U q`W@sddlZddlZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z ddlmZmZmZmZddlmZmZmZddlmZmZmZmZzdd lmZd ZWn2e k rd ZdWe!e!e"e"e#e!d d dZYnXdZ$dZ%dZ&dZ'dZ(dZ)dZ*e+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3dZ4e+e.de/ej5Z6e7e8e9d d!Z:ej;d"eje'e(e)d$Z?e@d%ZAe@d&ZBd'd(ZCe.d)e/d)fd*d+ZDd,d-ZEd.d/ZFd0d1ZGd2d3ZHd4d5ZId6d7ZJd8d9ZKd:d;ZLGdd?d?eMZOGd@dAdAeMZPGdBdCdCeMZQGdDdEdEeMZRe%eOe&ePe$eRe'eQdFeSe(eQdGeTe)eQdHeUiZVdIdJZWejXejYejZej[ej\fZ]dXe!ej^e!e]dKdLdMZ_dYe]ej^e!dNdOdPZ`ejXejaejbejcejdfZedZe!eedQdRdSZfeee!dTdUdVZgdS)[N) encodebytes)utilsUnsupportedAlgorithm) _get_backend)dsaeced25519rsa)Cipher algorithmsmodes)Encoding NoEncryption PrivateFormat PublicFormat)kdfTF)passwordsaltdesired_key_bytesroundsignore_few_roundsreturncCs tddS)NzNeed bcrypt moduler)rrrrrrW/tmp/pip-target-nv4zd3e_/lib/python/cryptography/hazmat/primitives/serialization/ssh.py _bcrypt_kdf srs ssh-ed25519sssh-rsasssh-dsssecdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521s-cert-v01@openssh.coms\A(\S+)[ \t]+(\S+)sopenssh-key-v1s#-----BEGIN OPENSSH PRIVATE KEY-----s!-----END OPENSSH PRIVATE KEY-----sbcryptsnone aes256-ctrHs(.*?) )rs aes256-cbc)Z secp256r1Z secp384r1Z secp521r1s>Is>QcCs(|j}|jtkrtd|jt|jS)z3Return SSH key_type and curve_name for private key.z)Unsupported curve for ssh private key: %r)curvename_ECDSA_KEY_TYPE ValueError) public_keyr"rrr_ecdsa_key_typeSs  r' cCsd|t||gS)N)join_base64_encode)dataprefixsuffixrrr_ssh_pem_encode]sr/cCs |rt||dkrtddS)zRequire data to be full blocksrzCorrupt data: missing paddingN)lenr%)r,Z block_lenrrr_check_block_sizeasr1cCs|r tddS)z!All data should have been parsed.zCorrupt data: unparsed dataN)r%r,rrr _check_emptygsr3c CsT|s tdt|\}}}}t|||||d} t|| d||| |d|S)z$Generate key + iv and return cipher.zKey is password-protected.TN)r% _SSH_CIPHERSrr ) ciphernamerrrbackendalgoZkey_lenmodeZiv_lenseedrrr _init_cipherms r:cCs6t|dkrtdt|ddd|ddfS)ZUint32 Invalid dataNr)r0r%_U32unpackr2rrr_get_u32ws r?cCs6t|dkrtdt|ddd|ddfS)ZUint64r<Nr)r0r%_U64r>r2rrr_get_u64~s rBcCs8t|\}}|t|kr td|d|||dfS)zBytes with u32 length prefixr<N)r?r0r%)r,nrrr _get_sshstrs  rDcCs4t|\}}|r$|ddkr$tdt|d|fS)z Big integer.rr<big)rDr%int from_bytes)r,valrrr _get_mpints rJcCs4|dkrtd|sdS|dd}t||S)z!Storage format for signed bigint.rznegative mpint not allowedr)r@)r% bit_lengthrZ int_to_bytes)rInbytesrrr _to_mpints rMc@sTeZdZdZdddZddZddZd d Zd d Zd dZ dddZ ddZ dS) _FragListz,Build recursive structure without data copy.NcCsg|_|r|j|dSN)flistextend)selfinitrrr__init__sz_FragList.__init__cCs|j|dS)zAdd plain bytesN)rPappendrRrIrrrput_rawsz_FragList.put_rawcCs|jt|dS)zBig-endian uint32N)rPrUr=packrVrrrput_u32sz_FragList.put_u32cCsLt|tttfr,|t||j|n|||j |jdS)zBytes prefixed with u32 lengthN) isinstancebytes memoryview bytearrayrYr0rPrUsizerQrVrrr put_sshstrs z_FragList.put_sshstrcCs|t|dS)z*Big-endian bigint prefixed with u32 lengthN)r_rMrVrrr put_mpintsz_FragList.put_mpintcCsttt|jS)zCurrent number of bytes)summapr0rP)rRrrrr^sz_FragList.sizercCs2|jD]&}t|}|||}}||||<q|S)zWrite into bytearray)rPr0)rRZdstbufposfragZflenstartrrrrenders  z_FragList.rendercCs"tt|}|||S)zReturn as bytes)r\r]r^rftobytes)rRbufrrrrgs z_FragList.tobytes)N)r) __name__ __module__ __qualname____doc__rTrWrYr_r`r^rfrgrrrrrNs   rNc@s8eZdZdZddZddZddZdd Zd d Zd S) _SSHFormatRSAzhFormat for RSA keys. Public: mpint e, n Private: mpint n, e, d, iqmp, p, q cCs$t|\}}t|\}}||f|fS)zRSA public fieldsrJ)rRr,erCrrr get_publics  z_SSHFormatRSA.get_publiccCs0||\\}}}t||}||}||fS)zMake RSA public key from data.)rpr RSAPublicNumbersr&)rRkey_typer,r6rorCpublic_numbersr&rrr load_publics  z_SSHFormatRSA.load_publicc Cst|\}}t|\}}t|\}}t|\}}t|\}}t|\} }||f|kr\tdt||} t|| } t||} t|| || | || } | |}||fS)zMake RSA private key from data.z Corrupt data: rsa field mismatch)rJr%r Z rsa_crt_dmp1Z rsa_crt_dmq1rqZRSAPrivateNumbers private_key)rRr, pubfieldsr6rCrodiqmppqZdmp1Zdmq1rsprivate_numbersrurrr load_privates,           z_SSHFormatRSA.load_privatecCs$|}||j||jdS)zWrite RSA public keyN)rsr`rorC)rRr&f_pubZpubnrrr encode_publics z_SSHFormatRSA.encode_publiccCsZ|}|j}||j||j||j||j||j||jdS)zWrite RSA private keyN) r{rsr`rCrorwrxryrz)rRruf_privr{rsrrrencode_privates     z_SSHFormatRSA.encode_privateN rirjrkrlrprtr|r~rrrrrrms rmc@s@eZdZdZddZddZddZdd Zd d Zd d Z dS) _SSHFormatDSAzhFormat for DSA keys. Public: mpint p, q, g, y Private: mpint p, q, g, y, x cCs@t|\}}t|\}}t|\}}t|\}}||||f|fS)zDSA public fieldsrn)rRr,ryrzgyrrrrps     z_SSHFormatDSA.get_publicc CsL||\\}}}}}t|||}t||} || | |} | |fS)zMake DSA public key from data.)rprDSAParameterNumbersDSAPublicNumbers _validater&) rRrrr,r6ryrzrrparameter_numbersrsr&rrrrts    z_SSHFormatDSA.load_publicc Cs|||\\}}}}}t|\}}||||f|kr:tdt|||} t|| } || t|| } | |} | |fS)zMake DSA private key from data.z Corrupt data: dsa field mismatch) rprJr%rrrrZDSAPrivateNumbersru) rRr,rvr6ryrzrrxrrsr{rurrrr|'s     z_SSHFormatDSA.load_privatecCsL|}|j}||||j||j||j||jdS)zWrite DSA public keyN)rsrrr`ryrzrr)rRr&r}rsrrrrr~5s    z_SSHFormatDSA.encode_publiccCs$|||||jdS)zWrite DSA private keyN)r~r&r`r{r)rRrurrrrr@sz_SSHFormatDSA.encode_privatecCs |j}|jdkrtddS)Niz#SSH supports only 1024 bit DSA keys)rryrKr%)rRrsrrrrrEsz_SSHFormatDSA._validateN) rirjrkrlrprtr|r~rrrrrrr s  rc@s@eZdZdZddZddZddZdd Zd d Zd d Z dS)_SSHFormatECDSAzFormat for ECDSA keys. Public: str curve bytes point Private: str curve bytes point mpint secret cCs||_||_dSrO)ssh_curve_namer")rRrr"rrrrTWsz_SSHFormatECDSA.__init__cCsJt|\}}t|\}}||jkr*td|ddkr>td||f|fS)zECDSA public fieldszCurve name mismatchrr;zNeed uncompressed point)rDrr%NotImplementedError)rRr,r"pointrrrrp[s    z_SSHFormatECDSA.get_publiccCs.||\\}}}tj|j|}||fS)z Make ECDSA public key from data.)rprEllipticCurvePublicKeyZfrom_encoded_pointr"rg)rRrrr,r6 curve_namerr&rrrrtes z_SSHFormatECDSA.load_publiccCsJ||\\}}}t|\}}||f|kr2tdt||j|}||fS)z!Make ECDSA private key from data.z"Corrupt data: ecdsa field mismatch)rprJr%rZderive_private_keyr")rRr,rvr6rrsecretrurrrr|ms   z_SSHFormatECDSA.load_privatecCs*|tjtj}||j||dS)zWrite ECDSA public keyN) public_bytesrZX962rZUncompressedPointr_r)rRr&r}rrrrr~ws  z_SSHFormatECDSA.encode_publiccCs,|}|}|||||jdS)zWrite ECDSA private keyN)r&r{r~r`Z private_value)rRrurr&r{rrrrs z_SSHFormatECDSA.encode_privateN) rirjrkrlrTrprtr|r~rrrrrrKs   rc@s8eZdZdZddZddZddZdd Zd d Zd S) _SSHFormatEd25519z~Format for Ed25519 keys. Public: bytes point Private: bytes point bytes secret_and_point cCst|\}}|f|fS)zEd25519 public fields)rD)rRr,rrrrrps z_SSHFormatEd25519.get_publiccCs(||\\}}tj|}||fS)z"Make Ed25519 public key from data.)rpr Ed25519PublicKeyZfrom_public_bytesrg)rRrrr,r6rr&rrrrts z_SSHFormatEd25519.load_publicc Csb||\\}}t|\}}|dd}|dd}||ksF|f|krNtdtj|}||fS)z#Make Ed25519 private key from data.Nr!z$Corrupt data: ed25519 field mismatch)rprDr%r Ed25519PrivateKeyZfrom_private_bytes) rRr,rvr6rZkeypairrZpoint2rurrrr|s    z_SSHFormatEd25519.load_privatecCs|tjtj}||dS)zWrite Ed25519 public keyN)rrRawrr_)rRr&r}raw_public_keyrrrr~s z_SSHFormatEd25519.encode_publiccCsR|}|tjtjt}|tjtj}t||g}| ||| |dS)zWrite Ed25519 private keyN) r&Z private_bytesrrrrrrrNr~r_)rRrurr&Zraw_private_keyrZ f_keypairrrrrs  z _SSHFormatEd25519.encode_privateNrrrrrrs   rsnistp256snistp384snistp521cCs6t|tst|}|tkr&t|Std|dS)z"Return valid format or throw errorzUnsupported key type: %rN)rZr[r\rg _KEY_FORMATSr)rrrrr_lookup_kformats   r)r,rrcCsRtd|t|}|dk r(td|t|}|s>td|d}|d}t t |||}| t sztdt |tt d}t|\}}t|\}}t|\}}t|\} }| dkrtdt|\} }t| \} } t| } | | \} } t| t|\}}t|||fttfkr|}|tkrHtd||tkr^td|t|d }t||t|\}}t|\}}t|t|||||}t ||}nd }t||t|\}}t|\}}||krtd t|\}}|| krtd | || |\}}t|\}}|tdt|krNtd |S)z.Load private key from OpenSSH custom encoding.r,NrzNot OpenSSH private key formatrzOnly one key supportedzUnsupported cipher: %rzUnsupported KDF: %rr@zCorrupt data: broken checksumzCorrupt data: key type mismatchzCorrupt data: invalid padding)r_check_bytesliker _check_bytes_PEM_RCsearchr%reendbinascii a2b_base64r\ startswith _SK_MAGICr0rDr?rrpr3_NONErgr4r_BCRYPTr1r:Z decryptorupdater|_PADDING)r,rr6mp1p2r5kdfnameZ kdfoptionsnkeysZpubdataZ pub_key_typekformatrvZedatablklenrZkbufrciphZck1Zck2rrrucommentrrrload_ssh_private_keysv                            r)rurcCs>|dk rtd||r,t|tkr,tdt|tjrFt| }n>t|t j rXt }n,t|t jrjt}nt|tjr|t}ntdt|}t}|rt}t|d}t}t}td} || ||td} t||| || } nt}}d}d} d} td } d }t}||| | |t| | g}|||!|||||"t#d||$|t}|"t%|||||||| |||||$}|$}t&t'||}|(|||}| dk r| )*|||||dt+|d|}t'||||<|S) z3Serialize private key with OpenSSH custom encoding.NrzNPasswords longer than 72 bytes are not supported by OpenSSH private key formatUnsupported key typerrr@rr;r)),rrr0 _MAX_PASSWORDr%rZrEllipticCurvePrivateKeyr'r&r RSAPrivateKey_SSH_RSAr DSAPrivateKey_SSH_DSAr r _SSH_ED25519rrN_DEFAULT_CIPHERr4r_DEFAULT_ROUNDSosurandomr_rYrr:rr~rrWrr^rr\r]rfZ encryptorZ update_intor/)rurrrrZ f_kdfoptionsr5rrrrr6rrZcheckvalrZ f_public_keyZ f_secretsZf_mainslenmlenrhZofstxtrrrserialize_ssh_private_key(sv                         r)r,rc Cst|}td|t|}|s*td|d}}|d}d}t|tt dkrrd}|dtt }t |}zt t |}Wn"t t jfk rtdYnXt|\}}||krtd|rt|\} }||||\} }|rxt|\} }t|\} }t|\} }t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|| S) z-Load public key from OpenSSH one-line format.r,zInvalid line formatrFNTzInvalid key format)rrr_SSH_PUBKEY_RCmatchr%group _CERT_SUFFIXr0rr\rr TypeErrorErrorrDrtrBr?r3)r,r6rrrZ orig_key_typeZkey_bodyZ with_certrZinner_key_typenoncer&serialZcctypeZkey_idZ principalsZ valid_afterZ valid_beforeZ crit_options extensionsreservedZsig_key signaturerrrload_ssh_public_keysH                r)r&rcCst|tjrt|}n>t|tjr(t}n,t|tjr:t }nt|t j rLt }nt dt|}t}|||||t|}d|d|gS)z&One-line public key format for OpenSSHrr) )rZrrr'r RSAPublicKeyrr DSAPublicKeyrr rrr%rrNr_r~r b2a_base64rgstripr*)r&rrrr}Zpubrrrserialize_ssh_public_keys       r)F)N)N)N)hrrrestructtypingbase64rr+Z cryptographyrZcryptography.exceptionsrZcryptography.hazmat.backendsrZ)cryptography.hazmat.primitives.asymmetricrrr r Z&cryptography.hazmat.primitives.ciphersr r r Z,cryptography.hazmat.primitives.serializationrrrrZbcryptrrZ_bcrypt_supported ImportErrorr[rGboolrrrZ_ECDSA_NISTP256Z_ECDSA_NISTP384Z_ECDSA_NISTP521rcompilerrZ _SK_STARTZ_SK_ENDrrrrrDOTALLrr\r]rangerZAESZCTRZCBCr4r$Structr=rAr'r/r1r3r:r?rBrDrJrMobjectrNrmrrrZ SECP256R1Z SECP384R1Z SECP521R1rrUnionrrrrZ_SSH_PRIVATE_KEY_TYPESOptionalrrrrrrZ_SSH_PUBLIC_KEY_TYPESrrrrrrs            0>>=:       N U+