sshagent: add a few fixes and assertions

9 years ago · a77f9edb4e
parent 3057a3d7a9
commit a77f9edb4e
4 changed files with 7 additions and 2 deletions
--- a/sshagent/formats.py
+++ b/sshagent/formats.py
@ -26,6 +26,7 @@ def parse_pubkey(blob):
    curve_name = util.read_frame(s)
    log.debug('curve name: %s', curve_name)
    point = util.read_frame(s)
+    assert s.read() == b''
    _type, point = point[:1], point[1:]
    assert _type == DER_OCTET_STRING
    size = len(point) // 2
--- a/sshagent/protocol.py
+++ b/sshagent/protocol.py
@ -67,6 +67,7 @@ class Handler(object):
        key = formats.parse_pubkey(util.read_frame(buf))
        log.debug('looking for %s', key['fingerprint'])
        blob = util.read_frame(buf)
+        assert util.read_frame(buf) == b''

        for k in self.public_keys:
            if (k['fingerprint']) == (key['fingerprint']):
--- a/sshagent/server.py
+++ b/sshagent/server.py
@ -89,7 +89,7 @@ def run_process(command, environ):
    env = dict(os.environ)
    env.update(environ)
    try:
-        p = subprocess.Popen(args=command, env=env)
+        p = subprocess.Popen(args=command, env=env, shell=True)
    except OSError as e:
        raise OSError('cannot run %r: %s' % (command, e))
    log.debug('subprocess %d is running', p.pid)
--- a/sshagent/trezor.py
+++ b/sshagent/trezor.py
@ -100,7 +100,7 @@ def _string_to_identity(s):
    host, port = _rsplit(s, ':')

    if not proto:
-        proto = 'ssh'
+        proto = 'ssh'  # otherwise, Trezor will use SECP256K1 curve

    result = [
        ('proto', proto), ('user', user), ('host', host),
@ -148,4 +148,7 @@ def _parse_ssh_blob(data):
        res['pubkey'] = util.read_frame(i)
        log.debug('%s: user %r via %r (%r)',
                  res['conn'], res['user'], res['auth'], res['key_type'])
+        log.debug('nonce: %s', binascii.hexlify(res['nonce']))
+        pubkey = formats.parse_pubkey(res['pubkey'])
+        log.debug('fingerprint: %s', pubkey['fingerprint'])
    return res