diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-12-16 22:08:09 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-12-16 22:08:09 -0600 |
| commit | 75257daa6d21a1e79565176f7ee90c3ebb4a4680 (patch) | |
| tree | 04a8a20c881db3c9d9706522c2f2ef24ab0525f4 /src | |
| parent | e8d27d14d617cb32df9965a13e736928395f31fe (diff) | |
| download | cryptography-75257daa6d21a1e79565176f7ee90c3ebb4a4680.tar.gz cryptography-75257daa6d21a1e79565176f7ee90c3ebb4a4680.tar.bz2 cryptography-75257daa6d21a1e79565176f7ee90c3ebb4a4680.zip | |
add OpenSSH DSS public key loading
fixes #1531
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/primitives/serialization.py | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/src/cryptography/hazmat/primitives/serialization.py b/src/cryptography/hazmat/primitives/serialization.py index 0dbbc85c..1949b111 100644 --- a/src/cryptography/hazmat/primitives/serialization.py +++ b/src/cryptography/hazmat/primitives/serialization.py @@ -10,6 +10,9 @@ import warnings from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.hazmat.primitives.asymmetric.dsa import ( + DSAParameterNumbers, DSAPublicNumbers +) from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers @@ -55,13 +58,14 @@ def load_ssh_public_key(data, backend): key_type = key_parts[0] key_body = key_parts[1] - if not key_type.startswith(b'ssh-'): - raise ValueError('SSH-formatted keys must begin with \'ssh-\'.') - - if not key_type.startswith(b'ssh-rsa'): - raise UnsupportedAlgorithm('Only RSA keys are currently supported.') - - return _load_ssh_rsa_public_key(key_body, backend) + if key_type.startswith(b'ssh-rsa'): + return _load_ssh_rsa_public_key(key_body, backend) + elif key_type.startswith(b'ssh-dss'): + return _load_ssh_dss_public_key(key_body, backend) + else: + raise UnsupportedAlgorithm( + 'Only RSA and DSA keys are currently supported.' + ) def _load_ssh_rsa_public_key(key_body, backend): @@ -81,6 +85,28 @@ def _load_ssh_rsa_public_key(key_body, backend): return backend.load_rsa_public_numbers(RSAPublicNumbers(e, n)) +def _load_ssh_dss_public_key(key_body, backend): + data = base64.b64decode(key_body) + + key_type, rest = _read_next_string(data) + p, rest = _read_next_mpint(rest) + q, rest = _read_next_mpint(rest) + g, rest = _read_next_mpint(rest) + y, rest = _read_next_mpint(rest) + + if key_type != b'ssh-dss': + raise ValueError( + 'Key header and key body contain different key type values.') + + if rest: + raise ValueError('Key body contains extra bytes.') + + parameter_numbers = DSAParameterNumbers(p, q, g) + public_numbers = DSAPublicNumbers(y, parameter_numbers) + + return backend.load_dsa_public_numbers(public_numbers) + + def _read_next_string(data): """Retrieves the next RFC 4251 string value from the data.""" str_len, = struct.unpack('>I', data[:4]) |