a,dZddlmZmZddlmZddlmZmZddl m Z ddl m Z m Z ddlmZddlmZdd lmZdd lmZdd lmZGd d eZGddeZGddeZy)z ECDSA keys )InvalidSignatureUnsupportedAlgorithm)default_backend)hashes serialization)ec)decode_dss_signatureencode_dss_signature) four_byte)Message)PKey) SSHException) deflate_longceZdZdZdZy) _ECDSACurvez Represents a specific ECDSA Curve (nistp256, nistp384, etc). Handles the generation of the key format identifier and the selection of the proper hash function. Also grabs the proper curve from the 'ecdsa' package. cD||_|j|_d|jz|_|jdkrtj |_||_ y|jdkrtj|_||_ ytj|_||_ y)N ecdsa-sha2-i) nist_namekey_size key_lengthkey_format_identifierrSHA256 hash_objectSHA384SHA512 curve_class)selfrrs 1lib/python3.12/site-packages/paramiko/ecdsakey.py__init__z_ECDSACurve.__init__0s"%..&3T^^%C" ??c !%}}D  ' __ #%}}D ' &}}D &N)__name__ __module__ __qualname____doc__r r!rrr's 'r!rc.eZdZdZdZdZdZdZdZy)_ECDSACurveSetz A collection to hold the ECDSA curves. Allows querying by oid and by key format identifier. The two ways in which ECDSAKey needs to be able to look up curves. c||_yN) ecdsa_curves)rr+s rr z_ECDSACurveSet.__init__Is (r!cT|jDcgc]}|jc}Scc}wr*r+r)rcurves rget_key_format_identifier_listz-_ECDSACurveSet.get_key_format_identifier_listLs"9=9J9JK++KKKs%cL|jD]}|j|k(s|cSyr*)r+r)rrr.s rget_by_curve_classz!_ECDSACurveSet.get_by_curve_classOs*&& E  K/  r!cL|jD]}|j|k(s|cSyr*r-)rrr.s rget_by_key_format_identifierz+_ECDSACurveSet.get_by_key_format_identifierTs+&& E**.CC  r!cL|jD]}|j|k(s|cSyr*)r+r)rrr.s rget_by_key_lengthz _ECDSACurveSet.get_by_key_lengthYs*&& E:-  r!N) r"r#r$r%r r/r1r3r5r&r!rr(r(Bs! )L  r!r(cPeZdZdZeeejdeejdeejdgZ ddZ e dZ dZd Zed Zd Zd Zd ZdZdZddZddZe ejddfdZdZdZdZdZdZy)ECDSAKeyz\ Representation of an ECDSA key which can be used to sign and verify SSH2 data. nistp256nistp384nistp521Ncd|_d|_d|_||j||y||j ||y| | t |}|P|\|_|_|jj j}|jj||_ y|j} d} | j| r| dt|  } |jj| |_ |jj} | D cgc]} dj!| } } |j#|| | |j}||jj$k7rt'dj!||j)} t*j,j/|jj1|}||_ycc} w#t2$r t'dwxYw)Nz-cert-v01@openssh.comz{}-cert-v01@openssh.com)msgkey_type cert_typezCan't handle curve of type {}zInvalid public key) verifying_key signing_key public_blob_from_private_key_from_private_key_filer r. __class__ _ECDSA_CURVESr1 ecdsa_curveget_textendswithlenr3r/format_check_type_and_load_certrr get_binaryrEllipticCurvePublicKeyfrom_encoded_pointr ValueError)rr<datafilenamepasswordvalsfile_objvalidate_pointc_classr=suffix key_typesx cert_types curvename pointinfokeys rr zECDSAKey.__init__ms"    " "8X 6     ' '( ;  Kd.$-C  37 0D d0&&,,66G#11DDWMD ||~H -F  (#Ns6{l3#11NN D **IIKI=F89)003J  * *)z +  ID,,666"3::9E(I 9//BB$$002I&)"#$ 9"#788 9sG?GG-c6|jjSr*)rEr/)clss r supported_key_format_identifiersz)ECDSAKey.supported_key_format_identifierss  ??AAr!c |j}t}|j|jj|j|jj |j }|jjdzdz}t|jd}d|t|z z|z}t|jd}d|t|z z|z}t|z|z}|j||jS)NF)add_sign_padding)r?r add_stringrFrrpublic_numbersr.rrrYrIyr asbytes)rr]mnumberskey_size_bytesx_bytesy_bytes point_strs rrizECDSAKey.asbytess   I T%%;;< T%%//0$$&)),,q0Q6wyy5A^c'l:;gEwyy5A^c'l:;gE''1  Yyy{r!c"|jSr*)rirs r__str__zECDSAKey.__str__s||~r!c|j|jjj|jjjfSr*)get_namer?rgrYrhrqs r_fieldszECDSAKey._fieldssG MMO    - - / 1 1    - - / 1 1  r!c.|jjSr*)rFrrqs rrtzECDSAKey.get_names555r!c.|jjSr*)rFrrqs rget_bitszECDSAKey.get_bitss***r!c|jduSr*)r@rqs rcan_signzECDSAKey.can_signst++r!cTtj|jj}|jj ||}t |\}}t}|j|jj|j|j|||Sr*) rECDSArFrr@signr r rfr _sigencode)rrPecdsasigrsrjs r sign_ssh_datazECDSAKey.sign_ssh_datas))5578##D%0#C(1 I T%%;;< T__Q*+r!cd|j|jjk7ry|j}|j |\}}t ||} |j j||tj|jjy#t$rYywxYw)NFT) rGrFrrL _sigdecoder r?verifyrr|rr)rrPr<rsigRsigS signatures rverify_ssh_sigzECDSAKey.verify_ssh_sigs <<>T--CC Cnn__S) d(t4      % %4$*:*:*F*F*H!I     sAB## B/.B/cr|j||jtjj|yN)rR)_write_private_key_filer@r PrivateFormatTraditionalOpenSSL)rrQrRs rwrite_private_key_filezECDSAKey.write_private_key_files3 $$      ' ' : : % r!cr|j||jtjj|yr)_write_private_keyr@rrr)rrTrRs rwrite_private_keyzECDSAKey.write_private_keys3       ' ' : :  r!c |G|jj|}|tdj||j }t j |t}t||jfS)a Generate a new private ECDSA key. This factory function can be used to generate a new host key or authentication key. :param progress_func: Not used for this type of key. :returns: A new private key (`.ECDSAKey`) object zUnsupported key length: {:d})backend)rS) rEr5rOrJrrgenerate_private_keyrr7 public_key)r_r. progress_funcbits private_keys rgeneratezECDSAKey.generatesx  %%77=E} !?!F!Ft!LMM%%'E--e_=NO k;+A+A+CDEEr!cL|jd||}|j|yNEC)_read_private_key_file _decode_key)rrQrRrPs rrCzECDSAKey._from_private_key_files$**48D r!cL|jd||}|j|yr)_read_private_keyr)rrTrRrPs rrBzECDSAKey._from_private_keys$%%dHh? r!c6|\}}||jk(r" tj|dt}n||jk(r t|}|j}|j}|j}d|z} |jj!| } | s tdt#j$|| j't}n|j+||_|j/|_|j2j4} |jj7| |_y#tt t tf$r}tt|d}~wwxYw#t($r}tt|d}~wwxYw)N)rRrrzInvalid key curve identifier)_PRIVATE_KEY_FORMAT_ORIGINALrload_der_private_keyrrOAssertionError TypeErrorrrstr_PRIVATE_KEY_FORMAT_OPENSSHr rGrL get_mpintrEr3rderive_private_keyr Exception_got_bad_key_format_idr@rr?r.rDr1rF) rrPpkformatr]er< curve_nameverkeysigkeynamer.rs rrzECDSAKey._decode_keysl$ t88 8 +#8841B99 9 +dm \\^ )$z1**GGM&'EFF++E--/1B  ' ' 1 ^^-ii)) --@@M;$  + #3q6**  +( +#3q6** +s0 EBE6E3E..E36 F?FFczt}|j||j||jSr*)r add_mpintri)rrrr<s rr~zECDSAKey._sigencodeCs-i a a{{}r!c`t|}|j}|j}||fSr*)r r)rrr<rrs rrzECDSAKey._sigdecodeIs*cl MMO MMO!t r!)NNNNNNTr*)r"r#r$r%r(rr SECP256R1 SECP384R1 SECP521R1rEr classmethodr`rirrpropertyrurtrxrzrrrrrrCrBrr~rr&r!rr7r7_s #  j 1  j 1  j 1 M   ;9zBB(  6+,   (BLLN$TFF&%NN r!r7N)r%cryptography.exceptionsrrcryptography.hazmat.backendsrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricr/cryptography.hazmat.primitives.asymmetric.utilsr r paramiko.commonr paramiko.messager paramiko.pkeyr paramiko.ssh_exceptionr paramiko.utilrobjectrr(r7r&r!rrsU&K8@8 &$/&'&'6V:ntnr!