Merge branch 'master' into 731-int

author: Jeff Forcier <jeff@bitprophet.org> 2016-04-28 10:38:23 -0700
committer: Jeff Forcier <jeff@bitprophet.org> 2016-04-28 10:38:23 -0700
commit: bb21c811d9159732d2f60e85961972a3bfc23afc (patch)
tree: 877e82007331f3ec571de25e98ec164248b42234
parent: fdfbdbb6cc64927fe1e41592728d35eddecc08de (diff)
parent: d27fa785b61384e1a3255483f85458dde1751c50 (diff)
4 files changed, 15 insertions, 23 deletions
diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py
index 7e14422c..4644e9a6 100644
--- a/paramiko/dsskey.py
+++ b/paramiko/dsskey.py
@@ -25,7 +25,7 @@ from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import dsa
 from cryptography.hazmat.primitives.asymmetric.utils import (
-    decode_rfc6979_signature, encode_rfc6979_signature
+    decode_dss_signature, encode_dss_signature
 )
 
 from paramiko import util
@@ -113,7 +113,7 @@ class DSSKey(PKey):
         ).private_key(backend=default_backend())
         signer = key.signer(hashes.SHA1())
         signer.update(data)
-        r, s = decode_rfc6979_signature(signer.finalize())
+        r, s = decode_dss_signature(signer.finalize())
 
         m = Message()
         m.add_string('ssh-dss')
@@ -141,7 +141,7 @@ class DSSKey(PKey):
         sigR = util.inflate_long(sig[:20], 1)
         sigS = util.inflate_long(sig[20:], 1)
 
-        signature = encode_rfc6979_signature(sigR, sigS)
+        signature = encode_dss_signature(sigR, sigS)
 
         key = dsa.DSAPublicNumbers(
             y=self.y,
diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py
index 0af60a15..2825a305 100644
--- a/paramiko/ecdsakey.py
+++ b/paramiko/ecdsakey.py
@@ -20,21 +20,19 @@
 ECDSA keys
 """
 
-import binascii
-
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.hazmat.primitives.asymmetric.utils import (
-    decode_rfc6979_signature, encode_rfc6979_signature
+    decode_dss_signature, encode_dss_signature
 )
 
 from paramiko.common import four_byte
 from paramiko.message import Message
 from paramiko.pkey import PKey
 from paramiko.ssh_exception import SSHException
-from paramiko.util import deflate_long, inflate_long
+from paramiko.util import deflate_long
 
 
 class _ECDSACurve(object):
@@ -131,18 +129,12 @@ class ECDSAKey(PKey):
                 raise SSHException("Can't handle curve of type %s" % curvename)
 
             pointinfo = msg.get_binary()
-            if pointinfo[0:1] != four_byte:
-                raise SSHException('Point compression is being used: %s' %
-                                   binascii.hexlify(pointinfo))
-            curve = self.ecdsa_curve.curve_class()
-            key_bytes = (curve.key_size + 7) // 8
-            numbers = ec.EllipticCurvePublicNumbers(
-                x=inflate_long(pointinfo[1:1 + key_bytes],
-                               always_positive=True),
-                y=inflate_long(pointinfo[1 + key_bytes:],
-                               always_positive=True),
-                curve=curve
-            )
+            try:
+                numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(
+                    ec.SECP256R1(), pointinfo
+                )
+            except ValueError:
+                raise SSHException("Invalid public key")
             self.verifying_key = numbers.public_key(backend=default_backend())
 
     @classmethod
@@ -192,7 +184,7 @@ class ECDSAKey(PKey):
         signer = self.signing_key.signer(ecdsa)
         signer.update(data)
         sig = signer.finalize()
-        r, s = decode_rfc6979_signature(sig)
+        r, s = decode_dss_signature(sig)
 
         m = Message()
         m.add_string(self.ecdsa_curve.key_format_identifier)
@@ -204,7 +196,7 @@ class ECDSAKey(PKey):
             return False
         sig = msg.get_binary()
         sigR, sigS = self._sigdecode(sig)
-        signature = encode_rfc6979_signature(sigR, sigS)
+        signature = encode_dss_signature(sigR, sigS)
 
         verifier = self.verifying_key.verifier(
             signature, ec.ECDSA(self.ecdsa_curve.hash_object())
diff --git a/setup.py b/setup.py
index 4f370d63..ed3bbcd6 100644
--- a/setup.py
+++ b/setup.py
@@ -76,7 +76,7 @@ setup(
         'Programming Language :: Python :: 3.5',
     ],
     install_requires=[
-        'cryptography>=0.8',
+        'cryptography>=1.1',
         'pyasn1>=0.1.7',
     ],
 )
diff --git a/tox-requirements.txt b/tox-requirements.txt
index 47ddd792..9645f854 100644
--- a/tox-requirements.txt
+++ b/tox-requirements.txt
@@ -1,3 +1,3 @@
 # Not sure why tox can't just read setup.py?
-cryptography >= 0.8
+cryptography >= 1.1
 pyasn1 >= 0.1.7
author	Jeff Forcier <jeff@bitprophet.org>	2016-04-28 10:38:23 -0700
committer	Jeff Forcier <jeff@bitprophet.org>	2016-04-28 10:38:23 -0700
commit	bb21c811d9159732d2f60e85961972a3bfc23afc (patch)
tree	877e82007331f3ec571de25e98ec164248b42234
parent	fdfbdbb6cc64927fe1e41592728d35eddecc08de (diff)
parent	d27fa785b61384e1a3255483f85458dde1751c50 (diff)