A bunch of cleanup

ghosthamlet · Dec 18, 2014 · eb3e117 · eb3e117
1 parent b3884d2
commit eb3e117
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 61 deletions.
diff --git a/README b/README
@@ -36,7 +36,7 @@ Requirements
 
   - Python 2.6 or better <http://www.python.org/> - this includes Python
     3.2 and higher as well.
-  - Cryptography 0.6 or better <https://cryptography.io>
+  - Cryptography 0.7 or better <https://cryptography.io>
   - pyasn1 0.1.7 or better <https://pypi.python.org/pypi/pyasn1>
 
 If you have setuptools, you can build and install paramiko and all its

diff --git a/paramiko/dsskey.py b/paramiko/dsskey.py
@@ -24,9 +24,9 @@
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.asymmetric import dsa
-
-from pyasn1.codec.der import encoder, decoder
-from pyasn1.type import namedtype, univ
+from cryptography.hazmat.primitives.asymmetric.utils import (
+    decode_rfc6979_signature, encode_rfc6979_signature
+)
 
 from paramiko import util
 from paramiko.common import zero_byte
@@ -36,13 +36,6 @@
 from paramiko.pkey import PKey
 
 
-class _DSSSigValue(univ.Sequence):
-    componentType = namedtype.NamedTypes(
-        namedtype.NamedType('r', univ.Integer()),
-        namedtype.NamedType('s', univ.Integer())
-    )
-
-
 class DSSKey(PKey):
     """
     Representation of a DSS key which can be used to sign an verify SSH2
@@ -120,8 +113,7 @@ def sign_ssh_data(self, data):
         ).private_key(backend=default_backend())
         signer = key.signer(hashes.SHA1())
         signer.update(data)
-        signature = signer.finalize()
-        (r, s), _ = decoder.decode(signature)
+        r, s = decode_rfc6979_signature(signer.finalize())
 
         m = Message()
         m.add_string('ssh-dss')
@@ -149,10 +141,7 @@ def verify_ssh_sig(self, data, msg):
         sigR = util.inflate_long(sig[:20], 1)
         sigS = util.inflate_long(sig[20:], 1)
 
-        sig_asn1 = _DSSSigValue()
-        sig_asn1.setComponentByName('r', sigR)
-        sig_asn1.setComponentByName('s', sigS)
-        signature = encoder.encode(sig_asn1)
+        signature = encode_rfc6979_signature(sigR, sigS)
 
         key = dsa.DSAPublicNumbers(
             y=self.y,

diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py
@@ -28,11 +28,11 @@
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import ec
-
-from pyasn1.codec.der import decoder, encoder
+from cryptography.hazmat.primitives.asymmetric.utils import (
+    decode_rfc6979_signature, encode_rfc6979_signature
+)
 
 from paramiko.common import four_byte, one_byte
-from paramiko.dsskey import _DSSSigValue
 from paramiko.message import Message
 from paramiko.pkey import PKey
 from paramiko.py3compat import byte_chr
@@ -122,7 +122,7 @@ def sign_ssh_data(self, data):
         signer = self.signing_key.signer(ec.ECDSA(hashes.SHA256()))
         signer.update(data)
         sig = signer.finalize()
-        (r, s), _ = decoder.decode(sig)
+        r, s = decode_rfc6979_signature(sig)
 
         m = Message()
         m.add_string('ecdsa-sha2-nistp256')
@@ -134,10 +134,7 @@ def verify_ssh_sig(self, data, msg):
             return False
         sig = msg.get_binary()
         sigR, sigS = self._sigdecode(sig)
-        sig_asn1 = _DSSSigValue()
-        sig_asn1.setComponentByName('r', sigR)
-        sig_asn1.setComponentByName('s', sigS)
-        signature = encoder.encode(sig_asn1)
+        signature = encode_rfc6979_signature(sigR, sigS)
 
         verifier = self.verifying_key.verifier(signature, ec.ECDSA(hashes.SHA256()))
         verifier.update(data)

diff --git a/paramiko/util.py b/paramiko/util.py
@@ -273,40 +273,6 @@ def retry_on_signal(function):
                 raise
 
 
-<<<<<<< HEAD
-=======
-class Counter (object):
-    """Stateful counter for CTR mode crypto"""
-    def __init__(self, nbits, initial_value=long(1), overflow=long(0)):
-        self.blocksize = nbits / 8
-        self.overflow = overflow
-        # start with value - 1 so we don't have to store intermediate values when counting
-        # could the iv be 0?
-        if initial_value == 0:
-            self.value = array.array('c', max_byte * self.blocksize)
-        else:
-            x = deflate_long(initial_value - 1, add_sign_padding=False)
-            self.value = array.array('c', zero_byte * (self.blocksize - len(x)) + x)
-
-    def __call__(self):
-        """Increament the counter and return the new value"""
-        i = self.blocksize - 1
-        while i > -1:
-            c = self.value[i] = byte_chr((byte_ord(self.value[i]) + 1) % 256)
-            if c != zero_byte:
-                return self.value.tostring()
-            i -= 1
-        # counter reset
-        x = deflate_long(self.overflow, add_sign_padding=False)
-        self.value = array.array('c', zero_byte * (self.blocksize - len(x)) + x)
-        return self.value.tostring()
-
-    @classmethod
-    def new(cls, nbits, initial_value=long(1), overflow=long(0)):
-        return cls(nbits, initial_value=initial_value, overflow=overflow)
-
-
->>>>>>> master
 def constant_time_bytes_eq(a, b):
     if len(a) != len(b):
         return False

diff --git a/setup.py b/setup.py
@@ -41,7 +41,7 @@
     from setuptools import setup
     kw = {
         'install_requires': [
-            'cryptography >= 0.6',
+            'cryptography >= 0.7',
             'pyasn1 >= 0.1.7',
         ],
     }

diff --git a/tox-requirements.txt b/tox-requirements.txt
@@ -1,3 +1,3 @@
 # Not sure why tox can't just read setup.py?
-cryptography >= 0.6
+cryptography >= 0.7
 pyasn1 >= 0.1.7