dissect.target 3.17.dev25__py3-none-any.whl → 3.17.dev26__py3-none-any.whl

dissect/target/plugins/apps/ssh/openssh.py

@@ -1,3 +1,4 @@
+import base64
 import re
 from itertools import product
 from pathlib import Path
@@ -14,6 +15,7 @@ from dissect.target.plugins.apps.ssh.ssh import (
     PrivateKeyRecord,
     PublicKeyRecord,
     SSHPlugin,
+    calculate_fingerprints,
 )
 
 
@@ -143,12 +145,14 @@ class OpenSSHPlugin(SSHPlugin):
                 continue
 
             key_type, public_key, comment = parse_ssh_public_key_file(file_path)
+            fingerprints = calculate_fingerprints(base64.b64decode(public_key))
 
             yield PublicKeyRecord(
                 mtime_ts=file_path.stat().st_mtime,
                 key_type=key_type,
                 public_key=public_key,
                 comment=comment,
+                fingerprint=fingerprints,
                 path=file_path,
                 _target=self.target,
                 _user=user,

dissect/target/plugins/apps/ssh/putty.py

@@ -1,4 +1,5 @@
 import logging
+from base64 import b64decode
 from datetime import datetime
 from pathlib import Path
 from typing import Iterator, Optional, Union
@@ -12,7 +13,11 @@ from dissect.target.helpers.fsutil import TargetPath, open_decompress
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.helpers.regutil import RegistryKey
 from dissect.target.plugin import export
-from dissect.target.plugins.apps.ssh.ssh import KnownHostRecord, SSHPlugin
+from dissect.target.plugins.apps.ssh.ssh import (
+    KnownHostRecord,
+    SSHPlugin,
+    calculate_fingerprints,
+)
 from dissect.target.plugins.general.users import UserDetails
 
 log = logging.getLogger(__name__)
@@ -96,12 +101,15 @@ class PuTTYPlugin(SSHPlugin):
             key_type, host = entry.name.split("@")
             port, host = host.split(":")
 
+            public_key, fingerprints = construct_public_key(key_type, entry.value)
+
             yield KnownHostRecord(
                 mtime_ts=ssh_host_keys.ts,
                 host=host,
                 port=port,
                 key_type=key_type,
-                public_key=construct_public_key(key_type, entry.value),
+                public_key=public_key,
+                fingerprint=fingerprints,
                 comment="",
                 marker=None,
                 path=windows_path(ssh_host_keys.path),
@@ -121,12 +129,15 @@ class PuTTYPlugin(SSHPlugin):
                 key_type, host = parts[0].split("@")
                 port, host = host.split(":")
 
+                public_key, fingerprints = construct_public_key(key_type, parts[1])
+
                 yield KnownHostRecord(
                     mtime_ts=ts,
                     host=host,
                     port=port,
                     key_type=key_type,
-                    public_key=construct_public_key(key_type, parts[1]),
+                    public_key=public_key,
+                    fingerprint=fingerprints,
                     comment="",
                     marker=None,
                     path=posix_path(ssh_host_keys_path),
@@ -197,8 +208,8 @@ def parse_host_user(host: str, user: str) -> tuple[str, str]:
     return host, user
 
 
-def construct_public_key(key_type: str, iv: str) -> str:
-    """Returns OpenSSH format public key calculated from PuTTY SshHostKeys format.
+def construct_public_key(key_type: str, iv: str) -> tuple[str, tuple[str, str, str]]:
+    """Returns OpenSSH format public key calculated from PuTTY SshHostKeys format and set of fingerprints.
 
     PuTTY stores raw public key components instead of OpenSSH-formatted public keys
     or fingerprints. With RSA public keys the exponent and modulus are stored.
@@ -206,9 +217,7 @@ def construct_public_key(key_type: str, iv: str) -> str:
 
     Currently supports ``ssh-ed25519``, ``ecdsa-sha2-nistp256`` and ``rsa2`` key types.
 
-    NOTE:
-        - Sha256 fingerprints of the reconstructed public keys are currently not generated.
-        - More key types could be supported in the future.
+    NOTE: More key types could be supported in the future.
 
     Resources:
         - https://github.com/github/putty/blob/master/contrib/kh2reg.py
@@ -217,20 +226,33 @@ def construct_public_key(key_type: str, iv: str) -> str:
         - https://github.com/mkorthof/reg2kh
     """
 
+    if not isinstance(key_type, str) or not isinstance(iv, str):
+        raise ValueError("Invalid key_type or iv")
+
+    key = None
+
     if key_type == "ssh-ed25519":
         x, y = iv.split(",")
         key = ECC.construct(curve="ed25519", point_x=int(x, 16), point_y=int(y, 16))
-        return key.public_key().export_key(format="OpenSSH").split()[-1]
 
     if key_type == "ecdsa-sha2-nistp256":
         _, x, y = iv.split(",")
         key = ECC.construct(curve="NIST P-256", point_x=int(x, 16), point_y=int(y, 16))
-        return key.public_key().export_key(format="OpenSSH").split()[-1]
 
     if key_type == "rsa2":
         exponent, modulus = iv.split(",")
         key = RSA.construct((int(modulus, 16), int(exponent, 16)))
-        return key.public_key().export_key(format="OpenSSH").decode("utf-8").split()[-1]
 
-    log.warning("Could not reconstruct public key: type %s not implemented.", key_type)
-    return iv
+    if key is None:
+        log.warning("Could not reconstruct public key: type %s not implemented", key_type)
+        return iv, (None, None, None)
+
+    openssh_public_key = key.public_key().export_key(format="OpenSSH")
+
+    if isinstance(openssh_public_key, bytes):
+        # RSA's export_key() returns bytes
+        openssh_public_key = openssh_public_key.decode()
+
+    key_part = openssh_public_key.split()[-1]
+    fingerprints = calculate_fingerprints(b64decode(key_part))
+    return key_part, fingerprints

dissect/target/plugins/apps/ssh/ssh.py

@@ -1,3 +1,6 @@
+import base64
+from hashlib import md5, sha1, sha256
+
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import NamespacePlugin
@@ -29,6 +32,7 @@ KnownHostRecord = OpenSSHUserRecordDescriptor(
         ("varint", "port"),
         ("string", "public_key"),
         ("string", "marker"),
+        ("digest", "fingerprint"),
     ],
 )
 
@@ -50,9 +54,45 @@ PublicKeyRecord = OpenSSHUserRecordDescriptor(
         ("datetime", "mtime_ts"),
         *COMMON_ELLEMENTS,
         ("string", "public_key"),
+        ("digest", "fingerprint"),
     ],
 )
 
 
 class SSHPlugin(NamespacePlugin):
     __namespace__ = "ssh"
+
+
+def calculate_fingerprints(public_key_decoded: bytes, ssh_keygen_format: bool = False) -> tuple[str, str, str]:
+    """Calculate the MD5, SHA1 and SHA256 digest of the given decoded public key.
+
+    Adheres as much as possible to the output provided by ssh-keygen when ``ssh_keygen_format``
+    parameter is set to ``True``. When set to ``False`` (default) hexdigests are calculated
+    instead for ``sha1``and ``sha256``.
+
+    Resources:
+        - https://en.wikipedia.org/wiki/Public_key_fingerprint
+        - https://man7.org/linux/man-pages/man1/ssh-keygen.1.html
+        - ``ssh-keygen -l -E <alg> -f key.pub``
+    """
+    if not public_key_decoded:
+        raise ValueError("No decoded public key provided")
+
+    if not isinstance(public_key_decoded, bytes):
+        raise ValueError("Provided public key should be bytes")
+
+    if public_key_decoded[0:3] != b"\x00\x00\x00":
+        raise ValueError("Provided value does not look like a public key")
+
+    digest_md5 = md5(public_key_decoded).digest()
+    digest_sha1 = sha1(public_key_decoded).digest()
+    digest_sha256 = sha256(public_key_decoded).digest()
+
+    if ssh_keygen_format:
+        fingerprint_sha1 = base64.b64encode(digest_sha1).rstrip(b"=").decode()
+        fingerprint_sha256 = base64.b64encode(digest_sha256).rstrip(b"=").decode()
+    else:
+        fingerprint_sha1 = digest_sha1.hex()
+        fingerprint_sha256 = digest_sha256.hex()
+
+    return digest_md5.hex(), fingerprint_sha1, fingerprint_sha256

{dissect.target-3.17.dev25.dist-info → dissect.target-3.17.dev26.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.17.dev25
+Version: 3.17.dev26
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.17.dev25.dist-info → dissect.target-3.17.dev26.dist-info}/RECORD

@@ -133,10 +133,10 @@ dissect/target/plugins/apps/remoteaccess/teamviewer.py,sha256=SiEH36HM2NvdPuCjfL
 dissect/target/plugins/apps/shell/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/shell/powershell.py,sha256=biPSMRWxPI6kRqP0-75yMtrw0Ti2Bzfl_xI3xbmmF48,2641
 dissect/target/plugins/apps/ssh/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/apps/ssh/openssh.py,sha256=jDNP8aq9JHivosexPlxWRUgeJo1MHclb336dzO1zRJc,7086
+dissect/target/plugins/apps/ssh/openssh.py,sha256=yt3bX93Q9wfF25_vG9APMwfZWUUqCPyLlVJdhu20syI,7250
 dissect/target/plugins/apps/ssh/opensshd.py,sha256=DaXKdgGF3GYHHA4buEvphcm6FF4C8YFjgD96Dv6rRnM,5510
-dissect/target/plugins/apps/ssh/putty.py,sha256=N8ssjutUVN50JNA5fEIVISbP5sJ7bGTFidRbX3uNG5Y,9404
-dissect/target/plugins/apps/ssh/ssh.py,sha256=uCaoWlT2bgKLUHA1aL6XymJDWJ8JmLsN8PB1C66eidY,1409
+dissect/target/plugins/apps/ssh/putty.py,sha256=bTX6ZU6zsc78zBdsBGUotc_ek_E1a7HSowoqD1y4PzA,9927
+dissect/target/plugins/apps/ssh/ssh.py,sha256=tTA87u0B8yY1yVCPV0VJdRUct6ggkir_pIziP-eKnVo,3009
 dissect/target/plugins/apps/vpn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/vpn/openvpn.py,sha256=d-DGINTIHP_bvv3T09ZwbezHXGctvCyAhJ482m2_-a0,7654
 dissect/target/plugins/apps/vpn/wireguard.py,sha256=SoAMED_bwWJQ3nci5qEY-qV4wJKSSDZQ8K7DoJRYq0k,6521
@@ -336,10 +336,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.17.dev25.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.17.dev25.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.17.dev25.dist-info/METADATA,sha256=9gF0AAh1PZsU75RQtErozfTPL0q2jyWQo1i76L34lR0,11300
-dissect.target-3.17.dev25.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-dissect.target-3.17.dev25.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.17.dev25.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.17.dev25.dist-info/RECORD,,
+dissect.target-3.17.dev26.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.17.dev26.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.17.dev26.dist-info/METADATA,sha256=fyuJSNpaOXUDx5rJFQYpsaxFKwa7VqFttG1XIvZxXco,11300
+dissect.target-3.17.dev26.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+dissect.target-3.17.dev26.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.17.dev26.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.17.dev26.dist-info/RECORD,,