From 632129c427fb912f6fdca9aa37418e828c75b87f Mon Sep 17 00:00:00 2001 From: Ethan Glasser-Camp Date: Sun, 24 Mar 2013 17:13:50 -0400 Subject: [PATCH 1/3] Introduce ECDSA This just adds tests; hooking this up with paramiko comes in the next commit. --- paramiko/__init__.py | 1 + paramiko/ecdsakey.py | 181 ++++++++++++++++++++++++++++++++++ requirements.txt | 1 + setup.py | 4 +- tests/test_ecdsa.key | 5 + tests/test_ecdsa_password.key | 8 ++ tests/test_pkey.py | 64 +++++++++++- 7 files changed, 261 insertions(+), 3 deletions(-) create mode 100644 paramiko/ecdsakey.py create mode 100644 tests/test_ecdsa.key create mode 100644 tests/test_ecdsa_password.key diff --git a/paramiko/__init__.py b/paramiko/__init__.py index e2b359f..08eaf9b 100644 --- a/paramiko/__init__.py +++ b/paramiko/__init__.py @@ -69,6 +69,7 @@ from ssh_exception import SSHException, PasswordRequiredException, \ from server import ServerInterface, SubsystemHandler, InteractiveQuery from rsakey import RSAKey from dsskey import DSSKey +from ecdsakey import ECDSAKey from sftp import SFTPError, BaseSFTP from sftp_client import SFTP, SFTPClient from sftp_server import SFTPServer diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py new file mode 100644 index 0000000..ac840ab --- /dev/null +++ b/paramiko/ecdsakey.py @@ -0,0 +1,181 @@ +# Copyright (C) 2003-2007 Robey Pointer +# +# This file is part of paramiko. +# +# Paramiko is free software; you can redistribute it and/or modify it under the +# terms of the GNU Lesser General Public License as published by the Free +# Software Foundation; either version 2.1 of the License, or (at your option) +# any later version. +# +# Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more +# details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with Paramiko; if not, write to the Free Software Foundation, Inc., +# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + +""" +L{ECDSAKey} +""" + +import binascii +from ecdsa import SigningKey, VerifyingKey, der, curves +from ecdsa.util import number_to_string, sigencode_string, sigencode_strings, sigdecode_strings +from Crypto.Hash import SHA256, MD5 +from Crypto.Cipher import DES3 + +from paramiko.common import * +from paramiko import util +from paramiko.message import Message +from paramiko.ber import BER, BERException +from paramiko.pkey import PKey +from paramiko.ssh_exception import SSHException + + +class ECDSAKey (PKey): + """ + Representation of an ECDSA key which can be used to sign and verify SSH2 + data. + """ + + def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None): + self.verifying_key = None + self.signing_key = None + if file_obj is not None: + self._from_private_key(file_obj, password) + return + if filename is not None: + self._from_private_key_file(filename, password) + return + if (msg is None) and (data is not None): + msg = Message(data) + if vals is not None: + self.verifying_key, self.signing_key = vals + else: + if msg is None: + raise SSHException('Key object may not be empty') + if msg.get_string() != 'ecdsa-sha2-nistp256': + raise SSHException('Invalid key') + curvename = msg.get_string() + if curvename != 'nistp256': + raise SSHException("Can't handle curve of type %s" % curvename) + + pointinfo = msg.get_string() + if pointinfo[0] != "\x04": + raise SSHException('Point compression is being used: %s'% + binascii.hexlify(pointinfo)) + self.verifying_key = VerifyingKey.from_string(pointinfo[1:], + curve=curves.NIST256p) + self.size = 256 + + def __str__(self): + key = self.verifying_key + m = Message() + m.add_string('ecdsa-sha2-nistp256') + m.add_string('nistp256') + + point_str = "\x04" + key.to_string() + + m.add_string(point_str) + return str(m) + + def __hash__(self): + h = hash(self.get_name()) + h = h * 37 + hash(self.verifying_key.pubkey.point.x()) + h = h * 37 + hash(self.verifying_key.pubkey.point.y()) + return hash(h) + + def get_name(self): + return 'ecdsa-sha2-nistp256' + + def get_bits(self): + return self.size + + def can_sign(self): + return self.signing_key is not None + + def sign_ssh_data(self, rpool, data): + digest = SHA256.new(data).digest() + sig = self.signing_key.sign_digest(digest, entropy=rpool.read, + sigencode=self._sigencode) + m = Message() + m.add_string('ecdsa-sha2-nistp256') + m.add_string(sig) + return m + + def verify_ssh_sig(self, data, msg): + if msg.get_string() != 'ecdsa-sha2-nistp256': + return False + sig = msg.get_string() + + # verify the signature by SHA'ing the data and encrypting it + # using the public key. + hash_obj = SHA256.new(data).digest() + return self.verifying_key.verify_digest(sig, hash_obj, + sigdecode=self._sigdecode) + + def write_private_key_file(self, filename, password=None): + key = self.signing_key or self.verifying_key + self._write_private_key_file('EC', filename, key.to_der(), password) + + def write_private_key(self, file_obj, password=None): + key = self.signing_key or self.verifying_key + self._write_private_key('EC', file_obj, key.to_der(), password) + + def generate(bits, progress_func=None): + """ + Generate a new private RSA key. This factory function can be used to + generate a new host key or authentication key. + + @param bits: number of bits the generated key should be. + @type bits: int + @param progress_func: an optional function to call at key points in + key generation (used by C{pyCrypto.PublicKey}). + @type progress_func: function + @return: new private key + @rtype: L{RSAKey} + """ + signing_key = ECDSA.generate() + key = ECDSAKey(vals=(signing_key, signing_key.get_verifying_key())) + return key + generate = staticmethod(generate) + + + ### internals... + + + def _from_private_key_file(self, filename, password): + data = self._read_private_key_file('EC', filename, password) + self._decode_key(data) + + def _from_private_key(self, file_obj, password): + data = self._read_private_key('EC', file_obj, password) + self._decode_key(data) + + ALLOWED_PADDINGS = ['\x01', '\x02\x02', '\x03\x03\x03', '\x04\x04\x04\x04', + '\x05\x05\x05\x05\x05', '\x06\x06\x06\x06\x06\x06', + '\x07\x07\x07\x07\x07\x07\x07'] + def _decode_key(self, data): + s, padding = der.remove_sequence(data) + if padding: + if padding not in self.ALLOWED_PADDINGS: + raise ValueError, "weird padding: %s" % (binascii.hexlify(empty)) + data = data[:-len(padding)] + key = SigningKey.from_der(data) + self.signing_key = key + self.verifying_key = key.get_verifying_key() + self.size = 256 + + def _sigencode(self, r, s, order): + msg = Message() + msg.add_mpint(r) + msg.add_mpint(s) + return str(msg) + + def _sigdecode(self, sig, order): + msg = Message(sig) + r = msg.get_mpint() + s = msg.get_mpint() + return (r, s) diff --git a/requirements.txt b/requirements.txt index 75112a2..bc21503 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ pycrypto tox +ecdsa diff --git a/setup.py b/setup.py index 9812a4f..4b1dc3b 100644 --- a/setup.py +++ b/setup.py @@ -40,7 +40,9 @@ import sys try: from setuptools import setup kw = { - 'install_requires': 'pycrypto >= 2.1, != 2.4', + 'install_requires': ['pycrypto >= 2.1, != 2.4', + 'ecdsa', + ], } except ImportError: from distutils.core import setup diff --git a/tests/test_ecdsa.key b/tests/test_ecdsa.key new file mode 100644 index 0000000..42d4473 --- /dev/null +++ b/tests/test_ecdsa.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIKB6ty3yVyKEnfF/zprx0qwC76MsMlHY4HXCnqho2eKioAoGCCqGSM49 +AwEHoUQDQgAElI9mbdlaS+T9nHxY/59lFnn80EEecZDBHq4gLpccY8Mge5ZTMiMD +ADRvOqQ5R98Sxst765CAqXmRtz8vwoD96g== +-----END EC PRIVATE KEY----- diff --git a/tests/test_ecdsa_password.key b/tests/test_ecdsa_password.key new file mode 100644 index 0000000..eb7910e --- /dev/null +++ b/tests/test_ecdsa_password.key @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,EEB56BC745EDB2DE04FC3FE1F8DA387E + +wdt7QTCa6ahTJLaEPH7NhHyBcxhzrzf93d4UwQOuAhkM6//jKD4lF9fErHBW0f3B +ExberCU3UxfEF3xX2thXiLw47JgeOCeQUlqRFx92p36k6YmfNGX6W8CsZ3d+XodF +Z+pb6m285CiSX+W95NenFMexXFsIpntiCvTifTKJ8os= +-----END EC PRIVATE KEY----- diff --git a/tests/test_pkey.py b/tests/test_pkey.py index 89d5580..daea3a6 100644 --- a/tests/test_pkey.py +++ b/tests/test_pkey.py @@ -23,14 +23,17 @@ Some unit tests for public/private key objects. from binascii import hexlify, unhexlify import StringIO import unittest -from paramiko import RSAKey, DSSKey, Message, util +from paramiko import RSAKey, DSSKey, ECDSAKey, Message, util from paramiko.common import rng # from openssh's ssh-keygen PUB_RSA = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA049W6geFpmsljTwfvI1UmKWWJPNFI74+vNKTk4dmzkQY2yAMs6FhlvhlI8ysU4oj71ZsRYMecHbBbxdN79+JRFVYTKaLqjwGENeTd+yv4q+V2PvZv3fLnzApI3l7EJCqhWwJUHJ1jAkZzqDx0tyOL4uoZpww3nmE0kb3y21tH4c=' PUB_DSS = 'ssh-dss AAAAB3NzaC1kc3MAAACBAOeBpgNnfRzr/twmAQRu2XwWAp3CFtrVnug6s6fgwj/oLjYbVtjAy6pl/h0EKCWx2rf1IetyNsTxWrniA9I6HeDj65X1FyDkg6g8tvCnaNB8Xp/UUhuzHuGsMIipRxBxw9LF608EqZcj1E3ytktoW5B5OcjrkEoz3xG7C+rpIjYvAAAAFQDwz4UnmsGiSNu5iqjn3uTzwUpshwAAAIEAkxfFeY8P2wZpDjX0MimZl5wkoFQDL25cPzGBuB4OnB8NoUk/yjAHIIpEShw8V+LzouMK5CTJQo5+Ngw3qIch/WgRmMHy4kBq1SsXMjQCte1So6HBMvBPIW5SiMTmjCfZZiw4AYHK+B/JaOwaG9yRg2Ejg4Ok10+XFDxlqZo8Y+wAAACARmR7CCPjodxASvRbIyzaVpZoJ/Z6x7dAumV+ysrV1BVYd0lYukmnjO1kKBWApqpH1ve9XDQYN8zgxM4b16L21kpoWQnZtXrY3GZ4/it9kUgyB7+NwacIBlXa8cMDL7Q/69o0d54U0X/NeX5QxuYR6OMJlrkQB7oiW/P/1mwjQgE=' +PUB_ECDSA = 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJSPZm3ZWkvk/Zx8WP+fZRZ5/NBBHnGQwR6uIC6XHGPDIHuWUzIjAwA0bzqkOUffEsbLe+uQgKl5kbc/L8KA/eo=' + FINGER_RSA = '1024 60:73:38:44:cb:51:86:65:7f:de:da:a2:2b:5a:57:d5' FINGER_DSS = '1024 44:78:f0:b9:a2:3c:c5:18:20:09:ff:75:5b:c1:d2:6c' +FINGER_ECDSA = '256 25:19:eb:55:e6:a1:47:ff:4f:38:d2:75:6f:a5:d5:60' SIGNED_RSA = '20:d7:8a:31:21:cb:f7:92:12:f2:a4:89:37:f5:78:af:e6:16:b6:25:b9:97:3d:a2:cd:5f:ca:20:21:73:4c:ad:34:73:8f:20:77:28:e2:94:15:08:d8:91:40:7a:85:83:bf:18:37:95:dc:54:1a:9b:88:29:6c:73:ca:38:b4:04:f1:56:b9:f2:42:9d:52:1b:29:29:b4:4f:fd:c9:2d:af:47:d2:40:76:30:f3:63:45:0c:d9:1d:43:86:0f:1c:70:e2:93:12:34:f3:ac:c5:0a:2f:14:50:66:59:f1:88:ee:c1:4a:e9:d1:9c:4e:46:f0:0e:47:6f:38:74:f1:44:a8' RSA_PRIVATE_OUT = """\ @@ -66,6 +69,13 @@ QPSch9pT9XHqn+1rZ4bK+QGA -----END DSA PRIVATE KEY----- """ +ECDSA_PRIVATE_OUT = """\ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIKB6ty3yVyKEnfF/zprx0qwC76MsMlHY4HXCnqho2eKioAoGCCqGSM49 +AwEHoUQDQgAElI9mbdlaS+T9nHxY/59lFnn80EEecZDBHq4gLpccY8Mge5ZTMiMD +ADRvOqQ5R98Sxst765CAqXmRtz8vwoD96g== +-----END EC PRIVATE KEY----- +""" class KeyTest (unittest.TestCase): @@ -176,7 +186,7 @@ class KeyTest (unittest.TestCase): msg.rewind() pub = DSSKey(data=str(key)) self.assert_(pub.verify_ssh_sig('ice weasels', msg)) - + def test_A_generate_rsa(self): key = RSAKey.generate(1024) msg = key.sign_ssh_data(rng, 'jerri blank') @@ -188,3 +198,53 @@ class KeyTest (unittest.TestCase): msg = key.sign_ssh_data(rng, 'jerri blank') msg.rewind() self.assert_(key.verify_ssh_sig('jerri blank', msg)) + + def test_10_load_ecdsa(self): + key = ECDSAKey.from_private_key_file('tests/test_ecdsa.key') + self.assertEquals('ecdsa-sha2-nistp256', key.get_name()) + exp_ecdsa = FINGER_ECDSA.split()[1].replace(':', '') + my_ecdsa = hexlify(key.get_fingerprint()) + self.assertEquals(exp_ecdsa, my_ecdsa) + self.assertEquals(PUB_ECDSA.split()[1], key.get_base64()) + self.assertEquals(256, key.get_bits()) + + s = StringIO.StringIO() + key.write_private_key(s) + self.assertEquals(ECDSA_PRIVATE_OUT, s.getvalue()) + s.seek(0) + key2 = ECDSAKey.from_private_key(s) + self.assertEquals(key, key2) + + def test_11_load_ecdsa_password(self): + key = ECDSAKey.from_private_key_file('tests/test_ecdsa_password.key', 'television') + self.assertEquals('ecdsa-sha2-nistp256', key.get_name()) + exp_ecdsa = FINGER_ECDSA.split()[1].replace(':', '') + my_ecdsa = hexlify(key.get_fingerprint()) + self.assertEquals(exp_ecdsa, my_ecdsa) + self.assertEquals(PUB_ECDSA.split()[1], key.get_base64()) + self.assertEquals(256, key.get_bits()) + + def test_12_compare_ecdsa(self): + # verify that the private & public keys compare equal + key = ECDSAKey.from_private_key_file('tests/test_ecdsa.key') + self.assertEquals(key, key) + pub = ECDSAKey(data=str(key)) + self.assert_(key.can_sign()) + self.assert_(not pub.can_sign()) + self.assertEquals(key, pub) + + def test_13_sign_ecdsa(self): + # verify that the rsa private key can sign and verify + key = ECDSAKey.from_private_key_file('tests/test_ecdsa.key') + msg = key.sign_ssh_data(rng, 'ice weasels') + self.assert_(type(msg) is Message) + msg.rewind() + self.assertEquals('ecdsa-sha2-nistp256', msg.get_string()) + # ECDSA signatures, like DSS signatures, tend to be different + # each time, so we can't compare against a "known correct" + # signature. + # Even the length of the signature can change. + + msg.rewind() + pub = ECDSAKey(data=str(key)) + self.assert_(pub.verify_ssh_sig('ice weasels', msg)) From ebdbfae5b1fd069f53c13b830fcf737b279977b7 Mon Sep 17 00:00:00 2001 From: Ethan Glasser-Camp Date: Mon, 25 Mar 2013 11:40:46 -0400 Subject: [PATCH 2/3] Hook up ECDSA to hostkeys More sophisticated key negotiation is still necessary in the case where we have an ECDSA key for the server and it offers us both RSA and ECDSA. In this case, we will pick RSA and fail because we don't have it. Instead, we should pick ECDSA. Still, this works if you tell your server to only offer ECDSA keys :) --- paramiko/hostkeys.py | 4 ++++ paramiko/transport.py | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/paramiko/hostkeys.py b/paramiko/hostkeys.py index e739312..edc9300 100644 --- a/paramiko/hostkeys.py +++ b/paramiko/hostkeys.py @@ -28,6 +28,7 @@ import UserDict from paramiko.common import * from paramiko.dsskey import DSSKey from paramiko.rsakey import RSAKey +from paramiko.ecdsakey import ECDSAKey class InvalidHostKey(Exception): @@ -77,8 +78,11 @@ class HostKeyEntry: key = RSAKey(data=base64.decodestring(key)) elif keytype == 'ssh-dss': key = DSSKey(data=base64.decodestring(key)) + elif keytype == 'ecdsa-sha2-nistp256': + key = ECDSAKey(data=base64.decodestring(key)) else: return None + except binascii.Error, e: raise InvalidHostKey(line, e) diff --git a/paramiko/transport.py b/paramiko/transport.py index fd6dab7..aca51a9 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -42,6 +42,7 @@ from paramiko.message import Message from paramiko.packet import Packetizer, NeedRekeyException from paramiko.primes import ModulusPack from paramiko.rsakey import RSAKey +from paramiko.ecdsakey import ECDSAKey from paramiko.server import ServerInterface from paramiko.sftp_client import SFTPClient from paramiko.ssh_exception import (SSHException, BadAuthenticationType, @@ -202,7 +203,7 @@ class Transport (threading.Thread): _preferred_ciphers = ( 'aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc', 'aes256-cbc', '3des-cbc', 'arcfour128', 'arcfour256' ) _preferred_macs = ( 'hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96' ) - _preferred_keys = ( 'ssh-rsa', 'ssh-dss' ) + _preferred_keys = ( 'ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256' ) _preferred_kex = ( 'diffie-hellman-group1-sha1', 'diffie-hellman-group-exchange-sha1' ) _preferred_compression = ( 'none', ) @@ -227,6 +228,7 @@ class Transport (threading.Thread): _key_info = { 'ssh-rsa': RSAKey, 'ssh-dss': DSSKey, + 'ecdsa-sha2-nistp256': ECDSAKey, } _kex_info = { From a733c428cd7d2c419d03e3fa6a230e965ed3ff47 Mon Sep 17 00:00:00 2001 From: Ethan Glasser-Camp Date: Tue, 30 Apr 2013 00:25:53 -0400 Subject: [PATCH 3/3] Add NEWS entry --- NEWS | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/NEWS b/NEWS index 4c54c99..6bf371c 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,14 @@ Releases v1.11.0 (DD MM YYYY) -------------------- +* #152: Add tentative support for ECDSA keys. *This adds the ecdsa + module as a dependency of Paramiko.* The module is available at + `warner/python-ecdsa on Github + `_ and `ecdsa on PyPI + `_. Note that you might still + run into problems with key negotiation -- Paramiko picks the first + key that the server offers, which might not be what you have in your + known_hosts file. * #98: On Windows, when interacting with the PuTTY PAgeant, Paramiko now creates the shared memory map with explicit Security Attributes of the user, which is the same technique employed by the canonical PuTTY library to avoid