diff options
Diffstat (limited to 'src/cryptography/hazmat/primitives/serialization.py')
| -rw-r--r-- | src/cryptography/hazmat/primitives/serialization.py | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/src/cryptography/hazmat/primitives/serialization.py b/src/cryptography/hazmat/primitives/serialization.py index 0dbbc85c..9d384fc7 100644 --- a/src/cryptography/hazmat/primitives/serialization.py +++ b/src/cryptography/hazmat/primitives/serialization.py @@ -10,6 +10,9 @@ import warnings from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm +from cryptography.hazmat.primitives.asymmetric.dsa import ( + DSAParameterNumbers, DSAPublicNumbers +) from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers @@ -55,19 +58,23 @@ def load_ssh_public_key(data, backend): key_type = key_parts[0] key_body = key_parts[1] - if not key_type.startswith(b'ssh-'): - raise ValueError('SSH-formatted keys must begin with \'ssh-\'.') + try: + decoded_data = base64.b64decode(key_body) + except TypeError: + raise ValueError('Key is not in the proper format.') - if not key_type.startswith(b'ssh-rsa'): - raise UnsupportedAlgorithm('Only RSA keys are currently supported.') + if key_type == b'ssh-rsa': + return _load_ssh_rsa_public_key(decoded_data, backend) + elif key_type == b'ssh-dss': + return _load_ssh_dss_public_key(decoded_data, backend) + else: + raise UnsupportedAlgorithm( + 'Only RSA and DSA keys are currently supported.' + ) - return _load_ssh_rsa_public_key(key_body, backend) - -def _load_ssh_rsa_public_key(key_body, backend): - data = base64.b64decode(key_body) - - key_type, rest = _read_next_string(data) +def _load_ssh_rsa_public_key(decoded_data, backend): + key_type, rest = _read_next_string(decoded_data) e, rest = _read_next_mpint(rest) n, rest = _read_next_mpint(rest) @@ -81,6 +88,26 @@ def _load_ssh_rsa_public_key(key_body, backend): return backend.load_rsa_public_numbers(RSAPublicNumbers(e, n)) +def _load_ssh_dss_public_key(decoded_data, backend): + key_type, rest = _read_next_string(decoded_data) + p, rest = _read_next_mpint(rest) + q, rest = _read_next_mpint(rest) + g, rest = _read_next_mpint(rest) + y, rest = _read_next_mpint(rest) + + if key_type != b'ssh-dss': + raise ValueError( + 'Key header and key body contain different key type values.') + + if rest: + raise ValueError('Key body contains extra bytes.') + + parameter_numbers = DSAParameterNumbers(p, q, g) + public_numbers = DSAPublicNumbers(y, parameter_numbers) + + return backend.load_dsa_public_numbers(public_numbers) + + def _read_next_string(data): """Retrieves the next RFC 4251 string value from the data.""" str_len, = struct.unpack('>I', data[:4]) |