1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.
from __future__ import absolute_import, division, print_function
import base64
import struct
import warnings
from cryptography import utils
from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.primitives.asymmetric.dsa import (
DSAParameterNumbers, DSAPublicNumbers
)
from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers
def load_pem_traditional_openssl_private_key(data, password, backend):
warnings.warn(
"load_pem_traditional_openssl_private_key is deprecated and will be "
"removed in a future version, use load_pem_private_key instead.",
utils.DeprecatedIn06,
stacklevel=2
)
return backend.load_traditional_openssl_pem_private_key(
data, password
)
def load_pem_pkcs8_private_key(data, password, backend):
warnings.warn(
"load_pem_pkcs8_private_key is deprecated and will be removed in a "
"future version, use load_pem_private_key instead.",
utils.DeprecatedIn06,
stacklevel=2
)
return backend.load_pkcs8_pem_private_key(data, password)
def load_pem_private_key(data, password, backend):
return backend.load_pem_private_key(data, password)
def load_pem_public_key(data, backend):
return backend.load_pem_public_key(data)
def load_ssh_public_key(data, backend):
key_parts = data.split(b' ')
if len(key_parts) != 2 and len(key_parts) != 3:
raise ValueError(
'Key is not in the proper format or contains extra data.')
key_type = key_parts[0]
key_body = key_parts[1]
try:
decoded_data = base64.b64decode(key_body)
except TypeError:
raise ValueError('Key is not in the proper format.')
if key_type == b'ssh-rsa':
return _load_ssh_rsa_public_key(decoded_data, backend)
elif key_type == b'ssh-dss':
return _load_ssh_dss_public_key(decoded_data, backend)
else:
raise UnsupportedAlgorithm(
'Only RSA and DSA keys are currently supported.'
)
def _load_ssh_rsa_public_key(decoded_data, backend):
key_type, rest = _read_next_string(decoded_data)
e, rest = _read_next_mpint(rest)
n, rest = _read_next_mpint(rest)
if key_type != b'ssh-rsa':
raise ValueError(
'Key header and key body contain different key type values.')
if rest:
raise ValueError('Key body contains extra bytes.')
return backend.load_rsa_public_numbers(RSAPublicNumbers(e, n))
def _load_ssh_dss_public_key(decoded_data, backend):
key_type, rest = _read_next_string(decoded_data)
p, rest = _read_next_mpint(rest)
q, rest = _read_next_mpint(rest)
g, rest = _read_next_mpint(rest)
y, rest = _read_next_mpint(rest)
if key_type != b'ssh-dss':
raise ValueError(
'Key header and key body contain different key type values.')
if rest:
raise ValueError('Key body contains extra bytes.')
parameter_numbers = DSAParameterNumbers(p, q, g)
public_numbers = DSAPublicNumbers(y, parameter_numbers)
return backend.load_dsa_public_numbers(public_numbers)
def _read_next_string(data):
"""Retrieves the next RFC 4251 string value from the data."""
str_len, = struct.unpack('>I', data[:4])
return data[4:4 + str_len], data[4 + str_len:]
def _read_next_mpint(data):
"""
Reads the next mpint from the data.
Currently, all mpints are interpreted as unsigned.
"""
mpint_data, rest = _read_next_string(data)
return _int_from_bytes(mpint_data, byteorder='big', signed=False), rest
if hasattr(int, "from_bytes"):
_int_from_bytes = int.from_bytes
else:
def _int_from_bytes(data, byteorder, signed=False):
assert byteorder == 'big'
assert not signed
if len(data) % 4 != 0:
data = (b'\x00' * (4 - (len(data) % 4))) + data
result = 0
while len(data) > 0:
digit, = struct.unpack('>I', data[:4])
result = (result << 32) + digit
data = data[4:]
return result
|
