B `W@sddlZddlZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z ddlmZmZmZmZddlmZmZmZddlmZmZmZmZydd lmZd ZWn2e k rd ZdWe!e!e"e"e#e!d d dZYnXdZ$dZ%dZ&dZ'dZ(dZ)dZ*e+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3dZ4e+e.de/ej5Z6e7e8e9d d!Z:ej;d"eje'e(e)d$Z?e@d%ZAe@d&ZBd'd(ZCe.d)e/d)fd*d+ZDd,d-ZEd.d/ZFd0d1ZGd2d3ZHd4d5ZId6d7ZJd8d9ZKd:d;ZLGdd?d?eMZOGd@dAdAeMZPGdBdCdCeMZQGdDdEdEeMZRe%eOe&ePe$eRe'eQdFeSe(eQdGeTe)eQdHeUiZVdIdJZWejXejYejZej[ej\fZ]dXe!ej^e!e]dKdLdMZ_dYe]ej^e!dNdOdPZ`ejXejaejbejcejdfZedZe!eedQdRdSZfeee!dTdUdVZgdS)[N) encodebytes)utils)UnsupportedAlgorithm) _get_backend)dsaeced25519rsa)Cipher algorithmsmodes)Encoding NoEncryption PrivateFormat PublicFormat)kdfTF)passwordsaltdesired_key_bytesroundsignore_few_roundsreturncCs tddS)NzNeed bcrypt module)r)rrrrrr_/home/dcms/DCMS/lib/python3.7/site-packages/cryptography/hazmat/primitives/serialization/ssh.py _bcrypt_kdf srs ssh-ed25519sssh-rsasssh-dsssecdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521s-cert-v01@openssh.coms\A(\S+)[ \t]+(\S+)sopenssh-key-v1s#-----BEGIN OPENSSH PRIVATE KEY-----s!-----END OPENSSH PRIVATE KEY-----sbcryptsnones aes256-ctrHs(.*?) )s aes256-ctrs aes256-cbc)Z secp256r1Z secp384r1Z secp521r1s>Is>QcCs(|j}|jtkrtd|jt|jS)z3Return SSH key_type and curve_name for private key.z)Unsupported curve for ssh private key: %r)curvename_ECDSA_KEY_TYPE ValueError) public_keyr rrr_ecdsa_key_typeSs   r% cCsd|t||gS)N)join_base64_encode)dataprefixsuffixrrr_ssh_pem_encode]sr-cCs |rt||dkrtddS)zRequire data to be full blocksrzCorrupt data: missing paddingN)lenr#)r*Z block_lenrrr_check_block_sizeasr/cCs|r tddS)z!All data should have been parsed.zCorrupt data: unparsed dataN)r#)r*rrr _check_emptygsr0c CsT|s tdt|\}}}}t|||||d} t|| d||| |d|S)z$Generate key + iv and return cipher.zKey is password-protected.TN)r# _SSH_CIPHERSrr ) ciphernamerrrbackendalgoZkey_lenmodeZiv_lenseedrrr _init_cipherms r7cCs6t|dkrtdt|ddd|ddfS)ZUint32z Invalid dataNr)r.r#_U32unpack)r*rrr_get_u32ws r;cCs6t|dkrtdt|ddd|ddfS)ZUint64z Invalid dataNr)r.r#_U64r:)r*rrr_get_u64~s r>cCs8t|\}}|t|kr td|d|||dfS)zBytes with u32 length prefixz Invalid dataN)r;r.r#)r*nrrr _get_sshstrs  r@cCs4t|\}}|r$|ddkr$tdt|d|fS)z Big integer.rz Invalid databig)r@r#int from_bytes)r*valrrr _get_mpints rFcCs4|dkrtd|sdS|dd}t||S)z!Storage format for signed bigint.rznegative mpint not allowedr'r<)r# bit_lengthrZ int_to_bytes)rEnbytesrrr _to_mpints rIc@sTeZdZdZdddZddZddZd d Zd d Zd dZ dddZ ddZ dS) _FragListz,Build recursive structure without data copy.NcCsg|_|r|j|dS)N)flistextend)selfinitrrr__init__sz_FragList.__init__cCs|j|dS)zAdd plain bytesN)rKappend)rMrErrrput_rawsz_FragList.put_rawcCs|jt|dS)zBig-endian uint32N)rKrPr9pack)rMrErrrput_u32sz_FragList.put_u32cCsLt|tttfr,|t||j|n|||j |jdS)zBytes prefixed with u32 lengthN) isinstancebytes memoryview bytearrayrSr.rKrPsizerL)rMrErrr put_sshstrs z_FragList.put_sshstrcCs|t|dS)z*Big-endian bigint prefixed with u32 lengthN)rYrI)rMrErrr put_mpintsz_FragList.put_mpintcCsttt|jS)zCurrent number of bytes)summapr.rK)rMrrrrXsz_FragList.sizercCs6x0|jD]&}t|}|||}}||||<qW|S)zWrite into bytearray)rKr.)rMZdstbufposfragZflenstartrrrrenders  z_FragList.rendercCs"tt|}|||S)zReturn as bytes)rVrWrXr`tobytes)rMbufrrrras z_FragList.tobytes)N)r) __name__ __module__ __qualname____doc__rOrQrSrYrZrXr`rarrrrrJs   rJc@s8eZdZdZddZddZddZdd Zd d Zd S) _SSHFormatRSAzhFormat for RSA keys. Public: mpint e, n Private: mpint n, e, d, iqmp, p, q cCs$t|\}}t|\}}||f|fS)zRSA public fields)rF)rMr*er?rrr get_publics  z_SSHFormatRSA.get_publiccCs0||\\}}}t||}||}||fS)zMake RSA public key from data.)rir RSAPublicNumbersr$)rMkey_typer*r3rhr?public_numbersr$rrr load_publics  z_SSHFormatRSA.load_publicc Cst|\}}t|\}}t|\}}t|\}}t|\}}t|\} }||f|kr\tdt||} t|| } t||} t|| || | || } | |}||fS)zMake RSA private key from data.z Corrupt data: rsa field mismatch)rFr#r Z rsa_crt_dmp1Z rsa_crt_dmq1rjZRSAPrivateNumbers private_key)rMr* pubfieldsr3r?rhdiqmppqZdmp1Zdmq1rlprivate_numbersrnrrr load_privates           z_SSHFormatRSA.load_privatecCs$|}||j||jdS)zWrite RSA public keyN)rlrZrhr?)rMr$f_pubZpubnrrr encode_publics z_SSHFormatRSA.encode_publiccCsZ|}|j}||j||j||j||j||j||jdS)zWrite RSA private keyN) rtrlrZr?rhrprqrrrs)rMrnf_privrtrlrrrencode_privates     z_SSHFormatRSA.encode_privateN) rcrdrerfrirmrurwryrrrrrgs rgc@s@eZdZdZddZddZddZdd Zd d Zd d Z dS) _SSHFormatDSAzhFormat for DSA keys. Public: mpint p, q, g, y Private: mpint p, q, g, y, x cCs@t|\}}t|\}}t|\}}t|\}}||||f|fS)zDSA public fields)rF)rMr*rrrsgyrrrris     z_SSHFormatDSA.get_publicc CsL||\\}}}}}t|||}t||} || | |} | |fS)zMake DSA public key from data.)rirDSAParameterNumbersDSAPublicNumbers _validater$) rMrkr*r3rrrsr{r|parameter_numbersrlr$rrrrms    z_SSHFormatDSA.load_publicc Cs|||\\}}}}}t|\}}||||f|kr:tdt|||} t|| } || t|| } | |} | |fS)zMake DSA private key from data.z Corrupt data: dsa field mismatch) rirFr#rr}r~rZDSAPrivateNumbersrn) rMr*ror3rrrsr{r|xrrlrtrnrrrru's     z_SSHFormatDSA.load_privatecCsL|}|j}||||j||j||j||jdS)zWrite DSA public keyN)rlrrrZrrrsr{r|)rMr$rvrlrrrrrw5s    z_SSHFormatDSA.encode_publiccCs$|||||jdS)zWrite DSA private keyN)rwr$rZrtr)rMrnrxrrrry@sz_SSHFormatDSA.encode_privatecCs |j}|jdkrtddS)Niz#SSH supports only 1024 bit DSA keys)rrrrGr#)rMrlrrrrrEsz_SSHFormatDSA._validateN) rcrdrerfrirmrurwryrrrrrrz s  rzc@s@eZdZdZddZddZddZdd Zd d Zd d Z dS)_SSHFormatECDSAzFormat for ECDSA keys. Public: str curve bytes point Private: str curve bytes point mpint secret cCs||_||_dS)N)ssh_curve_namer )rMrr rrrrOWsz_SSHFormatECDSA.__init__cCsJt|\}}t|\}}||jkr*td|ddkr>td||f|fS)zECDSA public fieldszCurve name mismatchrr8zNeed uncompressed point)r@rr#NotImplementedError)rMr*r pointrrrri[s    z_SSHFormatECDSA.get_publiccCs.||\\}}}tj|j|}||fS)z Make ECDSA public key from data.)rirEllipticCurvePublicKeyZfrom_encoded_pointr ra)rMrkr*r3 curve_namerr$rrrrmesz_SSHFormatECDSA.load_publiccCsJ||\\}}}t|\}}||f|kr2tdt||j|}||fS)z!Make ECDSA private key from data.z"Corrupt data: ecdsa field mismatch)rirFr#rZderive_private_keyr )rMr*ror3rrsecretrnrrrrums   z_SSHFormatECDSA.load_privatecCs*|tjtj}||j||dS)zWrite ECDSA public keyN) public_bytesr ZX962rZUncompressedPointrYr)rMr$rvrrrrrwws  z_SSHFormatECDSA.encode_publiccCs,|}|}|||||jdS)zWrite ECDSA private keyN)r$rtrwrZZ private_value)rMrnrxr$rtrrrrys z_SSHFormatECDSA.encode_privateN) rcrdrerfrOrirmrurwryrrrrrKs   rc@s8eZdZdZddZddZddZdd Zd d Zd S) _SSHFormatEd25519z~Format for Ed25519 keys. Public: bytes point Private: bytes point bytes secret_and_point cCst|\}}|f|fS)zEd25519 public fields)r@)rMr*rrrrris z_SSHFormatEd25519.get_publiccCs(||\\}}tj|}||fS)z"Make Ed25519 public key from data.)rirEd25519PublicKeyZfrom_public_bytesra)rMrkr*r3rr$rrrrms z_SSHFormatEd25519.load_publicc Csb||\\}}t|\}}|dd}|dd}||ksF|f|krNtdtj|}||fS)z#Make Ed25519 private key from data.Nrz$Corrupt data: ed25519 field mismatch)rir@r#rEd25519PrivateKeyZfrom_private_bytes) rMr*ror3rZkeypairrZpoint2rnrrrrus    z_SSHFormatEd25519.load_privatecCs|tjtj}||dS)zWrite Ed25519 public keyN)rr RawrrY)rMr$rvraw_public_keyrrrrws z_SSHFormatEd25519.encode_publiccCsR|}|tjtjt}|tjtj}t||g}| ||| |dS)zWrite Ed25519 private keyN) r$Z private_bytesr rrrrrrJrwrY)rMrnrxr$Zraw_private_keyrZ f_keypairrrrrys   z _SSHFormatEd25519.encode_privateN) rcrdrerfrirmrurwryrrrrrs  rsnistp256snistp384snistp521cCs6t|tst|}|tkr&t|Std|dS)z"Return valid format or throw errorzUnsupported key type: %rN)rTrUrVra _KEY_FORMATSr)rkrrr_lookup_kformats   r)r*rrcCsRtd|t|}|dk r(td|t|}|s>td|d}|d}t t |||}| t sztdt |tt d}t|\}}t|\}}t|\}}t|\} }| dkrtdt|\} }t| \} } t| } | | \} } t| t|\}}t|||fttfkr|}|tkrHtd||tkr^td|t|d }t||t|\}}t|\}}t|t|||||}t ||}nd }t||t|\}}t|\}}||krtd t|\}}|| krtd | || |\}}t|\}}|tdt|krNtd |S)z.Load private key from OpenSSH custom encoding.r*NrzNot OpenSSH private key formatrzOnly one key supportedzUnsupported cipher: %rzUnsupported KDF: %rr<zCorrupt data: broken checksumzCorrupt data: key type mismatchzCorrupt data: invalid padding)r_check_bytesliker _check_bytes_PEM_RCsearchr#r_endbinascii a2b_base64rV startswith _SK_MAGICr.r@r;rrir0_NONErar1r_BCRYPTr/r7Z decryptorupdateru_PADDING)r*rr3mp1p2r2kdfnameZ kdfoptionsnkeysZpubdataZ pub_key_typekformatroZedatablklenrZkbufrciphZck1Zck2rkrncommentrrrload_ssh_private_keysl                            r)rnrcCs>|dk rtd||r,t|tkr,tdt|tjrFt| }n>t|t j rXt }n,t|t jrjt}nt|tjr|t}ntdt|}t}|rt}t|d}t}t}td} || ||td} t||| || } nt}}d}d} d} td } d }t}||| | |t| | g}|||!|||||"t#d||$|t}|"t%|||||||| |||||$}|$}t&t'||}|(|||}| dk r| )*|||||dt+|d|}t'||||<|S) z3Serialize private key with OpenSSH custom encoding.NrzNPasswords longer than 72 bytes are not supported by OpenSSH private key formatzUnsupported key typerrr<rr8r'),rrr. _MAX_PASSWORDr#rTrEllipticCurvePrivateKeyr%r$r RSAPrivateKey_SSH_RSAr DSAPrivateKey_SSH_DSArr _SSH_ED25519rrJ_DEFAULT_CIPHERr1r_DEFAULT_ROUNDSosurandomrYrSrr7rrwryrQrrXrrVrWr`Z encryptorZ update_intor-)rnrrkrZ f_kdfoptionsr2rrrrr3rrZcheckvalrZ f_public_keyZ f_secretsZf_mainslenmlenrbZofstxtrrrserialize_ssh_private_key(st                         r)r*rc Cst|}td|t|}|s*td|d}}|d}d}t|tt dkrrd}|dtt }t |}yt t |}Wn"t t jfk rtdYnXt|\}}||krtd|rt|\} }||||\} }|rxt|\} }t|\} }t|\} }t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|| S) z-Load public key from OpenSSH one-line format.r*zInvalid line formatrFNTzInvalid key format)rrr_SSH_PUBKEY_RCmatchr#group _CERT_SUFFIXr.rrVrr TypeErrorErrorr@rmr>r;r0)r*r3rrkZ orig_key_typeZkey_bodyZ with_certrZinner_key_typenoncer$serialZcctypeZkey_idZ principalsZ valid_afterZ valid_beforeZ crit_options extensionsreservedZsig_key signaturerrrload_ssh_public_keysH                r)r$rcCst|tjrt|}n>t|tjr(t}n,t|tjr:t }nt|t j rLt }nt dt|}t}|||||t|}d|d|gS)z&One-line public key format for OpenSSHzUnsupported key typer' )rTrrr%r RSAPublicKeyrr DSAPublicKeyrrrrr#rrJrYrwr b2a_base64rastripr()r$rkrrvZpubrrrserialize_ssh_public_keys       r)F)N)N)N)hrrrestructtypingbase64rr)Z cryptographyrZcryptography.exceptionsrZcryptography.hazmat.backendsrZ)cryptography.hazmat.primitives.asymmetricrrrr Z&cryptography.hazmat.primitives.ciphersr r r Z,cryptography.hazmat.primitives.serializationr rrrZbcryptrrZ_bcrypt_supported ImportErrorrUrCboolrrrZ_ECDSA_NISTP256Z_ECDSA_NISTP384Z_ECDSA_NISTP521rcompilerrZ _SK_STARTZ_SK_ENDrrrrrDOTALLrrVrWrangerZAESZCTRZCBCr1r"Structr9r=r%r-r/r0r7r;r>r@rFrIobjectrJrgrzrrZ SECP256R1Z SECP384R1Z SECP521R1rrUnionrrrrZ_SSH_PRIVATE_KEY_TYPESOptionalrrrrrrZ_SSH_PUBLIC_KEY_TYPESrrrrrrs            0>>=:   LS +