diff options
| author | Jared Hobbs <jared@pyhacker.com> | 2018-11-27 17:48:12 -0700 |
|---|---|---|
| committer | Jared Hobbs <jared@pyhacker.com> | 2018-11-27 17:48:12 -0700 |
| commit | e72aeaf1baf8c042179b88c718dd5fab0cecb3d2 (patch) | |
| tree | 33009883e46e2eb4a1e7982cd5f7b1da65845a5c | |
| parent | eff204faf5624c51b7ac96b9b93e4ce9622f853a (diff) | |
blacken
| -rw-r--r-- | paramiko/dsskey.py | 4 | ||||
| -rw-r--r-- | paramiko/ecdsakey.py | 4 | ||||
| -rw-r--r-- | paramiko/pkey.py | 76 | ||||
| -rw-r--r-- | paramiko/rsakey.py | 9 | ||||
| -rw-r--r-- | tests/test_pkey.py | 16 |
5 files changed, 54 insertions, 55 deletions
diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py index a1adf818..07feb790 100644 --- a/paramiko/dsskey.py +++ b/paramiko/dsskey.py @@ -238,10 +238,10 @@ class DSSKey(PKey): except BERException as e: raise SSHException("Unable to parse key file: " + str(e)) elif pkformat == self.PRIVATE_KEY_FORMAT_OPENSSH: - keylist = self._uint32_cstruct_unpack(data, 'iiiii') + keylist = self._uint32_cstruct_unpack(data, "iiiii") keylist = [0] + list(keylist) else: - raise SSHException('private key format.') + raise SSHException("private key format.") if type(keylist) is not list or len(keylist) < 6 or keylist[0] != 0: raise SSHException( "not a valid DSA private key file (bad ber encoding)" diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py index c3ef8e4d..8b12520e 100644 --- a/paramiko/ecdsakey.py +++ b/paramiko/ecdsakey.py @@ -292,13 +292,13 @@ class ECDSAKey(PKey): except (ValueError, AssertionError) as e: raise SSHException(str(e)) elif pkformat == self.PRIVATE_KEY_FORMAT_OPENSSH: - curve, verkey, sigkey = self._uint32_cstruct_unpack(data, 'sss') + curve, verkey, sigkey = self._uint32_cstruct_unpack(data, "sss") try: key = ec.derive_private_key(sigkey, curve, default_backend()) except TypeError as e: raise SSHException(str(e)) else: - raise SSHException('unknown private key format.') + raise SSHException("unknown private key format.") self.signing_key = key self.verifying_key = key.public_key() diff --git a/paramiko/pkey.py b/paramiko/pkey.py index 4e56233f..155a78ef 100644 --- a/paramiko/pkey.py +++ b/paramiko/pkey.py @@ -35,8 +35,14 @@ from cryptography.hazmat.primitives.ciphers import algorithms, modes, Cipher from paramiko import util from paramiko.common import o600 -from paramiko.py3compat import u, encodebytes, decodebytes, b, string_types,\ - byte_ord +from paramiko.py3compat import ( + u, + encodebytes, + decodebytes, + b, + string_types, + byte_ord, +) from paramiko.ssh_exception import SSHException, PasswordRequiredException from paramiko.message import Message @@ -70,9 +76,9 @@ class PKey(object): PRIVATE_KEY_FORMAT_ORIGINAL = 1 PRIVATE_KEY_FORMAT_OPENSSH = 2 BEGIN_TAG = re.compile( - '^-{5}BEGIN (RSA|DSA|EC|OPENSSH) PRIVATE KEY-{5}\s*$' + "^-{5}BEGIN (RSA|DSA|EC|OPENSSH) PRIVATE KEY-{5}\s*$" ) - END_TAG = re.compile('^-{5}END (RSA|DSA|EC|OPENSSH) PRIVATE KEY-{5}\s*$') + END_TAG = re.compile("^-{5}END (RSA|DSA|EC|OPENSSH) PRIVATE KEY-{5}\s*$") def __init__(self, msg=None, data=None): """ @@ -313,20 +319,16 @@ class PKey(object): m = self.END_TAG.match(lines[end]) if keytype == tag: - data = self._read_private_key_old_format( - lines, - password, - ) + data = self._read_private_key_old_format(lines, password) pkformat = self.PRIVATE_KEY_FORMAT_ORIGINAL - elif keytype == 'OPENSSH': + elif keytype == "OPENSSH": data = self._read_private_key_new_format( - lines[start:end], - password, + lines[start:end], password ) pkformat = self.PRIVATE_KEY_FORMAT_OPENSSH else: raise SSHException( - 'encountered {} key, expected {} key'.format(keytype, tag) + "encountered {} key, expected {} key".format(keytype, tag) ) return pkformat, data @@ -344,7 +346,7 @@ class PKey(object): start += 1 # if we trudged to the end of the file, just try to cope. try: - data = decodebytes(b(''.join(lines[start:]))) + data = decodebytes(b("".join(lines[start:]))) except base64.binascii.Error as e: raise SSHException("base64 decoding error: " + str(e)) if "proc-type" not in headers: @@ -388,31 +390,31 @@ class PKey(object): try: data = decodebytes(b(''.join(lines))) except base64.binascii.Error as e: - raise SSHException('base64 decoding error: ' + str(e)) + raise SSHException("base64 decoding error: " + str(e)) # read data struct auth_magic = data[:14] - if auth_magic != b('openssh-key-v1'): - raise SSHException('unexpected OpenSSH key header encountered') + if auth_magic != b("openssh-key-v1"): + raise SSHException("unexpected OpenSSH key header encountered") - cstruct = self._uint32_cstruct_unpack(data[15:], 'sssur') + cstruct = self._uint32_cstruct_unpack(data[15:], "sssur") cipher, kdfname, kdf_options, num_pubkeys, remainder = cstruct # For now, just support 1 key. if num_pubkeys > 1: raise SSHException( - 'unsupported: private keyfile has multiple keys' + "unsupported: private keyfile has multiple keys" ) - pubkey, privkey_blob = self._uint32_cstruct_unpack(remainder, 'ss') + pubkey, privkey_blob = self._uint32_cstruct_unpack(remainder, "ss") - if kdfname == b('bcrypt'): - if cipher == b('aes256-cbc'): + if kdfname == b("bcrypt"): + if cipher == b("aes256-cbc"): mode = modes.CBC - elif cipher == b('aes256-ctr'): + elif cipher == b("aes256-ctr"): mode = modes.CTR else: raise SSHException( - 'unknown cipher `{}` used in private key file'.format( - cipher.decode('utf-8') + "unknown cipher `{}` used in private key file".format( + cipher.decode("utf-8") ) ) # Encrypted private key. @@ -420,7 +422,7 @@ class PKey(object): # out that we need one if password is None: raise PasswordRequiredException( - 'private key file is encrypted' + "private key file is encrypted" ) # Unpack salt and rounds from kdfoptions @@ -437,26 +439,26 @@ class PKey(object): ).decryptor() decrypted_privkey = decryptor.update(privkey_blob) decrypted_privkey += decryptor.finalize() - elif cipher == b('none') and kdfname == b('none'): + elif cipher == b("none") and kdfname == b("none"): # Unencrypted private key decrypted_privkey = privkey_blob else: raise SSHException( - 'unknown cipher or kdf used in private key file' + "unknown cipher or kdf used in private key file" ) # Unpack private key and verify checkints - cstruct = self._uint32_cstruct_unpack(decrypted_privkey, 'uusr') + cstruct = self._uint32_cstruct_unpack(decrypted_privkey, "uusr") checkint1, checkint2, keytype, keydata = cstruct if checkint1 != checkint2: raise SSHException( - 'OpenSSH private key file checkints do not match' + "OpenSSH private key file checkints do not match" ) # Remove padding padlen = byte_ord(keydata[len(keydata) - 1]) - return keydata[:len(keydata) - padlen] + return keydata[: len(keydata) - padlen] def _uint32_cstruct_unpack(self, data, strformat): """ @@ -475,27 +477,27 @@ class PKey(object): idx = 0 try: for f in strformat: - if f == 's': + if f == "s": # string - s_size = struct.unpack('>L', data[idx:idx + 4])[0] + s_size = struct.unpack(">L", data[idx:idx + 4])[0] idx += 4 s = data[idx:idx + s_size] idx += s_size arr.append(s) - if f == 'i': + if f == "i": # long integer - s_size = struct.unpack('>L', data[idx:idx + 4])[0] + s_size = struct.unpack(">L", data[idx:idx + 4])[0] idx += 4 s = data[idx:idx + s_size] idx += s_size i = util.inflate_long(s, True) arr.append(i) - elif f == 'u': + elif f == "u": # 32-bit unsigned int - u = struct.unpack('>L', data[idx:idx + 4])[0] + u = struct.unpack(">L", data[idx:idx + 4])[0] idx += 4 arr.append(u) - elif f == 'r': + elif f == "r": # remainder as string s = data[idx:] arr.append(s) diff --git a/paramiko/rsakey.py b/paramiko/rsakey.py index 3ff601ec..938660d5 100644 --- a/paramiko/rsakey.py +++ b/paramiko/rsakey.py @@ -189,11 +189,8 @@ class RSAKey(PKey): except ValueError as e: raise SSHException(str(e)) elif pkformat == self.PRIVATE_KEY_FORMAT_OPENSSH: - n, e, d, iqmp, q, p = self._uint32_cstruct_unpack(data, 'iiiiii') - public_numbers = rsa.RSAPublicNumbers( - e=e, - n=n, - ) + n, e, d, iqmp, q, p = self._uint32_cstruct_unpack(data, "iiiiii") + public_numbers = rsa.RSAPublicNumbers(e=e, n=n) key = rsa.RSAPrivateNumbers( p=p, q=q, @@ -204,6 +201,6 @@ class RSAKey(PKey): public_numbers=public_numbers, ).private_key(default_backend()) else: - raise SSHException('unknown private key format.') + raise SSHException("unknown private key format.") assert isinstance(key, rsa.RSAPrivateKey) self.key = key diff --git a/tests/test_pkey.py b/tests/test_pkey.py index e934513d..f3b6fc7c 100644 --- a/tests/test_pkey.py +++ b/tests/test_pkey.py @@ -38,8 +38,8 @@ PUB_DSS = "ssh-dss AAAAB3NzaC1kc3MAAACBAOeBpgNnfRzr/twmAQRu2XwWAp3CFtrVnug6s6fgw PUB_ECDSA_256 = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJSPZm3ZWkvk/Zx8WP+fZRZ5/NBBHnGQwR6uIC6XHGPDIHuWUzIjAwA0bzqkOUffEsbLe+uQgKl5kbc/L8KA/eo=" PUB_ECDSA_384 = "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBbGibQLW9AAZiGN2hEQxWYYoFaWKwN3PKSaDJSMqmIn1Z9sgRUuw8Y/w502OGvXL/wFk0i2z50l3pWZjD7gfMH7gX5TUiCzwrQkS+Hn1U2S9aF5WJp0NcIzYxXw2r4M2A==" PUB_ECDSA_521 = "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaOaFLZGuxa5AW16qj6VLypFbLrEWrt9AZUloCMefxO8bNLjK/O5g0rAVasar1TnyHE9qj4NwzANZASWjQNbc4MAG8vzqezFwLIn/kNyNTsXNfqEko9OgHZknlj2Z79dwTJcRAL4QLcT5aND0EHZLB2fAUDXiWIb2j4rg1mwPlBMiBXA==" -PUB_RSA_2K_OPENSSH = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF+Dpr54DX0WdeTDpNAMdkCWEkl3OXtNgf58qlN1gX572OLBqLf0zT4bHstUEpU3piazph/rSWcUMuBoD46tZ6jiH7H9b9Pem2eYQWaELDDkM+v9BMbEy5rMbFRLol5OtEvPFqneyEAanPOgvd8t3yyhSev9QVusakzJ8j8LGgrA8huYZ+Srnw0shEWLG70KUKCh3rG0QIvA8nfhtUOisr2Gp+F0YxMGb5gwBlQYAYE5l6u1SjZ7hNjyNosjK+wRBFgFFBYVpkZKJgWoK9w4ijFyzMZTucnZMqKOKAjIJvHfKBf2/cEfYxSq1EndqTqjYsd9T7/s2vcn1OH5a0wkER' -PUB_DSS_1K_OPENSSH = 'ssh-dss AAAAB3NzaC1kc3MAAACBAL8XEx7F9xuwBNles+vWpNF+YcofrBhjX1r5QhpBe0eoYWLHRcroN6lxwCdGYRfgOoRjTncBiixQX/uUxAY96zDh3ir492s2BcJt4ihvNn/AY0I0OTuX/2IwGk9CGzafjaeZNVYxMa8lcVt0hSOTjkPQ7gVuk6bJzMInvie+VWKLAAAAFQDUgYdY+rhR0SkKbC09BS/SIHcB+wAAAIB44+4zpCNcd0CGvZlowH99zyPX8uxQtmTLQFuR2O8O0FgVVuCdDgD0D9W8CLOp32oatpM0jyyN89EdvSWzjHzZJ+L6H1FtZps7uhpDFWHdva1R25vyGecLMUuXjo5t/D7oCDih+HwHoSAxoi0QvsPd8/qqHQVznNJKtR6thUpXEwAAAIAG4DCBjbgTTgpBw0egRkJwBSz0oTt+1IcapNU2jA6N8urMSk9YXHEQHKN68BAF3YJ59q2Ujv3LOXmBqGd1T+kzwUszfMlgzq8MMu19Yfzse6AIK1Agn1Vj6F7YXLsXDN+T4KszX5+FJa7t/Zsp3nALWy6l0f4WKivEF5Y2QpEFcQ==' +PUB_RSA_2K_OPENSSH = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF+Dpr54DX0WdeTDpNAMdkCWEkl3OXtNgf58qlN1gX572OLBqLf0zT4bHstUEpU3piazph/rSWcUMuBoD46tZ6jiH7H9b9Pem2eYQWaELDDkM+v9BMbEy5rMbFRLol5OtEvPFqneyEAanPOgvd8t3yyhSev9QVusakzJ8j8LGgrA8huYZ+Srnw0shEWLG70KUKCh3rG0QIvA8nfhtUOisr2Gp+F0YxMGb5gwBlQYAYE5l6u1SjZ7hNjyNosjK+wRBFgFFBYVpkZKJgWoK9w4ijFyzMZTucnZMqKOKAjIJvHfKBf2/cEfYxSq1EndqTqjYsd9T7/s2vcn1OH5a0wkER" +PUB_DSS_1K_OPENSSH = "ssh-dss AAAAB3NzaC1kc3MAAACBAL8XEx7F9xuwBNles+vWpNF+YcofrBhjX1r5QhpBe0eoYWLHRcroN6lxwCdGYRfgOoRjTncBiixQX/uUxAY96zDh3ir492s2BcJt4ihvNn/AY0I0OTuX/2IwGk9CGzafjaeZNVYxMa8lcVt0hSOTjkPQ7gVuk6bJzMInvie+VWKLAAAAFQDUgYdY+rhR0SkKbC09BS/SIHcB+wAAAIB44+4zpCNcd0CGvZlowH99zyPX8uxQtmTLQFuR2O8O0FgVVuCdDgD0D9W8CLOp32oatpM0jyyN89EdvSWzjHzZJ+L6H1FtZps7uhpDFWHdva1R25vyGecLMUuXjo5t/D7oCDih+HwHoSAxoi0QvsPd8/qqHQVznNJKtR6thUpXEwAAAIAG4DCBjbgTTgpBw0egRkJwBSz0oTt+1IcapNU2jA6N8urMSk9YXHEQHKN68BAF3YJ59q2Ujv3LOXmBqGd1T+kzwUszfMlgzq8MMu19Yfzse6AIK1Agn1Vj6F7YXLsXDN+T4KszX5+FJa7t/Zsp3nALWy6l0f4WKivEF5Y2QpEFcQ==" FINGER_RSA = "1024 60:73:38:44:cb:51:86:65:7f:de:da:a2:2b:5a:57:d5" FINGER_DSS = "1024 44:78:f0:b9:a2:3c:c5:18:20:09:ff:75:5b:c1:d2:6c" @@ -47,8 +47,8 @@ FINGER_ECDSA_256 = "256 25:19:eb:55:e6:a1:47:ff:4f:38:d2:75:6f:a5:d5:60" FINGER_ECDSA_384 = "384 c1:8d:a0:59:09:47:41:8e:a8:a6:07:01:29:23:b4:65" FINGER_ECDSA_521 = "521 44:58:22:52:12:33:16:0e:ce:0e:be:2c:7c:7e:cc:1e" SIGNED_RSA = "20:d7:8a:31:21:cb:f7:92:12:f2:a4:89:37:f5:78:af:e6:16:b6:25:b9:97:3d:a2:cd:5f:ca:20:21:73:4c:ad:34:73:8f:20:77:28:e2:94:15:08:d8:91:40:7a:85:83:bf:18:37:95:dc:54:1a:9b:88:29:6c:73:ca:38:b4:04:f1:56:b9:f2:42:9d:52:1b:29:29:b4:4f:fd:c9:2d:af:47:d2:40:76:30:f3:63:45:0c:d9:1d:43:86:0f:1c:70:e2:93:12:34:f3:ac:c5:0a:2f:14:50:66:59:f1:88:ee:c1:4a:e9:d1:9c:4e:46:f0:0e:47:6f:38:74:f1:44:a8" -FINGER_RSA_2K_OPENSSH = '2048 68:d1:72:01:bf:c0:0c:66:97:78:df:ce:75:74:46:d6' -FINGER_DSS_1K_OPENSSH = '1024 cf:1d:eb:d7:61:d3:12:94:c6:c0:c6:54:35:35:b0:82' +FINGER_RSA_2K_OPENSSH = "2048 68:d1:72:01:bf:c0:0c:66:97:78:df:ce:75:74:46:d6" +FINGER_DSS_1K_OPENSSH = "1024 cf:1d:eb:d7:61:d3:12:94:c6:c0:c6:54:35:35:b0:82" RSA_PRIVATE_OUT = """\ -----BEGIN RSA PRIVATE KEY----- @@ -443,8 +443,8 @@ class KeyTest(unittest.TestCase): def test_22_load_RSA_key_new_format(self): key = RSAKey.from_private_key_file( - _support('test_rsa_2k_o.key'), b'television') - self.assertEqual('ssh-rsa', key.get_name()) + _support("test_rsa_2k_o.key"), b"television") + self.assertEqual("ssh-rsa", key.get_name()) self.assertEqual(PUB_RSA_2K_OPENSSH.split()[1], key.get_base64()) self.assertEqual(2048, key.get_bits()) exp_rsa = b(FINGER_RSA_2K_OPENSSH.split()[1].replace(':', '')) @@ -453,8 +453,8 @@ class KeyTest(unittest.TestCase): def test_23_load_DSS_key_new_format(self): key = DSSKey.from_private_key_file( - _support('test_dss_1k_o.key'), b'television') - self.assertEqual('ssh-dss', key.get_name()) + _support("test_dss_1k_o.key"), b"television") + self.assertEqual("ssh-dss", key.get_name()) self.assertEqual(PUB_DSS_1K_OPENSSH.split()[1], key.get_base64()) self.assertEqual(1024, key.get_bits()) exp_rsa = b(FINGER_DSS_1K_OPENSSH.split()[1].replace(':', '')) |