From a4d59a9fea7ba549472b1a61af5f8c635f00d6c1 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 24 Dec 2014 14:41:53 -0800 Subject: Attempt to remove some duplication --- .../hazmat/primitives/serialization.py | 50 +++++++++++----------- 1 file changed, 24 insertions(+), 26 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/primitives/serialization.py b/src/cryptography/hazmat/primitives/serialization.py index 67f8a644..8a1c7ed6 100644 --- a/src/cryptography/hazmat/primitives/serialization.py +++ b/src/cryptography/hazmat/primitives/serialization.py @@ -29,6 +29,13 @@ def load_ssh_public_key(data, backend): 'Key is not in the proper format or contains extra data.') key_type = key_parts[0] + + if key_type not in [ + b'ssh-rsa', b'ssh-dss', b'ecdsa-sha2-nistp256', b'ecdsa-sha2-nistp384', + b'ecdsa-sha2-nistp521', + ]: + raise UnsupportedAlgorithm('Key type is not supported.') + key_body = key_parts[1] try: @@ -36,29 +43,27 @@ def load_ssh_public_key(data, backend): except TypeError: raise ValueError('Key is not in the proper format.') + inner_key_type, rest = _read_next_string(decoded_data) + + if inner_key_type != key_type: + raise ValueError( + 'Key header and key body contain different key type values.' + ) + if key_type == b'ssh-rsa': - return _load_ssh_rsa_public_key(decoded_data, backend) + return _load_ssh_rsa_public_key(rest, backend) elif key_type == b'ssh-dss': - return _load_ssh_dss_public_key(decoded_data, backend) + return _load_ssh_dss_public_key(rest, backend) elif key_type in [ b'ecdsa-sha2-nistp256', b'ecdsa-sha2-nistp384', b'ecdsa-sha2-nistp521', ]: - return _load_ssh_ecdsa_public_key(key_type, decoded_data, backend) - else: - raise UnsupportedAlgorithm( - 'Only RSA and DSA keys are currently supported.' - ) + return _load_ssh_ecdsa_public_key(key_type, rest, backend) def _load_ssh_rsa_public_key(decoded_data, backend): - key_type, rest = _read_next_string(decoded_data) - e, rest = _read_next_mpint(rest) + e, rest = _read_next_mpint(decoded_data) n, rest = _read_next_mpint(rest) - if key_type != b'ssh-rsa': - raise ValueError( - 'Key header and key body contain different key type values.') - if rest: raise ValueError('Key body contains extra bytes.') @@ -66,17 +71,11 @@ def _load_ssh_rsa_public_key(decoded_data, backend): def _load_ssh_dss_public_key(decoded_data, backend): - key_type, rest = _read_next_string(decoded_data) - p, rest = _read_next_mpint(rest) + p, rest = _read_next_mpint(decoded_data) q, rest = _read_next_mpint(rest) g, rest = _read_next_mpint(rest) y, rest = _read_next_mpint(rest) - if key_type != b'ssh-dss': - raise ValueError( - 'Key header and key body contain different key type values.' - ) - if rest: raise ValueError('Key body contains extra bytes.') @@ -87,11 +86,10 @@ def _load_ssh_dss_public_key(decoded_data, backend): def _load_ssh_ecdsa_public_key(expected_key_type, decoded_data, backend): - key_type, rest = _read_next_string(decoded_data) - curve_name, rest = _read_next_string(rest) + curve_name, rest = _read_next_string(decoded_data) data, rest = _read_next_string(rest) - if key_type != expected_key_type != b"ecdsa-sha2" + curve_name: + if expected_key_type != b"ecdsa-sha2-" + curve_name: raise ValueError( 'Key header and key body contain different key type values.' ) @@ -99,11 +97,11 @@ def _load_ssh_ecdsa_public_key(expected_key_type, decoded_data, backend): if rest: raise ValueError('Key body contains extra bytes.') - if key_type == "ecdsa-sha2-nistp256": + if curve_name == "nistp256": curve = ec.SECP256R1() - elif key_type == "ecdsa-sha2-nistp384": + elif curve_name == "nistp384": curve = ec.SECP384R1() - elif key_type == "ecdsa-sha2-nistp521": + elif curve_name == "nistp521": curve = ec.SECP521R1() if len(data) != 1 + 2 * (curve.key_size // 8): -- cgit v1.2.3