diff options
30 files changed, 907 insertions, 610 deletions
@@ -57,13 +57,6 @@ Paramiko primarily supports POSIX platforms with standard OpenSSH implementations, and is most frequently tested on Linux and OS X. Windows is supported as well, though it may not be as straightforward. -Some Windows users whose Python is 64-bit have found that the PyCrypto -dependency ``winrandom`` may not install properly, leading to an -``ImportError``. In this scenario, you may need to compile ``winrandom`` -yourself. See `Fabric #194 <https://github.com/fabric/fabric/issues/194>`_ -for info. - - Bugs & Support -------------- diff --git a/paramiko/_version.py b/paramiko/_version.py index f9bc8a8a..14c2be3a 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 18, 1) +__version_info__ = (2, 0, 3) __version__ = '.'.join(map(str, __version_info__)) diff --git a/paramiko/channel.py b/paramiko/channel.py index 52b5d849..3a05bdc4 100644 --- a/paramiko/channel.py +++ b/paramiko/channel.py @@ -283,58 +283,6 @@ class Channel (ClosingContextManager): m.add_int(height_pixels) self.transport._send_user_message(m) - @open_only - def update_environment(self, environment): - """ - Updates this channel's remote shell environment. - - .. note:: - This operation is additive - i.e. the current environment is not - reset before the given environment variables are set. - - .. warning:: - Servers may silently reject some environment variables; see the - warning in `set_environment_variable` for details. - - :param dict environment: - a dictionary containing the name and respective values to set - :raises SSHException: - if any of the environment variables was rejected by the server or - the channel was closed - """ - for name, value in environment.items(): - try: - self.set_environment_variable(name, value) - except SSHException as e: - err = "Failed to set environment variable \"{0}\"." - raise SSHException(err.format(name), e) - - @open_only - def set_environment_variable(self, name, value): - """ - Set the value of an environment variable. - - .. warning:: - The server may reject this request depending on its ``AcceptEnv`` - setting; such rejections will fail silently (which is common client - practice for this particular request type). Make sure you - understand your server's configuration before using! - - :param str name: name of the environment variable - :param str value: value of the environment variable - - :raises SSHException: - if the request was rejected or the channel was closed - """ - m = Message() - m.add_byte(cMSG_CHANNEL_REQUEST) - m.add_int(self.remote_chanid) - m.add_string('env') - m.add_boolean(False) - m.add_string(name) - m.add_string(value) - self.transport._send_user_message(m) - def exit_status_ready(self): """ Return true if the remote process has exited and returned an exit diff --git a/paramiko/client.py b/paramiko/client.py index 53282c01..ebf21b08 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -335,7 +335,7 @@ class SSHClient (ClosingContextManager): t.set_log_channel(self._log_channel) if banner_timeout is not None: t.banner_timeout = banner_timeout - t.start_client(timeout=timeout) + t.start_client() ResourceManager.register(self, t) server_key = t.get_remote_server_key() @@ -398,14 +398,7 @@ class SSHClient (ClosingContextManager): self._agent.close() self._agent = None - def exec_command( - self, - command, - bufsize=-1, - timeout=None, - get_pty=False, - environment=None, - ): + def exec_command(self, command, bufsize=-1, timeout=None, get_pty=False): """ Execute a command on the SSH server. A new `.Channel` is opened and the requested command is executed. The command's input and output @@ -418,14 +411,6 @@ class SSHClient (ClosingContextManager): Python :param int timeout: set command's channel timeout. See `Channel.settimeout`.settimeout - :param dict environment: - a dict of shell environment variables, to be merged into the - default environment that the remote command executes within. - - .. warning:: - Servers may silently reject some environment variables; see the - warning in `.Channel.set_environment_variable` for details. - :return: the stdin, stdout, and stderr of the executing command, as a 3-tuple @@ -436,8 +421,6 @@ class SSHClient (ClosingContextManager): if get_pty: chan.get_pty() chan.settimeout(timeout) - if environment: - chan.update_environment(environment) chan.exec_command(command) stdin = chan.makefile('wb', bufsize) stdout = chan.makefile('r', bufsize) @@ -445,7 +428,7 @@ class SSHClient (ClosingContextManager): return stdin, stdout, stderr def invoke_shell(self, term='vt100', width=80, height=24, width_pixels=0, - height_pixels=0, environment=None): + height_pixels=0): """ Start an interactive shell session on the SSH server. A new `.Channel` is opened and connected to a pseudo-terminal using the requested @@ -457,14 +440,12 @@ class SSHClient (ClosingContextManager): :param int height: the height (in characters) of the terminal window :param int width_pixels: the width (in pixels) of the terminal window :param int height_pixels: the height (in pixels) of the terminal window - :param dict environment: the command's environment :return: a new `.Channel` connected to the remote shell :raises SSHException: if the server fails to invoke a shell """ chan = self._transport.open_session() chan.get_pty(term, width, height, width_pixels, height_pixels) - chan.update_environment(environment or {}) chan.invoke_shell() return chan diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py index d7dd6275..4644e9a6 100644 --- a/paramiko/dsskey.py +++ b/paramiko/dsskey.py @@ -20,21 +20,23 @@ DSS keys. """ -import os -from hashlib import sha1 - -from Crypto.PublicKey import DSA +from cryptography.exceptions import InvalidSignature +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import dsa +from cryptography.hazmat.primitives.asymmetric.utils import ( + decode_dss_signature, encode_dss_signature +) from paramiko import util from paramiko.common import zero_byte -from paramiko.py3compat import long from paramiko.ssh_exception import SSHException from paramiko.message import Message from paramiko.ber import BER, BERException from paramiko.pkey import PKey -class DSSKey (PKey): +class DSSKey(PKey): """ Representation of a DSS key which can be used to sign an verify SSH2 data. @@ -98,15 +100,21 @@ class DSSKey (PKey): return self.x is not None def sign_ssh_data(self, data): - digest = sha1(data).digest() - dss = DSA.construct((long(self.y), long(self.g), long(self.p), long(self.q), long(self.x))) - # generate a suitable k - qsize = len(util.deflate_long(self.q, 0)) - while True: - k = util.inflate_long(os.urandom(qsize), 1) - if (k > 2) and (k < self.q): - break - r, s = dss.sign(util.inflate_long(digest, 1), k) + key = dsa.DSAPrivateNumbers( + x=self.x, + public_numbers=dsa.DSAPublicNumbers( + y=self.y, + parameter_numbers=dsa.DSAParameterNumbers( + p=self.p, + q=self.q, + g=self.g + ) + ) + ).private_key(backend=default_backend()) + signer = key.signer(hashes.SHA1()) + signer.update(data) + r, s = decode_dss_signature(signer.finalize()) + m = Message() m.add_string('ssh-dss') # apparently, in rare cases, r or s may be shorter than 20 bytes! @@ -132,27 +140,65 @@ class DSSKey (PKey): # pull out (r, s) which are NOT encoded as mpints sigR = util.inflate_long(sig[:20], 1) sigS = util.inflate_long(sig[20:], 1) - sigM = util.inflate_long(sha1(data).digest(), 1) - dss = DSA.construct((long(self.y), long(self.g), long(self.p), long(self.q))) - return dss.verify(sigM, (sigR, sigS)) - - def _encode_key(self): - if self.x is None: - raise SSHException('Not enough key information') - keylist = [0, self.p, self.q, self.g, self.y, self.x] + signature = encode_dss_signature(sigR, sigS) + + key = dsa.DSAPublicNumbers( + y=self.y, + parameter_numbers=dsa.DSAParameterNumbers( + p=self.p, + q=self.q, + g=self.g + ) + ).public_key(backend=default_backend()) + verifier = key.verifier(signature, hashes.SHA1()) + verifier.update(data) try: - b = BER() - b.encode(keylist) - except BERException: - raise SSHException('Unable to create ber encoding of key') - return b.asbytes() + verifier.verify() + except InvalidSignature: + return False + else: + return True def write_private_key_file(self, filename, password=None): - self._write_private_key_file('DSA', filename, self._encode_key(), password) + key = dsa.DSAPrivateNumbers( + x=self.x, + public_numbers=dsa.DSAPublicNumbers( + y=self.y, + parameter_numbers=dsa.DSAParameterNumbers( + p=self.p, + q=self.q, + g=self.g + ) + ) + ).private_key(backend=default_backend()) + + self._write_private_key_file( + filename, + key, + serialization.PrivateFormat.TraditionalOpenSSL, + password=password + ) def write_private_key(self, file_obj, password=None): - self._write_private_key('DSA', file_obj, self._encode_key(), password) + key = dsa.DSAPrivateNumbers( + x=self.x, + public_numbers=dsa.DSAPublicNumbers( + y=self.y, + parameter_numbers=dsa.DSAParameterNumbers( + p=self.p, + q=self.q, + g=self.g + ) + ) + ).private_key(backend=default_backend()) + + self._write_private_key( + file_obj, + key, + serialization.PrivateFormat.TraditionalOpenSSL, + password=password + ) @staticmethod def generate(bits=1024, progress_func=None): @@ -161,14 +207,19 @@ class DSSKey (PKey): generate a new host key or authentication key. :param int bits: number of bits the generated key should be. - :param function progress_func: - an optional function to call at key points in key generation (used - by ``pyCrypto.PublicKey``). + :param function progress_func: Unused :return: new `.DSSKey` private key """ - dsa = DSA.generate(bits, os.urandom, progress_func) - key = DSSKey(vals=(dsa.p, dsa.q, dsa.g, dsa.y)) - key.x = dsa.x + numbers = dsa.generate_private_key( + bits, backend=default_backend() + ).private_numbers() + key = DSSKey(vals=( + numbers.public_numbers.parameter_numbers.p, + numbers.public_numbers.parameter_numbers.q, + numbers.public_numbers.parameter_numbers.g, + numbers.public_numbers.y + )) + key.x = numbers.x return key ### internals... diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py index 8827a1db..e4f74310 100644 --- a/paramiko/ecdsakey.py +++ b/paramiko/ecdsakey.py @@ -20,24 +20,87 @@ ECDSA keys """ -import binascii -from hashlib import sha256 +from cryptography.exceptions import InvalidSignature +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import ec +from cryptography.hazmat.primitives.asymmetric.utils import ( + decode_dss_signature, encode_dss_signature +) -from ecdsa import SigningKey, VerifyingKey, der, curves - -from paramiko.common import four_byte, one_byte +from paramiko.common import four_byte from paramiko.message import Message from paramiko.pkey import PKey -from paramiko.py3compat import byte_chr, u from paramiko.ssh_exception import SSHException +from paramiko.util import deflate_long + +class _ECDSACurve(object): + """ + Represents a specific ECDSA Curve (nistp256, nistp384, etc). -class ECDSAKey (PKey): + Handles the generation of the key format identifier and the selection of + the proper hash function. Also grabs the proper curve from the 'ecdsa' + package. + """ + def __init__(self, curve_class, nist_name): + self.nist_name = nist_name + self.key_length = curve_class.key_size + + # Defined in RFC 5656 6.2 + self.key_format_identifier = "ecdsa-sha2-" + self.nist_name + + # Defined in RFC 5656 6.2.1 + if self.key_length <= 256: + self.hash_object = hashes.SHA256 + elif self.key_length <= 384: + self.hash_object = hashes.SHA384 + else: + self.hash_object = hashes.SHA512 + + self.curve_class = curve_class + + +class _ECDSACurveSet(object): + """ + A collection to hold the ECDSA curves. Allows querying by oid and by key + format identifier. The two ways in which ECDSAKey needs to be able to look + up curves. + """ + def __init__(self, ecdsa_curves): + self.ecdsa_curves = ecdsa_curves + + def get_key_format_identifier_list(self): + return [curve.key_format_identifier for curve in self.ecdsa_curves] + + def get_by_curve_class(self, curve_class): + for curve in self.ecdsa_curves: + if curve.curve_class == curve_class: + return curve + + def get_by_key_format_identifier(self, key_format_identifier): + for curve in self.ecdsa_curves: + if curve.key_format_identifier == key_format_identifier: + return curve + + def get_by_key_length(self, key_length): + for curve in self.ecdsa_curves: + if curve.key_length == key_length: + return curve + + +class ECDSAKey(PKey): """ Representation of an ECDSA key which can be used to sign and verify SSH2 data. """ + _ECDSA_CURVES = _ECDSACurveSet([ + _ECDSACurve(ec.SECP256R1, 'nistp256'), + _ECDSACurve(ec.SECP384R1, 'nistp384'), + _ECDSACurve(ec.SECP521R1, 'nistp521'), + ]) + def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None, validate_point=True): self.verifying_key = None @@ -52,32 +115,49 @@ class ECDSAKey (PKey): msg = Message(data) if vals is not None: self.signing_key, self.verifying_key = vals + c_class = self.signing_key.curve.__class__ + self.ecdsa_curve = self._ECDSA_CURVES.get_by_curve_class(c_class) else: if msg is None: raise SSHException('Key object may not be empty') - if msg.get_text() != 'ecdsa-sha2-nistp256': + self.ecdsa_curve = self._ECDSA_CURVES.get_by_key_format_identifier( + msg.get_text()) + if self.ecdsa_curve is None: raise SSHException('Invalid key') curvename = msg.get_text() - if curvename != 'nistp256': + if curvename != self.ecdsa_curve.nist_name: raise SSHException("Can't handle curve of type %s" % curvename) pointinfo = msg.get_binary() - if pointinfo[0:1] != four_byte: - raise SSHException('Point compression is being used: %s' % - binascii.hexlify(pointinfo)) - self.verifying_key = VerifyingKey.from_string(pointinfo[1:], - curve=curves.NIST256p, - validate_point=validate_point) - self.size = 256 + try: + numbers = ec.EllipticCurvePublicNumbers.from_encoded_point( + self.ecdsa_curve.curve_class(), pointinfo + ) + except ValueError: + raise SSHException("Invalid public key") + self.verifying_key = numbers.public_key(backend=default_backend()) + + @classmethod + def supported_key_format_identifiers(cls): + return cls._ECDSA_CURVES.get_key_format_identifier_list() def asbytes(self): key = self.verifying_key m = Message() - m.add_string('ecdsa-sha2-nistp256') - m.add_string('nistp256') + m.add_string(self.ecdsa_curve.key_format_identifier) + m.add_string(self.ecdsa_curve.nist_name) + + numbers = key.public_numbers() + + key_size_bytes = (key.curve.key_size + 7) // 8 - point_str = four_byte + key.to_string() + x_bytes = deflate_long(numbers.x, add_sign_padding=False) + x_bytes = b'\x00' * (key_size_bytes - len(x_bytes)) + x_bytes + y_bytes = deflate_long(numbers.y, add_sign_padding=False) + y_bytes = b'\x00' * (key_size_bytes - len(y_bytes)) + y_bytes + + point_str = four_byte + x_bytes + y_bytes m.add_string(point_str) return m.asbytes() @@ -86,48 +166,67 @@ class ECDSAKey (PKey): def __hash__(self): h = hash(self.get_name()) - h = h * 37 + hash(self.verifying_key.pubkey.point.x()) - h = h * 37 + hash(self.verifying_key.pubkey.point.y()) + h = h * 37 + hash(self.verifying_key.public_numbers().x) + h = h * 37 + hash(self.verifying_key.public_numbers().y) return hash(h) def get_name(self): - return 'ecdsa-sha2-nistp256' + return self.ecdsa_curve.key_format_identifier def get_bits(self): - return self.size + return self.ecdsa_curve.key_length def can_sign(self): return self.signing_key is not None def sign_ssh_data(self, data): - sig = self.signing_key.sign_deterministic( - data, sigencode=self._sigencode, hashfunc=sha256) + ecdsa = ec.ECDSA(self.ecdsa_curve.hash_object()) + signer = self.signing_key.signer(ecdsa) + signer.update(data) + sig = signer.finalize() + r, s = decode_dss_signature(sig) + m = Message() - m.add_string('ecdsa-sha2-nistp256') - m.add_string(sig) + m.add_string(self.ecdsa_curve.key_format_identifier) + m.add_string(self._sigencode(r, s)) return m def verify_ssh_sig(self, data, msg): - if msg.get_text() != 'ecdsa-sha2-nistp256': + if msg.get_text() != self.ecdsa_curve.key_format_identifier: return False sig = msg.get_binary() + sigR, sigS = self._sigdecode(sig) + signature = encode_dss_signature(sigR, sigS) - # verify the signature by SHA'ing the data and encrypting it - # using the public key. - hash_obj = sha256(data).digest() - return self.verifying_key.verify_digest(sig, hash_obj, - sigdecode=self._sigdecode) + verifier = self.verifying_key.verifier( + signature, ec.ECDSA(self.ecdsa_curve.hash_object()) + ) + verifier.update(data) + try: + verifier.verify() + except InvalidSignature: + return False + else: + return True def write_private_key_file(self, filename, password=None): - key = self.signing_key or self.verifying_key - self._write_private_key_file('EC', filename, key.to_der(), password) + self._write_private_key_file( + filename, + self.signing_key, + serialization.PrivateFormat.TraditionalOpenSSL, + password=password + ) def write_private_key(self, file_obj, password=None): - key = self.signing_key or self.verifying_key - self._write_private_key('EC', file_obj, key.to_der(), password) + self._write_private_key( + file_obj, + self.signing_key, + serialization.PrivateFormat.TraditionalOpenSSL, + password=password + ) - @staticmethod - def generate(curve=curves.NIST256p, progress_func=None): + @classmethod + def generate(cls, curve=ec.SECP256R1(), progress_func=None, bits=None): """ Generate a new private ECDSA key. This factory function can be used to generate a new host key or authentication key. @@ -135,9 +234,14 @@ class ECDSAKey (PKey): :param function progress_func: Not used for this type of key. :returns: A new private key (`.ECDSAKey`) object """ - signing_key = SigningKey.generate(curve) - key = ECDSAKey(vals=(signing_key, signing_key.get_verifying_key())) - return key + if bits is not None: + curve = cls._ECDSA_CURVES.get_by_key_length(bits) + if curve is None: + raise ValueError("Unsupported key length: %d"%(bits)) + curve = curve.curve_class() + + private_key = ec.generate_private_key(curve, backend=default_backend()) + return ECDSAKey(vals=(private_key, private_key.public_key())) ### internals... @@ -149,27 +253,26 @@ class ECDSAKey (PKey): data = self._read_private_key('EC', file_obj, password) self._decode_key(data) - ALLOWED_PADDINGS = [one_byte, byte_chr(2) * 2, byte_chr(3) * 3, byte_chr(4) * 4, - byte_chr(5) * 5, byte_chr(6) * 6, byte_chr(7) * 7] - def _decode_key(self, data): - s, padding = der.remove_sequence(data) - if padding: - if padding not in self.ALLOWED_PADDINGS: - raise ValueError("weird padding: %s" % u(binascii.hexlify(data))) - data = data[:-len(padding)] - key = SigningKey.from_der(data) + try: + key = serialization.load_der_private_key( + data, password=None, backend=default_backend() + ) + except (ValueError, AssertionError) as e: + raise SSHException(str(e)) + self.signing_key = key - self.verifying_key = key.get_verifying_key() - self.size = 256 + self.verifying_key = key.public_key() + curve_class = key.curve.__class__ + self.ecdsa_curve = self._ECDSA_CURVES.get_by_curve_class(curve_class) - def _sigencode(self, r, s, order): + def _sigencode(self, r, s): msg = Message() msg.add_mpint(r) msg.add_mpint(s) return msg.asbytes() - def _sigdecode(self, sig, order): + def _sigdecode(self, sig): msg = Message(sig) r = msg.get_mpint() s = msg.get_mpint() diff --git a/paramiko/hostkeys.py b/paramiko/hostkeys.py index 38ac866b..2ee3d27f 100644 --- a/paramiko/hostkeys.py +++ b/paramiko/hostkeys.py @@ -331,7 +331,7 @@ class HostKeyEntry: key = RSAKey(data=decodebytes(key)) elif keytype == 'ssh-dss': key = DSSKey(data=decodebytes(key)) - elif keytype == 'ecdsa-sha2-nistp256': + elif keytype in ECDSAKey.supported_key_format_identifiers(): key = ECDSAKey(data=decodebytes(key), validate_point=False) else: log.info("Unable to handle key of type %s" % (keytype,)) diff --git a/paramiko/packet.py b/paramiko/packet.py index 5dd4c49f..c943fe3c 100644 --- a/paramiko/packet.py +++ b/paramiko/packet.py @@ -357,7 +357,7 @@ class Packetizer (object): self._log(DEBUG, 'Write packet <%s>, length %d' % (cmd_name, orig_len)) self._log(DEBUG, util.format_binary(packet, 'OUT: ')) if self.__block_engine_out is not None: - out = self.__block_engine_out.encrypt(packet) + out = self.__block_engine_out.update(packet) else: out = packet # + mac @@ -390,7 +390,7 @@ class Packetizer (object): """ header = self.read_all(self.__block_size_in, check_rekey=True) if self.__block_engine_in is not None: - header = self.__block_engine_in.decrypt(header) + header = self.__block_engine_in.update(header) if self.__dump_packets: self._log(DEBUG, util.format_binary(header, 'IN: ')) packet_size = struct.unpack('>I', header[:4])[0] @@ -403,7 +403,7 @@ class Packetizer (object): packet = buf[:packet_size - len(leftover)] post_packet = buf[packet_size - len(leftover):] if self.__block_engine_in is not None: - packet = self.__block_engine_in.decrypt(packet) + packet = self.__block_engine_in.update(packet) if self.__dump_packets: self._log(DEBUG, util.format_binary(packet, 'IN: ')) packet = leftover + packet diff --git a/paramiko/pkey.py b/paramiko/pkey.py index 7f32c8a5..c87daaed 100644 --- a/paramiko/pkey.py +++ b/paramiko/pkey.py @@ -21,27 +21,39 @@ Common API for all public keys. """ import base64 -from binascii import hexlify, unhexlify +from binascii import unhexlify import os from hashlib import md5 -from Crypto.Cipher import DES3, AES +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives.ciphers import algorithms, modes, Cipher from paramiko import util -from paramiko.common import o600, zero_byte +from paramiko.common import o600 from paramiko.py3compat import u, encodebytes, decodebytes, b from paramiko.ssh_exception import SSHException, PasswordRequiredException -class PKey (object): +class PKey(object): """ Base class for public keys. """ # known encryption types for private key files: _CIPHER_TABLE = { - 'AES-128-CBC': {'cipher': AES, 'keysize': 16, 'blocksize': 16, 'mode': AES.MODE_CBC}, - 'DES-EDE3-CBC': {'cipher': DES3, 'keysize': 24, 'blocksize': 8, 'mode': DES3.MODE_CBC}, + 'AES-128-CBC': { + 'cipher': algorithms.AES, + 'keysize': 16, + 'blocksize': 16, + 'mode': modes.CBC + }, + 'DES-EDE3-CBC': { + 'cipher': algorithms.TripleDES, + 'keysize': 24, + 'blocksize': 8, + 'mode': modes.CBC + }, } def __init__(self, msg=None, data=None): @@ -301,9 +313,12 @@ class PKey (object): mode = self._CIPHER_TABLE[encryption_type]['mode'] salt = unhexlify(b(saltstr)) key = util.generate_key_bytes(md5, salt, password, keysize) - return cipher.new(key, mode, salt).decrypt(data) + decryptor = Cipher( + cipher(key), mode(salt), backend=default_backend() + ).decryptor() + return decryptor.update(data) + decryptor.finalize() - def _write_private_key_file(self, tag, filename, data, password=None): + def _write_private_key_file(self, filename, key, format, password=None): """ Write an SSH2-format private key file in a form that can be read by paramiko or openssh. If no password is given, the key is written in @@ -320,31 +335,16 @@ class PKey (object): """ with open(filename, 'w') as f: os.chmod(filename, o600) - self._write_private_key(tag, f, data, password) - - def _write_private_key(self, tag, f, data, password=None): - f.write('-----BEGIN %s PRIVATE KEY-----\n' % tag) - if password is not None: - cipher_name = list(self._CIPHER_TABLE.keys())[0] - cipher = self._CIPHER_TABLE[cipher_name]['cipher'] - keysize = self._CIPHER_TABLE[cipher_name]['keysize'] - blocksize = self._CIPHER_TABLE[cipher_name]['blocksize'] - mode = self._CIPHER_TABLE[cipher_name]['mode'] - salt = os.urandom(blocksize) - key = util.generate_key_bytes(md5, salt, password, keysize) - if len(data) % blocksize != 0: - n = blocksize - len(data) % blocksize - #data += os.urandom(n) - # that would make more sense ^, but it confuses openssh. - data += zero_byte * n - data = cipher.new(key, mode, salt).encrypt(data) - f.write('Proc-Type: 4,ENCRYPTED\n') - f.write('DEK-Info: %s,%s\n' % (cipher_name, u(hexlify(salt)).upper())) - f.write('\n') - s = u(encodebytes(data)) - # re-wrap to 64-char lines - s = ''.join(s.split('\n')) - s = '\n'.join([s[i: i + 64] for i in range(0, len(s), 64)]) - f.write(s) - f.write('\n') - f.write('-----END %s PRIVATE KEY-----\n' % tag) + self._write_private_key(f, key, format) + + def _write_private_key(self, f, key, format, password=None): + if password is None: + encryption = serialization.NoEncryption() + else: + encryption = serialization.BestEncryption(password) + + f.write(key.private_bytes( + serialization.Encoding.PEM, + format, + encryption + ).decode()) diff --git a/paramiko/rsakey.py b/paramiko/rsakey.py index 4ebd8354..bc9053f5 100644 --- a/paramiko/rsakey.py +++ b/paramiko/rsakey.py @@ -20,34 +20,24 @@ RSA keys. """ -import os -from hashlib import sha1 +from cryptography.exceptions import InvalidSignature +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.asymmetric import rsa, padding -from Crypto.PublicKey import RSA - -from paramiko import util -from paramiko.common import max_byte, zero_byte, one_byte from paramiko.message import Message -from paramiko.ber import BER, BERException from paramiko.pkey import PKey -from paramiko.py3compat import long from paramiko.ssh_exception import SSHException -SHA1_DIGESTINFO = b'\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14' - -class RSAKey (PKey): +class RSAKey(PKey): """ Representation of an RSA key which can be used to sign and verify SSH2 data. """ - def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None): - self.n = None - self.e = None - self.d = None - self.p = None - self.q = None + def __init__(self, msg=None, data=None, filename=None, password=None, key=None, file_obj=None): + self.key = None if file_obj is not None: self._from_private_key(file_obj, password) return @@ -56,22 +46,33 @@ class RSAKey (PKey): return if (msg is None) and (data is not None): msg = Message(data) - if vals is not None: - self.e, self.n = vals + if key is not None: + self.key = key else: if msg is None: raise SSHException('Key object may not be empty') if msg.get_text() != 'ssh-rsa': raise SSHException('Invalid key') - self.e = msg.get_mpint() - self.n = msg.get_mpint() - self.size = util.bit_length(self.n) + self.key = rsa.RSAPublicNumbers( + e=msg.get_mpint(), n=msg.get_mpint() + ).public_key(default_backend()) + + @property + def size(self): + return self.key.key_size + + @property + def public_numbers(self): + if isinstance(self.key, rsa.RSAPrivateKey): + return self.key.private_numbers().public_numbers + else: + return self.key.public_numbers() def asbytes(self): m = Message() m.add_string('ssh-rsa') - m.add_mpint(self.e) - m.add_mpint(self.n) + m.add_mpint(self.public_numbers.e) + m.add_mpint(self.public_numbers.n) return m.asbytes() def __str__(self): @@ -79,8 +80,8 @@ class RSAKey (PKey): def __hash__(self): h = hash(self.get_name()) - h = h * 37 + hash(self.e) - h = h * 37 + hash(self.n) + h = h * 37 + hash(self.public_numbers.e) + h = h * 37 + hash(self.public_numbers.n) return hash(h) def get_name(self): @@ -90,12 +91,16 @@ class RSAKey (PKey): return self.size def can_sign(self): - return self.d is not None + return isinstance(self.key, rsa.RSAPrivateKey) def sign_ssh_data(self, data): - digest = sha1(data).digest() - rsa = RSA.construct((long(self.n), long(self.e), long(self.d))) - sig = util.deflate_long(rsa.sign(self._pkcs1imify(digest), bytes())[0], 0) + signer = self.key.signer( + padding=padding.PKCS1v15(), + algorithm=hashes.SHA1(), + ) + signer.update(data) + sig = signer.finalize() + m = Message() m.add_string('ssh-rsa') m.add_string(sig) @@ -104,32 +109,38 @@ class RSAKey (PKey): def verify_ssh_sig(self, data, msg): if msg.get_text() != 'ssh-rsa': return False - sig = util.inflate_long(msg.get_binary(), True) - # verify the signature by SHA'ing the data and encrypting it using the - # public key. some wackiness ensues where we "pkcs1imify" the 20-byte - # hash into a string as long as the RSA key. - hash_obj = util.inflate_long(self._pkcs1imify(sha1(data).digest()), True) - rsa = RSA.construct((long(self.n), long(self.e))) - return rsa.verify(hash_obj, (sig,)) - - def _encode_key(self): - if (self.p is None) or (self.q is None): - raise SSHException('Not enough key info to write private key file') - keylist = [0, self.n, self.e, self.d, self.p, self.q, - self.d % (self.p - 1), self.d % (self.q - 1), - util.mod_inverse(self.q, self.p)] + key = self.key + if isinstance(key, rsa.RSAPrivateKey): + key = key.public_key() + + verifier = key.verifier( + signature=msg.get_binary(), + padding=padding.PKCS1v15(), + algorithm=hashes.SHA1(), + ) + verifier.update(data) try: - b = BER() - b.encode(keylist) - except BERException: - raise SSHException('Unable to create ber encoding of key') - return b.asbytes() + verifier.verify() + except InvalidSignature: + return False + else: + return True def write_private_key_file(self, filename, password=None): - self._write_private_key_file('RSA', filename, self._encode_key(), password) + self._write_private_key_file( + filename, + self.key, + serialization.PrivateFormat.TraditionalOpenSSL, + password=password + ) def write_private_key(self, file_obj, password=None): - self._write_private_key('RSA', file_obj, self._encode_key(), password) + self._write_private_key( + file_obj, + self.key, + serialization.PrivateFormat.TraditionalOpenSSL, + password=password + ) @staticmethod def generate(bits, progress_func=None): @@ -138,29 +149,16 @@ class RSAKey (PKey): generate a new host key or authentication key. :param int bits: number of bits the generated key should be. - :param function progress_func: - an optional function to call at key points in key generation (used - by ``pyCrypto.PublicKey``). + :param function progress_func: Unused :return: new `.RSAKey` private key """ - rsa = RSA.generate(bits, os.urandom, progress_func) - key = RSAKey(vals=(rsa.e, rsa.n)) - key.d = rsa.d - key.p = rsa.p - key.q = rsa.q - return key + key = rsa.generate_private_key( + public_exponent=65537, key_size=bits, backend=default_backend() + ) + return RSAKey(key=key) ### internals... - def _pkcs1imify(self, data): - """ - turn a 20-byte SHA1 hash into a blob of data as large as the key's N, - using PKCS1's \"emsa-pkcs1-v1_5\" encoding. totally bizarre. - """ - size = len(util.deflate_long(self.n, 0)) - filler = max_byte * (size - len(SHA1_DIGESTINFO) - len(data) - 3) - return zero_byte + one_byte + filler + zero_byte + SHA1_DIGESTINFO + data - def _from_private_key_file(self, filename, password): data = self._read_private_key_file('RSA', filename, password) self._decode_key(data) @@ -170,18 +168,12 @@ class RSAKey (PKey): self._decode_key(data) def _decode_key(self, data): - # private key file contains: - # RSAPrivateKey = { version = 0, n, e, d, p, q, d mod p-1, d mod q-1, q**-1 mod p } try: - keylist = BER(data).decode() - except BERException: - raise SSHException('Unable to parse key file') - if (type(keylist) is not list) or (len(keylist) < 4) or (keylist[0] != 0): - raise SSHException('Not a valid RSA private key file (bad ber encoding)') - self.n = keylist[1] - self.e = keylist[2] - self.d = keylist[3] - # not really needed - self.p = keylist[4] - self.q = keylist[5] - self.size = util.bit_length(self.n) + key = serialization.load_der_private_key( + data, password=None, backend=default_backend() + ) + except ValueError as e: + raise SSHException(str(e)) + + assert isinstance(key, rsa.RSAPrivateKey) + self.key = key diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py index e9b13a66..e906a851 100644 --- a/paramiko/ssh_gss.py +++ b/paramiko/ssh_gss.py @@ -39,22 +39,8 @@ import sys """ GSS_AUTH_AVAILABLE = True -try: - from pyasn1.type.univ import ObjectIdentifier - from pyasn1.codec.der import encoder, decoder -except ImportError: - GSS_AUTH_AVAILABLE = False - class ObjectIdentifier(object): - def __init__(self, *args): - raise NotImplementedError("Module pyasn1 not importable") - - class decoder(object): - def decode(self): - raise NotImplementedError("Module pyasn1 not importable") - - class encoder(object): - def encode(self): - raise NotImplementedError("Module pyasn1 not importable") +from pyasn1.type.univ import ObjectIdentifier +from pyasn1.codec.der import encoder, decoder from paramiko.common import MSG_USERAUTH_REQUEST from paramiko.ssh_exception import SSHException diff --git a/paramiko/transport.py b/paramiko/transport.py index 764486a8..71d5109e 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -1,5 +1,4 @@ # Copyright (C) 2003-2007 Robey Pointer <robeypointer@gmail.com> -# Copyright (C) 2003-2007 Robey Pointer <robeypointer@gmail.com> # # This file is part of paramiko. # @@ -30,6 +29,9 @@ import time import weakref from hashlib import md5, sha1, sha256, sha512 +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.ciphers import algorithms, Cipher, modes + import paramiko from paramiko import util from paramiko.auth_handler import AuthHandler @@ -65,11 +67,6 @@ from paramiko.ssh_exception import (SSHException, BadAuthenticationType, ChannelException, ProxyCommandFailure) from paramiko.util import retry_on_signal, ClosingContextManager, clamp_value -from Crypto.Cipher import Blowfish, AES, DES3, ARC4 -try: - from Crypto.Util import Counter -except ImportError: - from paramiko.util import Counter # for thread cleanup @@ -93,6 +90,9 @@ class Transport (threading.Thread, ClosingContextManager): Instances of this class may be used as context managers. """ + _ENCRYPT = object() + _DECRYPT = object() + _PROTO_ID = '2.0' _CLIENT_ID = 'paramiko_%s' % paramiko.__version__ @@ -121,8 +121,7 @@ class Transport (threading.Thread, ClosingContextManager): _preferred_keys = ( 'ssh-rsa', 'ssh-dss', - 'ecdsa-sha2-nistp256', - ) + ) + tuple(ECDSAKey.supported_key_format_identifiers()) _preferred_kex = ( 'diffie-hellman-group1-sha1', 'diffie-hellman-group14-sha1', @@ -133,67 +132,68 @@ class Transport (threading.Thread, ClosingContextManager): _cipher_info = { 'aes128-ctr': { - 'class': AES, - 'mode': AES.MODE_CTR, + 'class': algorithms.AES, + 'mode': modes.CTR, 'block-size': 16, 'key-size': 16 }, 'aes192-ctr': { - 'class': AES, - 'mode': AES.MODE_CTR, + 'class': algorithms.AES, + 'mode': modes.CTR, 'block-size': 16, 'key-size': 24 }, 'aes256-ctr': { - 'class': AES, - 'mode': AES.MODE_CTR, + 'class': algorithms.AES, + 'mode': modes.CTR, 'block-size': 16, 'key-size': 32 }, 'blowfish-cbc': { - 'class': Blowfish, - 'mode': Blowfish.MODE_CBC, + 'class': algorithms.Blowfish, + 'mode': modes.CBC, 'block-size': 8, 'key-size': 16 }, 'aes128-cbc': { - 'class': AES, - 'mode': AES.MODE_CBC, + 'class': algorithms.AES, + 'mode': modes.CBC, 'block-size': 16, 'key-size': 16 }, 'aes192-cbc': { - 'class': AES, - 'mode': AES.MODE_CBC, + 'class': algorithms.AES, + 'mode': modes.CBC, 'block-size': 16, 'key-size': 24 }, 'aes256-cbc': { - 'class': AES, - 'mode': AES.MODE_CBC, + 'class': algorithms.AES, + 'mode': modes.CBC, 'block-size': 16, 'key-size': 32 }, '3des-cbc': { - 'class': DES3, - 'mode': DES3.MODE_CBC, + 'class': algorithms.TripleDES, + 'mode': modes.CBC, 'block-size': 8, 'key-size': 24 }, 'arcfour128': { - 'class': ARC4, + 'class': algorithms.ARC4, 'mode': None, 'block-size': 8, 'key-size': 16 }, 'arcfour256': { - 'class': ARC4, + 'class': algorithms.ARC4, 'mode': None, 'block-size': 8, 'key-size': 32 }, } + _mac_info = { 'hmac-sha1': {'class': sha1, 'size': 20}, 'hmac-sha1-96': {'class': sha1, 'size': 12}, @@ -445,7 +445,7 @@ class Transport (threading.Thread, ClosingContextManager): # We need the FQDN to get this working with SSPI self.gss_host = socket.getfqdn(gss_host) - def start_client(self, event=None, timeout=None): + def start_client(self, event=None): """ Negotiate a new SSH2 session as a client. This is the first step after creating a new `.Transport`. A separate thread is created for protocol @@ -456,7 +456,7 @@ class Transport (threading.Thread, ClosingContextManager): be triggered. On failure, `is_active` will return ``False``. (Since 1.4) If ``event`` is ``None``, this method will not return until - negotiation is done. On success, the method returns normally. + negotation is done. On success, the method returns normally. Otherwise an SSHException is raised. After a successful negotiation, you will usually want to authenticate, @@ -473,9 +473,6 @@ class Transport (threading.Thread, ClosingContextManager): :param .threading.Event event: an event to trigger when negotiation is complete (optional) - :param float timeout: - a timeout, in seconds, for SSH2 session negotiation (optional) - :raises SSHException: if negotiation fails (and no ``event`` was passed in) """ @@ -489,7 +486,6 @@ class Transport (threading.Thread, ClosingContextManager): # synchronous, wait for a result self.completion_event = event = threading.Event() self.start() - max_time = time.time() + timeout if timeout is not None else None while True: event.wait(0.1) if not self.active: @@ -497,7 +493,7 @@ class Transport (threading.Thread, ClosingContextManager): if e is not None: raise e raise SSHException('Negotiation failed.') - if event.is_set() or (timeout is not None and time.time() >= max_time): + if event.is_set(): break def start_server(self, event=None, server=None): @@ -1654,22 +1650,34 @@ class Transport (threading.Thread, ClosingContextManager): sofar += digest return out[:nbytes] - def _get_cipher(self, name, key, iv): + def _get_cipher(self, name, key, iv, operation): if name not in self._cipher_info: raise SSHException('Unknown client cipher ' + name) if name in ('arcfour128', 'arcfour256'): # arcfour cipher - cipher = self._cipher_info[name]['class'].new(key) + cipher = Cipher( + self._cipher_info[name]['class'](key), + None, + backend=default_backend() + ) + if operation is self._ENCRYPT: + engine = cipher.encryptor() + else: + engine = cipher.decryptor() # as per RFC 4345, the first 1536 bytes of keystream # generated by the cipher MUST be discarded - cipher.encrypt(" " * 1536) - return cipher - elif name.endswith("-ctr"): - # CTR modes, we need a counter - counter = Counter.new(nbits=self._cipher_info[name]['block-size'] * 8, initial_value=util.inflate_long(iv, True)) - return self._cipher_info[name]['class'].new(key, self._cipher_info[name]['mode'], iv, counter) + engine.encrypt(" " * 1536) + return engine else: - return self._cipher_info[name]['class'].new(key, self._cipher_info[name]['mode'], iv) + cipher = Cipher( + self._cipher_info[name]['class'](key), + self._cipher_info[name]['mode'](iv), + backend=default_backend(), + ) + if operation is self._ENCRYPT: + return cipher.encryptor() + else: + return cipher.decryptor() def _set_forward_agent_handler(self, handler): if handler is None: @@ -2065,7 +2073,7 @@ class Transport (threading.Thread, ClosingContextManager): else: IV_in = self._compute_key('B', block_size) key_in = self._compute_key('D', self._cipher_info[self.remote_cipher]['key-size']) - engine = self._get_cipher(self.remote_cipher, key_in, IV_in) + engine = self._get_cipher(self.remote_cipher, key_in, IV_in, self._DECRYPT) mac_size = self._mac_info[self.remote_mac]['size'] mac_engine = self._mac_info[self.remote_mac]['class'] # initial mac keys are done in the hash's natural size (not the @@ -2092,7 +2100,7 @@ class Transport (threading.Thread, ClosingContextManager): else: IV_out = self._compute_key('A', block_size) key_out = self._compute_key('C', self._cipher_info[self.local_cipher]['key-size']) - engine = self._get_cipher(self.local_cipher, key_out, IV_out) + engine = self._get_cipher(self.local_cipher, key_out, IV_out, self._ENCRYPT) mac_size = self._mac_info[self.local_mac]['size'] mac_engine = self._mac_info[self.local_mac]['class'] # initial mac keys are done in the hash's natural size (not the diff --git a/paramiko/util.py b/paramiko/util.py index 855e5757..5ad1e3fd 100644 --- a/paramiko/util.py +++ b/paramiko/util.py @@ -22,7 +22,6 @@ Useful functions used by the rest of paramiko. from __future__ import generators -import array import errno import sys import struct @@ -31,7 +30,7 @@ import threading import logging from paramiko.common import DEBUG, zero_byte, xffffffff, max_byte -from paramiko.py3compat import PY2, long, byte_ord, b, byte_chr +from paramiko.py3compat import PY2, long, byte_chr, byte_ord, b from paramiko.config import SSHConfig @@ -273,37 +272,6 @@ def retry_on_signal(function): raise -class Counter (object): - """Stateful counter for CTR mode crypto""" - def __init__(self, nbits, initial_value=long(1), overflow=long(0)): - self.blocksize = nbits / 8 - self.overflow = overflow - # start with value - 1 so we don't have to store intermediate values when counting - # could the iv be 0? - if initial_value == 0: - self.value = array.array('c', max_byte * self.blocksize) - else: - x = deflate_long(initial_value - 1, add_sign_padding=False) - self.value = array.array('c', zero_byte * (self.blocksize - len(x)) + x) - - def __call__(self): - """Increament the counter and return the new value""" - i = self.blocksize - 1 - while i > -1: - c = self.value[i] = byte_chr((byte_ord(self.value[i]) + 1) % 256) - if c != zero_byte: - return self.value.tostring() - i -= 1 - # counter reset - x = deflate_long(self.overflow, add_sign_padding=False) - self.value = array.array('c', zero_byte * (self.blocksize - len(x)) + x) - return self.value.tostring() - - @classmethod - def new(cls, nbits, initial_value=long(1), overflow=long(0)): - return cls(nbits, initial_value=initial_value, overflow=overflow) - - def constant_time_bytes_eq(a, b): if len(a) != len(b): return False @@ -24,14 +24,13 @@ connections between python scripts. All major ciphers and hash methods are supported. SFTP client and server mode are both supported too. Required packages: - pyCrypto + Cryptography To install the development version, ``pip install -e git+https://github.com/paramiko/paramiko/#egg=paramiko``. ''' import sys - from setuptools import setup @@ -76,7 +75,7 @@ setup( 'Programming Language :: Python :: 3.5', ], install_requires=[ - 'pycrypto>=2.1,!=2.4,<3.0', - 'ecdsa>=0.11,<2.0', + 'cryptography>=1.1', + 'pyasn1>=0.1.7', ], ) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 7fb3542b..ab3a4ed6 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -7,6 +7,12 @@ Changelog :issue:`398` was not fully applied, causing calls to `~paramiko.client.SSHClient.invoke_shell` to fail with ``AttributeError``. This has been fixed. Patch credit: Kirk Byers. +* :bug:`-` Accidentally merged the new features from 1.18.0 into the + 2.0.x bugfix-only branch. This included merging a bug in one of those new + features (breaking `~paramiko.client.SSHClient.invoke_shell` with an + ``AttributeError``.) The offending code has been stripped out of the 2.0.x + line (but of course, remains in 2.1.x and above.) +* :release:`2.0.3 <2016-12-09>` * :release:`1.18.0 <2016-12-09>` * :release:`1.17.3 <2016-12-09>` * :bug:`802 (1.17+)` (via :issue:`804`) Update our vendored Windows API module @@ -29,6 +35,11 @@ Changelog network connectivity isn't timing out, but the remote server is otherwise unable to service the connection in a timely manner. Credit to ``@sanseihappa``. +* :bug:`742` (also re: :issue:`559`) Catch ``AssertionError`` thrown by + Cryptography when attempting to load bad ECDSA keys, turning it into an + ``SSHException``. This moves the behavior in line with other "bad keys" + situations, re: Paramiko's main auth loop. Thanks to MengHuan Yu for the + patch. * :bug:`789` Add a missing ``.closed`` attribute (plus ``._closed`` because reasons) to `ProxyCommand <paramiko.proxy.ProxyCommand>` so the earlier partial fix for :issue:`520` works in situations where one is gatewaying via @@ -44,19 +55,10 @@ Changelog signature. Caught by ``@Score_Under``. * :bug:`681` Fix a Python3-specific bug re: the handling of read buffers when using ``ProxyCommand``. Thanks to Paul Kapp for catch & patch. -* :feature:`398 (1.18+)` Add an ``environment`` dict argument to - `Client.exec_command <paramiko.client.SSHClient.exec_command>` (plus the - lower level `Channel.update_environment - <paramiko.channel.Channel.update_environment>` and - `Channel.set_environment_variable - <paramiko.channel.Channel.set_environment_variable>` methods) which - implements the ``env`` SSH message type. This means the remote shell - environment can be set without the use of ``VARNAME=value`` shell tricks, - provided the server's ``AcceptEnv`` lists the variables you need to set. - Thanks to Philip Lorenz for the pull request. * :support:`819 backported (>=1.15,<2.0)` Document how lacking ``gmp`` headers at install time can cause a significant performance hit if you build PyCrypto from source. (Most system-distributed packages already have this enabled.) +* :release:`2.0.2 <2016-07-25>` * :release:`1.17.2 <2016-07-25>` * :release:`1.16.3 <2016-07-25>` * :bug:`673 (1.16+)` (via :issue:`681`) Fix protocol banner read errors @@ -72,6 +74,7 @@ Changelog should address issues on Windows platforms that often result in errors like ``ArgumentError: [...] int too long to convert``. Thanks to ``@swohlerLL`` for the report and Jason R. Coombs for the patch. +* :release:`2.0.1 <2016-06-21>` * :release:`1.17.1 <2016-06-21>` * :release:`1.16.2 <2016-06-21>` * :bug:`520 (1.16+)` (Partial fix) Fix at least one instance of race condition @@ -84,9 +87,14 @@ Changelog <paramiko.channel.Channel.fileno>` after the channel has closed). Thanks to Przemysław Strzelczak for the report & reproduction case, and to Krzysztof Rusek for the fix. +* :release:`2.0.0 <2016-04-28>` * :release:`1.17.0 <2016-04-28>` * :release:`1.16.1 <2016-04-28>` * :release:`1.15.5 <2016-04-28>` +* :feature:`731` (working off the earlier :issue:`611`) Add support for 384- + and 512-bit elliptic curve groups in ECDSA key types (aka + ``ecdsa-sha2-nistp384`` / ``ecdsa-sha2-nistp521``). Thanks to Michiel Tiller + and ``@CrazyCasta`` for the patches. * :bug:`670` Due to an earlier bugfix, less-specific ``Host`` blocks' ``ProxyCommand`` values were overriding ``ProxyCommand none`` in more-specific ``Host`` blocks. This has been fixed in a backwards compatible @@ -98,6 +106,28 @@ Changelog erroneously non-optional ``file_size`` parameter. Should only affect users who manually call ``prefetch``. Thanks to ``@stevevanhooser`` for catch & patch. +* :feature:`394` Replace PyCrypto with the Python Cryptographic Authority + (PyCA) 'Cryptography' library suite. This improves security, installability, + and performance; adds PyPy support; and much more. + + There aren't enough ways to thank Alex Gaynor for all of his work on this, + and then his patience while the maintainer let his PR grow moss for a year + and change. Paul Kehrer came in with an assist, and I think I saw Olle + Lundberg, ``@techtonik`` and ``@johnthagen`` supplying backup as well. Thanks + to all! + + .. warning:: + **This is a backwards incompatible change.** + + However, **it should only affect installation** requirements; **no API + changes are intended or expected**. Please report any such breakages as + bugs. + + See our updated :doc:`installation docs <installing>` for details on what + is now required to install Paramiko; many/most users should be able to + simply ``pip install -U paramiko`` (especially if you **upgrade to pip + 8**). + * :bug:`577` (via :issue:`578`; should also fix :issue:`718`, :issue:`560`) Fix stalled/hung SFTP downloads by cleaning up some threading lock issues. Thanks to Stephen C. Pope for the patch. diff --git a/sites/www/index.rst b/sites/www/index.rst index 8e7562af..b09ab589 100644 --- a/sites/www/index.rst +++ b/sites/www/index.rst @@ -3,8 +3,9 @@ Welcome to Paramiko! Paramiko is a Python (2.6+, 3.3+) implementation of the SSHv2 protocol [#]_, providing both client and server functionality. While it leverages a Python C -extension for low level cryptography (`PyCrypto <http://pycrypto.org>`_), -Paramiko itself is a pure Python interface around SSH networking concepts. +extension for low level cryptography +(`Cryptography <https://cryptography.io>`_), Paramiko itself is a pure Python +interface around SSH networking concepts. This website covers project information for Paramiko such as the changelog, contribution guidelines, development roadmap, news/blog, and so forth. Detailed diff --git a/sites/www/installing-1.x.rst b/sites/www/installing-1.x.rst new file mode 100644 index 00000000..356fac49 --- /dev/null +++ b/sites/www/installing-1.x.rst @@ -0,0 +1,120 @@ +Installing (1.x) +================ + +.. note:: Installing Paramiko 2.0 or above? See :doc:`installing` instead. + +This document includes legacy notes on installing Paramiko 1.x (specifically, +1.13 and up). Users are strongly encouraged to upgrade to 2.0 when possible; +PyCrypto (the dependency covered below) is no longer maintained and contains +security vulnerabilities. + +General install notes +===================== + +* Python 2.6+ and 3.3+ are supported; Python <=2.5 and 3.0-3.2 are **not + supported**. +* See the note in the main install doc about :ref:`release-lines` for details + on specific versions you may want to install. + + .. note:: 1.x will eventually be entirely end-of-lifed. +* Paramiko 1.7-1.14 have only one dependency: :ref:`pycrypto`. +* Paramiko 1.15+ (not including 2.x and above) add a second, pure-Python + dependency: the ``ecdsa`` module, trivially installable via PyPI. +* Paramiko 1.15+ (again, not including 2.x and up) also allows you to + optionally install a few more dependencies to gain support for + :ref:`GSS-API/Kerberos <gssapi-on-1x>`. +* Users on Windows may want to opt for the :ref:`pypm` approach. + + +.. _pycrypto: + +PyCrypto +======== + +`PyCrypto <https://www.dlitz.net/software/pycrypto/>`__ provides the low-level +(C-based) encryption algorithms we need to implement the SSH protocol. There +are a couple gotchas associated with installing PyCrypto: its compatibility +with Python's package tools, and the fact that it is a C-based extension. + +C extension +----------- + +Unless you are installing from a precompiled source such as a Debian apt +repository or RedHat RPM, or using :ref:`pypm <pypm>`, you will also need the +ability to build Python C-based modules from source in order to install +PyCrypto. Users on **Unix-based platforms** such as Ubuntu or Mac OS X will +need the traditional C build toolchain installed (e.g. Developer Tools / XCode +Tools on the Mac, or the ``build-essential`` package on Ubuntu or Debian Linux +-- basically, anything with ``gcc``, ``make`` and so forth) as well as the +Python development libraries, often named ``python-dev`` or similar. + +Slow vs fast crypto math +~~~~~~~~~~~~~~~~~~~~~~~~ + +PyCrypto attempts to use the ``gmp`` C math library if it is present on your +system, which enables what it internally calls "fastmath" (``_fastmath.so``). +When those headers are not available, it falls back to "slowmath" +(``_slowmath.py``) which is a pure-Python implementation. + +Real-world tests have shown significant benefits to using the C version of this +code; thus we strongly recommend you install the ``gmp`` development headers +**before** installing Paramiko/PyCrypto. E.g.:: + + $ apt-get install libgmp-dev # or just apt + $ yum install gmp-devel # or dnf + $ brew install gmp + +If you're unsure which version of math you've ended up with, a quick way to +check is to examine whether ``_fastmath.so`` or ``_slowmath.py`` appears in the +output of:: + + from Crypto.PublicKey import RSA + print(RSA._impl._math) + +Windows +~~~~~~~ + +For **Windows** users we recommend using :ref:`pypm`, installing a C +development environment such as `Cygwin <http://cygwin.com>`_ or obtaining a +precompiled Win32 PyCrypto package from `voidspace's Python modules page +<http://www.voidspace.org.uk/python/modules.shtml#pycrypto>`_. + +.. note:: + Some Windows users whose Python is 64-bit have found that the PyCrypto + dependency ``winrandom`` may not install properly, leading to ImportErrors. + In this scenario, you'll probably need to compile ``winrandom`` yourself + via e.g. MS Visual Studio. See `Fabric #194 + <https://github.com/fabric/fabric/issues/194>`_ for info. + + +.. _pypm: + +ActivePython and PyPM +===================== + +Windows users who already have ActiveState's `ActivePython +<http://www.activestate.com/activepython/downloads>`_ distribution installed +may find Paramiko is best installed with `its package manager, PyPM +<http://code.activestate.com/pypm/>`_. Below is example output from an +installation of Paramiko via ``pypm``:: + + C:\> pypm install paramiko + The following packages will be installed into "%APPDATA%\Python" (2.7): + paramiko-1.7.8 pycrypto-2.4 + Get: [pypm-free.activestate.com] paramiko 1.7.8 + Get: [pypm-free.activestate.com] pycrypto 2.4 + Installing paramiko-1.7.8 + Installing pycrypto-2.4 + C:\> + + +.. _gssapi-on-1x: + +Optional dependencies for GSS-API / SSPI / Kerberos +=================================================== + +First, see the main install doc's notes: :ref:`gssapi` - everything there is +required for Paramiko 1.x as well. + +Additionally, users of Paramiko 1.x, on all platforms, need a final dependency: +`pyasn1 <https://pypi.python.org/pypi/pyasn1>`_ ``0.1.7`` or better. diff --git a/sites/www/installing.rst b/sites/www/installing.rst index f16369ff..6537b850 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -2,6 +2,13 @@ Installing ========== + +.. note:: + These instructions cover Paramiko 2.0 and above. If you're looking to + install Paramiko 1.x, see :doc:`installing-1.x`. However, **the 1.x line + relies on insecure dependencies** so upgrading is strongly encouraged. + + .. _paramiko-itself: Paramiko itself @@ -12,17 +19,15 @@ via `pip <http://pip-installer.org>`_:: $ pip install paramiko -We currently support **Python 2.6, 2.7 and 3.3+** (Python **3.2** should also -work but has a less-strong compatibility guarantee from us.) Users on Python -2.5 or older are urged to upgrade. +We currently support **Python 2.6, 2.7, 3.3+, and PyPy**. Users on Python 2.5 +or older (or 3.2 or older) are urged to upgrade. -Paramiko has two hard dependencies: the pure-Python ECDSA module ``ecdsa``, and the -PyCrypto C extension. ``ecdsa`` is easily installable from wherever you -obtained Paramiko's package; PyCrypto may require more work. Read on for -details. +Paramiko has only one direct hard dependency: the Cryptography library. See +:ref:`cryptography`. If you need GSS-API / SSPI support, see :ref:`the below subsection on it -<gssapi>` for details on additional dependencies. +<gssapi>` for details on its optional dependencies. + .. _release-lines: @@ -33,97 +38,52 @@ Users desiring stability may wish to pin themselves to a specific release line once they first start using Paramiko; to assist in this, we guarantee bugfixes for the last 2-3 releases including the latest stable one. -If you're unsure which version to install, we have suggestions: +This typically spans major & minor versions, so even if e.g. 3.1 is the latest +stable release, it's likely that bugfixes will occasionally come out for the +latest 2.x and perhaps even 1.x releases, as well as for 3.0. New feature +releases for previous major-version lines are less likely but not unheard of. + +If you're unsure which version to install: * **Completely new users** should always default to the **latest stable release** (as above, whatever is newest / whatever shows up with ``pip install paramiko``.) -* **Users upgrading from a much older version** (e.g. the 1.7.x line) should - probably get the **oldest actively supported line** (see the paragraph above - this list for what that currently is.) +* **Users upgrading from a much older version** (e.g. 1.7.x through 1.10.x) + should probably get the **oldest actively supported line** (check the + :doc:`changelog` for recent releases). * **Everybody else** is hopefully already "on" a given version and can carefully upgrade to whichever version they care to, when their release line stops being supported. -PyCrypto -======== +.. _cryptography: -`PyCrypto <https://www.dlitz.net/software/pycrypto/>`_ provides the low-level -(C-based) encryption algorithms we need to implement the SSH protocol. There -are a couple gotchas associated with installing PyCrypto: its compatibility -with Python's package tools, and the fact that it is a C-based extension. +Cryptography +============ -C extension ------------ +`Cryptography <https://cryptography.io>`__ provides the low-level (C-based) +encryption algorithms we need to implement the SSH protocol. It has detailed +`installation instructions`_ (and an `FAQ +<https://cryptography.io/en/latest/faq/>`_) which you should read carefully. -Unless you are installing from a precompiled source such as a Debian apt -repository or RedHat RPM, or using :ref:`pypm <pypm>`, you will also need the -ability to build Python C-based modules from source in order to install -PyCrypto. Users on **Unix-based platforms** such as Ubuntu or Mac OS X will -need the traditional C build toolchain installed (e.g. Developer Tools / XCode -Tools on the Mac, or the ``build-essential`` package on Ubuntu or Debian Linux --- basically, anything with ``gcc``, ``make`` and so forth) as well as the -Python development libraries, often named ``python-dev`` or similar. +In general, you'll need one of the following setups: -Slow vs fast crypto math -~~~~~~~~~~~~~~~~~~~~~~~~ +* On Windows or Mac OS X, provided your ``pip`` is modern (8.x+): nothing else + is required. ``pip`` will install statically compiled binary archives of + Cryptography & its dependencies. +* On Linux, or on other platforms with older versions of ``pip``: you'll need a + C build toolchain, plus development headers for Python, OpenSSL and + ``libffi``. Again, see `Cryptography's install docs`_; these requirements may + occasionally change. -PyCrypto attempts to use the ``gmp`` C math library if it is present on your -system, which enables what it internally calls "fastmath" (``_fastmath.so``). -When those headers are not available, it falls back to "slowmath" -(``_slowmath.py``) which is a pure-Python implementation. + .. warning:: + If you go this route, note that **OpenSSL 1.0.1 or newer is effectively + required**. Cryptography 1.3 and older technically allow OpenSSL 0.9.8, but + 1.4 and newer - which Paramiko will gladly install or upgrade, if you e.g. + ``pip install -U`` - drop that support. -Real-world tests have shown significant benefits to using the C version of this -code; thus we strongly recommend you install the ``gmp`` development headers -**before** installing Paramiko/PyCrypto. E.g.:: - - $ apt-get install libgmp-dev # or just apt - $ yum install gmp-devel # or dnf - $ brew install gmp - -If you're unsure which version of math you've ended up with, a quick way to -check is to examine whether ``_fastmath.so`` or ``_slowmath.py`` appears in the -output of:: - - from Crypto.PublicKey import RSA - print(RSA._impl._math) - -Windows -~~~~~~~ - -For **Windows** users we recommend using :ref:`pypm`, installing a C -development environment such as `Cygwin <http://cygwin.com>`_ or obtaining a -precompiled Win32 PyCrypto package from `voidspace's Python modules page -<http://www.voidspace.org.uk/python/modules.shtml#pycrypto>`_. - -.. note:: - Some Windows users whose Python is 64-bit have found that the PyCrypto - dependency ``winrandom`` may not install properly, leading to ImportErrors. - In this scenario, you'll probably need to compile ``winrandom`` yourself - via e.g. MS Visual Studio. See `Fabric #194 - <https://github.com/fabric/fabric/issues/194>`_ for info. - - -.. _pypm: - -ActivePython and PyPM -===================== - -Windows users who already have ActiveState's `ActivePython -<http://www.activestate.com/activepython/downloads>`_ distribution installed -may find Paramiko is best installed with `its package manager, PyPM -<http://code.activestate.com/pypm/>`_. Below is example output from an -installation of Paramiko via ``pypm``:: - - C:\> pypm install paramiko - The following packages will be installed into "%APPDATA%\Python" (2.7): - paramiko-1.7.8 pycrypto-2.4 - Get: [pypm-free.activestate.com] paramiko 1.7.8 - Get: [pypm-free.activestate.com] pycrypto 2.4 - Installing paramiko-1.7.8 - Installing pycrypto-2.4 - C:\> +.. _installation instructions: +.. _Cryptography's install docs: https://cryptography.io/en/latest/installation/ .. _gssapi: @@ -137,8 +97,6 @@ due to their infrequent utility & non-platform-agnostic requirements): * It hopefully goes without saying but **all platforms** need **a working installation of GSS-API itself**, e.g. Heimdal. -* **All platforms** need `pyasn1 <https://pypi.python.org/pypi/pyasn1>`_ - ``0.1.7`` or better. * **Unix** needs `python-gssapi <https://pypi.python.org/pypi/python-gssapi/>`_ ``0.6.1`` or better. @@ -152,3 +110,9 @@ due to their infrequent utility & non-platform-agnostic requirements): delegation, make sure that the target host is trusted for delegation in the active directory configuration. For details see: http://technet.microsoft.com/en-us/library/cc738491%28v=ws.10%29.aspx + + +.. toctree:: + :hidden: + + installing-1.x diff --git a/tests/test_auth.py b/tests/test_auth.py index ec78e3ce..23517790 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -83,13 +83,13 @@ class NullServer (ServerInterface): return AUTH_SUCCESSFUL return AUTH_PARTIALLY_SUCCESSFUL return AUTH_FAILED - + def check_auth_interactive(self, username, submethods): if username == 'commie': self.username = username return InteractiveQuery('password', 'Please enter a password.', ('Password', False)) return AUTH_FAILED - + def check_auth_interactive_response(self, responses): if self.username == 'commie': if (len(responses) == 1) and (responses[0] == 'cat'): @@ -111,7 +111,7 @@ class AuthTest (unittest.TestCase): self.ts.close() self.socks.close() self.sockc.close() - + def start_server(self): host_key = RSAKey.from_private_key_file(test_path('test_rsa.key')) self.public_host_key = RSAKey(data=host_key.asbytes()) @@ -120,7 +120,7 @@ class AuthTest (unittest.TestCase): self.server = NullServer() self.assertTrue(not self.event.is_set()) self.ts.start_server(self.event, self.server) - + def verify_finished(self): self.event.wait(1.0) self.assertTrue(self.event.is_set()) @@ -156,7 +156,7 @@ class AuthTest (unittest.TestCase): self.assertTrue(issubclass(etype, AuthenticationException)) self.tc.auth_password(username='slowdive', password='pygmalion') self.verify_finished() - + def test_3_multipart_auth(self): """ verify that multipart auth works. @@ -187,7 +187,7 @@ class AuthTest (unittest.TestCase): self.assertEqual(self.got_prompts, [('Password', False)]) self.assertEqual([], remain) self.verify_finished() - + def test_5_interactive_auth_fallback(self): """ verify that a password auth attempt will fallback to "interactive" diff --git a/tests/test_client.py b/tests/test_client.py index e7ebbc6a..63ff9297 100644 --- a/tests/test_client.py +++ b/tests/test_client.py @@ -22,6 +22,8 @@ Some unit tests for SSHClient. from __future__ import with_statement +import gc +import platform import socket from tempfile import mkstemp import threading @@ -31,8 +33,9 @@ import warnings import os import time from tests.util import test_path + import paramiko -from paramiko.common import PY2, b +from paramiko.common import PY2 from paramiko.ssh_exception import SSHException @@ -79,16 +82,6 @@ class NullServer (paramiko.ServerInterface): return False return True - def check_channel_env_request(self, channel, name, value): - if name == 'INVALID_ENV': - return False - - if not hasattr(channel, 'env'): - setattr(channel, 'env', {}) - - channel.env[name] = value - return True - class SSHClientTest (unittest.TestCase): @@ -189,7 +182,7 @@ class SSHClientTest (unittest.TestCase): """ verify that SSHClient works with an ECDSA key. """ - self._test_connection(key_filename=test_path('test_ecdsa.key')) + self._test_connection(key_filename=test_path('test_ecdsa_256.key')) def test_3_multiple_key_files(self): """ @@ -206,8 +199,8 @@ class SSHClientTest (unittest.TestCase): for attempt, accept in ( (['rsa', 'dss'], ['dss']), # Original test #3 (['dss', 'rsa'], ['dss']), # Ordering matters sometimes, sadly - (['dss', 'rsa', 'ecdsa'], ['dss']), # Try ECDSA but fail - (['rsa', 'ecdsa'], ['ecdsa']), # ECDSA success + (['dss', 'rsa', 'ecdsa_256'], ['dss']), # Try ECDSA but fail + (['rsa', 'ecdsa_256'], ['ecdsa']), # ECDSA success ): try: self._test_connection( @@ -288,14 +281,13 @@ class SSHClientTest (unittest.TestCase): transport's packetizer) is closed. """ # Unclear why this is borked on Py3, but it is, and does not seem worth - # pursuing at the moment. + # pursuing at the moment. Skipped on PyPy because it fails on travis + # for unknown reasons, works fine locally. # XXX: It's the release of the references to e.g packetizer that fails # in py3... - if not PY2: + if not PY2 or platform.python_implementation() == "PyPy": return threading.Thread(target=self._run).start() - host_key = paramiko.RSAKey.from_private_key_file(test_path('test_rsa.key')) - public_host_key = paramiko.RSAKey(data=host_key.asbytes()) self.tc = paramiko.SSHClient() self.tc.set_missing_host_key_policy(paramiko.AutoAddPolicy()) @@ -311,14 +303,10 @@ class SSHClientTest (unittest.TestCase): self.tc.close() del self.tc - # hrm, sometimes p isn't cleared right away. why is that? - #st = time.time() - #while (time.time() - st < 5.0) and (p() is not None): - # time.sleep(0.1) - - # instead of dumbly waiting for the GC to collect, force a collection - # to see whether the SSHClient object is deallocated correctly - import gc + # force a collection to see whether the SSHClient object is deallocated + # correctly. 2 GCs are needed to make sure it's really collected on + # PyPy + gc.collect() gc.collect() self.assertTrue(p() is None) @@ -328,8 +316,6 @@ class SSHClientTest (unittest.TestCase): verify that an SSHClient can be used a context manager """ threading.Thread(target=self._run).start() - host_key = paramiko.RSAKey.from_private_key_file(test_path('test_rsa.key')) - public_host_key = paramiko.RSAKey(data=host_key.asbytes()) with paramiko.SSHClient() as tc: self.tc = tc @@ -383,38 +369,3 @@ class SSHClientTest (unittest.TestCase): password='pygmalion', ) self._test_connection(**kwargs) - - def test_update_environment(self): - """ - Verify that environment variables can be set by the client. - """ - threading.Thread(target=self._run).start() - - self.tc = paramiko.SSHClient() - self.tc.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - self.assertEqual(0, len(self.tc.get_host_keys())) - self.tc.connect(self.addr, self.port, username='slowdive', password='pygmalion') - - self.event.wait(1.0) - self.assertTrue(self.event.isSet()) - self.assertTrue(self.ts.is_active()) - - target_env = {b'A': b'B', b'C': b'd'} - - self.tc.exec_command('yes', environment=target_env) - schan = self.ts.accept(1.0) - self.assertEqual(target_env, getattr(schan, 'env', {})) - schan.close() - - # Cannot use assertRaises in context manager mode as it is not supported - # in Python 2.6. - try: - # Verify that a rejection by the server can be detected - self.tc.exec_command('yes', environment={b'INVALID_ENV': b''}) - except SSHException as e: - self.assertTrue('INVALID_ENV' in str(e), - 'Expected variable name in error message') - self.assertTrue(isinstance(e.args[1], SSHException), - 'Expected original SSHException in exception') - else: - self.assertFalse(False, 'SSHException was not thrown.') diff --git a/tests/test_ecdsa.key b/tests/test_ecdsa_256.key index 42d44734..42d44734 100644 --- a/tests/test_ecdsa.key +++ b/tests/test_ecdsa_256.key diff --git a/tests/test_ecdsa_384.key b/tests/test_ecdsa_384.key new file mode 100644 index 00000000..796bf417 --- /dev/null +++ b/tests/test_ecdsa_384.key @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDBDdO8IXvlLJgM7+sNtPl7tI7FM5kzuEUEEPRjXIPQM7mISciwJPBt+ +y43EuG8nL4mgBwYFK4EEACKhZANiAAQWxom0C1vQAGYhjdoREMVmGKBWlisDdzyk +mgyUjKpiJ9WfbIEVLsPGP8OdNjhr1y/8BZNIts+dJd6VmYw+4HzB+4F+U1Igs8K0 +JEvh59VNkvWheViadDXCM2MV8Nq+DNg= +-----END EC PRIVATE KEY----- diff --git a/tests/test_ecdsa_521.key b/tests/test_ecdsa_521.key new file mode 100644 index 00000000..b87dc90f --- /dev/null +++ b/tests/test_ecdsa_521.key @@ -0,0 +1,7 @@ +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIAprQtAS3OF6iVUkT8IowTHWicHzShGgk86EtuEXvfQnhZFKsWm6Jo +iqAr1yEaiuI9LfB3Xs8cjuhgEEfbduYr/f6gBwYFK4EEACOhgYkDgYYABACaOaFL +ZGuxa5AW16qj6VLypFbLrEWrt9AZUloCMefxO8bNLjK/O5g0rAVasar1TnyHE9qj +4NwzANZASWjQNbc4MAG8vzqezFwLIn/kNyNTsXNfqEko9OgHZknlj2Z79dwTJcRA +L4QLcT5aND0EHZLB2fAUDXiWIb2j4rg1mwPlBMiBXA== +-----END EC PRIVATE KEY----- diff --git a/tests/test_ecdsa_password.key b/tests/test_ecdsa_password_256.key index eb7910ed..eb7910ed 100644 --- a/tests/test_ecdsa_password.key +++ b/tests/test_ecdsa_password_256.key diff --git a/tests/test_ecdsa_password_384.key b/tests/test_ecdsa_password_384.key new file mode 100644 index 00000000..eba33c14 --- /dev/null +++ b/tests/test_ecdsa_password_384.key @@ -0,0 +1,9 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,7F7B5DBE4CE040D822441AFE7A023A1D + +y/d6tGonAXYgJniQoFCdto+CuT1y1s41qzwNLN9YdNq/+R/dtQvZAaOuGtHJRFE6 +wWabhY1bSjavVPT2z1Zw1jhDJX5HGrf9LDoyORKtUWtUJoUvGdYLHbcg8Q+//WRf +R0A01YuSw1SJX0a225S1aRcsDAk1k5F8EMb8QzSSDgjAOI8ldQF35JI+ofNSGjgS +BPOlorQXTJxDOGmokw/Wql6MbhajXKPO39H2Z53W88U= +-----END EC PRIVATE KEY----- diff --git a/tests/test_ecdsa_password_521.key b/tests/test_ecdsa_password_521.key new file mode 100644 index 00000000..5986b930 --- /dev/null +++ b/tests/test_ecdsa_password_521.key @@ -0,0 +1,10 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,AEB2DE62C65D1A88C4940A3476B2F10A + +5kNk/FFPbHa0402QTrgpIT28uirJ4Amvb2/ryOEyOCe0NPbTLCqlQekj2RFYH2Un +pgCLUDkelKQv4pyuK8qWS7R+cFjE/gHHCPUWkK3djZUC8DKuA9lUKeQIE+V1vBHc +L5G+MpoYrPgaydcGx/Uqnc/kVuZx1DXLwrGGtgwNROVBtmjXC9EdfeXHLL1y0wvH +paNgacJpUtgqJEmiehf7eL/eiReegG553rZK3jjfboGkREUaKR5XOgamiKUtgKoc +sMpImVYCsRKd/9RI+VOqErZaEvy/9j0Ye3iH32wGOaA= +-----END EC PRIVATE KEY----- diff --git a/tests/test_packetizer.py b/tests/test_packetizer.py index 15a7c93f..a1ea398c 100644 --- a/tests/test_packetizer.py +++ b/tests/test_packetizer.py @@ -24,9 +24,10 @@ import sys import unittest from hashlib import sha1 -from tests.loop import LoopSocket +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.ciphers import algorithms, Cipher, modes -from Crypto.Cipher import AES +from tests.loop import LoopSocket from paramiko import Message, Packetizer, util from paramiko.common import byte_chr, zero_byte @@ -43,8 +44,12 @@ class PacketizerTest (unittest.TestCase): p = Packetizer(wsock) p.set_log(util.get_logger('paramiko.transport')) p.set_hexdump(True) - cipher = AES.new(zero_byte * 16, AES.MODE_CBC, x55 * 16) - p.set_outbound_cipher(cipher, 16, sha1, 12, x1f * 20) + encryptor = Cipher( + algorithms.AES(zero_byte * 16), + modes.CBC(x55 * 16), + backend=default_backend() + ).encryptor() + p.set_outbound_cipher(encryptor, 16, sha1, 12, x1f * 20) # message has to be at least 16 bytes long, so we'll have at least one # block of data encrypted that contains zero random padding bytes @@ -66,8 +71,12 @@ class PacketizerTest (unittest.TestCase): p = Packetizer(rsock) p.set_log(util.get_logger('paramiko.transport')) p.set_hexdump(True) - cipher = AES.new(zero_byte * 16, AES.MODE_CBC, x55 * 16) - p.set_inbound_cipher(cipher, 16, sha1, 12, x1f * 20) + decryptor = Cipher( + algorithms.AES(zero_byte * 16), + modes.CBC(x55 * 16), + backend=default_backend() + ).decryptor() + p.set_inbound_cipher(decryptor, 16, sha1, 12, x1f * 20) wsock.send(b'\x43\x91\x97\xbd\x5b\x50\xac\x25\x87\xc2\xc4\x6b\xc7\xe9\x38\xc0\x90\xd2\x16\x56\x0d\x71\x73\x61\x38\x7c\x4c\x3d\xfb\x97\x7d\xe2\x6e\x03\xb1\xa0\xc2\x1c\xd6\x41\x41\x4c\xb4\x59') cmd, m = p.read_message() self.assertEqual(100, cmd) @@ -84,8 +93,12 @@ class PacketizerTest (unittest.TestCase): p = Packetizer(wsock) p.set_log(util.get_logger('paramiko.transport')) p.set_hexdump(True) - cipher = AES.new(zero_byte * 16, AES.MODE_CBC, x55 * 16) - p.set_outbound_cipher(cipher, 16, sha1, 12, x1f * 20) + encryptor = Cipher( + algorithms.AES(zero_byte * 16), + modes.CBC(x55 * 16), + backend=default_backend() + ).encryptor() + p.set_outbound_cipher(encryptor, 16, sha1, 12, x1f * 20) # message has to be at least 16 bytes long, so we'll have at least one # block of data encrypted that contains zero random padding bytes diff --git a/tests/test_pkey.py b/tests/test_pkey.py index f673254f..2181dd91 100644 --- a/tests/test_pkey.py +++ b/tests/test_pkey.py @@ -24,6 +24,7 @@ import unittest import os from binascii import hexlify from hashlib import md5 +import base64 from paramiko import RSAKey, DSSKey, ECDSAKey, Message, util from paramiko.py3compat import StringIO, byte_chr, b, bytes @@ -33,47 +34,51 @@ from tests.util import test_path # from openssh's ssh-keygen PUB_RSA = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA049W6geFpmsljTwfvI1UmKWWJPNFI74+vNKTk4dmzkQY2yAMs6FhlvhlI8ysU4oj71ZsRYMecHbBbxdN79+JRFVYTKaLqjwGENeTd+yv4q+V2PvZv3fLnzApI3l7EJCqhWwJUHJ1jAkZzqDx0tyOL4uoZpww3nmE0kb3y21tH4c=' PUB_DSS = 'ssh-dss AAAAB3NzaC1kc3MAAACBAOeBpgNnfRzr/twmAQRu2XwWAp3CFtrVnug6s6fgwj/oLjYbVtjAy6pl/h0EKCWx2rf1IetyNsTxWrniA9I6HeDj65X1FyDkg6g8tvCnaNB8Xp/UUhuzHuGsMIipRxBxw9LF608EqZcj1E3ytktoW5B5OcjrkEoz3xG7C+rpIjYvAAAAFQDwz4UnmsGiSNu5iqjn3uTzwUpshwAAAIEAkxfFeY8P2wZpDjX0MimZl5wkoFQDL25cPzGBuB4OnB8NoUk/yjAHIIpEShw8V+LzouMK5CTJQo5+Ngw3qIch/WgRmMHy4kBq1SsXMjQCte1So6HBMvBPIW5SiMTmjCfZZiw4AYHK+B/JaOwaG9yRg2Ejg4Ok10+XFDxlqZo8Y+wAAACARmR7CCPjodxASvRbIyzaVpZoJ/Z6x7dAumV+ysrV1BVYd0lYukmnjO1kKBWApqpH1ve9XDQYN8zgxM4b16L21kpoWQnZtXrY3GZ4/it9kUgyB7+NwacIBlXa8cMDL7Q/69o0d54U0X/NeX5QxuYR6OMJlrkQB7oiW/P/1mwjQgE=' -PUB_ECDSA = 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJSPZm3ZWkvk/Zx8WP+fZRZ5/NBBHnGQwR6uIC6XHGPDIHuWUzIjAwA0bzqkOUffEsbLe+uQgKl5kbc/L8KA/eo=' +PUB_ECDSA_256 = 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJSPZm3ZWkvk/Zx8WP+fZRZ5/NBBHnGQwR6uIC6XHGPDIHuWUzIjAwA0bzqkOUffEsbLe+uQgKl5kbc/L8KA/eo=' +PUB_ECDSA_384 = 'ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBbGibQLW9AAZiGN2hEQxWYYoFaWKwN3PKSaDJSMqmIn1Z9sgRUuw8Y/w502OGvXL/wFk0i2z50l3pWZjD7gfMH7gX5TUiCzwrQkS+Hn1U2S9aF5WJp0NcIzYxXw2r4M2A==' +PUB_ECDSA_521 = 'ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACaOaFLZGuxa5AW16qj6VLypFbLrEWrt9AZUloCMefxO8bNLjK/O5g0rAVasar1TnyHE9qj4NwzANZASWjQNbc4MAG8vzqezFwLIn/kNyNTsXNfqEko9OgHZknlj2Z79dwTJcRAL4QLcT5aND0EHZLB2fAUDXiWIb2j4rg1mwPlBMiBXA==' FINGER_RSA = '1024 60:73:38:44:cb:51:86:65:7f:de:da:a2:2b:5a:57:d5' FINGER_DSS = '1024 44:78:f0:b9:a2:3c:c5:18:20:09:ff:75:5b:c1:d2:6c' -FINGER_ECDSA = '256 25:19:eb:55:e6:a1:47:ff:4f:38:d2:75:6f:a5:d5:60' +FINGER_ECDSA_256 = '256 25:19:eb:55:e6:a1:47:ff:4f:38:d2:75:6f:a5:d5:60' +FINGER_ECDSA_384 = '384 c1:8d:a0:59:09:47:41:8e:a8:a6:07:01:29:23:b4:65' +FINGER_ECDSA_521 = '521 44:58:22:52:12:33:16:0e:ce:0e:be:2c:7c:7e:cc:1e' SIGNED_RSA = '20:d7:8a:31:21:cb:f7:92:12:f2:a4:89:37:f5:78:af:e6:16:b6:25:b9:97:3d:a2:cd:5f:ca:20:21:73:4c:ad:34:73:8f:20:77:28:e2:94:15:08:d8:91:40:7a:85:83:bf:18:37:95:dc:54:1a:9b:88:29:6c:73:ca:38:b4:04:f1:56:b9:f2:42:9d:52:1b:29:29:b4:4f:fd:c9:2d:af:47:d2:40:76:30:f3:63:45:0c:d9:1d:43:86:0f:1c:70:e2:93:12:34:f3:ac:c5:0a:2f:14:50:66:59:f1:88:ee:c1:4a:e9:d1:9c:4e:46:f0:0e:47:6f:38:74:f1:44:a8' RSA_PRIVATE_OUT = """\ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKCAIEA049W6geFpmsljTwfvI1UmKWWJPNFI74+vNKTk4dmzkQY2yAM -s6FhlvhlI8ysU4oj71ZsRYMecHbBbxdN79+JRFVYTKaLqjwGENeTd+yv4q+V2PvZ -v3fLnzApI3l7EJCqhWwJUHJ1jAkZzqDx0tyOL4uoZpww3nmE0kb3y21tH4cCASMC -ggCAEiI6plhqipt4P05L3PYr0pHZq2VPEbE4k9eI/gRKo/c1VJxY3DJnc1cenKsk -trQRtW3OxCEufqsX5PNec6VyKkW+Ox6beJjMKm4KF8ZDpKi9Nw6MdX3P6Gele9D9 -+ieyhVFljrnAqcXsgChTBOYlL2imqCs3qRGAJ3cMBIAx3VsCQQD3pIFVYW398kE0 -n0e1icEpkbDRV4c5iZVhu8xKy2yyfy6f6lClSb2+Ub9uns7F3+b5v0pYSHbE9+/r -OpRq83AfAkEA2rMZlr8SnMXgnyka2LuggA9QgMYy18hyao1dUxySubNDa9N+q2QR -mwDisTUgRFHKIlDHoQmzPbXAmYZX1YlDmQJBAPCRLS5epV0XOAc7pL762OaNhzHC -veAfQKgVhKBt105PqaKpGyQ5AXcNlWQlPeTK4GBTbMrKDPna6RBkyrEJvV8CQBK+ -5O+p+kfztCrmRCE0p1tvBuZ3Y3GU1ptrM+KNa6mEZN1bRV8l1Z+SXJLYqv6Kquz/ -nBUeFq2Em3rfoSDugiMCQDyG3cxD5dKX3IgkhLyBWls/FLDk4x/DQ+NUTu0F1Cu6 -JJye+5ARLkL0EweMXf0tmIYfWItDLsWB0fKg/56h0js= +MIICWgIBAAKBgQDTj1bqB4WmayWNPB+8jVSYpZYk80Ujvj680pOTh2bORBjbIAyz +oWGW+GUjzKxTiiPvVmxFgx5wdsFvF03v34lEVVhMpouqPAYQ15N37K/ir5XY+9m/ +d8ufMCkjeXsQkKqFbAlQcnWMCRnOoPHS3I4vi6hmnDDeeYTSRvfLbW0fhwIBIwKB +gBIiOqZYaoqbeD9OS9z2K9KR2atlTxGxOJPXiP4ESqP3NVScWNwyZ3NXHpyrJLa0 +EbVtzsQhLn6rF+TzXnOlcipFvjsem3iYzCpuChfGQ6SovTcOjHV9z+hnpXvQ/fon +soVRZY65wKnF7IAoUwTmJS9opqgrN6kRgCd3DASAMd1bAkEA96SBVWFt/fJBNJ9H +tYnBKZGw0VeHOYmVYbvMSstssn8un+pQpUm9vlG/bp7Oxd/m+b9KWEh2xPfv6zqU +avNwHwJBANqzGZa/EpzF4J8pGti7oIAPUIDGMtfIcmqNXVMckrmzQ2vTfqtkEZsA +4rE1IERRyiJQx6EJsz21wJmGV9WJQ5kCQQDwkS0uXqVdFzgHO6S++tjmjYcxwr3g +H0CoFYSgbddOT6miqRskOQF3DZVkJT3kyuBgU2zKygz52ukQZMqxCb1fAkASvuTv +qfpH87Qq5kQhNKdbbwbmd2NxlNabazPijWuphGTdW0VfJdWfklyS2Kr+iqrs/5wV +HhathJt636Eg7oIjAkA8ht3MQ+XSl9yIJIS8gVpbPxSw5OMfw0PjVE7tBdQruiSc +nvuQES5C9BMHjF39LZiGH1iLQy7FgdHyoP+eodI7 -----END RSA PRIVATE KEY----- """ DSS_PRIVATE_OUT = """\ -----BEGIN DSA PRIVATE KEY----- -MIIBvgIBAAKCAIEA54GmA2d9HOv+3CYBBG7ZfBYCncIW2tWe6Dqzp+DCP+guNhtW -2MDLqmX+HQQoJbHat/Uh63I2xPFaueID0jod4OPrlfUXIOSDqDy28Kdo0Hxen9RS -G7Me4awwiKlHEHHD0sXrTwSplyPUTfK2S2hbkHk5yOuQSjPfEbsL6ukiNi8CFQDw -z4UnmsGiSNu5iqjn3uTzwUpshwKCAIEAkxfFeY8P2wZpDjX0MimZl5wkoFQDL25c -PzGBuB4OnB8NoUk/yjAHIIpEShw8V+LzouMK5CTJQo5+Ngw3qIch/WgRmMHy4kBq -1SsXMjQCte1So6HBMvBPIW5SiMTmjCfZZiw4AYHK+B/JaOwaG9yRg2Ejg4Ok10+X -FDxlqZo8Y+wCggCARmR7CCPjodxASvRbIyzaVpZoJ/Z6x7dAumV+ysrV1BVYd0lY -ukmnjO1kKBWApqpH1ve9XDQYN8zgxM4b16L21kpoWQnZtXrY3GZ4/it9kUgyB7+N -wacIBlXa8cMDL7Q/69o0d54U0X/NeX5QxuYR6OMJlrkQB7oiW/P/1mwjQgECFGI9 -QPSch9pT9XHqn+1rZ4bK+QGA +MIIBuwIBAAKBgQDngaYDZ30c6/7cJgEEbtl8FgKdwhba1Z7oOrOn4MI/6C42G1bY +wMuqZf4dBCglsdq39SHrcjbE8Vq54gPSOh3g4+uV9Rcg5IOoPLbwp2jQfF6f1FIb +sx7hrDCIqUcQccPSxetPBKmXI9RN8rZLaFuQeTnI65BKM98Ruwvq6SI2LwIVAPDP +hSeawaJI27mKqOfe5PPBSmyHAoGBAJMXxXmPD9sGaQ419DIpmZecJKBUAy9uXD8x +gbgeDpwfDaFJP8owByCKREocPFfi86LjCuQkyUKOfjYMN6iHIf1oEZjB8uJAatUr +FzI0ArXtUqOhwTLwTyFuUojE5own2WYsOAGByvgfyWjsGhvckYNhI4ODpNdPlxQ8 +ZamaPGPsAoGARmR7CCPjodxASvRbIyzaVpZoJ/Z6x7dAumV+ysrV1BVYd0lYukmn +jO1kKBWApqpH1ve9XDQYN8zgxM4b16L21kpoWQnZtXrY3GZ4/it9kUgyB7+NwacI +BlXa8cMDL7Q/69o0d54U0X/NeX5QxuYR6OMJlrkQB7oiW/P/1mwjQgECFGI9QPSc +h9pT9XHqn+1rZ4bK+QGA -----END DSA PRIVATE KEY----- """ -ECDSA_PRIVATE_OUT = """\ +ECDSA_PRIVATE_OUT_256 = """\ -----BEGIN EC PRIVATE KEY----- MHcCAQEEIKB6ty3yVyKEnfF/zprx0qwC76MsMlHY4HXCnqho2eKioAoGCCqGSM49 AwEHoUQDQgAElI9mbdlaS+T9nHxY/59lFnn80EEecZDBHq4gLpccY8Mge5ZTMiMD @@ -81,6 +86,25 @@ ADRvOqQ5R98Sxst765CAqXmRtz8vwoD96g== -----END EC PRIVATE KEY----- """ +ECDSA_PRIVATE_OUT_384 = """\ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDBDdO8IXvlLJgM7+sNtPl7tI7FM5kzuEUEEPRjXIPQM7mISciwJPBt+ +y43EuG8nL4mgBwYFK4EEACKhZANiAAQWxom0C1vQAGYhjdoREMVmGKBWlisDdzyk +mgyUjKpiJ9WfbIEVLsPGP8OdNjhr1y/8BZNIts+dJd6VmYw+4HzB+4F+U1Igs8K0 +JEvh59VNkvWheViadDXCM2MV8Nq+DNg= +-----END EC PRIVATE KEY----- +""" + +ECDSA_PRIVATE_OUT_521 = """\ +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIAprQtAS3OF6iVUkT8IowTHWicHzShGgk86EtuEXvfQnhZFKsWm6Jo +iqAr1yEaiuI9LfB3Xs8cjuhgEEfbduYr/f6gBwYFK4EEACOhgYkDgYYABACaOaFL +ZGuxa5AW16qj6VLypFbLrEWrt9AZUloCMefxO8bNLjK/O5g0rAVasar1TnyHE9qj +4NwzANZASWjQNbc4MAG8vzqezFwLIn/kNyNTsXNfqEko9OgHZknlj2Z79dwTJcRA +L4QLcT5aND0EHZLB2fAUDXiWIb2j4rg1mwPlBMiBXA== +-----END EC PRIVATE KEY----- +""" + x1234 = b'\x01\x02\x03\x04' @@ -121,7 +145,7 @@ class KeyTest (unittest.TestCase): self.assertEqual(exp_rsa, my_rsa) self.assertEqual(PUB_RSA.split()[1], key.get_base64()) self.assertEqual(1024, key.get_bits()) - + def test_4_load_dss(self): key = DSSKey.from_private_key_file(test_path('test_dss.key')) self.assertEqual('ssh-dss', key.get_name()) @@ -205,43 +229,72 @@ class KeyTest (unittest.TestCase): msg.rewind() self.assertTrue(key.verify_ssh_sig(b'jerri blank', msg)) - def test_10_load_ecdsa(self): - key = ECDSAKey.from_private_key_file(test_path('test_ecdsa.key')) + def test_C_generate_ecdsa(self): + key = ECDSAKey.generate() + msg = key.sign_ssh_data(b'jerri blank') + msg.rewind() + self.assertTrue(key.verify_ssh_sig(b'jerri blank', msg)) + self.assertEqual(key.get_bits(), 256) + self.assertEqual(key.get_name(), 'ecdsa-sha2-nistp256') + + key = ECDSAKey.generate(bits=256) + msg = key.sign_ssh_data(b'jerri blank') + msg.rewind() + self.assertTrue(key.verify_ssh_sig(b'jerri blank', msg)) + self.assertEqual(key.get_bits(), 256) + self.assertEqual(key.get_name(), 'ecdsa-sha2-nistp256') + + key = ECDSAKey.generate(bits=384) + msg = key.sign_ssh_data(b'jerri blank') + msg.rewind() + self.assertTrue(key.verify_ssh_sig(b'jerri blank', msg)) + self.assertEqual(key.get_bits(), 384) + self.assertEqual(key.get_name(), 'ecdsa-sha2-nistp384') + + key = ECDSAKey.generate(bits=521) + msg = key.sign_ssh_data(b'jerri blank') + msg.rewind() + self.assertTrue(key.verify_ssh_sig(b'jerri blank', msg)) + self.assertEqual(key.get_bits(), 521) + self.assertEqual(key.get_name(), 'ecdsa-sha2-nistp521') + + def test_10_load_ecdsa_256(self): + key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_256.key')) self.assertEqual('ecdsa-sha2-nistp256', key.get_name()) - exp_ecdsa = b(FINGER_ECDSA.split()[1].replace(':', '')) + exp_ecdsa = b(FINGER_ECDSA_256.split()[1].replace(':', '')) my_ecdsa = hexlify(key.get_fingerprint()) self.assertEqual(exp_ecdsa, my_ecdsa) - self.assertEqual(PUB_ECDSA.split()[1], key.get_base64()) + self.assertEqual(PUB_ECDSA_256.split()[1], key.get_base64()) self.assertEqual(256, key.get_bits()) s = StringIO() key.write_private_key(s) - self.assertEqual(ECDSA_PRIVATE_OUT, s.getvalue()) + self.assertEqual(ECDSA_PRIVATE_OUT_256, s.getvalue()) s.seek(0) key2 = ECDSAKey.from_private_key(s) self.assertEqual(key, key2) - def test_11_load_ecdsa_password(self): - key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_password.key'), b'television') + def test_11_load_ecdsa_password_256(self): + key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_password_256.key'), b'television') self.assertEqual('ecdsa-sha2-nistp256', key.get_name()) - exp_ecdsa = b(FINGER_ECDSA.split()[1].replace(':', '')) + exp_ecdsa = b(FINGER_ECDSA_256.split()[1].replace(':', '')) my_ecdsa = hexlify(key.get_fingerprint()) self.assertEqual(exp_ecdsa, my_ecdsa) - self.assertEqual(PUB_ECDSA.split()[1], key.get_base64()) + self.assertEqual(PUB_ECDSA_256.split()[1], key.get_base64()) self.assertEqual(256, key.get_bits()) - def test_12_compare_ecdsa(self): + def test_12_compare_ecdsa_256(self): # verify that the private & public keys compare equal - key = ECDSAKey.from_private_key_file(test_path('test_ecdsa.key')) + key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_256.key')) self.assertEqual(key, key) pub = ECDSAKey(data=key.asbytes()) self.assertTrue(key.can_sign()) self.assertTrue(not pub.can_sign()) self.assertEqual(key, pub) - def test_13_sign_ecdsa(self): + def test_13_sign_ecdsa_256(self): # verify that the rsa private key can sign and verify - key = ECDSAKey.from_private_key_file(test_path('test_ecdsa.key')) + key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_256.key')) msg = key.sign_ssh_data(b'ice weasels') self.assertTrue(type(msg) is Message) msg.rewind() @@ -255,6 +308,109 @@ class KeyTest (unittest.TestCase): pub = ECDSAKey(data=key.asbytes()) self.assertTrue(pub.verify_ssh_sig(b'ice weasels', msg)) + def test_14_load_ecdsa_384(self): + key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_384.key')) + self.assertEqual('ecdsa-sha2-nistp384', key.get_name()) + exp_ecdsa = b(FINGER_ECDSA_384.split()[1].replace(':', '')) + my_ecdsa = hexlify(key.get_fingerprint()) + self.assertEqual(exp_ecdsa, my_ecdsa) + self.assertEqual(PUB_ECDSA_384.split()[1], key.get_base64()) + self.assertEqual(384, key.get_bits()) + + s = StringIO() + key.write_private_key(s) + self.assertEqual(ECDSA_PRIVATE_OUT_384, s.getvalue()) + s.seek(0) + key2 = ECDSAKey.from_private_key(s) + self.assertEqual(key, key2) + + def test_15_load_ecdsa_password_384(self): + key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_password_384.key'), b'television') + self.assertEqual('ecdsa-sha2-nistp384', key.get_name()) + exp_ecdsa = b(FINGER_ECDSA_384.split()[1].replace(':', '')) + my_ecdsa = hexlify(key.get_fingerprint()) + self.assertEqual(exp_ecdsa, my_ecdsa) + self.assertEqual(PUB_ECDSA_384.split()[1], key.get_base64()) + self.assertEqual(384, key.get_bits()) + + def test_16_compare_ecdsa_384(self): + # verify that the private & public keys compare equal + key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_384.key')) + self.assertEqual(key, key) + pub = ECDSAKey(data=key.asbytes()) + self.assertTrue(key.can_sign()) + self.assertTrue(not pub.can_sign()) + self.assertEqual(key, pub) + + def test_17_sign_ecdsa_384(self): + # verify that the rsa private key can sign and verify + key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_384.key')) + msg = key.sign_ssh_data(b'ice weasels') + self.assertTrue(type(msg) is Message) + msg.rewind() + self.assertEqual('ecdsa-sha2-nistp384', msg.get_text()) + # ECDSA signatures, like DSS signatures, tend to be different + # each time, so we can't compare against a "known correct" + # signature. + # Even the length of the signature can change. + + msg.rewind() + pub = ECDSAKey(data=key.asbytes()) + self.assertTrue(pub.verify_ssh_sig(b'ice weasels', msg)) + + def test_18_load_ecdsa_521(self): + key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_521.key')) + self.assertEqual('ecdsa-sha2-nistp521', key.get_name()) + exp_ecdsa = b(FINGER_ECDSA_521.split()[1].replace(':', '')) + my_ecdsa = hexlify(key.get_fingerprint()) + self.assertEqual(exp_ecdsa, my_ecdsa) + self.assertEqual(PUB_ECDSA_521.split()[1], key.get_base64()) + self.assertEqual(521, key.get_bits()) + + s = StringIO() + key.write_private_key(s) + # Different versions of OpenSSL (SSLeay versions 0x1000100f and + # 0x1000207f for instance) use different apparently valid (as far as + # ssh-keygen is concerned) padding. So we can't check the actual value + # of the pem encoded key. + s.seek(0) + key2 = ECDSAKey.from_private_key(s) + self.assertEqual(key, key2) + + def test_19_load_ecdsa_password_521(self): + key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_password_521.key'), b'television') + self.assertEqual('ecdsa-sha2-nistp521', key.get_name()) + exp_ecdsa = b(FINGER_ECDSA_521.split()[1].replace(':', '')) + my_ecdsa = hexlify(key.get_fingerprint()) + self.assertEqual(exp_ecdsa, my_ecdsa) + self.assertEqual(PUB_ECDSA_521.split()[1], key.get_base64()) + self.assertEqual(521, key.get_bits()) + + def test_20_compare_ecdsa_521(self): + # verify that the private & public keys compare equal + key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_521.key')) + self.assertEqual(key, key) + pub = ECDSAKey(data=key.asbytes()) + self.assertTrue(key.can_sign()) + self.assertTrue(not pub.can_sign()) + self.assertEqual(key, pub) + + def test_21_sign_ecdsa_521(self): + # verify that the rsa private key can sign and verify + key = ECDSAKey.from_private_key_file(test_path('test_ecdsa_521.key')) + msg = key.sign_ssh_data(b'ice weasels') + self.assertTrue(type(msg) is Message) + msg.rewind() + self.assertEqual('ecdsa-sha2-nistp521', msg.get_text()) + # ECDSA signatures, like DSS signatures, tend to be different + # each time, so we can't compare against a "known correct" + # signature. + # Even the length of the signature can change. + + msg.rewind() + pub = ECDSAKey(data=key.asbytes()) + self.assertTrue(pub.verify_ssh_sig(b'ice weasels', msg)) + def test_salt_size(self): # Read an existing encrypted private key file_ = test_path('test_rsa_password.key') diff --git a/tox-requirements.txt b/tox-requirements.txt index 26224ce6..9645f854 100644 --- a/tox-requirements.txt +++ b/tox-requirements.txt @@ -1,2 +1,3 @@ # Not sure why tox can't just read setup.py? -pycrypto +cryptography >= 1.1 +pyasn1 >= 0.1.7 @@ -1,5 +1,5 @@ [tox] -envlist = py26,py27,py32,py33,py34 +envlist = py26,py27,py33,py34,pypy [testenv] commands = pip install -q -r tox-requirements.txt |