def sign(self, data, fingerprint): try: pub_key = self.__find_key(fingerprint) if not pub_key: raise exceptions.SshAgentError( "Your ssh-agent does not have the required key added. This " "usually indicates that ssh-add has not been run.") self.sock.send( i2s(len(pub_key) + len(data) + 13) + chr(SSH2_AGENTC_SIGN_REQUEST)) write_field(self.sock, pub_key) write_field(self.sock, data) self.sock.send("\0\0\0\0") length, response_code, resp_len = struct.unpack( "!IBI", self.sock.recv(9)) assert response_code == SSH2_AGENT_SIGN_RESPONSE buf = self.sock.recv(length - 5) fields = rsa.read_fields(buf) response_type = fields.next() assert response_type == "ssh-rsa" return fields.next() except socket.timeout as why: raise exceptions.SshAgentError(why)
def sign_challenge(self, challenge): try: pub_key = self.__find_key(challenge.fingerprint) if not pub_key: raise exceptions.SshAgentError( "Your ssh-agent does not have the required key added. This " "usually indicates that ssh-add has not been run.") challenge_bytes = challenge.serialize() self.sock.send(i2s(len(pub_key) + len(challenge_bytes) + 13) + chr(SSH2_AGENTC_SIGN_REQUEST)) write_field(self.sock, pub_key) write_field(self.sock, challenge_bytes) self.sock.send("\0\0\0\0") length, response_code, resp_len = struct.unpack("!IBI", self.sock.recv(9)) assert response_code == SSH2_AGENT_SIGN_RESPONSE buf = self.sock.recv(length - 5) fields = rsa.read_fields(buf) response_type = fields.next() assert response_type == "ssh-rsa" return fields.next() except socket.timeout as why: raise exceptions.SshAgentError(why)
def __find_key(self, key_fingerprint): write_field(self.sock, SSH2_AGENTC_REQUEST_IDENTITIES) length, response_code, count = struct.unpack("!IBI", self.sock.recv(9)) assert response_code == SSH2_AGENT_IDENTITIES_ANSWER resp = self.sock.recv(length - 5) fields = rsa.read_fields(resp) for i in xrange(count): try: key = rsa.RSAPublicKey(fields.next()) except exceptions.KeyError: fields.next() continue fields.next() # ignore filename for key if key.fingerprint() == key_fingerprint: return key