HEX

File: //var/opt/nydus/ops/cryptography/hazmat/primitives/serialization/__pycache__/ssh.cpython-39.pyc
a

�,�hs]�@s�UddlZddlZddlZddlZddlmZddlmZddl	m
Z
ddlmZm
Z
mZmZddlmZmZmZddlmZmZmZmZzddlmZd	ZWn0ey�d
Zd[eeeee ed�dd
�ZYn0dZ!dZ"dZ#dZ$dZ%dZ&dZ'e�(d�Z)dZ*dZ+dZ,dZ-dZ.dZ/dZ0dZ1e�(e+de,ej2�Z3e4e5e6dd ���Z7ej8d!ej9dfej8d!ej:dfd"�Z;ej<eej=ej>ej8eej?ej>ej9ej>ej:feffe@d#<e$e%e&d$�ZAe
jBed%�d&d'�ZCe+d(e,d(feeeed)�d*d+�ZDeedd,�d-d.�ZEedd/�d0d1�ZFeejGeeeeej?ej:ej9fd2�d3d4�ZHe4ej=ee4fd/�d5d6�ZIe4ej=ee4fd/�d7d8�ZJe4ej=e4e4fd/�d9d:�ZKe4ej=ee4fd/�d;d<�ZLeed=�d>d?�ZMGd@dA�dA�ZNGdBdC�dC�ZOGdDdE�dE�ZPGdFdG�dG�ZQGdHdI�dI�ZRe"eO�e#eP�e!eR�e$eQdJe
�S��e%eQdKe
�T��e&eQdLe
�U��iZVedM�dNdO�ZWej?e
jXejYejZej[fZ\d\eejGeej]e\dP�dQdR�Z^d]e\ejGeedS�dTdU�Z_ej?e
jBej`ejaejbfZcd^eej]ecdV�dWdX�Zdeced%�dYdZ�ZedS)_�N)�encodebytes)�utils��UnsupportedAlgorithm)�dsa�ec�ed25519�rsa)�Cipher�
algorithms�modes)�Encoding�NoEncryption�
PrivateFormat�PublicFormat)�kdfTF)�password�salt�desired_key_bytes�rounds�ignore_few_rounds�returncCstd��dS)NzNeed bcrypt moduler)rrrrr�r�c/opt/nydus/tmp/pip-target-wkfpz8uv/lib64/python/cryptography/hazmat/primitives/serialization/ssh.py�_bcrypt_kdfsrsssh-ed25519sssh-rsasssh-dsssecdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521s-cert-v01@openssh.coms\A(\S+)[ \t]+(\S+)sopenssh-key-v1s#-----BEGIN OPENSSH PRIVATE KEY-----s!-----END OPENSSH PRIVATE KEY-----sbcryptsnone�
aes256-ctr��Hs(.*?)��� )rs
aes256-cbc�_SSH_CIPHERS)Z	secp256r1Z	secp384r1Z	secp521r1)�
public_keyrcCs*|j}|jtvr td|j����t|jS)z3Return SSH key_type and curve_name for private key.z'Unsupported curve for ssh private key: )�curve�name�_ECDSA_KEY_TYPE�
ValueError)r"r#rrr�_ecdsa_key_typeVs

�r'�
)�data�prefix�suffixrcCsd�|t|�|g�S)N�)�join�_base64_encode)r)r*r+rrr�_ssh_pem_encode`sr/)r)�	block_lenrcCs |rt|�|dkrtd��dS)zRequire data to be full blocksrzCorrupt data: missing paddingN)�lenr&)r)r0rrr�_check_block_sizehsr2�r)rcCs|rtd��dS)z!All data should have been parsed.zCorrupt data: unparsed dataN)r&�r)rrr�_check_emptynsr5)�
ciphernamerrrrc	CsR|std��t|\}}}}t|||||d�}t||d|��|||d���S)z$Generate key + iv and return cipher.zKey is password-protected.TN)r&r!rr
)	r6rrr�algoZkey_len�modeZiv_len�seedrrr�_init_cipherts
r:cCs6t|�dkrtd��tj|dd�dd�|dd�fS)ZUint32��Invalid dataN�big��	byteorder�r1r&�int�
from_bytesr4rrr�_get_u32�srCcCs6t|�dkrtd��tj|dd�dd�|dd�fS)ZUint64�r<Nr=r>r@r4rrr�_get_u64�srEcCs8t|�\}}|t|�kr td��|d|�||d�fS)zBytes with u32 length prefixr<N)rCr1r&)r)�nrrr�_get_sshstr�srGcCs4t|�\}}|r$|ddkr$td��t�|d�|fS)zBig integer.r�r<r=)rGr&rArB)r)�valrrr�
_get_mpint�srJ�rIrcCs4|dkrtd��|sdS|��dd}t�||�S)z!Storage format for signed bigint.rznegative mpint not allowedr,rD)r&�
bit_lengthrZint_to_bytes)rI�nbytesrrr�	_to_mpint�srNc@s�eZdZUdZejeed<dejedd�dd�Zedd�dd	�Z	e
dd�d
d�Zejedfdd�dd
�Z
e
dd�dd�Ze
d�dd�Zdee
e
d�dd�Zed�dd�ZdS)�	_FragListz,Build recursive structure without data copy.�flistN)�initrcCsg|_|r|j�|�dS�N)rP�extend)�selfrQrrr�__init__�sz_FragList.__init__rKcCs|j�|�dS)zAdd plain bytesN)rP�append�rTrIrrr�put_raw�sz_FragList.put_rawcCs|j�|jddd��dS)zBig-endian uint32r;r=)�lengthr?N)rPrV�to_bytesrWrrr�put_u32�sz_FragList.put_u32cCsLt|tttf�r,|�t|��|j�|�n|�|���|j�	|j�dS)zBytes prefixed with u32 lengthN)
�
isinstance�bytes�
memoryview�	bytearrayr[r1rPrV�sizerSrWrrr�
put_sshstr�s
z_FragList.put_sshstrcCs|�t|��dS)z*Big-endian bigint prefixed with u32 lengthN)rarNrWrrr�	put_mpint�sz_FragList.put_mpint)rcCsttt|j��S)zCurrent number of bytes)�sum�mapr1rP)rTrrrr`�sz_FragList.sizer)�dstbuf�posrcCs2|jD]&}t|�}|||}}||||�<q|S)zWrite into bytearray)rPr1)rTrerf�fragZflen�startrrr�render�s

z_FragList.rendercCs"tt|����}|�|�|��S)zReturn as bytes)r^r_r`ri�tobytes)rT�bufrrrrj�s
z_FragList.tobytes)N)r)�__name__�
__module__�__qualname__�__doc__�typing�Listr]�__annotations__rUrXrAr[�Unionrarbr`r^rirjrrrrrO�s
	rOc@s~eZdZdZed�dd�Zeejej	efd�dd�Z
eejejefd�dd	�Zej	e
d
d�dd
�Zeje
d
d�dd�Zd
S)�
_SSHFormatRSAzhFormat for RSA keys.

    Public:
        mpint e, n
    Private:
        mpint n, e, d, iqmp, p, q
    r4cCs$t|�\}}t|�\}}||f|fS)zRSA public fields�rJ)rTr)�erFrrr�
get_public�sz_SSHFormatRSA.get_publicr3cCs.|�|�\\}}}t�||�}|��}||fS)zMake RSA public key from data.)rwr	�RSAPublicNumbersr")rTr)rvrF�public_numbersr"rrr�load_public�sz_SSHFormatRSA.load_publicc	Cs�t|�\}}t|�\}}t|�\}}t|�\}}t|�\}}t|�\}}||f|kr\td��t�||�}	t�||�}
t�||�}t�||||	|
||�}|��}
|
|fS)zMake RSA private key from data.z Corrupt data: rsa field mismatch)rJr&r	Zrsa_crt_dmp1Zrsa_crt_dmq1rxZRSAPrivateNumbers�private_key)rTr)�	pubfieldsrFrv�d�iqmp�p�qZdmp1Zdmq1ry�private_numbersr{rrr�load_private�s �z_SSHFormatRSA.load_privateN�r"�f_pubrcCs$|��}|�|j�|�|j�dS)zWrite RSA public keyN)ryrbrvrF)rTr"r�Zpubnrrr�
encode_publicsz_SSHFormatRSA.encode_public�r{�f_privrcCsZ|��}|j}|�|j�|�|j�|�|j�|�|j�|�|j�|�|j�dS)zWrite RSA private keyN)	r�ryrbrFrvr}r~rr�)rTr{r�r�ryrrr�encode_privatesz_SSHFormatRSA.encode_private)rlrmrnror^rwrp�Tupler	�RSAPublicKeyrz�
RSAPrivateKeyr�rOr�r�rrrrrt�s�
��	�rtc@s�eZdZdZeejejefd�dd�Zeejej	efd�dd�Z
eejejefd�dd�Zej	e
d	d
�dd�Zeje
d	d
�dd�Zejd	d�dd�Zd	S)�
_SSHFormatDSAzhFormat for DSA keys.

    Public:
        mpint p, q, g, y
    Private:
        mpint p, q, g, y, x
    r3cCs@t|�\}}t|�\}}t|�\}}t|�\}}||||f|fS)zDSA public fieldsru)rTr)rr��g�yrrrrw,s
z_SSHFormatDSA.get_publicc	CsJ|�|�\\}}}}}t�|||�}t�||�}|�|�|��}||fS)zMake DSA public key from data.)rwr�DSAParameterNumbers�DSAPublicNumbers�	_validater")	rTr)rr�r�r��parameter_numbersryr"rrrrz6s
z_SSHFormatDSA.load_publiccCsz|�|�\\}}}}}t|�\}}||||f|kr:td��t�|||�}t�||�}	|�|	�t�||	�}
|
��}||fS)zMake DSA private key from data.z Corrupt data: dsa field mismatch)	rwrJr&rr�r�r�ZDSAPrivateNumbersr{)rTr)r|rr�r�r��xr�ryr�r{rrrr�As
z_SSHFormatDSA.load_privateNr�cCsL|��}|j}|�|�|�|j�|�|j�|�|j�|�|j�dS)zWrite DSA public keyN)ryr�r�rbrr�r�r�)rTr"r�ryr�rrrr�Qs
z_SSHFormatDSA.encode_publicr�cCs$|�|��|�|�|��j�dS)zWrite DSA private keyN)r�r"rbr�r�)rTr{r�rrrr�^sz_SSHFormatDSA.encode_private)ryrcCs |j}|j��dkrtd��dS)Niz#SSH supports only 1024 bit DSA keys)r�rrLr&)rTryr�rrrr�esz_SSHFormatDSA._validate)rlrmrnror^rpr�rwr�DSAPublicKeyrz�
DSAPrivateKeyr�rOr�r�r�r�rrrrr�#s"	�����r�c@s�eZdZdZeejd�dd�Zee	j
e	j
efd�dd�Zee	j
ejefd�dd	�Z
ee	j
ejefd�d
d�Zejedd
�dd�Zejedd�dd�ZdS)�_SSHFormatECDSAz�Format for ECDSA keys.

    Public:
        str curve
        bytes point
    Private:
        str curve
        bytes point
        mpint secret
    ��ssh_curve_namer#cCs||_||_dSrRr�)rTr�r#rrrrUwsz_SSHFormatECDSA.__init__r3cCsJt|�\}}t|�\}}||jkr*td��|ddkr>td��||f|fS)zECDSA public fieldszCurve name mismatchrr;zNeed uncompressed point)rGr�r&�NotImplementedError)rTr)r#�pointrrrrw{s
z_SSHFormatECDSA.get_publiccCs.|�|�\\}}}tj�|j|���}||fS)z Make ECDSA public key from data.)rwr�EllipticCurvePublicKeyZfrom_encoded_pointr#rj)rTr)�
curve_namer�r"rrrrz�s

�z_SSHFormatECDSA.load_publiccCsH|�|�\\}}}t|�\}}||f|kr2td��t�||j�}||fS)z!Make ECDSA private key from data.z"Corrupt data: ecdsa field mismatch)rwrJr&rZderive_private_keyr#)rTr)r|r�r��secretr{rrrr��sz_SSHFormatECDSA.load_privateNr�cCs*|�tjtj�}|�|j�|�|�dS)zWrite ECDSA public keyN)�public_bytesr
ZX962rZUncompressedPointrar�)rTr"r�r�rrrr��s
�z_SSHFormatECDSA.encode_publicr�cCs,|��}|��}|�||�|�|j�dS)zWrite ECDSA private keyN)r"r�r�rbZ
private_value)rTr{r�r"r�rrrr��sz_SSHFormatECDSA.encode_private)rlrmrnror]rZ
EllipticCurverUr^rpr�rwr�rz�EllipticCurvePrivateKeyr�rOr�r�rrrrr�ks"�
��
��r�c@s�eZdZdZeejejefd�dd�Zeejej	efd�dd�Z
eejejefd�dd�Zej	e
d	d
�dd�Zeje
d	d
�dd�Zd	S)�_SSHFormatEd25519z~Format for Ed25519 keys.

    Public:
        bytes point
    Private:
        bytes point
        bytes secret_and_point
    r3cCst|�\}}|f|fS)zEd25519 public fields)rG)rTr)r�rrrrw�sz_SSHFormatEd25519.get_publiccCs(|�|�\\}}tj�|���}||fS)z"Make Ed25519 public key from data.)rwr�Ed25519PublicKeyZfrom_public_bytesrj)rTr)r�r"rrrrz�s
�z_SSHFormatEd25519.load_publiccCsb|�|�\\}}t|�\}}|dd�}|dd�}||ksF|f|krNtd��tj�|�}||fS)z#Make Ed25519 private key from data.Nr z$Corrupt data: ed25519 field mismatch)rwrGr&r�Ed25519PrivateKeyZfrom_private_bytes)rTr)r|r�Zkeypairr�Zpoint2r{rrrr��sz_SSHFormatEd25519.load_privateNr�cCs|�tjtj�}|�|�dS)zWrite Ed25519 public keyN)r�r
�Rawrra)rTr"r��raw_public_keyrrrr��s�z_SSHFormatEd25519.encode_publicr�cCsR|��}|�tjtjt��}|�tjtj�}t||g�}|�	||�|�
|�dS)zWrite Ed25519 private keyN)r"Z
private_bytesr
r�rrr�rrOr�ra)rTr{r�r"Zraw_private_keyr�Z	f_keypairrrrr��s��z _SSHFormatEd25519.encode_private)rlrmrnror^rpr�rwrr�rzr�r�rOr�r�rrrrr��s 
����
�r�snistp256snistp384snistp521��key_typecCs8t|t�st|���}|tvr&t|Std|����dS)z"Return valid format or throw errorzUnsupported key type: N)r\r]r^rj�_KEY_FORMATSrr�rrr�_lookup_kformat�s

r�)r)r�backendrcCsJt�d|�|dur t�d|�t�|�}|s6td��|�d�}|�d�}t�	t
|�||��}|�t�srtd��t
|�t
t�d�}t|�\}}t|�\}}t|�\}}t|�\}	}|	dkr�td��t|�\}
}t|
�\}}
t|�}|�|
�\}
}
t|
�t|�\}}t|�||fttfk�r�|��}|tv�rBtd|����|tk�rZtd|����t|d	}t||�t|�\}}t|�\}}t|�t|||��|�}t
|���|��}nd
}t||�t|�\}}t|�\}}||k�r�td��t|�\}}||k�rtd��|�||
�\}}t|�\}}|tdt
|��k�rFtd
��|S)z.Load private key from OpenSSH custom encoding.r)NrzNot OpenSSH private key formatrzOnly one key supportedzUnsupported cipher: zUnsupported KDF: �rDzCorrupt data: broken checksumzCorrupt data: key type mismatchzCorrupt data: invalid padding)r�_check_byteslike�_check_bytes�_PEM_RC�searchr&rh�end�binascii�
a2b_base64r^�
startswith�	_SK_MAGICr1rGrCr�rwr5�_NONErjr!r�_BCRYPTr2r:Z	decryptor�updater��_PADDING)r)rr��m�p1�p2r6�kdfnameZ
kdfoptions�nkeysZpubdataZpub_key_type�kformatr|ZedataZciphername_bytes�blklenrZkbufr�ciphZck1Zck2r�r{�commentrrr�load_ssh_private_keysl




�




r�)r{rrcCs4|durt�d|�|r,t|�tkr,td��t|tj�rFt|�	��}n>t|t
j�rXt}n,t|t
j�rjt}nt|tj�r|t}ntd��t|�}t�}|r�t}t|d}t}t}t�d�}	|�|	�|�|�t|||	|�}
nt}}d}d}
d}t�d	�}d
}
t�}|�|�|�|�	�|�t||g�}|�|�|� ||�|�|
�|�!t"d||�#�|��t�}|�!t$�|�|�|�|�|�|�|�|�|�|�|�|�|�#�}|�#�}t%t&||��}|�'|�||}|
du�r|
�(��)|||�||d��t*|d|��}t&|�|||�<|S)z3Serialize private key with OpenSSH custom encoding.NrzNPasswords longer than 72 bytes are not supported by OpenSSH private key format�Unsupported key typer�rrDrr;r,)+rr�r1�
_MAX_PASSWORDr&r\rr�r'r"r	r��_SSH_RSArr��_SSH_DSArr��_SSH_ED25519r�rO�_DEFAULT_CIPHERr!r��_DEFAULT_ROUNDS�os�urandomrar[r:r�r�r�rXr�r`r�r^r_riZ	encryptorZupdate_intor/)r{rr�r�Zf_kdfoptionsr6r�r�rrr�r�Zcheckvalr�Zf_public_keyZ	f_secretsZf_main�slen�mlenrkZofs�txtrrr�serialize_ssh_private_key]st�















 r�)r)r�rc	Csvt�d|�t�|�}|s"td��|�d�}}|�d�}d}t|tt�d�krjd}|dtt��}t|�}zt	t
�|��}Wn tt
j
fy�td��Yn0t|�\}	}|	|kr�td��|r�t|�\}
}|�|�\}}|�rjt|�\}}t|�\}
}t|�\}}t|�\}}t|�\}}t|�\}}t|�\}}t|�\}}t|�\}}t|�\}}t|�\}}t|�|S)	z-Load public key from OpenSSH one-line format.r)zInvalid line formatr�FNTzInvalid key format)rr��_SSH_PUBKEY_RC�matchr&�group�_CERT_SUFFIXr1r�r^r�r��	TypeError�ErrorrGrzrErCr5)r)r�r�r�Z
orig_key_typeZkey_bodyZ	with_certr��restZinner_key_type�noncer"�serialZcctypeZkey_idZ
principalsZvalid_afterZvalid_beforeZcrit_options�
extensions�reservedZsig_key�	signaturerrr�load_ssh_public_key�sF

r�cCs�t|tj�rt|�}n>t|tj�r(t}n,t|tj�r:t	}nt|t
j�rLt}nt
d��t|�}t�}|�|�|�||�t�|�����}d�|d|g�S)z&One-line public key format for OpenSSHr�r,� )r\rr�r'r	r�r�rr�r�rr�r�r&r�rOrar�r��
b2a_base64rj�stripr-)r"r�r�r�Zpubrrr�serialize_ssh_public_key�s

r�)F)N)N)N)fr�r��rerp�base64rr.ZcryptographyrZcryptography.exceptionsrZ)cryptography.hazmat.primitives.asymmetricrrrr	Z&cryptography.hazmat.primitives.ciphersr
rrZ,cryptography.hazmat.primitives.serializationr
rrrZbcryptrrZ_bcrypt_supported�ImportErrorr]rA�boolr�r�r�Z_ECDSA_NISTP256Z_ECDSA_NISTP384Z_ECDSA_NISTP521r��compiler�r�Z	_SK_STARTZ_SK_ENDr�r�r�r�r��DOTALLr�r^r_�ranger��AESZCTRZCBCr!�Dictr��Typersrrr%r�r'r/r2r5�Optionalr:rCrErGrJrNrOrtr�r�r�Z	SECP256R1Z	SECP384R1Z	SECP521R1r�r�r�r�r�r�Z_SSH_PRIVATE_KEY_TYPES�Anyr�r�r�r�r�Z_SSH_PUBLIC_KEY_TYPESr�r�rrrr�<module>s�
��

��
��������
2FHGD�
	����O��Q��	��,