174 lines
7.0 KiB
Diff
174 lines
7.0 KiB
Diff
From 36fbe57629cbbb7bf0f4a1e98c43352b82fe181d Mon Sep 17 00:00:00 2001
|
|
From: Andrew Wason <rectalogic@rectalogic.com>
|
|
Date: Wed, 6 Feb 2019 10:56:53 -0500
|
|
Subject: [PATCH 1/4] Move to cryptography 2.5 and stop using deprecated APIs.
|
|
|
|
Fixes #1369
|
|
---
|
|
.travis.yml | 4 ++--
|
|
paramiko/ecdsakey.py | 4 ++--
|
|
paramiko/kex_ecdh_nist.py | 37 +++++++++++++++++++++++++++++--------
|
|
setup.py | 2 +-
|
|
tests/test_kex.py | 12 ++++++------
|
|
5 files changed, 40 insertions(+), 19 deletions(-)
|
|
|
|
Index: paramiko-2.4.2/paramiko/ecdsakey.py
|
|
===================================================================
|
|
--- paramiko-2.4.2.orig/paramiko/ecdsakey.py
|
|
+++ paramiko-2.4.2/paramiko/ecdsakey.py
|
|
@@ -160,12 +160,12 @@ class ECDSAKey(PKey):
|
|
|
|
pointinfo = msg.get_binary()
|
|
try:
|
|
- numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(
|
|
+ key = ec.EllipticCurvePublicKey.from_encoded_point(
|
|
self.ecdsa_curve.curve_class(), pointinfo
|
|
)
|
|
+ self.verifying_key = key
|
|
except ValueError:
|
|
raise SSHException("Invalid public key")
|
|
- self.verifying_key = numbers.public_key(backend=default_backend())
|
|
|
|
@classmethod
|
|
def supported_key_format_identifiers(cls):
|
|
Index: paramiko-2.4.2/paramiko/kex_ecdh_nist.py
|
|
===================================================================
|
|
--- paramiko-2.4.2.orig/paramiko/kex_ecdh_nist.py
|
|
+++ paramiko-2.4.2/paramiko/kex_ecdh_nist.py
|
|
@@ -9,6 +9,7 @@ from paramiko.py3compat import byte_chr,
|
|
from paramiko.ssh_exception import SSHException
|
|
from cryptography.hazmat.backends import default_backend
|
|
from cryptography.hazmat.primitives.asymmetric import ec
|
|
+from cryptography.hazmat.primitives import serialization
|
|
from binascii import hexlify
|
|
|
|
_MSG_KEXECDH_INIT, _MSG_KEXECDH_REPLY = range(30, 32)
|
|
@@ -36,7 +37,12 @@ class KexNistp256:
|
|
m = Message()
|
|
m.add_byte(c_MSG_KEXECDH_INIT)
|
|
# SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion
|
|
- m.add_string(self.Q_C.public_numbers().encode_point())
|
|
+ m.add_string(
|
|
+ self.Q_C.public_bytes(
|
|
+ serialization.Encoding.X962,
|
|
+ serialization.PublicFormat.UncompressedPoint,
|
|
+ )
|
|
+ )
|
|
self.transport._send_message(m)
|
|
self.transport._expect_packet(_MSG_KEXECDH_REPLY)
|
|
|
|
@@ -58,11 +64,11 @@ class KexNistp256:
|
|
|
|
def _parse_kexecdh_init(self, m):
|
|
Q_C_bytes = m.get_string()
|
|
- self.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point(
|
|
+ self.Q_C = ec.EllipticCurvePublicKey.from_encoded_point(
|
|
self.curve, Q_C_bytes
|
|
)
|
|
K_S = self.transport.get_server_key().asbytes()
|
|
- K = self.P.exchange(ec.ECDH(), self.Q_C.public_key(default_backend()))
|
|
+ K = self.P.exchange(ec.ECDH(), self.Q_C)
|
|
K = long(hexlify(K), 16)
|
|
# compute exchange hash
|
|
hm = Message()
|
|
@@ -75,7 +81,12 @@ class KexNistp256:
|
|
hm.add_string(K_S)
|
|
hm.add_string(Q_C_bytes)
|
|
# SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion
|
|
- hm.add_string(self.Q_S.public_numbers().encode_point())
|
|
+ hm.add_string(
|
|
+ self.Q_S.public_bytes(
|
|
+ serialization.Encoding.X962,
|
|
+ serialization.PublicFormat.UncompressedPoint,
|
|
+ )
|
|
+ )
|
|
hm.add_mpint(long(K))
|
|
H = self.hash_algo(hm.asbytes()).digest()
|
|
self.transport._set_K_H(K, H)
|
|
@@ -84,7 +95,12 @@ class KexNistp256:
|
|
m = Message()
|
|
m.add_byte(c_MSG_KEXECDH_REPLY)
|
|
m.add_string(K_S)
|
|
- m.add_string(self.Q_S.public_numbers().encode_point())
|
|
+ m.add_string(
|
|
+ self.Q_S.public_bytes(
|
|
+ serialization.Encoding.X962,
|
|
+ serialization.PublicFormat.UncompressedPoint,
|
|
+ )
|
|
+ )
|
|
m.add_string(sig)
|
|
self.transport._send_message(m)
|
|
self.transport._activate_outbound()
|
|
@@ -92,11 +108,11 @@ class KexNistp256:
|
|
def _parse_kexecdh_reply(self, m):
|
|
K_S = m.get_string()
|
|
Q_S_bytes = m.get_string()
|
|
- self.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point(
|
|
+ self.Q_S = ec.EllipticCurvePublicKey.from_encoded_point(
|
|
self.curve, Q_S_bytes
|
|
)
|
|
sig = m.get_binary()
|
|
- K = self.P.exchange(ec.ECDH(), self.Q_S.public_key(default_backend()))
|
|
+ K = self.P.exchange(ec.ECDH(), self.Q_S)
|
|
K = long(hexlify(K), 16)
|
|
# compute exchange hash and verify signature
|
|
hm = Message()
|
|
@@ -108,7 +124,12 @@ class KexNistp256:
|
|
)
|
|
hm.add_string(K_S)
|
|
# SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion
|
|
- hm.add_string(self.Q_C.public_numbers().encode_point())
|
|
+ hm.add_string(
|
|
+ self.Q_C.public_bytes(
|
|
+ serialization.Encoding.X962,
|
|
+ serialization.PublicFormat.UncompressedPoint,
|
|
+ )
|
|
+ )
|
|
hm.add_string(Q_S_bytes)
|
|
hm.add_mpint(K)
|
|
self.transport._set_K_H(K, self.hash_algo(hm.asbytes()).digest())
|
|
Index: paramiko-2.4.2/setup.py
|
|
===================================================================
|
|
--- paramiko-2.4.2.orig/setup.py
|
|
+++ paramiko-2.4.2/setup.py
|
|
@@ -73,7 +73,7 @@ setup(
|
|
],
|
|
install_requires=[
|
|
"bcrypt>=3.1.3",
|
|
- "cryptography>=1.5",
|
|
+ "cryptography>=2.5",
|
|
"pynacl>=1.0.1",
|
|
"pyasn1>=0.1.7",
|
|
],
|
|
Index: paramiko-2.4.3/tests/test_kex.py
|
|
===================================================================
|
|
--- paramiko-2.4.3.orig/tests/test_kex.py 2019-06-24 00:45:29.000000000 +0200
|
|
+++ paramiko-2.4.3/tests/test_kex.py 2022-09-02 15:55:02.895289382 +0200
|
|
@@ -42,20 +42,20 @@
|
|
def dummy_generate_key_pair(obj):
|
|
private_key_value = 94761803665136558137557783047955027733968423115106677159790289642479432803037 # noqa
|
|
public_key_numbers = "042bdab212fa8ba1b7c843301682a4db424d307246c7e1e6083c41d9ca7b098bf30b3d63e2ec6278488c135360456cc054b3444ecc45998c08894cbc1370f5f989" # noqa
|
|
- public_key_numbers_obj = ec.EllipticCurvePublicNumbers.from_encoded_point(
|
|
+ public_key_numbers_obj = ec.EllipticCurvePublicKey.from_encoded_point(
|
|
ec.SECP256R1(), unhexlify(public_key_numbers)
|
|
- )
|
|
+ ).public_numbers()
|
|
obj.P = ec.EllipticCurvePrivateNumbers(
|
|
private_value=private_key_value, public_numbers=public_key_numbers_obj
|
|
).private_key(default_backend())
|
|
if obj.transport.server_mode:
|
|
- obj.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point(
|
|
+ obj.Q_S = ec.EllipticCurvePublicKey.from_encoded_point(
|
|
ec.SECP256R1(), unhexlify(public_key_numbers)
|
|
- ).public_key(default_backend())
|
|
+ )
|
|
return
|
|
- obj.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point(
|
|
+ obj.Q_C = ec.EllipticCurvePublicKey.from_encoded_point(
|
|
ec.SECP256R1(), unhexlify(public_key_numbers)
|
|
- ).public_key(default_backend())
|
|
+ )
|
|
|
|
|
|
class FakeKey(object):
|