summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--README2
-rw-r--r--paramiko/dsskey.py21
-rw-r--r--paramiko/ecdsakey.py13
-rw-r--r--paramiko/util.py34
-rw-r--r--setup.py2
-rw-r--r--tox-requirements.txt2
6 files changed, 13 insertions, 61 deletions
diff --git a/README b/README
index 7be87eff..7177ce80 100644
--- a/README
+++ b/README
@@ -36,7 +36,7 @@ Requirements
- Python 2.6 or better <http://www.python.org/> - this includes Python
3.2 and higher as well.
- - Cryptography 0.6 or better <https://cryptography.io>
+ - Cryptography 0.7 or better <https://cryptography.io>
- pyasn1 0.1.7 or better <https://pypi.python.org/pypi/pyasn1>
If you have setuptools, you can build and install paramiko and all its
diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py
index 6ea29d9c..2c90694f 100644
--- a/paramiko/dsskey.py
+++ b/paramiko/dsskey.py
@@ -24,9 +24,9 @@ from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import dsa
-
-from pyasn1.codec.der import encoder, decoder
-from pyasn1.type import namedtype, univ
+from cryptography.hazmat.primitives.asymmetric.utils import (
+ decode_rfc6979_signature, encode_rfc6979_signature
+)
from paramiko import util
from paramiko.common import zero_byte
@@ -36,13 +36,6 @@ from paramiko.ber import BER, BERException
from paramiko.pkey import PKey
-class _DSSSigValue(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('r', univ.Integer()),
- namedtype.NamedType('s', univ.Integer())
- )
-
-
class DSSKey(PKey):
"""
Representation of a DSS key which can be used to sign an verify SSH2
@@ -120,8 +113,7 @@ class DSSKey(PKey):
).private_key(backend=default_backend())
signer = key.signer(hashes.SHA1())
signer.update(data)
- signature = signer.finalize()
- (r, s), _ = decoder.decode(signature)
+ r, s = decode_rfc6979_signature(signer.finalize())
m = Message()
m.add_string('ssh-dss')
@@ -149,10 +141,7 @@ class DSSKey(PKey):
sigR = util.inflate_long(sig[:20], 1)
sigS = util.inflate_long(sig[20:], 1)
- sig_asn1 = _DSSSigValue()
- sig_asn1.setComponentByName('r', sigR)
- sig_asn1.setComponentByName('s', sigS)
- signature = encoder.encode(sig_asn1)
+ signature = encode_rfc6979_signature(sigR, sigS)
key = dsa.DSAPublicNumbers(
y=self.y,
diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py
index c3d66c30..cf3f04db 100644
--- a/paramiko/ecdsakey.py
+++ b/paramiko/ecdsakey.py
@@ -28,11 +28,11 @@ from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import ec
-
-from pyasn1.codec.der import decoder, encoder
+from cryptography.hazmat.primitives.asymmetric.utils import (
+ decode_rfc6979_signature, encode_rfc6979_signature
+)
from paramiko.common import four_byte, one_byte
-from paramiko.dsskey import _DSSSigValue
from paramiko.message import Message
from paramiko.pkey import PKey
from paramiko.py3compat import byte_chr
@@ -122,7 +122,7 @@ class ECDSAKey(PKey):
signer = self.signing_key.signer(ec.ECDSA(hashes.SHA256()))
signer.update(data)
sig = signer.finalize()
- (r, s), _ = decoder.decode(sig)
+ r, s = decode_rfc6979_signature(sig)
m = Message()
m.add_string('ecdsa-sha2-nistp256')
@@ -134,10 +134,7 @@ class ECDSAKey(PKey):
return False
sig = msg.get_binary()
sigR, sigS = self._sigdecode(sig)
- sig_asn1 = _DSSSigValue()
- sig_asn1.setComponentByName('r', sigR)
- sig_asn1.setComponentByName('s', sigS)
- signature = encoder.encode(sig_asn1)
+ signature = encode_rfc6979_signature(sigR, sigS)
verifier = self.verifying_key.verifier(signature, ec.ECDSA(hashes.SHA256()))
verifier.update(data)
diff --git a/paramiko/util.py b/paramiko/util.py
index 4d89ccf6..4947a129 100644
--- a/paramiko/util.py
+++ b/paramiko/util.py
@@ -273,40 +273,6 @@ def retry_on_signal(function):
raise
-<<<<<<< HEAD
-=======
-class Counter (object):
- """Stateful counter for CTR mode crypto"""
- def __init__(self, nbits, initial_value=long(1), overflow=long(0)):
- self.blocksize = nbits / 8
- self.overflow = overflow
- # start with value - 1 so we don't have to store intermediate values when counting
- # could the iv be 0?
- if initial_value == 0:
- self.value = array.array('c', max_byte * self.blocksize)
- else:
- x = deflate_long(initial_value - 1, add_sign_padding=False)
- self.value = array.array('c', zero_byte * (self.blocksize - len(x)) + x)
-
- def __call__(self):
- """Increament the counter and return the new value"""
- i = self.blocksize - 1
- while i > -1:
- c = self.value[i] = byte_chr((byte_ord(self.value[i]) + 1) % 256)
- if c != zero_byte:
- return self.value.tostring()
- i -= 1
- # counter reset
- x = deflate_long(self.overflow, add_sign_padding=False)
- self.value = array.array('c', zero_byte * (self.blocksize - len(x)) + x)
- return self.value.tostring()
-
- @classmethod
- def new(cls, nbits, initial_value=long(1), overflow=long(0)):
- return cls(nbits, initial_value=initial_value, overflow=overflow)
-
-
->>>>>>> master
def constant_time_bytes_eq(a, b):
if len(a) != len(b):
return False
diff --git a/setup.py b/setup.py
index e67cbd56..e10a6390 100644
--- a/setup.py
+++ b/setup.py
@@ -41,7 +41,7 @@ try:
from setuptools import setup
kw = {
'install_requires': [
- 'cryptography >= 0.6',
+ 'cryptography >= 0.7',
'pyasn1 >= 0.1.7',
],
}
diff --git a/tox-requirements.txt b/tox-requirements.txt
index 0b93acf3..23ed06d8 100644
--- a/tox-requirements.txt
+++ b/tox-requirements.txt
@@ -1,3 +1,3 @@
# Not sure why tox can't just read setup.py?
-cryptography >= 0.6
+cryptography >= 0.7
pyasn1 >= 0.1.7