def enable_encryptor_by_pem_file(self, pem_pub_file, curve_name = 'secp256k1', strength = 128):
if not self.can_encryptor:
raise Exception("can not enable encryptor after a quest send")
if curve_name not in ['secp256k1', 'secp256r1', 'secp192r1', 'secp224r1']:
curve_name = 'secp256k1'
self.encryptor_curve = ec.SECP256K1()
if curve_name == 'secp256k1':
self.encryptor_curve = ec.SECP256K1()
elif curve_name == 'secp256r1':
self.encryptor_curve = ec.SECP256R1()
elif curve_name == 'secp192r1':
self.encryptor_curve = ec.SECP192R1()
else:
self.encryptor_curve = ec.SECP224R1()
if strength not in [128, 256]:
strength = 128
self.encryptor_strength = strength
pri_key = ec.generate_private_key(self.encryptor_curve, default_backend())
pub_key = pri_key.public_key()
peer_pub_key = load_pem_public_key(open(pem_pub_file, 'rb').read(), backend=default_backend())
secret = pri_key.exchange(ec.ECDH(), peer_pub_key)
self.encrypted_iv = hashlib.md5(secret).digest()
if strength == 128:
self.encrypted_key = secret[0:16]
else:
if len(secret) == 32:
self.encrypted_key = secret
else:
self.encrypted_key = hashlib.sha256(secret).digest()
self.encrypted_send_pub_key = utils.int_to_bytes(pub_key.public_numbers().x, 32) + utils.int_to_bytes(pub_key.public_numbers().y, 32)
def sanity_check_valid_session(self):
print('Establishing a valid session, and running sanity checks')
tube = pwnlib.tubes.remote.remote('127.0.0.1', self.port)
tube.recvuntil('== proof-of-work: ')
if tube.recvline().startswith(b'enabled'):
handle_pow(tube)
server_hello = read_message(tube, challenge_pb2.ServerHello)
server_key = proto2key(server_hello.key)
# Establish a normal session with a valid SECP224 point.
private_key = ec.generate_private_key(ec.SECP224R1())
client_hello = challenge_pb2.ClientHello()
client_hello.key.CopyFrom(key2proto(private_key.public_key()))
write_message(tube, client_hello)
shared_key = private_key.exchange(ec.ECDH(), server_key)
channel = AuthCipher(shared_key, CHANNEL_CIPHER_KDF_INFO,
CHANNEL_MAC_KDF_INFO)
msg = challenge_pb2.SessionMessage()
msg.encrypted_data.CopyFrom(channel.encrypt(IV, b'hello'))
write_message(tube, msg)
# Verify data is echoed back.
reply = read_message(tube, challenge_pb2.SessionMessage)
assert (len(reply.encrypted_data.data) > 0)
# Verify server authenticates message.
msg.encrypted_data.iv = b'\xff' + IV[1:]
write_message(tube, msg)
reply = read_message(tube, challenge_pb2.SessionMessage)
assert (len(reply.encrypted_data.data) == 0)
def savecustcert(request):
global size
global value
global algo
global check
global security
try:
algo = request.POST['algo']
except MultiValueDictKeyError:
algo = 'RSA'
try:
security = request.POST['security']
except MultiValueDictKeyError:
return HttpResponse('please select a security level from the list')
check = 'NA'
if (algo == 'ECC'):
if (security == 'Level 1'):
value = ec.SECP192R1()
elif (security == 'Level 2'):
value = ec.SECP224R1()
else:
value = ec.SECP256R1()
elif (algo == 'RSA'):
if (security == 'Level 1'):
size = 1024
elif (security == 'Level 2'):
size = 2048
else:
size = 3072
return HttpResponse('values set')
def run_session(port):
tube = pwnlib.tubes.remote.remote('127.0.0.1', port)
print(tube.recvuntil('== proof-of-work: '))
if tube.recvline().startswith(b'enabled'):
handle_pow()
server_hello = read_message(tube, challenge_pb2.ServerHello)
server_key = proto2key(server_hello.key)
print(server_hello)
private_key = ec.generate_private_key(ec.SECP224R1())
client_hello = challenge_pb2.ClientHello()
client_hello.key.CopyFrom(key2proto(private_key.public_key()))
print(client_hello)
write_message(tube, client_hello)
shared_key = private_key.exchange(ec.ECDH(), server_key)
print(shared_key)
channel = AuthCipher(shared_key, CHANNEL_CIPHER_KDF_INFO, CHANNEL_MAC_KDF_INFO)
msg = challenge_pb2.SessionMessage()
msg.encrypted_data.CopyFrom(channel.encrypt(IV, b'hello'))
write_message(tube, msg)
print('msg:', msg)
reply = read_message(tube, challenge_pb2.SessionMessage)
print('reply:', reply)
class Curve(Enum):
P224 = ec.SECP224R1()
P256 = ec.SECP256R1()
P384 = ec.SECP384R1()
P521 = ec.SECP521R1()
@staticmethod
def from_label(label: int):
label = bytes([label])
if Curve.P224.value == label:
return Curve.P224.name
elif Curve.P256.value == label:
return Curve.P256.name
elif Curve.P384.value == label:
return Curve.P384.name
elif Curve.P521.value == label:
return Curve.P521.name
else:
raise SDKException(ErrorCode.unknown_asymmetric_key_type)
@staticmethod
def from_str_curve(str_curve: str):
if not isinstance(str_curve, str):
raise SDKException(ErrorCode.require_str_params)
if str_curve == 'P224':
return Curve.P224
elif str_curve == 'P256':
return Curve.P256
elif str_curve == 'P384':
return Curve.P384
elif str_curve == 'P521':
return Curve.P521
else:
raise SDKException(ErrorCode.unknown_asymmetric_key_type)
def get_key_type_from_ec_curve(curve_name):
"""
Give an EC curve name, return the matching key_type.
:param: curve_name
:return: key_type
"""
_CURVE_TYPES = {
ec.SECP192R1().name: "ECCPRIME192V1",
ec.SECP256R1().name: "ECCPRIME256V1",
ec.SECP224R1().name: "ECCSECP224R1",
ec.SECP384R1().name: "ECCSECP384R1",
ec.SECP521R1().name: "ECCSECP521R1",
ec.SECP256K1().name: "ECCSECP256K1",
ec.SECT163K1().name: "ECCSECT163K1",
ec.SECT233K1().name: "ECCSECT233K1",
ec.SECT283K1().name: "ECCSECT283K1",
ec.SECT409K1().name: "ECCSECT409K1",
ec.SECT571K1().name: "ECCSECT571K1",
ec.SECT163R2().name: "ECCSECT163R2",
ec.SECT233R1().name: "ECCSECT233R1",
ec.SECT283R1().name: "ECCSECT283R1",
ec.SECT409R1().name: "ECCSECT409R1",
ec.SECT571R1().name: "ECCSECT571R2",
}
if curve_name in _CURVE_TYPES.keys():
return _CURVE_TYPES[curve_name]
else:
return None
def proto2key(key): assert(isinstance(key, challenge_pb2.EcdhKey)) assert(key.curve == challenge_pb2.EcdhKey.CurveID.SECP224R1) curve = ec.SECP224R1() x = int.from_bytes(key.public.x, 'big') y = int.from_bytes(key.public.y, 'big') public = ec.EllipticCurvePublicNumbers(x, y, curve) return ec.EllipticCurvePublicKey.from_encoded_point(curve, public.encode_point())
def build_csr(self):
if not self.private_key:
if self.key_type == KeyTypes.RSA:
self.private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=self.key_length,
backend=default_backend())
elif self.key_type == KeyTypes.ECDSA:
if self.key_curve == "P521":
curve = ec.SECP521R1()
elif self.key_curve == "P384":
curve = ec.SECP384R1()
elif self.key_curve == "P256":
curve = ec.SECP256R1()
elif self.key_curve == "P224":
curve = ec.SECP224R1()
else:
curve = ec.SECP521R1()
self.private_key = ec.generate_private_key(
curve, default_backend())
else:
raise ClientBadData
self.public_key_from_private()
csr_builder = x509.CertificateSigningRequestBuilder()
subject = [
x509.NameAttribute(
NameOID.COMMON_NAME,
self.common_name,
)
]
csr_builder = csr_builder.subject_name(x509.Name(subject))
alt_names = []
if self.ip_addresses:
for ip in self.ip_addresses:
alt_names.append(x509.IPAddress(ipaddress.IPv4Address(ip)))
if self.san_dns:
for ns in self.san_dns:
alt_names.append(x509.DNSName(ns))
if self.email_addresses:
for mail in self.email_addresses:
alt_names.append(x509.RFC822Name(mail))
csr_builder = csr_builder.add_extension(
x509.SubjectAlternativeName(alt_names),
critical=False,
)
csr_builder = csr_builder.sign(self.private_key, hashes.SHA256(),
default_backend())
self.csr = csr_builder.public_bytes(
serialization.Encoding.PEM).decode()
return
def generate_private_key(key_type):
"""
Generates a new private key based on key_type.
Valid key types: RSA2048, RSA4096', 'ECCPRIME192V1', 'ECCPRIME256V1', 'ECCSECP192R1',
'ECCSECP224R1', 'ECCSECP256R1', 'ECCSECP384R1', 'ECCSECP521R1', 'ECCSECP256K1',
'ECCSECT163K1', 'ECCSECT233K1', 'ECCSECT283K1', 'ECCSECT409K1', 'ECCSECT571K1',
'ECCSECT163R2', 'ECCSECT233R1', 'ECCSECT283R1', 'ECCSECT409R1', 'ECCSECT571R2'
:param key_type:
:return:
"""
_CURVE_TYPES = {
"ECCPRIME192V1": ec.SECP192R1(),
"ECCPRIME256V1": ec.SECP256R1(),
"ECCSECP192R1": ec.SECP192R1(),
"ECCSECP224R1": ec.SECP224R1(),
"ECCSECP256R1": ec.SECP256R1(),
"ECCSECP384R1": ec.SECP384R1(),
"ECCSECP521R1": ec.SECP521R1(),
"ECCSECP256K1": ec.SECP256K1(),
"ECCSECT163K1": ec.SECT163K1(),
"ECCSECT233K1": ec.SECT233K1(),
"ECCSECT283K1": ec.SECT283K1(),
"ECCSECT409K1": ec.SECT409K1(),
"ECCSECT571K1": ec.SECT571K1(),
"ECCSECT163R2": ec.SECT163R2(),
"ECCSECT233R1": ec.SECT233R1(),
"ECCSECT283R1": ec.SECT283R1(),
"ECCSECT409R1": ec.SECT409R1(),
"ECCSECT571R2": ec.SECT571R1(),
}
if key_type not in CERTIFICATE_KEY_TYPES:
raise Exception("Invalid key type: {key_type}. Supported key types: {choices}".format(
key_type=key_type,
choices=",".join(CERTIFICATE_KEY_TYPES)
))
if 'RSA' in key_type:
key_size = int(key_type[3:])
return rsa.generate_private_key(
public_exponent=65537,
key_size=key_size,
backend=default_backend()
)
elif 'ECC' in key_type:
return ec.generate_private_key(
curve=_CURVE_TYPES[key_type],
backend=default_backend()
)
def test_for_curve(self):
self.assertEqual(ALGORITHM.for_curve(ec.SECP224R1()), ALGORITHM.EC_P224)
self.assertEqual(ALGORITHM.for_curve(ec.SECP256R1()), ALGORITHM.EC_P256)
self.assertEqual(ALGORITHM.for_curve(ec.SECP384R1()), ALGORITHM.EC_P384)
self.assertEqual(ALGORITHM.for_curve(ec.SECP521R1()), ALGORITHM.EC_P521)
self.assertEqual(ALGORITHM.for_curve(ec.SECP256K1()), ALGORITHM.EC_K256)
self.assertEqual(ALGORITHM.for_curve(BRAINPOOLP256R1()),
ALGORITHM.EC_BP256)
self.assertEqual(ALGORITHM.for_curve(BRAINPOOLP384R1()),
ALGORITHM.EC_BP384)
self.assertEqual(ALGORITHM.for_curve(BRAINPOOLP512R1()),
ALGORITHM.EC_BP512)
def _curve_from_curve_id(cid: int) -> EllipticCurve:
if cid == TPM_ECC_NIST_P192:
return crypto_ec.SECP192R1()
if cid == TPM_ECC_NIST_P224:
return crypto_ec.SECP224R1()
if cid == TPM_ECC_NIST_P256:
return crypto_ec.SECP256R1()
if cid == TPM_ECC_NIST_P384:
return crypto_ec.SECP384R1()
if cid == TPM_ECC_NIST_P521:
return crypto_ec.SECP521R1()
raise ValueError(f"Invalid curve id {cid} requested")
def to_curve(self):
if self == TpmEccCurve.NONE:
raise ValueError("No such curve")
elif self == TpmEccCurve.NIST_P192:
return ec.SECP192R1()
elif self == TpmEccCurve.NIST_P224:
return ec.SECP224R1()
elif self == TpmEccCurve.NIST_P256:
return ec.SECP256R1()
elif self == TpmEccCurve.NIST_P384:
return ec.SECP384R1()
elif self == TpmEccCurve.NIST_P521:
return ec.SECP521R1()
raise ValueError("curve is not supported", self)
class Curve(Enum):
P224 = ec.SECP224R1()
P256 = ec.SECP256R1()
P384 = ec.SECP384R1()
P521 = ec.SECP521R1()
@staticmethod
def from_label(label: int):
label = bytes([label])
if Curve.P224.value == label:
return Curve.P224.name
elif Curve.P256.value == label:
return Curve.P256.name
elif Curve.P384.value == label:
return Curve.P384.name
elif Curve.P521.value == label:
return Curve.P521.name
def generateSignature(self, pri_key, msg):
if self.__scheme == SignatureScheme.SHA224withECDSA:
private_key = ec.derive_private_key(int(pri_key, 16),
ec.SECP224R1(),
default_backend())
signature = private_key.sign(msg, ec.ECDSA(hashes.SHA224()))
elif self.__scheme == SignatureScheme.SHA256withECDSA:
private_key = ec.derive_private_key(int(pri_key, 16),
ec.SECP256R1(),
default_backend())
signature = private_key.sign(msg, ec.ECDSA(hashes.SHA256()))
elif self.__scheme == SignatureScheme.SHA384withECDSA:
private_key = ec.derive_private_key(int(pri_key, 16),
ec.SECP384R1(),
default_backend())
signature = private_key.sign(msg, ec.ECDSA(hashes.SHA384()))
return signature
class Curve(Enum):
P224 = ec.SECP224R1()
P256 = ec.SECP256R1()
P384 = ec.SECP384R1()
P521 = ec.SECP521R1()
@staticmethod
def from_label(label: int) -> str:
if label == 1:
return Curve.P224.name
elif label == 2:
return Curve.P256.name
elif label == 3:
return Curve.P384.name
elif label == 4:
return Curve.P521.name
else:
raise SDKException(ErrorCode.unknown_curve_label)
def generateSignature(self, pri_key, msg: bytes):
if self.__scheme == SignatureScheme.SHA224withECDSA:
private_key = ec.derive_private_key(int(pri_key, 16),
ec.SECP224R1(),
default_backend())
signature = private_key.sign(msg, ec.ECDSA(hashes.SHA224()))
elif self.__scheme == SignatureScheme.SHA256withECDSA:
private_key = ec.derive_private_key(int(pri_key, 16),
ec.SECP256R1(),
default_backend())
signature = private_key.sign(msg, ec.ECDSA(hashes.SHA256()))
elif self.__scheme == SignatureScheme.SHA384withECDSA:
private_key = ec.derive_private_key(int(pri_key, 16),
ec.SECP384R1(),
default_backend())
signature = private_key.sign(msg, ec.ECDSA(hashes.SHA384()))
else:
raise RuntimeError
sign = SignatureHandler.dsa_der_to_plain(signature)
return sign
def generate_signature(self, pri_key: str, msg: bytes) -> str:
if self.__scheme == SignatureScheme.SHA224withECDSA:
private_key = ec.derive_private_key(int(pri_key, 16),
ec.SECP224R1(),
default_backend())
signature = private_key.sign(msg, ec.ECDSA(hashes.SHA224()))
elif self.__scheme == SignatureScheme.SHA256withECDSA:
private_key = ec.derive_private_key(int(pri_key, 16),
ec.SECP256R1(),
default_backend())
signature = private_key.sign(msg, ec.ECDSA(hashes.SHA256()))
elif self.__scheme == SignatureScheme.SHA384withECDSA:
private_key = ec.derive_private_key(int(pri_key, 16),
ec.SECP384R1(),
default_backend())
signature = private_key.sign(msg, ec.ECDSA(hashes.SHA384()))
else:
raise SDKException(
ErrorCode.other_error('Invalid signature scheme.'))
sign = SignatureHandler.dsa_der_to_plain(signature)
return sign
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.x509.oid import NameOID
import datetime
import uuid
from time import time, process_time
print('check')
value = ec.SECP224R1()
time1 = process_time()
one_day = datetime.timedelta(1, 0, 0)
pr_key = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
time2 = process_time()
tt_keygen = time2 - time1
pub_key = pr_key.public_key()
builder = x509.CertificateBuilder()
builder = builder.subject_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u'CA certificate'),
]))
builder = builder.issuer_name(
x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, u'Self signed'),
]))
else:
from Cryptodome.PublicKey import DSA
from Cryptodome.PublicKey import RSA
RSA_WEAK = 1024
RSA_OK = 2048
RSA_STRONG = 3076
DSA_WEAK = 1024
DSA_OK = 2048
DSA_STRONG = 3076
BIG = 10000
EC_WEAK = ec.SECT163K1() # has key size of 163
EC_OK = ec.SECP224R1()
EC_STRONG = ec.SECP384R1()
EC_BIG = ec.SECT571R1()
dsa_gen_key = dsa.generate_private_key
ec_gen_key = ec.generate_private_key
rsa_gen_key = rsa.generate_private_key
# Strong and OK keys.
dsa_gen_key(key_size=DSA_OK)
dsa_gen_key(key_size=DSA_STRONG)
dsa_gen_key(key_size=BIG)
ec_gen_key(curve=EC_OK)
ec_gen_key(curve=EC_STRONG)
ec_gen_key(curve=EC_BIG)
csr = csr_add_extension.sign(private_key, hashes.SHA256(),
default_backend())
else:
csr = csr_add_extension.sign(private_key, hashes.SHA1(),
default_backend())
return {
'error': True,
'csr': csr.public_bytes(serialization.Encoding.PEM),
'priv_key': key
}
elif mysf == 'ECDSA':
if myqd == 'P192':
private_key = ec.generate_private_key(curve=ec.SECP192R1(),
backend=default_backend())
elif myqd == 'P224':
private_key = ec.generate_private_key(curve=ec.SECP224R1(),
backend=default_backend())
elif myqd == 'P256':
private_key = ec.generate_private_key(curve=ec.SECP256R1(),
backend=default_backend())
elif myqd == 'P384':
private_key = ec.generate_private_key(curve=ec.SECP384R1(),
backend=default_backend())
elif myqd == 'P521':
private_key = ec.generate_private_key(curve=ec.SECP521R1(),
backend=default_backend())
else:
private_key = ec.generate_private_key(curve=ec.SECP256R1(),
backend=default_backend())
if key_pass:
from time import process_time_ns
from cryptography.hazmat.primitives.asymmetric import ec
# Recommended curves from https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
CURVE_MAP = {
'P-192': ec.SECP192R1(),
'P-224': ec.SECP224R1(),
'P-256': ec.SECP256R1(),
'P-384': ec.SECP384R1()
}
def current_milli_time():
return process_time_ns()
def generate_public_key(self, source):
if source not in self.key_cache or "public_key" not in self.key_cache[source]:
self.key_cache[source] = {}
new_private_key = ec.generate_private_key(ec.SECP224R1(), default_backend())
self.key_cache[source]["public_key"] = new_private_key.public_key()
self.key_cache[source]["private_key"] = new_private_key
def test_secp224r1_derive_ecdh(self):
self.secp_derive_ecdh(ec.SECP224R1())
def test_secp224r1_ecdsa_sign_truncated(self):
self.require_version((2, 1, 0), 'Automatic digest truncation')
self.secp_ecdsa_sign(ec.SECP224R1(), hashes.SHA256())
self.secp_ecdsa_sign(ec.SECP224R1(), hashes.SHA384())
self.secp_ecdsa_sign(ec.SECP224R1(), hashes.SHA512())
def test_secp224r1_ecdsa_sign(self):
self.secp_ecdsa_sign(ec.SECP224R1(), hashes.SHA1())
self.secp_ecdsa_sign(ec.SECP224R1(), hashes.SHA256(), length=28)
self.secp_ecdsa_sign(ec.SECP224R1(), hashes.SHA384(), length=28)
self.secp_ecdsa_sign(ec.SECP224R1(), hashes.SHA512(), length=28)
def pub_priv_creater(mysf, myqd, key_pass):
if mysf == 'RSA':
private_key = rsa.generate_private_key(public_exponent=65537,
key_size=int(myqd),
backend=default_backend())
if key_pass:
key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.BestAvailableEncryption(
key_pass),
)
else:
key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
public_key = private_key.public_key().public_bytes(
serialization.Encoding.PEM,
serialization.PublicFormat.SubjectPublicKeyInfo)
return {'error': True, 'pub_key': public_key, 'priv_key': key}
elif mysf == 'DSA':
private_key = dsa.generate_private_key(key_size=int(myqd),
backend=default_backend())
if key_pass:
key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.BestAvailableEncryption(
key_pass),
)
else:
key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
public_key = private_key.public_key().public_bytes(
serialization.Encoding.PEM,
serialization.PublicFormat.SubjectPublicKeyInfo)
return {'error': True, 'pub_key': public_key, 'priv_key': key}
elif mysf == 'ECDSA':
if myqd == 'P192':
private_key = ec.generate_private_key(curve=ec.SECP192R1(),
backend=default_backend())
elif myqd == 'P224':
private_key = ec.generate_private_key(curve=ec.SECP224R1(),
backend=default_backend())
elif myqd == 'P256':
private_key = ec.generate_private_key(curve=ec.SECP256R1(),
backend=default_backend())
elif myqd == 'P384':
private_key = ec.generate_private_key(curve=ec.SECP384R1(),
backend=default_backend())
elif myqd == 'P521':
private_key = ec.generate_private_key(curve=ec.SECP521R1(),
backend=default_backend())
else:
private_key = ec.generate_private_key(curve=ec.SECP256R1(),
backend=default_backend())
if key_pass:
key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.BestAvailableEncryption(
key_pass),
)
else:
key = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
public_key = private_key.public_key().public_bytes(
serialization.Encoding.PEM,
serialization.PublicFormat.SubjectPublicKeyInfo)
return {'error': True, 'pub_key': public_key, 'priv_key': key}
else:
return {'error': False, 'pub_key': u'选择加密算法错误!'}
from __future__ import absolute_import, division, print_function
import binascii
import pytest
from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.backends.interfaces import EllipticCurveBackend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ec
from ..hazmat.primitives.test_ec import _skip_exchange_algorithm_unsupported
_CURVES = {
"secp224r1": ec.SECP224R1(),
"secp256r1": ec.SECP256R1(),
"secp384r1": ec.SECP384R1(),
"secp521r1": ec.SECP521R1(),
"secp256k1": ec.SECP256K1(),
"brainpoolP224r1": None,
"brainpoolP256r1": ec.BrainpoolP256R1(),
"brainpoolP320r1": None,
"brainpoolP384r1": ec.BrainpoolP384R1(),
"brainpoolP512r1": ec.BrainpoolP512R1(),
"brainpoolP224t1": None,
"brainpoolP256t1": None,
"brainpoolP320t1": None,
"brainpoolP384t1": None,
"brainpoolP512t1": None,
}
class SSHKey: # pylint:disable=too-many-instance-attributes
"""Represents a single SSH keypair.
ssh_key = SSHKey(key_data, strict=True)
ssh_key.parse()
strict=True (default) only allows keys ssh-keygen generates. Setting strict mode to false allows
all keys OpenSSH actually accepts, including highly insecure ones. For example, OpenSSH accepts
512-bit DSA keys and 64-bit RSA keys which are highly insecure."""
DSA_MIN_LENGTH_STRICT = 1024
DSA_MAX_LENGTH_STRICT = 1024
DSA_MIN_LENGTH_LOOSE = 1
DSA_MAX_LENGTH_LOOSE = 3072
DSA_N_LENGTH = 160
ECDSA_CURVE_DATA = {
b"nistp256": (ec.SECP256R1(), hashes.SHA256()),
b"nistp192": (ec.SECP192R1(), hashes.SHA256()),
b"nistp224": (ec.SECP224R1(), hashes.SHA256()),
b"nistp384": (ec.SECP384R1(), hashes.SHA384()),
b"nistp521": (ec.SECP521R1(), hashes.SHA512())
}
RSA_MIN_LENGTH_STRICT = 1024
RSA_MAX_LENGTH_STRICT = 16384
RSA_MIN_LENGTH_LOOSE = 768
RSA_MAX_LENGTH_LOOSE = 16384
# Valid as of OpenSSH_8.3
# argument name, value is mandatory. Options are case-insensitive, but this list must be in lowercase.
OPTIONS_SPEC = [
("agent-forwarding", False),
("cert-authority", False),
("command", True),
("environment", True),
("expiry-time", True),
("from", True),
("no-agent-forwarding", False),
("no-port-forwarding", False),
("no-pty", False),
("no-user-rc", False),
("no-x11-forwarding", False),
("permitlisten", True),
("permitopen", True),
("port-forwarding", False),
("principals", True),
("pty", False),
("no-touch-required", False),
("restrict", False),
("tunnel", True),
("user-rc", False),
("x11-forwarding", False),
]
OPTION_NAME_RE = re.compile("^[A-Za-z0-9-]+$")
INT_LEN = 4
FIELDS = [
"rsa", "dsa", "ecdsa", "bits", "comment", "options", "options_raw",
"key_type"
]
def __init__(self, keydata=None, **kwargs):
self.keydata = keydata
self._decoded_key = None
self.rsa = None
self.dsa = None
self.ecdsa = None
self.bits = None
self.comment = None
self.options = None
self.options_raw = None
self.key_type = None
self.strict_mode = bool(kwargs.get("strict", True))
self.skip_option_parsing = bool(
kwargs.get("skip_option_parsing", False))
self.disallow_options = bool(kwargs.get("disallow_options", False))
if keydata:
try:
self.parse(keydata)
except (InvalidKeyError, NotImplementedError):
pass
def __str__(self):
return f"Key type: {self.key_type.decode()}, bits: {self.bits}, options: {self.options}"
def reset(self):
"""Reset all data fields."""
for field in self.FIELDS:
setattr(self, field, None)
@property
def key(self):
"""Base64 encoded key"""
return base64.b64encode(self._decoded_key)
def hash(self):
"""Calculate md5 fingerprint.
Deprecated, use .hash_md5() instead."""
warnings.warn(
"hash() is deprecated. Use hash_md5(), hash_sha256() or hash_sha512() instead."
)
return self.hash_md5().replace(b"MD5:", b"")
def hash_md5(self):
"""Calculate md5 fingerprint.
Shamelessly copied from http://stackoverflow.com/questions/6682815/deriving-an-ssh-fingerprint-from-a-public-key-in-python
For specification, see RFC4716, section 4."""
fp_plain = hashlib.md5(self._decoded_key).hexdigest()
return "MD5:" + ':'.join(
a + b for a, b in zip(fp_plain[::2], fp_plain[1::2]))
def hash_sha256(self):
"""Calculate sha256 fingerprint."""
fp_plain = hashlib.sha256(self._decoded_key).digest()
return (b"SHA256:" +
base64.b64encode(fp_plain).replace(b"=", b"")).decode("utf-8")
def hash_sha512(self):
"""Calculates sha512 fingerprint."""
fp_plain = hashlib.sha512(self._decoded_key).digest()
return (b"SHA512:" +
base64.b64encode(fp_plain).replace(b"=", b"")).decode("utf-8")
def _unpack_by_int(self, data, current_position):
"""Returns a tuple with (location of next data field, contents of requested data field)."""
# Unpack length of data field
try:
requested_data_length = struct.unpack(
'>I',
data[current_position:current_position + self.INT_LEN])[0]
except struct.error as ex:
raise MalformedDataError(
f"Unable to unpack {self.INT_LEN} bytes from the data") from ex
# Move pointer to the beginning of the data field
current_position += self.INT_LEN
remaining_data_length = len(data[current_position:])
if remaining_data_length < requested_data_length:
raise MalformedDataError(
f"Requested {requested_data_length} bytes, but only {remaining_data_length} bytes available."
)
next_data = data[current_position:current_position +
requested_data_length]
# Move pointer to the end of the data field
current_position += requested_data_length
return current_position, next_data
@classmethod
def _parse_long(cls, data):
"""Calculate two's complement."""
if sys.version < '3':
# this does not exist in python 3 - undefined-variable disabled to make pylint happier.
ret = long(0) # pylint:disable=undefined-variable
for byte in data:
ret = (ret << 8) + ord(byte)
else:
ret = 0
for byte in data:
ret = (ret << 8) + byte
return ret
def _split_key(self, data):
options_raw = None
# Terribly inefficient way to remove options, but hey, it works.
if not data.startswith("ssh-") and not data.startswith(
"ecdsa-") and not data.startswith("sk-"):
quote_open = False
for i, character in enumerate(data):
if character == '"': # only double quotes are allowed, no need to care about single quotes
quote_open = not quote_open
if quote_open:
continue
if character == " ":
# Data begins after the first space
options_raw = data[:i]
data = data[i + 1:]
break
else:
raise MalformedDataError(
"Couldn't find beginning of the key data")
key_parts = data.strip().split(None, 2)
if len(key_parts) < 2: # Key type and content are mandatory fields.
raise InvalidKeyError(
"Unexpected key format: at least type and base64 encoded value is required"
)
if len(key_parts) == 3:
self.comment = key_parts[2]
key_parts = key_parts[0:2]
if options_raw:
# Populate and parse options field.
self.options_raw = options_raw
if not self.skip_option_parsing:
self.options = self.parse_options(self.options_raw)
else:
# Set empty defaults for fields
self.options_raw = None
self.options = {}
return key_parts
@classmethod
def decode_key(cls, pubkey_content):
"""Decode base64 coded part of the key."""
try:
decoded_key = base64.b64decode(pubkey_content.encode("ascii"))
except (TypeError, binascii.Error) as ex:
raise MalformedDataError("Unable to decode the key") from ex
return decoded_key
@classmethod
def _bits_in_number(cls, number):
return len(format(number, "b"))
def parse_options(self, options):
"""Parses ssh options string."""
quote_open = False
parsed_options = {}
def parse_add_single_option(opt):
"""Parses and validates a single option, and adds it to parsed_options field."""
if "=" in opt:
opt_name, opt_value = opt.split("=", 1)
opt_value = opt_value.replace('"', '')
else:
opt_name = opt
opt_value = True
if " " in opt_name or not self.OPTION_NAME_RE.match(opt_name):
raise InvalidOptionNameError(
f"{opt_name} is not a valid option name.")
if self.strict_mode:
for valid_opt_name, value_required in self.OPTIONS_SPEC:
if opt_name.lower() == valid_opt_name:
if value_required and opt_value is True:
raise MissingMandatoryOptionValueError(
f"{opt_name} is missing a mandatory value.")
break
else:
raise UnknownOptionNameError(
f"{opt_name} is an unrecognized option name.")
if opt_name not in parsed_options:
parsed_options[opt_name] = []
parsed_options[opt_name].append(opt_value)
start_of_current_opt = 0
i = 1 # Need to be set for empty options strings
for i, character in enumerate(options):
if character == '"': # only double quotes are allowed, no need to care about single quotes
quote_open = not quote_open
if quote_open:
continue
if character == ",":
opt = options[start_of_current_opt:i]
parse_add_single_option(opt)
start_of_current_opt = i + 1
# Data begins after the first space
if start_of_current_opt + 1 != i:
opt = options[start_of_current_opt:]
parse_add_single_option(opt)
if quote_open:
raise InvalidOptionsError("Unbalanced quotes.")
return parsed_options
def _process_ssh_rsa(self, data):
"""Parses ssh-rsa public keys."""
current_position, raw_e = self._unpack_by_int(data, 0)
current_position, raw_n = self._unpack_by_int(data, current_position)
unpacked_e = self._parse_long(raw_e)
unpacked_n = self._parse_long(raw_n)
self.rsa = RSAPublicNumbers(unpacked_e,
unpacked_n).public_key(default_backend())
self.bits = self.rsa.key_size
if self.strict_mode:
min_length = self.RSA_MIN_LENGTH_STRICT
max_length = self.RSA_MAX_LENGTH_STRICT
else:
min_length = self.RSA_MIN_LENGTH_LOOSE
max_length = self.RSA_MAX_LENGTH_LOOSE
if self.bits < min_length:
raise TooShortKeyError(
f"{self.key_type.decode()} key data can not be shorter than {min_length} bits (was {self.bits})"
)
if self.bits > max_length:
raise TooLongKeyError(
f"{self.key_type.decode()} key data can not be longer than {max_length} bits (was {self.bits})"
)
return current_position
def _process_ssh_dss(self, data):
"""Parses ssh-dsa public keys."""
data_fields = {}
current_position = 0
for item in ("p", "q", "g", "y"):
current_position, value = self._unpack_by_int(
data, current_position)
data_fields[item] = self._parse_long(value)
q_bits = self._bits_in_number(data_fields["q"])
p_bits = self._bits_in_number(data_fields["p"])
if q_bits != self.DSA_N_LENGTH:
raise InvalidKeyError(
f"Incorrect DSA key parameters: bits(p)={self.bits}, q={q_bits}"
)
if self.strict_mode:
min_length = self.DSA_MIN_LENGTH_STRICT
max_length = self.DSA_MAX_LENGTH_STRICT
else:
min_length = self.DSA_MIN_LENGTH_LOOSE
max_length = self.DSA_MAX_LENGTH_LOOSE
if p_bits < min_length:
raise TooShortKeyError(
f"{self.key_type.decode()} key can not be shorter than {min_length} bits (was {p_bits})"
)
if p_bits > max_length:
raise TooLongKeyError(
f"{self.key_type.decode()} key data can not be longer than {max_length} bits (was {p_bits})"
)
dsa_parameters = DSAParameterNumbers(data_fields["p"],
data_fields["q"],
data_fields["g"])
self.dsa = DSAPublicNumbers(
data_fields["y"], dsa_parameters).public_key(default_backend())
self.bits = self.dsa.key_size
return current_position
def _process_ecdsa_sha(self, data):
"""Parses ecdsa-sha public keys."""
current_position, curve_information = self._unpack_by_int(data, 0)
if curve_information not in self.ECDSA_CURVE_DATA:
raise NotImplementedError(
f"Invalid curve type: {curve_information}")
curve, hash_algorithm = self.ECDSA_CURVE_DATA[curve_information]
current_position, key_data = self._unpack_by_int(
data, current_position)
try:
ecdsa_pubkey = ec.EllipticCurvePublicKey.from_encoded_point(
curve, key_data)
except ValueError as ex:
raise InvalidKeyError("Invalid ecdsa key") from ex
self.bits = curve.key_size
self.ecdsa = _ECVerifyingKey(ecdsa_pubkey, hash_algorithm)
return current_position
def _process_ed25519(self, data):
"""Parses ed25519 keys.
There is no (apparent) way to validate ed25519 keys. This only
checks data length (256 bits), but does not try to validate
the key in any way."""
current_position, verifying_key = self._unpack_by_int(data, 0)
verifying_key_length = len(verifying_key) * 8
verifying_key = self._parse_long(verifying_key)
if verifying_key < 0:
raise InvalidKeyError("ed25519 verifying key must be >0.")
self.bits = verifying_key_length
if self.bits != 256:
raise InvalidKeyLengthError(
f"ed25519 keys must be 256 bits (was {self.bits} bits)")
return current_position
def _validate_application_string(self, application):
"""Validates Application string.
Has to be an URL starting with "ssh:". See ssh-keygen(1)."""
try:
parsed_url = urlparse(application)
except ValueError as err:
raise InvalidKeyError(f"Application string: {err}") from err
if parsed_url.scheme != b"ssh":
raise InvalidKeyError('Application string must begin with "ssh:"')
def _process_sk_ecdsa_sha(self, data):
"""Parses sk_ecdsa-sha public keys."""
current_position = self._process_ecdsa_sha(data)
current_position, application = self._unpack_by_int(
data, current_position)
self._validate_application_string(application)
return current_position
def _process_sk_ed25519(self, data):
"""Parses sk_ed25519 public keys."""
current_position = self._process_ed25519(data)
current_position, application = self._unpack_by_int(
data, current_position)
self._validate_application_string(application)
return current_position
def _process_key(self, data):
if self.key_type == b"ssh-rsa":
return self._process_ssh_rsa(data)
if self.key_type == b"ssh-dss":
return self._process_ssh_dss(data)
if self.key_type.strip().startswith(b"ecdsa-sha"):
return self._process_ecdsa_sha(data)
if self.key_type == b"ssh-ed25519":
return self._process_ed25519(data)
if self.key_type.strip().startswith(b"sk-ecdsa-sha"):
return self._process_sk_ecdsa_sha(data)
if self.key_type.strip().startswith(b"sk-ssh-ed25519"):
return self._process_sk_ed25519(data)
raise NotImplementedError(
f"Invalid key type: {self.key_type.decode()}")
def parse(self, keydata=None):
"""Validates SSH public key.
Throws exception for invalid keys. Otherwise returns None.
Populates key_type, bits and bits fields.
For rsa keys, see field "rsa" for raw public key data.
For dsa keys, see field "dsa".
For ecdsa keys, see field "ecdsa"."""
if keydata is None:
if self.keydata is None:
raise ValueError(
"Key data must be supplied either in constructor or to parse()"
)
keydata = self.keydata
else:
self.reset()
self.keydata = keydata
if keydata.startswith("---- BEGIN SSH2 PUBLIC KEY ----"):
# SSH2 key format
key_type = None # There is no redundant key-type field - skip comparing plain-text and encoded data.
pubkey_content = "".join([
line for line in keydata.split("\n")
if ":" not in line and "----" not in line
])
else:
key_parts = self._split_key(keydata)
key_type = key_parts[0]
pubkey_content = key_parts[1]
self._decoded_key = self.decode_key(pubkey_content)
# Check key type
current_position, unpacked_key_type = self._unpack_by_int(
self._decoded_key, 0)
if key_type is not None and key_type != unpacked_key_type.decode():
raise InvalidTypeError(
f"Keytype mismatch: {key_type} != {unpacked_key_type.decode()}"
)
self.key_type = unpacked_key_type
key_data_length = self._process_key(
self._decoded_key[current_position:])
current_position = current_position + key_data_length
if current_position != len(self._decoded_key):
raise MalformedDataError(
f"Leftover data: {len(self._decoded_key) - current_position} bytes"
)
if self.disallow_options and self.options:
raise InvalidOptionsError("Options are disallowed.")
class Curve(Enum):
P224 = ec.SECP224R1()
P256 = ec.SECP256R1()
P384 = ec.SECP384R1()
P521 = ec.SECP521R1()
elif qmsf == 'SHA224':
csr=csr_add_extension.sign(private_key,hashes.SHA224(),default_backend())
elif qmsf == 'SHA256':
csr=csr_add_extension.sign(private_key,hashes.SHA256(),default_backend())
else:
csr=csr_add_extension.sign(private_key,hashes.SHA1(),default_backend())
return {'error':True,'csr':csr.public_bytes(serialization.Encoding.PEM),'priv_key':key}
elif mysf =='ECDSA':
if myqd == 'P192':
private_key=ec.generate_private_key(
curve=ec.SECP192R1(),
backend=default_backend()
)
elif myqd == 'P224':
private_key=ec.generate_private_key(
curve=ec.SECP224R1(),
backend=default_backend()
)
elif myqd == 'P256':
private_key=ec.generate_private_key(
curve=ec.SECP256R1(),
backend=default_backend()
)
elif myqd == 'P384':
private_key=ec.generate_private_key(
curve=ec.SECP384R1(),
backend=default_backend()
)
elif myqd == 'P521':
private_key=ec.generate_private_key(
curve=ec.SECP521R1(),
