diff options
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | paramiko/dsskey.py | 21 | ||||
-rw-r--r-- | paramiko/ecdsakey.py | 13 | ||||
-rw-r--r-- | paramiko/util.py | 34 | ||||
-rw-r--r-- | setup.py | 2 | ||||
-rw-r--r-- | tox-requirements.txt | 2 |
6 files changed, 13 insertions, 61 deletions
@@ -36,7 +36,7 @@ Requirements - Python 2.6 or better <http://www.python.org/> - this includes Python 3.2 and higher as well. - - Cryptography 0.6 or better <https://cryptography.io> + - Cryptography 0.7 or better <https://cryptography.io> - pyasn1 0.1.7 or better <https://pypi.python.org/pypi/pyasn1> If you have setuptools, you can build and install paramiko and all its diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py index 6ea29d9c..2c90694f 100644 --- a/paramiko/dsskey.py +++ b/paramiko/dsskey.py @@ -24,9 +24,9 @@ from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import dsa - -from pyasn1.codec.der import encoder, decoder -from pyasn1.type import namedtype, univ +from cryptography.hazmat.primitives.asymmetric.utils import ( + decode_rfc6979_signature, encode_rfc6979_signature +) from paramiko import util from paramiko.common import zero_byte @@ -36,13 +36,6 @@ from paramiko.ber import BER, BERException from paramiko.pkey import PKey -class _DSSSigValue(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('r', univ.Integer()), - namedtype.NamedType('s', univ.Integer()) - ) - - class DSSKey(PKey): """ Representation of a DSS key which can be used to sign an verify SSH2 @@ -120,8 +113,7 @@ class DSSKey(PKey): ).private_key(backend=default_backend()) signer = key.signer(hashes.SHA1()) signer.update(data) - signature = signer.finalize() - (r, s), _ = decoder.decode(signature) + r, s = decode_rfc6979_signature(signer.finalize()) m = Message() m.add_string('ssh-dss') @@ -149,10 +141,7 @@ class DSSKey(PKey): sigR = util.inflate_long(sig[:20], 1) sigS = util.inflate_long(sig[20:], 1) - sig_asn1 = _DSSSigValue() - sig_asn1.setComponentByName('r', sigR) - sig_asn1.setComponentByName('s', sigS) - signature = encoder.encode(sig_asn1) + signature = encode_rfc6979_signature(sigR, sigS) key = dsa.DSAPublicNumbers( y=self.y, diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py index c3d66c30..cf3f04db 100644 --- a/paramiko/ecdsakey.py +++ b/paramiko/ecdsakey.py @@ -28,11 +28,11 @@ from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ec - -from pyasn1.codec.der import decoder, encoder +from cryptography.hazmat.primitives.asymmetric.utils import ( + decode_rfc6979_signature, encode_rfc6979_signature +) from paramiko.common import four_byte, one_byte -from paramiko.dsskey import _DSSSigValue from paramiko.message import Message from paramiko.pkey import PKey from paramiko.py3compat import byte_chr @@ -122,7 +122,7 @@ class ECDSAKey(PKey): signer = self.signing_key.signer(ec.ECDSA(hashes.SHA256())) signer.update(data) sig = signer.finalize() - (r, s), _ = decoder.decode(sig) + r, s = decode_rfc6979_signature(sig) m = Message() m.add_string('ecdsa-sha2-nistp256') @@ -134,10 +134,7 @@ class ECDSAKey(PKey): return False sig = msg.get_binary() sigR, sigS = self._sigdecode(sig) - sig_asn1 = _DSSSigValue() - sig_asn1.setComponentByName('r', sigR) - sig_asn1.setComponentByName('s', sigS) - signature = encoder.encode(sig_asn1) + signature = encode_rfc6979_signature(sigR, sigS) verifier = self.verifying_key.verifier(signature, ec.ECDSA(hashes.SHA256())) verifier.update(data) diff --git a/paramiko/util.py b/paramiko/util.py index 4d89ccf6..4947a129 100644 --- a/paramiko/util.py +++ b/paramiko/util.py @@ -273,40 +273,6 @@ def retry_on_signal(function): raise -<<<<<<< HEAD -======= -class Counter (object): - """Stateful counter for CTR mode crypto""" - def __init__(self, nbits, initial_value=long(1), overflow=long(0)): - self.blocksize = nbits / 8 - self.overflow = overflow - # start with value - 1 so we don't have to store intermediate values when counting - # could the iv be 0? - if initial_value == 0: - self.value = array.array('c', max_byte * self.blocksize) - else: - x = deflate_long(initial_value - 1, add_sign_padding=False) - self.value = array.array('c', zero_byte * (self.blocksize - len(x)) + x) - - def __call__(self): - """Increament the counter and return the new value""" - i = self.blocksize - 1 - while i > -1: - c = self.value[i] = byte_chr((byte_ord(self.value[i]) + 1) % 256) - if c != zero_byte: - return self.value.tostring() - i -= 1 - # counter reset - x = deflate_long(self.overflow, add_sign_padding=False) - self.value = array.array('c', zero_byte * (self.blocksize - len(x)) + x) - return self.value.tostring() - - @classmethod - def new(cls, nbits, initial_value=long(1), overflow=long(0)): - return cls(nbits, initial_value=initial_value, overflow=overflow) - - ->>>>>>> master def constant_time_bytes_eq(a, b): if len(a) != len(b): return False @@ -41,7 +41,7 @@ try: from setuptools import setup kw = { 'install_requires': [ - 'cryptography >= 0.6', + 'cryptography >= 0.7', 'pyasn1 >= 0.1.7', ], } diff --git a/tox-requirements.txt b/tox-requirements.txt index 0b93acf3..23ed06d8 100644 --- a/tox-requirements.txt +++ b/tox-requirements.txt @@ -1,3 +1,3 @@ # Not sure why tox can't just read setup.py? -cryptography >= 0.6 +cryptography >= 0.7 pyasn1 >= 0.1.7 |