a bs]@sUddlZddlZddlZddlZddlmZddlmZddl m Z ddl m Z m Z mZmZddlmZmZmZddlmZmZmZmZzddlmZd ZWn0eyd Zd[eeeee ed d d ZYn0dZ!dZ"dZ#dZ$dZ%dZ&dZ'e(dZ)dZ*dZ+dZ,dZ-dZ.dZ/dZ0dZ1e(e+de,ej2Z3e4e5e6dd Z7ej8d!ej9dfej8d!ej:dfd"Z;ejej8eej?ej>ej9ej>ej:feffe@d#<e$e%e&d$ZAe jBed%d&d'ZCe+d(e,d(feeeed)d*d+ZDeedd,d-d.ZEedd/d0d1ZFeejGeeeeej?ej:ej9fd2d3d4ZHe4ej=ee4fd/d5d6ZIe4ej=ee4fd/d7d8ZJe4ej=e4e4fd/d9d:ZKe4ej=ee4fd/d;d<ZLeed=d>d?ZMGd@dAdAZNGdBdCdCZOGdDdEdEZPGdFdGdGZQGdHdIdIZRe"eOe#ePe!eRe$eQdJe Se%eQdKe Te&eQdLe UiZVedMdNdOZWej?e jXejYe jZej[fZ\d\eejGeej]e\dPdQdRZ^d]e\ejGeedSdTdUZ_ej?e jBej`e jaejbfZcd^eej]ecdVdWdXZdeced%dYdZZedS)_N) encodebytes)utilsUnsupportedAlgorithm)dsaeced25519rsa)Cipher algorithmsmodes)Encoding NoEncryption PrivateFormat PublicFormat)kdfTF)passwordsaltdesired_key_bytesroundsignore_few_roundsreturncCs tddS)NzNeed bcrypt moduler)rrrrrrW/tmp/pip-target-98j97qn4/lib/python/cryptography/hazmat/primitives/serialization/ssh.py _bcrypt_kdfsrs ssh-ed25519sssh-rsasssh-dsssecdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521s-cert-v01@openssh.coms\A(\S+)[ \t]+(\S+)sopenssh-key-v1s#-----BEGIN OPENSSH PRIVATE KEY-----s!-----END OPENSSH PRIVATE KEY-----sbcryptsnone aes256-ctrHs(.*?) )rs aes256-cbc _SSH_CIPHERS)Z secp256r1Z secp384r1Z secp521r1) public_keyrcCs*|j}|jtvr td|jt|jS)z3Return SSH key_type and curve_name for private key.z'Unsupported curve for ssh private key: )curvename_ECDSA_KEY_TYPE ValueError)r"r#rrr_ecdsa_key_typeVs   r' )dataprefixsuffixrcCsd|t||gS)N)join_base64_encode)r)r*r+rrr_ssh_pem_encode`sr/)r) block_lenrcCs |rt||dkrtddS)zRequire data to be full blocksrzCorrupt data: missing paddingN)lenr&)r)r0rrr_check_block_sizehsr2r)rcCs|r tddS)z!All data should have been parsed.zCorrupt data: unparsed dataN)r&r)rrr _check_emptynsr5) ciphernamerrrrc CsR|s tdt|\}}}}t|||||d}t||d||||dS)z$Generate key + iv and return cipher.zKey is password-protected.TN)r&r!rr ) r6rrralgoZkey_lenmodeZiv_lenseedrrr _init_cipherts r:cCs6t|dkrtdtj|dddd|ddfS)ZUint32 Invalid dataNbig byteorderr1r&int from_bytesr4rrr_get_u32s rCcCs6t|dkrtdtj|dddd|ddfS)ZUint64r<Nr=r>r@r4rrr_get_u64s rEcCs8t|\}}|t|kr td|d|||dfS)zBytes with u32 length prefixr<N)rCr1r&)r)nrrr _get_sshstrs  rGcCs4t|\}}|r$|ddkr$tdt|d|fS)z Big integer.rr<r=)rGr&rArB)r)valrrr _get_mpints rJrIrcCs4|dkrtd|sdS|dd}t||S)z!Storage format for signed bigint.rznegative mpint not allowedr,rD)r& bit_lengthrZ int_to_bytes)rInbytesrrr _to_mpints rNc@seZdZUdZejeed<dejeddddZedddd Z e ddd d Z ej edfddd d Z e ddddZe dddZdee e dddZedddZdS) _FragListz,Build recursive structure without data copy.flistN)initrcCsg|_|r|j|dSN)rPextend)selfrQrrr__init__sz_FragList.__init__rKcCs|j|dS)zAdd plain bytesN)rPappendrTrIrrrput_rawsz_FragList.put_rawcCs|j|jddddS)zBig-endian uint32r;r=)lengthr?N)rPrVto_bytesrWrrrput_u32sz_FragList.put_u32cCsLt|tttfr,|t||j|n|||j |jdS)zBytes prefixed with u32 lengthN) isinstancebytes memoryview bytearrayr[r1rPrVsizerSrWrrr put_sshstrs z_FragList.put_sshstrcCs|t|dS)z*Big-endian bigint prefixed with u32 lengthN)rarNrWrrr put_mpintsz_FragList.put_mpint)rcCsttt|jS)zCurrent number of bytes)summapr1rP)rTrrrr`sz_FragList.sizer)dstbufposrcCs2|jD]&}t|}|||}}||||<q|S)zWrite into bytearray)rPr1)rTrerffragZflenstartrrrrenders  z_FragList.rendercCs"tt|}|||S)zReturn as bytes)r^r_r`ritobytes)rTbufrrrrjs z_FragList.tobytes)N)r)__name__ __module__ __qualname____doc__typingListr]__annotations__rUrXrAr[Unionrarbr`r^rirjrrrrrOs  rOc@s~eZdZdZedddZeejej efdddZ eejej efddd Z ej e d d d d Zej e d dddZd S) _SSHFormatRSAzhFormat for RSA keys. Public: mpint e, n Private: mpint n, e, d, iqmp, p, q r4cCs$t|\}}t|\}}||f|fS)zRSA public fieldsrJ)rTr)erFrrr get_publics  z_SSHFormatRSA.get_publicr3cCs.||\\}}}t||}|}||fS)zMake RSA public key from data.)rwr RSAPublicNumbersr")rTr)rvrFpublic_numbersr"rrr load_publics z_SSHFormatRSA.load_publicc Cst|\}}t|\}}t|\}}t|\}}t|\}}t|\}}||f|kr\tdt||} t||} t||} t|||| | || } | } | |fS)zMake RSA private key from data.z Corrupt data: rsa field mismatch)rJr&r Z rsa_crt_dmp1Z rsa_crt_dmq1rxZRSAPrivateNumbers private_key)rTr) pubfieldsrFrvdiqmppqZdmp1Zdmq1ryprivate_numbersr{rrr load_privates           z_SSHFormatRSA.load_privateNr"f_pubrcCs$|}||j||jdS)zWrite RSA public keyN)ryrbrvrF)rTr"rZpubnrrr encode_public s z_SSHFormatRSA.encode_publicr{f_privrcCsZ|}|j}||j||j||j||j||j||jdS)zWrite RSA private keyN) rryrbrFrvr}r~rr)rTr{rrryrrrencode_privates     z_SSHFormatRSA.encode_private)rlrmrnror^rwrpTupler RSAPublicKeyrz RSAPrivateKeyrrOrrrrrrrts   rtc@seZdZdZeejejefdddZeejej efdddZ eejej efdddZ ej e d d d d Zej e d d ddZejd dddZd S) _SSHFormatDSAzhFormat for DSA keys. Public: mpint p, q, g, y Private: mpint p, q, g, y, x r3cCs@t|\}}t|\}}t|\}}t|\}}||||f|fS)zDSA public fieldsru)rTr)rrgyrrrrw,s     z_SSHFormatDSA.get_publicc CsJ||\\}}}}}t|||}t||}|||}||fS)zMake DSA public key from data.)rwrDSAParameterNumbersDSAPublicNumbers _validater") rTr)rrrrparameter_numbersryr"rrrrz6s   z_SSHFormatDSA.load_publicc Csz||\\}}}}}t|\}}||||f|kr:tdt|||}t||} || t|| } | } | |fS)zMake DSA private key from data.z Corrupt data: dsa field mismatch) rwrJr&rrrrZDSAPrivateNumbersr{) rTr)r|rrrrxrryrr{rrrrAs    z_SSHFormatDSA.load_privateNrcCsL|}|j}||||j||j||j||jdS)zWrite DSA public keyN)ryrrrbrrrr)rTr"rryrrrrrQs    z_SSHFormatDSA.encode_publicrcCs$|||||jdS)zWrite DSA private keyN)rr"rbrr)rTr{rrrrr^sz_SSHFormatDSA.encode_private)ryrcCs |j}|jdkrtddS)Niz#SSH supports only 1024 bit DSA keys)rrrLr&)rTryrrrrresz_SSHFormatDSA._validate)rlrmrnror^rprrwr DSAPublicKeyrz DSAPrivateKeyrrOrrrrrrrrr#s"      rc@seZdZdZeejdddZee j e j efdddZ ee j ej efddd Z ee j ejefdd d Zej ed d ddZejed dddZd S)_SSHFormatECDSAzFormat for ECDSA keys. Public: str curve bytes point Private: str curve bytes point mpint secret ssh_curve_namer#cCs||_||_dSrRr)rTrr#rrrrUwsz_SSHFormatECDSA.__init__r3cCsJt|\}}t|\}}||jkr*td|ddkr>td||f|fS)zECDSA public fieldszCurve name mismatchrr;zNeed uncompressed point)rGrr&NotImplementedError)rTr)r#pointrrrrw{s    z_SSHFormatECDSA.get_publiccCs.||\\}}}tj|j|}||fS)z Make ECDSA public key from data.)rwrEllipticCurvePublicKeyZfrom_encoded_pointr#rj)rTr) curve_namerr"rrrrzs  z_SSHFormatECDSA.load_publiccCsH||\\}}}t|\}}||f|kr2tdt||j}||fS)z!Make ECDSA private key from data.z"Corrupt data: ecdsa field mismatch)rwrJr&rZderive_private_keyr#)rTr)r|rrsecretr{rrrrs   z_SSHFormatECDSA.load_privateNrcCs*|tjtj}||j||dS)zWrite ECDSA public keyN) public_bytesr ZX962rZUncompressedPointrar)rTr"rrrrrrs  z_SSHFormatECDSA.encode_publicrcCs,|}|}|||||jdS)zWrite ECDSA private keyN)r"rrrbZ private_value)rTr{rr"rrrrrs z_SSHFormatECDSA.encode_private)rlrmrnror]rZ EllipticCurverUr^rprrwrrzEllipticCurvePrivateKeyrrOrrrrrrrks"     rc@seZdZdZeejejefdddZeejej efdddZ eejej efdddZ ej e d d d d Zej e d d ddZd S)_SSHFormatEd25519z~Format for Ed25519 keys. Public: bytes point Private: bytes point bytes secret_and_point r3cCst|\}}|f|fS)zEd25519 public fields)rG)rTr)rrrrrws z_SSHFormatEd25519.get_publiccCs(||\\}}tj|}||fS)z"Make Ed25519 public key from data.)rwrEd25519PublicKeyZfrom_public_bytesrj)rTr)rr"rrrrzs z_SSHFormatEd25519.load_publiccCsb||\\}}t|\}}|dd}|dd}||ksF|f|krNtdtj|}||fS)z#Make Ed25519 private key from data.Nr z$Corrupt data: ed25519 field mismatch)rwrGr&rEd25519PrivateKeyZfrom_private_bytes)rTr)r|rZkeypairrZpoint2r{rrrrs    z_SSHFormatEd25519.load_privateNrcCs|tjtj}||dS)zWrite Ed25519 public keyN)rr Rawrra)rTr"rraw_public_keyrrrrsz_SSHFormatEd25519.encode_publicrcCsR|}|tjtjt}|tjtj}t||g}| ||| |dS)zWrite Ed25519 private keyN) r"Z private_bytesr rrrrrrOrra)rTr{rr"Zraw_private_keyrZ f_keypairrrrrs   z _SSHFormatEd25519.encode_private)rlrmrnror^rprrwrrrzrrrOrrrrrrrs      rsnistp256snistp384snistp521key_typecCs8t|tst|}|tvr&t|Std|dS)z"Return valid format or throw errorzUnsupported key type: N)r\r]r^rj _KEY_FORMATSrrrrr_lookup_kformats   r)r)rbackendrcCsJtd||dur td|t|}|s6td|d}|d}t t |||}| t srtdt |t t d}t|\}}t|\}}t|\}}t|\} }| dkrtdt|\} }t| \} } t| } | | \} } t| t|\}}t|||fttfkr|}|tvrBtd||tkrZtd|t|d }t||t|\}}t|\}}t|t||||}t ||}nd }t||t|\}}t|\}}||krtd t|\}}|| kr td | || \}}t|\}}|tdt |krFtd |S)z.Load private key from OpenSSH custom encoding.r)NrzNot OpenSSH private key formatrzOnly one key supportedzUnsupported cipher: zUnsupported KDF: rDzCorrupt data: broken checksumzCorrupt data: key type mismatchzCorrupt data: invalid padding)r_check_byteslike _check_bytes_PEM_RCsearchr&rhendbinascii a2b_base64r^ startswith _SK_MAGICr1rGrCrrwr5_NONErjr!r_BCRYPTr2r:Z decryptorupdater_PADDING)r)rrmp1p2r6kdfnameZ kdfoptionsnkeysZpubdataZ pub_key_typekformatr|ZedataZciphername_bytesblklenrZkbufrciphZck1Zck2rr{commentrrrload_ssh_private_keysl                          r)r{rrcCs4|durtd||r,t|tkr,tdt|tjrFt| }n>t|t j rXt }n,t|t jrjt}nt|tjr|t}ntdt|}t}|rt}t|d}t}t}td} || ||t||| |} nt}}d}d} d} td } d } t}|||| |t| | g}||| |||| |!t"d||#|t}|!t$|||||||| |||||#}|#}t%t&||}|'|||}| dur| ()|||||dt*|d|}t&||||<|S) z3Serialize private key with OpenSSH custom encoding.NrzNPasswords longer than 72 bytes are not supported by OpenSSH private key formatUnsupported key typerrrDrr;r,)+rrr1 _MAX_PASSWORDr&r\rrr'r"r r_SSH_RSArr_SSH_DSArr _SSH_ED25519rrO_DEFAULT_CIPHERr!r_DEFAULT_ROUNDSosurandomrar[r:rrrrXrr`rr^r_riZ encryptorZ update_intor/)r{rrrZ f_kdfoptionsr6rrrrrrZcheckvalrZ f_public_keyZ f_secretsZf_mainslenmlenrkZofstxtrrrserialize_ssh_private_key]st                         r)r)rrc Csvtd|t|}|s"td|d}}|d}d}t|tt dkrjd}|dtt }t|}zt t |}Wn t t j fytdYn0t|\} }| |krtd|rt|\} }||\} }|rjt|\} }t|\} }t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|| S) z-Load public key from OpenSSH one-line format.r)zInvalid line formatrFNTzInvalid key format)rr_SSH_PUBKEY_RCmatchr&group _CERT_SUFFIXr1rr^rr TypeErrorErrorrGrzrErCr5)r)rrrZ orig_key_typeZkey_bodyZ with_certrrestZinner_key_typenoncer"serialZcctypeZkey_idZ principalsZ valid_afterZ valid_beforeZ crit_options extensionsreservedZsig_key signaturerrrload_ssh_public_keysF                rcCst|tjrt|}n>t|tjr(t}n,t|tjr:t }nt|t j rLt }nt dt|}t}|||||t|}d|d|gS)z&One-line public key format for OpenSSHrr, )r\rrr'r rrrrrrrrr&rrOrarr b2a_base64rjstripr-)r"rrrZpubrrrserialize_ssh_public_keys       r)F)N)N)N)frrrerpbase64rr.Z cryptographyrZcryptography.exceptionsrZ)cryptography.hazmat.primitives.asymmetricrrrr Z&cryptography.hazmat.primitives.ciphersr r r Z,cryptography.hazmat.primitives.serializationr rrrZbcryptrrZ_bcrypt_supported ImportErrorr]rAboolrrrZ_ECDSA_NISTP256Z_ECDSA_NISTP384Z_ECDSA_NISTP521rcompilerrZ _SK_STARTZ_SK_ENDrrrrrDOTALLrr^r_rangerZAESZCTRZCBCr!DictrTypersrrr%rr'r/r2r5Optionalr:rCrErGrJrNrOrtrrrZ SECP256R1Z SECP384R1Z SECP521R1rrrrrrZ_SSH_PRIVATE_KEY_TYPESAnyrrrrrZ_SSH_PUBLIC_KEY_TYPESrrrrrrs              2FHGD    O Q  ,