mg, dZddlmZmZmZmZddlmZmZm Z m Z ddl m Z m Z ddlmZddlmZmZmZddlmZmZmZdd lmZmZdd lmZd d d dd dd d d d ZeeeeeeeeefZeeeeeeeeeef ZeeefZ da!deddfdZ"GddeZ#ede#de#jHD]Z%ede%e%dze#ede#jLD] Z%ee%d y)z!RSA public key encryption handler)OptionalTupleUnioncast)ASN1DecodeErrorObjectIdentifier der_encode der_decode) RSAPrivateKey RSAPublicKey)all_ints)MPIntString SSHPacket)SSHKeySSHOpenSSHCertificateV01KeyExportError)register_public_key_algregister_certificate_alg)register_x509_certificate_algsha1sha256sha512sha224sha384) ssh-rsa rsa-sha2-256 rsa-sha2-512ssh-rsa-sha224@ssh.comssh-rsa-sha256@ssh.comssh-rsa-sha384@ssh.comssh-rsa-sha512@ssh.coms rsa1024-sha1rsa2048-sha256Fskip_validationreturnNc|ay)a\Set whether to disable RSA key validation in OpenSSL OpenSSL 3.x does additional validation when loading RSA keys as an added security measure. However, the result is that loading a key can take significantly longer than it did before. If all your RSA keys are coming from a trusted source, you can call this function with a value of `True` to default to skipping these checks on RSA keys, reducing the cost back down to what it was in earlier releases. This can also be set on a case by case basis by using the new `unsafe_skip_rsa_key_validation` argument on the functions used to load keys. This will only affect loading keys of type RSA. .. note:: The extra cost only applies to loading existing keys, and not to generating new keys. Also, in cases where a key is used repeatedly, it can be loaded once into an `SSHKey` object and reused without having to pay the cost each time. So, this call should not be needed in most applications. If an application does need this, it is strongly recommended that the `unsafe_skip_rsa_key_validation` argument be used rather than using this function to change the default behavior for all load operations. N) _default_skip_rsa_key_validation)r%s ,lib/python3.12/site-packages/asyncssh/rsa.py#set_default_skip_rsa_key_validationr*5s B(7$c eZdZUdZeeefed<dZdZ dZ e dZ dZ dZed eDZd Zed eDZeee zZd ed efdZd efdZeddddededed dfdZeded efdZeded efdZeded e e!fdZ"eded e e#fdZ$ededed e e!fdZ%ededed e e#fd Z&ed!e'd e!fd"Z(ed!e'd e#fd#Z)d efd$Z*d efd%Z+d e,eeffd&Z-d e,eeffd'Z.d efd(Z/d efd)Z0d efd*Z1ded+ed efd,Z2ded+ed!e'd efd-Z3deded e efd.Z4deded e efd/Z5y0)1RSAKeyz%Handler for RSA public key encryption_keyrrsRSAz1.2.840.113549.1.1.1)rrr r!r"r#r)rrrc#&K|] }|dz yw)-cert-v01@openssh.comN.0algs r) zRSAKey.gs<': "::':)r$rc#&K|] }d|z yw)sx509v3-Nr1r2s r)r5zRSAKey.jsL8KJ,8Kr6otherr&cDt|tstS|jj|jjk(xr\|jj |jj k(xr-|jj |jj k(SN) isinstancer-NotImplementedr.ned)selfr8s r)__eq__z RSAKey.__eq__msk%(! ! uzz||+, uzz||+, uzz||+ -r+ct|jj|jj|jj|jj |jj fSr:)hashr.r=r>r?pqr@s r)__hash__zRSAKey.__hash__xsGTYY[[$))++tyy{{YY[[$))++/0 0r+ii)key_sizeexponent algorithmrHrIc:|tj||S)zGenerate a new RSA private key)r generate)clsrJrHrIs r)rLzRSAKey.generate|s=))(H=>>r+ key_paramsc tt|\ }}}}}}}} } | t} |tj|||||||| | S)zConstruct an RSA private key)r_PrivateKeyConstructArgsr(r construct) rMrNr=r>r?rDrEdmp1dmq1iqmpunsafe_skip_rsa_key_validations r) make_privatezRSAKey.make_privatesf ): 6 H1aAtT4)G * 1-M *=**1aAq$d+IKL Lr+c`tt|\}}|tj||S)zConstruct an RSA public key)r_PublicKeyArgsr rQ)rMrNr=r>s r) make_publiczRSAKey.make_publics,NJ/1<))!Q/00r+key_datac|t|tr,t|r!t|dk\rt t |ddSy)z&Decode a PKCS#1 format RSA private key rN)r;tuplerlenr_PrivateKeyArgsrMrZs r)decode_pkcs1_privatezRSAKey.decode_pkcs1_privates7 x 'HX,>H "!A7 7r+cvt|tr)t|rt|dk(rt t |Sy)z%Decode a PKCS#1 format RSA public keyN)r;r]rr^rrXr`s r)decode_pkcs1_publiczRSAKey.decode_pkcs1_publics1 x 'HX,>H "1 1r+ alg_paramsdatac`|y t|}|j|S#t$rYywxYw)z&Decode a PKCS#8 format RSA private keyN)r rrarMrerfrZs r)decode_pkcs8_privatezRSAKey.decode_pkcs8_privatesC  ! !$'H''11   ! --c`|y t|}|j|S#t$rYywxYw)z%Decode a PKCS#8 format RSA public keyN)r rrdrhs r)decode_pkcs8_publiczRSAKey.decode_pkcs8_publicsC  ! !$'H&&x00  rjpacketc |j}|j}|j}|j}|j}|j}|||||||dz z||dz z|fS)z$Decode an SSH format RSA private keyr get_mpint)rMrmr=r>r?rTrDrEs r)decode_ssh_privatezRSAKey.decode_ssh_privates            !        !Q1a1Q3iacD88r+cJ|j}|j}||fS)z#Decode an SSH format RSA public keyro)rMrmr>r=s r)decode_ssh_publiczRSAKey.decode_ssh_publics)        !t r+c |jjs tdd|jj|jj|jj|jj |jj |jj|jj|jjf S)z&Encode a PKCS#1 format RSA private keyKey is not privater) r.r?rr=r>rDrErRrSrTrFs r)encode_pkcs1_privatezRSAKey.encode_pkcs1_privates{yy{{ !56 6499;; TYY[[$))++ TYY^^TYY^^TYY^^M Mr+cZ|jj|jjfS)z%Encode a PKCS#1 format RSA public key)r.r=r>rFs r)encode_pkcs1_publiczRSAKey.encode_pkcs1_publicsyy{{DIIKK''r+c8dt|jfS)z&Encode a PKCS#8 format RSA private keyN)r rvrFs r)encode_pkcs8_privatezRSAKey.encode_pkcs8_privatesZ 9 9 ;<<rFs r)encode_ssh_privatezRSAKey.encode_ssh_privatesyy{{ !56 6yy~~)))yy{{&&&yy{{&&&xxtyy{{+U499;;-?tyy{{+U499>>-Btyy{{+U499;;-?AB Br+cdjt|jjt|jjfS)z#Encode an SSH format RSA public keyr+)r~rr.r>r=rFs r)encode_ssh_publiczRSAKey.encode_ssh_public s2xxtyy{{+U499;;-?@AAr+c|jjs td|jjJ|jjJ|jj Jdj t|jjt|jjt|jjt|jj fS)z1Encode RSA certificate private key data for agentrur+)r.r?rrTrDrEr~rrFs r)encode_agent_cert_privatez RSAKey.encode_agent_cert_privatesyy{{ !56 6yy~~)))yy{{&&&yy{{&&&xxtyy{{+U499>>-Btyy{{+U499;;-?AB Br+ sig_algorithmc|jjs tdt|jj |t |S)z6Compute an SSH-encoded signature of the specified datazPrivate key needed for signing)r.r? ValueErrorrsign _hash_algs)r@rfrs r)sign_sshzRSAKey.sign_sshs:yy{{=> >diinnT:m+DEFFr+c|j}|j|jj||t|S)z5Verify an SSH-encoded signature of the specified data) get_string check_endr.verifyr)r@rfrrmsigs r) verify_sshzRSAKey.verify_ssh$s<!yyc:m+DEEr+chtt|j}|j|t|S)z%Encrypt a block of data with this key)rr r.encryptr)r@rfrJpub_keys r)rzRSAKey.encrypt-s*|TYY/tZ %:;;r+chtt|j}|j|t|S)z%Decrypt a block of data with this key)rr r.decryptr)r@rfrJpriv_keys r)rzRSAKey.decrypt3s, tyy1j&;<AB -F -t -0#0!%u???14?AI?? Lf L L L1V111F _ %6 ^ $ 2f 2#( 2-5o-F 2 2 1V 1"' 1,4^,D 1 1 9 9o 9 9y^MfM(V( =eFFN&;= %:< BE BB5B B5 BGUG5GUGFuFUF$F)-Frs*(//KK/,,HHI5*0)1)1)1)1)1)1)/)13 S#sCc3>? c3S#sC!MNsCx$) !7!7$!7H^=V^=B FD1  & &DQd-E&E#%=tE '  " "D!$- #r+