diff options
| -rw-r--r-- | CHANGELOG.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/serialization.rst | 18 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/serialization.py | 4 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_serialization.py | 82 |
4 files changed, 44 insertions, 66 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e0c71a7b..5b1f48e6 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -19,9 +19,9 @@ Changelog * Added support for encoding and decoding :rfc:`6979` signatures in :doc:`/hazmat/primitives/asymmetric/utils`. * Added - :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` and - :func:`~cryptography.hazmat.primitives.serialization.load_ssh_rsa_public_key` - to support the loading of OpenSSH RSA public keys (RFC 4253). + :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` + to support the loading of OpenSSH public keys (RFC 4253). Currently, only RSA + is supported. 0.6.1 - 2014-10-15 ~~~~~~~~~~~~~~~~~~ diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 52960ec0..ec35c3cf 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -232,21 +232,3 @@ Example RSA key in OpenSSH format (line breaks added for formatting purposes):: :raises UnsupportedAlgorithm: If the serialized key is of a type that is not supported. - -.. function:: load_ssh_rsa_public_key(data, backend) - - .. versionadded:: 0.7 - - Deserialize a RSA public key from OpenSSH (:rfc:`4253`) encoded data to an - instance of the RSA Public Key type for the specified backend. - - :param bytes data: The OpenSSH encoded key data. - - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` - provider. - - :returns: A new instance of a public key type. - - :raises ValueError: If the OpenSSH data could not be properly decoded or - if the key is not in the proper format. diff --git a/src/cryptography/hazmat/primitives/serialization.py b/src/cryptography/hazmat/primitives/serialization.py index 0f07e41f..e1ffab9e 100644 --- a/src/cryptography/hazmat/primitives/serialization.py +++ b/src/cryptography/hazmat/primitives/serialization.py @@ -52,10 +52,10 @@ def load_ssh_public_key(data, backend): if not data.startswith(b'ssh-rsa'): raise UnsupportedAlgorithm('Only RSA keys are currently supported.') - return load_ssh_rsa_public_key(data, backend) + return _load_ssh_rsa_public_key(data, backend) -def load_ssh_rsa_public_key(data, backend): +def _load_ssh_rsa_public_key(data, backend): if not data.startswith(b'ssh-rsa '): raise ValueError('SSH-formatted RSA keys must begin with ssh-rsa') diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 63ec6c4c..8dbe8344 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -18,9 +18,9 @@ from cryptography.hazmat.primitives import interfaces from cryptography.hazmat.primitives.asymmetric import ec from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers from cryptography.hazmat.primitives.serialization import ( - load_pem_pkcs8_private_key, load_pem_private_key, load_pem_public_key, - load_pem_traditional_openssl_private_key, load_ssh_public_key, - load_ssh_rsa_public_key + _load_ssh_rsa_public_key, load_pem_pkcs8_private_key, load_pem_private_key, + load_pem_public_key, load_pem_traditional_openssl_private_key, + load_ssh_public_key ) @@ -713,33 +713,31 @@ class TestSSHSerialization(object): assert key is not None assert isinstance(key, interfaces.RSAPublicKey) - if not isinstance(key, interfaces.RSAPublicKeyWithNumbers): - return - - numbers = key.public_numbers() + if isinstance(key, interfaces.RSAPublicKeyWithNumbers): + numbers = key.public_numbers() - expected_e = 0x10001 - expected_n = int( - '00C3BBF5D13F59322BA0A0B77EA0B6CF570241628AE24B5BA454D' - '23DCA295652B3523B67752653DFFD69587FAD9578DD6406F23691' - 'EA491C3F8B2D391D0312D9653C303B651067ADF887A5241843CEF' - '8019680A088E092FEC305FB04EA070340BB9BD0F1635B2AD84142' - '61B4E2D010ABD8FC6D2FB768912F78EE6B05A60857532B75B75EF' - 'C007601A4EF58BA947B7E75E38F3443CDD87E7C138A1DAD9D9FB3' - '19FF69DA43A9F6F6B0CD243F042CD1A5AFAEB286BD46AEB2D922B' - 'D01385D6892167074A0907F94A2BF08A54ABB2FFFFC89920861D0' - '46F8706AB88DDADBD9E8204D48B87789081E074024C8996783B31' - '7076A98ABF0A2D8550EAF2097D8CCC7BE76EF', 16) + expected_e = 0x10001 + expected_n = int( + '00C3BBF5D13F59322BA0A0B77EA0B6CF570241628AE24B5BA454D' + '23DCA295652B3523B67752653DFFD69587FAD9578DD6406F23691' + 'EA491C3F8B2D391D0312D9653C303B651067ADF887A5241843CEF' + '8019680A088E092FEC305FB04EA070340BB9BD0F1635B2AD84142' + '61B4E2D010ABD8FC6D2FB768912F78EE6B05A60857532B75B75EF' + 'C007601A4EF58BA947B7E75E38F3443CDD87E7C138A1DAD9D9FB3' + '19FF69DA43A9F6F6B0CD243F042CD1A5AFAEB286BD46AEB2D922B' + 'D01385D6892167074A0907F94A2BF08A54ABB2FFFFC89920861D0' + '46F8706AB88DDADBD9E8204D48B87789081E074024C8996783B31' + '7076A98ABF0A2D8550EAF2097D8CCC7BE76EF', 16) - expected = RSAPublicNumbers(expected_e, expected_n) + expected = RSAPublicNumbers(expected_e, expected_n) - assert numbers == expected + assert numbers == expected def test_load_ssh_rsa_public_key_bad_format(self, backend): str_key = b'ssh-rsa-not-a-key' with pytest.raises(ValueError): - load_ssh_rsa_public_key(str_key, backend) + _load_ssh_rsa_public_key(str_key, backend) def test_load_ssh_rsa_public_key(self, backend): str_key = ( @@ -751,29 +749,27 @@ class TestSSHSerialization(object): '///ImSCGHQRvhwariN2tvZ6CBNSLh3iQgeB0AkyJlng7MXB2qYq/Ci2FUOryCX' '2MzHvnbv testkey@localhost').encode() - key = load_ssh_public_key(str_key, backend) + key = _load_ssh_rsa_public_key(str_key, backend) assert key is not None assert isinstance(key, interfaces.RSAPublicKey) - if not isinstance(key, interfaces.RSAPublicKeyWithNumbers): - return - - numbers = key.public_numbers() - - expected_e = 0x10001 - expected_n = int( - '00C3BBF5D13F59322BA0A0B77EA0B6CF570241628AE24B5BA454D' - '23DCA295652B3523B67752653DFFD69587FAD9578DD6406F23691' - 'EA491C3F8B2D391D0312D9653C303B651067ADF887A5241843CEF' - '8019680A088E092FEC305FB04EA070340BB9BD0F1635B2AD84142' - '61B4E2D010ABD8FC6D2FB768912F78EE6B05A60857532B75B75EF' - 'C007601A4EF58BA947B7E75E38F3443CDD87E7C138A1DAD9D9FB3' - '19FF69DA43A9F6F6B0CD243F042CD1A5AFAEB286BD46AEB2D922B' - 'D01385D6892167074A0907F94A2BF08A54ABB2FFFFC89920861D0' - '46F8706AB88DDADBD9E8204D48B87789081E074024C8996783B31' - '7076A98ABF0A2D8550EAF2097D8CCC7BE76EF', 16) - - expected = RSAPublicNumbers(expected_e, expected_n) + if isinstance(key, interfaces.RSAPublicKeyWithNumbers): + numbers = key.public_numbers() - assert numbers == expected + expected_e = 0x10001 + expected_n = int( + '00C3BBF5D13F59322BA0A0B77EA0B6CF570241628AE24B5BA454D' + '23DCA295652B3523B67752653DFFD69587FAD9578DD6406F23691' + 'EA491C3F8B2D391D0312D9653C303B651067ADF887A5241843CEF' + '8019680A088E092FEC305FB04EA070340BB9BD0F1635B2AD84142' + '61B4E2D010ABD8FC6D2FB768912F78EE6B05A60857532B75B75EF' + 'C007601A4EF58BA947B7E75E38F3443CDD87E7C138A1DAD9D9FB3' + '19FF69DA43A9F6F6B0CD243F042CD1A5AFAEB286BD46AEB2D922B' + 'D01385D6892167074A0907F94A2BF08A54ABB2FFFFC89920861D0' + '46F8706AB88DDADBD9E8204D48B87789081E074024C8996783B31' + '7076A98ABF0A2D8550EAF2097D8CCC7BE76EF', 16) + + expected = RSAPublicNumbers(expected_e, expected_n) + + assert numbers == expected |