YfdZddlmZddlZddlZddlZddlZddlmZm Z m Z ddl m Z m Z ddlmZddlZddlmZddlmZdd lmZdd lmZmZdd lmZmZmZmZmZdd l m!Z!m"Z"m#Z#dd l$m%Z%m&Z&ddl'm(Z(ddl)m*Z*m+Z+ddl,m-Z-ddl.m/Z/ddl0m1Z1m2Z2ddl3m4Z4m5Z5ddl6m7Z7 ddl8m9Z9m:Z:n#e;$r ddl8mej?ej@dZAddddZBejCZCejDZDGddeEZFGddeEZGGd d!eEZHGd"d#eEZIGd$d%e5ZJGd&d'eEZKd(ZLGd)d*ZMd-d,ZNdS).z0 Handling of RSA, DSA, ECDSA, and Ed25519 keys. ) annotationsN) b64encode decodebytes encodebytes)md5sha256)Any)utils)InvalidSignature)default_backend)hashes serialization)dsaeced25519paddingrsa)Cipher algorithmsmodes)load_pem_private_keyload_ssh_public_key)Literal)commonsexpy) int_to_bytes) randbytes) iterbytes nativeString) NamedConstantNames)_mutuallyExclusiveArguments)decode_dss_signatureencode_dss_signature)decode_rfc6979_signatureencode_rfc6979_signature)secdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521snistp256snistp384snistp521)s secp256r1s secp384r1s secp521r1ceZdZdZdS) BadKeyErrorzj Raised when a key isn't what we expected from it. XXX: we really need to check for bad keys N__name__ __module__ __qualname____doc__H/var/www/html/env/lib/python3.11/site-packages/twisted/conch/ssh/keys.pyr(r(Dsr/r(ceZdZdZdS)BadSignatureAlgorithmErrorzi Raised when a public key signature algorithm name isn't defined for this public key format. Nr)r.r/r0r2r2Lr/r2ceZdZdZdS)EncryptedKeyErrorzb Raised when an encrypted key is presented to fromString/fromFile without a password. Nr)r.r/r0r5r5Sr3r/r5ceZdZdZdS)BadFingerPrintFormatzS Raises when unsupported fingerprint formats are presented to fingerprint. Nr)r.r/r0r7r7Zsr/r7c:eZdZdZeZeZdS)FingerprintFormatsa Constants representing the supported formats of key fingerprints. @cvar MD5_HEX: Named constant representing fingerprint format generated using md5[RFC1321] algorithm in hexadecimal encoding. @type MD5_HEX: L{twisted.python.constants.NamedConstant} @cvar SHA256_BASE64: Named constant representing fingerprint format generated using sha256[RFC4634] algorithm in base64 encoding @type SHA256_BASE64: L{twisted.python.constants.NamedConstant} N)r*r+r,r-r MD5_HEX SHA256_BASE64r.r/r0r9r9`s0  mooG!MOOMMMr/r9ceZdZdZdS)PassphraseNormalizationErrorz Raised when a passphrase contains Unicode characters that cannot be normalized using the available Unicode character database. Nr)r.r/r0r=r=qr3r/r=ct|trOtd|Drtt jd|dS|S)a Normalize a passphrase, which may be Unicode. If the passphrase is Unicode, this follows the requirements of U{NIST 800-63B, section 5.1.1.2} for Unicode characters in memorized secrets: it applies the Normalization Process for Stabilized Strings using NFKC normalization. The passphrase is then encoded using UTF-8. @type passphrase: L{bytes} or L{unicode} or L{None} @param passphrase: The passphrase to normalize. @return: The normalized passphrase, if any. @rtype: L{bytes} or L{None} @raises PassphraseNormalizationError: if the passphrase is Unicode and cannot be normalized using the available Unicode character database. c3FK|]}tj|dkVdS)CnN) unicodedatacategory).0cs r0 z'_normalizePassphrase..s2CC1{#A&&$.CCCCCCr/NFKCzUTF-8) isinstancestranyr=rA normalizeencode passphrases r0_normalizePassphraserNxsl&*c""  CC CCC C C 1/00 0$VZ88??HHHr/cpeZdZdZed5dZed5dZedZedZedZ edZ ed Z ed Z ed Z ed Zed ZedZed6dZed7dZed7dZed7dZed7dZdZd8dZd9dZdZdZejfdZd:d Zd!Zd"Z d#Z!d$Z"d;d&Z#d'Z$d(Z%e&d)d*gd)d+ggd6d,Z'd7d-Z(d5d.Z)d7d/Z*dQ>>!&&((D*== > > > > > > > > > > > > > > > > > >s)AA A ct|tr|d}t|}|||}|t d|t |d|d}|t d||jj dkr|rt d||S|||S)a Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key. @type data: L{bytes} @param data: The key data. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. utf-8Nzcannot guess the type of _fromString_zno _fromString method for zkey not encrypted) rGrHrKrN_guessStringTyper(getattrupper__code__ co_argcount)rVdatarXrMmethods r0rTzKey.fromStrings. dC  (;;w''D)*55 <''--D <B$BBCC C;TZZ\\;;TBB >A4AABB B ? &! + + 7!"56666$<< 6$ ++ +r/c tj|\}}|dkrVtj|d\}}}|tj||t S|dkrntj|d\}}}} }|tj| tj |||t S|tvrM|tj t|tj|ddS|dkr,tj|\} }|| Std |) a Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:: string 'ssh-rsa' integer e integer n The format of a DSA public key blob is:: string 'ssh-dss' integer p integer q integer g integer y The format of ECDSA-SHA2-* public key blob is:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name. The format of an Ed25519 public key blob is:: string 'ssh-ed25519' string a @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown. ssh-rsar^ssh-dsspqgyparameter_numbers ssh-ed25519unknown blob type: )rgetNSgetMPrRSAPublicNumbers public_keyr rDSAPublicNumbersDSAParameterNumbers _curveTablerEllipticCurvePublicKeyfrom_encoded_point_fromEd25519Componentsr() rVblobkeyTyperestenrkrlrmroas r0_fromString_BLOBzKey._fromString_BLOBsD T**  j dA..JAq$3s+Aq11<<_=N=NOOPP P  " "%|D!44 Aq!Q3$3+BQ!q+Q+Q+Q*_..//   # #3)<<(&,tQ*?*?*B   & &l4((GAt--a00 0=G==>> >r/ctj|\}}|dkr7tj|d\}}}}}} }|||||| S|dkr6tj|d\}} } } } }|| | || | S|t vrt |} tj|d\}} }|t | jdkrtd |d |tj|\}}| | || S|d kr:tj|d\}}}|d d}| ||Std|)a6 Return a private key object corresponding to this private key blob. The blob formats are as follows: RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' string identifier string q integer privateValue identifier is the standard NIST curve name. Ed25519 keys:: string 'ssh-ed25519' string a string k || a @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * the key type (the first string) is unknown * the curve name of an ECDSA key does not match the key type rgrrdrkrlrhrormrkrlxr^asciizECDSA curve name z does not match key type ) encodedPointcurve privateValuerrN )krs) rrtru_fromRSAComponents_fromDSAComponentsrz _secToNistnamerKr(_fromECEncodedPointr})rVr~rrrrrurkrlrmrorr curveNamerrcombinedrs r0_fromString_PRIVATE_BLOBzKey._fromString_PRIVATE_BLOBs\ T**  j %+\$%:%: "Aq!Q1d))Aa1)BB B  " ""(,tQ"7"7 Aq!Q4))Aa1)BB B  # #(E!'dA!6!6 Iq$Juz'8'8'A'ABBB!k!*GG5"(d!3!3 L$**gL+  & &!' T1 5 5 Ax" A--a1-55 5=G==>> >r/c|dr%|t|tSt|d}||S)a Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:: @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the blob type is unknown. s ecdsa-sha2rq) startswithrr rsplitr)rVrdr~s r0_fromString_PUBLIC_OPENSSHzKey._fromString_PUBLIC_OPENSSHasg ??= ) ) E3*41B1BCCDD D4::<<?++##D)))r/c |}td|dd}|dst d|t dd}tj|d\}}}}tj d|dd d } | dkrt d tj|d dd \} } } |d kro|std|dvr+tj } d} t|dddz}| }nt d||dkrWtj|\}}tj d|dd d }tj||||z|d}nt d|t | | zd krt dt#| |d|t%j||||zt)}|| |z}n|d krt d|d| }tj d|dd d }tj d|d dd }||krt d||fz||ddS)a* Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. The format of an openssh-key-v1 private key string is:: -----BEGIN OPENSSH PRIVATE KEY----- -----END OPENSSH PRIVATE KEY----- The SSH protocol string is as described in U{PROTOCOL.key}. @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the SSH protocol encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key r/rqopenssh-key-v1z"unknown OpenSSH private key formatN!LrirzDonly OpenSSH private key files containing a single key are supportedr^none0Passphrase must be provided for an encrypted key)s aes128-ctrs aes192-ctr aes256-ctrrzunknown encryption type bcryptT)ignore_few_roundszunknown KDF type z bad paddingbackendzprivate key specifies KDF z but no cipherz#check values do not match: %d != %d)strip splitlinesrjoinrr(lenrrtstructunpackr5rAESintbcryptkdfrrCTRr decryptorupdatefinalizer)rVrdrMlineskeyListcipherr kdfOptionsrr_encPrivKeyListalgorithmClass blockSizekeySizeivSizesaltroundsdecKeyr privKeyListcheck1check2s r0_fromPrivateOpenSSH_v1zKey._fromPrivateOpenSSH_v1vsI: ''))chhuQrT{3344!!"566 DBCC C#122445(. Wa(@(@%Z M$RaR ) )! , 66-  &|DHa88>1 W   'IFFF!+ fQqSk**a/"!"GV"G"GHHHi#\*55 dtT"1"X66q9f$&* ""=c"="=>>>N##i/A55!-000vhwh/00 &7V+;!;<=='))ikk  $**>::Y=O=O=Q=QQKKg~~!kGJssL)Kt[!_55a8t[1%566q9 V  CvvFVVWW W++KO<< PRIVATE KEY----- [Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,] ------END PRIVATE KEY------ The ASN.1 structure of a RSA key is:: (0, n, e, d, p, q) The ASN.1 structure of a DSA key is:: (0, p, q, g, y, x) The ASN.1 structure of a ECDSA key is:: (ECParameters, OID, NULL) @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key r N)sECsRSAsDSArz&Failed to decode key (Bad Passphrase?)unknown key type )rrrr TypeErrorr5 ValueErrorr()rVrdrMrkindkeys r0_fromPrivateOpenSSH_PEMzKey._fromPrivateOpenSSH_PEMsJ ''))Qx3 J * * * L*4_=N=NOO   'F L L L!"JKKK L3s88O8$8899 9s A2Bc|ddddkr|||S|||S)a Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error. @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key rrrsOPENSSH)rrrr)rVrdrMs r0_fromString_PRIVATE_OPENSSHzKey._fromString_PRIVATE_OPENSSHs_, ::<< " " $ $Q '3 /: = =--dJ?? ?..tZ@@ @r/c*tjt|dd}|ddksJi}|dddD]4\}}tjtj|d||<5|dddkr1||d|d|d |d  S|ddd kr#||d |dStd|dd)a Return a public key corresponding to this LSH public key string. The LSH public key string format is:: , ()+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown rqrr public-keyNdsaygpqrormrkrlrsa-pkcs1-sha1nerrunknown lsh key type ) rparserrruNSrrr(rVrdsexpkdrs r0_fromString_PUBLIC_LSHzKey._fromString_PUBLIC_LSH%s"{;tAbDz2233Aw-'''' q'!""+ 8 8JD$|FIdOO44Q7BtHH 71:  ))T(bh"T(bh* !WQZ, , ,))BtH4)AA ABd1gajBBCC Cr/c2tj|}|ddksJi}|dddD]4\}}tjtj|d||<5|dddkrbt |dksJt |||d|d|d |d |d  S|ddd krt |dksJt ||d |d kr|d |d c|d <|d <||d|d|d|d |d Std|dd)a+ Return a private key corresponding to this LSH private key string. The LSH private key string format is:: , (, )+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown r private-keyrqNrrrrrrxr rsa-pkcs1rrrdrr) rrrrurrrrr(rs r0_fromString_PRIVATE_LSHzKey._fromString_PRIVATE_LSHEs"{4  Aw.(((( q'!""+ 8 8JD$|FIdOO44Q7BtHH 71:  r77a<<<R<<<))T(bh"T(bh"T(* !WQZ< ' 'r77a<<<R<<<$x"T(""%'Xr$x"4"T())T(bh"T(bh"T(*  Bd1gajBBCC Cr/ctj|\}}|dkrtj|\}}tj|\}}tj|\}}tj|\}}tj|\}}||||||S|dkrtj|\}}tj|\} }tj|\} }tj|\} }tj|\}}tj|\}}|| || ||| St d|)a Return a private key object corresponsing to the Secure Shell Key Agent v3 format. The SSH Key Agent v3 format for a RSA key is:: string 'ssh-rsa' integer e integer d integer n integer u integer p integer q The SSH Key Agent v3 format for a DSA key is:: string 'ssh-dss' integer p integer q integer g integer y integer x @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown rhrrgrrrrkrlrr)rrtrurrr() rVrdrrkrlrmrorrrrrs r0_fromString_AGENTV3zKey._fromString_AGENTV3ksU< T**  j l4((GAtl4((GAtl4((GAtl4((GAtl4((GAt))Aa1)BB B  " "l4((GAtl4((GAtl4((GAtl4((GAtl4((GAtl4((GAt))Aa1Q)GG G;';;<< >  #L..MGTE 3  & T 2 2  3qyy yv  r/c vtj||}|"|t}nutj|||tj||tj||tj|||} | t}||S)a Build a key from RSA numerical components. @type n: L{int} @param n: The 'n' RSA variable. @type e: L{int} @param e: The 'e' RSA variable. @type d: L{int} or L{None} @param d: The 'd' RSA variable (optional for a public key). @type p: L{int} or L{None} @param p: The 'p' RSA variable (optional for a public key). @type q: L{int} or L{None} @param q: The 'q' RSA variable (optional for a public key). @type u: L{int} or L{None} @param u: The 'u' RSA variable. Ignored, as its value is determined by p and q. @rtype: L{Key} @return: An RSA key constructed from the values as given. )rrN)rkrlrdmp1dmq1iqmppublic_numbers) rrvrwr RSAPrivateNumbers rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmp private_key) rVrrrrkrlr publicNumbers keyObjectprivateNumberss r0rzKey._fromRSAComponentss6,qA666 9%001B1BCCII 2%a++%a++%a++,N'22?3D3DEEIs9~~r/c$tj|tj|||}|"|t }n7tj||}|t }||S)a Build a key from DSA numerical components. @type y: L{int} @param y: The 'y' DSA variable. @type p: L{int} @param p: The 'p' DSA variable. @type q: L{int} @param q: The 'q' DSA variable. @type g: L{int} @param g: The 'g' DSA variable. @type x: L{int} or L{None} @param x: The 'x' DSA variable (optional for a public key) @rtype: L{Key} @return: A DSA key constructed from the values as given. rjrnN)rr)rrxryrwr DSAPrivateNumbersr) rVrorkrlrmrrr r s r0rzKey._fromDSAComponentss.,3#:Q!q#I#I#I    9%001B1BCCII 2Q}UUUN&22?3D3DEEIs9~~r/ctj||t|}|"|t }n7tj||}|t }||S)a Build a key from EC components. @param x: The affine x component of the public point used for verifying. @type x: L{int} @param y: The affine y component of the public point used for verifying. @type y: L{int} @param curve: NIST name of elliptic curve. @type curve: L{bytes} @param privateValue: The private value. @type privateValue: L{int} rrorN) private_valuer)rEllipticCurvePublicNumbersrzrwr EllipticCurvePrivateNumbersr)rVrrorrrr r s r0_fromECComponentszKey._fromECComponents s$51K.     %001B1BCCII;*=N'22?3D3DEEIs9~~r/c|,tjt||}n-tj|t|t }||S)aa Build a key from an EC encoded point. @param encodedPoint: The public point encoded as in SEC 1 v2.0 section 2.3.3. @type encodedPoint: L{bytes} @param curve: NIST name of elliptic curve. @type curve: L{bytes} @param privateValue: The private value. @type privateValue: L{int} )rr{r|rzderive_private_keyr )rVrrrr s r0rzKey._fromECEncodedPoint,sd  1DDE"LII-k%0/2C2CIs9~~r/ctttd|t|}nt|}||S)aBuild a key from Ed25519 components. @param a: The Ed25519 public key, as defined in RFC 8032 section 5.1.5. @type a: L{bytes} @param k: The Ed25519 private key, as defined in RFC 8032 section 5.1.5. @type k: L{bytes} Nz)Ed25519 keys not supported on this system)Ed25519PublicKeyEd25519PrivateKeyr(from_public_bytesfrom_private_bytes)rVrrr s r0r}zKey._fromEd25519ComponentsHsZ  #'8'@IJJ J 9(::1==II)< < z Public Keyz Private Keyz (zattr :Ed25519ri02xr >)rXrddecodeisPublicsorteditemsrsizeappendrMPrordrr) rrdroutrvrbymorDs r0__repr__z Key.__repr__rso 99;;$  99;;D=''00D}} HFT"##YFFFGd233iGGGtzz||,, , ,1<<0$000CC++++++CC;  (!----MMOO4 E EEIIKKKK Etyy{{002233 + +1 \Q\\\***))++22QQ ! QRR8H+3B3ABCCBA&q\\113q66 0 0 0 001vv{{crcFLL***+b CE"I99U## #r/ct|jtjtjt jtj fS)zl Check if this instance is a public key. @return: C{True} if this is a public key. ) rGrr RSAPublicKeyr DSAPublicKeyrr{rrrs r0r3z Key.isPublics8  O  )(     r/cz|r|St|jS)z Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self. @rtype: L{Key} @return: A public key. )r3rPrrwrCs r0publicz Key.publics5 ==?? 5Kt113344 4r/c |tjurMttt |S|tjurjtddtt|DStd|)aO The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include L{FingerprintFormats.MD5_HEX} and L{FingerprintFormats.SHA256_BASE64} The input to the algorithm is the public key data as specified by [RFC4253]. The output of sha256[RFC4634] algorithm is presented to the user in the form of base64 encoded sha256 hashes. Example: C{US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=} The output of the MD5[RFC1321](default) algorithm is presented to the user as a sequence of 16 octets printed as hexadecimal with lowercase letters and separated by colons. Example: C{c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87} @param format: Format for fingerprint generation. Consists hash function and representation format. Default is L{FingerprintFormats.MD5_HEX} @since: 8.2 @return: the user presentation of this L{Key}'s fingerprint, as a string. @rtype: L{str} :c6g|]}tj|Sr.)binasciihexlify)rCrs r0 z#Key.fingerprint..s#WWWQX%a((WWWr/z Unsupported fingerprint format: ) r9r;rrrr~digestr:rrrr7)rformats r0 fingerprintzKey.fingerprints: '5 5 5 &*=*=*D*D*F*F G GHH H )1 1 1 WW)C >!=??*^^!=??*!=??*t&,[]]*0-//*0-//%+[]]-3]__  c499;; .//  0r/c|jdS|dkr|jjjS|dkrdS|jjS)zv Return the size of the object we wrap. @return: The size of the key. @rtype: L{int} Nrr&r,r^)rrXrkey_sizerCs r0r6zKey.size:sU ? "1 YY[[D ?(1 1 YY[[I % %3''r/dict[str, Any]c $t|jtjr(|j}|j|jdSt|jtjrb|j}|jj|jj|j |j |j tj |j |j dSt|jtjrC|j}|j|jj|jj |jj dSt|jtjr]|j}|j|jj|jjj|jjj |jjj dSt|jt(jr;|j}|j|j|dSt|jt(jrK|j}|jj|jj|j|dSt|jt2jr;d|jt8jjt8jjiSt|jt2j r|j!t8jjt8jj|j"t8jjt8j#jt9j$dStKd |j) z_ Return the values of the public key as a dictionary. @rtype: L{dict} rrr)rrormrkrlr)rrorrr)rrzUnexpected key type: )&rGrrrArrrrSprivate_numbersrrkrlrrrBrorprmrTrrr{rXrUrrr public_bytesrEncodingRaw PublicFormatrrw private_bytes PrivateFormat NoEncryptionrV)rrsa_pub_numbersrsa_priv_numbersdsa_pub_numbersdsa_priv_numbersec_pub_numbersec_priv_numberss r0rdzKey.dataIs: dos'7 8 8D J"o<<>>O$&$& ): ; ;> J#>>@@ %46%46%'%'%'%&6&8:J:LMM )9 : :3 J"o<<>>O$&$68$68$68   ): ; ;+ J#>>@@ %'%46%4FH%4FH%4FH  )B C C" J!_;;==N#%#%  )C D D J"o==??O$35$35 / =   )A B B JT_11!*. 0J0N  )B C C J_//11>>!*. 0J0N_22!*.!/3!.00   HtHHII Ir/c|}|}|dkrJtjdtj|dztj|dzS|dkrtjdtj|dztj|dztj|d ztj|d zS|d kr|jjjd zd z}tj|dtj|dddztjdtj |d|ztj |d |zzS|dkr/tjdtj|dzStd|)a Return the public key blob for this key. The blob is the over-the-wire format for public keys. SECSH-TRANS RFC 4253 Section 6.6. RSA keys:: string 'ssh-rsa' integer e integer n DSA keys:: string 'ssh-dss' integer p integer q integer g integer y EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name Ed25519 keys:: string 'ssh-ed25519' string a @rtype: L{bytes} rQrgrrrRrhrkrlrmror&rrNrr,rrrunknown key type: ) rXrdrrr8rrrgr rr()rrXrd byteLengths r0r~zKey.blobs@yy{{yy{{ 5==9Z((69T#Y+?+??&)DQTIBVBVV V U]] *%%)DI&&')DI&&')DI&&')DI&& ' T\\//81<BJ $w-(()DM"##.//0)(cJ??@(cJ??@ Y  9^,,vyc/C/CC C9499:: :r/c|}|}|dkrtj|d|d}t jdt j|dzt j|dzt j|dzt j|zt j|dzt j|dzS|dkrt jd t j|dzt j|dzt j|d zt j|d zt j|d zS|d kr|j tj j tj j}t j|dt j|dddzt j|zt j|dzS|dkrSt jdt j|dzt j|d|dzzStd|)a1 Return the private key blob for this key. The blob is the over-the-wire format for private keys: Specification in OpenSSH PROTOCOL.agent RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y integer privateValue identifier is the NIST standard curve name. Ed25519 keys:: string 'ssh-ed25519' string a string k || a rQrkrlrgrrrrRrhrmrorr&rrzNrr,rrrrr|)rXrdrrrrr8rrwrkrrlX962rnUncompressedPointr()rrXrdrencPubs r0 privateBlobzKey.privateBlobszRyy{{yy{{ 5==#DItCy99D *%%)DI&&')DI&&')DI&&')D// " )DI&& ' )DI&& ' U]] *%%)DI&&')DI&&')DI&&')DI&& ' )DI&& ' T\\_//11>>&+*<F  $w-(()DM"##.//0)F##$)D0112  Y   .)))DI&&')DIS 1223  9499:: :r/extracommentrMcr|5tjdtd|r|}n|}t |t r|d}t|}t|d| d}|td|||||S) a Create a string representation of this key. If the key is a private key and you want the representation of its public key, use C{key.public().toString()}. type maps to a _toString_* method. @param type: The type of string to emit. Currently supported values are C{'OPENSSH'}, C{'LSH'}, and C{'AGENTV3'}. @type type: L{str} @param extra: Any extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to encrypt with. (Deprecated since Twisted 20.3.0; use C{comment} or C{passphrase} as appropriate instead.) @type extra: L{bytes} or L{unicode} or L{None} @param subtype: A subtype of the requested C{type} to emit. Only supported for private OpenSSH keys, for which the currently supported subtypes are C{'PEM'} and C{'v1'}. If not given, an appropriate default is used. @type subtype: L{str} or L{None} @param comment: A comment to include with the key. Only supported for OpenSSH keys. Present since Twisted 20.3.0. @type comment: L{bytes} or L{unicode} or L{None} @param passphrase: A passphrase to encrypt the key with. Only supported for private OpenSSH keys. Present since Twisted 20.3.0. @type passphrase: L{bytes} or L{unicode} or L{None} @rtype: L{bytes} NzThe 'extra' argument to twisted.conch.ssh.keys.Key.toString was deprecated in Twisted 20.3.0; use 'comment' or 'passphrase' instead.r) stacklevelr\ _toString_r|)subtyperrM) warningswarnDeprecationWarningr3rGrHrKrNr`rar()rrXrrrrMres r0toStringz Key.toString$sZ   MI#     }} #" gs # # .nnW--G)*55 :DJJLL::DAA >9499:: :vgw:NNNNr/c|dkrU|sd}|jtjjtjjdz|zSt|  dd}|sd}| dz|zdz|zS)a Return a public OpenSSH key string. See _fromString_PUBLIC_OPENSSH for the string format. @type comment: L{bytes} or L{None} @param comment: A comment to include with the key, or L{None} to omit the comment. r&r/  ) rXrrkrrlOpenSSHrnrrr~replacerX)rrb64Datas r0_toPublicOpenSSHzKey._toPublicOpenSSHfs 99;;$   ,,!*2M4N4V  egg  diikk**225#>> G %/$6@GGIIIr/c 0|r_tj}d}d}|jdz}d}|}tj|} d} t j| tjd| z} nd}d}d}d} tjd } | | z| zt j|pdz} d }t| |zr-|d z }| t|d zfz } t| |z-|rtj || ||zd}t||d |tj||||zt#}|| |z}n| }dt j|zt j|zt j| ztjdd zt j|zt j|z}t-|dddgfdt1d tdDzdgz}d|dzS)aP Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. See _fromPrivateOpenSSH_v1 for the string format. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase to encrypt the key with, or L{None} if it is not encrypted. rrrrdrrr/rirrqNrrrs#-----BEGIN OPENSSH PRIVATE KEY-----c*g|]}||dzS)@r.)rCirs r0rKz,Key._toPrivateOpenSSH_v1..s&GGGqwq1r6z"GGGr/rs!-----END OPENSSH PRIVATE KEY-----)rr block_sizer secureRandomrrrpackrrbytesrrrrrr encryptorrrr~rrranger)rrrMr cipherNamekdfNamerrrrrrcheckrpadByteencKeyrrr~rrs @r0_toPrivateOpenSSH_v1zKey._toPrivateOpenSSH_v1s   ^F&JG)Q.IGF)&11DF46;tV+D+DDJJ JGIJ&q))emd&6&6&8&8869W^PS;T;TT +* 4 qLG 5'D.!233 3K+* 4  )Z D'F2BCHHFvhwh'(( &7V+;!;<=='))ikk  '--k::Y=O=O=Q=QQNN(N i ## $i   !i ## $k$""  # i $$  % i''  ( d##++E377 3 4GGGGE!S\\2,F,FGGG H34 5  zz%  5((r/cL|stj}ntj|}|dkr:|jtjjtjj |S|dksJtd)a, Return a private OpenSSH key string, in the old PEM-based format. See _fromPrivateOpenSSH_PEM for the string format. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase to encrypt the key with, or L{None} if it is not encrypted. r,zBcannot serialize Ed25519 key to OpenSSH PEM format; use v1 instead) rrqBestAvailableEncryptionrXrrorlPEMrpTraditionalOpenSSLr)rrMrs r0_toPrivateOpenSSH_PEMzKey._toPrivateOpenSSH_PEMs J%244II%=jIII 99;;) # #?00&*+> 99;;)++++W r/c$|r||S|dks|/|dkr|||S||dkr||St d|) ar Return a public or private OpenSSH string. See L{_fromString_PUBLIC_OPENSSH} and L{_fromPrivateOpenSSH_PEM} for the string formats. @param subtype: A subtype to emit. Only supported for private keys, for which the currently supported subtypes are C{'PEM'} and C{'v1'}. If not given, an appropriate default is used. @type subtype: L{str} or L{None} @param comment: Comment for a public key. @type comment: L{bytes} @param passphrase: Passphrase for a private key. @type passphrase: L{bytes} @rtype: L{bytes} )rv1Nr,)rrMrrLzunknown subtype )r3rrXrrr)rrrrMs r0_toString_OPENSSHzKey._toString_OPENSSHs& ==?? ;(((99 9 __TYY[[I5M5M,,W,TT T _5 0 0---DD D999:: :r/c ~|}|}|rK|dkr_tjdddt j|dddgdt j|d ddgggg}n|d krtjdd d t j|d ddgdt j|dddgdt j|dddgdt j|dddgggg}ntd|dt| ddzdzS|dkrO|d |d}}tj ||}tjdddt j|dddgdt j|d ddgdt j|dddgd t j|ddgdt j|ddgdt j|d|dz zddgdt j|d|dz zddgd t j|ddgg ggS|d krtjdd d t j|d ddgdt j|dddgdt j|dddgdt j|dddgd!t j|d"ddggggStd|d#)$z Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats. @rtype: L{bytes} rQrrrrriNrrrRrrrkrrlrrmrrorrrr/}rrrrarqbcrr') rdrXr3rrrr8r(rrrr)rkwargsrdrXkeyDatarkrlrs r0 _toString_LSHzKey._toString_LSHsyy{{yy{{ ==??G ?u}}** 1!%vyc';';ABB'? @!%vyc';';ABB'? @   ** &!%vyc';';ABB'? @!%vyc';';ABB'? @!%vyc';';ABB'? @!%vyc';';ABB'? @     "">>r/c |}|s|dkr-|d|d|d|d|d|df}n=|dkr%|d|d|d |d |d f}tj|d ttj|zSd S)z Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format. @rtype: L{bytes} rQrrrrrkrlrRrmrorr/N) rdr3rXrrrXrmapr8)rrrdvaluess r0_toString_AGENTV3zKey._toString_AGENTV3Isyy{{}} Pyy{{e##IIIIII %%s)T#YS 49d3iP9T\\^^,,sxxFIv8N8N/O/OO O P Pr/c|}||}||}|td|d|d|dkrC|j|t j|}tj |}n|dkrb|j||}t|\}}tj t|dt|dz}nZ|dkr!|j|tj |} t| \}}t|} t|} t| d turt| d } n| d } | d zrd | z} t| d turt| d } n| d } | d zrd | z} tj tj | tj | z}n2|d kr,tj |j|}tj ||zS) a Sign some data with this key. SECSH-TRANS RFC 4253 Section 6.6. @type data: L{bytes} @param data: The data to sign. @type signatureType: L{bytes} @param signatureType: The SSH public key algorithm name to sign this data with, or L{None} to use a reasonable default for the key. @rtype: L{bytes} @return: A signature for the given data. Nzpublic key signature algorithm z is not defined for z keysrQrRr&rr,)rXrXrer2rsignrPKCS1v15rrr#rrECDSArHr9)rrdrdr hashAlgorithmsigretrs signaturerRsbrcompscomps r0rzKey.sign_sS ))++  !LLNNM..}==  ,.-..&...  e  /&&tW-=-?-?OOC)C..CC   /&&t];;C)#..FQ )LB//,q"2E2EEFFCC __,,T28M3J3JKKI))44FQaBaBBqE{{c!!BqE 1t| "r\BqE{{c!!BqE 1t| "r\)FIbMMFIbMM9::CC  ! !)DO006677Cy''#--r/clt|dkrdtj|}}ntj|\}}||}|dS|}|dkr`|j}|s|}tj|d|tj |f}n|dkrtj|d}t |ddd } t |ddd } t| | }|j}|s|}|||f}n|d krtj|d}tj|d \} } } t | d } t | d } t| | }|j}|s|}||tj|f}nQ|d krK|j}|s|}tj|d|f} |j|d S#t"$rYdSwxYw)a Verify a signature using this key. @type signature: L{bytes} @param signature: The signature to verify. @type data: L{bytes} @param data: The signed data. @rtype: L{bool} @return: C{True} if the signature is valid. (rhNFrQrrRrbigr&r^r,T)rrrrtrerXrr3rwrrr from_bytesr$rrverifyr )rrrdrdrrrargsconcatenatedSignaturerrrstrsstrrs r0rz Key.verifys y>>R  '169Y3G3G9MM'-|I'>'> $M9..}==  5))++ e  A==?? #LLNN Y''* "" DD   $*L$;$;A$> !4SbS95AAA4RSS95AAA,Q22IA==?? #LLNNt]3DD __$*L$;$;A$> !%|,A1EE D$tU++AtU++A,Q22IA==?? #LLNNtRXm%<%<=DD  ! !A==?? #LLNNL++A.5D  AHdOO4    55 s J%% J32J3)NN)NNNN)N)rrr r!)r rH)r rO)r rh)NNN)0r*r+r,r- classmethodrZrTrrrrrrrrrr_rrrrr}rr$r?r3rEr9r:rNrXrXr\rer6rdr~rr"rrrrrrrrrr.r/r0rPrPs >>>[>(%,%,%,[%,N6?6?[6?pH?H?[H?T**[*(V=V=[V=p6:6:[6:pAA[A8DD[D>#D#D[#DJ.=.=[.=`[>***[*X   [ D[>[6[,$$$""""*$*$*$*$X   5 5 5"4!;&T&T&T&TPOOOO.0 $ $ $0006 ( ( (JJJJJJJJX:;:;:;xQ;Q;Q;f! i l #  :O:O:O  :OxJJJJ4<)<)<)<)|8;;;;:P?P?P?dPPP,J.J.J.J.XDDDDDr/rPc^|d|stjd|t }|tjj tj j tj }| ||d5}tj|dt }t#|cdddS#1swxYwYdS) a This function returns a persistent L{Key}. The key is loaded from a PEM file in C{location}. If it does not exist, a key with the key size of C{keySize} is generated and saved. @param location: Where the key is stored. @type location: L{twisted.python.filepath.FilePath} @param keySize: The size of the key, if it needs to be generated. @type keySize: L{int} @returns: A persistent key. @rtype: L{Key} T)ignoreExistingDirectoryi)public_exponentrgr)encodingrMencryption_algorithmrRN)passwordr)parentmakedirsexistsrgenerate_private_keyr rorrlrrprrq setContentrSrrUrP)locationr privateKeypemkeyFiles r0_getPersistentRSAKeyrsY  OOt<<< ??   !-!G_=N=N   &&"+/ .A!.!;!=!='   C   t  "7 LLNNT?3D3D   : sAD""D&)D&)r)Or- __future__rrIrrArbase64rrrhashlibrrtypingr r cryptographyr cryptography.exceptionsr cryptography.hazmat.backendsr cryptography.hazmat.primitivesr r)cryptography.hazmat.primitives.asymmetricrrrrr&cryptography.hazmat.primitives.ciphersrrr,cryptography.hazmat.primitives.serializationrrtyping_extensionsrtwisted.conch.sshrrtwisted.conch.ssh.commonrtwisted.pythonrtwisted.python.compatrrtwisted.python.constantsr r!twisted.python.deprecater"/cryptography.hazmat.primitives.asymmetric.utilsr#r$ ImportErrorr%r& SECP256R1 SECP384R1 SECP521R1rzrrr Exceptionr(r2r5r7r9r=rNrPrr.r/r0rs  #""""" 6666666666 444444888888@@@@@@@@TTTTTTTTTTTTTTLLLLLLLLLL&%%%%%++++++++111111$$$$$$9999999999999999@@@@@@ )BLNN(BLNN(BLNN  +-) 9 $$$$$$$$"9>XXXXXXXXv2((((((s B)) B98B9