sshagent: add a few fixes and assertions

sshagent/formats.py

@@ -26,6 +26,7 @@ def parse_pubkey(blob):
     curve_name = util.read_frame(s)
     log.debug('curve name: %s', curve_name)
     point = util.read_frame(s)
+    assert s.read() == b''
     _type, point = point[:1], point[1:]
     assert _type == DER_OCTET_STRING
     size = len(point) // 2

sshagent/protocol.py

@@ -67,6 +67,7 @@ class Handler(object):
         key = formats.parse_pubkey(util.read_frame(buf))
         log.debug('looking for %s', key['fingerprint'])
         blob = util.read_frame(buf)
+        assert util.read_frame(buf) == b''
 
         for k in self.public_keys:
             if (k['fingerprint']) == (key['fingerprint']):

sshagent/server.py

@@ -89,7 +89,7 @@ def run_process(command, environ):
     env = dict(os.environ)
     env.update(environ)
     try:
-        p = subprocess.Popen(args=command, env=env)
+        p = subprocess.Popen(args=command, env=env, shell=True)
     except OSError as e:
         raise OSError('cannot run %r: %s' % (command, e))
     log.debug('subprocess %d is running', p.pid)

sshagent/trezor.py

@@ -100,7 +100,7 @@ def _string_to_identity(s):
     host, port = _rsplit(s, ':')
 
     if not proto:
-        proto = 'ssh'
+        proto = 'ssh'  # otherwise, Trezor will use SECP256K1 curve
 
     result = [
         ('proto', proto), ('user', user), ('host', host),
@@ -148,4 +148,7 @@ def _parse_ssh_blob(data):
         res['pubkey'] = util.read_frame(i)
         log.debug('%s: user %r via %r (%r)',
                   res['conn'], res['user'], res['auth'], res['key_type'])
+        log.debug('nonce: %s', binascii.hexlify(res['nonce']))
+        pubkey = formats.parse_pubkey(res['pubkey'])
+        log.debug('fingerprint: %s', pubkey['fingerprint'])
     return res