diff options
| -rw-r--r-- | README | 2 | ||||
| -rw-r--r-- | paramiko/dsskey.py | 4 | ||||
| -rw-r--r-- | paramiko/ecdsakey.py | 70 | ||||
| -rw-r--r-- | setup.py | 2 | ||||
| -rw-r--r-- | sites/www/installing.rst | 6 | ||||
| -rw-r--r-- | tox-requirements.txt | 2 |
6 files changed, 12 insertions, 74 deletions
@@ -36,7 +36,7 @@ Requirements - Python 2.6 or better <http://www.python.org/> - this includes Python 3.2 and higher as well. - - Cryptography 0.7 or better <https://cryptography.io> + - Cryptography 0.8 or better <https://cryptography.io> - pyasn1 0.1.7 or better <https://pypi.python.org/pypi/pyasn1> If you have setuptools, you can build and install paramiko and all its diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py index 2c90694f..8e0c2ba9 100644 --- a/paramiko/dsskey.py +++ b/paramiko/dsskey.py @@ -118,8 +118,8 @@ class DSSKey(PKey): m = Message() m.add_string('ssh-dss') # apparently, in rare cases, r or s may be shorter than 20 bytes! - rstr = util.deflate_long(int(r), 0) - sstr = util.deflate_long(int(s), 0) + rstr = util.deflate_long(r, 0) + sstr = util.deflate_long(s, 0) if len(rstr) < 20: rstr = zero_byte * (20 - len(rstr)) + rstr if len(sstr) < 20: diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py index bc76b639..2f5c2c31 100644 --- a/paramiko/ecdsakey.py +++ b/paramiko/ecdsakey.py @@ -32,9 +32,6 @@ from cryptography.hazmat.primitives.asymmetric.utils import ( decode_rfc6979_signature, encode_rfc6979_signature ) -from pyasn1.codec.der import encoder -from pyasn1.type import namedtype, namedval, tag, univ - from paramiko.common import four_byte, one_byte, zero_byte from paramiko.message import Message from paramiko.pkey import PKey @@ -43,40 +40,6 @@ from paramiko.ssh_exception import SSHException from paramiko.util import deflate_long, inflate_long -# RFC 5480, section 2.1.1 -class _ECParameters(univ.Choice): - # TODO: There are a few more options for this choice I think, the RFC says - # not to use them though... - componentType = namedtype.NamedTypes( - namedtype.NamedType("namedCurve", univ.ObjectIdentifier()), - ) - - -# RFC 5915, Appendix A -class _ECPrivateKey(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType( - "version", - univ.Integer( - namedValues=namedval.NamedValues( - ("ecPrivkeyVer1", 1), - ) - ), - ), - namedtype.NamedType("privateKey", univ.OctetString()), - namedtype.OptionalNamedType("parameters", _ECParameters().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0), - )), - namedtype.OptionalNamedType("publicKey", univ.BitString().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1), - )), - ) - - -_CURVE_TO_OID = { - ec.SECP256R1: univ.ObjectIdentifier("1.2.840.10045.3.1.7") -} - class ECDSAKey(PKey): """ Representation of an ECDSA key which can be used to sign and verify SSH2 @@ -216,40 +179,17 @@ class ECDSAKey(PKey): byte_chr(5) * 5, byte_chr(6) * 6, byte_chr(7) * 7] def _decode_key(self, data): - s = """ ------BEGIN EC PRIVATE KEY----- -%s ------END EC PRIVATE KEY----- -""" % "\n".join(textwrap.wrap(base64.b64encode(data).decode(), 64)) - key = serialization.load_pem_private_key(s.encode(), password=None, backend=default_backend()) + key = serialization.load_der_private_key(data, password=None, backend=default_backend()) self.signing_key = key self.verifying_key = key.public_key() self.size = key.curve.key_size def _to_der(self, key): - private_numbers = key.private_numbers() - public_numbers = private_numbers.public_numbers - - private_key = deflate_long( - private_numbers.private_value, add_sign_padding=False + return key.private_bytes( + serialization.Encoding.DER, + serialization.Format.TraditionalOpenSSL, + serialization.NoEncryption(), ) - x_str = deflate_long(public_numbers.x, add_sign_padding=False) - y_str = deflate_long(public_numbers.y, add_sign_padding=False) - - key_length = key.curve.key_size // 8 - if len(x_str) < key_length: - x_str = zero_byte * (key_length - len(x_str)) + x_str - if len(y_str) < key_length: - y_str = zero_byte * (key_length - len(y_str)) + y_str - public_key = b"\x04" + x_str + y_str - - asn1_key = _ECPrivateKey() - asn1_key.setComponentByName("version", 1) - asn1_key.setComponentByName("privateKey", private_key) - asn1_key.setComponentByName("parameters") - asn1_key.getComponentByName("parameters").setComponentByName("namedCurve", _CURVE_TO_OID[type(key.curve)]) - asn1_key.setComponentByName("publicKey", "'%s'H" % binascii.hexlify(public_key).decode()) - return encoder.encode(asn1_key) def _sigencode(self, r, s): msg = Message() @@ -41,7 +41,7 @@ try: from setuptools import setup kw = { 'install_requires': [ - 'cryptography >= 0.7', + 'cryptography >= 0.8', 'pyasn1 >= 0.1.7', ], } diff --git a/sites/www/installing.rst b/sites/www/installing.rst index dc20590e..57b639f0 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -20,10 +20,8 @@ We currently support **Python 2.6, 2.7, 3.3+, and PyPy** (Python **3.2** should also work but has a less-strong compatibility guarantee from us.) Users on Python 2.5 or older are urged to upgrade. -Paramiko has three hard dependencies: the pure-Python ECDSA module ``ecdsa`` -and ASN1 module ``pyasn1``, and the Cryptography library. ``ecdsa`` is easily -installable from wherever you obtained Paramiko's package; Cryptography may -require more work. Read on for details. +Paramiko has two hard dependencies: the pure-Python ASN1 module ``pyasn1``, and +the Cryptography library. Read on for details on installing ``cryptography``. If you need GSS-API / SSPI support, see :ref:`the below subsection on it <gssapi>` for details on additional dependencies. diff --git a/tox-requirements.txt b/tox-requirements.txt index 23ed06d8..47ddd792 100644 --- a/tox-requirements.txt +++ b/tox-requirements.txt @@ -1,3 +1,3 @@ # Not sure why tox can't just read setup.py? -cryptography >= 0.7 +cryptography >= 0.8 pyasn1 >= 0.1.7 |