author | Matt Keenan <matt.keenan@oracle.com> |
Fri, 19 Jun 2015 09:35:02 +0100 | |
branch | s11-update |
changeset 4508 | d8924d870370 |
permissions | -rw-r--r-- |
4508
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1 |
External but not-yet-integrated patch that changes Paramiko to use |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
2 |
"cryptography" rather than "PyCrypto". The changes have been modified |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
3 |
from |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
4 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
5 |
https://github.com/paramiko/paramiko/pull/394/files |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
6 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
7 |
to patch cleanly into Paramiko 1.15.2. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
8 |
This patch is a stop-gap and will be removed when the upstream Paramiko |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
9 |
completes the transition to "cryptography". |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
10 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
11 |
--- paramiko-1.15.2/README.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
12 |
+++ paramiko-1.15.2/README 2015-04-12 17:36:15.204911382 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
13 |
@@ -25,7 +25,7 @@ channels to remote services across the e |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
14 |
works, for example). |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
15 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
16 |
it is written entirely in python (no C or platform-dependent code) and is |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
17 |
-released under the GNU LGPL (lesser GPL). |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
18 |
+released under the GNU LGPL (lesser GPL). |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
19 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
20 |
the package and its API is fairly well documented in the "doc/" folder |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
21 |
that should have come with this archive. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
22 |
@@ -36,8 +36,8 @@ Requirements |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
23 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
24 |
- Python 2.6 or better <http://www.python.org/> - this includes Python |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
25 |
3.2 and higher as well. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
26 |
- - pycrypto 2.1 or better <https://www.dlitz.net/software/pycrypto/> |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
27 |
- - ecdsa 0.9 or better <https://pypi.python.org/pypi/ecdsa> |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
28 |
+ - Cryptography 0.8 or better <https://cryptography.io> |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
29 |
+ - pyasn1 0.1.7 or better <https://pypi.python.org/pypi/pyasn1> |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
30 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
31 |
If you have setuptools, you can build and install paramiko and all its |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
32 |
dependencies with this command (as root):: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
33 |
--- paramiko-1.15.2/paramiko/_winapi.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
34 |
+++ paramiko-1.15.2/paramiko/_winapi.py 2015-04-12 17:36:15.205197752 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
35 |
@@ -106,7 +106,7 @@ MapViewOfFile.restype = ctypes.wintypes. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
36 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
37 |
class MemoryMap(object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
38 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
39 |
- A memory map object which can have security attributes overrideden. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
40 |
+ A memory map object which can have security attributes overridden. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
41 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
42 |
def __init__(self, name, length, security_attributes=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
43 |
self.name = name |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
44 |
--- paramiko-1.15.2/paramiko/agent.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
45 |
+++ paramiko-1.15.2/paramiko/agent.py 2015-04-12 17:36:15.205474363 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
46 |
@@ -32,7 +32,7 @@ from select import select |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
47 |
from paramiko.common import asbytes, io_sleep |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
48 |
from paramiko.py3compat import byte_chr |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
49 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
50 |
-from paramiko.ssh_exception import SSHException |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
51 |
+from paramiko.ssh_exception import SSHException, AuthenticationException |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
52 |
from paramiko.message import Message |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
53 |
from paramiko.pkey import PKey |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
54 |
from paramiko.util import retry_on_signal |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
55 |
@@ -109,9 +109,12 @@ class AgentProxyThread(threading.Thread) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
56 |
def run(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
57 |
try: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
58 |
(r, addr) = self.get_connection() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
59 |
+ # Found that r should be either a socket from the socket library or None |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
60 |
self.__inr = r |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
61 |
- self.__addr = addr |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
62 |
+ self.__addr = addr # This should be an IP address as a string? or None |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
63 |
self._agent.connect() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
64 |
+ if not isinstance(self._agent, int) and (self._agent._conn is None or not hasattr(self._agent._conn, 'fileno')): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
65 |
+ raise AuthenticationException("Unable to connect to SSH agent") |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
66 |
self._communicate() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
67 |
except: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
68 |
#XXX Not sure what to do here ... raise or pass ? |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
69 |
--- paramiko-1.15.2/paramiko/channel.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
70 |
+++ paramiko-1.15.2/paramiko/channel.py 2015-04-12 17:36:15.205880064 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
71 |
@@ -337,7 +337,7 @@ class Channel (ClosingContextManager): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
72 |
further x11 requests can be made from the server to the client, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
73 |
when an x11 application is run in a shell session. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
74 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
75 |
- From RFC4254:: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
76 |
+ From :rfc:`4254`:: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
77 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
78 |
It is RECOMMENDED that the 'x11 authentication cookie' that is |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
79 |
sent be a fake, random cookie, and that the cookie be checked and |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
80 |
--- paramiko-1.15.2/paramiko/client.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
81 |
+++ paramiko-1.15.2/paramiko/client.py 2015-04-12 17:36:15.206296235 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
82 |
@@ -25,6 +25,7 @@ import getpass |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
83 |
import os |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
84 |
import socket |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
85 |
import warnings |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
86 |
+from errno import ECONNREFUSED, EHOSTUNREACH |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
87 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
88 |
from paramiko.agent import Agent |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
89 |
from paramiko.common import DEBUG |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
90 |
@@ -35,7 +36,9 @@ from paramiko.hostkeys import HostKeys |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
91 |
from paramiko.py3compat import string_types |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
92 |
from paramiko.resource import ResourceManager |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
93 |
from paramiko.rsakey import RSAKey |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
94 |
-from paramiko.ssh_exception import SSHException, BadHostKeyException |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
95 |
+from paramiko.ssh_exception import ( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
96 |
+ SSHException, BadHostKeyException, NoValidConnectionsError |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
97 |
+) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
98 |
from paramiko.transport import Transport |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
99 |
from paramiko.util import retry_on_signal, ClosingContextManager |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
100 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
101 |
@@ -172,10 +175,46 @@ class SSHClient (ClosingContextManager): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
102 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
103 |
self._policy = policy |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
104 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
105 |
- def connect(self, hostname, port=SSH_PORT, username=None, password=None, pkey=None, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
106 |
- key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
107 |
- compress=False, sock=None, gss_auth=False, gss_kex=False, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
108 |
- gss_deleg_creds=True, gss_host=None, banner_timeout=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
109 |
+ def _families_and_addresses(self, hostname, port): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
110 |
+ """ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
111 |
+ Yield pairs of address families and addresses to try for connecting. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
112 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
113 |
+ :param str hostname: the server to connect to |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
114 |
+ :param int port: the server port to connect to |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
115 |
+ :returns: Yields an iterable of ``(family, address)`` tuples |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
116 |
+ """ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
117 |
+ guess = True |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
118 |
+ addrinfos = socket.getaddrinfo(hostname, port, socket.AF_UNSPEC, socket.SOCK_STREAM) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
119 |
+ for (family, socktype, proto, canonname, sockaddr) in addrinfos: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
120 |
+ if socktype == socket.SOCK_STREAM: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
121 |
+ yield family, sockaddr |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
122 |
+ guess = False |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
123 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
124 |
+ # some OS like AIX don't indicate SOCK_STREAM support, so just guess. :( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
125 |
+ # We only do this if we did not get a single result marked as socktype == SOCK_STREAM. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
126 |
+ if guess: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
127 |
+ for family, _, _, _, sockaddr in addrinfos: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
128 |
+ yield family, sockaddr |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
129 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
130 |
+ def connect( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
131 |
+ self, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
132 |
+ hostname, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
133 |
+ port=SSH_PORT, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
134 |
+ username=None, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
135 |
+ password=None, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
136 |
+ pkey=None, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
137 |
+ key_filename=None, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
138 |
+ timeout=None, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
139 |
+ allow_agent=True, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
140 |
+ look_for_keys=True, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
141 |
+ compress=False, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
142 |
+ sock=None, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
143 |
+ gss_auth=False, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
144 |
+ gss_kex=False, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
145 |
+ gss_deleg_creds=True, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
146 |
+ gss_host=None, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
147 |
+ banner_timeout=None |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
148 |
+ ): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
149 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
150 |
Connect to an SSH server and authenticate to it. The server's host key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
151 |
is checked against the system host keys (see `load_system_host_keys`) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
152 |
@@ -206,8 +245,10 @@ class SSHClient (ClosingContextManager): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
153 |
:param str key_filename: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
154 |
the filename, or list of filenames, of optional private key(s) to |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
155 |
try for authentication |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
156 |
- :param float timeout: an optional timeout (in seconds) for the TCP connect |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
157 |
- :param bool allow_agent: set to False to disable connecting to the SSH agent |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
158 |
+ :param float timeout: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
159 |
+ an optional timeout (in seconds) for the TCP connect |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
160 |
+ :param bool allow_agent: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
161 |
+ set to False to disable connecting to the SSH agent |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
162 |
:param bool look_for_keys: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
163 |
set to False to disable searching for discoverable private key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
164 |
files in ``~/.ssh/`` |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
165 |
@@ -216,9 +257,11 @@ class SSHClient (ClosingContextManager): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
166 |
an open socket or socket-like object (such as a `.Channel`) to use |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
167 |
for communication to the target host |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
168 |
:param bool gss_auth: ``True`` if you want to use GSS-API authentication |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
169 |
- :param bool gss_kex: Perform GSS-API Key Exchange and user authentication |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
170 |
+ :param bool gss_kex: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
171 |
+ Perform GSS-API Key Exchange and user authentication |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
172 |
:param bool gss_deleg_creds: Delegate GSS-API client credentials or not |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
173 |
- :param str gss_host: The targets name in the kerberos database. default: hostname |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
174 |
+ :param str gss_host: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
175 |
+ The targets name in the kerberos database. default: hostname |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
176 |
:param float banner_timeout: an optional timeout (in seconds) to wait |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
177 |
for the SSH banner to be presented. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
178 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
179 |
@@ -234,21 +277,37 @@ class SSHClient (ClosingContextManager): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
180 |
``gss_deleg_creds`` and ``gss_host`` arguments. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
181 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
182 |
if not sock: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
183 |
- for (family, socktype, proto, canonname, sockaddr) in socket.getaddrinfo(hostname, port, socket.AF_UNSPEC, socket.SOCK_STREAM): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
184 |
- if socktype == socket.SOCK_STREAM: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
185 |
- af = family |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
186 |
- addr = sockaddr |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
187 |
- break |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
188 |
- else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
189 |
- # some OS like AIX don't indicate SOCK_STREAM support, so just guess. :( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
190 |
- af, _, _, _, addr = socket.getaddrinfo(hostname, port, socket.AF_UNSPEC, socket.SOCK_STREAM) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
191 |
- sock = socket.socket(af, socket.SOCK_STREAM) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
192 |
- if timeout is not None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
193 |
+ errors = {} |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
194 |
+ # Try multiple possible address families (e.g. IPv4 vs IPv6) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
195 |
+ to_try = list(self._families_and_addresses(hostname, port)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
196 |
+ for af, addr in to_try: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
197 |
try: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
198 |
- sock.settimeout(timeout) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
199 |
- except: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
200 |
- pass |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
201 |
- retry_on_signal(lambda: sock.connect(addr)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
202 |
+ sock = socket.socket(af, socket.SOCK_STREAM) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
203 |
+ if timeout is not None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
204 |
+ try: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
205 |
+ sock.settimeout(timeout) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
206 |
+ except: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
207 |
+ pass |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
208 |
+ retry_on_signal(lambda: sock.connect(addr)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
209 |
+ # Break out of the loop on success |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
210 |
+ break |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
211 |
+ except socket.error as e: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
212 |
+ # Raise anything that isn't a straight up connection error |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
213 |
+ # (such as a resolution error) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
214 |
+ if e.errno not in (ECONNREFUSED, EHOSTUNREACH): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
215 |
+ raise |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
216 |
+ # Capture anything else so we know how the run looks once |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
217 |
+ # iteration is complete. Retain info about which attempt |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
218 |
+ # this was. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
219 |
+ errors[addr] = e |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
220 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
221 |
+ # Make sure we explode usefully if no address family attempts |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
222 |
+ # succeeded. We've no way of knowing which error is the "right" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
223 |
+ # one, so we construct a hybrid exception containing all the real |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
224 |
+ # ones, of a subclass that client code should still be watching for |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
225 |
+ # (socket.error) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
226 |
+ if len(errors) == len(to_try): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
227 |
+ raise NoValidConnectionsError(errors) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
228 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
229 |
t = self._transport = Transport(sock, gss_kex=gss_kex, gss_deleg_creds=gss_deleg_creds) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
230 |
t.use_compression(compress=compress) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
231 |
--- paramiko-1.15.2/paramiko/config.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
232 |
+++ paramiko-1.15.2/paramiko/config.py 2015-04-12 17:36:15.206521239 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
233 |
@@ -98,7 +98,7 @@ class SSHConfig (object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
234 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
235 |
The host-matching rules of OpenSSH's ``ssh_config`` man page are used: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
236 |
For each parameter, the first obtained value will be used. The |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
237 |
- configuration files contain sections separated by ``Host'' |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
238 |
+ configuration files contain sections separated by ``Host`` |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
239 |
specifications, and that section is only applied for hosts that match |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
240 |
one of the patterns given in the specification. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
241 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
242 |
--- paramiko-1.15.2/paramiko/dsskey.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
243 |
+++ paramiko-1.15.2/paramiko/dsskey.py 2015-04-12 17:36:15.206846024 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
244 |
@@ -20,21 +20,23 @@ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
245 |
DSS keys. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
246 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
247 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
248 |
-import os |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
249 |
-from hashlib import sha1 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
250 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
251 |
-from Crypto.PublicKey import DSA |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
252 |
+from cryptography.exceptions import InvalidSignature |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
253 |
+from cryptography.hazmat.backends import default_backend |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
254 |
+from cryptography.hazmat.primitives import hashes, serialization |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
255 |
+from cryptography.hazmat.primitives.asymmetric import dsa |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
256 |
+from cryptography.hazmat.primitives.asymmetric.utils import ( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
257 |
+ decode_rfc6979_signature, encode_rfc6979_signature |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
258 |
+) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
259 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
260 |
from paramiko import util |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
261 |
from paramiko.common import zero_byte |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
262 |
-from paramiko.py3compat import long |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
263 |
from paramiko.ssh_exception import SSHException |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
264 |
from paramiko.message import Message |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
265 |
from paramiko.ber import BER, BERException |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
266 |
from paramiko.pkey import PKey |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
267 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
268 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
269 |
-class DSSKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
270 |
+class DSSKey(PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
271 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
272 |
Representation of a DSS key which can be used to sign an verify SSH2 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
273 |
data. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
274 |
@@ -98,15 +100,21 @@ class DSSKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
275 |
return self.x is not None |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
276 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
277 |
def sign_ssh_data(self, data): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
278 |
- digest = sha1(data).digest() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
279 |
- dss = DSA.construct((long(self.y), long(self.g), long(self.p), long(self.q), long(self.x))) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
280 |
- # generate a suitable k |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
281 |
- qsize = len(util.deflate_long(self.q, 0)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
282 |
- while True: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
283 |
- k = util.inflate_long(os.urandom(qsize), 1) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
284 |
- if (k > 2) and (k < self.q): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
285 |
- break |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
286 |
- r, s = dss.sign(util.inflate_long(digest, 1), k) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
287 |
+ key = dsa.DSAPrivateNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
288 |
+ x=self.x, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
289 |
+ public_numbers=dsa.DSAPublicNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
290 |
+ y=self.y, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
291 |
+ parameter_numbers=dsa.DSAParameterNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
292 |
+ p=self.p, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
293 |
+ q=self.q, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
294 |
+ g=self.g |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
295 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
296 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
297 |
+ ).private_key(backend=default_backend()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
298 |
+ signer = key.signer(hashes.SHA1()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
299 |
+ signer.update(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
300 |
+ r, s = decode_rfc6979_signature(signer.finalize()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
301 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
302 |
m = Message() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
303 |
m.add_string('ssh-dss') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
304 |
# apparently, in rare cases, r or s may be shorter than 20 bytes! |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
305 |
@@ -132,27 +140,65 @@ class DSSKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
306 |
# pull out (r, s) which are NOT encoded as mpints |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
307 |
sigR = util.inflate_long(sig[:20], 1) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
308 |
sigS = util.inflate_long(sig[20:], 1) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
309 |
- sigM = util.inflate_long(sha1(data).digest(), 1) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
310 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
311 |
- dss = DSA.construct((long(self.y), long(self.g), long(self.p), long(self.q))) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
312 |
- return dss.verify(sigM, (sigR, sigS)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
313 |
+ signature = encode_rfc6979_signature(sigR, sigS) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
314 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
315 |
- def _encode_key(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
316 |
- if self.x is None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
317 |
- raise SSHException('Not enough key information') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
318 |
- keylist = [0, self.p, self.q, self.g, self.y, self.x] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
319 |
+ key = dsa.DSAPublicNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
320 |
+ y=self.y, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
321 |
+ parameter_numbers=dsa.DSAParameterNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
322 |
+ p=self.p, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
323 |
+ q=self.q, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
324 |
+ g=self.g |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
325 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
326 |
+ ).public_key(backend=default_backend()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
327 |
+ verifier = key.verifier(signature, hashes.SHA1()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
328 |
+ verifier.update(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
329 |
try: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
330 |
- b = BER() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
331 |
- b.encode(keylist) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
332 |
- except BERException: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
333 |
- raise SSHException('Unable to create ber encoding of key') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
334 |
- return b.asbytes() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
335 |
+ verifier.verify() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
336 |
+ except InvalidSignature: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
337 |
+ return False |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
338 |
+ else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
339 |
+ return True |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
340 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
341 |
def write_private_key_file(self, filename, password=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
342 |
- self._write_private_key_file('DSA', filename, self._encode_key(), password) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
343 |
+ key = dsa.DSAPrivateNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
344 |
+ x=self.x, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
345 |
+ public_numbers=dsa.DSAPublicNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
346 |
+ y=self.y, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
347 |
+ parameter_numbers=dsa.DSAParameterNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
348 |
+ p=self.p, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
349 |
+ q=self.q, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
350 |
+ g=self.g |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
351 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
352 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
353 |
+ ).private_key(backend=default_backend()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
354 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
355 |
+ self._write_private_key_file( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
356 |
+ filename, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
357 |
+ key, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
358 |
+ serialization.PrivateFormat.TraditionalOpenSSL, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
359 |
+ password=password |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
360 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
361 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
362 |
def write_private_key(self, file_obj, password=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
363 |
- self._write_private_key('DSA', file_obj, self._encode_key(), password) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
364 |
+ key = dsa.DSAPrivateNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
365 |
+ x=self.x, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
366 |
+ public_numbers=dsa.DSAPublicNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
367 |
+ y=self.y, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
368 |
+ parameter_numbers=dsa.DSAParameterNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
369 |
+ p=self.p, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
370 |
+ q=self.q, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
371 |
+ g=self.g |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
372 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
373 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
374 |
+ ).private_key(backend=default_backend()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
375 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
376 |
+ self._write_private_key( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
377 |
+ file_obj, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
378 |
+ key, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
379 |
+ serialization.PrivateFormat.TraditionalOpenSSL, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
380 |
+ password=password |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
381 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
382 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
383 |
@staticmethod |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
384 |
def generate(bits=1024, progress_func=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
385 |
@@ -161,14 +207,19 @@ class DSSKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
386 |
generate a new host key or authentication key. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
387 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
388 |
:param int bits: number of bits the generated key should be. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
389 |
- :param function progress_func: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
390 |
- an optional function to call at key points in key generation (used |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
391 |
- by ``pyCrypto.PublicKey``). |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
392 |
+ :param function progress_func: Unused |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
393 |
:return: new `.DSSKey` private key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
394 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
395 |
- dsa = DSA.generate(bits, os.urandom, progress_func) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
396 |
- key = DSSKey(vals=(dsa.p, dsa.q, dsa.g, dsa.y)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
397 |
- key.x = dsa.x |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
398 |
+ numbers = dsa.generate_private_key( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
399 |
+ bits, backend=default_backend() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
400 |
+ ).private_numbers() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
401 |
+ key = DSSKey(vals=( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
402 |
+ numbers.public_numbers.parameter_numbers.p, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
403 |
+ numbers.public_numbers.parameter_numbers.q, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
404 |
+ numbers.public_numbers.parameter_numbers.g, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
405 |
+ numbers.public_numbers.y |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
406 |
+ )) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
407 |
+ key.x = numbers.x |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
408 |
return key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
409 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
410 |
### internals... |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
411 |
--- paramiko-1.15.2/paramiko/ecdsakey.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
412 |
+++ paramiko-1.15.2/paramiko/ecdsakey.py 2015-04-12 17:36:15.207208398 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
413 |
@@ -21,18 +21,24 @@ ECDSA keys |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
414 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
415 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
416 |
import binascii |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
417 |
-from hashlib import sha256 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
418 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
419 |
-from ecdsa import SigningKey, VerifyingKey, der, curves |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
420 |
+from cryptography.exceptions import InvalidSignature |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
421 |
+from cryptography.hazmat.backends import default_backend |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
422 |
+from cryptography.hazmat.primitives import hashes, serialization |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
423 |
+from cryptography.hazmat.primitives.asymmetric import ec |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
424 |
+from cryptography.hazmat.primitives.asymmetric.utils import ( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
425 |
+ decode_rfc6979_signature, encode_rfc6979_signature |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
426 |
+) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
427 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
428 |
from paramiko.common import four_byte, one_byte |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
429 |
from paramiko.message import Message |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
430 |
from paramiko.pkey import PKey |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
431 |
-from paramiko.py3compat import byte_chr, u |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
432 |
+from paramiko.py3compat import byte_chr |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
433 |
from paramiko.ssh_exception import SSHException |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
434 |
+from paramiko.util import deflate_long, inflate_long |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
435 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
436 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
437 |
-class ECDSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
438 |
+class ECDSAKey(PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
439 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
440 |
Representation of an ECDSA key which can be used to sign and verify SSH2 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
441 |
data. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
442 |
@@ -65,9 +71,13 @@ class ECDSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
443 |
if pointinfo[0:1] != four_byte: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
444 |
raise SSHException('Point compression is being used: %s' % |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
445 |
binascii.hexlify(pointinfo)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
446 |
- self.verifying_key = VerifyingKey.from_string(pointinfo[1:], |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
447 |
- curve=curves.NIST256p, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
448 |
- validate_point=validate_point) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
449 |
+ curve = ec.SECP256R1() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
450 |
+ numbers = ec.EllipticCurvePublicNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
451 |
+ x=inflate_long(pointinfo[1:1 + curve.key_size // 8], always_positive=True), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
452 |
+ y=inflate_long(pointinfo[1 + curve.key_size // 8:], always_positive=True), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
453 |
+ curve=curve |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
454 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
455 |
+ self.verifying_key = numbers.public_key(backend=default_backend()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
456 |
self.size = 256 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
457 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
458 |
def asbytes(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
459 |
@@ -76,8 +86,15 @@ class ECDSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
460 |
m.add_string('ecdsa-sha2-nistp256') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
461 |
m.add_string('nistp256') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
462 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
463 |
- point_str = four_byte + key.to_string() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
464 |
+ numbers = key.public_numbers() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
465 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
466 |
+ x_bytes = deflate_long(numbers.x, add_sign_padding=False) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
467 |
+ x_bytes = b'\x00' * (len(x_bytes) - key.curve.key_size // 8) + x_bytes |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
468 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
469 |
+ y_bytes = deflate_long(numbers.y, add_sign_padding=False) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
470 |
+ y_bytes = b'\x00' * (len(y_bytes) - key.curve.key_size // 8) + y_bytes |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
471 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
472 |
+ point_str = four_byte + x_bytes + y_bytes |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
473 |
m.add_string(point_str) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
474 |
return m.asbytes() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
475 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
476 |
@@ -86,8 +103,8 @@ class ECDSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
477 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
478 |
def __hash__(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
479 |
h = hash(self.get_name()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
480 |
- h = h * 37 + hash(self.verifying_key.pubkey.point.x()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
481 |
- h = h * 37 + hash(self.verifying_key.pubkey.point.y()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
482 |
+ h = h * 37 + hash(self.verifying_key.public_numbers().x) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
483 |
+ h = h * 37 + hash(self.verifying_key.public_numbers().y) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
484 |
return hash(h) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
485 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
486 |
def get_name(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
487 |
@@ -100,46 +117,59 @@ class ECDSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
488 |
return self.signing_key is not None |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
489 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
490 |
def sign_ssh_data(self, data): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
491 |
- sig = self.signing_key.sign_deterministic( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
492 |
- data, sigencode=self._sigencode, hashfunc=sha256) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
493 |
+ signer = self.signing_key.signer(ec.ECDSA(hashes.SHA256())) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
494 |
+ signer.update(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
495 |
+ sig = signer.finalize() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
496 |
+ r, s = decode_rfc6979_signature(sig) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
497 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
498 |
m = Message() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
499 |
m.add_string('ecdsa-sha2-nistp256') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
500 |
- m.add_string(sig) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
501 |
+ m.add_string(self._sigencode(r, s)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
502 |
return m |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
503 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
504 |
def verify_ssh_sig(self, data, msg): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
505 |
if msg.get_text() != 'ecdsa-sha2-nistp256': |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
506 |
return False |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
507 |
sig = msg.get_binary() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
508 |
+ sigR, sigS = self._sigdecode(sig) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
509 |
+ signature = encode_rfc6979_signature(sigR, sigS) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
510 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
511 |
- # verify the signature by SHA'ing the data and encrypting it |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
512 |
- # using the public key. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
513 |
- hash_obj = sha256(data).digest() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
514 |
- return self.verifying_key.verify_digest(sig, hash_obj, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
515 |
- sigdecode=self._sigdecode) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
516 |
+ verifier = self.verifying_key.verifier(signature, ec.ECDSA(hashes.SHA256())) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
517 |
+ verifier.update(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
518 |
+ try: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
519 |
+ verifier.verify() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
520 |
+ except InvalidSignature: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
521 |
+ return False |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
522 |
+ else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
523 |
+ return True |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
524 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
525 |
def write_private_key_file(self, filename, password=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
526 |
- key = self.signing_key or self.verifying_key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
527 |
- self._write_private_key_file('EC', filename, key.to_der(), password) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
528 |
+ self._write_private_key_file( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
529 |
+ filename, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
530 |
+ self.signing_key, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
531 |
+ serialization.PrivateFormat.TraditionalOpenSSL, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
532 |
+ password=password |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
533 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
534 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
535 |
def write_private_key(self, file_obj, password=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
536 |
- key = self.signing_key or self.verifying_key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
537 |
- self._write_private_key('EC', file_obj, key.to_der(), password) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
538 |
+ self._write_private_key( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
539 |
+ file_obj, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
540 |
+ self.signing_key, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
541 |
+ serialization.PrivateFormat.TraditionalOpenSSL, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
542 |
+ password=password |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
543 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
544 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
545 |
@staticmethod |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
546 |
- def generate(curve=curves.NIST256p, progress_func=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
547 |
+ def generate(curve=ec.SECP256R1(), progress_func=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
548 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
549 |
Generate a new private RSA key. This factory function can be used to |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
550 |
generate a new host key or authentication key. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
551 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
552 |
- :param function progress_func: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
553 |
- an optional function to call at key points in key generation (used |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
554 |
- by ``pyCrypto.PublicKey``). |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
555 |
+ :param function progress_func: Unused |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
556 |
:returns: A new private key (`.RSAKey`) object |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
557 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
558 |
- signing_key = SigningKey.generate(curve) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
559 |
- key = ECDSAKey(vals=(signing_key, signing_key.get_verifying_key())) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
560 |
- return key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
561 |
+ private_key = ec.generate_private_key(curve, backend=default_backend()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
562 |
+ return ECDSAKey(vals=(private_key, private_key.public_key())) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
563 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
564 |
### internals... |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
565 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
566 |
@@ -155,23 +185,18 @@ class ECDSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
567 |
byte_chr(5) * 5, byte_chr(6) * 6, byte_chr(7) * 7] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
568 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
569 |
def _decode_key(self, data): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
570 |
- s, padding = der.remove_sequence(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
571 |
- if padding: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
572 |
- if padding not in self.ALLOWED_PADDINGS: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
573 |
- raise ValueError("weird padding: %s" % u(binascii.hexlify(data))) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
574 |
- data = data[:-len(padding)] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
575 |
- key = SigningKey.from_der(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
576 |
+ key = serialization.load_der_private_key(data, password=None, backend=default_backend()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
577 |
self.signing_key = key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
578 |
- self.verifying_key = key.get_verifying_key() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
579 |
- self.size = 256 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
580 |
+ self.verifying_key = key.public_key() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
581 |
+ self.size = key.curve.key_size |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
582 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
583 |
- def _sigencode(self, r, s, order): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
584 |
+ def _sigencode(self, r, s): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
585 |
msg = Message() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
586 |
msg.add_mpint(r) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
587 |
msg.add_mpint(s) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
588 |
return msg.asbytes() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
589 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
590 |
- def _sigdecode(self, sig, order): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
591 |
+ def _sigdecode(self, sig): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
592 |
msg = Message(sig) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
593 |
r = msg.get_mpint() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
594 |
s = msg.get_mpint() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
595 |
--- paramiko-1.15.2/paramiko/kex_gss.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
596 |
+++ paramiko-1.15.2/paramiko/kex_gss.py 2015-04-12 17:36:15.207554941 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
597 |
@@ -21,14 +21,15 @@ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
598 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
599 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
600 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
601 |
-This module provides GSS-API / SSPI Key Exchange as defined in RFC 4462. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
602 |
+This module provides GSS-API / SSPI Key Exchange as defined in :rfc:`4462`. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
603 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
604 |
.. note:: Credential delegation is not supported in server mode. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
605 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
606 |
.. note:: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
607 |
- `RFC 4462 Section 2.2 <http://www.ietf.org/rfc/rfc4462.txt>`_ says we are |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
608 |
- not required to implement GSS-API error messages. Thus, in many methods |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
609 |
- within this module, if an error occurs an exception will be thrown and the |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
610 |
+ `RFC 4462 Section 2.2 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
611 |
+ <https://tools.ietf.org/html/rfc4462.html#section-2.2>`_ says we are not |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
612 |
+ required to implement GSS-API error messages. Thus, in many methods within |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
613 |
+ this module, if an error occurs an exception will be thrown and the |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
614 |
connection will be terminated. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
615 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
616 |
.. seealso:: :doc:`/api/ssh_gss` |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
617 |
@@ -55,8 +56,8 @@ c_MSG_KEXGSS_GROUPREQ, c_MSG_KEXGSS_GROU |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
618 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
619 |
class KexGSSGroup1(object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
620 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
621 |
- GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
622 |
- as defined in `RFC 4462 Section 2 <http://www.ietf.org/rfc/rfc4462.txt>`_ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
623 |
+ GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange as defined in `RFC |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
624 |
+ 4462 Section 2 <https://tools.ietf.org/html/rfc4462.html#section-2>`_ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
625 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
626 |
# draft-ietf-secsh-transport-09.txt, page 17 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
627 |
P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
628 |
@@ -278,8 +279,9 @@ class KexGSSGroup1(object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
629 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
630 |
class KexGSSGroup14(KexGSSGroup1): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
631 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
632 |
- GSS-API / SSPI Authenticated Diffie-Hellman Group14 Key Exchange |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
633 |
- as defined in `RFC 4462 Section 2 <http://www.ietf.org/rfc/rfc4462.txt>`_ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
634 |
+ GSS-API / SSPI Authenticated Diffie-Hellman Group14 Key Exchange as defined |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
635 |
+ in `RFC 4462 Section 2 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
636 |
+ <https://tools.ietf.org/html/rfc4462.html#section-2>`_ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
637 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
638 |
P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
639 |
G = 2 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
640 |
@@ -288,8 +290,8 @@ class KexGSSGroup14(KexGSSGroup1): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
641 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
642 |
class KexGSSGex(object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
643 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
644 |
- GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
645 |
- as defined in `RFC 4462 Section 2 <http://www.ietf.org/rfc/rfc4462.txt>`_ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
646 |
+ GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange as defined in |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
647 |
+ `RFC 4462 Section 2 <https://tools.ietf.org/html/rfc4462.html#section-2>`_ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
648 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
649 |
NAME = "gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
650 |
min_bits = 1024 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
651 |
@@ -590,8 +592,9 @@ class KexGSSGex(object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
652 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
653 |
class NullHostKey(object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
654 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
655 |
- This class represents the Null Host Key for GSS-API Key Exchange |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
656 |
- as defined in `RFC 4462 Section 5 <http://www.ietf.org/rfc/rfc4462.txt>`_ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
657 |
+ This class represents the Null Host Key for GSS-API Key Exchange as defined |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
658 |
+ in `RFC 4462 Section 5 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
659 |
+ <https://tools.ietf.org/html/rfc4462.html#section-5>`_ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
660 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
661 |
def __init__(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
662 |
self.key = "" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
663 |
--- paramiko-1.15.2/paramiko/packet.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
664 |
+++ paramiko-1.15.2/paramiko/packet.py 2015-04-12 17:36:15.207839345 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
665 |
@@ -307,7 +307,7 @@ class Packetizer (object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
666 |
self._log(DEBUG, 'Write packet <%s>, length %d' % (cmd_name, orig_len)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
667 |
self._log(DEBUG, util.format_binary(packet, 'OUT: ')) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
668 |
if self.__block_engine_out is not None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
669 |
- out = self.__block_engine_out.encrypt(packet) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
670 |
+ out = self.__block_engine_out.update(packet) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
671 |
else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
672 |
out = packet |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
673 |
# + mac |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
674 |
@@ -340,7 +340,7 @@ class Packetizer (object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
675 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
676 |
header = self.read_all(self.__block_size_in, check_rekey=True) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
677 |
if self.__block_engine_in is not None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
678 |
- header = self.__block_engine_in.decrypt(header) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
679 |
+ header = self.__block_engine_in.update(header) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
680 |
if self.__dump_packets: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
681 |
self._log(DEBUG, util.format_binary(header, 'IN: ')) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
682 |
packet_size = struct.unpack('>I', header[:4])[0] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
683 |
@@ -352,7 +352,7 @@ class Packetizer (object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
684 |
packet = buf[:packet_size - len(leftover)] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
685 |
post_packet = buf[packet_size - len(leftover):] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
686 |
if self.__block_engine_in is not None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
687 |
- packet = self.__block_engine_in.decrypt(packet) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
688 |
+ packet = self.__block_engine_in.update(packet) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
689 |
if self.__dump_packets: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
690 |
self._log(DEBUG, util.format_binary(packet, 'IN: ')) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
691 |
packet = leftover + packet |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
692 |
--- paramiko-1.15.2/paramiko/pkey.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
693 |
+++ paramiko-1.15.2/paramiko/pkey.py 2015-04-12 17:36:15.208139348 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
694 |
@@ -21,27 +21,39 @@ Common API for all public keys. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
695 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
696 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
697 |
import base64 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
698 |
-from binascii import hexlify, unhexlify |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
699 |
+from binascii import unhexlify |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
700 |
import os |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
701 |
from hashlib import md5 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
702 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
703 |
-from Crypto.Cipher import DES3, AES |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
704 |
+from cryptography.hazmat.backends import default_backend |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
705 |
+from cryptography.hazmat.primitives import serialization |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
706 |
+from cryptography.hazmat.primitives.ciphers import algorithms, modes, Cipher |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
707 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
708 |
from paramiko import util |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
709 |
-from paramiko.common import o600, zero_byte |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
710 |
+from paramiko.common import o600 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
711 |
from paramiko.py3compat import u, encodebytes, decodebytes, b |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
712 |
from paramiko.ssh_exception import SSHException, PasswordRequiredException |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
713 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
714 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
715 |
-class PKey (object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
716 |
+class PKey(object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
717 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
718 |
Base class for public keys. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
719 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
720 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
721 |
# known encryption types for private key files: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
722 |
_CIPHER_TABLE = { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
723 |
- 'AES-128-CBC': {'cipher': AES, 'keysize': 16, 'blocksize': 16, 'mode': AES.MODE_CBC}, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
724 |
- 'DES-EDE3-CBC': {'cipher': DES3, 'keysize': 24, 'blocksize': 8, 'mode': DES3.MODE_CBC}, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
725 |
+ 'AES-128-CBC': { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
726 |
+ 'cipher': algorithms.AES, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
727 |
+ 'keysize': 16, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
728 |
+ 'blocksize': 16, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
729 |
+ 'mode': modes.CBC |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
730 |
+ }, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
731 |
+ 'DES-EDE3-CBC': { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
732 |
+ 'cipher': algorithms.TripleDES, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
733 |
+ 'keysize': 24, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
734 |
+ 'blocksize': 8, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
735 |
+ 'mode': modes.CBC |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
736 |
+ }, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
737 |
} |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
738 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
739 |
def __init__(self, msg=None, data=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
740 |
@@ -300,9 +312,12 @@ class PKey (object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
741 |
mode = self._CIPHER_TABLE[encryption_type]['mode'] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
742 |
salt = unhexlify(b(saltstr)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
743 |
key = util.generate_key_bytes(md5, salt, password, keysize) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
744 |
- return cipher.new(key, mode, salt).decrypt(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
745 |
+ decryptor = Cipher( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
746 |
+ cipher(key), mode(salt), backend=default_backend() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
747 |
+ ).decryptor() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
748 |
+ return decryptor.update(data) + decryptor.finalize() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
749 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
750 |
- def _write_private_key_file(self, tag, filename, data, password=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
751 |
+ def _write_private_key_file(self, filename, key, format, password=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
752 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
753 |
Write an SSH2-format private key file in a form that can be read by |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
754 |
paramiko or openssh. If no password is given, the key is written in |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
755 |
@@ -319,31 +334,16 @@ class PKey (object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
756 |
with open(filename, 'w', o600) as f: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
757 |
# grrr... the mode doesn't always take hold |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
758 |
os.chmod(filename, o600) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
759 |
- self._write_private_key(tag, f, data, password) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
760 |
+ self._write_private_key(f, key, format) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
761 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
762 |
- def _write_private_key(self, tag, f, data, password=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
763 |
- f.write('-----BEGIN %s PRIVATE KEY-----\n' % tag) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
764 |
- if password is not None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
765 |
- cipher_name = list(self._CIPHER_TABLE.keys())[0] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
766 |
- cipher = self._CIPHER_TABLE[cipher_name]['cipher'] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
767 |
- keysize = self._CIPHER_TABLE[cipher_name]['keysize'] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
768 |
- blocksize = self._CIPHER_TABLE[cipher_name]['blocksize'] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
769 |
- mode = self._CIPHER_TABLE[cipher_name]['mode'] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
770 |
- salt = os.urandom(blocksize) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
771 |
- key = util.generate_key_bytes(md5, salt, password, keysize) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
772 |
- if len(data) % blocksize != 0: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
773 |
- n = blocksize - len(data) % blocksize |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
774 |
- #data += os.urandom(n) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
775 |
- # that would make more sense ^, but it confuses openssh. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
776 |
- data += zero_byte * n |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
777 |
- data = cipher.new(key, mode, salt).encrypt(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
778 |
- f.write('Proc-Type: 4,ENCRYPTED\n') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
779 |
- f.write('DEK-Info: %s,%s\n' % (cipher_name, u(hexlify(salt)).upper())) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
780 |
- f.write('\n') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
781 |
- s = u(encodebytes(data)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
782 |
- # re-wrap to 64-char lines |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
783 |
- s = ''.join(s.split('\n')) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
784 |
- s = '\n'.join([s[i: i + 64] for i in range(0, len(s), 64)]) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
785 |
- f.write(s) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
786 |
- f.write('\n') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
787 |
- f.write('-----END %s PRIVATE KEY-----\n' % tag) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
788 |
+ def _write_private_key(self, f, key, format, password=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
789 |
+ if password is None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
790 |
+ encryption = serialization.NoEncryption() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
791 |
+ else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
792 |
+ encryption = serialization.BestEncryption(password) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
793 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
794 |
+ f.write(key.private_bytes( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
795 |
+ serialization.Encoding.PEM, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
796 |
+ format, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
797 |
+ encryption |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
798 |
+ ).decode()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
799 |
--- paramiko-1.15.2/paramiko/rsakey.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
800 |
+++ paramiko-1.15.2/paramiko/rsakey.py 2015-04-12 17:36:15.208516662 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
801 |
@@ -20,34 +20,26 @@ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
802 |
RSA keys. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
803 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
804 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
805 |
-import os |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
806 |
-from hashlib import sha1 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
807 |
+from cryptography.exceptions import InvalidSignature |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
808 |
+from cryptography.hazmat.backends import default_backend |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
809 |
+from cryptography.hazmat.primitives import hashes, serialization |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
810 |
+from cryptography.hazmat.primitives.asymmetric import rsa, padding |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
811 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
812 |
-from Crypto.PublicKey import RSA |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
813 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
814 |
-from paramiko import util |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
815 |
-from paramiko.common import max_byte, zero_byte, one_byte |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
816 |
from paramiko.message import Message |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
817 |
-from paramiko.ber import BER, BERException |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
818 |
from paramiko.pkey import PKey |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
819 |
-from paramiko.py3compat import long |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
820 |
from paramiko.ssh_exception import SSHException |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
821 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
822 |
SHA1_DIGESTINFO = b'\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14' |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
823 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
824 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
825 |
-class RSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
826 |
+class RSAKey(PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
827 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
828 |
Representation of an RSA key which can be used to sign and verify SSH2 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
829 |
data. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
830 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
831 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
832 |
- def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
833 |
- self.n = None |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
834 |
- self.e = None |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
835 |
- self.d = None |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
836 |
- self.p = None |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
837 |
- self.q = None |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
838 |
+ def __init__(self, msg=None, data=None, filename=None, password=None, key=None, file_obj=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
839 |
+ self.key = None |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
840 |
if file_obj is not None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
841 |
self._from_private_key(file_obj, password) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
842 |
return |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
843 |
@@ -56,22 +48,33 @@ class RSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
844 |
return |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
845 |
if (msg is None) and (data is not None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
846 |
msg = Message(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
847 |
- if vals is not None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
848 |
- self.e, self.n = vals |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
849 |
+ if key is not None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
850 |
+ self.key = key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
851 |
else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
852 |
if msg is None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
853 |
raise SSHException('Key object may not be empty') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
854 |
if msg.get_text() != 'ssh-rsa': |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
855 |
raise SSHException('Invalid key') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
856 |
- self.e = msg.get_mpint() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
857 |
- self.n = msg.get_mpint() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
858 |
- self.size = util.bit_length(self.n) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
859 |
+ self.key = rsa.RSAPublicNumbers( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
860 |
+ e=msg.get_mpint(), n=msg.get_mpint() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
861 |
+ ).public_key(default_backend()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
862 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
863 |
+ @property |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
864 |
+ def size(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
865 |
+ return self.key.key_size |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
866 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
867 |
+ @property |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
868 |
+ def public_numbers(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
869 |
+ if isinstance(self.key, rsa.RSAPrivateKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
870 |
+ return self.key.private_numbers().public_numbers |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
871 |
+ else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
872 |
+ return self.key.public_numbers() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
873 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
874 |
def asbytes(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
875 |
m = Message() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
876 |
m.add_string('ssh-rsa') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
877 |
- m.add_mpint(self.e) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
878 |
- m.add_mpint(self.n) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
879 |
+ m.add_mpint(self.public_numbers.e) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
880 |
+ m.add_mpint(self.public_numbers.n) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
881 |
return m.asbytes() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
882 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
883 |
def __str__(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
884 |
@@ -79,8 +82,8 @@ class RSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
885 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
886 |
def __hash__(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
887 |
h = hash(self.get_name()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
888 |
- h = h * 37 + hash(self.e) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
889 |
- h = h * 37 + hash(self.n) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
890 |
+ h = h * 37 + hash(self.public_numbers.e) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
891 |
+ h = h * 37 + hash(self.public_numbers.n) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
892 |
return hash(h) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
893 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
894 |
def get_name(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
895 |
@@ -90,12 +93,16 @@ class RSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
896 |
return self.size |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
897 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
898 |
def can_sign(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
899 |
- return self.d is not None |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
900 |
+ return isinstance(self.key, rsa.RSAPrivateKey) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
901 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
902 |
def sign_ssh_data(self, data): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
903 |
- digest = sha1(data).digest() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
904 |
- rsa = RSA.construct((long(self.n), long(self.e), long(self.d))) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
905 |
- sig = util.deflate_long(rsa.sign(self._pkcs1imify(digest), bytes())[0], 0) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
906 |
+ signer = self.key.signer( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
907 |
+ padding=padding.PKCS1v15(), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
908 |
+ algorithm=hashes.SHA1(), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
909 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
910 |
+ signer.update(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
911 |
+ sig = signer.finalize() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
912 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
913 |
m = Message() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
914 |
m.add_string('ssh-rsa') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
915 |
m.add_string(sig) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
916 |
@@ -104,32 +111,38 @@ class RSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
917 |
def verify_ssh_sig(self, data, msg): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
918 |
if msg.get_text() != 'ssh-rsa': |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
919 |
return False |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
920 |
- sig = util.inflate_long(msg.get_binary(), True) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
921 |
- # verify the signature by SHA'ing the data and encrypting it using the |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
922 |
- # public key. some wackiness ensues where we "pkcs1imify" the 20-byte |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
923 |
- # hash into a string as long as the RSA key. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
924 |
- hash_obj = util.inflate_long(self._pkcs1imify(sha1(data).digest()), True) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
925 |
- rsa = RSA.construct((long(self.n), long(self.e))) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
926 |
- return rsa.verify(hash_obj, (sig,)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
927 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
928 |
- def _encode_key(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
929 |
- if (self.p is None) or (self.q is None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
930 |
- raise SSHException('Not enough key info to write private key file') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
931 |
- keylist = [0, self.n, self.e, self.d, self.p, self.q, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
932 |
- self.d % (self.p - 1), self.d % (self.q - 1), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
933 |
- util.mod_inverse(self.q, self.p)] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
934 |
+ key = self.key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
935 |
+ if isinstance(key, rsa.RSAPrivateKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
936 |
+ key = key.public_key() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
937 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
938 |
+ verifier = key.verifier( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
939 |
+ signature=msg.get_binary(), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
940 |
+ padding=padding.PKCS1v15(), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
941 |
+ algorithm=hashes.SHA1(), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
942 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
943 |
+ verifier.update(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
944 |
try: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
945 |
- b = BER() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
946 |
- b.encode(keylist) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
947 |
- except BERException: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
948 |
- raise SSHException('Unable to create ber encoding of key') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
949 |
- return b.asbytes() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
950 |
+ verifier.verify() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
951 |
+ except InvalidSignature: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
952 |
+ return False |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
953 |
+ else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
954 |
+ return True |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
955 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
956 |
def write_private_key_file(self, filename, password=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
957 |
- self._write_private_key_file('RSA', filename, self._encode_key(), password) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
958 |
+ self._write_private_key_file( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
959 |
+ filename, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
960 |
+ self.key, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
961 |
+ serialization.PrivateFormat.TraditionalOpenSSL, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
962 |
+ password=password |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
963 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
964 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
965 |
def write_private_key(self, file_obj, password=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
966 |
- self._write_private_key('RSA', file_obj, self._encode_key(), password) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
967 |
+ self._write_private_key( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
968 |
+ file_obj, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
969 |
+ self.key, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
970 |
+ serialization.PrivateFormat.TraditionalOpenSSL, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
971 |
+ password=password |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
972 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
973 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
974 |
@staticmethod |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
975 |
def generate(bits, progress_func=None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
976 |
@@ -138,29 +151,16 @@ class RSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
977 |
generate a new host key or authentication key. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
978 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
979 |
:param int bits: number of bits the generated key should be. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
980 |
- :param function progress_func: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
981 |
- an optional function to call at key points in key generation (used |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
982 |
- by ``pyCrypto.PublicKey``). |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
983 |
+ :param function progress_func: Unused |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
984 |
:return: new `.RSAKey` private key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
985 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
986 |
- rsa = RSA.generate(bits, os.urandom, progress_func) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
987 |
- key = RSAKey(vals=(rsa.e, rsa.n)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
988 |
- key.d = rsa.d |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
989 |
- key.p = rsa.p |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
990 |
- key.q = rsa.q |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
991 |
- return key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
992 |
+ key = rsa.generate_private_key( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
993 |
+ public_exponent=65537, key_size=bits, backend=default_backend() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
994 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
995 |
+ return RSAKey(key=key) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
996 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
997 |
### internals... |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
998 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
999 |
- def _pkcs1imify(self, data): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1000 |
- """ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1001 |
- turn a 20-byte SHA1 hash into a blob of data as large as the key's N, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1002 |
- using PKCS1's \"emsa-pkcs1-v1_5\" encoding. totally bizarre. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1003 |
- """ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1004 |
- size = len(util.deflate_long(self.n, 0)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1005 |
- filler = max_byte * (size - len(SHA1_DIGESTINFO) - len(data) - 3) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1006 |
- return zero_byte + one_byte + filler + zero_byte + SHA1_DIGESTINFO + data |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1007 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1008 |
def _from_private_key_file(self, filename, password): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1009 |
data = self._read_private_key_file('RSA', filename, password) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1010 |
self._decode_key(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1011 |
@@ -170,18 +170,8 @@ class RSAKey (PKey): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1012 |
self._decode_key(data) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1013 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1014 |
def _decode_key(self, data): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1015 |
- # private key file contains: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1016 |
- # RSAPrivateKey = { version = 0, n, e, d, p, q, d mod p-1, d mod q-1, q**-1 mod p } |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1017 |
- try: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1018 |
- keylist = BER(data).decode() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1019 |
- except BERException: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1020 |
- raise SSHException('Unable to parse key file') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1021 |
- if (type(keylist) is not list) or (len(keylist) < 4) or (keylist[0] != 0): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1022 |
- raise SSHException('Not a valid RSA private key file (bad ber encoding)') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1023 |
- self.n = keylist[1] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1024 |
- self.e = keylist[2] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1025 |
- self.d = keylist[3] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1026 |
- # not really needed |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1027 |
- self.p = keylist[4] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1028 |
- self.q = keylist[5] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1029 |
- self.size = util.bit_length(self.n) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1030 |
+ key = serialization.load_der_private_key( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1031 |
+ data, password=None, backend=default_backend() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1032 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1033 |
+ assert isinstance(key, rsa.RSAPrivateKey) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1034 |
+ self.key = key |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1035 |
--- paramiko-1.15.2/paramiko/ssh_exception.py.~1~ 2014-09-08 10:42:16.000000000 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1036 |
+++ paramiko-1.15.2/paramiko/ssh_exception.py 2015-04-12 17:36:15.208756832 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1037 |
@@ -16,6 +16,8 @@ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1038 |
# along with Paramiko; if not, write to the Free Software Foundation, Inc., |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1039 |
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1040 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1041 |
+import socket |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1042 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1043 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1044 |
class SSHException (Exception): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1045 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1046 |
@@ -129,3 +131,39 @@ class ProxyCommandFailure (SSHException) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1047 |
self.error = error |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1048 |
# for unpickling |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1049 |
self.args = (command, error, ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1050 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1051 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1052 |
+class NoValidConnectionsError(socket.error): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1053 |
+ """ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1054 |
+ Multiple connection attempts were made and no families succeeded. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1055 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1056 |
+ This exception class wraps multiple "real" underlying connection errors, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1057 |
+ all of which represent failed connection attempts. Because these errors are |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1058 |
+ not guaranteed to all be of the same error type (i.e. different errno, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1059 |
+ class, message, etc) we expose a single unified error message and a |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1060 |
+ ``None`` errno so that instances of this class match most normal handling |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1061 |
+ of `socket.error` objects. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1062 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1063 |
+ To see the wrapped exception objects, access the ``errors`` attribute. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1064 |
+ ``errors`` is a dict whose keys are address tuples (e.g. ``('127.0.0.1', |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1065 |
+ 22)``) and whose values are the exception encountered trying to connect to |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1066 |
+ that address. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1067 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1068 |
+ It is implied/assumed that all the errors given to a single instance of |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1069 |
+ this class are from connecting to the same hostname + port (and thus that |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1070 |
+ the differences are in the resolution of the hostname - e.g. IPv4 vs v6). |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1071 |
+ """ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1072 |
+ def __init__(self, errors): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1073 |
+ """ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1074 |
+ :param dict errors: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1075 |
+ The errors dict to store, as described by class docstring. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1076 |
+ """ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1077 |
+ addrs = errors.keys() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1078 |
+ body = ', '.join([x[0] for x in addrs[:-1]]) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1079 |
+ tail = addrs[-1][0] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1080 |
+ msg = "Unable to connect to port {0} on {1} or {2}" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1081 |
+ super(NoValidConnectionsError, self).__init__( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1082 |
+ None, # stand-in for errno |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1083 |
+ msg.format(addrs[0][1], body, tail) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1084 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1085 |
+ self.errors = errors |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1086 |
--- paramiko-1.15.2/paramiko/ssh_gss.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1087 |
+++ paramiko-1.15.2/paramiko/ssh_gss.py 2015-04-12 17:36:15.209036497 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1088 |
@@ -20,7 +20,7 @@ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1089 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1090 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1091 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1092 |
-This module provides GSS-API / SSPI authentication as defined in RFC 4462. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1093 |
+This module provides GSS-API / SSPI authentication as defined in :rfc:`4462`. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1094 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1095 |
.. note:: Credential delegation is not supported in server mode. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1096 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1097 |
@@ -39,22 +39,8 @@ import sys |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1098 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1099 |
GSS_AUTH_AVAILABLE = True |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1100 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1101 |
-try: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1102 |
- from pyasn1.type.univ import ObjectIdentifier |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1103 |
- from pyasn1.codec.der import encoder, decoder |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1104 |
-except ImportError: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1105 |
- GSS_AUTH_AVAILABLE = False |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1106 |
- class ObjectIdentifier(object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1107 |
- def __init__(self, *args): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1108 |
- raise NotImplementedError("Module pyasn1 not importable") |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1109 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1110 |
- class decoder(object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1111 |
- def decode(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1112 |
- raise NotImplementedError("Module pyasn1 not importable") |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1113 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1114 |
- class encoder(object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1115 |
- def encode(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1116 |
- raise NotImplementedError("Module pyasn1 not importable") |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1117 |
+from pyasn1.type.univ import ObjectIdentifier |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1118 |
+from pyasn1.codec.der import encoder, decoder |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1119 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1120 |
from paramiko.common import MSG_USERAUTH_REQUEST |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1121 |
from paramiko.ssh_exception import SSHException |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1122 |
--- paramiko-1.15.2/paramiko/transport.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1123 |
+++ paramiko-1.15.2/paramiko/transport.py 2015-04-12 17:36:15.209751892 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1124 |
@@ -28,6 +28,9 @@ import time |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1125 |
import weakref |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1126 |
from hashlib import md5, sha1 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1127 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1128 |
+from cryptography.hazmat.backends import default_backend |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1129 |
+from cryptography.hazmat.primitives.ciphers import algorithms, Cipher, modes |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1130 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1131 |
import paramiko |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1132 |
from paramiko import util |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1133 |
from paramiko.auth_handler import AuthHandler |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1134 |
@@ -63,11 +66,6 @@ from paramiko.ssh_exception import (SSHE |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1135 |
ChannelException, ProxyCommandFailure) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1136 |
from paramiko.util import retry_on_signal, ClosingContextManager, clamp_value |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1137 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1138 |
-from Crypto.Cipher import Blowfish, AES, DES3, ARC4 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1139 |
-try: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1140 |
- from Crypto.Util import Counter |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1141 |
-except ImportError: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1142 |
- from paramiko.util import Counter |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1143 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1144 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1145 |
# for thread cleanup |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1146 |
@@ -91,6 +89,9 @@ class Transport (threading.Thread, Closi |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1147 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1148 |
Instances of this class may be used as context managers. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1149 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1150 |
+ _ENCRYPT = object() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1151 |
+ _DECRYPT = object() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1152 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1153 |
_PROTO_ID = '2.0' |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1154 |
_CLIENT_ID = 'paramiko_%s' % paramiko.__version__ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1155 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1156 |
@@ -102,16 +103,57 @@ class Transport (threading.Thread, Closi |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1157 |
_preferred_compression = ('none',) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1158 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1159 |
_cipher_info = { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1160 |
- 'aes128-ctr': {'class': AES, 'mode': AES.MODE_CTR, 'block-size': 16, 'key-size': 16}, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1161 |
- 'aes256-ctr': {'class': AES, 'mode': AES.MODE_CTR, 'block-size': 16, 'key-size': 32}, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1162 |
- 'blowfish-cbc': {'class': Blowfish, 'mode': Blowfish.MODE_CBC, 'block-size': 8, 'key-size': 16}, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1163 |
- 'aes128-cbc': {'class': AES, 'mode': AES.MODE_CBC, 'block-size': 16, 'key-size': 16}, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1164 |
- 'aes256-cbc': {'class': AES, 'mode': AES.MODE_CBC, 'block-size': 16, 'key-size': 32}, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1165 |
- '3des-cbc': {'class': DES3, 'mode': DES3.MODE_CBC, 'block-size': 8, 'key-size': 24}, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1166 |
- 'arcfour128': {'class': ARC4, 'mode': None, 'block-size': 8, 'key-size': 16}, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1167 |
- 'arcfour256': {'class': ARC4, 'mode': None, 'block-size': 8, 'key-size': 32}, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1168 |
+ 'aes128-ctr': { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1169 |
+ 'class': algorithms.AES, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1170 |
+ 'mode': modes.CTR, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1171 |
+ 'block-size': 16, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1172 |
+ 'key-size': 16 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1173 |
+ }, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1174 |
+ 'aes256-ctr': { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1175 |
+ 'class': algorithms.AES, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1176 |
+ 'mode': modes.CTR, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1177 |
+ 'block-size': 16, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1178 |
+ 'key-size': 32 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1179 |
+ }, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1180 |
+ 'blowfish-cbc': { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1181 |
+ 'class': algorithms.Blowfish, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1182 |
+ 'mode': modes.CBC, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1183 |
+ 'block-size': 8, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1184 |
+ 'key-size': 16 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1185 |
+ }, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1186 |
+ 'aes128-cbc': { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1187 |
+ 'class': algorithms.AES, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1188 |
+ 'mode': modes.CBC, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1189 |
+ 'block-size': 16, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1190 |
+ 'key-size': 16 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1191 |
+ }, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1192 |
+ 'aes256-cbc': { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1193 |
+ 'class': algorithms.AES, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1194 |
+ 'mode': modes.CBC, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1195 |
+ 'block-size': 16, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1196 |
+ 'key-size': 32 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1197 |
+ }, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1198 |
+ '3des-cbc': { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1199 |
+ 'class': algorithms.TripleDES, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1200 |
+ 'mode': modes.CBC, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1201 |
+ 'block-size': 8, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1202 |
+ 'key-size': 24 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1203 |
+ }, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1204 |
+ 'arcfour128': { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1205 |
+ 'class': algorithms.ARC4, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1206 |
+ 'mode': None, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1207 |
+ 'block size': 8, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1208 |
+ 'key-size': 16 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1209 |
+ }, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1210 |
+ 'arcfour256': { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1211 |
+ 'class': algorithms.ARC4, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1212 |
+ 'mode': None, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1213 |
+ 'block size': 8, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1214 |
+ 'key-size': 32 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1215 |
+ }, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1216 |
} |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1217 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1218 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1219 |
_mac_info = { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1220 |
'hmac-sha1': {'class': sha1, 'size': 20}, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1221 |
'hmac-sha1-96': {'class': sha1, 'size': 12}, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1222 |
@@ -1508,22 +1550,34 @@ class Transport (threading.Thread, Closi |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1223 |
sofar += digest |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1224 |
return out[:nbytes] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1225 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1226 |
- def _get_cipher(self, name, key, iv): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1227 |
+ def _get_cipher(self, name, key, iv, operation): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1228 |
if name not in self._cipher_info: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1229 |
raise SSHException('Unknown client cipher ' + name) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1230 |
if name in ('arcfour128', 'arcfour256'): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1231 |
# arcfour cipher |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1232 |
- cipher = self._cipher_info[name]['class'].new(key) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1233 |
+ cipher = Cipher( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1234 |
+ self._cipher_info[name]['class'](key), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1235 |
+ None, |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1236 |
+ backend=default_backend() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1237 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1238 |
+ if operation is self._ENCRYPT: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1239 |
+ engine = cipher.encryptor() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1240 |
+ else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1241 |
+ engine = cipher.decryptor() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1242 |
# as per RFC 4345, the first 1536 bytes of keystream |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1243 |
# generated by the cipher MUST be discarded |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1244 |
- cipher.encrypt(" " * 1536) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1245 |
- return cipher |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1246 |
- elif name.endswith("-ctr"): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1247 |
- # CTR modes, we need a counter |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1248 |
- counter = Counter.new(nbits=self._cipher_info[name]['block-size'] * 8, initial_value=util.inflate_long(iv, True)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1249 |
- return self._cipher_info[name]['class'].new(key, self._cipher_info[name]['mode'], iv, counter) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1250 |
+ engine.encrypt(" " * 1536) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1251 |
+ return engine |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1252 |
else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1253 |
- return self._cipher_info[name]['class'].new(key, self._cipher_info[name]['mode'], iv) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1254 |
+ cipher = Cipher( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1255 |
+ self._cipher_info[name]['class'](key), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1256 |
+ self._cipher_info[name]['mode'](iv), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1257 |
+ backend=default_backend(), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1258 |
+ ) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1259 |
+ if operation is self._ENCRYPT: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1260 |
+ return cipher.encryptor() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1261 |
+ else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1262 |
+ return cipher.decryptor() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1263 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1264 |
def _set_forward_agent_handler(self, handler): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1265 |
if handler is None: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1266 |
@@ -1879,7 +1933,7 @@ class Transport (threading.Thread, Closi |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1267 |
else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1268 |
IV_in = self._compute_key('B', block_size) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1269 |
key_in = self._compute_key('D', self._cipher_info[self.remote_cipher]['key-size']) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1270 |
- engine = self._get_cipher(self.remote_cipher, key_in, IV_in) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1271 |
+ engine = self._get_cipher(self.remote_cipher, key_in, IV_in, self._DECRYPT) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1272 |
mac_size = self._mac_info[self.remote_mac]['size'] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1273 |
mac_engine = self._mac_info[self.remote_mac]['class'] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1274 |
# initial mac keys are done in the hash's natural size (not the potentially truncated |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1275 |
@@ -1906,7 +1960,7 @@ class Transport (threading.Thread, Closi |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1276 |
else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1277 |
IV_out = self._compute_key('A', block_size) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1278 |
key_out = self._compute_key('C', self._cipher_info[self.local_cipher]['key-size']) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1279 |
- engine = self._get_cipher(self.local_cipher, key_out, IV_out) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1280 |
+ engine = self._get_cipher(self.local_cipher, key_out, IV_out, self._ENCRYPT) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1281 |
mac_size = self._mac_info[self.local_mac]['size'] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1282 |
mac_engine = self._mac_info[self.local_mac]['class'] |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1283 |
# initial mac keys are done in the hash's natural size (not the potentially truncated |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1284 |
--- paramiko-1.15.2/paramiko/util.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1285 |
+++ paramiko-1.15.2/paramiko/util.py 2015-04-12 17:36:15.210034924 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1286 |
@@ -22,7 +22,6 @@ Useful functions used by the rest of par |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1287 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1288 |
from __future__ import generators |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1289 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1290 |
-import array |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1291 |
import errno |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1292 |
import sys |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1293 |
import struct |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1294 |
@@ -31,7 +30,7 @@ import threading |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1295 |
import logging |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1296 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1297 |
from paramiko.common import DEBUG, zero_byte, xffffffff, max_byte |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1298 |
-from paramiko.py3compat import PY2, long, byte_ord, b, byte_chr |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1299 |
+from paramiko.py3compat import PY2, long, byte_chr, byte_ord, b |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1300 |
from paramiko.config import SSHConfig |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1301 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1302 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1303 |
@@ -273,37 +272,6 @@ def retry_on_signal(function): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1304 |
raise |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1305 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1306 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1307 |
-class Counter (object): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1308 |
- """Stateful counter for CTR mode crypto""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1309 |
- def __init__(self, nbits, initial_value=long(1), overflow=long(0)): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1310 |
- self.blocksize = nbits / 8 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1311 |
- self.overflow = overflow |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1312 |
- # start with value - 1 so we don't have to store intermediate values when counting |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1313 |
- # could the iv be 0? |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1314 |
- if initial_value == 0: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1315 |
- self.value = array.array('c', max_byte * self.blocksize) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1316 |
- else: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1317 |
- x = deflate_long(initial_value - 1, add_sign_padding=False) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1318 |
- self.value = array.array('c', zero_byte * (self.blocksize - len(x)) + x) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1319 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1320 |
- def __call__(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1321 |
- """Increament the counter and return the new value""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1322 |
- i = self.blocksize - 1 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1323 |
- while i > -1: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1324 |
- c = self.value[i] = byte_chr((byte_ord(self.value[i]) + 1) % 256) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1325 |
- if c != zero_byte: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1326 |
- return self.value.tostring() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1327 |
- i -= 1 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1328 |
- # counter reset |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1329 |
- x = deflate_long(self.overflow, add_sign_padding=False) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1330 |
- self.value = array.array('c', zero_byte * (self.blocksize - len(x)) + x) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1331 |
- return self.value.tostring() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1332 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1333 |
- @classmethod |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1334 |
- def new(cls, nbits, initial_value=long(1), overflow=long(0)): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1335 |
- return cls(nbits, initial_value=initial_value, overflow=overflow) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1336 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1337 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1338 |
def constant_time_bytes_eq(a, b): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1339 |
if len(a) != len(b): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1340 |
return False |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1341 |
--- paramiko-1.15.2/setup.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1342 |
+++ paramiko-1.15.2/setup.py 2015-04-12 17:36:15.210254883 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1343 |
@@ -24,7 +24,7 @@ connections between python scripts. All |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1344 |
are supported. SFTP client and server mode are both supported too. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1345 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1346 |
Required packages: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1347 |
- pyCrypto |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1348 |
+ Cryptography |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1349 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1350 |
To install the `in-development version |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1351 |
<https://github.com/paramiko/paramiko/tarball/master#egg=paramiko-dev>`_, use |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1352 |
@@ -41,8 +41,8 @@ try: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1353 |
from setuptools import setup |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1354 |
kw = { |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1355 |
'install_requires': [ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1356 |
- 'pycrypto >= 2.1, != 2.4', |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1357 |
- 'ecdsa >= 0.11', |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1358 |
+ 'cryptography >= 0.8', |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1359 |
+ 'pyasn1 >= 0.1.7', |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1360 |
], |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1361 |
} |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1362 |
except ImportError: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1363 |
--- paramiko-1.15.2/tests/test_auth.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1364 |
+++ paramiko-1.15.2/tests/test_auth.py 2015-04-12 17:36:15.210519848 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1365 |
@@ -83,13 +83,13 @@ class NullServer (ServerInterface): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1366 |
return AUTH_SUCCESSFUL |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1367 |
return AUTH_PARTIALLY_SUCCESSFUL |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1368 |
return AUTH_FAILED |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1369 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1370 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1371 |
def check_auth_interactive(self, username, submethods): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1372 |
if username == 'commie': |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1373 |
self.username = username |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1374 |
return InteractiveQuery('password', 'Please enter a password.', ('Password', False)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1375 |
return AUTH_FAILED |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1376 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1377 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1378 |
def check_auth_interactive_response(self, responses): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1379 |
if self.username == 'commie': |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1380 |
if (len(responses) == 1) and (responses[0] == 'cat'): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1381 |
@@ -111,7 +111,7 @@ class AuthTest (unittest.TestCase): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1382 |
self.ts.close() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1383 |
self.socks.close() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1384 |
self.sockc.close() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1385 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1386 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1387 |
def start_server(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1388 |
host_key = RSAKey.from_private_key_file(test_path('test_rsa.key')) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1389 |
self.public_host_key = RSAKey(data=host_key.asbytes()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1390 |
@@ -120,7 +120,7 @@ class AuthTest (unittest.TestCase): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1391 |
self.server = NullServer() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1392 |
self.assertTrue(not self.event.is_set()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1393 |
self.ts.start_server(self.event, self.server) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1394 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1395 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1396 |
def verify_finished(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1397 |
self.event.wait(1.0) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1398 |
self.assertTrue(self.event.is_set()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1399 |
@@ -156,7 +156,7 @@ class AuthTest (unittest.TestCase): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1400 |
self.assertTrue(issubclass(etype, AuthenticationException)) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1401 |
self.tc.auth_password(username='slowdive', password='pygmalion') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1402 |
self.verify_finished() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1403 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1404 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1405 |
def test_3_multipart_auth(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1406 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1407 |
verify that multipart auth works. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1408 |
@@ -187,7 +187,7 @@ class AuthTest (unittest.TestCase): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1409 |
self.assertEqual(self.got_prompts, [('Password', False)]) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1410 |
self.assertEqual([], remain) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1411 |
self.verify_finished() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1412 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1413 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1414 |
def test_5_interactive_auth_fallback(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1415 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1416 |
verify that a password auth attempt will fallback to "interactive" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1417 |
--- paramiko-1.15.2/tests/test_client.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1418 |
+++ paramiko-1.15.2/tests/test_client.py 2015-04-12 17:36:15.210808627 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1419 |
@@ -22,6 +22,8 @@ Some unit tests for SSHClient. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1420 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1421 |
from __future__ import with_statement |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1422 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1423 |
+import gc |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1424 |
+import platform |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1425 |
import socket |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1426 |
from tempfile import mkstemp |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1427 |
import threading |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1428 |
@@ -31,8 +33,9 @@ import warnings |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1429 |
import os |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1430 |
import time |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1431 |
from tests.util import test_path |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1432 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1433 |
import paramiko |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1434 |
-from paramiko.common import PY2, b |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1435 |
+from paramiko.common import PY2 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1436 |
from paramiko.ssh_exception import SSHException |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1437 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1438 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1439 |
@@ -266,14 +269,13 @@ class SSHClientTest (unittest.TestCase): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1440 |
transport's packetizer) is closed. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1441 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1442 |
# Unclear why this is borked on Py3, but it is, and does not seem worth |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1443 |
- # pursuing at the moment. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1444 |
+ # pursuing at the moment. Skipped on PyPy because it fails on travis |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1445 |
+ # for unknown reasons, works fine locally. |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1446 |
# XXX: It's the release of the references to e.g packetizer that fails |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1447 |
# in py3... |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1448 |
- if not PY2: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1449 |
+ if not PY2 or platform.python_implementation() == "PyPy": |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1450 |
return |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1451 |
threading.Thread(target=self._run).start() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1452 |
- host_key = paramiko.RSAKey.from_private_key_file(test_path('test_rsa.key')) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1453 |
- public_host_key = paramiko.RSAKey(data=host_key.asbytes()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1454 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1455 |
self.tc = paramiko.SSHClient() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1456 |
self.tc.set_missing_host_key_policy(paramiko.AutoAddPolicy()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1457 |
@@ -289,14 +291,10 @@ class SSHClientTest (unittest.TestCase): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1458 |
self.tc.close() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1459 |
del self.tc |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1460 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1461 |
- # hrm, sometimes p isn't cleared right away. why is that? |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1462 |
- #st = time.time() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1463 |
- #while (time.time() - st < 5.0) and (p() is not None): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1464 |
- # time.sleep(0.1) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1465 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1466 |
- # instead of dumbly waiting for the GC to collect, force a collection |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1467 |
- # to see whether the SSHClient object is deallocated correctly |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1468 |
- import gc |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1469 |
+ # force a collection to see whether the SSHClient object is deallocated |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1470 |
+ # correctly. 2 GCs are needed to make sure it's really collected on |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1471 |
+ # PyPy |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1472 |
+ gc.collect() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1473 |
gc.collect() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1474 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1475 |
self.assertTrue(p() is None) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1476 |
@@ -306,8 +304,6 @@ class SSHClientTest (unittest.TestCase): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1477 |
verify that an SSHClient can be used a context manager |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1478 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1479 |
threading.Thread(target=self._run).start() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1480 |
- host_key = paramiko.RSAKey.from_private_key_file(test_path('test_rsa.key')) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1481 |
- public_host_key = paramiko.RSAKey(data=host_key.asbytes()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1482 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1483 |
with paramiko.SSHClient() as tc: |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1484 |
self.tc = tc |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1485 |
--- paramiko-1.15.2/tests/test_packetizer.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1486 |
+++ paramiko-1.15.2/tests/test_packetizer.py 2015-04-12 17:36:15.211084420 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1487 |
@@ -23,9 +23,10 @@ Some unit tests for the ssh2 protocol in |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1488 |
import unittest |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1489 |
from hashlib import sha1 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1490 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1491 |
-from tests.loop import LoopSocket |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1492 |
+from cryptography.hazmat.backends import default_backend |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1493 |
+from cryptography.hazmat.primitives.ciphers import algorithms, Cipher, modes |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1494 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1495 |
-from Crypto.Cipher import AES |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1496 |
+from tests.loop import LoopSocket |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1497 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1498 |
from paramiko import Message, Packetizer, util |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1499 |
from paramiko.common import byte_chr, zero_byte |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1500 |
@@ -43,8 +44,12 @@ class PacketizerTest (unittest.TestCase) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1501 |
p = Packetizer(wsock) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1502 |
p.set_log(util.get_logger('paramiko.transport')) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1503 |
p.set_hexdump(True) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1504 |
- cipher = AES.new(zero_byte * 16, AES.MODE_CBC, x55 * 16) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1505 |
- p.set_outbound_cipher(cipher, 16, sha1, 12, x1f * 20) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1506 |
+ encryptor = Cipher( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1507 |
+ algorithms.AES(zero_byte * 16), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1508 |
+ modes.CBC(x55 * 16), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1509 |
+ backend=default_backend() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1510 |
+ ).encryptor() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1511 |
+ p.set_outbound_cipher(encryptor, 16, sha1, 12, x1f * 20) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1512 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1513 |
# message has to be at least 16 bytes long, so we'll have at least one |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1514 |
# block of data encrypted that contains zero random padding bytes |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1515 |
@@ -66,8 +71,12 @@ class PacketizerTest (unittest.TestCase) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1516 |
p = Packetizer(rsock) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1517 |
p.set_log(util.get_logger('paramiko.transport')) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1518 |
p.set_hexdump(True) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1519 |
- cipher = AES.new(zero_byte * 16, AES.MODE_CBC, x55 * 16) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1520 |
- p.set_inbound_cipher(cipher, 16, sha1, 12, x1f * 20) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1521 |
+ decryptor = Cipher( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1522 |
+ algorithms.AES(zero_byte * 16), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1523 |
+ modes.CBC(x55 * 16), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1524 |
+ backend=default_backend() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1525 |
+ ).decryptor() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1526 |
+ p.set_inbound_cipher(decryptor, 16, sha1, 12, x1f * 20) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1527 |
wsock.send(b'\x43\x91\x97\xbd\x5b\x50\xac\x25\x87\xc2\xc4\x6b\xc7\xe9\x38\xc0\x90\xd2\x16\x56\x0d\x71\x73\x61\x38\x7c\x4c\x3d\xfb\x97\x7d\xe2\x6e\x03\xb1\xa0\xc2\x1c\xd6\x41\x41\x4c\xb4\x59') |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1528 |
cmd, m = p.read_message() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1529 |
self.assertEqual(100, cmd) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1530 |
@@ -82,8 +91,12 @@ class PacketizerTest (unittest.TestCase) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1531 |
p = Packetizer(wsock) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1532 |
p.set_log(util.get_logger('paramiko.transport')) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1533 |
p.set_hexdump(True) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1534 |
- cipher = AES.new(zero_byte * 16, AES.MODE_CBC, x55 * 16) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1535 |
- p.set_outbound_cipher(cipher, 16, sha1, 12, x1f * 20) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1536 |
+ encryptor = Cipher( |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1537 |
+ algorithms.AES(zero_byte * 16), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1538 |
+ modes.CBC(x55 * 16), |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1539 |
+ backend=default_backend() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1540 |
+ ).encryptor() |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1541 |
+ p.set_outbound_cipher(encryptor, 16, sha1, 12, x1f * 20) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1542 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1543 |
# message has to be at least 16 bytes long, so we'll have at least one |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1544 |
# block of data encrypted that contains zero random padding bytes |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1545 |
--- paramiko-1.15.2/tests/test_pkey.py.~1~ 2014-12-19 15:01:22.000000000 -0800 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1546 |
+++ paramiko-1.15.2/tests/test_pkey.py 2015-04-12 17:36:15.211328345 -0700 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1547 |
@@ -42,34 +42,34 @@ SIGNED_RSA = '20:d7:8a:31:21:cb:f7:92:12 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1548 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1549 |
RSA_PRIVATE_OUT = """\ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1550 |
-----BEGIN RSA PRIVATE KEY----- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1551 |
-MIICXAIBAAKCAIEA049W6geFpmsljTwfvI1UmKWWJPNFI74+vNKTk4dmzkQY2yAM |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1552 |
-s6FhlvhlI8ysU4oj71ZsRYMecHbBbxdN79+JRFVYTKaLqjwGENeTd+yv4q+V2PvZ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1553 |
-v3fLnzApI3l7EJCqhWwJUHJ1jAkZzqDx0tyOL4uoZpww3nmE0kb3y21tH4cCASMC |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1554 |
-ggCAEiI6plhqipt4P05L3PYr0pHZq2VPEbE4k9eI/gRKo/c1VJxY3DJnc1cenKsk |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1555 |
-trQRtW3OxCEufqsX5PNec6VyKkW+Ox6beJjMKm4KF8ZDpKi9Nw6MdX3P6Gele9D9 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1556 |
-+ieyhVFljrnAqcXsgChTBOYlL2imqCs3qRGAJ3cMBIAx3VsCQQD3pIFVYW398kE0 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1557 |
-n0e1icEpkbDRV4c5iZVhu8xKy2yyfy6f6lClSb2+Ub9uns7F3+b5v0pYSHbE9+/r |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1558 |
-OpRq83AfAkEA2rMZlr8SnMXgnyka2LuggA9QgMYy18hyao1dUxySubNDa9N+q2QR |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1559 |
-mwDisTUgRFHKIlDHoQmzPbXAmYZX1YlDmQJBAPCRLS5epV0XOAc7pL762OaNhzHC |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1560 |
-veAfQKgVhKBt105PqaKpGyQ5AXcNlWQlPeTK4GBTbMrKDPna6RBkyrEJvV8CQBK+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1561 |
-5O+p+kfztCrmRCE0p1tvBuZ3Y3GU1ptrM+KNa6mEZN1bRV8l1Z+SXJLYqv6Kquz/ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1562 |
-nBUeFq2Em3rfoSDugiMCQDyG3cxD5dKX3IgkhLyBWls/FLDk4x/DQ+NUTu0F1Cu6 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1563 |
-JJye+5ARLkL0EweMXf0tmIYfWItDLsWB0fKg/56h0js= |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1564 |
+MIICWgIBAAKBgQDTj1bqB4WmayWNPB+8jVSYpZYk80Ujvj680pOTh2bORBjbIAyz |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1565 |
+oWGW+GUjzKxTiiPvVmxFgx5wdsFvF03v34lEVVhMpouqPAYQ15N37K/ir5XY+9m/ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1566 |
+d8ufMCkjeXsQkKqFbAlQcnWMCRnOoPHS3I4vi6hmnDDeeYTSRvfLbW0fhwIBIwKB |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1567 |
+gBIiOqZYaoqbeD9OS9z2K9KR2atlTxGxOJPXiP4ESqP3NVScWNwyZ3NXHpyrJLa0 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1568 |
+EbVtzsQhLn6rF+TzXnOlcipFvjsem3iYzCpuChfGQ6SovTcOjHV9z+hnpXvQ/fon |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1569 |
+soVRZY65wKnF7IAoUwTmJS9opqgrN6kRgCd3DASAMd1bAkEA96SBVWFt/fJBNJ9H |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1570 |
+tYnBKZGw0VeHOYmVYbvMSstssn8un+pQpUm9vlG/bp7Oxd/m+b9KWEh2xPfv6zqU |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1571 |
+avNwHwJBANqzGZa/EpzF4J8pGti7oIAPUIDGMtfIcmqNXVMckrmzQ2vTfqtkEZsA |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1572 |
+4rE1IERRyiJQx6EJsz21wJmGV9WJQ5kCQQDwkS0uXqVdFzgHO6S++tjmjYcxwr3g |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1573 |
+H0CoFYSgbddOT6miqRskOQF3DZVkJT3kyuBgU2zKygz52ukQZMqxCb1fAkASvuTv |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1574 |
+qfpH87Qq5kQhNKdbbwbmd2NxlNabazPijWuphGTdW0VfJdWfklyS2Kr+iqrs/5wV |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1575 |
+HhathJt636Eg7oIjAkA8ht3MQ+XSl9yIJIS8gVpbPxSw5OMfw0PjVE7tBdQruiSc |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1576 |
+nvuQES5C9BMHjF39LZiGH1iLQy7FgdHyoP+eodI7 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1577 |
-----END RSA PRIVATE KEY----- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1578 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1579 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1580 |
DSS_PRIVATE_OUT = """\ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1581 |
-----BEGIN DSA PRIVATE KEY----- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1582 |
-MIIBvgIBAAKCAIEA54GmA2d9HOv+3CYBBG7ZfBYCncIW2tWe6Dqzp+DCP+guNhtW |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1583 |
-2MDLqmX+HQQoJbHat/Uh63I2xPFaueID0jod4OPrlfUXIOSDqDy28Kdo0Hxen9RS |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1584 |
-G7Me4awwiKlHEHHD0sXrTwSplyPUTfK2S2hbkHk5yOuQSjPfEbsL6ukiNi8CFQDw |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1585 |
-z4UnmsGiSNu5iqjn3uTzwUpshwKCAIEAkxfFeY8P2wZpDjX0MimZl5wkoFQDL25c |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1586 |
-PzGBuB4OnB8NoUk/yjAHIIpEShw8V+LzouMK5CTJQo5+Ngw3qIch/WgRmMHy4kBq |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1587 |
-1SsXMjQCte1So6HBMvBPIW5SiMTmjCfZZiw4AYHK+B/JaOwaG9yRg2Ejg4Ok10+X |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1588 |
-FDxlqZo8Y+wCggCARmR7CCPjodxASvRbIyzaVpZoJ/Z6x7dAumV+ysrV1BVYd0lY |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1589 |
-ukmnjO1kKBWApqpH1ve9XDQYN8zgxM4b16L21kpoWQnZtXrY3GZ4/it9kUgyB7+N |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1590 |
-wacIBlXa8cMDL7Q/69o0d54U0X/NeX5QxuYR6OMJlrkQB7oiW/P/1mwjQgECFGI9 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1591 |
-QPSch9pT9XHqn+1rZ4bK+QGA |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1592 |
+MIIBuwIBAAKBgQDngaYDZ30c6/7cJgEEbtl8FgKdwhba1Z7oOrOn4MI/6C42G1bY |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1593 |
+wMuqZf4dBCglsdq39SHrcjbE8Vq54gPSOh3g4+uV9Rcg5IOoPLbwp2jQfF6f1FIb |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1594 |
+sx7hrDCIqUcQccPSxetPBKmXI9RN8rZLaFuQeTnI65BKM98Ruwvq6SI2LwIVAPDP |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1595 |
+hSeawaJI27mKqOfe5PPBSmyHAoGBAJMXxXmPD9sGaQ419DIpmZecJKBUAy9uXD8x |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1596 |
+gbgeDpwfDaFJP8owByCKREocPFfi86LjCuQkyUKOfjYMN6iHIf1oEZjB8uJAatUr |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1597 |
+FzI0ArXtUqOhwTLwTyFuUojE5own2WYsOAGByvgfyWjsGhvckYNhI4ODpNdPlxQ8 |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1598 |
+ZamaPGPsAoGARmR7CCPjodxASvRbIyzaVpZoJ/Z6x7dAumV+ysrV1BVYd0lYukmn |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1599 |
+jO1kKBWApqpH1ve9XDQYN8zgxM4b16L21kpoWQnZtXrY3GZ4/it9kUgyB7+NwacI |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1600 |
+BlXa8cMDL7Q/69o0d54U0X/NeX5QxuYR6OMJlrkQB7oiW/P/1mwjQgECFGI9QPSc |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1601 |
+h9pT9XHqn+1rZ4bK+QGA |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1602 |
-----END DSA PRIVATE KEY----- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1603 |
""" |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1604 |
|
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1605 |
@@ -121,7 +121,7 @@ class KeyTest (unittest.TestCase): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1606 |
self.assertEqual(exp_rsa, my_rsa) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1607 |
self.assertEqual(PUB_RSA.split()[1], key.get_base64()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1608 |
self.assertEqual(1024, key.get_bits()) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1609 |
- |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1610 |
+ |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1611 |
def test_4_load_dss(self): |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1612 |
key = DSSKey.from_private_key_file(test_path('test_dss.key')) |
d8924d870370
PSARC 2015/172 OpenStack Ironic (OpenStack Bare Metal Provisioning Service)
Matt Keenan <matt.keenan@oracle.com>
parents:
diff
changeset
|
1613 |
self.assertEqual('ssh-dss', key.get_name()) |