diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-12-15 15:39:24 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-12-15 15:39:24 -0600 |
| commit | 9305287078bf1c15c469284c0a993c5c38e23bf5 (patch) | |
| tree | c05086440021977aff39f8f147ab040567f1beb0 /src | |
| parent | e59804ea35c24835562de885e39d9d3f3cf5237c (diff) | |
| parent | 0c9e8af1f43a1d37ccf46640250186e0fb42fb06 (diff) | |
| download | cryptography-9305287078bf1c15c469284c0a993c5c38e23bf5.tar.gz cryptography-9305287078bf1c15c469284c0a993c5c38e23bf5.tar.bz2 cryptography-9305287078bf1c15c469284c0a993c5c38e23bf5.zip | |
Merge pull request #1527 from alex/pr/1517
Added SSH public key loading
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/primitives/serialization.py | 77 | ||||
| -rw-r--r-- | src/cryptography/utils.py | 7 |
2 files changed, 81 insertions, 3 deletions
diff --git a/src/cryptography/hazmat/primitives/serialization.py b/src/cryptography/hazmat/primitives/serialization.py index b9cf5967..0dbbc85c 100644 --- a/src/cryptography/hazmat/primitives/serialization.py +++ b/src/cryptography/hazmat/primitives/serialization.py @@ -4,9 +4,13 @@ from __future__ import absolute_import, division, print_function +import base64 +import struct import warnings from cryptography import utils +from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers def load_pem_traditional_openssl_private_key(data, password, backend): @@ -39,3 +43,76 @@ def load_pem_private_key(data, password, backend): def load_pem_public_key(data, backend): return backend.load_pem_public_key(data) + + +def load_ssh_public_key(data, backend): + key_parts = data.split(b' ') + + if len(key_parts) != 2 and len(key_parts) != 3: + raise ValueError( + 'Key is not in the proper format or contains extra data.') + + key_type = key_parts[0] + key_body = key_parts[1] + + if not key_type.startswith(b'ssh-'): + raise ValueError('SSH-formatted keys must begin with \'ssh-\'.') + + if not key_type.startswith(b'ssh-rsa'): + raise UnsupportedAlgorithm('Only RSA keys are currently supported.') + + return _load_ssh_rsa_public_key(key_body, backend) + + +def _load_ssh_rsa_public_key(key_body, backend): + data = base64.b64decode(key_body) + + key_type, rest = _read_next_string(data) + e, rest = _read_next_mpint(rest) + n, rest = _read_next_mpint(rest) + + if key_type != b'ssh-rsa': + raise ValueError( + 'Key header and key body contain different key type values.') + + if rest: + raise ValueError('Key body contains extra bytes.') + + return backend.load_rsa_public_numbers(RSAPublicNumbers(e, n)) + + +def _read_next_string(data): + """Retrieves the next RFC 4251 string value from the data.""" + str_len, = struct.unpack('>I', data[:4]) + return data[4:4 + str_len], data[4 + str_len:] + + +def _read_next_mpint(data): + """ + Reads the next mpint from the data. + + Currently, all mpints are interpreted as unsigned. + """ + mpint_data, rest = _read_next_string(data) + + return _int_from_bytes(mpint_data, byteorder='big', signed=False), rest + + +if hasattr(int, "from_bytes"): + _int_from_bytes = int.from_bytes +else: + def _int_from_bytes(data, byteorder, signed=False): + assert byteorder == 'big' + assert not signed + + if len(data) % 4 != 0: + data = (b'\x00' * (4 - (len(data) % 4))) + data + + result = 0 + + while len(data) > 0: + digit, = struct.unpack('>I', data[:4]) + result = (result << 32) + digit + data = data[4:] + + return result diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py index 63464dfa..78f73464 100644 --- a/src/cryptography/utils.py +++ b/src/cryptography/utils.py @@ -48,8 +48,9 @@ def verify_interface(iface, klass): ) -def bit_length(x): - if sys.version_info >= (2, 7): +if sys.version_info >= (2, 7): + def bit_length(x): return x.bit_length() - else: +else: + def bit_length(x): return len(bin(x)) - (2 + (x <= 0)) |