mgPhUdZddlmZmZddlZddlmZmZmZm Z m Z ddl m Z m Z mZmZddlmZmZmZddlmZmZe ed fZeeeeegefZe eeefZeeeegefZe eefZeeeegefZ e e e ed ffZ!e d Z"e d Z#e d Z$e dZ%e dZ&e dZ'e dZ(e dZ)e dZ*e dZ+e dZ,e dZ-e dZ.e dZ/e dZ0e dZ1e dZ2e dZ3e dZ4e dZ5iZ6eeefe7d<iZ8eeefe7d <iZ9ee efe7d!<iZ:ee eefe fe7d"<iZ;ee efe7d#<iZeee fe7d&<iZ?ee efe7d'<iZ@eee fe7d(<Gd)d*eAZBGd+d ZCd,ed-ed.ed/ed0ed1ef d2ZDd,ed-ed.ed/ed0ed3ed1efd4ZEd5ed-ed,ed6ed1ef d7ZFd5ed-ed,ed6ed1ef d8ZGd9ed6ed:ed1efd;ZHdZId5ed-ed1efd?ZJd@edAed6ed1dfdBZKdCedDedEe dFed,ed6ed1dfdGZLdHedIe dFed6ed1df dJZMdKedLe dFe dMed1df dNZNdDedOe d1dfdPZOdQed@ed-ed1e eeeffdRZPdQedAedSed-ed1ef dTZQdQedCedDedUed-ed1ef dVZRdWed-ed1efdXZSdYZTdZd[e"eFedZfdZd\e#eFedZfd]d\e(eGed]fd^d\e'eGed^fd_d\e&eGed`fdad\e%eGedbffZUdce-eHdcfdde.eHddfdee/eHdefdfe+eHdffdge)eHdgfdZe,eHdZfd^e*eHd^ffZVdhe0eIffZWd\e1fdie2fdje3fdke4fdle5ffZXeTD]ZYeKeY eUD]ZZeLeZ eVD]Z[eMe[ eWD]Z\eNe\ eXD]Z]eOe] y)mz2Asymmetric key password based encryption functions)md5sha1N)CallableDictSequenceTupleUnion)ASN1DecodeErrorObjectIdentifier der_encode der_decode) BasicCipherget_cipher_params pbkdf2_hmac) BytesOrStrHashType _RFC1423Pad.z1.2.840.113549.1.5.3z1.2.840.113549.1.5.10z1.2.840.113549.1.5.13z1.2.840.113549.1.12.1.1z1.2.840.113549.1.12.1.2z1.2.840.113549.1.12.1.3z1.2.840.113549.1.12.1.4z1.2.840.113533.7.66.10z1.2.840.113549.3.7z1.3.6.1.4.1.3029.1.2z 1.3.14.3.2.7z2.16.840.1.101.3.4.1.2z2.16.840.1.101.3.4.1.22z2.16.840.1.101.3.4.1.42z1.2.840.113549.1.5.12z1.2.840.113549.2.7z1.2.840.113549.2.8z1.2.840.113549.2.9z1.2.840.113549.2.10z1.2.840.113549.2.11 _pkcs1_cipher_pkcs1_dek_name_pkcs8_handler_pkcs8_cipher_oid _pbes2_cipher_pbes2_cipher_oid _pbes2_kdf_pbes2_kdf_oid _pbes2_prf_pbes2_prf_oidceZdZdZy)KeyEncryptionErrorzKey encryption error This exception is raised by key decryption functions when the data provided is not a valid encrypted private key. N)__name__ __module__ __qualname____doc__,lib/python3.12/site-packages/asyncssh/pbe.pyr r Vsr&r cHeZdZdZdedededefdZdedefd Zdedefd Z y ) ra9RFC 1423 padding functions This class implements RFC 1423 padding for encryption and decryption of data by block ciphers. On encryption, the data is padded by between 1 and the cipher's block size number of bytes, with the padding value being equal to the length of the padding. cipher_name block_sizekeyivc6t||||_||_y)N)r_cipher _block_size)selfr)r*r+r,s r'__init__z_RFC1423Pad.__init__is";R8 %r&datareturnc|jt||jzz }||t|fzz }|jj |S)zPad data before encrypting it)r/lenbytesr.encryptr0r2pads r'r7z_RFC1423Pad.encryptnsM#d)d.>.>">? eSFm##||##D))r&c|jj|}|rC|d}d|cxkr|jkr)n t d|| d|t|fzk(r|d| St d)z,Remove padding from data after decrypting itr NzUnable to decrypt key)r.decryptr/r6r r8s r'r<z_RFC1423Pad.decryptus|||##D) r(CS,D,,,!!899#K3v#66EcT{" !899r&N) r!r"r#r$strintr6r1r7r<r%r&r'rr_sP&C&S&&!&& *E*e* :E :e :r&hash_alg passphrasesaltcountkey_sizer3c t|tr|jd}||z}t|D]}||j }t ||kr!|t |||z|||t |z zS|d|S)aPKCS#5 v1.5 key derivation function for password-based encryption This function implements the PKCS#5 v1.5 algorithm for deriving an encryption key from a passphrase and salt. The standard PBKDF1 function cannot generate more key bytes than the hash digest size, but 3DES uses a modified form of it which calls PBKDF1 recursively on the result to generate more key data. Support for this is implemented here. utf-8N) isinstancer=encoderangedigestr5_pbkdf1)r?r@rArBrCr+_s r'rJrJs*c"&&w/ t C 5\sm""$ 3x8WXsZ'7u%C022 29H~r&idxcdtdtdtfd}|j}|t|fz}t|tr|j d}t |||||dz|z} d} t| |kr|| z} t|D]} || j} tj|| |d} td t| |D]E} tj| | | |zd| zd zd |d zzz}|j|d| | | |zG| | z } t| |kr| d |S) zPKCS#12 key derivation function for password-based encryption This function implements the PKCS#12 algorithm for deriving an encryption key from a passphrase and salt. r2vr3cVt|}||zdz |z|z}||zdz |z|zd|S)z9Make a block a multiple of v bytes long by repeating datar N)r5)r2rNlsizes r' _make_blockz_pbkdf_p12.._make_blocksC IQq A%(Q,1$,et44r&zutf-16besr&bigrr N) r6r>r*rFr=rG bytearrayr5rHrI from_bytesto_bytes)r?r@rArBrCrLrRrNDIr+AiBxs r' _pbkdf_p12r^sS5%5C5E5  A E3&MA*c"&&z2 +dA&Z'5I1)MMNA C c(X  EuA ""$A NN;q!,e 4q#a&!$A!AaC%014q8Q!A#XFAzz!U+Aa!H% q c(X  y>r&paramsr)ct|tr4t|dk7s&t|dtrt|dts t d|\}}t |\}}}t||||||z} | d|| |d} } t||| | S)aDPKCS#5 v1.5 cipher selection function for password-based encryption This function implements the PKCS#5 v1.5 algorithm for password-based encryption. It returns a cipher object which can be used to encrypt or decrypt data based on the specified encryption parameters, passphrase, and salt. rr z#Invalid PBES1 encryption parametersN) rFtupler5r6r>r rrJr) r_r@r?r)rArBrCiv_sizer*r+r,s r'_pbes1rds vu %V)96!9e,6!9c* !FGGKD%$5k$B!Hgz (JeX5G HC)8nc()nC {JR 88r&cjt|trAt|dk7s3t|dtr |drt|dtr|ddk(r t d|\}}t |\}}}t|||||d} |dk(rt|| d} | St|||||d} t||| | } | S)a<PKCS#12 cipher selection function for password-based encryption This function implements the PKCS#12 algorithm for password-based encryption. It returns a cipher object which can be used to encrypt or decrypt data based on the specified encryption parameters, passphrase, and salt. rarr z+Invalid PBES1 PKCS#12 encryption parametersr&) rFrbr5r6r>r rr^rr) r_r@r?r)rArBrCrcr*r+cipherr,s r'_pbe_p12rgs vu %V)96!9e,F1I6!9c*fQi1n !NOOKD%$5k$B!Hgz Xz4! DCQ%k3< M*dE7A F[*c2> Mr& enc_paramsr+ct|\}}}t|dk7st|dts t dt|d|k7r t dt ||||dS)zPKCS#5 v2.0 handler for PBES2 ciphers with an IV as a parameter This function returns the appropriate cipher object to use for PBES2 encryption for ciphers that have only an IV as an encryption parameter. r r#Invalid PBES2 encryption parametersz&Invalid length IV for PBES2 encryption)rr5rFr6r r)rhr)r+rKrcr*s r' _pbes2_ivrksl/{;Aw  :!:jmU#C !FGG :a=W$ !IJJ {JZ] CCr& kdf_paramsdefault_key_sizect|dk7s$t|dtrt|ddkr tdt |d}t|dt rt|dt s td|jd}|jd}|r%t|dt r|jd}n|}|rjt|dtrLt|ddk(r;t|ddtr%|dd}|tvr t|}ntdtdd}t|tr|jd}t|||||S) zPKCS#5 v2.0 handler for PBKDF2 key derivation This function parses the PBKDF2 arguments from a PKCS#8 encrypted key and returns the encryption key to use for encryption. r rraz'Invalid PBES2 key derivation parametersz$Unknown PBES2 pseudo-random functionz/Invalid PBES2 pseudo-random function parametersrrE) r5rFrbr listr6r>popr rr=rGr)rlr@rmrArBrCprf_alg hash_names r' _pbes2_pbkdf2rss^ J1Jz!}e$D  1  " !JKKjm$J z!}e ,:a=#. !JKK >>! D NN1 EjA4>>!$# z!}e ,Z]1Cq1H:a=+-=> mA&G*$&w/ (*455%&23 3 *c"&&w/ y*dE8 DDr&c$t|trVt|dk7sHt|dtr5t|ddks$t|dtrt|ddkr tdt |d}|j d}|t vr tdt |d}|j d}|tvr tdt |\}}t|\}} t| \} } } |||| g|} ||| | S)a=PKCS#5 v2.0 cipher selection function for password-based encryption This function implements the PKCS#5 v2.0 algorithm for password-based encryption. It returns a cipher object which can be used to encrypt or decrypt data based on the specified encryption parameters and passphrase. rarr rjz%Unknown PBES2 key derivation functionz"Unknown PBES2 encryption algorithm) rFrbr5r rorprrr) r_r@rlkdf_algrhenc_alg kdf_handlerkdf_args enc_handlerr)rmrKr+s r'_pbes2rzBs vu %V)96!9e,F1I0B6!9e,F1I0B !FGGfQiJnnQGj  !HIIfQiJnnQGm# !EFF&w/K,W5K.{;a j*.> J JC z; 44r&pkcs1_cipher_namepkcs1_dek_namec(|t|<|t|<y)z8Register a cipher used for PKCS#1 private key encryptionN)rr)r{r|r)s r'register_pkcs1_cipherr~es%0M.!)7O%&r&pkcs8_cipher_namerrpkcs8_cipher_oidhandlerc2|||ft|<|t||f<y)z8Register a cipher used for PKCS#8 private key encryptionN)rr)rrrrrr?r)s r'register_pkcs8_cipherrms' )0;'GN#$6F'23r&pbes2_cipher_namepbes2_cipher_oidc,||ft|<|t|<y)z%Register a PBES2 encryption algorithmN)rr)rrrr)s r'register_pbes2_cipherrws (/ &r6>>$#777 !FGGr&r,c|tvrMt|}t|\}}}tt||ddd|}t ||||} | j |St d)zDecrypt PKCS#1 key data This function decrypts PKCS#1 key data using the specified algorithm, initialization vector, and passphrase. The algorithm name and IV should be taken from the PEM DEK-Info header. NrTr r)rrrJrrr<r ) r2r|r,r@r)rCrKr*r+rfs r' pkcs1_decryptrsj&#N3 "3K"@!Zc:r"1vq(;[*c2>~~d## !FGGr&versionc`|dk(rG||ftvr=t||f}t|\}}}|} tjddf} || |||} n|dk(r|tvrt|} t | \} }t |\} }} tjddg}tj|}| |f}|dk7r.|tvr|jt|dfn tdt} tt|f|f} t| |} n tdt| | f| j|fS) aEncrypt PKCS#8 key data This function encrypts PKCS#8 key data using the specified cipher, hash, encryption version, and passphrase. Available ciphers include: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, des-cbc, des2-cbc, des3-cbc, rc4-40, and rc4-128 Available hashes include: md5, sha1, sha256, sha384, sha512 Available versions include 1 for PBES1 and 2 for PBES2. Only some combinations of cipher, hash, and version are supported. r rTirarNzUnknown PBES2 hash function#Unknown PKCS#8 encryption algorithm)rrrrrrrrappendr _ES2 _ES2_PBKDF2rbrzr r7)r2rrrrr@rrr?r)algr_rfrrKrcrlr,rhs r' pkcs8_encryptrsJ,!|*I6:KK,-> -IJ)78H)I&;**Q-.X{C A+/@@,->?&'78;)+6 7AjjmT* ZZ &+  N*!!>)#_PBES2KDFHandler _PBES2KDF _ES1_MD5_DES _ES1_SHA1_DESr _P12_RC4_128 _P12_RC4_40 _P12_DES3 _P12_DES2 _ES2_CAST128 _ES2_DES3_ES2_BF_ES2_DES _ES2_AES128 _ES2_AES192 _ES2_AES256r _ES2_SHA1 _ES2_SHA224 _ES2_SHA256 _ES2_SHA384 _ES2_SHA512r__annotations__rrrrrrrrr ValueErrorr rrJr^rdrgrkrsrzr~rrrrrrrr_pkcs1_cipher_list_pkcs8_cipher_list_pbes2_cipher_list_pbes2_kdf_list_pbes2_prf_list_pkcs1_cipher_args_pkcs8_cipher_args_pbes2_cipher_args_pbes2_kdf_args_pbes2_prf_argsr%r&r'rs*9 99KK??&  ]* + HcBGKL((C78 #u5w>?(#-. Xz37>? "E&#+$66 7 ##9: "#:; "#:;"#<= "#<= "#<= "#<= "#;< "#78 "#9:">2"#;< "#<= "#<= "#:; "#78 "#78 "#78 "#89 "#89 "$ tE3J$$&c5j!&79%|349=?4c3h)99:?68 t$l238134--.302 D!9, -2.0S**+0*, D!3& ',.0S**+0!:!:HhJe"%*/8%%z%%%%(%/2%7<%P969z9X99 '92Vx")<D(DD5DWD(-Eh-EJ-E$'-E,1-E` 56 5z 5g 5F8S8%8'*8/38GSGSG,<G#6GBJG(+G04G\9}=X9y9Y9z:{M*  y { { { { --.---.---.-'O(''O('r&