summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--paramiko/dsskey.py6
-rw-r--r--paramiko/ecdsakey.py25
-rw-r--r--setup.py2
-rw-r--r--tox-requirements.txt2
4 files changed, 15 insertions, 20 deletions
diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py
index 7e14422c..4644e9a6 100644
--- a/paramiko/dsskey.py
+++ b/paramiko/dsskey.py
@@ -25,7 +25,7 @@ from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.hazmat.primitives.asymmetric.utils import (
- decode_rfc6979_signature, encode_rfc6979_signature
+ decode_dss_signature, encode_dss_signature
)
from paramiko import util
@@ -113,7 +113,7 @@ class DSSKey(PKey):
).private_key(backend=default_backend())
signer = key.signer(hashes.SHA1())
signer.update(data)
- r, s = decode_rfc6979_signature(signer.finalize())
+ r, s = decode_dss_signature(signer.finalize())
m = Message()
m.add_string('ssh-dss')
@@ -141,7 +141,7 @@ class DSSKey(PKey):
sigR = util.inflate_long(sig[:20], 1)
sigS = util.inflate_long(sig[20:], 1)
- signature = encode_rfc6979_signature(sigR, sigS)
+ signature = encode_dss_signature(sigR, sigS)
key = dsa.DSAPublicNumbers(
y=self.y,
diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py
index c69bef73..9200dd8b 100644
--- a/paramiko/ecdsakey.py
+++ b/paramiko/ecdsakey.py
@@ -20,21 +20,19 @@
ECDSA keys
"""
-import binascii
-
from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric.utils import (
- decode_rfc6979_signature, encode_rfc6979_signature
+ decode_dss_signature, encode_dss_signature
)
from paramiko.common import four_byte
from paramiko.message import Message
from paramiko.pkey import PKey
from paramiko.ssh_exception import SSHException
-from paramiko.util import deflate_long, inflate_long
+from paramiko.util import deflate_long
class ECDSAKey(PKey):
@@ -67,15 +65,12 @@ class ECDSAKey(PKey):
raise SSHException("Can't handle curve of type %s" % curvename)
pointinfo = msg.get_binary()
- if pointinfo[0:1] != four_byte:
- raise SSHException('Point compression is being used: %s' %
- binascii.hexlify(pointinfo))
- curve = ec.SECP256R1()
- numbers = ec.EllipticCurvePublicNumbers(
- x=inflate_long(pointinfo[1:1 + curve.key_size // 8], always_positive=True),
- y=inflate_long(pointinfo[1 + curve.key_size // 8:], always_positive=True),
- curve=curve
- )
+ try:
+ numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(
+ ec.SECP256R1(), pointinfo
+ )
+ except ValueError:
+ raise SSHException("Invalid public key")
self.verifying_key = numbers.public_key(backend=default_backend())
self.size = 256
@@ -119,7 +114,7 @@ class ECDSAKey(PKey):
signer = self.signing_key.signer(ec.ECDSA(hashes.SHA256()))
signer.update(data)
sig = signer.finalize()
- r, s = decode_rfc6979_signature(sig)
+ r, s = decode_dss_signature(sig)
m = Message()
m.add_string('ecdsa-sha2-nistp256')
@@ -131,7 +126,7 @@ class ECDSAKey(PKey):
return False
sig = msg.get_binary()
sigR, sigS = self._sigdecode(sig)
- signature = encode_rfc6979_signature(sigR, sigS)
+ signature = encode_dss_signature(sigR, sigS)
verifier = self.verifying_key.verifier(
signature, ec.ECDSA(hashes.SHA256())
diff --git a/setup.py b/setup.py
index 4f370d63..ed3bbcd6 100644
--- a/setup.py
+++ b/setup.py
@@ -76,7 +76,7 @@ setup(
'Programming Language :: Python :: 3.5',
],
install_requires=[
- 'cryptography>=0.8',
+ 'cryptography>=1.1',
'pyasn1>=0.1.7',
],
)
diff --git a/tox-requirements.txt b/tox-requirements.txt
index 47ddd792..9645f854 100644
--- a/tox-requirements.txt
+++ b/tox-requirements.txt
@@ -1,3 +1,3 @@
# Not sure why tox can't just read setup.py?
-cryptography >= 0.8
+cryptography >= 1.1
pyasn1 >= 0.1.7