ϪfdZddlmZddlZddlZddlZddlZddlmZm Z m Z ddl m Z m Z ddlmZddlZddlmZddlmZdd lmZdd lmZmZdd lmZmZmZmZmZdd l m!Z!m"Z"m#Z#dd l$m%Z%m&Z&ddlm'Z'ddl(m)Z)m*Z*ddl+m,Z,ddl-m.Z.ddl/m0Z0m1Z1ddl2m3Z3m4Z4ddl5m6Z6 ddl7m8Z8m9Z9ejzej|ej~dZ@ddddZAejZBejZCGddeDZEGddeDZFGd d!eDZGGd"d#eDZHGd$d%e4ZIGd&d'eDZJd(ZKGd)d*ZLd,d+ZMy#e:$r ddl7m;Z8m} for Unicode characters in memorized secrets: it applies the Normalization Process for Stabilized Strings using NFKC normalization. The passphrase is then encoded using UTF-8. @type passphrase: L{bytes} or L{unicode} or L{None} @param passphrase: The passphrase to normalize. @return: The normalized passphrase, if any. @rtype: L{bytes} or L{None} @raises PassphraseNormalizationError: if the passphrase is Unicode and cannot be normalized using the available Unicode character database. c3LK|]}tj|dk(yw)CnN) unicodedatacategory).0cs r0 z'_normalizePassphrase..s C1{##A&$.Cs"$NFKCzUTF-8) isinstancestranyr=rA normalizeencode passphrases r0_normalizePassphraserNxsM&*c" C C C/0 0$$VZ8??HHr/ceZdZdZed.dZed.dZedZedZedZ edZ ed Z ed Z ed Z ed Zed ZedZed/dZed0dZed0dZed0dZed0dZdZd1dZd2dZdZdZej8fdZd3dZdZdZ dZ!dZ"d4dZ#d Z$d!Z%e&d"d#gd"d$ggd/d%Z'd0d&Z(d.d'Z)d0d(Z*d5d)Z+d*Z,d+Z-d0d,Z.d-Z/y)6Keyau An object representing a key. A key can be either a public or private key. A public key can verify a signature; a private key can create or verify a signature. To generate a string that can be stored on disk, use the toString method. If you have a private key, but want the string representation of the public key, use Key.public().toString(). Nct|d5}|j|j||cdddS#1swYyxYw)a Load a key from a file. @param filename: The path to load key data from. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. rbN)open fromStringread)clsfilenametyperMfs r0fromFilez Key.fromFiles;$(D ! >Q>>!&&(D*= > > >s !8Acjt|tr|jd}t|}||j |}|t d|t |d|jd}|t d||jjdk(r|r t d||S|||S)a Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key. @type data: L{bytes} @param data: The key data. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. utf-8Nzcannot guess the type of _fromString_zno _fromString method for zkey not encrypted) rGrHrKrN_guessStringTyper(getattrupper__code__ co_argcount)rVdatarXrMmethods r0rTzKey.fromStrings. dC ;;w'D)*5 <''-D < 9$BC C TZZ\N;TB > :4&AB B ?? & &! +!"566$< $ + +r/c tj|\}}|dk(rMtj|d\}}}|tj||j t S|dk(rftj|d\}}}} }|tj| tj|||j t S|tvrD|tjjt|tj|ddS|dk(r)tj|\} }|j| Std |) a Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:: string 'ssh-rsa' integer e integer n The format of a DSA public key blob is:: string 'ssh-dss' integer p integer q integer g integer y The format of ECDSA-SHA2-* public key blob is:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name. The format of an Ed25519 public key blob is:: string 'ssh-ed25519' string a @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown. ssh-rsar^ssh-dsspqgyparameter_numbers ssh-ed25519unknown blob type: )rgetNSgetMPrRSAPublicNumbers public_keyr rDSAPublicNumbersDSAParameterNumbers _curveTablerEllipticCurvePublicKeyfrom_encoded_point_fromEd25519Componentsr() rVblobkeyTyperestenrkrlrmroas r0_fromString_BLOBzKey._fromString_BLOBs?D T*  j dA.JAq$s++Aq1<<_=NOP P  "%||D!4 Aq!Q$$3+B+BQ!q+Q*_./   #))<<(&,,tQ*?*B   &ll4(GAt--a0 0 3G9=> >r/ctj|\}}|dk(r4tj|d\}}}}}} }|j||||| S|dk(r3tj|d\}} } } } }|j | | || | S|t vrt |} tj|d\}} }|t | jjdk7rtd |d |tj|\}}|j| || S|d k(r2tj|d\}}}|d d}|j||Std|)a6 Return a private key object corresponding to this private key blob. The blob formats are as follows: RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' string identifier string q integer privateValue identifier is the standard NIST curve name. Ed25519 keys:: string 'ssh-ed25519' string a string k || a @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * the key type (the first string) is unknown * the curve name of an ECDSA key does not match the key type rgrrdrkrlrhrormrkrlxr^asciizECDSA curve name z does not match key type ) encodedPointcurve privateValuerrN )krs) rrtru_fromRSAComponents_fromDSAComponentsrz _secToNistnamerKr(_fromECEncodedPointr})rVr~rrrrrurkrlrmrorr curveNamerrcombinedrs r0_fromString_PRIVATE_BLOBzKey._fromString_PRIVATE_BLOBs\ T*  j %+\\$%: "Aq!Q1d))Aa1)B B  ""(,,tQ"7 Aq!Q4))Aa1)B B  #(E!'dA!6 Iq$Juzz'8'8'ABB!!*G5"(d!3 L$**gL+  &!' T1 5 Ax" A--a1-5 5 3G9=> >r/c|jdr|t|tSt|j d}|j |S)a Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:: @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the blob type is unknown. s ecdsa-sha2rq) startswithrr rsplitr)rVrdr~s r0_fromString_PUBLIC_OPENSSHzKey._fromString_PUBLIC_OPENSSHasK ??= )*41BCD D4::<?+##D))r/c |jj}tdj|dd}|j ds t d|t dd}tj|d\}}}}tjd|dd d } | dk7r t d tj|d dd \} } } |d k7r/|s td|dvr&tj} d} t|dddz}| }nt d||dk(rRtj|\}}tjd|dd d }tj ||||z|d}nt d|t | | zd k7r t dt#| |d|t%j&||||zt)j+}|j-| |j/z}n|d k7rt d|d| }tjd|dd d }tjd|d dd }||k7rt d||fz|j1|ddS)a* Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. The format of an openssh-key-v1 private key string is:: -----BEGIN OPENSSH PRIVATE KEY----- -----END OPENSSH PRIVATE KEY----- The SSH protocol string is as described in U{PROTOCOL.key}. @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the SSH protocol encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key r/rqopenssh-key-v1z"unknown OpenSSH private key formatN!LrirzDonly OpenSSH private key files containing a single key are supportedr^none0Passphrase must be provided for an encrypted key)s aes128-ctrs aes192-ctr aes256-ctrrzunknown encryption type bcryptT)ignore_few_roundszunknown KDF type z bad paddingbackendzprivate key specifies KDF z but no cipherz#check values do not match: %d != %d)strip splitlinesrjoinrr(lenrrtstructunpackr5rAESintbcryptkdfrrCTRr decryptorupdatefinalizer)rVrdrMlineskeyListcipherr kdfOptionsrr_encPrivKeyListalgorithmClass blockSizekeySizeivSizesaltroundsdecKeyr privKeyListcheck1check2s r0_fromPrivateOpenSSH_v1zKey._fromPrivateOpenSSH_v1vs: '')chhuQr{34!!"56BC C#1245(. Wa(@%Z MM$Ra )! , 6-  &||DHa8>1 W 'IFF!+ fQqk*a/"!$>N#i/A5!-00vhw/0 &7V+;<=')ik  $**>:Y=O=O=QQKg~!GJL)Kt[!_5a8t[1%56q9 V CvvFVVW W++KO< PRIVATE KEY----- [Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,] ------END PRIVATE KEY------ The ASN.1 structure of a RSA key is:: (0, n, e, d, p, q) The ASN.1 structure of a DSA key is:: (0, p, q, g, y, x) The ASN.1 structure of a ECDSA key is:: (ECParameters, OID, NULL) @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key r N)sECsRSAsDSArz&Failed to decode key (Bad Passphrase?)unknown key type )rrrr TypeErrorr5 ValueErrorr()rVrdrMrkindkeys r0_fromPrivateOpenSSH_PEMzKey._fromPrivateOpenSSH_PEMsJ '')Qx3J * * L*4_=NOs8O 1$89 9 'F L!"JKK Ls A(Bc|jjddddk(r|j||S|j||S)a Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error. @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key rrrsOPENSSH)rrrr)rVrdrMs r0_fromString_PRIVATE_OPENSSHzKey._fromString_PRIVATE_OPENSSHsO, ::< " " $Q '3 /: =--dJ? ?..tZ@ @r/ctjt|dd}|ddk(sJi}|dddD]3\}}tjtj |d||<5|dddk(r!|j |d|d|d |d  S|ddd k(r|j|d |dStd|dd)a Return a public key corresponding to this LSH public key string. The LSH public key string format is:: , ()+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown rqrr public-keyNdsaygpqrormrkrlrsa-pkcs1-sha1nerrunknown lsh key type ) rparserrruNSrrr(rVrdsexpkdrs r0_fromString_PUBLIC_LSHzKey._fromString_PUBLIC_LSH%s"{{;tAbz23Aw-''' q'!"+ 8JD$||FIIdO4Q7BtH 8 71: ))T(bh"T(bh* !WQZ, ,))BtH4)A A 5d1gaj\BC Cr/cXtj|}|ddk(sJi}|dddD]3\}}tjtj|d||<5|dddk(rCt |dk(sJt ||j |d|d|d |d |d  S|ddd k(r_t |dk(sJt ||d |d kDr|d |d c|d <|d <|j|d|d|d|d |d Std|dd)a+ Return a private key corresponding to this LSH private key string. The LSH private key string format is:: , (, )+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown r private-keyrqNrrrrrrxr rsa-pkcs1rrrdrr) rrrrurrrrr(rs r0_fromString_PRIVATE_LSHzKey._fromString_PRIVATE_LSHEsp"{{4 Aw.((( q'!"+ 8JD$||FIIdO4Q7BtH 8 71: r7a< (R (<))T(bh"T(bh"T(* !WQZ< 'r7a< (R (<$x"T("%'Xr$x"4"T())T(bh"T(bh"T(*   5d1gaj\BC Cr/ctj|\}}|dk(rtj|\}}tj|\}}tj|\}}tj|\}}tj|\}}|j|||||S|dk(rtj|\}}tj|\} }tj|\} }tj|\} }tj|\}}tj|\}}|j | || ||| St d|)a Return a private key object corresponsing to the Secure Shell Key Agent v3 format. The SSH Key Agent v3 format for a RSA key is:: string 'ssh-rsa' integer e integer d integer n integer u integer p integer q The SSH Key Agent v3 format for a DSA key is:: string 'ssh-dss' integer p integer q integer g integer y integer x @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown rhrrgrrrrkrlrr)rrtrurrr() rVrdrrkrlrmrorrrrrs r0_fromString_AGENTV3zKey._fromString_AGENTV3ks9< T*  j ll4(GAtll4(GAtll4(GAtll4(GAtll4(GAt))Aa1)B B  "ll4(GAtll4(GAtll4(GAtll4(GAtll4(GAtll4(GAt))Aa1Q)G G 1';< "LL.MGTE  & T 2 qy ?r/c Ztj||}||jt}nqtj|||tj ||tj ||tj|||} | jt}||S)a Build a key from RSA numerical components. @type n: L{int} @param n: The 'n' RSA variable. @type e: L{int} @param e: The 'e' RSA variable. @type d: L{int} or L{None} @param d: The 'd' RSA variable (optional for a public key). @type p: L{int} or L{None} @param p: The 'p' RSA variable (optional for a public key). @type q: L{int} or L{None} @param q: The 'q' RSA variable (optional for a public key). @type u: L{int} or L{None} @param u: The 'u' RSA variable. Ignored, as its value is determined by p and q. @rtype: L{Key} @return: An RSA key constructed from the values as given. )rr)rkrlrdmp1dmq1iqmppublic_numbers) rrvrwr RSAPrivateNumbers rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmp private_key) rVrrrrkrlr publicNumbers keyObjectprivateNumberss r0rzKey._fromRSAComponentss6,,qA6 9%001BCI 22%%a+%%a+%%a+,N'22?3DEI9~r/ctj|tj|||}||jt }n0tj ||}|j t }||S)a Build a key from DSA numerical components. @type y: L{int} @param y: The 'y' DSA variable. @type p: L{int} @param p: The 'p' DSA variable. @type q: L{int} @param q: The 'q' DSA variable. @type g: L{int} @param g: The 'g' DSA variable. @type x: L{int} or L{None} @param x: The 'x' DSA variable (optional for a public key) @rtype: L{Key} @return: A DSA key constructed from the values as given. rjrn)rr)rrxryrwr DSAPrivateNumbersr) rVrorkrlrmrrr r s r0rzKey._fromDSAComponentssq.,,3#:#:Q!q#I  9%001BCI 22Q}UN&22?3DEI9~r/ctj||t|}||jt }n0tj ||}|j t }||S)a Build a key from EC components. @param x: The affine x component of the public point used for verifying. @type x: L{int} @param y: The affine y component of the public point used for verifying. @type y: L{int} @param curve: NIST name of elliptic curve. @type curve: L{bytes} @param privateValue: The private value. @type privateValue: L{int} rror) private_valuer)rEllipticCurvePublicNumbersrzrwr EllipticCurvePrivateNumbersr)rVrrorrrr r s r0_fromECComponentszKey._fromECComponents so$551K.   %001BCI;;*=N'22?3DEI9~r/c|(tjjt||}n&tj|t|t }||S)aa Build a key from an EC encoded point. @param encodedPoint: The public point encoded as in SEC 1 v2.0 section 2.3.3. @type encodedPoint: L{bytes} @param curve: NIST name of elliptic curve. @type curve: L{bytes} @param privateValue: The private value. @type privateValue: L{int} )rr{r|rzderive_private_keyr )rVrrrr s r0rzKey._fromECEncodedPoint,sW  11DDE"LI--k%0/2CI9~r/ctt td|tj|}ntj |}||S)aBuild a key from Ed25519 components. @param a: The Ed25519 public key, as defined in RFC 8032 section 5.1.5. @type a: L{bytes} @param k: The Ed25519 private key, as defined in RFC 8032 section 5.1.5. @type k: L{bytes} z)Ed25519 keys not supported on this system)Ed25519PublicKeyEd25519PrivateKeyr(from_public_bytesfrom_private_bytes)rVrrr s r0r}zKey._fromEd25519ComponentsHsK  #'8'@IJ J 9(::1=I)< < z Public Keyz Private Keyz (zattr :Ed25519ri02xr >)rXrddecodeisPublicsorteditemsrsizeappendrMPrordrr) rrdroutrvrbymorDs r0__repr__z Key.__repr__rs 99;$ 99;D=''0D}}4T"#YKvF5d23i[Gtzz|, ,1<\$00CRs%s++C  , ;  (!-MMO4 E EIIK Etyy{0023 +1 uQCq\*))+2Q ! QR8H3BABCBA&q\13q6#,a 0011v{crFLL* +b CE"I99U# #r/ct|jtjtj t jtjfS)zl Check if this instance is a public key. @return: C{True} if this is a public key. ) rGrr RSAPublicKeyr DSAPublicKeyrr{rrrs r0r0z Key.isPublicsA  OO    ))((    r/cl|jr|St|jjS)z Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self. @rtype: L{Key} @return: A public key. )r0rPrrwr@s r0publicz Key.publics* ==?Kt1134 4r/c |tjur9ttt |j j S|tjuritdjtt|j j Dcgc]}tj|c}Std|cc}w)aO The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include L{FingerprintFormats.MD5_HEX} and L{FingerprintFormats.SHA256_BASE64} The input to the algorithm is the public key data as specified by [RFC4253]. The output of sha256[RFC4634] algorithm is presented to the user in the form of base64 encoded sha256 hashes. Example: C{US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=} The output of the MD5[RFC1321](default) algorithm is presented to the user as a sequence of 16 octets printed as hexadecimal with lowercase letters and separated by colons. Example: C{c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87} @param format: Format for fingerprint generation. Consists hash function and representation format. Default is L{FingerprintFormats.MD5_HEX} @since: 8.2 @return: the user presentation of this L{Key}'s fingerprint, as a string. @rtype: L{str} :z Unsupported fingerprint format: )r9r;rrrr~digestr:rrrbinasciihexlifyr7)rformatrs r0 fingerprintzKey.fingerprints: '55 5 &*=*D*D*F GH H )11 1 2;C  RSAPrivateKeyrr? DSAPrivateKeyrr{EllipticCurvePrivateKeyrrr RuntimeErrorr@s r0rXzKey.types doo(8(8#:K:K'L M #*:*:C!==?*^!==?*!==?*&,[[]*0--/*0--/%+[[]-3]]_  c499; ./  0r/c|jy|jdk(r |jjjS|jdk(ry|jjS)zv Return the size of the object we wrap. @return: The size of the key. @rtype: L{int} rr#r)rX)rrXrkey_sizer@s r0r3zKey.size:sV ?? " YY[D ??((11 1 YY[I %'''r/c R t|jtjr3|jj }|j |j dSt|jtjr|jj}|jj |jj |j|j|jtj|j|jdSt|jtjrg|jj }|j|j j"|j j|j jdSt|jtj$r|jj}|j&|jj|jj j"|jj j|jj jdSt|jt(j*rB|jj }|j&|j|j-dSt|jt(j.ra|jj}|jj&|jj|j0|j-dSt|jt2j4rNd|jj7t8j:j<t8j>j<iSt|jt2j@r|jjCj7t8j:j<t8j>j<|jjEt8j:j<t8jFj<t9jHdStKd |j) z_ Return the values of the public key as a dictionary. @rtype: L{dict} rrr)rrormrkrlr)rrorrr)rrzUnexpected key type: )&rGrrr>rrrrMprivate_numbersrrkrlrrr?rorprmrNrrr{rRrOrrr public_bytesrEncodingRaw PublicFormatrrw private_bytes PrivateFormat NoEncryptionrP)rrsa_pub_numbersrsa_priv_numbersdsa_pub_numbersdsa_priv_numbersec_pub_numbersec_priv_numberss r0rdzKey.dataIsr doos'7'7 8"oo<<>O$&&$&& ):): ;#>>@ %4466%4466%''%''%''%%&6&8&8:J:L:LM )9)9 :"oo<<>O$&&$6688$6688$6688   ):): ;#>>@ %''%4466%44FFHH%44FFHH%44FFHH  )B)B C!__;;=N#%%#%%  )C)C D"oo==?O$3355$3355 / = =   )A)A BT__11!**.. 0J0J0N0N  )B)B C__//1>>!**.. 0J0J0N0N__22!**..!//33!..0  !6t6GHI Ir/c|j}|j}|dk(rGtjdtj|dztj|dzS|dk(rytjdtj|dztj|dztj|d ztj|d zS|d k(r|j j jd zd z}tj|dtj|dddztjdtj|d|ztj|d |zzS|dk(r.tjdtj|dzStd|)a Return the public key blob for this key. The blob is the over-the-wire format for public keys. SECSH-TRANS RFC 4253 Section 6.6. RSA keys:: string 'ssh-rsa' integer e integer n DSA keys:: string 'ssh-dss' integer p integer q integer g integer y EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name Ed25519 keys:: string 'ssh-ed25519' string a @rtype: L{bytes} rKrgrrrLrhrkrlrmror#rrNrr)rrrunknown key type: ) rXrdrrr5rrrar rr()rrXrd byteLengths r0r~zKey.blobs@yy{yy{ 5=99Z(699T#Y+??&))DQTIBVV V U] *%))DI&'))DI&'))DI&'))DI& ' T\////881<BJ $w-())DM"#./0))((cJ?@((cJ?@ Y 99^,vyyc/CC C 24&9: :r/cF|j}|j}|dk(rtj|d|d}t j dt j |dzt j |dzt j |dzt j |zt j |dzt j |dzS|dk(rt j d t j |dzt j |dzt j |d zt j |d zt j |d zS|d k(r|jjjtjjtjj}t j |dt j |dddzt j |zt j |dzS|dk(rMt j dt j |dzt j |d|dzzStd|)a1 Return the private key blob for this key. The blob is the over-the-wire format for private keys: Specification in OpenSSH PROTOCOL.agent RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y integer privateValue identifier is the NIST standard curve name. Ed25519 keys:: string 'ssh-ed25519' string a string k || a rKrkrlrgrrrrLrhrmrorr#rrsNrr)rrrrru)rXrdrrrrr5rrwrdrreX962rgUncompressedPointr()rrXrdrencPubs r0 privateBlobzKey.privateBlobsZRyy{yy{ 5=##DItCy9D *%))DI&'))DI&'))DI&'))D/ " ))DI& ' ))DI& ' U] *%))DI&'))DI&'))DI&'))DI& ' ))DI& ' T\__//1>>&&++**<<F  $w-())DM"#./0))F#$))D012  Y  .)))DI&'))DIS 123   24&9: :r/extracommentrMc2|1tjdtd|jr|}n|}t |t r|j d}t|}t|d|jd}|td|||||S) a Create a string representation of this key. If the key is a private key and you want the representation of its public key, use C{key.public().toString()}. type maps to a _toString_* method. @param type: The type of string to emit. Currently supported values are C{'OPENSSH'}, C{'LSH'}, and C{'AGENTV3'}. @type type: L{str} @param extra: Any extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to encrypt with. (Deprecated since Twisted 20.3.0; use C{comment} or C{passphrase} as appropriate instead.) @type extra: L{bytes} or L{unicode} or L{None} @param subtype: A subtype of the requested C{type} to emit. Only supported for private OpenSSH keys, for which the currently supported subtypes are C{'PEM'} and C{'v1'}. If not given, an appropriate default is used. @type subtype: L{str} or L{None} @param comment: A comment to include with the key. Only supported for OpenSSH keys. Present since Twisted 20.3.0. @type comment: L{bytes} or L{unicode} or L{None} @param passphrase: A passphrase to encrypt the key with. Only supported for private OpenSSH keys. Present since Twisted 20.3.0. @type passphrase: L{bytes} or L{unicode} or L{None} @rtype: L{bytes} NzThe 'extra' argument to twisted.conch.ssh.keys.Key.toString was deprecated in Twisted 20.3.0; use 'comment' or 'passphrase' instead.r) stacklevelr\ _toString_ru)subtyper}rM) warningswarnDeprecationWarningr0rGrHrKrNr`rar()rrXr|rr}rMres r0toStringz Key.toString$sZ   MMI#  }}" gs #nnW-G)*5 DJJL>:DA > 24&9: :gw:NNr/c|jdk(rd|sd}|jjtjj tj j dz|zjSt|jjdd}|sd}|jdz|zdz|zjS)a Return a public OpenSSH key string. See _fromString_PUBLIC_OPENSSH for the string format. @type comment: L{bytes} or L{None} @param comment: A comment to include with the key, or L{None} to omit the comment. r#r/  ) rXrrdrreOpenSSHrgrrr~replacerR)rr}b64Datas r0_toPublicOpenSSHzKey._toPublicOpenSSHfs 99;$ ,,!**22M4N4N4V4V  eg  diik*225#>G %/$6@GGIIr/c |rktj}d}d}|jdz}d}|}tj|} d} t j | tjd| z} nd}d}d}d} tjd } | | z|jzt j |xsdz} d }t| |zr&|d z }| t|d zfz } t| |zr&|rtj| zd}t|d |tj ||||zt#j%}|j'| |j)z}n| }dt j |zt j |zt j | ztjdd zt j |j+zt j |z}t-|j/dd}dgt1d t|dDcgc] }|||dz c}zdgz}dj3|dzScc}w)aP Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. See _fromPrivateOpenSSH_v1 for the string format. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase to encrypt the key with, or L{None} if it is not encrypted. rrrrdrrr/rirrqNrrrs#-----BEGIN OPENSSH PRIVATE KEY-----@s!-----END OPENSSH PRIVATE KEY-----)rr block_sizer secureRandomrrrpackr{rbytesrrrrrr encryptorrrr~rrranger)rr}rMr cipherNamekdfNamerrrrrrcheckrpadByteencKeyrrr~rirs r0_toPrivateOpenSSH_v1zKey._toPrivateOpenSSH_v1sq  ^^F&JG))Q.IGF))&1DF46;;tV+DDJ JGIJ&&q)emd&6&6&88699W^PS;TT +* qLG 5'D.!23 3K+* ZZ D'F2BCHFvhw'( &7V+;<=')ik  '--k:Y=O=O=QQN(N ii # $ii  !ii # $kk$"  # ii $  % ii'  ( d#++E37 3 4,1!S\2,FGqwq1r6"G H34 5  zz% 5((HsI/cZ|stj}ntj|}|jdk7rM|jj tj jtjj|S|jdk(sJtd)a, Return a private OpenSSH key string, in the old PEM-based format. See _fromPrivateOpenSSH_PEM for the string format. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase to encrypt the key with, or L{None} if it is not encrypted. r)zBcannot serialize Ed25519 key to OpenSSH PEM format; use v1 instead) rrjBestAvailableEncryptionrXrrhrePEMriTraditionalOpenSSLr)rrMrs r0_toPrivateOpenSSH_PEMzKey._toPrivateOpenSSH_PEMs%224I%==jII 99;) #??00&&**++>> 99;)+ ++W r/c|jr|j|S|dk(s|&|jdk(r|j||S||dk(r|j |St d|)ar Return a public or private OpenSSH string. See L{_fromString_PUBLIC_OPENSSH} and L{_fromPrivateOpenSSH_PEM} for the string formats. @param subtype: A subtype to emit. Only supported for private keys, for which the currently supported subtypes are C{'PEM'} and C{'v1'}. If not given, an appropriate default is used. @type subtype: L{str} or L{None} @param comment: Comment for a public key. @type comment: L{bytes} @param passphrase: Passphrase for a private key. @type passphrase: L{bytes} @rtype: L{bytes} )r}v1r))r}rMrrLzunknown subtype )r0rrXrrr)rrr}rMs r0_toString_OPENSSHzKey._toString_OPENSSHs& ==?(((9 9 _TYY[I5M,,W,T T _5 0---D D/y9: :r/c D|j}|j}|jr|dk(rRtjdddt j |dddgdt j |d ddgggg}n|d k(rtjdd d t j |d ddgdt j |dddgdt j |dddgdt j |dddgggg}ntd|dt|jddzdzS|dk(r|d |d}}tj||}tjdddt j |dddgdt j |d ddgdt j |dddgd t j |ddgdt j |ddgdt j |d|dz zddgdt j |d|dz zddgd t j |ddgg ggS|d k(rtjdd d t j |d ddgdt j |dddgdt j |dddgdt j |dddgd!t j |d"ddggggStd|d#)$z Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats. @rtype: L{bytes} rKrrrrriNrrrLrrrkrrlrrmrrorrrr/}rrrrarqbcrr') rdrXr0rrrr5r(rrrr)rkwargsrdrXkeyDatarkrlrs r0 _toString_LSHzKey._toString_LSHseyy{yy{ ==?u}*** 1!%vyyc';AB'? @!%vyyc';AB'? @  *** &!%vyyc';AB'? @!%vyyc';AB'? @!%vyyc';AB'? @!%vyyc';AB'? @    "$5dV"<==+g.66ucBBTI Iu}Cy$s)1''1-zz+ ,!%vyyc';AB'? @!%vyyc';AB'? @!%vyyc';AB'? @!%vyy|AB'7 8!%vyy|AB'7 8!%vyyca!e1D'Eab'I J!%vyyca!e1D'Eab'I J!%vyyqr': ;  $zz+ &!%vyyc';AB'? @!%vyyc';AB'? @!%vyyc';AB'? @!%vyyc';AB'? @!%vyyc';AB'? @    "$5dV1"=>>r/c |j}|js|jdk(r|d|d|d|d|d|df}n)|jdk(r|d|d|d |d |d f}tj|j d j ttjzSy )z Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format. @rtype: L{bytes} rKrrrrrkrlrLrmrorr/N) rdr0rXrrrRrmapr5)rrrdvaluess r0_toString_AGENTV3zKey._toString_AGENTV3Isyy{}}yy{e#IIIIII %s)T#YS 49d3iP99T\\^,sxxFIIv8N/OO Or/cl|j}||j}|j|}|td|d|d|dk(rF|jj |t j|}tj|}n|dk(rX|jj ||}t|\}}tjt|dt|dz}n.|dk(r|jj |tj|} t| \}}t|} t|} t| dturt| d} n| d} | d zrd | z} t| dturt| d} n| d} | d zrd | z} tjtj| tj| z}n3|d k(r.tj|jj |}tj|zS) a Sign some data with this key. SECSH-TRANS RFC 4253 Section 6.6. @type data: L{bytes} @param data: The data to sign. @type signatureType: L{bytes} @param signatureType: The SSH public key algorithm name to sign this data with, or L{None} to use a reasonable default for the key. @rtype: L{bytes} @return: A signature for the given data. zpublic key signature algorithm z is not defined for z keysrKrLr#rr))rXrRr_r2rsignrPKCS1v15rrr#rrECDSArHr6)rrdr^r hashAlgorithmsigretrs signaturerRsbrcompscomps r0rzKey.sign_s ))+  !LLNM..}=  ,1-A&iu.  e //&&tW-=-=-?OC))C.C  //&&t];C)#.FQ ))LB/,q"2EEFC _,,T288M3JKI))4FQaBaBBqE{c!BqE 1t|r\BqE{c!BqE 1t|r\))FIIbMFIIbM9:C  !))DOO0067Cyy'#--r/ct|dk(rdtj|}}ntj|\}}|j |}|y|j }|dk(r\|j }|js|j}tj|d|tj|f}n|dk(rtj|d}tj|ddd } tj|ddd } t| | }|j }|js|j}|||f}n|d k(rtj|d}tj|d \} } } tj| d } tj| d } t| | }|j }|js|j}||tj|f}nK|d k(rF|j }|js|j}tj|d|f} j y #t"$rYywxYw)a Verify a signature using this key. @type signature: L{bytes} @param signature: The signature to verify. @type data: L{bytes} @param data: The signed data. @rtype: L{bool} @return: C{True} if the signature is valid. (rhNFrKrrLrbigr#r^r)T)rrrrtr_rXrr0rwrrr from_bytesr$rrverifyr )rrrdr^rrrargsconcatenatedSignaturerrrstrsstrrs r0rz Key.verifys$ y>R '1699Y3G9M'-||I'> $M9..}=  ))+ e A==?LLN Y'*  " D  $*LL$;A$> !4Sb95AA4RS95AA,Q2IA==?LLNt]3D _$*LL$;A$> !%||,A1E D$tU+AtU+A,Q2IA==?LLNtRXXm%<=D  !A==?LLNLL+A.5D  AHHdO   sI!! I-,I-)NN)NNNN)N)r objectreturnbool)rrH)rz&Literal['RSA', 'DSA', 'EC', 'Ed25519'])rzdict[str, Any])NNN)0r*r+r,r- classmethodrZrTrrrrrrrrrr_rrrrr}rr!r<r0rBr9r:rIrXrRrVr_r3rdr~r{r"rrrrrrrrrr.r/r0rPrPs*>>(%,%,N6?6?pH?H?T**(V=V=p6:6:pAA8DD>#D#DJ.=.=`>**X  D>6,$"*$X 5"4!;!;&TPO.0 $06 (JJX:;xQ;f! i l #  :O  :OxJ4<)|8;:P?dP,J.XDr/rPc0|jjd|jstjd|t }|j tjjtjjtj}|j||jd5}tj|j!dt }t#|cdddS#1swYyxYw) a This function returns a persistent L{Key}. The key is loaded from a PEM file in C{location}. If it does not exist, a key with the key size of C{keySize} is generated and saved. @param location: Where the key is stored. @type location: L{twisted.python.filepath.FilePath} @param keySize: The size of the key, if it needs to be generated. @type keySize: L{int} @returns: A persistent key. @rtype: L{Key} T)ignoreExistingDirectoryi)public_exponentrar)encodingrHencryption_algorithmrRN)passwordr)parentmakedirsexistsrgenerate_private_keyr rhrrerrirrj setContentrSrrUrP)locationr privateKeypemkeyFiles r0_getPersistentRSAKeyrs  OOt< ?? --!G_=N &&"++// ..AA!.!;!;!='  C t "77 LLNT?3D : s 9D  D)i)Nr- __future__rrFrrArbase64rrrhashlibrrtypingr r cryptographyr cryptography.exceptionsr cryptography.hazmat.backendsr cryptography.hazmat.primitivesr r)cryptography.hazmat.primitives.asymmetricrrrrr&cryptography.hazmat.primitives.ciphersrrr,cryptography.hazmat.primitives.serializationrrrtwisted.conch.sshrrtwisted.conch.ssh.commonrtwisted.pythonrtwisted.python.compatrrtwisted.python.constantsr r!twisted.python.deprecater"/cryptography.hazmat.primitives.asymmetric.utilsr#r$ ImportErrorr%r& SECP256R1 SECP384R1 SECP521R1rzrrr Exceptionr(r2r5r7r9r=rNrPrr.r/r0rs9 # 66 48@TTLL+1$99@ )BLLN(BLLN(BLLN  ++--) 9 $$"9>XXv2(O6s E EE