1818 MalformedDataError , MissingMandatoryOptionValueError , TooLongKeyError , TooShortKeyError , UnknownOptionNameError
1919)
2020from cryptography .hazmat .backends import default_backend
21+ from cryptography .hazmat .primitives import hashes
22+ from cryptography .hazmat .primitives .asymmetric import ec
2123from cryptography .hazmat .primitives .asymmetric .dsa import DSAParameterNumbers , DSAPublicNumbers
2224from cryptography .hazmat .primitives .asymmetric .rsa import RSAPublicNumbers
23- from cryptography .hazmat .primitives .asymmetric .utils import Prehashed
2425from cryptography .hazmat .primitives .serialization import Encoding , PublicFormat
25- from cryptography .hazmat .primitives .asymmetric import ec
26- from cryptography .hazmat .primitives import hashes
2726from urllib .parse import urlparse
2827
2928import base64
4039class _ECVerifyingKey :
4140 """ecdsa.key.VerifyingKey reimplementation
4241 """
42+
4343 def __init__ (self , pubkey , default_hashfunc ):
4444 self .pubkey = pubkey
4545 self .default_hashfunc = default_hashfunc
@@ -52,20 +52,17 @@ def curve(self):
5252 def __repr__ (self ):
5353 pub_key = self .to_string ("compressed" )
5454 self .to_string ("raw" )
55- return "VerifyingKey({0!r}, {1!r}, {2})" .format (
56- pub_key , self .curve .name , self .default_hashfunc .name
57- )
55+ return f"VerifyingKey({ pub_key !r} { self .curve .name !r} { self .default_hashfunc .name }
5856
5957 def to_string (self , encoding = "raw" ):
6058 """Pub key as bytes string"""
6159 if encoding == "raw" :
6260 return self .pubkey .public_numbers ().encode_point ()[1 :]
63- elif encoding == "uncompressed" :
61+ if encoding == "uncompressed" :
6462 return self .pubkey .public_numbers ().encode_point ()
65- elif encoding == "compressed" :
63+ if encoding == "compressed" :
6664 return self .pubkey .public_bytes (Encoding .X962 , PublicFormat .CompressedPoint )
67- else :
68- raise ValueError (encoding )
65+ raise ValueError (encoding )
6966
7067 def to_pem (self , point_encoding = "uncompressed" ):
7168 """Pub key as PEM"""
@@ -83,10 +80,6 @@ def verify(self, signature, data):
8380 """Verify signature of provided data"""
8481 return self .pubkey .verify (signature , data , ec .ECDSA (self .default_hashfunc ))
8582
86- def verify_digest (self , signature , digest ):
87- """Verify signature over prehashed digest"""
88- return self .pubkey .verify (signature , data , ec .ECDSA (Prehashed (digest )))
89-
9083
9184class AuthorizedKeysFile : # pylint:disable=too-few-public-methods
9285 """Represents a full authorized_keys file.
@@ -191,7 +184,7 @@ def __init__(self, keydata=None, **kwargs):
191184 pass
192185
193186 def __str__ (self ):
194- return "Key type: %s, bits: %s, options: %s" % ( self .key_type .decode (), self .bits , self .options )
187+ return f "Key type: { self .key_type .decode ()} , bits: { self .bits } , options: { self .options } "
195188
196189 def reset (self ):
197190 """Reset all data fields."""
@@ -235,15 +228,15 @@ def _unpack_by_int(self, data, current_position):
235228 try :
236229 requested_data_length = struct .unpack ('>I' , data [current_position :current_position + self .INT_LEN ])[0 ]
237230 except struct .error as ex :
238- raise MalformedDataError ("Unable to unpack %s bytes from the data" % self . INT_LEN ) from ex
231+ raise MalformedDataError (f "Unable to unpack { self . INT_LEN } from ex
239232
240233 # Move pointer to the beginning of the data field
241234 current_position += self .INT_LEN
242235 remaining_data_length = len (data [current_position :])
243236
244237 if remaining_data_length < requested_data_length :
245238 raise MalformedDataError (
246- "Requested %s bytes, but only %s bytes available." % ( requested_data_length , remaining_data_length )
239+ f "Requested { requested_data_length } { remaining_data_length }
247240 )
248241
249242 next_data = data [current_position :current_position + requested_data_length ]
@@ -326,15 +319,15 @@ def parse_add_single_option(opt):
326319 opt_name = opt
327320 opt_value = True
328321 if " " in opt_name or not self .OPTION_NAME_RE .match (opt_name ):
329- raise InvalidOptionNameError ("%s is not a valid option name." % opt_name )
322+ raise InvalidOptionNameError (f" { opt_name }
330323 if self .strict_mode :
331324 for valid_opt_name , value_required in self .OPTIONS_SPEC :
332325 if opt_name .lower () == valid_opt_name :
333326 if value_required and opt_value is True :
334- raise MissingMandatoryOptionValueError ("%s is missing a mandatory value." % opt_name )
327+ raise MissingMandatoryOptionValueError (f" { opt_name }
335328 break
336329 else :
337- raise UnknownOptionNameError ("%s is an unrecognized option name." % opt_name )
330+ raise UnknownOptionNameError (f" { opt_name }
338331 if opt_name not in parsed_options :
339332 parsed_options [opt_name ] = []
340333 parsed_options [opt_name ].append (opt_value )
@@ -377,11 +370,11 @@ def _process_ssh_rsa(self, data):
377370 max_length = self .RSA_MAX_LENGTH_LOOSE
378371 if self .bits < min_length :
379372 raise TooShortKeyError (
380- "%s key data can not be shorter than %s bits (was %s)" % ( self .key_type . decode (), min_length , self . bits )
373+ f" { self . key_type . decode () } { min_length } { self .bits } )"
381374 )
382375 if self .bits > max_length :
383376 raise TooLongKeyError (
384- "%s key data can not be longer than %s bits (was %s)" % ( self .key_type . decode (), max_length , self . bits )
377+ f" { self . key_type . decode () } { max_length } { self .bits } )"
385378 )
386379 return current_position
387380
@@ -396,20 +389,18 @@ def _process_ssh_dss(self, data):
396389 q_bits = self ._bits_in_number (data_fields ["q" ])
397390 p_bits = self ._bits_in_number (data_fields ["p" ])
398391 if q_bits != self .DSA_N_LENGTH :
399- raise InvalidKeyError ("Incorrect DSA key parameters: bits(p)=%s, q=%s" % ( self .bits , q_bits ) )
392+ raise InvalidKeyError (f "Incorrect DSA key parameters: bits(p)={ self .bits } , q= { q_bits } "
400393 if self .strict_mode :
401394 min_length = self .DSA_MIN_LENGTH_STRICT
402395 max_length = self .DSA_MAX_LENGTH_STRICT
403396 else :
404397 min_length = self .DSA_MIN_LENGTH_LOOSE
405398 max_length = self .DSA_MAX_LENGTH_LOOSE
406399 if p_bits < min_length :
407- raise TooShortKeyError (
408- "%s key can not be shorter than %s bits (was %s)" % (self .key_type .decode (), min_length , p_bits )
409- )
400+ raise TooShortKeyError (f"{ self .key_type .decode ()} { min_length } { p_bits } )
410401 if p_bits > max_length :
411402 raise TooLongKeyError (
412- "%s key data can not be longer than %s bits (was %s)" % ( self . key_type . decode (), max_length , p_bits )
403+ f" { self . key_type . decode () } { max_length } { p_bits } )"
413404 )
414405
415406 dsa_parameters = DSAParameterNumbers (data_fields ["p" ], data_fields ["q" ], data_fields ["g" ])
@@ -422,14 +413,12 @@ def _process_ecdsa_sha(self, data):
422413 """Parses ecdsa-sha public keys."""
423414 current_position , curve_information = self ._unpack_by_int (data , 0 )
424415 if curve_information not in self .ECDSA_CURVE_DATA :
425- raise NotImplementedError ("Invalid curve type: %s" % curve_information )
416+ raise NotImplementedError (f "Invalid curve type: { curve_information } "
426417 curve , hash_algorithm = self .ECDSA_CURVE_DATA [curve_information ]
427418
428419 current_position , key_data = self ._unpack_by_int (data , current_position )
429420 try :
430- ecdsa_pubkey = ec .EllipticCurvePublicKey .from_encoded_point (
431- curve , key_data
432- )
421+ ecdsa_pubkey = ec .EllipticCurvePublicKey .from_encoded_point (curve , key_data )
433422 except ValueError as ex :
434423 raise InvalidKeyError ("Invalid ecdsa key" ) from ex
435424 self .bits = curve .key_size
@@ -452,7 +441,7 @@ def _process_ed25516(self, data):
452441
453442 self .bits = verifying_key_length
454443 if self .bits != 256 :
455- raise InvalidKeyLengthError ("ed25519 keys must be 256 bits (was %s bits)" % self . bits )
444+ raise InvalidKeyLengthError (f "ed25519 keys must be 256 bits (was { self . bits }
456445 return current_position
457446
458447 def _validate_application_string (self , application ):
@@ -463,7 +452,7 @@ def _validate_application_string(self, application):
463452 try :
464453 parsed_url = urlparse (application )
465454 except ValueError as err :
466- raise InvalidKeyError ("Application string: %s" % err ) from err
455+ raise InvalidKeyError (f "Application string: { err } " from err
467456 if parsed_url .scheme != b"ssh" :
468457 raise InvalidKeyError ('Application string must begin with "ssh:"' )
469458
@@ -494,7 +483,7 @@ def _process_key(self, data):
494483 return self ._process_sk_ecdsa_sha (data )
495484 if self .key_type .strip ().startswith (b"sk-ssh-ed25519" ):
496485 return self ._process_sk_ed25519 (data )
497- raise NotImplementedError ("Invalid key type: %s" % self .key_type .decode ())
486+ raise NotImplementedError (f "Invalid key type: { self .key_type .decode ()} "
498487
499488 def parse (self , keydata = None ):
500489 """Validates SSH public key.
@@ -528,15 +517,15 @@ def parse(self, keydata=None):
528517 # Check key type
529518 current_position , unpacked_key_type = self ._unpack_by_int (self ._decoded_key , 0 )
530519 if key_type is not None and key_type != unpacked_key_type .decode ():
531- raise InvalidTypeError ("Keytype mismatch: %s != %s" % ( key_type , unpacked_key_type .decode ()) )
520+ raise InvalidTypeError (f "Keytype mismatch: { key_type } { unpacked_key_type .decode ()} "
532521
533522 self .key_type = unpacked_key_type
534523
535524 key_data_length = self ._process_key (self ._decoded_key [current_position :])
536525 current_position = current_position + key_data_length
537526
538527 if current_position != len (self ._decoded_key ):
539- raise MalformedDataError ("Leftover data: %s bytes" % ( len (self ._decoded_key ) - current_position ) )
528+ raise MalformedDataError (f "Leftover data: { len (self ._decoded_key ) - current_position } bytes"
540529
541530 if self .disallow_options and self .options :
542531 raise InvalidOptionsError ("Options are disallowed." )
0 commit comments