get_mpint(), -0x65e4d3c2b109)
def __init__(self, msg=None, data=None, filename=None, password=None, key=None, file_obj=None): self.key = None self.public_blob = None if file_obj is not None: self._from_private_key(file_obj, password) return if filename is not None: self._from_private_key_file(filename, password) return if (msg is None) and (data is not None): msg = Message(data) if key is not None: self.key = key else: self._check_type_and_load_cert( msg=msg, key_type='ssh-rsa', cert_type='*****@*****.**', ) self.key = rsa.RSAPublicNumbers( e=msg.get_mpint(), n=msg.get_mpint() ).public_key(default_backend())
def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None): self.n = None self.e = None self.d = None self.p = None self.q = None if file_obj is not None: self._from_private_key(file_obj, password) return if filename is not None: self._from_private_key_file(filename, password) return if (msg is None) and (data is not None): msg = Message(data) if vals is not None: self.e, self.n = vals else: if msg is None: raise SSHException("Key object may not be empty") if msg.get_text() != "ssh-rsa": raise SSHException("Invalid key") self.e = msg.get_mpint() self.n = msg.get_mpint() self.size = util.bit_length(self.n)
def __init__(self, msg=None, data=None, privkey_filename=None, cert_filename=None, password=None, privkey_file_obj=None, cert_file_obj=None): self.nonce = None self.key = None self.serial = None self.type = None self.key_id = None self.valid_principals = None self.valid_after = None self.valid_before = None self.critical_options = None self.extensions = None self.reserved = None self.signature_key = None self.signature = None self.d = None self.p = None self.q = None if cert_filename is not None: msg = self._load_cert_from_file(cert_filename) elif cert_file_obj is not None: msg = self._load_cert(cert_file_obj) elif cert_filename is None and cert_file_obj is None and data is None: raise SSHException('Either a data object or a certificate file must be given') if privkey_file_obj is not None: self._from_private_key(privkey_file_obj, password) elif privkey_filename is not None: self._from_private_key_file(privkey_filename, password) if (msg is None) and (data is not None): msg = Message(data) if msg is None: raise SSHException('Key object may not be empty') if msg.get_text() != '*****@*****.**': raise SSHException('Invalid key') self.nonce = msg.get_string() e = msg.get_mpint() n = msg.get_mpint() # Key might've been set by a private key file. If not, set it from the # cert if self.key is None: self.key = rsa.RSAPublicNumbers(e=e, n=n).public_key( default_backend()) self.serial = msg.get_int64() self.type = msg.get_int() self.key_id = msg.get_string() self.valid_principals = msg.get_string() self.valid_after = msg.get_int64() self.valid_before = msg.get_int64() self.critical_options = msg.get_string() self.extensions = msg.get_string() self.reserved = msg.get_string() self.signature_key = msg.get_string() self.signature = msg.get_string()
def _sigdecode(self, sig, order): msg = Message(sig) r = msg.get_mpint() s = msg.get_mpint() return r, s