U cc]@sUddlZddlZddlZddlZddlmZddlmZddl m Z ddl m Z m Z mZmZddlmZmZmZddlmZmZmZmZmZmZzddlmZd ZWn2ek rd ZdZe e e!e!e"e d d d ZYnXdZ#dZ$dZ%dZ&dZ'dZ(dZ)e*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2e*e-de.ej3Z4e5e6e7ddZ8ej9d ej:dfej9d ej;dfd!Zej?ej9e!ej@ej?ej:ej?ej;fe!ffeAd"<e&e'e(d#ZBe jCe d$d%d&ZDe-d'e.d'fe e e e d(d)d*ZEe e!dd+d,d-ZFe dd.d/d0ZGe ejHe e e!eej@ej;ej:fd1d2d3ZIe5ej>e!e5fd.d4d5ZJe5ej>e!e5fd.d6d7ZKe5ej>e5e5fd.d8d9ZLe5ej>e!e5fd.d:d;ZMe!e d<d=d>ZNGd?d@d@ZOGdAdBdBZPGdCdDdDZQGdEdFdFZRGdGdHdHZSe$ePe%eQe#eSe&eRdIe Te'eRdJe Ue(eRdKe ViZWe dLdMdNZXej@e jYejZe j[ej\fZ]d[e ejHe ej^e]dOdPdQZ_e]e ee dRdSdTZ`ej@e jCejae jbejcfZdd\e ej^eddUdVdWZeede d$dXdYZfdS)]N) encodebytes)utilsUnsupportedAlgorithm)dsaeced25519rsa)Cipher algorithmsmodes)EncodingKeySerializationEncryption NoEncryption PrivateFormat PublicFormat_KeySerializationEncryption)kdfTF)passwordsaltdesired_key_bytesroundsignore_few_roundsreturncCs tddS)NzNeed bcrypt moduler)rrrrrrj/var/www/html/project/venv/lib/python3.8/site-packages/cryptography/hazmat/primitives/serialization/ssh.py _bcrypt_kdf srs ssh-ed25519sssh-rsasssh-dsssecdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521s-cert-v01@openssh.coms\A(\S+)[ \t]+(\S+)sopenssh-key-v1s#-----BEGIN OPENSSH PRIVATE KEY-----s!-----END OPENSSH PRIVATE KEY-----sbcryptsnone aes256-ctrs(.*?) )rs aes256-cbc _SSH_CIPHERS)Z secp256r1Z secp384r1Z secp521r1) public_keyrcCs*|j}|jtkr td|jt|jS)z3Return SSH key_type and curve_name for private key.z'Unsupported curve for ssh private key: )curvename_ECDSA_KEY_TYPE ValueError)r#r$rrr_ecdsa_key_typeWs   r( )dataprefixsuffixrcCsd|t||gS)N)join_base64_encode)r*r+r,rrr_ssh_pem_encodeasr0)r* block_lenrcCs |rt||dkrtddS)zRequire data to be full blocksrzCorrupt data: missing paddingN)lenr')r*r1rrr_check_block_sizeisr3r*rcCs|r tddS)z!All data should have been parsed.zCorrupt data: unparsed dataN)r'r*rrr _check_emptyosr6) ciphernamerrrrc CsR|s tdt|\}}}}t|||||d}t||d||||dS)z$Generate key + iv and return cipher.zKey is password-protected.TN)r'r"rr ) r7rrralgoZkey_lenmodeZiv_lenseedrrr _init_cipherus r;cCs6t|dkrtdtj|dddd|ddfS)ZUint32 Invalid dataNbig byteorderr2r'int from_bytesr5rrr_get_u32s rDcCs6t|dkrtdtj|dddd|ddfS)ZUint64r=Nr>r?rAr5rrr_get_u64s rFcCs8t|\}}|t|kr td|d|||dfS)zBytes with u32 length prefixr=N)rDr2r')r*nrrr _get_sshstrs  rHcCs4t|\}}|r$|ddkr$tdt|d|fS)z Big integer.rr=r>)rHr'rBrC)r*valrrr _get_mpints rKrJrcCs4|dkrtd|sdS|dd}t||S)z!Storage format for signed bigint.rznegative mpint not allowedr-rE)r' bit_lengthrZ int_to_bytes)rJnbytesrrr _to_mpints rOc@seZdZUdZejeed<dejeddddZedddd Z e ddd d Z ej edfddd d Z e ddddZe dddZdee e dddZedddZdS) _FragListz,Build recursive structure without data copy.flistN)initrcCsg|_|r|j|dSN)rQextend)selfrRrrr__init__sz_FragList.__init__rLcCs|j|dS)zAdd plain bytesN)rQappendrUrJrrrput_rawsz_FragList.put_rawcCs|j|jddddS)zBig-endian uint32r<r>)lengthr@N)rQrWto_bytesrXrrrput_u32sz_FragList.put_u32cCsLt|tttfr,|t||j|n|||j |jdS)zBytes prefixed with u32 lengthN) isinstancebytes memoryview bytearrayr\r2rQrWsizerTrXrrr put_sshstrs z_FragList.put_sshstrcCs|t|dS)z*Big-endian bigint prefixed with u32 lengthN)rbrOrXrrr put_mpintsz_FragList.put_mpint)rcCsttt|jS)zCurrent number of bytes)summapr2rQ)rUrrrrasz_FragList.sizer)dstbufposrcCs2|jD]&}t|}|||}}||||<q|S)zWrite into bytearray)rQr2)rUrfrgfragZflenstartrrrrenders  z_FragList.rendercCs"tt|}|||S)zReturn as bytes)r_r`rarjtobytes)rUbufrrrrks z_FragList.tobytes)N)r)__name__ __module__ __qualname____doc__typingListr^__annotations__rVrYrBr\Unionrbrcrar_rjrkrrrrrPs  rPc@s~eZdZdZedddZeejej efdddZ eejej efddd Z ej e d d d d Zej e d dddZd S) _SSHFormatRSAzhFormat for RSA keys. Public: mpint e, n Private: mpint n, e, d, iqmp, p, q r5cCs$t|\}}t|\}}||f|fS)zRSA public fieldsrK)rUr*erGrrr get_publics  z_SSHFormatRSA.get_publicr4cCs.||\\}}}t||}|}||fS)zMake RSA public key from data.)rxr RSAPublicNumbersr#)rUr*rwrGpublic_numbersr#rrr load_publics z_SSHFormatRSA.load_publicc Cst|\}}t|\}}t|\}}t|\}}t|\}}t|\}}||f|kr\tdt||} t||} t||} t|||| | || } | } | |fS)zMake RSA private key from data.z Corrupt data: rsa field mismatch)rKr'r Z rsa_crt_dmp1Z rsa_crt_dmq1ryZRSAPrivateNumbers private_key)rUr* pubfieldsrGrwdiqmppqZdmp1Zdmq1rzprivate_numbersr|rrr load_privates,          z_SSHFormatRSA.load_privateNr#f_pubrcCs$|}||j||jdS)zWrite RSA public keyN)rzrcrwrG)rUr#rZpubnrrr encode_public s z_SSHFormatRSA.encode_publicr|f_privrcCsZ|}|j}||j||j||j||j||j||jdS)zWrite RSA private keyN) rrzrcrGrwr~rrr)rUr|rrrzrrrencode_privates     z_SSHFormatRSA.encode_private)rmrnrorpr_rxrqTupler RSAPublicKeyr{ RSAPrivateKeyrrPrrrrrrrus    ruc@seZdZdZeejejefdddZeejej efdddZ eejej efdddZ ej e d d d d Zej e d d ddZejd dddZd S) _SSHFormatDSAzhFormat for DSA keys. Public: mpint p, q, g, y Private: mpint p, q, g, y, x r4cCs@t|\}}t|\}}t|\}}t|\}}||||f|fS)zDSA public fieldsrv)rUr*rrgyrrrrx-s     z_SSHFormatDSA.get_publicc CsJ||\\}}}}}t|||}t||}|||}||fS)zMake DSA public key from data.)rxrDSAParameterNumbersDSAPublicNumbers _validater#) rUr*rrrrparameter_numbersrzr#rrrr{7s   z_SSHFormatDSA.load_publicc Csz||\\}}}}}t|\}}||||f|kr:tdt|||}t||} || t|| } | } | |fS)zMake DSA private key from data.z Corrupt data: dsa field mismatch) rxrKr'rrrrZDSAPrivateNumbersr|) rUr*r}rrrrxrrzrr|rrrrBs    z_SSHFormatDSA.load_privateNrcCsL|}|j}||||j||j||j||jdS)zWrite DSA public keyN)rzrrrcrrrr)rUr#rrzrrrrrRs    z_SSHFormatDSA.encode_publicrcCs$|||||jdS)zWrite DSA private keyN)rr#rcrr)rUr|rrrrr_sz_SSHFormatDSA.encode_private)rzrcCs |j}|jdkrtddS)Niz#SSH supports only 1024 bit DSA keys)rrrMr')rUrzrrrrrfsz_SSHFormatDSA._validate)rmrnrorpr_rqrrxr DSAPublicKeyr{ DSAPrivateKeyrrPrrrrrrrrr$s&      rc@seZdZdZeejdddZee j e j efdddZ ee j ej efddd Z ee j ejefdd d Zej ed d ddZejed dddZd S)_SSHFormatECDSAzFormat for ECDSA keys. Public: str curve bytes point Private: str curve bytes point mpint secret ssh_curve_namer$cCs||_||_dSrSr)rUrr$rrrrVxsz_SSHFormatECDSA.__init__r4cCsJt|\}}t|\}}||jkr*td|ddkr>td||f|fS)zECDSA public fieldszCurve name mismatchrr<zNeed uncompressed point)rHrr'NotImplementedError)rUr*r$pointrrrrx|s    z_SSHFormatECDSA.get_publiccCs.||\\}}}tj|j|}||fS)z Make ECDSA public key from data.)rxrEllipticCurvePublicKeyZfrom_encoded_pointr$rk)rUr* curve_namerr#rrrr{s z_SSHFormatECDSA.load_publiccCsH||\\}}}t|\}}||f|kr2tdt||j}||fS)z!Make ECDSA private key from data.z"Corrupt data: ecdsa field mismatch)rxrKr'rZderive_private_keyr$)rUr*r}rrsecretr|rrrrs   z_SSHFormatECDSA.load_privateNrcCs*|tjtj}||j||dS)zWrite ECDSA public keyN) public_bytesr ZX962rZUncompressedPointrbr)rUr#rrrrrrs  z_SSHFormatECDSA.encode_publicrcCs,|}|}|||||jdS)zWrite ECDSA private keyN)r#rrrcZ private_value)rUr|rr#rrrrrs z_SSHFormatECDSA.encode_private)rmrnrorpr^rZ EllipticCurverVr_rqrrxrr{EllipticCurvePrivateKeyrrPrrrrrrrls&     rc@seZdZdZeejejefdddZeejej efdddZ eejej efdddZ ej e d d d d Zej e d d ddZd S)_SSHFormatEd25519z~Format for Ed25519 keys. Public: bytes point Private: bytes point bytes secret_and_point r4cCst|\}}|f|fS)zEd25519 public fields)rH)rUr*rrrrrxs z_SSHFormatEd25519.get_publiccCs(||\\}}tj|}||fS)z"Make Ed25519 public key from data.)rxrEd25519PublicKeyZfrom_public_bytesrk)rUr*rr#rrrr{s z_SSHFormatEd25519.load_publiccCsb||\\}}t|\}}|dd}|dd}||ksF|f|krNtdtj|}||fS)z#Make Ed25519 private key from data.Nr!z$Corrupt data: ed25519 field mismatch)rxrHr'rEd25519PrivateKeyZfrom_private_bytes)rUr*r}rZkeypairrZpoint2r|rrrrs    z_SSHFormatEd25519.load_privateNrcCs|tjtj}||dS)zWrite Ed25519 public keyN)rr Rawrrb)rUr#rraw_public_keyrrrrs z_SSHFormatEd25519.encode_publicrcCsR|}|tjtjt}|tjtj}t||g}| ||| |dS)zWrite Ed25519 private keyN) r#Z private_bytesr rrrrrrPrrb)rUr|rr#Zraw_private_keyrZ f_keypairrrrrs  z _SSHFormatEd25519.encode_private)rmrnrorpr_rqrrxrrr{rrrPrrrrrrrs$     rsnistp256snistp384snistp521key_typecCs8t|tst|}|tkr&t|Std|dS)z"Return valid format or throw errorzUnsupported key type: N)r]r^r_rk _KEY_FORMATSrrrrr_lookup_kformats   r)r*rbackendrcCsJtd||dk r td|t|}|s6td|d}|d}t t |||}| t srtdt |t t d}t|\}}t|\}}t|\}}t|\} }| dkrtdt|\} }t| \} } t| } | | \} } t| t|\}}t|||fttfkr|}|tkrBtd||tkrZtd|t|d }t||t|\}}t|\}}t|t||||}t ||}nd }t||t|\}}t|\}}||krtd t|\}}|| kr td | || \}}t|\}}|tdt |krFtd |S)z.Load private key from OpenSSH custom encoding.r*NrzNot OpenSSH private key formatrzOnly one key supportedzUnsupported cipher: zUnsupported KDF: rEzCorrupt data: broken checksumzCorrupt data: key type mismatchzCorrupt data: invalid padding)r_check_byteslike _check_bytes_PEM_RCsearchr'riendbinascii a2b_base64r_ startswith _SK_MAGICr2rHrDrrxr6_NONErkr"r_BCRYPTr3r;Z decryptorupdater_PADDING)r*rrmp1p2r7kdfnameZ kdfoptionsnkeysZpubdataZ pub_key_typekformatr}ZedataZciphername_bytesblklenrZkbufrciphZck1Zck2rr|commentrrrload_ssh_private_keysl                          r)r|rencryption_algorithmrcCstd|t|tjr&t|}n>t|tjr8t }n,t|t j rJt }nt|t jr\t}ntdt|}t}|rt}t|d}t}t} t|tr|jdk r|j} td} || || t||| | } nt}}d}d} d} td} d }t}|||||t| | g}||| |||||!t"d||#|t}|!t$|||||||| |||||#}|#}t%t&||}|'|||}| dk r | ()|||||dt*|d|S) z3Serialize private key with OpenSSH custom encoding.rUnsupported key typerNrrErr<r-)+rrr]rrr(r#r r_SSH_RSArr_SSH_DSArr _SSH_ED25519r'rrP_DEFAULT_CIPHERr"r_DEFAULT_ROUNDSrZ _kdf_roundsosurandomrbr\r;rrrrYrrarr_r`rjZ encryptorZ update_intor0)r|rrrrZ f_kdfoptionsr7rrrrrrZcheckvalrZ f_public_keyZ f_secretsZf_mainslenmlenrlZofsrrr_serialize_ssh_private_key^sp                         r)r*rrc Csxtd|t|}|s"td|d}}|d}d}t|tt dkrjd}|dtt }t|}zt t |}Wn"t t j fk rtdYnXt|\} }| |krtd|rt|\} }||\} }|rlt|\} }t|\} }t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}t|| S) z-Load public key from OpenSSH one-line format.r*zInvalid line formatrFNTzInvalid key format)rr_SSH_PUBKEY_RCmatchr'group _CERT_SUFFIXr2rr_rr TypeErrorErrorrHr{rFrDr6)r*rrrZ orig_key_typeZkey_bodyZ with_certrrestZinner_key_typenoncer#serialZcctypeZkey_idZ principalsZ valid_afterZ valid_beforeZ crit_options extensionsreservedZsig_key signaturerrrload_ssh_public_keysF                rcCst|tjrt|}n>t|tjr(t}n,t|tjr:t }nt|t j rLt }nt dt|}t}|||||t|}d|d|gS)z&One-line public key format for OpenSSHrr- )r]rrr(r rrrrrrrrr'rrPrbrr b2a_base64rkstripr.)r#rrrZpubrrrserialize_ssh_public_keys       r)F)N)N)grrrerqbase64rr/Z cryptographyrZcryptography.exceptionsrZ)cryptography.hazmat.primitives.asymmetricrrrr Z&cryptography.hazmat.primitives.ciphersr r r Z,cryptography.hazmat.primitives.serializationr rrrrrZbcryptrrZ_bcrypt_supported ImportErrorr^rBboolrrrZ_ECDSA_NISTP256Z_ECDSA_NISTP384Z_ECDSA_NISTP521rcompilerrZ _SK_STARTZ_SK_ENDrrrrDOTALLrr_r`rangerZAESZCTRZCBCr"DictrTypertrsr&rr(r0r3r6Optionalr;rDrFrHrKrOrPrurrrZ SECP256R1Z SECP384R1Z SECP521R1rrrrrrZ_SSH_PRIVATE_KEY_TYPESAnyrrrrrZ_SSH_PUBLIC_KEY_TYPESrrrrrrs              2FHGD       N O  ,