o >h@s(dZddlmZddlZddlZddlZddlZddlmZm Z m Z ddl m Z m Z ddlmZddlZddlmZmZddlmZdd lmZdd lmZdd lmZmZdd lmZmZm Z m!Z!m"Z"dd l#m$Z$m%Z%m&Z&ddl'm(Z(m)Z)ddl*m+Z+ddl,m-Z-m.Z.ddl/m0Z0ddl1m2Z2ddl3m4Z4m5Z5ddl6m7Z7z ddl8m9Z9m:Z:Wne;yddl8me?e@dZAddddZBe jCZCe jDZDGdddeEZFGdddeEZGGd d!d!eEZHGd"d#d#eEZIGd$d%d%eZJGd&d'd'eEZKd(d)ZLGd*d+d+ZMd/d-d.ZNdS)0z0 Handling of RSA, DSA, ECDSA, and Ed25519 keys. ) annotationsN) b64encode decodebytes encodebytes)md5sha256)Any) NamedConstantNames)utils)InvalidSignature)default_backend)hashes serialization)dsaeced25519paddingrsa)Cipher algorithmsmodes)load_pem_private_keyload_ssh_public_key)Literal)commonsexpy) int_to_bytes) randbytes) iterbytes nativeString)_mutuallyExclusiveArguments)decode_dss_signatureencode_dss_signature)decode_rfc6979_signatureencode_rfc6979_signature)ecdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521snistp256snistp384snistp521)s secp256r1s secp384r1s secp521r1c@eZdZdZdS) BadKeyErrorzj Raised when a key isn't what we expected from it. XXX: we really need to check for bad keys N__name__ __module__ __qualname____doc__r.r.v/var/www/vedio/testing/chatpythonscript.ninositsolution.com/env/lib/python3.10/site-packages/twisted/conch/ssh/keys.pyr(Dr(c@r')BadSignatureAlgorithmErrorzi Raised when a public key signature algorithm name isn't defined for this public key format. Nr)r.r.r.r/r1Lr0r1c@r')EncryptedKeyErrorzb Raised when an encrypted key is presented to fromString/fromFile without a password. Nr)r.r.r.r/r2Sr0r2c@r')BadFingerPrintFormatzS Raises when unsupported fingerprint formats are presented to fingerprint. Nr)r.r.r.r/r3Zr0r3c@seZdZdZeZeZdS)FingerprintFormatsa Constants representing the supported formats of key fingerprints. @cvar MD5_HEX: Named constant representing fingerprint format generated using md5[RFC1321] algorithm in hexadecimal encoding. @type MD5_HEX: L{constantly.NamedConstant} @cvar SHA256_BASE64: Named constant representing fingerprint format generated using sha256[RFC4634] algorithm in base64 encoding @type SHA256_BASE64: L{constantly.NamedConstant} N)r*r+r,r-r MD5_HEX SHA256_BASE64r.r.r.r/r4`s r4c@r')PassphraseNormalizationErrorz Raised when a passphrase contains Unicode characters that cannot be normalized using the available Unicode character database. Nr)r.r.r.r/r7qr0r7cCs8t|trtdd|Drttd|dS|S)a Normalize a passphrase, which may be Unicode. If the passphrase is Unicode, this follows the requirements of U{NIST 800-63B, section 5.1.1.2} for Unicode characters in memorized secrets: it applies the Normalization Process for Stabilized Strings using NFKC normalization. The passphrase is then encoded using UTF-8. @type passphrase: L{bytes} or L{unicode} or L{None} @param passphrase: The passphrase to normalize. @return: The normalized passphrase, if any. @rtype: L{bytes} or L{None} @raises PassphraseNormalizationError: if the passphrase is Unicode and cannot be normalized using the available Unicode character database. css|] }t|dkVqdS)CnN) unicodedatacategory).0cr.r.r/ sz'_normalizePassphrase..NFKCzUTF-8) isinstancestranyr7r9 normalizeencode passphraser.r.r/_normalizePassphrasexs rFc@seZdZdZed]ddZed]ddZeddZed d Zed d Z ed dZ eddZ eddZ eddZ eddZeddZeddZed^ddZed_ddZed_dd Zed_d!d"Zed_d#d$Zd%d&Zd`d+d,Zdad.d/Zd0d1Zd2d3Zejfd4d5Zdbd7d8Zd9d:Zd;d<Z d=d>Z!d?d@Z"dcdBdCZ#dDdEZ$dFdGZ%e&dHdIgdHdJggd^dKdLZ'd_dMdNZ(d]dOdPZ)d_dQdRZ*dddSdTZ+dUdVZ,dWdXZ-d_dYdZZ.d[d\Z/dS)eKeyau An object representing a key. A key can be either a public or private key. A public key can verify a signature; a private key can create or verify a signature. To generate a string that can be stored on disk, use the toString method. If you have a private key, but want the string representation of the public key, use Key.public().toString(). NcCs@t|d}||||WdS1swYdS)a Load a key from a file. @param filename: The path to load key data from. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. rbN)open fromStringread)clsfilenametyperEfr.r.r/fromFiles $z Key.fromFilecCst|tr |d}t|}|dur||}|dur"td|t|d|d}|dur8td||jj dkrH|rDtd||S|||S)a Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key. @type data: L{bytes} @param data: The key data. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. utf-8Nzcannot guess the type of _fromString_zno _fromString method for zkey not encrypted) r?r@rCrF_guessStringTyper(getattrupper__code__ co_argcount)rLdatarNrEmethodr.r.r/rJs     zKey.fromStringc Cst|\}}|dkr t|d\}}}|t||tS|dkrBt|d\}}}} }|tj| tj |||ddtS|t vrW|t j t |t|ddS|dkrm|jt|ddd d } d | _| S|d vrt|\} }|| } |d rd | _| Std|)a Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:: string 'ssh-rsa' integer e integer n The format of a DSA public key blob is:: string 'ssh-dss' integer p integer q integer g integer y The format of ECDSA-SHA2-* public key blob is:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name. The format of an Ed25519 public key blob is:: string 'ssh-ed25519' string a @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown. ssh-rsarSssh-dsspqgyparameter_numbers"sk-ecdsa-sha2-nistp256@openssh.comr&) encodedPointcurveT) ssh-ed25519sk-ssh-ed25519@openssh.comssk-ssh-unknown blob type: )rgetNSgetMPrRSAPublicNumbers public_keyr rDSAPublicNumbersDSAParameterNumbers _curveTablerEllipticCurvePublicKeyfrom_encoded_point_fromECEncodedPoint_sk_fromEd25519Components startswithr() rLblobkeyTyperestenr_r`rarc keyObjectar.r.r/_fromString_BLOBs@"  zKey._fromString_BLOBcCst|\}}|dkr"t|d\}}}}}} }|j||||| dS|dkr @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the blob type is unknown. s ecdsa-sha2re)rxrr rsplitr)rLrYryr.r.r/_fromString_PUBLIC_OPENSSHos  zKey._fromString_PUBLIC_OPENSSHcCs|}td|dd}|dstd|tdd}t|d\}}}}t d|dd d } | dkr@td t|d dd \} } } |d kr|sWt d|dvrmt j } d} t|ddd}| }ntd||dkrt|\}}t d|dd d }tj|||||dd}ntd|t| | d krtdt| |d|t||||td}|| |}n |d krtd|f| }t d|dd d }t d|d dd }||krtd||f||ddS)a* Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. The format of an openssh-key-v1 private key string is:: -----BEGIN OPENSSH PRIVATE KEY----- -----END OPENSSH PRIVATE KEY----- The SSH protocol string is as described in U{PROTOCOL.key}. @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the SSH protocol encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key reopenssh-key-v1z"unknown OpenSSH private key formatN!Lr]rzDonly OpenSSH private key files containing a single key are supportedrSnone0Passphrase must be provided for an encrypted key)s aes128-ctrs aes192-ctr aes256-ctrrzunknown encryption type bcryptT)ignore_few_roundszunknown KDF type z bad paddingbackendz*private key specifies KDF %r but no cipherz#check values do not match: %d != %d)strip splitlinesrjoinrxr(lenrrlstructunpackr2rAESintbcryptkdfrrCTRr decryptorupdatefinalizer)rLrYrElineskeyListcipherr kdfOptionsr{r}_encPrivKeyListalgorithmClass blockSizekeySizeivSizesaltroundsdecKeyr privKeyListcheck1check2r.r.r/_fromPrivateOpenSSH_v1sl   zKey._fromPrivateOpenSSH_v1cCs~|}|ddd}|sd}|dvr8z t||t}W||Sty-tdty7tdwtd|) a Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format. The format of a PEM-based OpenSSH private key string is:: -----BEGIN PRIVATE KEY----- [Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,] ------END PRIVATE KEY------ The ASN.1 structure of a RSA key is:: (0, n, e, d, p, q) The ASN.1 structure of a DSA key is:: (0, p, q, g, y, x) The ASN.1 structure of a ECDSA key is:: (ECParameters, OID, NULL) @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key r N)sECsRSAsDSArz&Failed to decode key (Bad Passphrase?)unknown key type )rrrr TypeErrorr2 ValueErrorr()rLrYrErkindkeyr.r.r/_fromPrivateOpenSSH_PEMs %  zKey._fromPrivateOpenSSH_PEMcCs4|ddddkr|||S|||S)a Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error. @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key rrrsOPENSSH)rrrr)rLrYrEr.r.r/_fromString_PRIVATE_OPENSSHs  zKey._fromString_PRIVATE_OPENSSHcCstt|dd}|ddksJi}|dddD]\}}tt|d||<q|dddkrG|j|d|d|d |d d S|ddd krZ|j|d |ddStd|dd)a Return a public key corresponding to this LSH public key string. The LSH public key string format is:: , ()+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown rerr public-keyNdsaygpqrcrar_r`rsa-pkcs1-sha1ner}r|unknown lsh key type ) rparserrrmNSrrr(rLrYsexpkdrr.r.r/_fromString_PUBLIC_LSH3szKey._fromString_PUBLIC_LSHcCs0t|}|ddks Ji}|dddD]\}}tt|d||<q|dddkrPt|dks, (, )+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown r private-keyreNrrrrrrxr rsa-pkcs1rrrdrr) rrrrmrrrrr(rr.r.r/_fromString_PRIVATE_LSHSs$ zKey._fromString_PRIVATE_LSHc Cst|\}}|dkr8t|\}}t|\}}t|\}}t|\}}t|\}}|j|||||dS|dkrqt|\}}t|\} }t|\} }t|\} }t|\}}t|\}}|j| || ||| dStd|)a Return a private key object corresponsing to the Secure Shell Key Agent v3 format. The SSH Key Agent v3 format for a RSA key is:: string 'ssh-rsa' integer e integer d integer n integer u integer p integer q The SSH Key Agent v3 format for a DSA key is:: string 'ssh-dss' integer p integer q integer g integer y integer x @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown r\rr[r}r|rr_r`rr)rrlrmrrr() rLrYrzr_r`rarcrr|rr}rr.r.r/_fromString_AGENTV3ys"zKey._fromString_AGENTV3cCs|ds |dr dS|ds|drtd|ds$|dr&dS|d r-d S|d r4d S|d r;dS|dsT|dsT|dsT|dsT|drtt|\}}d}|rl|d7}t|\}}|s_|dkrrdSdSdS)z Guess the type of key in data. The types map to _fromString_* methods. @type data: L{bytes} @param data: The key data. sssh- ecdsa-sha2-public_opensshssk-ecdsa-sha2-nistp256-cert-v01ssk-ssh-ed25519-cert-v01z(certificate based keys are not supportedssk-ecdsa-sha2-nistp256ssk-ssh-ed25519s -----BEGINprivate_openssh{ public_lsh( private_lshsssh-s ecdsa-s ssh-ed25519s&"sk-ecdsa-sha2-nistp256@openssh.comssk-ssh-ed25519@openssh.comrrer]agentv3ryN)rxr(rrlrm)rLrYignoredr{countr.r.r/rTsH    zKey._guessStringTypec Csntj||d}|dur|t}||Stj|||t||t||t|||d} | t}||S)a Build a key from RSA numerical components. @type n: L{int} @param n: The 'n' RSA variable. @type e: L{int} @param e: The 'e' RSA variable. @type d: L{int} or L{None} @param d: The 'd' RSA variable (optional for a public key). @type p: L{int} or L{None} @param p: The 'p' RSA variable (optional for a public key). @type q: L{int} or L{None} @param q: The 'q' RSA variable (optional for a public key). @type u: L{int} or L{None} @param u: The 'u' RSA variable. Ignored, as its value is determined by p and q. @rtype: L{Key} @return: An RSA key constructed from the values as given. )r|r}N)r_r`rdmp1dmq1iqmppublic_numbers) rrnror RSAPrivateNumbers rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmp private_key) rLr}r|rr_r`r publicNumbersr~privateNumbersr.r.r/rs      zKey._fromRSAComponentsc CsXtj|tj|||dd}|dur|t}||Stj||d}|t}||S)a Build a key from DSA numerical components. @type y: L{int} @param y: The 'y' DSA variable. @type p: L{int} @param p: The 'p' DSA variable. @type q: L{int} @param q: The 'q' DSA variable. @type g: L{int} @param g: The 'g' DSA variable. @type x: L{int} or L{None} @param x: The 'x' DSA variable (optional for a public key) @rtype: L{Key} @return: A DSA key constructed from the values as given. r^rbN)rr)rrprqror DSAPrivateNumbersr) rLrcr_r`rarrr~rr.r.r/r s  zKey._fromDSAComponentscCsRtj||t|d}|dur|t}||Stj||d}|t}||S)a Build a key from EC components. @param x: The affine x component of the public point used for verifying. @type x: L{int} @param y: The affine y component of the public point used for verifying. @type y: L{int} @param curve: NIST name of elliptic curve. @type curve: L{bytes} @param privateValue: The private value. @type privateValue: L{int} rrcrhN) private_valuer)rEllipticCurvePublicNumbersrrror EllipticCurvePrivateNumbersr)rLrrcrhrrr~rr.r.r/_fromECComponents/s   zKey._fromECComponentscCs>|durtjt||}||St|t|t}||S)aa Build a key from an EC encoded point. @param encodedPoint: The public point encoded as in SEC 1 v2.0 section 2.3.3. @type encodedPoint: L{bytes} @param curve: NIST name of elliptic curve. @type curve: L{bytes} @param privateValue: The private value. @type privateValue: L{int} N)rrsrtrrderive_private_keyr )rLrgrhrr~r.r.r/ruOs zKey._fromECEncodedPointcCsDtdustdur td|durt|}||St|}||S)aBuild a key from Ed25519 components. @param a: The Ed25519 public key, as defined in RFC 8032 section 5.1.5. @type a: L{bytes} @param k: The Ed25519 private key, as defined in RFC 8032 section 5.1.5. @type k: L{bytes} Nz)Ed25519 keys not supported on this system)Ed25519PublicKeyEd25519PrivateKeyr(from_public_bytesfrom_private_bytes)rLrrr~r.r.r/rwks   zKey._fromEd25519ComponentscCs||_d|_dS)z Initialize with a private or public C{cryptography.hazmat.primitives.asymmetric} key. @param keyObject: Low level key. @type keyObject: C{cryptography.hazmat.primitives.asymmetric} key. FN) _keyObjectrv)selfr~r.r.r/__init__s z Key.__init__otherobjectreturnboolcCs.t|tr||ko||kStS)zN Return True if other represents an object with the same key. )r?rGrNrYNotImplemented)rrr.r.r/__eq__s  z Key.__eq__r@c Cs|dkrO|}|dd}|r d|ddd}n d|ddd}t|D]\}}|dkr@|d |7}q0|d |d |7}q0|d Sd t||r[dp\d|fg}t|D]T\}}|d|d|dkr|nt |dd}|r|dd}|dd}d} t |D] } | t | dd} qt |dkr| dd} |d| |sqk|dd|d<d |S)z@ Return a pretty representation of this object. ECrhrQz z<%s %s (%s bits)z Public Keyz Private Keyzattr :Ed25519r]02xr >)rNrYdecodeisPublicsorteditemsr sizeappendrMPrordrr) rrYroutrvrbymor<r.r.r/__repr__sD  "      z Key.__repr__cCst|jtjtjtjtj fS)zl Check if this instance is a public key. @return: C{True} if this is a public key. ) r?rr RSAPublicKeyr DSAPublicKeyrrsrrrr.r.r/rsz Key.isPubliccCs|r|St|jS)z Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self. @rtype: L{Key} @return: A public key. )rrGrror'r.r.r/publics z Key.publiccCsb|tjurttt|S|tjur*tdddt t |DSt d|)aO The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include L{FingerprintFormats.MD5_HEX} and L{FingerprintFormats.SHA256_BASE64} The input to the algorithm is the public key data as specified by [RFC4253]. The output of sha256[RFC4634] algorithm is presented to the user in the form of base64 encoded sha256 hashes. Example: C{US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=} The output of the MD5[RFC1321](default) algorithm is presented to the user as a sequence of 16 octets printed as hexadecimal with lowercase letters and separated by colons. Example: C{c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87} @param format: Format for fingerprint generation. Consists hash function and representation format. Default is L{FingerprintFormats.MD5_HEX} @since: 8.2 @return: the user presentation of this L{Key}'s fingerprint, as a string. @rtype: L{str} :cSsg|]}t|qSr.)binasciihexlify)r;rr.r.r/ sz#Key.fingerprint..z Unsupported fingerprint format: ) r4r6r rrrydigestr5rrrr3)rformatr.r.r/ fingerprints  zKey.fingerprint&Literal['RSA', 'DSA', 'EC', 'Ed25519']cCspt|jtjtjfr dSt|jtjtjfrdSt|jtj tj fr$dSt|jt j t j fr0dStd|j)z Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', 'EC', or 'Ed25519'. @rtype: L{str} @raises RuntimeError: If the object type is unknown. RSADSAr rzunknown type of object: )r?rrr% RSAPrivateKeyrr& DSAPrivateKeyrrsEllipticCurvePrivateKeyrrr RuntimeErrorr'r.r.r/rNszKey.typecCsR|jr |dkr dSdS|dkrdt|jjjdSdddd |S) a Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6 and RFC 8332, section 4 (this is a public key format name, not a public key algorithm name). Currently this can only be b'ssh-rsa', b'ssh-dss', b'ecdsa-sha2-[identifier]' or b'ssh-ed25519'. identifier is the standard NIST curve name @return: The key type format. @rtype: L{bytes} r rfrjrrr[r\ri)r1r2r)rvrNrrrhrrCr'r.r.r/sshTypes  z Key.sshTypecCs|dkr gdS|gS)z Get the public key signature algorithms supported by this key. @return: A list of supported public key signature algorithm names. @rtype: L{list} of L{bytes} r1) rsa-sha2-512 rsa-sha2-256r[)rNr7r'r.r.r/supportedSignatureAlgorithms@s  z Key.supportedSignatureAlgorithmscCs|dkr&||kr$|}|dkrtS|dkr tStSdS|dkr0tSttttd||fS)z Return a hash algorithm for this key type given an SSH signature algorithm name, or L{None} if no such hash algorithm is defined for this key type. r iNr))r1r[)r1r9)r1r8)r2r\) rNr7rrSHA256SHA384SHA512SHA1get)r signatureTyperr.r.r/_getHashAlgorithmLs$   zKey._getHashAlgorithmcCs<|jdurdS|dkr|jjjS|dkrdS|jjS)zv Return the size of the object we wrap. @return: The size of the key. @rtype: L{int} Nrr rr;)rrNrhkey_sizer'r.r.r/ris    zKey.sizedict[str, Any]c Cst|jtjr|j}|j|jdSt|jtjr5|j}|jj|jj|j |j |j t |j |j dSt|jt jrO|j}|j|jj|jj |jj dSt|jt jro|j}|j|jj|jjj|jjj |jjj dSt|jtjr|j}|j|j|dSt|jtjr|j}|jj|jj|j|dSt|jtjrd|jtjjtjjiSt|jtj r|j!tjjtjj|j"tjjtj#jt$dSt%d |j) z_ Return the values of the public key as a dictionary. @rtype: L{dict} rrr)rrcrar_r`r)rrcrrhr)rrzUnexpected key type: )&r?rrr%rr}r|r3private_numbersrr_r`rrr&rcrdrar4rrrsr7r5rrr public_bytesrEncodingRaw PublicFormatrro private_bytes PrivateFormat NoEncryptionr6)rrsa_pub_numbersrsa_priv_numbersdsa_pub_numbersdsa_priv_numbersec_pub_numbersec_priv_numbersr.r.r/rYxst          zKey.datacCs|}|}|dkrtdt|dt|dS|dkrDtdt|dt|dt|d t|d S|d krx|jjjd d }t|dt|dddtdt |d|t |d |S|dkrtdt|dSt d|)a Return the public key blob for this key. The blob is the over-the-wire format for public keys. SECSH-TRANS RFC 4253 Section 6.6. RSA keys:: string 'ssh-rsa' integer e integer n DSA keys:: string 'ssh-dss' integer p integer q integer g integer y EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name Ed25519 keys:: string 'ssh-ed25519' string a @rtype: L{bytes} r1r[r|r}r2r\r_r`rarcr rrhNrrrirunknown key type: ) rNrYrrrrrhrCr rr()rrNrY byteLengthr.r.r/rys@ &      zKey.blobcCs|}|}|dkrCt|d|d}tdt|dt|dt|dt|t|dt|dS|dkrotd t|dt|dt|d t|d t|d S|d kr|j t j j t j j}t|dt|dddt|t|dS|dkrtdt|dt|d|dStd|)a1 Return the private key blob for this key. The blob is the over-the-wire format for private keys: Specification in OpenSSH PROTOCOL.agent RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y integer privateValue identifier is the NIST standard curve name. Ed25519 keys:: string 'ssh-ed25519' string a string k || a r1r_r`r[r}r|rr2r\rarcrr rhrTNrrrirrrV)rNrYrrrrrrrorFrrGX962rIUncompressedPointr()rrNrYrencPubr.r.r/ privateBlobsh)               zKey.privateBlobextracommentrEcCs|durtjdtdd|r|}n|}t|tr|d}t|}t|d| d}|dur9t d|||||dS) a Create a string representation of this key. If the key is a private key and you want the representation of its public key, use C{key.public().toString()}. type maps to a _toString_* method. @param type: The type of string to emit. Currently supported values are C{'OPENSSH'}, C{'LSH'}, and C{'AGENTV3'}. @type type: L{str} @param extra: Any extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to encrypt with. (Deprecated since Twisted 20.3.0; use C{comment} or C{passphrase} as appropriate instead.) @type extra: L{bytes} or L{unicode} or L{None} @param subtype: A subtype of the requested C{type} to emit. Only supported for private OpenSSH keys, for which the currently supported subtypes are C{'PEM'} and C{'v1'}. If not given, an appropriate default is used. @type subtype: L{str} or L{None} @param comment: A comment to include with the key. Only supported for OpenSSH keys. Present since Twisted 20.3.0. @type comment: L{bytes} or L{unicode} or L{None} @param passphrase: A passphrase to encrypt the key with. Only supported for private OpenSSH keys. Present since Twisted 20.3.0. @type passphrase: L{bytes} or L{unicode} or L{None} @rtype: L{bytes} NzThe 'extra' argument to twisted.conch.ssh.keys.Key.toString was deprecated in Twisted 20.3.0; use 'comment' or 'passphrase' instead.r) stacklevelrQ _toString_rV)subtyper]rE) warningswarnDeprecationWarningrr?r@rCrFrUrVr()rrNr\r`r]rErZr.r.r/toStringSs -  z Key.toStringcCsn|dkr|s d}|jtjjtjjd|St|  dd}|s)d}| d|d|S)a Return a public OpenSSH key string. See _fromString_PUBLIC_OPENSSH for the string format. @type comment: L{bytes} or L{None} @param comment: A comment to include with the key, or L{None} to omit the comment. r r  ) rNrrFrrGOpenSSHrIrrryreplacer7)rr]b64Datar.r.r/_toPublicOpenSSHs  zKey._toPublicOpenSSHcs|r%tj}d}d}|jd}d}|}t|} d} t| td| } nd}d}d}d} td } | | | t|p>d} d }t | |r\|d 7}| t |d @f7} t | |sI|rt || ||d}t||d |t||||td}|| |}n| }dt|t|t| tdd t|t|}t|dddgfddtd t dDdg}d|dS)aP Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. See _fromPrivateOpenSSH_v1 for the string format. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase to encrypt the key with, or L{None} if it is not encrypted. rrrrdrrrr]rreNrrrfs#-----BEGIN OPENSSH PRIVATE KEY-----csg|] }||dqS)@r.)r;irir.r/r,sz,Key._toPrivateOpenSSH_v1..rms!-----END OPENSSH PRIVATE KEY-----)rr block_sizer secureRandomrrrpackr[rbytesrrrrrr encryptorrrryrrhranger)rr]rEr cipherNamekdfNamerrrrrrcheckrpadByteencKeyrtrryrr.ror/_toPrivateOpenSSH_v1sl         zKey._toPrivateOpenSSH_v1cCsT|st}nt|}|dkr|jtjjtjj |S|dks&Jt d)a, Return a private OpenSSH key string, in the old PEM-based format. See _fromPrivateOpenSSH_PEM for the string format. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase to encrypt the key with, or L{None} if it is not encrypted. rzBcannot serialize Ed25519 key to OpenSSH PEM format; use v1 instead) rrLBestAvailableEncryptionrNrrJrGPEMrKTraditionalOpenSSLr)rrErtr.r.r/_toPrivateOpenSSH_PEMs   zKey._toPrivateOpenSSH_PEMcCsh|r |j|dS|dks|dur|dkr|j||dS|dus'|dkr-|j|dStd|) ar Return a public or private OpenSSH string. See L{_fromString_PUBLIC_OPENSSH} and L{_fromPrivateOpenSSH_PEM} for the string formats. @param subtype: A subtype to emit. Only supported for private keys, for which the currently supported subtypes are C{'PEM'} and C{'v1'}. If not given, an appropriate default is used. @type subtype: L{str} or L{None} @param comment: Comment for a public key. @type comment: L{bytes} @param passphrase: Passphrase for a private key. @type passphrase: L{bytes} @rtype: L{bytes} )r]v1Nr)r]rEr}rDzunknown subtype )rrjrNr{rr)rr`r]rEr.r.r/_toString_OPENSSH s  zKey._toString_OPENSSHcKs|}|}|r|dkr2tdddt|dddgdt|d ddgggg}nE|d krptdd d t|d ddgdt|dddgdt|dddgdt|dddgggg}ntd|dt| dddS|dkr|d |d}}t ||}tdddt|dddgdt|d ddgdt|dddgd t|ddgdt|ddgdt|d|dddgdt|d|dddgd t|ddgg ggS|d krLtdd d t|d ddgdt|dddgdt|dddgdt|dddgd!t|d"ddggggStd|d#)$z Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats. @rtype: L{bytes} r1rrrr}r]Nrr|r2rrr_rr`rrarrcrrrfr}rrrrarebcrr') rYrNrrrrrrr(rrhrr)rkwargsrYrNkeyDatar_r`rr.r.r/ _toString_LSH&sv      zKey._toString_LSHcKs|}|sJ|dkr#|d|d|d|d|d|df}n|dkr:|d|d|d |d |d f}t|d ttj|Sd S)z Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format. @rtype: L{bytes} r1r|rr}rr_r`r2rarcrrN) rYrrNrrr7rmapr)rrrYvaluesr.r.r/_toString_AGENTV3xs  " zKey._toString_AGENTV3cCs|}|dur |}||}|dur td|d|d|dkr4|j|t|}t |}n|dkrS|j||}t |\}}t t |dt |d}nm|dkr|j|t |} t | \}}t |} t |} t| d tur~t| d } n| d } | d @rd | } t| d turt| d } n| d } | d @rd | } t t | t | }n |d krt |j|}t ||S) a Sign some data with this key. SECSH-TRANS RFC 4253 Section 6.6. @type data: L{bytes} @param data: The data to sign. @type signatureType: L{bytes} @param signatureType: The SSH public key algorithm name to sign this data with, or L{None} to use a reasonable default for the key. @rtype: L{bytes} @return: A signature for the given data. Nzpublic key signature algorithm z is not defined for z keysr1r2r rr)rNr7rBr1rsignrPKCS1v15rrr"rrECDSAr@r)rrYrArz hashAlgorithmsigretrs signaturerHsbrcompscompr.r.r/rsH    zKey.signcCst|dkrdt|}}nt|\}}||}|dur!dS|}|dkrB|j}|s4|}t|d|t |f}n|dkrwt|d}t |ddd } t |ddd } t | | }|j}|sq|}|||f}nQ|d krt|d}t|d \} } } t | d } t | d } t | | }|j}|s|}||t|f}n|d kr|j}|s|}t|d|f}z|j|Wd StyYdSw)a Verify a signature using this key. @type signature: L{bytes} @param signature: The signature to verify. @type data: L{bytes} @param data: The signed data. @rtype: L{bool} @return: C{True} if the signature is valid. (r\NFr1rr2rbigr rSrT)rrrrlrBrNrrrorrr from_bytesr#rrverifyr )rrrYrArrzrargsconcatenatedSignaturerrrstrsstrr{r.r.r/rs\          z Key.verify)NN)NNNN)N)rrr r )r r@)r r0)r rD)NNN)0r*r+r,r- classmethodrPrJrrrrrrrrrrTrrrrurwrr r$rr(r4r5r/rNr7r:rBrrYryr[r!rdrjr{rrrrrrr.r.r.r/rGs  ' F J  X 8   % 0 4 , "    , (!  L<S  <  > R  LrGcCs|jdd|s(tjd|td}|jtjj tj j t d}| ||d}tj|dtd}t|WdS1sGwYdS) a This function returns a persistent L{Key}. The key is loaded from a PEM file in C{location}. If it does not exist, a key with the key size of C{keySize} is generated and saved. @param location: Where the key is stored. @type location: L{twisted.python.filepath.FilePath} @param keySize: The size of the key, if it needs to be generated. @type keySize: L{int} @returns: A persistent key. @rtype: L{Key} T)ignoreExistingDirectoryi)public_exponentrCr)encodingr.encryption_algorithmrHN)passwordr)parentmakedirsexistsrgenerate_private_keyr rJrrGr}rKr~rL setContentrIrrKrG)locationr privateKeypemkeyFiler.r.r/_getPersistentRSAKey!s"   $r)r)Or- __future__rr*rr9rabase64rrrhashlibrrtypingrr constantlyr r cryptographyr cryptography.exceptionsr cryptography.hazmat.backendsr cryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrrrrr&cryptography.hazmat.primitives.ciphersrrr,cryptography.hazmat.primitives.serializationrrtyping_extensionsrtwisted.conch.sshrrtwisted.conch.ssh.commonrtwisted.pythonrtwisted.python.compatrr twisted.python.deprecater!/cryptography.hazmat.primitives.asymmetric.utilsr"r# ImportErrorr$r% SECP256R1 SECP384R1 SECP521R1rrrrr Exceptionr(r1r2r3r4r7rFrGrr.r.r.r/sz