3 L]c(@sdZddlmZddlmZddlmZmZddlm Z ddl m Z m Z ddl mZddlmZdd lmZdd lmZdd lmZGd d d eZGdddeZGdddeZdS)z ECDSA keys )InvalidSignature)default_backend)hashes serialization)ec)decode_dss_signatureencode_dss_signature) four_byte)Message)PKey) SSHException) deflate_longc@seZdZdZddZdS) _ECDSACurvez Represents a specific ECDSA Curve (nistp256, nistp384, etc). Handles the generation of the key format identifier and the selection of the proper hash function. Also grabs the proper curve from the 'ecdsa' package. cCsT||_|j|_d|j|_|jdkr.tj|_n|jdkrBtj|_ntj|_||_ dS)Nz ecdsa-sha2-i) nist_namekey_size key_lengthkey_format_identifierrSHA256 hash_objectSHA384SHA512 curve_class)selfrrr7/tmp/pip-install-wfra5znf/paramiko/paramiko/ecdsakey.py__init__0s     z_ECDSACurve.__init__N)__name__ __module__ __qualname____doc__rrrrrr'src@s8eZdZdZddZddZddZdd Zd d Zd S) _ECDSACurveSetz A collection to hold the ECDSA curves. Allows querying by oid and by key format identifier. The two ways in which ECDSAKey needs to be able to look up curves. cCs ||_dS)N) ecdsa_curves)rr"rrrrIsz_ECDSACurveSet.__init__cCsdd|jDS)NcSsg|] }|jqSr)r).0curverrr MszA_ECDSACurveSet.get_key_format_identifier_list..)r")rrrrget_key_format_identifier_listLsz-_ECDSACurveSet.get_key_format_identifier_listcCs"x|jD]}|j|kr|SqWdS)N)r"r)rrr$rrrget_by_curve_classOs  z!_ECDSACurveSet.get_by_curve_classcCs"x|jD]}|j|kr|SqWdS)N)r"r)rrr$rrrget_by_key_format_identifierTs  z+_ECDSACurveSet.get_by_key_format_identifiercCs"x|jD]}|j|kr|SqWdS)N)r"r)rrr$rrrget_by_key_lengthYs  z _ECDSACurveSet.get_by_key_lengthN) rrrr rr&r'r(r)rrrrr!Bs r!c@seZdZdZeeejdeejdeej dgZ d+ddZ e d d Z d d Zd dZddZddZddZddZddZddZd,ddZd-ddZe ejddfdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*ZdS).ECDSAKeyz\ Representation of an ECDSA key which can be used to sign and verify SSH2 data. Znistp256Znistp384Znistp521NTc CsTd|_d|_d|_|dk r*|j||dS|dk rB|j||dS|dkrZ|dk rZt|}|dk r|\|_|_|jjj}|jj ||_ n|j } d} | j | r| dt |  } |jj| |_ |jj} dd| D} |j|| | d|j } | |j jkr tdj| |j}ytjj|j j|}||_Wntk rNtdYnXdS)Nz-cert-v01@openssh.comcSsg|]}dj|qS)z{}-cert-v01@openssh.com)format)r#xrrrr%sz%ECDSAKey.__init__..)msgkey_typeZ cert_typezCan't handle curve of type {}zInvalid public key) verifying_key signing_keyZ public_blob_from_private_key_from_private_key_filer r$ __class__ _ECDSA_CURVESr' ecdsa_curveget_textendswithlenr(r&Z_check_type_and_load_certrr r+ get_binaryrZEllipticCurvePublicKeyZfrom_encoded_pointr ValueError)rr-datafilenamepasswordvalsfile_objZvalidate_pointZc_classr.suffixZ key_typesZ cert_typesZ curvenameZ pointinfokeyrrrrmsH          zECDSAKey.__init__cCs |jjS)N)r4r&)clsrrr supported_key_format_identifierssz)ECDSAKey.supported_key_format_identifierscCs|j}t}|j|jj|j|jj|j}|jjdd}t |j dd}d|t ||}t |j dd}d|t ||}t ||}|j||jS)NF)Zadd_sign_padding)r/r add_stringr5rrpublic_numbersr$rr r,r8yr asbytes)rrAmZnumbersZkey_size_bytesZx_bytesZy_bytesZ point_strrrrrJs  zECDSAKey.asbytescCs|jS)N)rJ)rrrr__str__szECDSAKey.__str__cCs"t|j|jjj|jjjfS)N)hashget_namer/rHr,rI)rrrr__hash__s zECDSAKey.__hash__cCs|jjS)N)r5r)rrrrrNszECDSAKey.get_namecCs|jjS)N)r5r)rrrrget_bitsszECDSAKey.get_bitscCs |jdk S)N)r0)rrrrcan_signszECDSAKey.can_signcCsTtj|jj}|jj||}t|\}}t}|j|jj |j|j |||S)N) rECDSAr5rr0signrr rGr _sigencode)rr;ZecdsasigrsrKrrr sign_ssh_datas zECDSAKey.sign_ssh_datac Csr|j|jjkrdS|j}|j|\}}t||}y |jj||tj |jj Wnt k rhdSXdSdS)NFT) r6r5rr9 _sigdecoderr/verifyrrRrr)rr;r-rUZsigRZsigS signaturerrrverify_ssh_sigs zECDSAKey.verify_ssh_sigcCs|j||jtjj|ddS)N)r=)Z_write_private_key_filer0r PrivateFormatTraditionalOpenSSL)rr<r=rrrwrite_private_key_files zECDSAKey.write_private_key_filecCs|j||jtjj|ddS)N)r=)Z_write_private_keyr0rr]r^)rr?r=rrrwrite_private_keys zECDSAKey.write_private_keycCsT|dk r2|jj|}|dkr*tdj||j}tj|td}t||j fdS)a Generate a new private ECDSA key. This factory function can be used to generate a new host key or authentication key. :param progress_func: Not used for this type of key. :returns: A new private key (`.ECDSAKey`) object NzUnsupported key length: {:d})backend)r>) r4r)r:r+rrZgenerate_private_keyrr* public_key)rBr$Z progress_funcbitsZ private_keyrrrgenerates  zECDSAKey.generatecCs|jd||}|j|dS)NEC)Z_read_private_key_file _decode_key)rr<r=r;rrrr2szECDSAKey._from_private_key_filecCs|jd||}|j|dS)Nre)Z_read_private_keyrf)rr?r=r;rrrr1szECDSAKey._from_private_keycCstytj|dtd}Wn2ttfk rH}ztt|WYdd}~XnX||_|j|_ |j j }|j j ||_dS)N)r=ra)rZload_der_private_keyrr:AssertionErrorr strr0rbr/r$r3r4r'r5)rr;rAerrrrrfs zECDSAKey._decode_keycCs"t}|j||j||jS)N)r Z add_mpintrJ)rrVrWr-rrrrT*s  zECDSAKey._sigencodecCs t|}|j}|j}||fS)N)r Z get_mpint)rrUr-rVrWrrrrY0szECDSAKey._sigdecode)NNNNNNT)N)N)rrrr r!rrZ SECP256R1Z SECP384R1Z SECP521R1r4r classmethodrCrJrLrOrNrPrQrXr\r_r`rdr2r1rfrTrYrrrrr*_s<   5      r*N)r Zcryptography.exceptionsrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrZ/cryptography.hazmat.primitives.asymmetric.utilsrrZparamiko.commonr Zparamiko.messager Z paramiko.pkeyr Zparamiko.ssh_exceptionr Z paramiko.utilr objectrr!r*rrrrs