Esempio n. 1
0
 def verify_ssh_sig(self, key_data, sig_msg):
     i, v = sshtype.parseString(sig_msg)
     if v != 'ssh-rsa':
         log.warning("Not an ssh-rsa signature!")
         return False
     if log.isEnabledFor(logging.DEBUG):
         log.debug("l[{}][{}]".format(i, len(sig_msg)))
     sig = util.inflate_long(sshtype.parseBinary(sig_msg[i:])[1], True)
     # verify the signature by SHA'ing the key_data and encrypting it using the
     # public key.  some wackiness ensues where we "pkcs1imify" the 20-byte
     # hash into a string as long as the RSA key.
     if log.isEnabledFor(logging.DEBUG):
         log.debug("sig=[{}].".format(sig))
     hash_obj = util.inflate_long(self._pkcs1imify(sha1(key_data).digest()), True)
     rsa = self._public_key()
     return rsa.verify(hash_obj, (sig, ))
Esempio n. 2
0
 def verify_ssh_sig(self, key_data, sig_msg):
     i, v = sshtype.parseString(sig_msg)
     if v != "ssh-rsa":
         log.warning("Not an ssh-rsa signature!")
         return False
     if log.isEnabledFor(logging.DEBUG):
         log.debug("l[{}][{}]".format(i, len(sig_msg)))
     sig = util.inflate_long(sshtype.parseBinary(sig_msg[i:])[1], True)
     # verify the signature by SHA'ing the key_data and encrypting it using the
     # public key.  some wackiness ensues where we "pkcs1imify" the 20-byte
     # hash into a string as long as the RSA key.
     if log.isEnabledFor(logging.DEBUG):
         log.debug("sig=[{}].".format(sig))
     hash_obj = util.inflate_long(self._pkcs1imify(sha1(key_data).digest()), True)
     rsa = self._public_key()
     return rsa.verify(hash_obj, (sig,))
Esempio n. 3
0
    def verify_ssh_sig(self, data, msg):
        if len(msg.asbytes()) == 40:
            # spies.com bug: signature has no header
            sig = msg.asbytes()
        else:
            kind = msg.get_text()
            if kind != 'ssh-dss':
                return 0
            sig = msg.get_binary()

        # pull out (r, s) which are NOT encoded as mpints
        sigR = util.inflate_long(sig[:20], 1)
        sigS = util.inflate_long(sig[20:], 1)
        sigM = util.inflate_long(sha1(data).digest(), 1)

        dss = DSA.construct((int(self.y), int(self.g), int(self.p), int(self.q)))
        return dss.verify(sigM, (sigR, sigS))
Esempio n. 4
0
    def verify_ssh_sig(self, data, msg):
        if len(msg.asbytes()) == 40:
            # spies.com bug: signature has no header
            sig = msg.asbytes()
        else:
            kind = msg.get_text()
            if kind != 'ssh-dss':
                return 0
            sig = msg.get_binary()

        # pull out (r, s) which are NOT encoded as mpints
        sigR = util.inflate_long(sig[:20], 1)
        sigS = util.inflate_long(sig[20:], 1)
        sigM = util.inflate_long(sha1(data).digest(), 1)

        dss = DSA.construct(
            (int(self.y), int(self.g), int(self.p), int(self.q)))
        return dss.verify(sigM, (sigR, sigS))
Esempio n. 5
0
 def sign_ssh_data(self, data):
     digest = sha1(data).digest()
     dss = DSA.construct((int(self.y), int(self.g), int(self.p), int(self.q), int(self.x)))
     # generate a suitable k
     qsize = len(util.deflate_long(self.q, 0))
     while True:
         k = util.inflate_long(os.urandom(qsize), 1)
         if (k > 2) and (k < self.q):
             break
     r, s = dss.sign(util.inflate_long(digest, 1), k)
     m = bytearray()
     m += sshtype.encodeString("ssh-dss")
     # apparently, in rare cases, r or s may be shorter than 20 bytes!
     rstr = util.deflate_long(r, 0)
     sstr = util.deflate_long(s, 0)
     if len(rstr) < 20:
         rstr = zero_byte * (20 - len(rstr)) + rstr
     if len(sstr) < 20:
         sstr = zero_byte * (20 - len(sstr)) + sstr
     m += sshtype.encodeBinary(rstr + sstr)
     return m
Esempio n. 6
0
def parse_mpint_from(buf, i):
    length = struct.unpack_from(">L", buf, i)[0]

    if log.isEnabledFor(logging.DEBUG):
        log.debug("length={}".format(length))

    start = i + 4
    end = start + length

    value = putil.inflate_long(buf[start:end])

    return end, value
Esempio n. 7
0
def parse_mpint_from(buf, i):
    length = struct.unpack_from(">L", buf, i)[0]

    if log.isEnabledFor(logging.DEBUG):
        log.debug("length={}".format(length))

    start = i + 4
    end = start + length

    value = putil.inflate_long(buf[start:end])

    return end, value
Esempio n. 8
0
 def _generate_x(self):
     # generate an "x" (1 < x < q), where q is (p-1)/2.
     # p is a 256-byte (2048-bit) number, where the first ?? bits are 1. 
     # therefore ?? q can be approximated as a 2^2047.  we drop the subset of
     # potential x where the first 63 bits are 1, because some of those will be
     # larger than q (but this is a tiny tiny subset of potential x).
     while 1:
         x_bytes = os.urandom(256)
         x_bytes = byte_mask(x_bytes[0], 0x7f) + x_bytes[1:]
         if (x_bytes[:8] != b7fffffffffffffff and
                 x_bytes[:8] != b0000000000000000):
             break
     self.x = putil.inflate_long(x_bytes)
Esempio n. 9
0
 def sign_ssh_data(self, data):
     digest = sha1(data).digest()
     dss = DSA.construct(
         (int(self.y), int(self.g), int(self.p), int(self.q), int(self.x)))
     # generate a suitable k
     qsize = len(util.deflate_long(self.q, 0))
     while True:
         k = util.inflate_long(os.urandom(qsize), 1)
         if (k > 2) and (k < self.q):
             break
     r, s = dss.sign(util.inflate_long(digest, 1), k)
     m = bytearray()
     m += sshtype.encodeString("ssh-dss")
     # apparently, in rare cases, r or s may be shorter than 20 bytes!
     rstr = util.deflate_long(r, 0)
     sstr = util.deflate_long(s, 0)
     if len(rstr) < 20:
         rstr = zero_byte * (20 - len(rstr)) + rstr
     if len(sstr) < 20:
         sstr = zero_byte * (20 - len(sstr)) + sstr
     m += sshtype.encodeBinary(rstr + sstr)
     return m
Esempio n. 10
0
def parseMpint(buf):
    length = struct.unpack(">L", buf[0:4])[0]
    if log.isEnabledFor(logging.DEBUG):
        log.debug("length={}".format(length))
    return length + 4, putil.inflate_long(buf[4:4 + length])
Esempio n. 11
0
def parseMpint(buf):
    length = struct.unpack(">L", buf[0:4])[0]
    if log.isEnabledFor(logging.DEBUG):
        log.debug("length={}".format(length))
    return length + 4, putil.inflate_long(buf[4:4+length])