o ˷es]@sUddlZddlZddlZddlZddlmZddlmZddl m Z ddl m Z m Z mZmZddlmZmZmZddlmZmZmZmZz ddlmZd ZWneymd Z d`d ed ed edede def ddZYnwdZ!dZ"dZ#dZ$dZ%dZ&dZ'e(dZ)dZ*dZ+dZ,dZ-dZ.d Z/d!Z0d"Z1e(e+d#e,ej2Z3e4e5e6d$d%Z7ej8d&ej9d!fej8d&ej:d!fd'Z;ejej8eej?ej>ej9ej>ej:feffe@d(<e$e%e&d)ZAd*e jBdefd+d,ZCe+d-e,d-fd.ed/ed0edefd1d2ZDd.ed3eddfd4d5ZEd.eddfd6d7ZFd8ed ejGed ededeej?ej:ej9ff d9d:ZHd.e4dej=ee4ffd;d<ZId.e4dej=ee4ffd=d>ZJd.e4dej=e4e4ffd?d@ZKd.e4dej=ee4ffdAdBZLdCedefdDdEZMGdFdGdGZNGdHdIdIZOGdJdKdKZPGdLdMdMZQGdNdOdOZRe"eOe#ePe!eRe$eQdPe Se%eQdQe Te&eQdRe UiZVdSefdTdUZWej?e jXejYe jZej[fZ\ dad.ed ejGedVej]de\fdWdXZ^ dadYe\d ejGedefdZd[Z_ej?e jBej`e jaejbfZc dad.edVej]decfd\d]Zdd*ecdefd^d_ZedS)bN) encodebytes)utilsUnsupportedAlgorithm)dsaeced25519rsa)Cipher algorithmsmodes)Encoding NoEncryption PrivateFormat PublicFormat)kdfTFpasswordsaltdesired_key_bytesroundsignore_few_roundsreturncCstd)NzNeed bcrypt moduler)rrrrrrg/var/www/ideatree/venv/lib/python3.10/site-packages/cryptography/hazmat/primitives/serialization/ssh.py _bcrypt_kdfsrs ssh-ed25519sssh-rsasssh-dsssecdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521s-cert-v01@openssh.coms\A(\S+)[ \t]+(\S+)sopenssh-key-v1s#-----BEGIN OPENSSH PRIVATE KEY-----s!-----END OPENSSH PRIVATE KEY-----sbcryptsnone aes256-ctrHs(.*?) )rs aes256-cbc _SSH_CIPHERS) secp256r1 secp384r1 secp521r1 public_keycCs*|j}|jtvrtd|jt|jS)z3Return SSH key_type and curve_name for private key.z'Unsupported curve for ssh private key: )curvename_ECDSA_KEY_TYPE ValueError)r%r&rrr_ecdsa_key_typeVs    r* dataprefixsuffixcCsd|t||gS)N)join_base64_encode)r,r-r.rrr_ssh_pem_encode`sr2 block_lencCs |r t||dkrtddS)zRequire data to be full blocksrzCorrupt data: missing paddingN)lenr))r,r3rrr_check_block_sizehsr5cCs|rtddS)z!All data should have been parsed.zCorrupt data: unparsed dataN)r)r,rrr _check_emptynsr7 ciphernamec CsR|stdt|\}}}}t|||||d}t||d||||dS)z$Generate key + iv and return cipher.zKey is password-protected.TN)r)r!rr ) r8rrralgokey_lenmodeiv_lenseedrrr _init_cipherts "r>cC6t|dkr tdtj|dddd|ddfS)Uint32 Invalid dataNbig byteorderr4r)int from_bytesr6rrr_get_u32 "rIcCr?)Uint64rBNrCrDrFr6rrr_get_u64rJrMcCs8t|\}}|t|krtd|d|||dfS)zBytes with u32 length prefixrBN)rIr4r))r,nrrr _get_sshstrs  rOcCs4t|\}}|r|ddkrtdt|d|fS)z Big integer.rrBrC)rOr)rGrH)r,valrrr _get_mpints rRrQcCs4|dkrtd|s dS|dd}t||S)z!Storage format for signed bigint.rznegative mpint not allowedr/rL)r) bit_lengthr int_to_bytes)rQnbytesrrr _to_mpints  rVc@seZdZUdZejeed<ddejeddfddZdeddfd d Z de ddfd d Z dej edfddfd dZ de ddfddZde fddZddede de fddZdefddZdS) _FragListz,Build recursive structure without data copy.flistNinitrcCsg|_|r |j|dSdSN)rXextend)selfrYrrr__init__sz_FragList.__init__rQcCs|j|dS)zAdd plain bytesN)rXappendr\rQrrrput_rawz_FragList.put_rawcCs|j|jddddS)zBig-endian uint32rArC)lengthrEN)rXr^to_bytesr_rrrput_u32sz_FragList.put_u32cCsNt|tttfr|t||j|dS|||j |jdS)zBytes prefixed with u32 lengthN) isinstancebytes memoryview bytearrayrdr4rXr^sizer[r_rrr put_sshstrs z_FragList.put_sshstrcCs|t|dS)z*Big-endian bigint prefixed with u32 lengthN)rjrVr_rrr put_mpintsz_FragList.put_mpintcCsttt|jS)zCurrent number of bytes)summapr4rX)r\rrrriraz_FragList.sizerdstbufposcCs2|jD]}t|}|||}}||||<q|S)zWrite into bytearray)rXr4)r\rnrofragflenstartrrrrenders z_FragList.rendercCs"tt|}|||S)zReturn as bytes)rgrhrirstobytes)r\bufrrrrts z_FragList.tobytesrZ)r)__name__ __module__ __qualname____doc__typingListrf__annotations__r]r`rGrdUnionrjrkrirgrsrtrrrrrWs  rWc@seZdZdZdefddZdedejej effddZ dedejej effdd Z d ej d e dd fd dZdej de dd fddZd S) _SSHFormatRSAzhFormat for RSA keys. Public: mpint e, n Private: mpint n, e, d, iqmp, p, q r,cCs$t|\}}t|\}}||f|fS)zRSA public fieldsrR)r\r,erNrrr get_publics   z_SSHFormatRSA.get_publicrcCs.||\\}}}t||}|}||fS)zMake RSA public key from data.)rr RSAPublicNumbersr%)r\r,rrNpublic_numbersr%rrr load_publics z_SSHFormatRSA.load_publicc Cst|\}}t|\}}t|\}}t|\}}t|\}}t|\}}||f|kr.tdt||} t||} t||} t|||| | || } | } | |fS)zMake RSA private key from data.z Corrupt data: rsa field mismatch)rRr)r rsa_crt_dmp1 rsa_crt_dmq1rRSAPrivateNumbers private_key)r\r, pubfieldsrNrdiqmppqdmp1dmq1rprivate_numbersrrrr load_privates          z_SSHFormatRSA.load_privater%f_pubNcCs$|}||j||jdS)zWrite RSA public keyN)rrkrrN)r\r%rpubnrrr encode_public s z_SSHFormatRSA.encode_publicrf_privcCsZ|}|j}||j||j||j||j||j||jdS)zWrite RSA private keyN) rrrkrNrrrrr)r\rrrrrrrencode_privates     z_SSHFormatRSA.encode_private)rvrwrxryrgrrzTupler RSAPublicKeyr RSAPrivateKeyrrWrrrrrrr~s6    r~c@seZdZdZdedejejeffddZdedejej effddZ dedejej effdd Z d ej d e dd fd dZdej de dd fddZdejdd fddZd S) _SSHFormatDSAzhFormat for DSA keys. Public: mpint p, q, g, y Private: mpint p, q, g, y, x r,rcCs@t|\}}t|\}}t|\}}t|\}}||||f|fS)zDSA public fieldsr)r\r,rrgyrrrr,s    z_SSHFormatDSA.get_publicc CsJ||\\}}}}}t|||}t||}|||}||fS)zMake DSA public key from data.)rrDSAParameterNumbersDSAPublicNumbers _validater%) r\r,rrrrparameter_numbersrr%rrrr6s   z_SSHFormatDSA.load_publicc Csz||\\}}}}}t|\}}||||f|krtdt|||}t||} || t|| } | } | |fS)zMake DSA private key from data.z Corrupt data: dsa field mismatch) rrRr)rrrrDSAPrivateNumbersr) r\r,rrrrrxrrrrrrrrAs    z_SSHFormatDSA.load_privater%rNcCsL|}|j}||||j||j||j||jdS)zWrite DSA public keyN)rrrrkrrrr)r\r%rrrrrrrQs    z_SSHFormatDSA.encode_publicrrcCs$|||||jdS)zWrite DSA private keyN)rr%rkrr)r\rrrrrr^sz_SSHFormatDSA.encode_privatercCs |j}|jdkrtddS)Niz#SSH supports only 1024 bit DSA keys)rrrSr))r\rrrrrresz_SSHFormatDSA._validate)rvrwrxryrgrzrrr DSAPublicKeyr DSAPrivateKeyrrWrrrrrrrrr#s@        rc@seZdZdZdedejfddZdede j e j effdd Z dede j ej effd d Z dede j ejeffd d Zdej deddfddZdejdeddfddZdS)_SSHFormatECDSAzFormat for ECDSA keys. Public: str curve bytes point Private: str curve bytes point mpint secret ssh_curve_namer&cCs||_||_dSrZ)rr&)r\rr&rrrr]ws z_SSHFormatECDSA.__init__r,rcCsJt|\}}t|\}}||jkrtd|ddkrtd||f|fS)zECDSA public fieldszCurve name mismatchrrAzNeed uncompressed point)rOrr)NotImplementedError)r\r,r&pointrrrr{s     z_SSHFormatECDSA.get_publiccCs.||\\}}}tj|j|}||fS)z Make ECDSA public key from data.)rrEllipticCurvePublicKeyfrom_encoded_pointr&rt)r\r, curve_namerr%rrrrs  z_SSHFormatECDSA.load_publiccCsH||\\}}}t|\}}||f|krtdt||j}||fS)z!Make ECDSA private key from data.z"Corrupt data: ecdsa field mismatch)rrRr)rderive_private_keyr&)r\r,rrrsecretrrrrrs   z_SSHFormatECDSA.load_privater%rNcCs*|tjtj}||j||dS)zWrite ECDSA public keyN) public_bytesr X962rUncompressedPointrjr)r\r%rrrrrrs  z_SSHFormatECDSA.encode_publicrrcCs,|}|}|||||jdS)zWrite ECDSA private keyN)r%rrrk private_value)r\rrr%rrrrrs z_SSHFormatECDSA.encode_private)rvrwrxryrfr EllipticCurver]rgrzrrrrEllipticCurvePrivateKeyrrWrrrrrrrks@         rc@seZdZdZdedejejeffddZdedejej effddZ dedejej effdd Z d ej d e dd fd dZdej de dd fddZd S)_SSHFormatEd25519z~Format for Ed25519 keys. Public: bytes point Private: bytes point bytes secret_and_point r,rcCst|\}}|f|fS)zEd25519 public fields)rO)r\r,rrrrrs  z_SSHFormatEd25519.get_publiccCs(||\\}}tj|}||fS)z"Make Ed25519 public key from data.)rrEd25519PublicKeyfrom_public_bytesrt)r\r,rr%rrrrs z_SSHFormatEd25519.load_publiccCsb||\\}}t|\}}|dd}|dd}||ks#|f|kr'tdtj|}||fS)z#Make Ed25519 private key from data.Nr z$Corrupt data: ed25519 field mismatch)rrOr)rEd25519PrivateKeyfrom_private_bytes)r\r,rrkeypairrpoint2rrrrrs    z_SSHFormatEd25519.load_privater%rNcCs|tjtj}||dS)zWrite Ed25519 public keyN)rr Rawrrj)r\r%rraw_public_keyrrrrsz_SSHFormatEd25519.encode_publicrrcCsR|}|tjtjt}|tjtj}t||g}| ||| |dS)zWrite Ed25519 private keyN) r% private_bytesr rrrrrrWrrj)r\rrr%raw_private_keyr f_keypairrrrrs   z _SSHFormatEd25519.encode_private)rvrwrxryrgrzrrrrrrrrWrrrrrrrs>       rsnistp256snistp384snistp521key_typecCs4t|ts t|}|tvrt|Std|)z"Return valid format or throw errorzUnsupported key type: )rerfrgrt _KEY_FORMATSr)rrrr_lookup_kformats  rbackendcCsBtd||durtd|t|}|std|d}|d}t t |||}| t s9tdt |t t d}t|\}}t|\}}t|\}}t|\} }| dkrctdt|\} }t| \} } t| } | | \} } t| t|\}}t|||fttfkr|}|tvrtd||tkrtd|t|d }t||t|\}}t|\}}t|t||||}t ||}nd }t||t|\}}t|\}}||krtd t|\}}|| krtd | || \}}t|\}}|tdt |krtd |S)z.Load private key from OpenSSH custom encoding.r,NrzNot OpenSSH private key formatrzOnly one key supportedzUnsupported cipher: zUnsupported KDF: rLzCorrupt data: broken checksumzCorrupt data: key type mismatchzCorrupt data: invalid padding)r_check_byteslike _check_bytes_PEM_RCsearchr)rrendbinascii a2b_base64rg startswith _SK_MAGICr4rOrIrrr7_NONErtr!r_BCRYPTr5r> decryptorupdater_PADDING)r,rrmp1p2r8kdfname kdfoptionsnkeyspubdata pub_key_typekformatredataciphername_bytesblklenrkbufrciphck1ck2rrcommentrrrload_ssh_private_keysl                       rrcCs4|dur td||rt|tkrtdt|tjr#t| }nt|t j r,t }nt|t jr5t}n t|tjr>t}ntdt|}t}|rnt}t|d}t}t}td} || ||t||| |} nt}}d}d} d} td } d } t}|||| |t| | g}||| |||| |!t"d||#|t}|!t$|||||||| |||||#}|#}t%t&||}|'|||}| dur| ()|||||dt*|d|}t&||||<|S) z3Serialize private key with OpenSSH custom encoding.NrzNPasswords longer than 72 bytes are not supported by OpenSSH private key formatUnsupported key typerrrLrrAr/)+rrr4 _MAX_PASSWORDr)rerrr*r%r r_SSH_RSArr_SSH_DSArr _SSH_ED25519rrW_DEFAULT_CIPHERr!r_DEFAULT_ROUNDSosurandomrjrdr>rrrr`rrirrgrhrs encryptor update_intor2)rrrr f_kdfoptionsr8rrrrrrcheckvalr f_public_key f_secretsf_mainslenmlenruofstxtrrrserialize_ssh_private_key]st                         rc Csptd|t|}|std|d}}|d}d}t|tt dkr5d}|dtt }t|}z t t |}Wnt t j fyPtdwt|\} }| |kr_td|rgt|\} }||\} }|rt|\} }t|\} }t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|| S) z-Load public key from OpenSSH one-line format.r,zInvalid line formatrFNTzInvalid key format)rr_SSH_PUBKEY_RCmatchr)group _CERT_SUFFIXr4rrgrr TypeErrorErrorrOrrMrIr7)r,rrr orig_key_typekey_body with_certrrestinner_key_typenoncer%serialcctypekey_id principals valid_after valid_before crit_options extensionsreservedsig_key signaturerrrload_ssh_public_keysH                rcCst|tjr t|}nt|tjrt}nt|tjrt }n t|t j r&t }nt dt|}t}|||||t|}d|d|gS)z&One-line public key format for OpenSSHrr/ )rerrr*r rrrrrrrrr)rrWrjrr b2a_base64rtstripr0)r%rrrpubrrrserialize_ssh_public_keys       r)FrZ)frrrerzbase64rr1 cryptographyrcryptography.exceptionsr)cryptography.hazmat.primitives.asymmetricrrrr &cryptography.hazmat.primitives.ciphersr r r ,cryptography.hazmat.primitives.serializationr rrrbcryptrr_bcrypt_supported ImportErrorrfrGboolrrr_ECDSA_NISTP256_ECDSA_NISTP384_ECDSA_NISTP521rcompilerr _SK_START_SK_ENDrrrrrDOTALLrrgrhrangerAESCTRCBCr!DictrTyper}r|r(rr*r2r5r7Optionalr>rIrMrOrRrVrWr~rrr SECP256R1 SECP384R1 SECP521R1rrrrrr_SSH_PRIVATE_KEY_TYPESAnyrrrrr_SSH_PUBLIC_KEY_TYPESrrrrrrs,              2FHGD    O Q  ,