U q`_,@sdZddlmZddlmZddlmZmZddlm Z ddl m Z m Z ddl mZddlmZdd lmZdd lmZdd lmZGd d d eZGdddeZGdddeZdS)z ECDSA keys )InvalidSignature)default_backend)hashes serialization)ec)decode_dss_signatureencode_dss_signature) four_byte)Message)PKey) SSHException) deflate_longc@seZdZdZddZdS) _ECDSACurvez Represents a specific ECDSA Curve (nistp256, nistp384, etc). Handles the generation of the key format identifier and the selection of the proper hash function. Also grabs the proper curve from the 'ecdsa' package. cCsT||_|j|_d|j|_|jdkr.tj|_n|jdkrBtj|_ntj|_||_ dS)N ecdsa-sha2-i) nist_namekey_size key_lengthkey_format_identifierrSHA256 hash_objectSHA384SHA512 curve_class)selfrrr8/tmp/pip-target-nv4zd3e_/lib/python/paramiko/ecdsakey.py__init__0s     z_ECDSACurve.__init__N)__name__ __module__ __qualname____doc__rrrrrr'src@s8eZdZdZddZddZddZdd Zd d Zd S) _ECDSACurveSetz A collection to hold the ECDSA curves. Allows querying by oid and by key format identifier. The two ways in which ECDSAKey needs to be able to look up curves. cCs ||_dSN ecdsa_curves)rr%rrrrIsz_ECDSACurveSet.__init__cCsdd|jDS)NcSsg|] }|jqSr)r).0curverrr MszA_ECDSACurveSet.get_key_format_identifier_list..r$rrrrget_key_format_identifier_listLsz-_ECDSACurveSet.get_key_format_identifier_listcCs"|jD]}|j|kr|SqdSr#)r%r)rrr'rrrget_by_curve_classOs  z!_ECDSACurveSet.get_by_curve_classcCs"|jD]}|j|kr|SqdSr#)r%r)rrr'rrrget_by_key_format_identifierTs  z+_ECDSACurveSet.get_by_key_format_identifiercCs"|jD]}|j|kr|SqdSr#)r%r)rrr'rrrget_by_key_lengthYs  z _ECDSACurveSet.get_by_key_lengthN) rrr r!rr*r+r,r-rrrrr"Bs r"c@seZdZdZeeejdeejdeej dgZ d+ddZ e d d Z d d Zd dZddZddZddZddZddZddZd,ddZd-ddZe eddfdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*ZdS).ECDSAKeyz\ Representation of an ECDSA key which can be used to sign and verify SSH2 data. Znistp256Znistp384Znistp521NTcCsTd|_d|_d|_|dk r*|||dS|dk rB|||dS|dkrZ|dk rZt|}|dk r|\|_|_|jjj}|j ||_ n| } d} | | r| dt |  } |j| |_ |j} dd| D} |j|| | d| } | |j jkr td| |}ztj|j |}||_Wntk rNtdYnXdS)Nz-cert-v01@openssh.comcSsg|]}d|qS)z{}-cert-v01@openssh.com)format)r&xrrrr(sz%ECDSAKey.__init__..)msgkey_typeZ cert_typezCan't handle curve of type {}zInvalid public key) verifying_key signing_keyZ public_blob_from_private_key_from_private_key_filer r' __class__ _ECDSA_CURVESr+ ecdsa_curveget_textendswithlenr,r*Z_check_type_and_load_certrr r/ get_binaryrZEllipticCurvePublicKeyZfrom_encoded_pointr ValueError)rr1datafilenamepasswordvalsfile_objZvalidate_pointZc_classr2suffixZ key_typesZ cert_typesZ curvenameZ pointinfokeyrrrrmsZ        zECDSAKey.__init__cCs |jSr#)r8r*)clsrrr supported_key_format_identifierssz)ECDSAKey.supported_key_format_identifierscCs|j}t}||jj||jj|}|jjdd}t |j dd}d|t ||}t |j dd}d|t ||}t ||}|||S)NF)Zadd_sign_padding)r3r add_stringr9rrpublic_numbersr'rr r0r<yr asbytes)rrEmZnumbersZkey_size_bytesZx_bytesZy_bytesZ point_strrrrrNs  zECDSAKey.asbytescCs|Sr#)rNr)rrr__str__szECDSAKey.__str__cCs"t||jj|jjfSr#)hashget_namer3rLr0rMr)rrr__hash__s   zECDSAKey.__hash__cCs|jjSr#)r9rr)rrrrRszECDSAKey.get_namecCs|jjSr#)r9rr)rrrget_bitsszECDSAKey.get_bitscCs |jdk Sr#)r4r)rrrcan_signszECDSAKey.can_signcCsTt|j}|j||}t|\}}t}||jj || |||Sr#) rECDSAr9rr4signrr rKr _sigencode)rr?ZecdsasigrsrOrrr sign_ssh_datas zECDSAKey.sign_ssh_datacCst||jjkrdS|}||\}}t||}z |j||t |j Wnt k rjYdSXdSdS)NFT) r:r9rr= _sigdecoderr3verifyrrVrr)rr?r1rYZsigRZsigS signaturerrrverify_ssh_sigs zECDSAKey.verify_ssh_sigcCs|j||jtjj|ddSN)rA)Z_write_private_key_filer4r PrivateFormatTraditionalOpenSSL)rr@rArrrwrite_private_key_files zECDSAKey.write_private_key_filecCs|j||jtjj|ddSra)Z_write_private_keyr4rrbrc)rrCrArrrwrite_private_keys zECDSAKey.write_private_keycCsT|dk r2|j|}|dkr*td||}tj|td}t|| fdS)a Generate a new private ECDSA key. This factory function can be used to generate a new host key or authentication key. :param progress_func: Not used for this type of key. :returns: A new private key (`.ECDSAKey`) object NzUnsupported key length: {:d})backend)rB) r8r-r>r/rrZgenerate_private_keyrr. public_key)rFr'Z progress_funcbitsZ private_keyrrrgenerates  zECDSAKey.generatecCs|d||}||dSNZEC)Z_read_private_key_file _decode_key)rr@rAr?rrrr6szECDSAKey._from_private_key_filecCs|d||}||dSrj)Z_read_private_keyrk)rrCrAr?rrrr5szECDSAKey._from_private_keyc Cs&|\}}||jkr^ztj|dtd}Wqttfk rZ}ztt|W5d}~XYqXn||jkrzXt |}| }| }| }d|} |j | } | stdt|| t}Wqtk r}ztt|W5d}~XYqXn ||||_||_|jj} |j | |_dS)N)rArfrzInvalid key curve identifier)Z_PRIVATE_KEY_FORMAT_ORIGINALrZload_der_private_keyrr>AssertionErrorr strZ_PRIVATE_KEY_FORMAT_OPENSSHr r:r= get_mpintr8r,rZderive_private_keyr ExceptionZ_got_bad_key_format_idr4rgr3r'r7r+r9) rr?ZpkformatrEer1Z curve_nameZverkeyZsigkeynamer'rrrrrks@        zECDSAKey._decode_keycCs"t}|||||Sr#)r Z add_mpintrN)rrZr[r1rrrrX?s  zECDSAKey._sigencodecCs t|}|}|}||fSr#)r rn)rrYr1rZr[rrrr]EszECDSAKey._sigdecode)NNNNNNT)N)N)rrr r!r"rrZ SECP256R1Z SECP384R1Z SECP521R1r8r classmethodrGrNrPrSrRrTrUr\r`rdrerir6r5rkrXr]rrrrr._sD     =     "r.N)r!Zcryptography.exceptionsrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrZ/cryptography.hazmat.primitives.asymmetric.utilsrrZparamiko.commonr Zparamiko.messager Z paramiko.pkeyr Zparamiko.ssh_exceptionr Z paramiko.utilr objectrr"r.rrrrs