Ϫfw! rdZddlmZmZmZmZddlmZmZm Z ddl m Z GddeZ Gdde Z Gd d e ZGd d e Ze eGd dZe eGddZe eGddZe eGddZe eGddZe eGddZe eGddZe e GddZeeeeeeeedZdZdZd Zd!Zd"Zd#Zy$)%z SSH key exchange handling. )sha1sha256sha384sha512) Attribute Interface implementer)errorc0eZdZdZedZedZy)_IKexAlgorithmzB An L{_IKexAlgorithm} describes a key exchange algorithm. zAn L{int} giving the preference of the algorithm when negotiating key exchange. Algorithms with lower precedence values are more preferred.zqA callable hash algorithm constructor (e.g. C{hashlib.sha256}) suitable for use with this key exchange algorithm.N)__name__ __module__ __qualname____doc__r preference hashProcessor8/usr/lib/python3/dist-packages/twisted/conch/ssh/_kex.pyr r s) J  =Mrr c0eZdZdZedZedZy)_IFixedGroupKexAlgorithmzu An L{_IFixedGroupKexAlgorithm} describes a key exchange algorithm with a fixed prime / generator group. zdAn L{int} giving the prime number used in Diffie-Hellman key exchange, or L{None} if not applicable.zAn L{int} giving the generator number used in Diffie-Hellman key exchange, or L{None} if not applicable. (This is not related to Python generator functions.)N)r rrrrprime generatorrrrrr"s)  2 E  'IrrceZdZdZy)#_IEllipticCurveExchangeKexAlgorithmz An L{_IEllipticCurveExchangeKexAlgorithm} describes a key exchange algorithm that uses an elliptic curve exchange between the client and server. Nr rrrrrrrr4srrceZdZdZy)_IGroupExchangeKexAlgorithmz An L{_IGroupExchangeKexAlgorithm} describes a key exchange algorithm that uses group exchange between the client and server. A prime / generator group should be chosen at run time based on the requested size. See RFC 4419. Nrrrrrr;srrceZdZdZdZeZy)_Curve25519SHA256z Elliptic Curve Key Exchange using Curve25519 and SHA256. Defined in U{https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-curves/}. Nr rrrrrrrrrr r E JMrr ceZdZdZdZeZy)_Curve25519SHA256LibSSHzN As L{_Curve25519SHA256}, but with a pre-standardized algorithm name. Nr"rrrr%r%PsJMrr%ceZdZdZdZeZy)_ECDH256aX Elliptic Curve Key Exchange with SHA-256 as HASH. Defined in RFC 5656. Note that C{ecdh-sha2-nistp256} takes priority over nistp384 or nistp512. This is the same priority from OpenSSH. C{ecdh-sha2-nistp256} is considered preety good cryptography. If you need something better consider using C{curve25519-sha256}. Nr"rrrr(r(Zs JMrr(ceZdZdZdZeZy)_ECDH384zT Elliptic Curve Key Exchange with SHA-384 as HASH. Defined in RFC 5656. N)r rrrrrrrrrr+r+kr#rr+ceZdZdZdZeZy)_ECDH512zT Elliptic Curve Key Exchange with SHA-512 as HASH. Defined in RFC 5656. N)r rrrrrrrrrr.r.vr#rr.ceZdZdZdZeZy)_DHGroupExchangeSHA256zc Diffie-Hellman Group and Key Exchange with SHA-256 as HASH. Defined in RFC 4419, 4.2. Nr"rrrr1r1r#rr1ceZdZdZdZeZy)_DHGroupExchangeSHA1za Diffie-Hellman Group and Key Exchange with SHA-1 as HASH. Defined in RFC 4419, 4.1. N)r rrrrrrrrrr4r4s JMrr4c,eZdZdZdZeZedZdZ y)_DHGroup14SHA1z Diffie-Hellman key exchange with SHA-1 as HASH and Oakley Group 14 (2048-bit MODP Group). Defined in RFC 4253, 8.2. i32317006071311007300338913926423828248817941241140239112842009751400741706634354222619689417363569347117901737909704191754605873209195028853758986185622153212175412514901774520270235796078236248884246189477587641105928646099411723245426622522193230540919037680524235519125679715870117001058055877651038861847280257976054903569732561526167081339361799541336476559160368317896729073178384589680639671900977202194168647225871031411336429319536193471636533209717077448227988588565369208645296636077250268955505928362751121174096972998068410554359584866583291642136218231078990999448652468262416972035911852507045361090559r&N) r rrrrrrintrrrrrr7r7s) JM   EIrr7)curve25519-sha256scurve25519-sha256@libssh.orgs$diffie-hellman-group-exchange-sha256s"diffie-hellman-group-exchange-sha1sdiffie-hellman-group14-sha1secdh-sha2-nistp256secdh-sha2-nistp384secdh-sha2-nistp521cT|tvrtjd|t|S)aY Get a description of a named key exchange algorithm. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A description of the key exchange algorithm named by C{kexAlgorithm}. @rtype: L{_IKexAlgorithm} @raises ConchError: if the key exchange algorithm is not found. z$Unsupported key exchange algorithm: )_kexAlgorithmsr ConchError kexAlgorithms rgetKexrAs0>)!El^TUU , ''rc>tjt|S)a  Returns C{True} if C{kexAlgorithm} is an elliptic curve. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: C{str} @return: C{True} if C{kexAlgorithm} is an elliptic curve, otherwise C{False}. @rtype: C{bool} )r providedByrAr?s risEllipticCurverDs / 9 9&:N OOrc>tjt|S)a+ Returns C{True} if C{kexAlgorithm} has a fixed prime / generator group. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: C{True} if C{kexAlgorithm} has a fixed prime / generator group, otherwise C{False}. @rtype: L{bool} )rrCrAr?s r isFixedGrouprFs $ . .vl/C DDrc0t|}|jS)a Get the hash algorithm callable to use in key exchange. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A callable hash algorithm constructor (e.g. C{hashlib.sha256}). @rtype: C{callable} )rArr@kexs rgetHashProcessorrJs  C   rcHt|}|j|jfS)z Get the generator and the prime to use in key exchange. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A L{tuple} containing L{int} generator and L{int} prime. @rtype: L{tuple} )rArrrHs rgetDHGeneratorAndPrimerLs!  C ==#)) ##rcddlm}ddlm}ddlm}|}t jtD]}|jdr6|jdd}|j|j||}n$|jdr|j}nd}|rqj|tfd  S) z Get a list of supported key exchange algorithm names in order of preference. @return: A C{list} of supported key exchange algorithm names. @rtype: C{list} of L{bytes} r)default_backend)ec) _curveTablesecdhsecdsar;Tc"|jS)N)r)r@ kexAlgorithmss rz*getSupportedKeyExchanges..$s l0K0V0Vr)key)cryptography.hazmat.backendsrN)cryptography.hazmat.primitives.asymmetricrOtwisted.conch.ssh.keysrPr=copylist startswithreplace+elliptic_curve_exchange_algorithm_supportedECDHx25519_supportedpopsorted)rNrOrPbackend keyAlgorithmkeyAlgorithmDsa supportedrRs @rgetSupportedKeyExchangesres=<2G"'')M]+ ,  " "7 +*227HEOKK ;7I $ $%9 :002II   l + , V rN)rhashlibrrrrzope.interfacerrr twisted.conchr r rrrr r%r(r+r.r1r4r7r=rArDrFrJrLrerrrris  10<<Y"~$.. 012 012 01  2   012 012 ()* ()* %&'6,-%<%>-C-E+?+A$2$4#:#:#: ($ P E  $r