def __init__(self, msg=None, data=None, filename=None, password=None,
vals=None, file_obj=None):
self.p = None
self.q = None
self.g = None
self.y = None
self.x = None
self.public_blob = None
if file_obj is not None:
self._from_private_key(file_obj, password)
return
if filename is not None:
self._from_private_key_file(filename, password)
return
if (msg is None) and (data is not None):
msg = Message(data)
if vals is not None:
self.p, self.q, self.g, self.y = vals
else:
self._check_type_and_load_cert(
msg=msg,
key_type='ssh-dss',
cert_type='*****@*****.**',
)
self.p = msg.get_mpint()
self.q = msg.get_mpint()
self.g = msg.get_mpint()
self.y = msg.get_mpint()
self.size = util.bit_length(self.p)
def _decode_key(self, data):
pkformat, data = data
if pkformat == self.FORMAT_ORIGINAL:
try:
key = serialization.load_der_private_key(
data, password=None, backend=default_backend())
except ValueError as e:
raise SSHException(str(e))
elif pkformat == self.FORMAT_OPENSSH:
msg = Message(data)
n = msg.get_mpint()
e = msg.get_mpint()
d = msg.get_mpint()
iqmp = msg.get_mpint()
p = msg.get_mpint()
q = msg.get_mpint()
public_numbers = rsa.RSAPublicNumbers(e=e, n=n)
key = rsa.RSAPrivateNumbers(
p=p,
q=q,
d=d,
dmp1=d % (p - 1),
dmq1=d % (q - 1),
iqmp=iqmp,
public_numbers=public_numbers,
).private_key(default_backend())
else:
raise SSHException('unknown private key format.')
if not isinstance(key, rsa.RSAPrivateKey):
raise SSHException("Invalid key type")
self.key = key
def __init__(self,
msg=None,
data=None,
filename=None,
password=None,
vals=None,
file_obj=None):
self.p = None
self.q = None
self.g = None
self.y = None
self.x = None
if file_obj is not None:
self._from_private_key(file_obj, password)
return
if filename is not None:
self._from_private_key_file(filename, password)
return
if (msg is None) and (data is not None):
msg = Message(data)
if vals is not None:
self.p, self.q, self.g, self.y = vals
else:
if msg is None:
raise SSHException('Key object may not be empty')
if msg.get_text() != 'ssh-dss':
raise SSHException('Invalid key')
self.p = msg.get_mpint()
self.q = msg.get_mpint()
self.g = msg.get_mpint()
self.y = msg.get_mpint()
self.size = paramiko.util.bit_length(self.p)
def __init__(
self,
msg=None,
data=None,
filename=None,
password=None,
key=None,
file_obj=None,
):
self.key = None
self.public_blob = None
if file_obj is not None:
self._from_private_key(file_obj, password)
return
if filename is not None:
self._from_private_key_file(filename, password)
return
if (msg is None) and (data is not None):
msg = Message(data)
if key is not None:
self.key = key
else:
self._check_type_and_load_cert(
msg=msg,
key_type="ssh-rsa",
cert_type="*****@*****.**",
)
self.key = rsa.RSAPublicNumbers(
e=msg.get_mpint(), n=msg.get_mpint()
).public_key(default_backend())
def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None):
self.p = None
self.q = None
self.g = None
self.y = None
self.x = None
if file_obj is not None:
self._from_private_key(file_obj, password)
return
if filename is not None:
self._from_private_key_file(filename, password)
return
if (msg is None) and (data is not None):
msg = Message(data)
if vals is not None:
self.p, self.q, self.g, self.y = vals
else:
if msg is None:
raise SSHException('Key object may not be empty')
if msg.get_text() != 'ssh-dss':
raise SSHException('Invalid key')
self.p = msg.get_mpint()
self.q = msg.get_mpint()
self.g = msg.get_mpint()
self.y = msg.get_mpint()
self.size = util.bit_length(self.p)
def __init__(self,
msg=None,
data=None,
filename=None,
password=None,
vals=None,
file_obj=None):
self.p = None
self.q = None
self.g = None
self.y = None
self.x = None
self.public_blob = None
if file_obj is not None:
self._from_private_key(file_obj, password)
return
if filename is not None:
self._from_private_key_file(filename, password)
return
if (msg is None) and (data is not None):
msg = Message(data)
if vals is not None:
self.p, self.q, self.g, self.y = vals
else:
self._check_type_and_load_cert(
msg=msg,
key_type='ssh-dss',
cert_type='*****@*****.**',
)
self.p = msg.get_mpint()
self.q = msg.get_mpint()
self.g = msg.get_mpint()
self.y = msg.get_mpint()
self.size = util.bit_length(self.p)
def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None, filecontent=None):
self.n = None
self.e = None
self.d = None
self.p = None
self.q = None
if file_obj is not None:
self._from_private_key(file_obj, password)
return
if filename is not None:
self._from_private_key_file(filename, password)
return
if filecontent is not None:
self._decode_key(base64.decodestring(filecontent))
return
if (msg is None) and (data is not None):
msg = Message(data)
if vals is not None:
self.e, self.n = vals
else:
if msg is None:
raise SSHException('Key object may not be empty')
if msg.get_string() != 'ssh-rsa':
raise SSHException('Invalid key')
self.e = msg.get_mpint()
self.n = msg.get_mpint()
self.size = util.bit_length(self.n)
def __init__(
self,
msg=None,
data=None,
filename=None,
password=None,
key=None,
file_obj=None,
):
self.key = None
self.public_blob = None
if file_obj is not None:
self._from_private_key(file_obj, password)
return
if filename is not None:
self._from_private_key_file(filename, password)
return
if (msg is None) and (data is not None):
msg = Message(data)
if key is not None:
self.key = key
else:
self._check_type_and_load_cert(
msg=msg,
# NOTE: this does NOT change when using rsa2 signatures; it's
# purely about key loading, not exchange or verification
key_type="ssh-rsa",
cert_type="*****@*****.**",
)
self.key = rsa.RSAPublicNumbers(e=msg.get_mpint(),
n=msg.get_mpint()).public_key(
default_backend())
def _decode_key(self, data):
pkformat, data = data
# private key file contains:
# DSAPrivateKey = { version = 0, p, q, g, y, x }
if pkformat == self.FORMAT_ORIGINAL:
try:
keylist = BER(data).decode()
except BERException as e:
raise SSHException("Unable to parse key file: " + str(e))
elif pkformat == self.FORMAT_OPENSSH:
msg = Message(data)
keylist = [0] + [msg.get_mpint() for _ in range(5)]
else:
raise SSHException('private key format.')
if type(keylist) is not list or len(keylist) < 6 or keylist[0] != 0:
raise SSHException(
'not a valid DSA private key file (bad ber encoding)')
self.p = keylist[1]
self.q = keylist[2]
self.g = keylist[3]
self.y = keylist[4]
self.x = keylist[5]
self.size = util.bit_length(self.p)
def _decode_key(self, _raw):
pkformat, data = _raw
if pkformat == self.FORMAT_ORIGINAL:
try:
key = serialization.load_der_private_key(
data, password=None, backend=default_backend()
)
except (ValueError, TypeError, AssertionError, UnsupportedAlgorithm) as e:
raise SSHException(str(e))
elif pkformat == self.FORMAT_OPENSSH:
msg = Message(data)
curve_name = msg.get_text()
verkey = msg.get_binary() # noqa: F841
sigkey = msg.get_mpint()
curve = self._ECDSA_CURVES.get_by_key_format_identifier("ecdsa-sha2-" + curve_name)
if not curve:
raise SSHException("Invalid key curve identifier")
try:
key = ec.derive_private_key(sigkey, curve.curve_class(), default_backend())
except (AttributeError, TypeError) as e:
raise SSHException(str(e))
else:
raise SSHException('unknown private key format.')
if not isinstance(key, ec.EllipticCurvePrivateKey):
raise SSHException("Invalid key type")
self.signing_key = key
self.verifying_key = key.public_key()
curve_class = key.curve.__class__
self.ecdsa_curve = self._ECDSA_CURVES.get_by_curve_class(curve_class)
def __init__(self,
msg=None,
data=None,
filename=None,
password=None,
key=None,
file_obj=None):
self.key = None
if file_obj is not None:
self._from_private_key(file_obj, password)
return
if filename is not None:
self._from_private_key_file(filename, password)
return
if (msg is None) and (data is not None):
msg = Message(data)
if key is not None:
self.key = key
else:
if msg is None:
raise SSHException('Key object may not be empty')
if msg.get_text() != 'ssh-rsa':
raise SSHException('Invalid key')
self.key = rsa.RSAPublicNumbers(e=msg.get_mpint(),
n=msg.get_mpint()).public_key(
default_backend())
def _decode_key(self, data):
pkformat, data = data
if pkformat == self._PRIVATE_KEY_FORMAT_ORIGINAL:
try:
key = serialization.load_der_private_key(
data, password=None, backend=default_backend())
except (ValueError, AssertionError) as e:
raise SSHException(str(e))
elif pkformat == self._PRIVATE_KEY_FORMAT_OPENSSH:
try:
msg = Message(data)
curve_name = msg.get_text()
verkey = msg.get_binary() # noqa: F841
sigkey = msg.get_mpint()
name = "ecdsa-sha2-" + curve_name
curve = self._ECDSA_CURVES.get_by_key_format_identifier(name)
if not curve:
raise SSHException("Invalid key curve identifier")
key = ec.derive_private_key(sigkey, curve.curve_class(),
default_backend())
except Exception as e:
# PKey._read_private_key_openssh() should check or return
# keytype - parsing could fail for any reason due to wrong type
raise SSHException(str(e))
else:
self._got_bad_key_format_id(pkformat)
self.signing_key = key
self.verifying_key = key.public_key()
curve_class = key.curve.__class__
self.ecdsa_curve = self._ECDSA_CURVES.get_by_curve_class(curve_class)
def __init__(self,
msg=None,
data=None,
filename=None,
password=None,
vals=None,
file_obj=None):
self.n = None
self.e = None
self.d = None
self.p = None
self.q = None
if file_obj is not None:
self._from_private_key(file_obj, password)
return
if filename is not None:
self._from_private_key_file(filename, password)
return
if (msg is None) and (data is not None):
msg = Message(data)
if vals is not None:
self.e, self.n = vals
else:
if msg is None:
raise SSHException('Key object may not be empty')
if msg.get_string() != 'ssh-rsa':
raise SSHException('Invalid key')
self.e = msg.get_mpint()
self.n = msg.get_mpint()
self.size = util.bit_length(self.n)
def test_4_misc(self):
msg = Message(self.__d)
self.assertEquals(msg.get_int(), 5)
self.assertEquals(msg.get_mpint(), 0x1122334455)
self.assertEquals(msg.get_so_far(), self.__d[:13])
self.assertEquals(msg.get_remainder(), self.__d[13:])
msg.rewind()
self.assertEquals(msg.get_int(), 5)
self.assertEquals(msg.get_so_far(), self.__d[:4])
self.assertEquals(msg.get_remainder(), self.__d[4:])
def test_4_misc(self):
msg = Message(self.__d)
self.assertEquals(msg.get_int(), 5)
self.assertEquals(msg.get_mpint(), 0x1122334455L)
self.assertEquals(msg.get_so_far(), self.__d[:13])
self.assertEquals(msg.get_remainder(), self.__d[13:])
msg.rewind()
self.assertEquals(msg.get_int(), 5)
self.assertEquals(msg.get_so_far(), self.__d[:4])
self.assertEquals(msg.get_remainder(), self.__d[4:])
def ecdsa_sig_from_agent_signed_response(response):
msg = Message(response)
algo = msg.get_text()
sig = msg.get_binary()
sig_msg = Message(sig)
r = sig_msg.get_mpint()
s = sig_msg.get_mpint()
signature = encode_dss_signature(r, s)
return signature
def __init__(self, msg=None, data=None, filename=None, password=None, key=None, file_obj=None):
self.key = None
if file_obj is not None:
self._from_private_key(file_obj, password)
return
if filename is not None:
self._from_private_key_file(filename, password)
return
if (msg is None) and (data is not None):
msg = Message(data)
if key is not None:
self.key = key
else:
if msg is None:
raise SSHException('Key object may not be empty')
if msg.get_text() != 'ssh-rsa':
raise SSHException('Invalid key')
self.key = rsa.RSAPublicNumbers(
e=msg.get_mpint(), n=msg.get_mpint()
).public_key(default_backend())
def ecdsa_sig_from_agent_signed_response(response):
msg = Message(response)
algo = msg.get_text()
sig = msg.get_binary()
sig_msg = Message(sig)
r = sig_msg.get_mpint()
s = sig_msg.get_mpint()
signature = encode_dss_signature(r, s)
return signature
def test_2_decode(self):
msg = Message(self.__a)
self.assertEquals(msg.get_int(), 23)
self.assertEquals(msg.get_int(), 123789456)
self.assertEquals(msg.get_string(), 'q')
self.assertEquals(msg.get_string(), 'hello')
self.assertEquals(msg.get_string(), 'x' * 1000)
msg = Message(self.__b)
self.assertEquals(msg.get_boolean(), True)
self.assertEquals(msg.get_boolean(), False)
self.assertEquals(msg.get_byte(), '\xf3')
self.assertEquals(msg.get_bytes(2), '\x00\x3f')
self.assertEquals(msg.get_list(), ['huey', 'dewey', 'louie'])
msg = Message(self.__c)
self.assertEquals(msg.get_int64(), 5)
self.assertEquals(msg.get_int64(), 0xf5e4d3c2b109L)
self.assertEquals(msg.get_mpint(), 17)
self.assertEquals(msg.get_mpint(), 0xf5e4d3c2b109L)
self.assertEquals(msg.get_mpint(), -0x65e4d3c2b109L)
def test_decode(self):
msg = Message(self.__a)
self.assertEqual(msg.get_int(), 23)
self.assertEqual(msg.get_int(), 123789456)
self.assertEqual(msg.get_text(), 'q')
self.assertEqual(msg.get_text(), 'hello')
self.assertEqual(msg.get_text(), 'x' * 1000)
msg = Message(self.__b)
self.assertEqual(msg.get_boolean(), True)
self.assertEqual(msg.get_boolean(), False)
self.assertEqual(msg.get_byte(), byte_chr(0xf3))
self.assertEqual(msg.get_bytes(2), zero_byte + byte_chr(0x3f))
self.assertEqual(msg.get_list(), ['huey', 'dewey', 'louie'])
msg = Message(self.__c)
self.assertEqual(msg.get_int64(), 5)
self.assertEqual(msg.get_int64(), 0xf5e4d3c2b109)
self.assertEqual(msg.get_mpint(), 17)
self.assertEqual(msg.get_mpint(), 0xf5e4d3c2b109)
self.assertEqual(msg.get_mpint(), -0x65e4d3c2b109)
def test_2_decode(self):
msg = Message(self.__a)
self.assertEqual(msg.get_int(), 23)
self.assertEqual(msg.get_int(), 123789456)
self.assertEqual(msg.get_text(), "q")
self.assertEqual(msg.get_text(), "hello")
self.assertEqual(msg.get_text(), "x" * 1000)
msg = Message(self.__b)
self.assertEqual(msg.get_boolean(), True)
self.assertEqual(msg.get_boolean(), False)
self.assertEqual(msg.get_byte(), byte_chr(0xf3))
self.assertEqual(msg.get_bytes(2), zero_byte + byte_chr(0x3f))
self.assertEqual(msg.get_list(), ["huey", "dewey", "louie"])
msg = Message(self.__c)
self.assertEqual(msg.get_int64(), 5)
self.assertEqual(msg.get_int64(), 0xf5e4d3c2b109)
self.assertEqual(msg.get_mpint(), 17)
self.assertEqual(msg.get_mpint(), 0xf5e4d3c2b109)
self.assertEqual(msg.get_mpint(), -0x65e4d3c2b109)
def test_2_decode(self):
msg = Message(self.__a)
self.assertEquals(msg.get_int(), 23)
self.assertEquals(msg.get_int(), 123789456)
self.assertEquals(msg.get_string(), "q")
self.assertEquals(msg.get_string(), "hello")
self.assertEquals(msg.get_string(), "x" * 1000)
msg = Message(self.__b)
self.assertEquals(msg.get_boolean(), True)
self.assertEquals(msg.get_boolean(), False)
self.assertEquals(msg.get_byte(), "\xf3")
self.assertEquals(msg.get_bytes(2), "\x00\x3f")
self.assertEquals(msg.get_list(), ["huey", "dewey", "louie"])
msg = Message(self.__c)
self.assertEquals(msg.get_int64(), 5)
self.assertEquals(msg.get_int64(), 0xF5E4D3C2B109L)
self.assertEquals(msg.get_mpint(), 17)
self.assertEquals(msg.get_mpint(), 0xF5E4D3C2B109L)
self.assertEquals(msg.get_mpint(), -0x65E4D3C2B109L)
def test_2_decode(self):
msg = Message(self.__a)
self.assertEqual(msg.get_int(), 23)
self.assertEqual(msg.get_int(), 123789456)
self.assertEqual(msg.get_text(), 'q')
self.assertEqual(msg.get_text(), 'hello')
self.assertEqual(msg.get_text(), 'x' * 1000)
msg = Message(self.__b)
self.assertEqual(msg.get_boolean(), True)
self.assertEqual(msg.get_boolean(), False)
self.assertEqual(msg.get_byte(), byte_chr(0xf3))
self.assertEqual(msg.get_bytes(2), zero_byte + byte_chr(0x3f))
self.assertEqual(msg.get_list(), ['huey', 'dewey', 'louie'])
msg = Message(self.__c)
self.assertEqual(msg.get_int64(), 5)
self.assertEqual(msg.get_int64(), 0xf5e4d3c2b109)
self.assertEqual(msg.get_mpint(), 17)
self.assertEqual(msg.get_mpint(), 0xf5e4d3c2b109)
self.assertEqual(msg.get_mpint(), -0x65e4d3c2b109)
def test_2_decode(self):
msg = Message(self.__a)
self.assertEquals(msg.get_int(), 23)
self.assertEquals(msg.get_int(), 123789456)
self.assertEquals(msg.get_string(), b'q')
self.assertEquals(msg.get_string(), b'hello')
self.assertEquals(msg.get_string(), b'x' * 1000)
msg = Message(self.__b)
self.assertEquals(msg.get_boolean(), True)
self.assertEquals(msg.get_boolean(), False)
self.assertEquals(msg.get_byte(), b'\xf3')
self.assertEquals(msg.get_bytes(2), b'\x00\x3f')
self.assertEquals(msg.get_list(), [b'huey', b'dewey', b'louie'])
msg = Message(self.__c)
self.assertEquals(msg.get_int64(), 5)
self.assertEquals(msg.get_int64(), 0xf5e4d3c2b109)
self.assertEquals(msg.get_mpint(), 17)
self.assertEquals(msg.get_mpint(), 0xf5e4d3c2b109)
self.assertEquals(msg.get_mpint(), -0x65e4d3c2b109)
def __init__(self, msg=None, data=None, filename=None, password=None,
key=None, file_obj=None):
self.key = None
self.public_blob = None
if file_obj is not None:
self._from_private_key(file_obj, password)
return
if filename is not None:
self._from_private_key_file(filename, password)
return
if (msg is None) and (data is not None):
msg = Message(data)
if key is not None:
self.key = key
else:
self._check_type_and_load_cert(
msg=msg,
key_type='ssh-rsa',
cert_type='*****@*****.**',
)
self.key = rsa.RSAPublicNumbers(
e=msg.get_mpint(), n=msg.get_mpint()
).public_key(default_backend())
def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None):
self.n = None
self.e = None
self.d = None
self.p = None
self.q = None
if file_obj is not None:
self._from_private_key(file_obj, password)
return
if filename is not None:
self._from_private_key_file(filename, password)
return
if (msg is None) and (data is not None):
msg = Message(data)
if vals is not None:
self.e, self.n = vals
else:
if msg is None:
raise SSHException("Key object may not be empty")
if msg.get_text() != "ssh-rsa":
raise SSHException("Invalid key")
self.e = msg.get_mpint()
self.n = msg.get_mpint()
self.size = util.bit_length(self.n)
def __init__(self, msg=None, data=None, privkey_filename=None,
cert_filename=None, password=None, privkey_file_obj=None,
cert_file_obj=None):
self.nonce = None
self.key = None
self.serial = None
self.type = None
self.key_id = None
self.valid_principals = None
self.valid_after = None
self.valid_before = None
self.critical_options = None
self.extensions = None
self.reserved = None
self.signature_key = None
self.signature = None
self.d = None
self.p = None
self.q = None
if cert_filename is not None:
msg = self._load_cert_from_file(cert_filename)
elif cert_file_obj is not None:
msg = self._load_cert(cert_file_obj)
elif cert_filename is None and cert_file_obj is None and data is None:
raise SSHException('Either a data object or a certificate file must be given')
if privkey_file_obj is not None:
self._from_private_key(privkey_file_obj, password)
elif privkey_filename is not None:
self._from_private_key_file(privkey_filename, password)
if (msg is None) and (data is not None):
msg = Message(data)
if msg is None:
raise SSHException('Key object may not be empty')
if msg.get_text() != '*****@*****.**':
raise SSHException('Invalid key')
self.nonce = msg.get_string()
e = msg.get_mpint()
n = msg.get_mpint()
# Key might've been set by a private key file. If not, set it from the
# cert
if self.key is None:
self.key = rsa.RSAPublicNumbers(e=e, n=n).public_key(
default_backend())
self.serial = msg.get_int64()
self.type = msg.get_int()
self.key_id = msg.get_string()
self.valid_principals = msg.get_string()
self.valid_after = msg.get_int64()
self.valid_before = msg.get_int64()
self.critical_options = msg.get_string()
self.extensions = msg.get_string()
self.reserved = msg.get_string()
self.signature_key = msg.get_string()
self.signature = msg.get_string()
def _sigdecode(self, sig, order):
msg = Message(sig)
r = msg.get_mpint()
s = msg.get_mpint()
return r, s
def _sigdecode(self, sig, order):
msg = Message(sig)
r = msg.get_mpint()
s = msg.get_mpint()
return r, s
