From a77f9edb4e827300576e58957c2b68e0d3d77086 Mon Sep 17 00:00:00 2001
From: Roman Zeyde <roman.zeyde@gmail.com>
Date: Fri, 3 Jul 2015 16:35:21 +0300
Subject: [PATCH] sshagent: add a few fixes and assertions

---
 sshagent/formats.py  | 1 +
 sshagent/protocol.py | 1 +
 sshagent/server.py   | 2 +-
 sshagent/trezor.py   | 5 ++++-
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/sshagent/formats.py b/sshagent/formats.py
index bacc843..6516393 100644
--- a/sshagent/formats.py
+++ b/sshagent/formats.py
@@ -26,6 +26,7 @@ def parse_pubkey(blob):
     curve_name = util.read_frame(s)
     log.debug('curve name: %s', curve_name)
     point = util.read_frame(s)
+    assert s.read() == b''
     _type, point = point[:1], point[1:]
     assert _type == DER_OCTET_STRING
     size = len(point) // 2
diff --git a/sshagent/protocol.py b/sshagent/protocol.py
index 785b4eb..9d325c6 100644
--- a/sshagent/protocol.py
+++ b/sshagent/protocol.py
@@ -67,6 +67,7 @@ class Handler(object):
         key = formats.parse_pubkey(util.read_frame(buf))
         log.debug('looking for %s', key['fingerprint'])
         blob = util.read_frame(buf)
+        assert util.read_frame(buf) == b''
 
         for k in self.public_keys:
             if (k['fingerprint']) == (key['fingerprint']):
diff --git a/sshagent/server.py b/sshagent/server.py
index 38da6c5..12a059c 100644
--- a/sshagent/server.py
+++ b/sshagent/server.py
@@ -89,7 +89,7 @@ def run_process(command, environ):
     env = dict(os.environ)
     env.update(environ)
     try:
-        p = subprocess.Popen(args=command, env=env)
+        p = subprocess.Popen(args=command, env=env, shell=True)
     except OSError as e:
         raise OSError('cannot run %r: %s' % (command, e))
     log.debug('subprocess %d is running', p.pid)
diff --git a/sshagent/trezor.py b/sshagent/trezor.py
index 10549e8..c50f694 100644
--- a/sshagent/trezor.py
+++ b/sshagent/trezor.py
@@ -100,7 +100,7 @@ def _string_to_identity(s):
     host, port = _rsplit(s, ':')
 
     if not proto:
-        proto = 'ssh'
+        proto = 'ssh'  # otherwise, Trezor will use SECP256K1 curve
 
     result = [
         ('proto', proto), ('user', user), ('host', host),
@@ -148,4 +148,7 @@ def _parse_ssh_blob(data):
         res['pubkey'] = util.read_frame(i)
         log.debug('%s: user %r via %r (%r)',
                   res['conn'], res['user'], res['auth'], res['key_type'])
+        log.debug('nonce: %s', binascii.hexlify(res['nonce']))
+        pubkey = formats.parse_pubkey(res['pubkey'])
+        log.debug('fingerprint: %s', pubkey['fingerprint'])
     return res