Python cryptography.hazmat.primitives.serialization.Encoding() Examples
The following are 20
code examples of cryptography.hazmat.primitives.serialization.Encoding().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
cryptography.hazmat.primitives.serialization
, or try the search function
.
.
Example #1
| Source File: backend.py From Carnets with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def _parameter_bytes(self, encoding, format, cdata):
if encoding is serialization.Encoding.OpenSSH:
raise TypeError(
"OpenSSH encoding is not supported"
)
# Only DH is supported here currently.
q = self._ffi.new("BIGNUM **")
self._lib.DH_get0_pqg(cdata,
self._ffi.NULL,
q,
self._ffi.NULL)
if encoding is serialization.Encoding.PEM:
if q[0] != self._ffi.NULL:
write_bio = self._lib.PEM_write_bio_DHxparams
else:
write_bio = self._lib.PEM_write_bio_DHparams
elif encoding is serialization.Encoding.DER:
if q[0] != self._ffi.NULL:
write_bio = self._lib.Cryptography_i2d_DHxparams_bio
else:
write_bio = self._lib.i2d_DHparams_bio
else:
raise TypeError("encoding must be an item from the Encoding enum")
bio = self._create_mem_bio_gc()
res = write_bio(bio, cdata)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #2
| Source File: backend.py From teleport with Apache License 2.0 | 5 votes |
|
def _parameter_bytes(self, encoding, format, cdata):
if encoding is serialization.Encoding.OpenSSH:
raise TypeError(
"OpenSSH encoding is not supported"
)
# Only DH is supported here currently.
q = self._ffi.new("BIGNUM **")
self._lib.DH_get0_pqg(cdata,
self._ffi.NULL,
q,
self._ffi.NULL)
if encoding is serialization.Encoding.PEM:
if q[0] != self._ffi.NULL:
write_bio = self._lib.PEM_write_bio_DHxparams
else:
write_bio = self._lib.PEM_write_bio_DHparams
elif encoding is serialization.Encoding.DER:
if q[0] != self._ffi.NULL:
write_bio = self._lib.Cryptography_i2d_DHxparams_bio
else:
write_bio = self._lib.i2d_DHparams_bio
else:
raise TypeError("encoding must be an item from the Encoding enum")
bio = self._create_mem_bio_gc()
res = write_bio(bio, cdata)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #3
| Source File: backend.py From quickstart-redhat-openshift with Apache License 2.0 | 5 votes |
|
def _parameter_bytes(self, encoding, format, cdata):
if encoding is serialization.Encoding.OpenSSH:
raise TypeError(
"OpenSSH encoding is not supported"
)
# Only DH is supported here currently.
q = self._ffi.new("BIGNUM **")
self._lib.DH_get0_pqg(cdata,
self._ffi.NULL,
q,
self._ffi.NULL)
if encoding is serialization.Encoding.PEM:
if q[0] != self._ffi.NULL:
write_bio = self._lib.PEM_write_bio_DHxparams
else:
write_bio = self._lib.PEM_write_bio_DHparams
elif encoding is serialization.Encoding.DER:
if q[0] != self._ffi.NULL:
write_bio = self._lib.Cryptography_i2d_DHxparams_bio
else:
write_bio = self._lib.i2d_DHparams_bio
else:
raise TypeError("encoding must be an item from the Encoding enum")
bio = self._create_mem_bio_gc()
res = write_bio(bio, cdata)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #4
| Source File: backend.py From teleport with Apache License 2.0 | 5 votes |
|
def _parameter_bytes(self, encoding, format, cdata):
if encoding is serialization.Encoding.OpenSSH:
raise TypeError(
"OpenSSH encoding is not supported"
)
# Only DH is supported here currently.
q = self._ffi.new("BIGNUM **")
self._lib.DH_get0_pqg(cdata,
self._ffi.NULL,
q,
self._ffi.NULL)
if encoding is serialization.Encoding.PEM:
if q[0] != self._ffi.NULL:
write_bio = self._lib.PEM_write_bio_DHxparams
else:
write_bio = self._lib.PEM_write_bio_DHparams
elif encoding is serialization.Encoding.DER:
if q[0] != self._ffi.NULL:
write_bio = self._lib.Cryptography_i2d_DHxparams_bio
else:
write_bio = self._lib.i2d_DHparams_bio
else:
raise TypeError("encoding must be an item from the Encoding enum")
bio = self._create_mem_bio_gc()
res = write_bio(bio, cdata)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #5
| Source File: backend.py From teleport with Apache License 2.0 | 5 votes |
|
def _parameter_bytes(self, encoding, format, cdata):
if encoding is serialization.Encoding.OpenSSH:
raise TypeError(
"OpenSSH encoding is not supported"
)
# Only DH is supported here currently.
q = self._ffi.new("BIGNUM **")
self._lib.DH_get0_pqg(cdata,
self._ffi.NULL,
q,
self._ffi.NULL)
if encoding is serialization.Encoding.PEM:
if q[0] != self._ffi.NULL:
write_bio = self._lib.PEM_write_bio_DHxparams
else:
write_bio = self._lib.PEM_write_bio_DHparams
elif encoding is serialization.Encoding.DER:
if q[0] != self._ffi.NULL:
write_bio = self._lib.Cryptography_i2d_DHxparams_bio
else:
write_bio = self._lib.i2d_DHparams_bio
else:
raise TypeError("encoding must be an item from the Encoding enum")
bio = self._create_mem_bio_gc()
res = write_bio(bio, cdata)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #6
| Source File: backend.py From oss-ftp with MIT License | 5 votes |
|
def _public_key_bytes(self, encoding, format, evp_pkey, cdata):
if not isinstance(encoding, serialization.Encoding):
raise TypeError("encoding must be an item from the Encoding enum")
if format is serialization.PublicFormat.SubjectPublicKeyInfo:
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_PUBKEY
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_PUBKEY_bio
key = evp_pkey
elif format is serialization.PublicFormat.PKCS1:
# Only RSA is supported here.
assert evp_pkey.type == self._lib.EVP_PKEY_RSA
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_RSAPublicKey
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_RSAPublicKey_bio
key = cdata
else:
raise TypeError(
"format must be an item from the PublicFormat enum"
)
bio = self._create_mem_bio()
res = write_bio(bio, key)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #7
| Source File: backend.py From learn_python3_spider with MIT License | 5 votes |
|
def _parameter_bytes(self, encoding, format, cdata):
if encoding is serialization.Encoding.OpenSSH:
raise TypeError(
"OpenSSH encoding is not supported"
)
# Only DH is supported here currently.
q = self._ffi.new("BIGNUM **")
self._lib.DH_get0_pqg(cdata,
self._ffi.NULL,
q,
self._ffi.NULL)
if encoding is serialization.Encoding.PEM:
if q[0] != self._ffi.NULL:
write_bio = self._lib.PEM_write_bio_DHxparams
else:
write_bio = self._lib.PEM_write_bio_DHparams
elif encoding is serialization.Encoding.DER:
if q[0] != self._ffi.NULL:
write_bio = self._lib.Cryptography_i2d_DHxparams_bio
else:
write_bio = self._lib.i2d_DHparams_bio
else:
raise TypeError("encoding must be an item from the Encoding enum")
bio = self._create_mem_bio_gc()
res = write_bio(bio, cdata)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #8
| Source File: backend.py From quickstart-git2s3 with Apache License 2.0 | 5 votes |
|
def _parameter_bytes(self, encoding, format, cdata):
if encoding is serialization.Encoding.OpenSSH:
raise TypeError(
"OpenSSH encoding is not supported"
)
# Only DH is supported here currently.
q = self._ffi.new("BIGNUM **")
self._lib.DH_get0_pqg(cdata,
self._ffi.NULL,
q,
self._ffi.NULL)
if encoding is serialization.Encoding.PEM:
if q[0] != self._ffi.NULL:
write_bio = self._lib.PEM_write_bio_DHxparams
else:
write_bio = self._lib.PEM_write_bio_DHparams
elif encoding is serialization.Encoding.DER:
if q[0] != self._ffi.NULL:
write_bio = self._lib.Cryptography_i2d_DHxparams_bio
else:
write_bio = self._lib.i2d_DHparams_bio
else:
raise TypeError("encoding must be an item from the Encoding enum")
bio = self._create_mem_bio_gc()
res = write_bio(bio, cdata)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #9
| Source File: backend.py From learn_python3_spider with MIT License | 4 votes |
|
def _openssh_public_key_bytes(self, key):
if isinstance(key, rsa.RSAPublicKey):
public_numbers = key.public_numbers()
return b"ssh-rsa " + base64.b64encode(
ssh._ssh_write_string(b"ssh-rsa") +
ssh._ssh_write_mpint(public_numbers.e) +
ssh._ssh_write_mpint(public_numbers.n)
)
elif isinstance(key, dsa.DSAPublicKey):
public_numbers = key.public_numbers()
parameter_numbers = public_numbers.parameter_numbers
return b"ssh-dss " + base64.b64encode(
ssh._ssh_write_string(b"ssh-dss") +
ssh._ssh_write_mpint(parameter_numbers.p) +
ssh._ssh_write_mpint(parameter_numbers.q) +
ssh._ssh_write_mpint(parameter_numbers.g) +
ssh._ssh_write_mpint(public_numbers.y)
)
elif isinstance(key, ed25519.Ed25519PublicKey):
raw_bytes = key.public_bytes(serialization.Encoding.Raw,
serialization.PublicFormat.Raw)
return b"ssh-ed25519 " + base64.b64encode(
ssh._ssh_write_string(b"ssh-ed25519") +
ssh._ssh_write_string(raw_bytes)
)
elif isinstance(key, ec.EllipticCurvePublicKey):
public_numbers = key.public_numbers()
try:
curve_name = {
ec.SECP256R1: b"nistp256",
ec.SECP384R1: b"nistp384",
ec.SECP521R1: b"nistp521",
}[type(public_numbers.curve)]
except KeyError:
raise ValueError(
"Only SECP256R1, SECP384R1, and SECP521R1 curves are "
"supported by the SSH public key format"
)
point = key.public_bytes(
serialization.Encoding.X962,
serialization.PublicFormat.UncompressedPoint
)
return b"ecdsa-sha2-" + curve_name + b" " + base64.b64encode(
ssh._ssh_write_string(b"ecdsa-sha2-" + curve_name) +
ssh._ssh_write_string(curve_name) +
ssh._ssh_write_string(point)
)
else:
raise ValueError(
"OpenSSH encoding is not supported for this key type"
)
Example #10
| Source File: backend.py From Carnets with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def _openssh_public_key_bytes(self, key):
if isinstance(key, rsa.RSAPublicKey):
public_numbers = key.public_numbers()
return b"ssh-rsa " + base64.b64encode(
ssh._ssh_write_string(b"ssh-rsa") +
ssh._ssh_write_mpint(public_numbers.e) +
ssh._ssh_write_mpint(public_numbers.n)
)
elif isinstance(key, dsa.DSAPublicKey):
public_numbers = key.public_numbers()
parameter_numbers = public_numbers.parameter_numbers
return b"ssh-dss " + base64.b64encode(
ssh._ssh_write_string(b"ssh-dss") +
ssh._ssh_write_mpint(parameter_numbers.p) +
ssh._ssh_write_mpint(parameter_numbers.q) +
ssh._ssh_write_mpint(parameter_numbers.g) +
ssh._ssh_write_mpint(public_numbers.y)
)
elif isinstance(key, ed25519.Ed25519PublicKey):
raw_bytes = key.public_bytes(serialization.Encoding.Raw,
serialization.PublicFormat.Raw)
return b"ssh-ed25519 " + base64.b64encode(
ssh._ssh_write_string(b"ssh-ed25519") +
ssh._ssh_write_string(raw_bytes)
)
elif isinstance(key, ec.EllipticCurvePublicKey):
public_numbers = key.public_numbers()
try:
curve_name = {
ec.SECP256R1: b"nistp256",
ec.SECP384R1: b"nistp384",
ec.SECP521R1: b"nistp521",
}[type(public_numbers.curve)]
except KeyError:
raise ValueError(
"Only SECP256R1, SECP384R1, and SECP521R1 curves are "
"supported by the SSH public key format"
)
point = key.public_bytes(
serialization.Encoding.X962,
serialization.PublicFormat.UncompressedPoint
)
return b"ecdsa-sha2-" + curve_name + b" " + base64.b64encode(
ssh._ssh_write_string(b"ecdsa-sha2-" + curve_name) +
ssh._ssh_write_string(curve_name) +
ssh._ssh_write_string(point)
)
else:
raise ValueError(
"OpenSSH encoding is not supported for this key type"
)
Example #11
| Source File: backend.py From Carnets with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
if not isinstance(encoding, serialization.Encoding):
raise TypeError("encoding must be an item from the Encoding enum")
# Compressed/UncompressedPoint are only valid for EC keys and those
# cases are handled by the ECPublicKey public_bytes method before this
# method is called
if format in (serialization.PublicFormat.UncompressedPoint,
serialization.PublicFormat.CompressedPoint):
raise ValueError("Point formats are not valid for this key type")
# Raw format and encoding are only valid for X25519, Ed25519, X448, and
# Ed448 keys. We capture those cases before this method is called so if
# we see those enum values here it means the caller has passed them to
# a key that doesn't support raw type
if format is serialization.PublicFormat.Raw:
raise ValueError("raw format is invalid with this key or encoding")
if encoding is serialization.Encoding.Raw:
raise ValueError("raw encoding is invalid with this key or format")
if (
format is serialization.PublicFormat.OpenSSH or
encoding is serialization.Encoding.OpenSSH
):
if (
format is not serialization.PublicFormat.OpenSSH or
encoding is not serialization.Encoding.OpenSSH
):
raise ValueError(
"OpenSSH format must be used with OpenSSH encoding"
)
return self._openssh_public_key_bytes(key)
elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_PUBKEY
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_PUBKEY_bio
key = evp_pkey
elif format is serialization.PublicFormat.PKCS1:
# Only RSA is supported here.
assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_RSAPublicKey
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_RSAPublicKey_bio
key = cdata
else:
raise TypeError(
"format must be an item from the PublicFormat enum"
)
bio = self._create_mem_bio_gc()
res = write_bio(bio, key)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #12
| Source File: backend.py From quickstart-redhat-openshift with Apache License 2.0 | 4 votes |
|
def _openssh_public_key_bytes(self, key):
if isinstance(key, rsa.RSAPublicKey):
public_numbers = key.public_numbers()
return b"ssh-rsa " + base64.b64encode(
ssh._ssh_write_string(b"ssh-rsa") +
ssh._ssh_write_mpint(public_numbers.e) +
ssh._ssh_write_mpint(public_numbers.n)
)
elif isinstance(key, dsa.DSAPublicKey):
public_numbers = key.public_numbers()
parameter_numbers = public_numbers.parameter_numbers
return b"ssh-dss " + base64.b64encode(
ssh._ssh_write_string(b"ssh-dss") +
ssh._ssh_write_mpint(parameter_numbers.p) +
ssh._ssh_write_mpint(parameter_numbers.q) +
ssh._ssh_write_mpint(parameter_numbers.g) +
ssh._ssh_write_mpint(public_numbers.y)
)
else:
assert isinstance(key, ec.EllipticCurvePublicKey)
public_numbers = key.public_numbers()
try:
curve_name = {
ec.SECP256R1: b"nistp256",
ec.SECP384R1: b"nistp384",
ec.SECP521R1: b"nistp521",
}[type(public_numbers.curve)]
except KeyError:
raise ValueError(
"Only SECP256R1, SECP384R1, and SECP521R1 curves are "
"supported by the SSH public key format"
)
point = key.public_bytes(
serialization.Encoding.X962,
serialization.PublicFormat.UncompressedPoint
)
return b"ecdsa-sha2-" + curve_name + b" " + base64.b64encode(
ssh._ssh_write_string(b"ecdsa-sha2-" + curve_name) +
ssh._ssh_write_string(curve_name) +
ssh._ssh_write_string(point)
)
Example #13
| Source File: backend.py From quickstart-redhat-openshift with Apache License 2.0 | 4 votes |
|
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
if not isinstance(encoding, serialization.Encoding):
raise TypeError("encoding must be an item from the Encoding enum")
# Compressed/UncompressedPoint are only valid for EC keys and those
# cases are handled by the ECPublicKey public_bytes method before this
# method is called
if format in (serialization.PublicFormat.UncompressedPoint,
serialization.PublicFormat.CompressedPoint):
raise ValueError("Point formats are not valid for this key type")
# Raw format and encoding are only valid for X25519, Ed25519, X448, and
# Ed448 keys. We capture those cases before this method is called so if
# we see those enum values here it means the caller has passed them to
# a key that doesn't support raw type
if format is serialization.PublicFormat.Raw:
raise ValueError("raw format is invalid with this key or encoding")
if encoding is serialization.Encoding.Raw:
raise ValueError("raw encoding is invalid with this key or format")
if (
format is serialization.PublicFormat.OpenSSH or
encoding is serialization.Encoding.OpenSSH
):
if (
format is not serialization.PublicFormat.OpenSSH or
encoding is not serialization.Encoding.OpenSSH
):
raise ValueError(
"OpenSSH format must be used with OpenSSH encoding"
)
return self._openssh_public_key_bytes(key)
elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_PUBKEY
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_PUBKEY_bio
key = evp_pkey
elif format is serialization.PublicFormat.PKCS1:
# Only RSA is supported here.
assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_RSAPublicKey
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_RSAPublicKey_bio
key = cdata
else:
raise TypeError(
"format must be an item from the PublicFormat enum"
)
bio = self._create_mem_bio_gc()
res = write_bio(bio, key)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #14
| Source File: backend.py From quickstart-git2s3 with Apache License 2.0 | 4 votes |
|
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
if not isinstance(encoding, serialization.Encoding):
raise TypeError("encoding must be an item from the Encoding enum")
if (
format is serialization.PublicFormat.OpenSSH or
encoding is serialization.Encoding.OpenSSH
):
if (
format is not serialization.PublicFormat.OpenSSH or
encoding is not serialization.Encoding.OpenSSH
):
raise ValueError(
"OpenSSH format must be used with OpenSSH encoding"
)
return self._openssh_public_key_bytes(key)
elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_PUBKEY
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_PUBKEY_bio
key = evp_pkey
elif format is serialization.PublicFormat.PKCS1:
# Only RSA is supported here.
assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_RSAPublicKey
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_RSAPublicKey_bio
key = cdata
else:
raise TypeError(
"format must be an item from the PublicFormat enum"
)
bio = self._create_mem_bio_gc()
res = write_bio(bio, key)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #15
| Source File: backend.py From learn_python3_spider with MIT License | 4 votes |
|
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
if not isinstance(encoding, serialization.Encoding):
raise TypeError("encoding must be an item from the Encoding enum")
# Compressed/UncompressedPoint are only valid for EC keys and those
# cases are handled by the ECPublicKey public_bytes method before this
# method is called
if format in (serialization.PublicFormat.UncompressedPoint,
serialization.PublicFormat.CompressedPoint):
raise ValueError("Point formats are not valid for this key type")
# Raw format and encoding are only valid for X25519, Ed25519, X448, and
# Ed448 keys. We capture those cases before this method is called so if
# we see those enum values here it means the caller has passed them to
# a key that doesn't support raw type
if format is serialization.PublicFormat.Raw:
raise ValueError("raw format is invalid with this key or encoding")
if encoding is serialization.Encoding.Raw:
raise ValueError("raw encoding is invalid with this key or format")
if (
format is serialization.PublicFormat.OpenSSH or
encoding is serialization.Encoding.OpenSSH
):
if (
format is not serialization.PublicFormat.OpenSSH or
encoding is not serialization.Encoding.OpenSSH
):
raise ValueError(
"OpenSSH format must be used with OpenSSH encoding"
)
return self._openssh_public_key_bytes(key)
elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_PUBKEY
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_PUBKEY_bio
key = evp_pkey
elif format is serialization.PublicFormat.PKCS1:
# Only RSA is supported here.
assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_RSAPublicKey
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_RSAPublicKey_bio
key = cdata
else:
raise TypeError(
"format must be an item from the PublicFormat enum"
)
bio = self._create_mem_bio_gc()
res = write_bio(bio, key)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #16
| Source File: backend.py From teleport with Apache License 2.0 | 4 votes |
|
def _openssh_public_key_bytes(self, key):
if isinstance(key, rsa.RSAPublicKey):
public_numbers = key.public_numbers()
return b"ssh-rsa " + base64.b64encode(
ssh._ssh_write_string(b"ssh-rsa") +
ssh._ssh_write_mpint(public_numbers.e) +
ssh._ssh_write_mpint(public_numbers.n)
)
elif isinstance(key, dsa.DSAPublicKey):
public_numbers = key.public_numbers()
parameter_numbers = public_numbers.parameter_numbers
return b"ssh-dss " + base64.b64encode(
ssh._ssh_write_string(b"ssh-dss") +
ssh._ssh_write_mpint(parameter_numbers.p) +
ssh._ssh_write_mpint(parameter_numbers.q) +
ssh._ssh_write_mpint(parameter_numbers.g) +
ssh._ssh_write_mpint(public_numbers.y)
)
elif isinstance(key, ed25519.Ed25519PublicKey):
raw_bytes = key.public_bytes(serialization.Encoding.Raw,
serialization.PublicFormat.Raw)
return b"ssh-ed25519 " + base64.b64encode(
ssh._ssh_write_string(b"ssh-ed25519") +
ssh._ssh_write_string(raw_bytes)
)
elif isinstance(key, ec.EllipticCurvePublicKey):
public_numbers = key.public_numbers()
try:
curve_name = {
ec.SECP256R1: b"nistp256",
ec.SECP384R1: b"nistp384",
ec.SECP521R1: b"nistp521",
}[type(public_numbers.curve)]
except KeyError:
raise ValueError(
"Only SECP256R1, SECP384R1, and SECP521R1 curves are "
"supported by the SSH public key format"
)
point = key.public_bytes(
serialization.Encoding.X962,
serialization.PublicFormat.UncompressedPoint
)
return b"ecdsa-sha2-" + curve_name + b" " + base64.b64encode(
ssh._ssh_write_string(b"ecdsa-sha2-" + curve_name) +
ssh._ssh_write_string(curve_name) +
ssh._ssh_write_string(point)
)
else:
raise ValueError(
"OpenSSH encoding is not supported for this key type"
)
Example #17
| Source File: backend.py From teleport with Apache License 2.0 | 4 votes |
|
def _openssh_public_key_bytes(self, key):
if isinstance(key, rsa.RSAPublicKey):
public_numbers = key.public_numbers()
return b"ssh-rsa " + base64.b64encode(
ssh._ssh_write_string(b"ssh-rsa") +
ssh._ssh_write_mpint(public_numbers.e) +
ssh._ssh_write_mpint(public_numbers.n)
)
elif isinstance(key, dsa.DSAPublicKey):
public_numbers = key.public_numbers()
parameter_numbers = public_numbers.parameter_numbers
return b"ssh-dss " + base64.b64encode(
ssh._ssh_write_string(b"ssh-dss") +
ssh._ssh_write_mpint(parameter_numbers.p) +
ssh._ssh_write_mpint(parameter_numbers.q) +
ssh._ssh_write_mpint(parameter_numbers.g) +
ssh._ssh_write_mpint(public_numbers.y)
)
elif isinstance(key, ed25519.Ed25519PublicKey):
raw_bytes = key.public_bytes(serialization.Encoding.Raw,
serialization.PublicFormat.Raw)
return b"ssh-ed25519 " + base64.b64encode(
ssh._ssh_write_string(b"ssh-ed25519") +
ssh._ssh_write_string(raw_bytes)
)
elif isinstance(key, ec.EllipticCurvePublicKey):
public_numbers = key.public_numbers()
try:
curve_name = {
ec.SECP256R1: b"nistp256",
ec.SECP384R1: b"nistp384",
ec.SECP521R1: b"nistp521",
}[type(public_numbers.curve)]
except KeyError:
raise ValueError(
"Only SECP256R1, SECP384R1, and SECP521R1 curves are "
"supported by the SSH public key format"
)
point = key.public_bytes(
serialization.Encoding.X962,
serialization.PublicFormat.UncompressedPoint
)
return b"ecdsa-sha2-" + curve_name + b" " + base64.b64encode(
ssh._ssh_write_string(b"ecdsa-sha2-" + curve_name) +
ssh._ssh_write_string(curve_name) +
ssh._ssh_write_string(point)
)
else:
raise ValueError(
"OpenSSH encoding is not supported for this key type"
)
Example #18
| Source File: backend.py From teleport with Apache License 2.0 | 4 votes |
|
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
if not isinstance(encoding, serialization.Encoding):
raise TypeError("encoding must be an item from the Encoding enum")
# Compressed/UncompressedPoint are only valid for EC keys and those
# cases are handled by the ECPublicKey public_bytes method before this
# method is called
if format in (serialization.PublicFormat.UncompressedPoint,
serialization.PublicFormat.CompressedPoint):
raise ValueError("Point formats are not valid for this key type")
# Raw format and encoding are only valid for X25519, Ed25519, X448, and
# Ed448 keys. We capture those cases before this method is called so if
# we see those enum values here it means the caller has passed them to
# a key that doesn't support raw type
if format is serialization.PublicFormat.Raw:
raise ValueError("raw format is invalid with this key or encoding")
if encoding is serialization.Encoding.Raw:
raise ValueError("raw encoding is invalid with this key or format")
if (
format is serialization.PublicFormat.OpenSSH or
encoding is serialization.Encoding.OpenSSH
):
if (
format is not serialization.PublicFormat.OpenSSH or
encoding is not serialization.Encoding.OpenSSH
):
raise ValueError(
"OpenSSH format must be used with OpenSSH encoding"
)
return self._openssh_public_key_bytes(key)
elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_PUBKEY
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_PUBKEY_bio
key = evp_pkey
elif format is serialization.PublicFormat.PKCS1:
# Only RSA is supported here.
assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_RSAPublicKey
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_RSAPublicKey_bio
key = cdata
else:
raise TypeError(
"format must be an item from the PublicFormat enum"
)
bio = self._create_mem_bio_gc()
res = write_bio(bio, key)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #19
| Source File: backend.py From teleport with Apache License 2.0 | 4 votes |
|
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
if not isinstance(encoding, serialization.Encoding):
raise TypeError("encoding must be an item from the Encoding enum")
if (
format is serialization.PublicFormat.OpenSSH or
encoding is serialization.Encoding.OpenSSH
):
if (
format is not serialization.PublicFormat.OpenSSH or
encoding is not serialization.Encoding.OpenSSH
):
raise ValueError(
"OpenSSH format must be used with OpenSSH encoding"
)
return self._openssh_public_key_bytes(key)
elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_PUBKEY
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_PUBKEY_bio
key = evp_pkey
elif format is serialization.PublicFormat.PKCS1:
# Only RSA is supported here.
assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_RSAPublicKey
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_RSAPublicKey_bio
key = cdata
else:
raise TypeError(
"format must be an item from the PublicFormat enum"
)
bio = self._create_mem_bio_gc()
res = write_bio(bio, key)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
Example #20
| Source File: backend.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 4 votes |
|
def _public_key_bytes(self, encoding, format, key, evp_pkey, cdata):
if not isinstance(encoding, serialization.Encoding):
raise TypeError("encoding must be an item from the Encoding enum")
if (
format is serialization.PublicFormat.OpenSSH or
encoding is serialization.Encoding.OpenSSH
):
if (
format is not serialization.PublicFormat.OpenSSH or
encoding is not serialization.Encoding.OpenSSH
):
raise ValueError(
"OpenSSH format must be used with OpenSSH encoding"
)
return self._openssh_public_key_bytes(key)
elif format is serialization.PublicFormat.SubjectPublicKeyInfo:
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_PUBKEY
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_PUBKEY_bio
key = evp_pkey
elif format is serialization.PublicFormat.PKCS1:
# Only RSA is supported here.
assert self._lib.EVP_PKEY_id(evp_pkey) == self._lib.EVP_PKEY_RSA
if encoding is serialization.Encoding.PEM:
write_bio = self._lib.PEM_write_bio_RSAPublicKey
else:
assert encoding is serialization.Encoding.DER
write_bio = self._lib.i2d_RSAPublicKey_bio
key = cdata
else:
raise TypeError(
"format must be an item from the PublicFormat enum"
)
bio = self._create_mem_bio_gc()
res = write_bio(bio, key)
self.openssl_assert(res == 1)
return self._read_mem_bio(bio)
