a b,@sdZddlmZmZddlmZddlmZmZddl m Z ddl m Z m Z ddlmZddlmZdd lmZdd lmZdd lmZGd d d eZGdddeZGdddeZdS)z ECDSA keys )InvalidSignatureUnsupportedAlgorithm)default_backend)hashes serialization)ec)decode_dss_signatureencode_dss_signature) four_byte)Message)PKey) SSHException) deflate_longc@seZdZdZddZdS) _ECDSACurvez Represents a specific ECDSA Curve (nistp256, nistp384, etc). Handles the generation of the key format identifier and the selection of the proper hash function. Also grabs the proper curve from the 'ecdsa' package. cCsT||_|j|_d|j|_|jdkr.tj|_n|jdkrBtj|_ntj|_||_ dS)N ecdsa-sha2-i) nist_namekey_size key_lengthkey_format_identifierrSHA256 hash_objectSHA384SHA512 curve_class)selfrrr8/tmp/pip-target-98j97qn4/lib/python/paramiko/ecdsakey.py__init__0s     z_ECDSACurve.__init__N)__name__ __module__ __qualname____doc__rrrrrr'src@s8eZdZdZddZddZddZdd Zd d Zd S) _ECDSACurveSetz A collection to hold the ECDSA curves. Allows querying by oid and by key format identifier. The two ways in which ECDSAKey needs to be able to look up curves. cCs ||_dSN ecdsa_curves)rr&rrrrIsz_ECDSACurveSet.__init__cCsdd|jDS)NcSsg|] }|jqSr)r).0curverrr MzA_ECDSACurveSet.get_key_format_identifier_list..r%rrrrget_key_format_identifier_listLsz-_ECDSACurveSet.get_key_format_identifier_listcCs"|jD]}|j|kr|SqdSr$)r&r)rrr(rrrget_by_curve_classOs  z!_ECDSACurveSet.get_by_curve_classcCs"|jD]}|j|kr|SqdSr$)r&r)rrr(rrrget_by_key_format_identifierTs  z+_ECDSACurveSet.get_by_key_format_identifiercCs"|jD]}|j|kr|SqdSr$)r&r)rrr(rrrget_by_key_lengthYs  z _ECDSACurveSet.get_by_key_lengthN) rr r!r"rr,r-r.r/rrrrr#Bs r#c@seZdZdZeeejdeejdeej dgZ d+ddZ e d d Z d d Zd dZeddZddZddZddZd,ddZddZd-ddZd.ddZe eddfdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*ZdS)/ECDSAKeyz\ Representation of an ECDSA key which can be used to sign and verify SSH2 data. Znistp256Znistp384Znistp521NTcCsRd|_d|_d|_|dur*|||dS|durB|||dS|durZ|durZt|}|dur|\|_|_|jjj}|j ||_ n| } d} | | r| dt |  } |j| |_ |j} dd| D} |j|| | d| } | |j jkr td| |}ztj|j |}||_WntyLtdYn0dS)Nz-cert-v01@openssh.comcSsg|]}d|qS)z{}-cert-v01@openssh.com)format)r'xrrrr)sz%ECDSAKey.__init__..)msgkey_typeZ cert_typezCan't handle curve of type {}zInvalid public key) verifying_key signing_keyZ public_blob_from_private_key_from_private_key_filer r( __class__ _ECDSA_CURVESr- ecdsa_curveget_textendswithlenr.r,Z_check_type_and_load_certrr r1 get_binaryrZEllipticCurvePublicKeyZfrom_encoded_pointr ValueError)rr3datafilenamepasswordvalsfile_objZvalidate_pointZc_classr4suffixZ key_typesZ cert_typesZ curvenameZ pointinfokeyrrrrmsT         zECDSAKey.__init__cCs |jSr$)r:r,)clsrrr supported_key_format_identifierssz)ECDSAKey.supported_key_format_identifierscCs|j}t}||jj||jj|}|jjdd}t |j dd}d|t ||}t |j dd}d|t ||}t ||}|||S)NF)Zadd_sign_padding)r5r add_stringr;rrpublic_numbersr(rrr2r>yr asbytes)rrGmnumbersZkey_size_bytesZx_bytesZy_bytesZ point_strrrrrPs  zECDSAKey.asbytescCs|Sr$)rPr+rrr__str__szECDSAKey.__str__cCs||jj|jjfSr$)get_namer5rNr2rOr+rrr_fieldss  zECDSAKey._fieldscCs|jjSr$)r;rr+rrrrTszECDSAKey.get_namecCs|jjSr$)r;rr+rrrget_bitsszECDSAKey.get_bitscCs |jduSr$)r6r+rrrcan_signszECDSAKey.can_signcCsTt|j}|j||}t|\}}t}||jj || |||Sr$) rECDSAr;rr6signrr rMr _sigencode)rrA algorithmZecdsasigrsrQrrr sign_ssh_datas zECDSAKey.sign_ssh_datacCsr||jjkrdS|}||\}}t||}z |j||t |j Wnt yhYdS0dSdS)NFT) r<r;rr? _sigdecoder r5verifyrrXrr)rrAr3r\ZsigRZsigS signaturerrrverify_ssh_sigs  zECDSAKey.verify_ssh_sigcCs|j||jtjj|ddSN)rC)Z_write_private_key_filer6r PrivateFormatTraditionalOpenSSL)rrBrCrrrwrite_private_key_files zECDSAKey.write_private_key_filecCs|j||jtjj|ddSrd)Z_write_private_keyr6rrerf)rrErCrrrwrite_private_keys zECDSAKey.write_private_keycCsT|dur2|j|}|dur*td||}tj|td}t|| fdS)a Generate a new private ECDSA key. This factory function can be used to generate a new host key or authentication key. :param progress_func: Not used for this type of key. :returns: A new private key (`.ECDSAKey`) object NzUnsupported key length: {:d})backend)rD) r:r/r@r1rrZgenerate_private_keyrr0 public_key)rHr(Z progress_funcbitsZ private_keyrrrgenerates  zECDSAKey.generatecCs|d||}||dSNZEC)Z_read_private_key_file _decode_key)rrBrCrArrrr8szECDSAKey._from_private_key_filecCs|d||}||dSrm)Z_read_private_keyrn)rrErCrArrrr7szECDSAKey._from_private_keyc Cs.|\}}||jkrdztj|dtd}Wn8ttttfy`}ztt |WYd}~n d}~00n||j krzXt |}| }| }|}d|} |j| } | stdt|| t}Wn0ty}ztt |WYd}~n d}~00n ||||_||_|jj} |j| |_dS)N)rCrirzInvalid key curve identifier)Z_PRIVATE_KEY_FORMAT_ORIGINALrZload_der_private_keyrr@AssertionError TypeErrorrr strZ_PRIVATE_KEY_FORMAT_OPENSSHr r<r? get_mpintr:r.rZderive_private_keyr ExceptionZ_got_bad_key_format_idr6rjr5r(r9r-r;) rrAZpkformatrGer3Z curve_nameZverkeyZsigkeynamer(rrrrrnsB   $   $  zECDSAKey._decode_keycCs"t}|||||Sr$)r Z add_mpintrP)rr]r^r3rrrrZCs  zECDSAKey._sigencodecCs t|}|}|}||fSr$)r rr)rr\r3r]r^rrrr`IszECDSAKey._sigdecode)NNNNNNT)N)N)N)rr r!r"r#rrZ SECP256R1Z SECP384R1Z SECP521R1r:r classmethodrIrPrSpropertyrUrTrVrWr_rcrgrhrlr8r7rnrZr`rrrrr0_sF     =     'r0N)r"Zcryptography.exceptionsrrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrZ/cryptography.hazmat.primitives.asymmetric.utilsrr Zparamiko.commonr Zparamiko.messager Z paramiko.pkeyr Zparamiko.ssh_exceptionr Z paramiko.utilrobjectrr#r0rrrrs