def key(self): """ :return: a subclass of PKey of the appropriate key type :rtype: PKey :raises ValidationError: """ # Check if the key pair exists: at least a public or private part of # the key is required, as well as the key type. if not self.key_type: return None if not self.public_key and not self.private_key: return None public_key = None private_key = None if self.public_key: public_key = base64.b64decode(self.public_key) if self.private_key: private_key = StringIO(self.private_key) if self.key_type == 'ssh-dss': pkey = DSSKey(data=public_key, file_obj=private_key) elif self.key_type == 'ssh-rsa': pkey = RSAKey(data=public_key, file_obj=private_key) elif self.key_type.startswith('ecdsa'): pkey = ECDSAKey(data=public_key, file_obj=private_key) elif self.key_type == '*****@*****.**': pkey = RSAKey(data=public_key, file_obj=private_key) pkey.load_certificate(Message(public_key)) else: raise ValidationError('Unsupported key type: ' + self.key_type) return pkey
def test_20_compare_ecdsa_521(self): # verify that the private & public keys compare equal key = ECDSAKey.from_private_key_file(_support("test_ecdsa_521.key")) self.assertEqual(key, key) pub = ECDSAKey(data=key.asbytes()) self.assertTrue(key.can_sign()) self.assertTrue(not pub.can_sign()) self.assertEqual(key, pub)
def test_16_compare_ecdsa_384(self): # verify that the private & public keys compare equal key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_384.key')) self.assertEqual(key, key) pub = ECDSAKey(data=key.asbytes()) self.assertTrue(key.can_sign()) self.assertTrue(not pub.can_sign()) self.assertEqual(key, pub)
def test_12_compare_ecdsa(self): # verify that the private & public keys compare equal key = ECDSAKey.from_private_key_file('tests/test_ecdsa.key') self.assertEquals(key, key) pub = ECDSAKey(data=str(key)) self.assert_(key.can_sign()) self.assert_(not pub.can_sign()) self.assertEquals(key, pub)
def test_sign_ecdsa_384(self): # verify that the rsa private key can sign and verify key = ECDSAKey.from_private_key_file(_support('test_ecdsa_384.key')) msg = key.sign_ssh_data(b'ice weasels') self.assertTrue(type(msg) is Message) msg.rewind() self.assertEqual('ecdsa-sha2-nistp384', msg.get_text()) # ECDSA signatures, like DSS signatures, tend to be different # each time, so we can't compare against a "known correct" signature. # Even the length of the signature can change. msg.rewind() pub = ECDSAKey(data=key.asbytes()) self.assertTrue(pub.verify_ssh_sig(b'ice weasels', msg))
def dehydrate(self, bundle): if bundle.obj.key_type == "ssh-rsa": key = RSAKey(data=base64.b64decode(bundle.obj.public_key)) elif bundle.obj.key_type == "ssh-dss": key = DSSKey(data=base64.b64decode(bundle.obj.public_key)) elif bundle.obj.key_type.startswith("ecdsa"): key = ECDSAKey(data=base64.b64decode(bundle.obj.public_key)) else: raise HydrationError("Unknown key type: %s" % bundle.object.key_type) bundle.data['fingerprint'] = u(hexlify(key.get_fingerprint())) return bundle
def test_13_sign_ecdsa(self): # verify that the rsa private key can sign and verify key = ECDSAKey.from_private_key_file('tests/test_ecdsa.key') msg = key.sign_ssh_data(rng, 'ice weasels') self.assert_(type(msg) is Message) msg.rewind() self.assertEquals('ecdsa-sha2-nistp256', msg.get_string()) # ECDSA signatures, like DSS signatures, tend to be different # each time, so we can't compare against a "known correct" # signature. # Even the length of the signature can change. msg.rewind() pub = ECDSAKey(data=str(key)) self.assert_(pub.verify_ssh_sig('ice weasels', msg))
def load(self): """Try to load the public key We support RSA, ECDSA and Ed25519 keys and return instances of: * paramiko.rsakey.RSAKey * paramiko.ecdsakey.ECDSAKey * paramiko.ed25519key.Ed25519Key (requires paramiko >= 2.2) """ # I don't think there is a key type independent way of doing this public_key_blob = b64decode(self.key_base64) if self.key_algorithm.startswith('ssh-ed25519'): try: return Ed25519Key(data=public_key_blob) except NameError: raise ValidationError('Paramiko too old to load ed25519 keys') elif self.key_algorithm.startswith('ecdsa-'): return ECDSAKey(data=public_key_blob) elif self.key_algorithm.startswith('ssh-rsa'): return RSAKey(data=public_key_blob) raise SSHException('Key is not RSA, ECDSA or Ed25519')
def clean(self): data = super().clean() key_type = data.get('key_type') public_key = data.get('public_key') try: if key_type == "ssh-rsa": k = RSAKey(data=base64.b64decode(public_key)) elif key_type == "ssh-dss": k = DSSKey(data=base64.b64decode(public_key)) elif key_type.startswith('ecdsa'): k = ECDSAKey(data=base64.b64decode(public_key)) else: raise forms.ValidationError( _("Unsupport key type: %(keytype)s"), code='invalid keytype', params={'key_type': key_type} ) data['key_type'] = k.get_name() data['public_key'] = k.get_base64() except (TypeError, SSHException, UnicodeDecodeError) as err: if len(public_key) > 30: body = public_key[0:30] else: body = public_key raise forms.ValidationError( _("Body of SSH public key is invalid:\n%(body)s\n" "Error: %(err)s"), code='invalid key body', params={'body': body + "...", 'err': err} ) return data