\d UdZddlZddlZddlZddlZddlZddlmZmZm Z ddl m Z m Z ddl mZmZddlZddlmZddlmZddlmZdd lmZmZdd lmZmZmZmZmZdd l m!Z!m"Z"m#Z#dd l$m%Z%m&Z&dd l'm(Z)m*Z+ddl,m-Z-ddl.m/Z/ddl0m1Z1m2Z2ddl3m4Z4ddl5m6Z6ddl7m8Z8m9Z9ddl:m;Z;mZ> ddl?m@Z@mAZAn#eB$r ddl?mCZ@mDZAYnwxYwejEejFejGdZHddddZIeeejJeKd<eeejLeKd<eMrejJZJejLZLn ddlNmLZLmJZJn#eB$rdZJdZLYnwxYwGd d!eOZPGd"d#eOZQGd$d%eOZRGd&d'eOZSGd(d)e<ZTGd*d+eOZUd,ZVGd-d.ZWd1d0ZXdS)2z0 Handling of RSA, DSA, ECDSA, and Ed25519 keys. N) b64encode decodebytes encodebytes)md5sha256)OptionalType)utils)InvalidSignature)default_backend)hashes serialization)dsaeced25519paddingrsa)Cipher algorithmsmodes)load_pem_private_keyload_ssh_public_key)decoderencoder) PyAsn1Error)univ)commonsexpy) int_to_bytes) randbytes) iterbytes nativeString) NamedConstantNames)_mutuallyExclusiveArguments)decode_dss_signatureencode_dss_signature)decode_rfc6979_signatureencode_rfc6979_signature)secdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521snistp256snistp384snistp521)s secp256r1s secp384r1s secp521r1Ed25519PublicKeyEd25519PrivateKey)r+r*ceZdZdZdS) BadKeyErrorzj Raised when a key isn't what we expected from it. XXX: we really need to check for bad keys N__name__ __module__ __qualname____doc__6lib/python3.11/site-packages/twisted/conch/ssh/keys.pyr-r-Usr4r-ceZdZdZdS)BadSignatureAlgorithmErrorzi Raised when a public key signature algorithm name isn't defined for this public key format. Nr.r3r4r5r7r7]r4r7ceZdZdZdS)EncryptedKeyErrorzb Raised when an encrypted key is presented to fromString/fromFile without a password. Nr.r3r4r5r:r:dr8r4r:ceZdZdZdS)BadFingerPrintFormatzS Raises when unsupported fingerprint formats are presented to fingerprint. Nr.r3r4r5r<r<ksr4r<c:eZdZdZeZeZdS)FingerprintFormatsa Constants representing the supported formats of key fingerprints. @cvar MD5_HEX: Named constant representing fingerprint format generated using md5[RFC1321] algorithm in hexadecimal encoding. @type MD5_HEX: L{twisted.python.constants.NamedConstant} @cvar SHA256_BASE64: Named constant representing fingerprint format generated using sha256[RFC4634] algorithm in base64 encoding @type SHA256_BASE64: L{twisted.python.constants.NamedConstant} N)r/r0r1r2r#MD5_HEX SHA256_BASE64r3r4r5r>r>qs0  mooG!MOOMMMr4r>ceZdZdZdS)PassphraseNormalizationErrorz Raised when a passphrase contains Unicode characters that cannot be normalized using the available Unicode character database. Nr.r3r4r5rBrBr8r4rBct|trOtd|Drtt jd|dS|S)a Normalize a passphrase, which may be Unicode. If the passphrase is Unicode, this follows the requirements of U{NIST 800-63B, section 5.1.1.2} for Unicode characters in memorized secrets: it applies the Normalization Process for Stabilized Strings using NFKC normalization. The passphrase is then encoded using UTF-8. @type passphrase: L{bytes} or L{unicode} or L{None} @param passphrase: The passphrase to normalize. @return: The normalized passphrase, if any. @rtype: L{bytes} or L{None} @raises PassphraseNormalizationError: if the passphrase is Unicode and cannot be normalized using the available Unicode character database. c3FK|]}tj|dkVdS)CnN) unicodedatacategory).0cs r5 z'_normalizePassphrase..s2CC1{#A&&$.CCCCCCr4NFKCzUTF-8) isinstancestranyrBrF normalizeencode passphrases r5_normalizePassphraserSsl&*c""  CC CCC C C 1/00 0$VZ88??HHHr4cxeZdZdZed0dZed0dZedZedZedZ edZ ed Z ed Z ed Z ed Zed ZedZed1dZed2dZed2dZed2dZed2dZdZdedefdZdefdZdZdZejfdZ dZ!dZ"dZ#dZ$d Z%d!Z&d"Z'd#Z(e)d$d%gd$d&ggd1d'Z*d2d(Z+d0d)Z,d2d*Z-d3d+Z.d,Z/d-Z0d2d.Z1d/Z2dS)4Keyau An object representing a key. A key can be either a public or private key. A public key can verify a signature; a private key can create or verify a signature. To generate a string that can be stored on disk, use the toString method. If you have a private key, but want the string representation of the public key, use Key.public().toString(). Nct|d5}||||cdddS#1swxYwYdS)a Load a key from a file. @param filename: The path to load key data from. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. rbN)open fromStringread)clsfilenametyperRfs r5fromFilez Key.fromFiles$(D ! ! >Q>>!&&((D*== > > > > > > > > > > > > > > > > > >s)AA A ct|tr|d}t|}|||}|t d|t |d|d}|t d||jj dkr|rt d||S|||S)a Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key. @type data: L{bytes} @param data: The key data. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. utf-8Nzcannot guess the type of _fromString_zno _fromString method for zkey not encrypted) rLrMrPrS_guessStringTyper-getattrupper__code__ co_argcount)r[datar]rRmethods r5rYzKey.fromStrings. dC  (;;w''D)*55 <''--D <B$BBCC C;TZZ\\;;TBB >A4AABB B ? &! + + 7!"56666$<< 6$ ++ +r4c tj|\}}|dkrVtj|d\}}}|tj||t S|dkrntj|d\}}}} }|tj| tj |||t S|tvrM|tj t|tj|ddS|dkr,tj|\} }|| Std |) a Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:: string 'ssh-rsa' integer e integer n The format of a DSA public key blob is:: string 'ssh-dss' integer p integer q integer g integer y The format of ECDSA-SHA2-* public key blob is:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name. The format of an Ed25519 public key blob is:: string 'ssh-ed25519' string a @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown. ssh-rsarcssh-dsspqgyparameter_numbers ssh-ed25519unknown blob type: )rgetNSgetMPrRSAPublicNumbers public_keyr rDSAPublicNumbersDSAParameterNumbers _curveTablerEllipticCurvePublicKeyfrom_encoded_point_fromEd25519Componentsr-) r[blobkeyTyperestenrprqrrrtas r5_fromString_BLOBzKey._fromString_BLOBsD T**  j dA..JAq$3s+Aq11<<_=N=NOOPP P  " "%|D!44 Aq!Q3$3+BQ!q+Q+Q+Q*_..//   # #3)<<(&,tQ*?*?*B   & &l4((GAt--a00 0=G==>> >r4ctj|\}}|dkr7tj|d\}}}}}} }|||||| S|dkr6tj|d\}} } } } }|| | || | S|t vrt |} tj|d\}} }|t | jdkrtd |d |tj|\}}| | || S|d kr:tj|d\}}}|d d}| ||Std|)a6 Return a private key object corresponding to this private key blob. The blob formats are as follows: RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' string identifier string q integer privateValue identifier is the standard NIST curve name. Ed25519 keys:: string 'ssh-ed25519' string a string k || a @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * the key type (the first string) is unknown * the curve name of an ECDSA key does not match the key type rlrrdrprqrmrtrrrprqxrcasciizECDSA curve name z does not match key type ) encodedPointcurve privateValuerwN )krx) rryrz_fromRSAComponents_fromDSAComponentsr _secToNistnamerPr-_fromECEncodedPointr)r[rrrrrrurprqrrrtrr curveNamerrcombinedrs r5_fromString_PRIVATE_BLOBzKey._fromString_PRIVATE_BLOB's\ T**  j %+\$%:%: "Aq!Q1d))Aa1)BB B  " ""(,tQ"7"7 Aq!Q4))Aa1)BB B  # #(E!'dA!6!6 Iq$Juz'8'8'A'ABBB!k!*GG5"(d!3!3 L$**gL+  & &!' T1 5 5 Ax" A--a1-55 5=G==>> >r4c|dr%|t|tSt|d}||S)a Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:: @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the blob type is unknown. s ecdsa-sha2rv) startswithrr rsplitr)r[rirs r5_fromString_PUBLIC_OPENSSHzKey._fromString_PUBLIC_OPENSSHrsg ??= ) ) E3*41B1BCCDD D4::<<?++##D)))r4c |}td|dd}|dst d|t dd}tj|d\}}}}tj d|dd d } | dkrt d tj|d dd \} } } |d kro|std|dvr+tj } d} t|dddz}| }nt d||dkrWtj|\}}tj d|dd d }tj||||z|d}nt d|t | | zd krt dt#| |d|t%j||||zt)}|| |z}n|d krt d|d| }tj d|dd d }tj d|d dd }||krt d||fz||ddS)a* Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. The format of an openssh-key-v1 private key string is:: -----BEGIN OPENSSH PRIVATE KEY----- -----END OPENSSH PRIVATE KEY----- The SSH protocol string is as described in U{PROTOCOL.key}. @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the SSH protocol encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key r4rvopenssh-key-v1z"unknown OpenSSH private key formatN!LrnrzDonly OpenSSH private key files containing a single key are supportedrcnone0Passphrase must be provided for an encrypted key)s aes128-ctrs aes192-ctr aes256-ctrrunknown encryption type bcryptT)ignore_few_roundszunknown KDF type z bad paddingbackendzprivate key specifies KDF z but no cipherz#check values do not match: %d != %d)strip splitlinesrjoinrr-lenrrystructunpackr:rAESintbcryptkdfrrCTRr decryptorupdatefinalizer)r[rirRlineskeyListcipherr kdfOptionsrr_encPrivKeyListalgorithmClass blockSizekeySizeivSizesaltroundsdecKeyr privKeyListcheck1check2s r5_fromPrivateOpenSSH_v1zKey._fromPrivateOpenSSH_v1sI: ''))chhuQrT{3344!!"566 DBCC C#122445(. Wa(@(@%Z M$RaR ) )! , 66-  &|DHa88>1 W   'IFFF!+ fQqSk**a/"!"GV"G"GHHHi#\*55 dtT"1"X66q9f$&* ""=c"="=>>>N##i/A55!-000vhwh/00 &7V+;!;<=='))ikk  $**>::Y=O=O=Q=QQKKg~~!kGJssL)Kt[!_55a8t[1%566q9 V  CvvFVVWW W++KO<< PRIVATE KEY----- [Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,] ------END PRIVATE KEY------ The ASN.1 structure of a RSA key is:: (0, n, e, d, p, q) The ASN.1 structure of a DSA key is:: (0, p, q, g, y, x) The ASN.1 structure of a ECDSA key is:: (ECParameters, OID, NULL) @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key r rvProc-Type: 4,ENCRYPTEDrrc ,zinvalid DEK-info )s AES-128-CBCs AES-256-CBC-rrzAES encrypted key with a bad IVs DES-EDE3-CBCrzDES encrypted key with a bad IVrc3NK|]}t||dzdV dS)rcrNr)rHiivdatas r5rJz.Key._fromPrivateOpenSSH_PEM..#s:WW#fQQY/44WWWWWWr4Nr4rrrz(Failed to decode key (Bad Passphrase?): sECsRSArz!RSA key failed to decode properlyc34K|]}t|VdSNrrHvalues r5rJz.Key._fromPrivateOpenSSH_PEM..Cs(.W.Wes5zz.W.W.W.W.W.Wr4 rrrprqrdmp1dmq1iqmppublic_numberssDSAc34K|]}t|VdSrrrs r5rJz.Key._fromPrivateOpenSSH_PEM..Ps(EEESZZEEEEEEr4z!DSA key failed to decode properlyrorsrrunknown key type )(rrrr:rrstrip ValueErrorr-rrrr TripleDESbytes bytearrayrangerdigestrrrrCBCr rrrord berDecoderdecoderrrRSAPrivateNumbersr{ private_keyrDSAPrivateNumbersr}r~) r[rirRrkindr cipherIVInforrrivbabbrb64DatarkeyData removeLen decodedKey asn1Errorrrrrprqrrrrrrtrrs @r5_fromPrivateOpenSSH_PEMzKey._fromPrivateOpenSSH_PEMsLJ ''))Qx3 8  8 9 9, + 'I  D"'(..q"9"9V>VWWWWWBZ"RaR&())0022BR*_r"1"v-..5577B2gxx(F!#((52;"7"788Gv&& " ?P?Pikk  &&w//)2D2D2F2FFGGBCCL))Ik zk*GGhhuQrT{++G!'**G V#*733A6JJ V V VTTTUU U V 5==3+D*o>O>OPPQQ Q 6>>:!##'] :""!"EFFF.W.WzRSTURU.W.W.W +Aq!Q4t3%#!q#A#A#A+o//00   V^^EEZ!_EEEMAq!Q:""!"EFFF3%#s/FaST/U/U/U$$$ +o&7&7+88  8$8899 9s%&A B11#CL44 M>MMc|ddddkr|||S|||S)a Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error. @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key rrrsOPENSSH)rrrr)r[rirRs r5_fromString_PRIVATE_OPENSSHzKey._fromString_PRIVATE_OPENSSH^s_, ::<< " " $ $Q '3 /: = =--dJ?? ?..tZ@@ @r4c*tjt|dd}|ddksJi}|dddD]4\}}tjtj|d||<5|dddkr1||d|d|d |d  S|ddd kr#||d |dStd|dd)a Return a public key corresponding to this LSH public key string. The LSH public key string format is:: , ()+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown rvrr public-keyNdsaygpqrtrrrprqrsa-pkcs1-sha1nerrunknown lsh key type ) rparserrrzNSrrr-r[risexpkdrs r5_fromString_PUBLIC_LSHzKey._fromString_PUBLIC_LSH{s"{;tAbDz2233Aw-'''' q'!""+ 8 8JD$|FIdOO44Q7BtHH 71:  ))T(bh"T(bh* !WQZ, , ,))BtH4)AA ABd1gajBBCC Cr4c2tj|}|ddksJi}|dddD]4\}}tjtj|d||<5|dddkrbt |dksJt |||d|d|d |d |d  S|ddd krt |dksJt ||d |d kr|d |d c|d <|d <||d|d|d|d |d Std|dd)a+ Return a private key corresponding to this LSH private key string. The LSH private key string format is:: , (, )+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown r private-keyrvNr rr r r r xr rsa-pkcs1rrrdrr) rrrrzrrrrr-rs r5_fromString_PRIVATE_LSHzKey._fromString_PRIVATE_LSHs"{4  Aw.(((( q'!""+ 8 8JD$|FIdOO44Q7BtHH 71:  r77a<<<R<<<))T(bh"T(bh"T(* !WQZ< ' 'r77a<<<R<<<$x"T(""%'Xr$x"4"T())T(bh"T(bh"T(*  Bd1gajBBCC Cr4ctj|\}}|dkrtj|\}}tj|\}}tj|\}}tj|\}}tj|\}}||||||S|dkrtj|\}}tj|\} }tj|\} }tj|\} }tj|\}}tj|\}}|| || ||| St d|)a Return a private key object corresponsing to the Secure Shell Key Agent v3 format. The SSH Key Agent v3 format for a RSA key is:: string 'ssh-rsa' integer e integer d integer n integer u integer p integer q The SSH Key Agent v3 format for a DSA key is:: string 'ssh-dss' integer p integer q integer g integer y integer x @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown rmrrlrrrrprqrr)rryrzrrr-) r[rirrprqrrrtrrrrrs r5_fromString_AGENTV3zKey._fromString_AGENTV3sU< T**  j l4((GAtl4((GAtl4((GAtl4((GAtl4((GAt))Aa1)BB B  " "l4((GAtl4((GAtl4((GAtl4((GAtl4((GAtl4((GAt))Aa1Q)GG G;';;<< >  #L..MGTE 3  & T 2 2  3qyy yv  r4c vtj||}|"|t}nutj|||tj||tj||tj|||} | t}||S)a Build a key from RSA numerical components. @type n: L{int} @param n: The 'n' RSA variable. @type e: L{int} @param e: The 'e' RSA variable. @type d: L{int} or L{None} @param d: The 'd' RSA variable (optional for a public key). @type p: L{int} or L{None} @param p: The 'p' RSA variable (optional for a public key). @type q: L{int} or L{None} @param q: The 'q' RSA variable (optional for a public key). @type u: L{int} or L{None} @param u: The 'u' RSA variable. Ignored, as its value is determined by p and q. @rtype: L{Key} @return: An RSA key constructed from the values as given. rNr) rr{r|r r rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmpr) r[rrrrprqr publicNumbers keyObjectprivateNumberss r5rzKey._fromRSAComponentss6,qA666 9%001B1BCCII 2%a++%a++%a++,N'22?3D3DEEIs9~~r4c$tj|tj|||}|"|t }n7tj||}|t }||S)a Build a key from DSA numerical components. @type y: L{int} @param y: The 'y' DSA variable. @type p: L{int} @param p: The 'p' DSA variable. @type q: L{int} @param q: The 'q' DSA variable. @type g: L{int} @param g: The 'g' DSA variable. @type x: L{int} or L{None} @param x: The 'x' DSA variable (optional for a public key) @rtype: L{Key} @return: A DSA key constructed from the values as given. rorsNr)rr}r~r|r rr) r[rtrprqrrrr2r3r4s r5rzKey._fromDSAComponents?s.,3#:Q!q#I#I#I    9%001B1BCCII 2Q}UUUN&22?3D3DEEIs9~~r4ctj||t|}|"|t }n7tj||}|t }||S)a Build a key from EC components. @param x: The affine x component of the public point used for verifying. @type x: L{int} @param y: The affine y component of the public point used for verifying. @type y: L{int} @param curve: NIST name of elliptic curve. @type curve: L{bytes} @param privateValue: The private value. @type privateValue: L{int} rrtrN) private_valuer)rEllipticCurvePublicNumbersrr|r EllipticCurvePrivateNumbersr)r[rrtrrr2r3r4s r5_fromECComponentszKey._fromECComponentsbs$51K.     %001B1BCCII;*=N'22?3D3DEEIs9~~r4c|,tjt||}n-tj|t|t }||S)aa Build a key from an EC encoded point. @param encodedPoint: The public point encoded as in SEC 1 v2.0 section 2.3.3. @type encodedPoint: L{bytes} @param curve: NIST name of elliptic curve. @type curve: L{bytes} @param privateValue: The private value. @type privateValue: L{int} )rrrrderive_private_keyr )r[rrrr3s r5rzKey._fromECEncodedPointsd  1DDE"LII-k%0/2C2CIs9~~r4ctttd|tj|}ntj|}||S)aBuild a key from Ed25519 components. @param a: The Ed25519 public key, as defined in RFC 8032 section 5.1.5. @type a: L{bytes} @param k: The Ed25519 private key, as defined in RFC 8032 section 5.1.5. @type k: L{bytes} Nz)Ed25519 keys not supported on this system)r*r+r-from_public_bytesfrom_private_bytes)r[rrr3s r5rzKey._fromEd25519ComponentssT  #'8'@IJJ J 9(:1==II) < z Public Keyz Private Keyz (zattr :Ed25519rn02xr >)r]ririsPublicsorteditemsr"sizeappendrMPr!rrr) rCriroutrvrbymorIs r5__repr__z Key.__repr__so 99;;$  99;;D=''00D}} HFT"##YFFFGd233iGGGtzz||,, , ,1<<0$000CC++++++CC;  (!----MMOO4 E EEIIKKKK Etyy{{002233 + +1 \Q\\\***))++22QQ ! QRR8H+3B3ABCCBA&q\\113q66 0 0 0 001vv{{crcFLL***+b CE"I99U## #r4ct|jtjtjt jtj fS)zl Check if this instance is a public key. @return: C{True} if this is a public key. ) rLrBr RSAPublicKeyr DSAPublicKeyrrrr*rCs r5rWz Key.isPublics8  O  )(     r4cz|r|St|jS)z Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self. @rtype: L{Key} @return: A public key. )rWrUrBr|rfs r5publicz Key.publics5 ==?? 5Kt113344 4r4c |tjurMttt |S|tjurjtddtt|DStd|)aO The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include L{FingerprintFormats.MD5_HEX} and L{FingerprintFormats.SHA256_BASE64} The input to the algorithm is the public key data as specified by [RFC4253]. The output of sha256[RFC4634] algorithm is presented to the user in the form of base64 encoded sha256 hashes. Example: C{US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=} The output of the MD5[RFC1321](default) algorithm is presented to the user as a sequence of 16 octets printed as hexadecimal with lowercase letters and separated by colons. Example: C{c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87} @param format: Format for fingerprint generation. Consists hash function and representation format. Default is L{FingerprintFormats.MD5_HEX} @since: 8.2 @return: the user presentation of this L{Key}'s fingerprint, as a string. @rtype: L{str} :c6g|]}tj|Sr3)binasciihexlifyrHrs r5 z#Key.fingerprint..4s#WWWQX%a((WWWr4z Unsupported fingerprint format: ) r>r@r"rrrrr?rr!rr<)rCformats r5 fingerprintzKey.fingerprints: '5 5 5 &*=*=*D*D*F*F G GHH H )1 1 1 WW)C >!=??*^^!=??*!=??*t&,[]]*0-//*0-//%+[]]-3]__  c499;; .//  0r4c|jdS|dkr|jjjS|dkrdS|jjS)zv Return the size of the object we wrap. @return: The size of the key. @rtype: L{int} NrrKrQr)rBr]rkey_sizerfs r5rZzKey.sizesU ? "1 YY[[D ?(1 1 YY[[I % %3''r4c $t|jtjr(|j}|j|jdSt|jtjrb|j}|jj|jj|j |j |j tj |j |j dSt|jtjrC|j}|j|jj|jj |jj dSt|jtjr]|j}|j|jj|jjj|jjj |jjj dSt|jt(jr;|j}|j|j|dSt|jt(jrK|j}|jj|jj|j|dSt|jt2jr;d|jt8jjt8jjiSt|jt2j r|j!t8jjt8jj|j"t8jjt8j#jt9j$dStKd |j) z_ Return the values of the public key as a dictionary. @rtype: L{dict} rr!r)rrtrrrprqr7)rrtrrr)rrzUnexpected key type: )&rLrBrrdrrrruprivate_numbersrrprqr1rrertrurrrvrrrrzrwr8rr* public_bytesrEncodingRaw PublicFormatr+r| private_bytes PrivateFormat NoEncryptionrx)rCnumberss r5rizKey.datas+ dos'7 8 8D Jo4466GYY ): ; ;> Jo5577G+-+-YYY%gi;; )9 : :3 Jo4466GY.0.0.0   ): ; ;+ Jo5577GY+-+=?+=?+=?  )B C C" Jo4466GYY  )C D D Jo5577G+-+- ' 5   )A B B JT_11!*. 0J0N  )B C C J_//11>>!*. 0J0N_22!*.!/3!.00   HtHHII Ir4c|}|}|dkrJtjdtj|dztj|dzS|dkrtjdtj|dztj|dztj|d ztj|d zS|d kr|jjjd zd z}tj|dtj|dddztjdtj |d|ztj |d |zzS|dkr/tjdtj|dzStd|)a Return the public key blob for this key. The blob is the over-the-wire format for public keys. SECSH-TRANS RFC 4253 Section 6.6. RSA keys:: string 'ssh-rsa' integer e integer n DSA keys:: string 'ssh-dss' integer p integer q integer g integer y EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name Ed25519 keys:: string 'ssh-ed25519' string a @rtype: L{bytes} rsrlrrrtrmrprqrrrtrKrrNrrQrwrunknown key type: ) r]rirrr\rBrrr rr-)rCr]ri byteLengths r5rzKey.blobs@yy{{yy{{ 5==9Z((69T#Y+?+??&)DQTIBVBVV V U]] *%%)DI&&')DI&&')DI&&')DI&& ' T\\//81<BJ $w-(()DM"##.//0)(cJ??@(cJ??@ Y  9^,,vyc/C/CC C9499:: :r4c|}|}|dkrtj|d|d}t jdt j|dzt j|dzt j|dzt j|zt j|dzt j|dzS|dkrt jd t j|dzt j|dzt j|d zt j|d zt j|d zS|d kr|j tj j tj j}t j|dt j|dddzt j|zt j|dzS|dkrSt jdt j|dzt j|d|dzzStd|)a1 Return the private key blob for this key. The blob is the over-the-wire format for private keys: Specification in OpenSSH PROTOCOL.agent RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y integer privateValue identifier is the NIST standard curve name. Ed25519 keys:: string 'ssh-ed25519' string a string k || a rsrprqrlrrrrtrmrrrtrrKrrNrrQrwrrr)r]rirr1rrr\rBr|rrrX962rUncompressedPointr-)rCr]rirencPubs r5 privateBlobzKey.privateBlob'szRyy{{yy{{ 5==#DItCy99D *%%)DI&&')DI&&')DI&&')D// " )DI&& ' )DI&& ' U]] *%%)DI&&')DI&&')DI&&')DI&& ' )DI&& ' T\\_//11>>&+*<F  $w-(()DM"##.//0)F##$)D0112  Y   .)))DI&&')DIS 1223  9499:: :r4extracommentrRcr|5tjdtd|r|}n|}t |t r|d}t|}t|d| d}|td|||||S) a Create a string representation of this key. If the key is a private key and you want the representation of its public key, use C{key.public().toString()}. type maps to a _toString_* method. @param type: The type of string to emit. Currently supported values are C{'OPENSSH'}, C{'LSH'}, and C{'AGENTV3'}. @type type: L{str} @param extra: Any extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to encrypt with. (Deprecated since Twisted 20.3.0; use C{comment} or C{passphrase} as appropriate instead.) @type extra: L{bytes} or L{unicode} or L{None} @param subtype: A subtype of the requested C{type} to emit. Only supported for private OpenSSH keys, for which the currently supported subtypes are C{'PEM'} and C{'v1'}. If not given, an appropriate default is used. @type subtype: L{str} or L{None} @param comment: A comment to include with the key. Only supported for OpenSSH keys. Present since Twisted 20.3.0. @type comment: L{bytes} or L{unicode} or L{None} @param passphrase: A passphrase to encrypt the key with. Only supported for private OpenSSH keys. Present since Twisted 20.3.0. @type passphrase: L{bytes} or L{unicode} or L{None} @rtype: L{bytes} NzThe 'extra' argument to twisted.conch.ssh.keys.Key.toString was deprecated in Twisted 20.3.0; use 'comment' or 'passphrase' instead.r) stacklevelra _toString_r)subtyperrR) warningswarnDeprecationWarningrWrLrMrPrSrerfr-)rCr]rrrrRrjs r5toStringz Key.toStringzsZ   MI#     }} #" gs # # .nnW--G)*55 :DJJLL::DAA >9499:: :vgw:NNNNr4c|dkrU|sd}|jtjjtjjdz|zSt|  dd}|sd}| dz|zdz|zS)a Return a public OpenSSH key string. See _fromString_PUBLIC_OPENSSH for the string format. @type comment: L{bytes} or L{None} @param comment: A comment to include with the key, or L{None} to omit the comment. rKr4r ) r]rBrrrOpenSSHrrrrreplacerz)rCrrs r5_toPublicOpenSSHzKey._toPublicOpenSSHs 99;;$   ,,!*2M4N4V  egg  diikk**225#>> G %/$6@GGIIIr4c 0|r_tj}d}d}|jdz}d}|}tj|} d} t j| tjd| z} nd}d}d}d} tjd } | | z| zt j|pdz} d }t| |zr-|d z }| t|d zfz } t| |z-|rtj || ||zd}t||d |tj||||zt#}|| |z}n| }dt j|zt j|zt j| ztjdd zt j|zt j|z}t-|dddgfdt1d tdDzdgz}d|dzS)aP Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. See _fromPrivateOpenSSH_v1 for the string format. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase to encrypt the key with, or L{None} if it is not encrypted. rrrrdrrr4rnrrvNrrrs#-----BEGIN OPENSSH PRIVATE KEY-----c*g|]}||dzS@r3rHrrs r5roz,Key._toPrivateOpenSSH_v1..s&GGGqwq1r6z"GGGr4rs!-----END OPENSSH PRIVATE KEY-----)rr block_sizer secureRandomrrrpackrrrrrrrrr encryptorrrrrrrr)rCrrRr cipherNamekdfNamerrrrrrcheckrpadByteencKeyrrrrrs @r5_toPrivateOpenSSH_v1zKey._toPrivateOpenSSH_v1s   ^F&JG)Q.IGF)&11DF46;tV+D+DDJJ JGIJ&q))emd&6&6&8&8869W^PS;T;TT +* 4 qLG 5'D.!233 3K+* 4  )Z D'F2BCHHFvhwh'(( &7V+;!;<=='))ikk  '--k::Y=O=O=Q=QQNN(N i ## $i   !i ## $k$""  # i $$  % i''  ( d##++E377 3 4GGGGE!S\\2,F,FGGG H34 5  zz%  5((r4c |dkrd|stj}ntj|}|jtjjtjj |S|dkrtd| }d d| ddfg}|dkr[|d |d }}tj||}d |d |d |d|||d|dz z|d|dz z|f }n&d |d |d |d|d|df}t!j} t%t'j|D]-\} } | | t!j| .t/j | } |rt1jd} d dt5| D}| d}|d|d|zdzt9|| z}t9||z| z}||zdd}dt=| dzz }| t?|f|zz } tAtCj"|tGj$| tK&}|'| |(z} tS| *dd|fdtWd t=dDz }|d d| ddfd |S)a, Return a private OpenSSH key string, in the old PEM-based format. See _fromPrivateOpenSSH_PEM for the string format. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase to encrypt the key with, or L{None} if it is not encrypted. rKrQzBcannot serialize Ed25519 key to OpenSSH PEM format; use v1 insteadr4s -----BEGIN rs PRIVATE KEY-----rsrprqrrrrrvrrrtrrrSc0g|]}t|dS)02X)rrns r5roz-Key._toPrivateOpenSSH_PEM..Ls"DDDA__DDDr4rsDEK-Info: DES-EDE3-CBC,rNrrc*g|]}||dzSrr3rs r5roz-Key._toPrivateOpenSSH_PEM..]s&JJJ!'!a"f*%JJJr4rs -----END ),r]rrBestAvailableEncryptionrBrrPEMrTraditionalOpenSSLrrirrPrr1rSequencezip itertoolsr-setComponentByPositionInteger berEncoderr rr!r[rrrrrrrrrr rrrrrr)rCrRrrirrprqrobjData asn1Sequenceindexrasn1DatarhexivrrrpadLenrs @r5_toPrivateOpenSSH_PEMzKey._toPrivateOpenSSH_PEMs 99;;$   N)688 )A*MM ?00&*+>  YY[[I % %W yy{{ HH!3!3G!RS    99;;%  9d3iqA#Aq))DS S S S QU#S QU# GG$s)T#YS 49d3iPG}   1 17;; L LLE5  / /t|E7J7J K K K K$\22  I'**BGGDDimmDDDEEELL))E LL2 3 3 3 LL3e;eC D D DZ"_%%,,..BR*_r)**1133B2gss^F#h--!+,F vi((61 1H$V,,eimm_EVEVikk !''11I4F4F4H4HHHh''//s;; JJJJuQG b/I/IJJJJ HHlDIIKK$6$6w$?$?AUV W W   zz%   r4c$|r||S|dks|/|dkr|||S||dkr||St d|) ar Return a public or private OpenSSH string. See L{_fromString_PUBLIC_OPENSSH} and L{_fromPrivateOpenSSH_PEM} for the string formats. @param subtype: A subtype to emit. Only supported for private keys, for which the currently supported subtypes are C{'PEM'} and C{'v1'}. If not given, an appropriate default is used. @type subtype: L{str} or L{None} @param comment: Comment for a public key. @type comment: L{bytes} @param passphrase: Passphrase for a private key. @type passphrase: L{bytes} @rtype: L{bytes} )rv1NrQ)rrRrrQzunknown subtype )rWrr]rrr)rCrrrRs r5_toString_OPENSSHzKey._toString_OPENSSHcs& ==?? ;(((99 9 __TYY[[I5M5M,,W,TT T _5 0 0---DD D999:: :r4c ~|}|}|rK|dkr_tjdddt j|dddgdt j|d ddgggg}n|d krtjdd d t j|d ddgdt j|dddgdt j|dddgdt j|dddgggg}ntd|dt| ddzdzS|dkrO|d |d}}tj ||}tjdddt j|dddgdt j|d ddgdt j|dddgd t j|ddgdt j|ddgdt j|d|dz zddgdt j|d|dz zddgd t j|ddgg ggS|d krtjdd d t j|d ddgdt j|dddgdt j|dddgdt j|dddgd!t j|d"ddggggStd|d#)$z Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats. @rtype: L{bytes} rsrrrrrnNrrrtr r rpr rqr rrr rtrr'rr4}rrrrarvbcrr') rir]rWrrrr\r-rrrr1)rCkwargsrir]rrprqrs r5 _toString_LSHzKey._toString_LSHsyy{{yy{{ ==??G ?u}}** 1!%vyc';';ABB'? @!%vyc';';ABB'? @   ** &!%vyc';';ABB'? @!%vyc';';ABB'? @!%vyc';';ABB'? @!%vyc';';ABB'? @     "">>r4c |}|s|dkr-|d|d|d|d|d|df}n=|dkr%|d|d|d |d |d f}tj|d ttj|zSd S)z Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format. @rtype: L{bytes} rsrrrrrprqrtrrrtrr4N) rirWr]rrrzrmapr\)rCrrivaluess r5_toString_AGENTV3zKey._toString_AGENTV3syy{{}} Pyy{{e##IIIIII %%s)T#YS 49d3iP9T\\^^,,sxxFIv8N8N/O/OO O P Pr4c|}||}||}|td|d|d|dkrC|j|t j|}tj |}n|dkrb|j||}t|\}}tj t|dt|dz}nZ|dkr!|j|tj |} t| \}}t|} t|} t| d turt| d } n| d } | d zrd | z} t| d turt| d } n| d } | d zrd | z} tj tj | tj | z}n2|d kr,tj |j|}tj ||zS) a Sign some data with this key. SECSH-TRANS RFC 4253 Section 6.6. @type data: L{bytes} @param data: The data to sign. @type signatureType: L{bytes} @param signatureType: The SSH public key algorithm name to sign this data with, or L{None} to use a reasonable default for the key. @rtype: L{bytes} @return: A signature for the given data. Nzpublic key signature algorithm z is not defined for z keysrsrtrKrrQ)r]rzrr7rBsignrPKCS1v15rrr&rrECDSArMr)rCrirr hashAlgorithmsigretrs signaturerWsbrcompscomps r5rzKey.signsS ))++  !LLNNM..}==  ,.-..&...  e  /&&tW-=-?-?OOC)C..CC   /&&t];;C)#..FQ )LB//,q"2E2EEFFCC __,,T28M3J3JKKI))44FQaBaBBqE{{c!!BqE 1t| "r\BqE{{c!!BqE 1t| "r\)FIbMMFIbMM9::CC  ! !)DO006677Cy''#--r4clt|dkrdtj|}}ntj|\}}||}|dS|}|dkr`|j}|s|}tj|d|tj |f}n|dkrtj|d}t |ddd } t |ddd } t| | }|j}|s|}|||f}n|d krtj|d}tj|d \} } } t | d } t | d } t| | }|j}|s|}||tj|f}nQ|d krK|j}|s|}tj|d|f} |j|d S#t"$rYdSwxYw)a Verify a signature using this key. @type signature: L{bytes} @param signature: The signature to verify. @type data: L{bytes} @param data: The signed data. @rtype: L{bool} @return: C{True} if the signature is valid. (rmNFrsrrtrbigrKrcrQT)rrrryrr]rBrWr|rrr from_bytesr'rrverifyr )rCrrirrrrargsconcatenatedSignaturerrrstrsstrrs r5rz Key.verify4s y>>R  '169Y3G3G9MM'-|I'>'> $M9..}==  5))++ e  A==?? #LLNN Y''* "" DD   $*L$;$;A$> !4SbS95AAA4RSS95AAA,Q22IA==?? #LLNNt]3DD __$*L$;$;A$> !%|,A1EE D$tU++AtU++A,Q22IA==?? #LLNNtRXm%<%<=DD  ! !A==?? #LLNNL++A.5D  AHdOO4    55 s J%% J32J3)NN)NNNNr)NNN)3r/r0r1r2 classmethodr_rYrrrrrrrrr"rdrrr;rrrDobjectboolrIrMrbrWrhr>r?rqr]rzr~rrZrirrr%rrrrrrrrrr3r4r5rUrUs0>>>[>(%,%,%,[%,N6?6?[6?pH?H?[H?T**[*(V=V=[V=p{:{:[{:zAA[A8DD[D>#D#D[#DJ.=.=[.=`[>***[*X   [ D[>[6[,$$$"F"t""""*$#*$*$*$*$X   5 5 5"4!;&T&T&T&TPOOO.0 $ $ $0006 ( ( (JJJJJJX:;:;:;xQ;Q;Q;f! i l #  :O:O:O  :OxJJJJ4<)<)<)<)|M!M!M!M!^;;;;:P?P?P?dPPP,J.J.J.J.XDDDDDr4rUc^|d|stjd|t }|tjj tj j tj }| ||d5}tj|dt }t#|cdddS#1swxYwYdS) a This function returns a persistent L{Key}. The key is loaded from a PEM file in C{location}. If it does not exist, a key with the key size of C{keySize} is generated and saved. @param location: Where the key is stored. @type location: L{twisted.python.filepath.FilePath} @param keySize: The size of the key, if it needs to be generated. @type keySize: L{int} @returns: A persistent key. @rtype: L{Key} T)ignoreExistingDirectoryi)public_exponentrr)encodingrpencryption_algorithmrWN)passwordr)parentmakedirsexistsrgenerate_private_keyr rrrrrrr setContentrXrrZrU)locationr privateKeypemkeyFiles r5_getPersistentRSAKeyr{sY  OOt<<< ??   !-!G_=N=N   &&"+/ .A!.!;!=!='   C   t  "7 LLNNT?3D3D   : sAD""D&)D&)r)Yr2rlrrrFrbase64rrrhashlibrrtypingrr r cryptographyr cryptography.exceptionsr cryptography.hazmat.backendsr cryptography.hazmat.primitivesr r)cryptography.hazmat.primitives.asymmetricrrrrr&cryptography.hazmat.primitives.ciphersrrr,cryptography.hazmat.primitives.serializationrrpyasn1.codec.berrrrr pyasn1.errorr pyasn1.typertwisted.conch.sshrrtwisted.conch.ssh.commonrtwisted.pythonr twisted.python.compatr!r"twisted.python.constantsr#r$twisted.python.deprecater%/cryptography.hazmat.primitives.asymmetric.utilsr&r' ImportErrorr(r) SECP256R1 SECP384R1 SECP521R1rrr*__annotations__r+ed25519_supportedtwisted.conch.ssh._keys_pynacl Exceptionr-r7r:r<r>rBrSrUrr3r4r5r+s   6666666666!!!!!!!! 444444888888@@@@@@@@TTTTTTTTTTTTTTLLLLLLLLLL%$$$$$++++++++111111$$$$$$9999999999999999@@@@@@ )BLNN(BLNN(BLNN  4 89::::D!:;<<<<?&&((!/1!VVVVVVVVV !!! ! ) 9 $$$$$$$$"9>PPPPPPPPf6((((((s$/B88 CCE E+*E+