diff options
-rw-r--r-- | paramiko/dsskey.py | 6 | ||||
-rw-r--r-- | paramiko/ecdsakey.py | 25 | ||||
-rw-r--r-- | setup.py | 2 | ||||
-rw-r--r-- | tox-requirements.txt | 2 |
4 files changed, 15 insertions, 20 deletions
diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py index 7e14422c..4644e9a6 100644 --- a/paramiko/dsskey.py +++ b/paramiko/dsskey.py @@ -25,7 +25,7 @@ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import dsa from cryptography.hazmat.primitives.asymmetric.utils import ( - decode_rfc6979_signature, encode_rfc6979_signature + decode_dss_signature, encode_dss_signature ) from paramiko import util @@ -113,7 +113,7 @@ class DSSKey(PKey): ).private_key(backend=default_backend()) signer = key.signer(hashes.SHA1()) signer.update(data) - r, s = decode_rfc6979_signature(signer.finalize()) + r, s = decode_dss_signature(signer.finalize()) m = Message() m.add_string('ssh-dss') @@ -141,7 +141,7 @@ class DSSKey(PKey): sigR = util.inflate_long(sig[:20], 1) sigS = util.inflate_long(sig[20:], 1) - signature = encode_rfc6979_signature(sigR, sigS) + signature = encode_dss_signature(sigR, sigS) key = dsa.DSAPublicNumbers( y=self.y, diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py index c69bef73..9200dd8b 100644 --- a/paramiko/ecdsakey.py +++ b/paramiko/ecdsakey.py @@ -20,21 +20,19 @@ ECDSA keys """ -import binascii - from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ec from cryptography.hazmat.primitives.asymmetric.utils import ( - decode_rfc6979_signature, encode_rfc6979_signature + decode_dss_signature, encode_dss_signature ) from paramiko.common import four_byte from paramiko.message import Message from paramiko.pkey import PKey from paramiko.ssh_exception import SSHException -from paramiko.util import deflate_long, inflate_long +from paramiko.util import deflate_long class ECDSAKey(PKey): @@ -67,15 +65,12 @@ class ECDSAKey(PKey): raise SSHException("Can't handle curve of type %s" % curvename) pointinfo = msg.get_binary() - if pointinfo[0:1] != four_byte: - raise SSHException('Point compression is being used: %s' % - binascii.hexlify(pointinfo)) - curve = ec.SECP256R1() - numbers = ec.EllipticCurvePublicNumbers( - x=inflate_long(pointinfo[1:1 + curve.key_size // 8], always_positive=True), - y=inflate_long(pointinfo[1 + curve.key_size // 8:], always_positive=True), - curve=curve - ) + try: + numbers = ec.EllipticCurvePublicNumbers.from_encoded_point( + ec.SECP256R1(), pointinfo + ) + except ValueError: + raise SSHException("Invalid public key") self.verifying_key = numbers.public_key(backend=default_backend()) self.size = 256 @@ -119,7 +114,7 @@ class ECDSAKey(PKey): signer = self.signing_key.signer(ec.ECDSA(hashes.SHA256())) signer.update(data) sig = signer.finalize() - r, s = decode_rfc6979_signature(sig) + r, s = decode_dss_signature(sig) m = Message() m.add_string('ecdsa-sha2-nistp256') @@ -131,7 +126,7 @@ class ECDSAKey(PKey): return False sig = msg.get_binary() sigR, sigS = self._sigdecode(sig) - signature = encode_rfc6979_signature(sigR, sigS) + signature = encode_dss_signature(sigR, sigS) verifier = self.verifying_key.verifier( signature, ec.ECDSA(hashes.SHA256()) @@ -76,7 +76,7 @@ setup( 'Programming Language :: Python :: 3.5', ], install_requires=[ - 'cryptography>=0.8', + 'cryptography>=1.1', 'pyasn1>=0.1.7', ], ) diff --git a/tox-requirements.txt b/tox-requirements.txt index 47ddd792..9645f854 100644 --- a/tox-requirements.txt +++ b/tox-requirements.txt @@ -1,3 +1,3 @@ # Not sure why tox can't just read setup.py? -cryptography >= 0.8 +cryptography >= 1.1 pyasn1 >= 0.1.7 |