Use a more recent cryptography and call a function

author: Alex Gaynor <alex.gaynor@gmail.com> 2016-04-27 20:43:14 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2016-04-27 20:43:14 -0400
commit: 1e7849ba910365e6008fd276b271e90a718fd618 (patch)
tree: 3b5f65cf729e46e265d4b995caf39344ae7b0955
parent: 86645149c9d066d5fe9222525c8bdf91df7f7de9 (diff)
download: paramiko-1e7849ba910365e6008fd276b271e90a718fd618.tar.gz
4 files changed, 15 insertions, 20 deletions
diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py
index 7e14422c..4644e9a6 100644
--- a/paramiko/dsskey.py
+++ b/paramiko/dsskey.py
@@ -25,7 +25,7 @@ from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import dsa
 from cryptography.hazmat.primitives.asymmetric.utils import (
-    decode_rfc6979_signature, encode_rfc6979_signature
+    decode_dss_signature, encode_dss_signature
 )
 
 from paramiko import util
@@ -113,7 +113,7 @@ class DSSKey(PKey):
         ).private_key(backend=default_backend())
         signer = key.signer(hashes.SHA1())
         signer.update(data)
-        r, s = decode_rfc6979_signature(signer.finalize())
+        r, s = decode_dss_signature(signer.finalize())
 
         m = Message()
         m.add_string('ssh-dss')
@@ -141,7 +141,7 @@ class DSSKey(PKey):
         sigR = util.inflate_long(sig[:20], 1)
         sigS = util.inflate_long(sig[20:], 1)
 
-        signature = encode_rfc6979_signature(sigR, sigS)
+        signature = encode_dss_signature(sigR, sigS)
 
         key = dsa.DSAPublicNumbers(
             y=self.y,
diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py
index c69bef73..9200dd8b 100644
--- a/paramiko/ecdsakey.py
+++ b/paramiko/ecdsakey.py
@@ -20,21 +20,19 @@
 ECDSA keys
 """
 
-import binascii
-
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.hazmat.primitives.asymmetric.utils import (
-    decode_rfc6979_signature, encode_rfc6979_signature
+    decode_dss_signature, encode_dss_signature
 )
 
 from paramiko.common import four_byte
 from paramiko.message import Message
 from paramiko.pkey import PKey
 from paramiko.ssh_exception import SSHException
-from paramiko.util import deflate_long, inflate_long
+from paramiko.util import deflate_long
 
 
 class ECDSAKey(PKey):
@@ -67,15 +65,12 @@ class ECDSAKey(PKey):
                 raise SSHException("Can't handle curve of type %s" % curvename)
 
             pointinfo = msg.get_binary()
-            if pointinfo[0:1] != four_byte:
-                raise SSHException('Point compression is being used: %s' %
-                                   binascii.hexlify(pointinfo))
-            curve = ec.SECP256R1()
-            numbers = ec.EllipticCurvePublicNumbers(
-                x=inflate_long(pointinfo[1:1 + curve.key_size // 8], always_positive=True),
-                y=inflate_long(pointinfo[1 + curve.key_size // 8:], always_positive=True),
-                curve=curve
-            )
+            try:
+                numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(
+                    ec.SECP256R1(), pointinfo
+                )
+            except ValueError:
+                raise SSHException("Invalid public key")
             self.verifying_key = numbers.public_key(backend=default_backend())
         self.size = 256
 
@@ -119,7 +114,7 @@ class ECDSAKey(PKey):
         signer = self.signing_key.signer(ec.ECDSA(hashes.SHA256()))
         signer.update(data)
         sig = signer.finalize()
-        r, s = decode_rfc6979_signature(sig)
+        r, s = decode_dss_signature(sig)
 
         m = Message()
         m.add_string('ecdsa-sha2-nistp256')
@@ -131,7 +126,7 @@ class ECDSAKey(PKey):
             return False
         sig = msg.get_binary()
         sigR, sigS = self._sigdecode(sig)
-        signature = encode_rfc6979_signature(sigR, sigS)
+        signature = encode_dss_signature(sigR, sigS)
 
         verifier = self.verifying_key.verifier(
             signature, ec.ECDSA(hashes.SHA256())
diff --git a/setup.py b/setup.py
index 4f370d63..ed3bbcd6 100644
--- a/setup.py
+++ b/setup.py
@@ -76,7 +76,7 @@ setup(
         'Programming Language :: Python :: 3.5',
     ],
     install_requires=[
-        'cryptography>=0.8',
+        'cryptography>=1.1',
         'pyasn1>=0.1.7',
     ],
 )
diff --git a/tox-requirements.txt b/tox-requirements.txt
index 47ddd792..9645f854 100644
--- a/tox-requirements.txt
+++ b/tox-requirements.txt
@@ -1,3 +1,3 @@
 # Not sure why tox can't just read setup.py?
-cryptography >= 0.8
+cryptography >= 1.1
 pyasn1 >= 0.1.7
author	Alex Gaynor <alex.gaynor@gmail.com>	2016-04-27 20:43:14 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2016-04-27 20:43:14 -0400
commit	1e7849ba910365e6008fd276b271e90a718fd618 (patch)
tree	3b5f65cf729e46e265d4b995caf39344ae7b0955
parent	86645149c9d066d5fe9222525c8bdf91df7f7de9 (diff)
download	paramiko-1e7849ba910365e6008fd276b271e90a718fd618.tar.gz