diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-03-15 13:10:35 -0400 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-03-15 13:10:35 -0400 |
commit | 5130ad1f755ce0939ad51d88720a9b90fd8b3c00 (patch) | |
tree | 38d4dea786e482ad6991a11c3897c1bb42a07d70 /paramiko/ecdsakey.py | |
parent | 5861cde4cc1341840bc11a167335669e0154fae4 (diff) | |
download | paramiko-5130ad1f755ce0939ad51d88720a9b90fd8b3c00.tar.gz |
Update for cryptography 0.8 and general cleanups
Diffstat (limited to 'paramiko/ecdsakey.py')
-rw-r--r-- | paramiko/ecdsakey.py | 70 |
1 files changed, 5 insertions, 65 deletions
diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py index bc76b639..2f5c2c31 100644 --- a/paramiko/ecdsakey.py +++ b/paramiko/ecdsakey.py @@ -32,9 +32,6 @@ from cryptography.hazmat.primitives.asymmetric.utils import ( decode_rfc6979_signature, encode_rfc6979_signature ) -from pyasn1.codec.der import encoder -from pyasn1.type import namedtype, namedval, tag, univ - from paramiko.common import four_byte, one_byte, zero_byte from paramiko.message import Message from paramiko.pkey import PKey @@ -43,40 +40,6 @@ from paramiko.ssh_exception import SSHException from paramiko.util import deflate_long, inflate_long -# RFC 5480, section 2.1.1 -class _ECParameters(univ.Choice): - # TODO: There are a few more options for this choice I think, the RFC says - # not to use them though... - componentType = namedtype.NamedTypes( - namedtype.NamedType("namedCurve", univ.ObjectIdentifier()), - ) - - -# RFC 5915, Appendix A -class _ECPrivateKey(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType( - "version", - univ.Integer( - namedValues=namedval.NamedValues( - ("ecPrivkeyVer1", 1), - ) - ), - ), - namedtype.NamedType("privateKey", univ.OctetString()), - namedtype.OptionalNamedType("parameters", _ECParameters().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0), - )), - namedtype.OptionalNamedType("publicKey", univ.BitString().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1), - )), - ) - - -_CURVE_TO_OID = { - ec.SECP256R1: univ.ObjectIdentifier("1.2.840.10045.3.1.7") -} - class ECDSAKey(PKey): """ Representation of an ECDSA key which can be used to sign and verify SSH2 @@ -216,40 +179,17 @@ class ECDSAKey(PKey): byte_chr(5) * 5, byte_chr(6) * 6, byte_chr(7) * 7] def _decode_key(self, data): - s = """ ------BEGIN EC PRIVATE KEY----- -%s ------END EC PRIVATE KEY----- -""" % "\n".join(textwrap.wrap(base64.b64encode(data).decode(), 64)) - key = serialization.load_pem_private_key(s.encode(), password=None, backend=default_backend()) + key = serialization.load_der_private_key(data, password=None, backend=default_backend()) self.signing_key = key self.verifying_key = key.public_key() self.size = key.curve.key_size def _to_der(self, key): - private_numbers = key.private_numbers() - public_numbers = private_numbers.public_numbers - - private_key = deflate_long( - private_numbers.private_value, add_sign_padding=False + return key.private_bytes( + serialization.Encoding.DER, + serialization.Format.TraditionalOpenSSL, + serialization.NoEncryption(), ) - x_str = deflate_long(public_numbers.x, add_sign_padding=False) - y_str = deflate_long(public_numbers.y, add_sign_padding=False) - - key_length = key.curve.key_size // 8 - if len(x_str) < key_length: - x_str = zero_byte * (key_length - len(x_str)) + x_str - if len(y_str) < key_length: - y_str = zero_byte * (key_length - len(y_str)) + y_str - public_key = b"\x04" + x_str + y_str - - asn1_key = _ECPrivateKey() - asn1_key.setComponentByName("version", 1) - asn1_key.setComponentByName("privateKey", private_key) - asn1_key.setComponentByName("parameters") - asn1_key.getComponentByName("parameters").setComponentByName("namedCurve", _CURVE_TO_OID[type(key.curve)]) - asn1_key.setComponentByName("publicKey", "'%s'H" % binascii.hexlify(public_key).decode()) - return encoder.encode(asn1_key) def _sigencode(self, r, s): msg = Message() |