pg]UddlZddlZddlZddlZddlmZddlmZddl m Z ddl m Z m Z mZmZddlmZmZmZddlmZmZmZmZmZmZ ddlmZd Zn#e$rd Z dPd e d e d e!de!de"de f dZYnwxYwdZ#dZ$dZ%dZ&dZ'dZ(dZ)ej*dZ+dZ,dZ-dZ.dZ/dZ0dZ1d Z2ej*e-d!ze.zej3Z4e5e6e7d"d#Z8ej9d$ej:d fej9d$ej;d fd%Zej?ej9e!ej@ej?ej:ej?ej;fe!ffeAd&<e&e'e(d'ZBd(e jCde fd)ZDe-d*ze.d*zfd+e d,e d-e de fd.ZEd+e d/e!ddfd0ZFd+e ddfd1ZGd2e d ejHe d e de!deej@ej;ej:ff d3ZId+e5dej>e!e5ffd4ZJd+e5dej>e!e5ffd5ZKd+e5dej>e5e5ffd6ZLd+e5dej>e!e5ffd7ZMd8e!de fd9ZNGd:d;ZOGd<d=ZPGd>d?ZQGd@dAZRGdBdCZSe$ePe%eQe#eSe&eRdDe jTe'eRdEe jUe(eRdFe jViZWdGe fdHZXej@e jYejZe j[ej\fZ] dQd+e d ejHe dIej^de]fdJZ_dKe]d e dLede fdMZ`ej@e jCejae jbejcfZd dQd+e dIej^dedfdNZed(edde fdOZfdS)RN) encodebytes)utilsUnsupportedAlgorithm)dsaeced25519rsa)Cipher algorithmsmodes)EncodingKeySerializationEncryption NoEncryption PrivateFormat PublicFormat_KeySerializationEncryption)kdfTFpasswordsaltdesired_key_bytesroundsignore_few_roundsreturnc td)NzNeed bcrypt moduler)rrrrrs R/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/serialization/ssh.py _bcrypt_kdfr s##7888s ssh-ed25519sssh-rsasssh-dsssecdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521s-cert-v01@openssh.coms\A(\S+)[ \t]+(\S+)sopenssh-key-v1s#-----BEGIN OPENSSH PRIVATE KEY-----s!-----END OPENSSH PRIVATE KEY-----sbcryptsnone aes256-ctrs(.*?) )rs aes256-cbc _SSH_CIPHERS) secp256r1 secp384r1 secp521r1 public_keyc~|j}|jtvrtd|jt|jS)z3Return SSH key_type and curve_name for private key.z'Unsupported curve for ssh private key: )curvename_ECDSA_KEY_TYPE ValueError)r(r*s r_ecdsa_key_typer.WsE  E z(( Dej D D    5: &&r dataprefixsuffixcLd|t||gS)Nr)join_base64_encode)r0r1r2s r_ssh_pem_encoder6as% 88V^D116: ; ;;r block_lencT|rt||zdkrtddS)zRequire data to be full blocksrzCorrupt data: missing paddingN)lenr-)r0r7s r_check_block_sizer:is6 :3t99y(A--8999.-rc(|rtddS)z!All data should have been parsed.zCorrupt data: unparsed dataN)r-r0s r _check_emptyr=os# 8677788r ciphernamec|stdt|\}}}}t||||z|d}t||d||||dS)z$Generate key + iv and return cipher.zKey is password-protected.TN)r-r$rr ) r>rrralgokey_lenmodeiv_lenseeds r _init_cipherrEus| 75666".z":D'4 xw'7 F FD $$tHWH~&&T'((^(<(< = ==rct|dkrtdt|ddd|ddfS)Uint32 Invalid dataNbig byteorderr9r-int from_bytesr<s r_get_u32rPJ 4yy1}}((( >>$rr(e> 4 4d122h >>rct|dkrtdt|ddd|ddfS)Uint64rINrJrKrMr<s r_get_u64rUrQrct|\}}|t|krtd|d|||dfS)zBytes with u32 length prefixrIN)rPr9r-)r0ns r _get_sshstrrXsItnnGAt3t99}}((( 8T!""X rct|\}}|r|ddkrtdt|d|fS)z Big integer.rrIrJ)rXr-rNrO)r0vals r _get_mpintr\sND!!IC )s1v}}((( >>#u % %t ++rr[c|dkrtd|sdS|dzdz}tj||S)z!Storage format for signed bigint.rznegative mpint not allowedrrT)r- bit_lengthr int_to_bytes)r[nbytess r _to_mpintrasS Qww5666 snn"q (F  c6 * **rceZdZUdZejeed< ddejejeddfdZ deddfdZ de ddfd Z dej edfddfd Zde ddfd Zde fd Zddede de fdZdefdZdS) _FragListz,Build recursive structure without data copy.flistNinitrcPg|_|r|j|dSdSN)rdextend)selfres r__init__z_FragList.__init__s9  $ J  d # # # # # $ $rr[c:|j|dS)zAdd plain bytesN)rdappendrir[s rput_rawz_FragList.put_raws #rcd|j|dddS)zBig-endian uint32rHrJ)lengthrLN)rdrlto_bytesrms rput_u32z_FragList.put_u32s. #,,a5,AABBBBBrcRt|tttfr>|t ||j|dS|||j |jdS)zBytes prefixed with u32 lengthN) isinstancebytes memoryview bytearrayrrr9rdrlsizerhrms r put_sshstrz_FragList.put_sshstrs cE:y9 : : ) LLS " " " J  c " " " " " LL $ $ $ J  ci ( ( ( ( (rcJ|t|dS)z*Big-endian bigint prefixed with u32 lengthN)ryrarms r put_mpintz_FragList.put_mpints   #'''''rcPttt|jS)zCurrent number of bytes)summapr9rd)ris rrxz_FragList.sizes3sDJ''(((rrdstbufposcT|jD]}t|}|||z}}||||< |S)zWrite into bytearray)rdr9)rirrfragflenstarts rrenderz_FragList.rendersAJ % %Dt99DcDj3E $F59   rctt|}|||S)zReturn as bytes)rvrwrxrtobytes)ribufs rrz_FragList.tobytess?499;;//00 C{{}}rrg)r)__name__ __module__ __qualname____doc__typingListru__annotations__OptionalrjrnrNrrUnionryr{rxrvrrrrrcrcsi66 ;u ;?$$OFK$67$ $$$$5TC3C4CCCC)fl5++=>)4))))(S(T(((()c))))Zc#rrcceZdZdZdefdZdedejej effdZ dedejej effdZ dej de dd fd Zd ej d e dd fd Zd S) _SSHFormatRSAzhFormat for RSA keys. Public: mpint e, n Private: mpint n, e, d, iqmp, p, q r0cVt|\}}t|\}}||f|fS)zRSA public fieldsr\)rir0erWs r get_publicz_SSHFormatRSA.get_publics2T""4T""41vt|rrc||\\}}}tj||}|}||fS)zMake RSA public key from data.)rr RSAPublicNumbersr()rir0rrWpublic_numbersr(s r load_publicz_SSHFormatRSA.load_publicsKt,, A-a33#..00 4rc t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}||f|krtdtj||} tj||} tj||} tj|||| | || } | } | |fS)zMake RSA private key from data.z Corrupt data: rsa field mismatch)r\r-r rsa_crt_dmp1 rsa_crt_dmq1rRSAPrivateNumbers private_key)rir0 pubfieldsrWrdiqmppqdmp1dmq1rprivate_numbersrs r load_privatez_SSHFormatRSA.load_privatesT""4T""4T""4%% dT""4T""4 q6Y  ?@@ @1%%1%%-a33/ q!T4~  &1133 D  rr(f_pubNc|}||j||jdS)zWrite RSA public keyN)rr{rrW)rir(rpubns r encode_publicz_SSHFormatRSA.encode_publicsC((**  rrf_privct|}|j}||j||j||j||j||j||jdS)zWrite RSA private keyN) rrr{rWrrrrr)rirrrrs rencode_privatez_SSHFormatRSA.encode_privates&5577(7)***)****+++-...*+++*+++++r)rrrrrvrrTupler RSAPublicKeyr RSAPrivateKeyrrcrrrrrrrsz   c& 2 3    !! c'3 4!!!!, * 3<      ,, ,6? ,  , , , , , ,rrceZdZdZdedejejeffdZdedejej effdZ dedejej effdZ dej de dd fd Zd ej d e dd fd Zdejdd fdZd S) _SSHFormatDSAzhFormat for DSA keys. Public: mpint p, q, g, y Private: mpint p, q, g, y, x r0rct|\}}t|\}}t|\}}t|\}}||||f|fS)zDSA public fieldsr)rir0rrgys rrz_SSHFormatDSA.get_public/s[T""4T""4T""4T""41a|T!!rc||\\}}}}}tj|||}tj||}|||}||fS)zMake DSA public key from data.)rrDSAParameterNumbersDSAPublicNumbers _validater() rir0rrrrparameter_numbersrr(s rrz_SSHFormatDSA.load_public9sx"__T22 Aq!d3Aq!<<-a1BCC ~&&&#..00 4rcl||\\}}}}}t|\}}||||f|krtdtj|||}tj||} || tj|| } | } | |fS)zMake DSA private key from data.z Corrupt data: dsa field mismatch) rr\r-rrrrDSAPrivateNumbersr) rir0rrrrrxrrrrs rrz_SSHFormatDSA.load_privateDs"__T22 Aq!dT""4 q!Q<9 $ $?@@ @3Aq!<<-a1BCC ~&&&/>BB%1133 D  rr(rNc6|}|j}||||j||j||j||jdS)zWrite DSA public keyN)rrrr{rrrr)rir(rrrs rrz_SSHFormatDSA.encode_publicTs$2244*< ~&&& )+,,, )+,,, )+,,, ()))))rrrc|||||jdS)zWrite DSA private keyN)rr(r{rr)rirrs rrz_SSHFormatDSA.encode_privateasO ;1133V<<<4466899999rrcl|j}|jdkrtddS)Niz#SSH supports only 1024 bit DSA keys)rrr^r-)rirrs rrz_SSHFormatDSA._validatehs<*<   ) ) + +t 3 3BCC C 4 3r)rrrrrvrrrr DSAPublicKeyr DSAPrivateKeyrrcrrrrrrrrr&sA"" flJ. /""""    c& 2 3     !! c'3 4!!!! ** *3< *  * * * *:,:6?: ::::D(<DDDDDDDrrceZdZdZdedejfdZdede j e j effdZ dede j ej effdZ dede j ejeffd Zd ej d edd fd Zdejdedd fdZd S)_SSHFormatECDSAzFormat for ECDSA keys. Public: str curve bytes point Private: str curve bytes point mpint secret ssh_curve_namer*c"||_||_dSrg)rr*)rirr*s rrjz_SSHFormatECDSA.__init__zs, rr0rct|\}}t|\}}||jkrtd|ddkrtd||f|fS)zECDSA public fieldszCurve name mismatchrrHzNeed uncompressed point)rXrr-NotImplementedError)rir0r*points rrz_SSHFormatECDSA.get_public~sn"$'' t!$'' t D' ' '233 3 8q==%&?@@ @u~t##rc||\\}}}tj|j|}||fS)z Make ECDSA public key from data.)rrEllipticCurvePublicKeyfrom_encoded_pointr*r)rir0 curve_namerr(s rrz_SSHFormatECDSA.load_publicsS%)OOD$9$9!UT.AA J   4rc||\\}}}t|\}}||f|krtdtj||j}||fS)z!Make ECDSA private key from data.z"Corrupt data: ecdsa field mismatch)rr\r-rderive_private_keyr*)rir0rrrsecretrs rrz_SSHFormatECDSA.load_privatesn%)OOD$9$9!UT!$''   ) + +ABB B+FDJ?? D  rr(rNc|tjtj}||j||dS)zWrite ECDSA public keyN) public_bytesrX962rUncompressedPointryr)rir(rrs rrz_SSHFormatECDSA.encode_publicsV'' M<9   ,--- rrrc|}|}|||||jdS)zWrite ECDSA private keyN)r(rrr{ private_value)rirrr(rs rrz_SSHFormatECDSA.encode_privatesY!++-- %5577 :v...677777r)rrrrrur EllipticCurverjrvrrrrrEllipticCurvePrivateKeyrrcrrrrrrrns9  uR5E $ $ flJ. / $ $ $ $  b/; <     ! ! b0*< = ! ! ! ! 3 G% %%%%%%rrsnistp256snistp384snistp521key_typect|ts!t|}|tvr t|St d|)z"Return valid format or throw errorzUnsupported key type: )rtrurvr _KEY_FORMATSr)rs r_lookup_kformatrsZ h & &2h''//11<H%% DDD E EErbackendcdtjd||tjd|t|}|st d|d}|d}tj t|||}| tst dt|ttd}t|\}}t|\}}t|\}}t|\} }| dkrt dt|\} }t| \} } t!| } | | \} } t%| t|\}}t%|||ft&t&fkr|}|t*vrt-d||t.krt-d|t*|d }t1||t|\}}t|\}}t%|t3||||}t||}nd }t1||t|\}}t|\}}||krt d t|\}}|| krt d | || \}}t|\}}|t:dt|krt d |S)z.Load private key from OpenSSH custom encoding.r0NrzNot OpenSSH private key formatr!zOnly one key supportedzUnsupported cipher: zUnsupported KDF: rTzCorrupt data: broken checksumzCorrupt data: key type mismatchzCorrupt data: invalid padding)r_check_byteslike _check_bytes_PEM_RCsearchr-rendbinascii a2b_base64rv startswith _SK_MAGICr9rXrPrrr=_NONErr$r_BCRYPTr:rE decryptorupdater_PADDING)r0rrmp1p2r>kdfname kdfoptionsnkeyspubdata pub_key_typekformatredataciphername_bytesblklenrkbufrciphck1ck2rrcomments rload_ssh_private_keyrs  64((( :x000tA ;9::: B qB  z$//26 7 7D ??9 % %;9::: d  C NN,, -D#4((J%%MGT"4((J4..KE4 zz1222 %%MGT'00L'l++G ++G44Iwd##KE4G..%--// < / /&;'7;;  g  &'F7'F'FGG G./2%((( ,, d~~ T,h OO4>>++22599::%(((%JC%JC czz8999"%((OHe<:;;; --eY??K ''NGU 3u::&&&8999 rrencryption_algorithmctjd|t|tjr"t |}nut|tjrt}nSt|tj rt}n1t|tjrt}nt!dt#|}t%}|rt&}t(|d}t*}t,} t|t.r|j|j} t3jd} || || t;||| | } n t<x}}d}d} d} t3jd} d }t%}|||||t%| | g}||| |||||!tDd||#|zz t%}|!tH|||||||| |||||#}|#}tKtM||z}|'|||z }| 8| ()|||||dtU|d|S) z3Serialize private key with OpenSSH custom encoding.rUnsupported key typerNr rTr!rHr)+rrrtrrr.r(r r_SSH_RSArr_SSH_DSAr r _SSH_ED25519r-rrc_DEFAULT_CIPHERr$r_DEFAULT_ROUNDSr _kdf_roundsosurandomryrrrErrrrnrrxrrvrwr encryptor update_intor6)rrrrr  f_kdfoptionsr>rrrrrr checkvalr f_public_key f_secretsf_mainslenmlenrofss r_serialize_ssh_private_keyr+`sy  z8,,,+r9:: 1";#9#9#;#;<< K!2 3 31 K!2 3 31 K!: ; ;1/000h''G;;L$ j)!,  +-H I I 6$0<)5Fz"~~%%%V$$$J$??$$ W Ez!}}HG;;LH%%% +0022LAAA8X.//I """ ; 222 !!! hE9>>+;+;f+D!EEFGGG[[F NN9 j!!! g l### NN5 l### i    >>  D ;;==D Ytf}-- . .C MM# +C  $$ST]CI>>> 3uu: & &&rcvtjd|t|}|st d|dx}}|d}d}t |tt  dkrd}|dtt  }t|} ttj |}n)#ttj f$rt dwxYwt|\} }| |krt d|rt|\} }||\} }|rt!|\} }t#|\} }t|\}}t|\}}t!|\}}t!|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t%|| S) z-Load public key from OpenSSH one-line format.r0zInvalid line formatr!FNTzInvalid key format)rr_SSH_PUBKEY_RCmatchr-group _CERT_SUFFIXr9rrvrr TypeErrorErrorrXrrUrPr=)r0rrr orig_key_typekey_body with_certr restinner_key_typenoncer(serialcctypekey_id principals valid_after valid_before crit_options extensionsreservedsig_key signatures rload_ssh_public_keyrEs: 64(((T""A 0./// wwqzz)H}wwqzzHIx\!2!2 2 4 4555 0s<00001h''G/(-h7788 x~ &///-.../'t,,ND&&-...(!$'' t**400J ,~~ ~~ "4(( &t,, D$TNN T%d^^ d(.. d&t,, D$T**$#D)) %d++ 4 s !C&&&D cpt|tjrt|}nut|tjrt }nSt|tjrt}n1t|tj rt}ntdt|}t}|||||t%j|}d|d|gS)z&One-line public key format for OpenSSHrr )rtrrr.r rrrrrr rrr-rrcryrr b2a_base64rstripr4)r(rr rpubs rserialize_ssh_public_keyrKs*b788 1":.. J 0 1 11 J 0 1 11 J 8 9 91/000h''G KKE X *e,,,  emmoo . . 4 4 6 6C 88XtS) * **r)Frg)grrrerbase64rr5 cryptographyrcryptography.exceptionsr)cryptography.hazmat.primitives.asymmetricrrr r &cryptography.hazmat.primitives.ciphersr r r ,cryptography.hazmat.primitives.serializationrrrrrrbcryptrr_bcrypt_supported ImportErrorrurNboolrrr_ECDSA_NISTP256_ECDSA_NISTP384_ECDSA_NISTP521r1compiler.r _SK_START_SK_ENDrrrrDOTALLrrvrwrangerAESCTRCBCr$DictrTyperrr,rr.r6r:r=rrErPrUrXr\rarcrrrr SECP256R1 SECP384R1 SECP521R1rrrrrr_SSH_PRIVATE_KEY_TYPESAnyrr+rrr_SSH_PUBLIC_KEY_TYPESrErKrrrrjs  000000888888KKKKKKKKKKKKLLLLLLLLLL9)))))) 9 9 9#( 99999 9  9  999999 9  (((' 233  2 .  "*Y)G3RY ? ? :iia 0 011 2 2NB 26NB 26 fk  L JN#  V[+V[-CCD     !  ' 9'e''''%eO<< < < < <<<<:E:c:d:::: 8u88888 > >oe$ >  >  >  FLEI- ./ > > > >?:?&,sJ"??????:?&,sJ"?????jV\*j2H%I,Z,FLj$A,,,,+3+5++++11111111hC,C,C,C,C,C,C,C,LEDEDEDEDEDEDEDEDPD8D8D8D8D8D8D8D8N@%@%@%@%@%@%@%@%H mmoo mmoo##%%__[,",..AA__[,",..AA__[,",..AA  FeFFFF  JJ Joe$JZJ JJJJZL''L'L'5L' L'L'L'L'^  (,)) ) *)))))X+)>+5++++++s AA0/A0