HOME


Mini Shell 1.0
DIR: /usr/lib/python3/dist-packages/twisted/conch/ssh/__pycache__/
Upload File :
Current File : //usr/lib/python3/dist-packages/twisted/conch/ssh/__pycache__/keys.cpython-312.pyc
�

Ϫ�f�����dZddlmZddlZddlZddlZddlZddlmZm	Z	m
Z
ddlmZm
Z
ddlmZddlZddlmZddlmZdd	lmZdd
lmZmZddlmZmZmZmZmZddl m!Z!m"Z"m#Z#dd
l$m%Z%m&Z&ddlm'Z'ddl(m)Z)m*Z*ddl+m,Z,ddl-m.Z.ddl/m0Z0m1Z1ddl2m3Z3m4Z4ddl5m6Z6	ddl7m8Z8m9Z9ejz�ej|�ej~�d�Z@dddd�ZAej�ZBej�ZCGd�deD�ZEGd�deD�ZFGd �d!eD�ZGGd"�d#eD�ZHGd$�d%e4�ZIGd&�d'eD�ZJd(�ZKGd)�d*�ZLd,d+�ZMy#e:$rddl7m;Z8m<Z9Y��wxYw)-z0
Handling of RSA, DSA, ECDSA, and Ed25519 keys.
�)�annotationsN)�	b64encode�decodebytes�encodebytes)�md5�sha256)�Any)�utils)�InvalidSignature)�default_backend)�hashes�
serialization)�dsa�ec�ed25519�padding�rsa)�Cipher�
algorithms�modes)�load_pem_private_key�load_ssh_public_key)�Literal)�common�sexpy)�int_to_bytes)�	randbytes)�	iterbytes�nativeString)�
NamedConstant�Names)�_mutuallyExclusiveArguments)�decode_dss_signature�encode_dss_signature)�decode_rfc6979_signature�encode_rfc6979_signature)secdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521snistp256snistp384snistp521)s	secp256r1s	secp384r1s	secp521r1c��eZdZdZy)�BadKeyErrorzj
    Raised when a key isn't what we expected from it.

    XXX: we really need to check for bad keys
    N��__name__�
__module__�__qualname__�__doc__���8/usr/lib/python3/dist-packages/twisted/conch/ssh/keys.pyr(r(Ds��r/r(c��eZdZdZy)�BadSignatureAlgorithmErrorzi
    Raised when a public key signature algorithm name isn't defined for this
    public key format.
    Nr)r.r/r0r2r2L���r/r2c��eZdZdZy)�EncryptedKeyErrorzb
    Raised when an encrypted key is presented to fromString/fromFile without
    a password.
    Nr)r.r/r0r5r5Sr3r/r5c��eZdZdZy)�BadFingerPrintFormatzS
    Raises when unsupported fingerprint formats are presented to fingerprint.
    Nr)r.r/r0r7r7Zs��r/r7c�,�eZdZdZe�Ze�Zy)�FingerprintFormatsa�
    Constants representing the supported formats of key fingerprints.

    @cvar MD5_HEX: Named constant representing fingerprint format generated
        using md5[RFC1321] algorithm in hexadecimal encoding.
    @type MD5_HEX: L{twisted.python.constants.NamedConstant}

    @cvar SHA256_BASE64: Named constant representing fingerprint format
        generated using sha256[RFC4634] algorithm in base64 encoding
    @type SHA256_BASE64: L{twisted.python.constants.NamedConstant}
    N)r*r+r,r-r �MD5_HEX�
SHA256_BASE64r.r/r0r9r9`s��
��o�G�!�O�Mr/r9c��eZdZdZy)�PassphraseNormalizationErrorz�
    Raised when a passphrase contains Unicode characters that cannot be
    normalized using the available Unicode character database.
    Nr)r.r/r0r=r=qr3r/r=c��t|t�rAtd�|D��r
t��t	j
d|�j
d�S|S)a�
    Normalize a passphrase, which may be Unicode.

    If the passphrase is Unicode, this follows the requirements of U{NIST
    800-63B, section
    5.1.1.2<https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver>}
    for Unicode characters in memorized secrets: it applies the
    Normalization Process for Stabilized Strings using NFKC normalization.
    The passphrase is then encoded using UTF-8.

    @type passphrase: L{bytes} or L{unicode} or L{None}
    @param passphrase: The passphrase to normalize.

    @return: The normalized passphrase, if any.
    @rtype: L{bytes} or L{None}
    @raises PassphraseNormalizationError: if the passphrase is Unicode and
    cannot be normalized using the available Unicode character database.
    c3�LK�|]}tj|�dk(���y�w)�CnN)�unicodedata�category)�.0�cs  r0�	<genexpr>z'_normalizePassphrase.<locals>.<genexpr>�s ����C�1�{�#�#�A�&�$�.�C�s�"$�NFKCzUTF-8)�
isinstance�str�anyr=rA�	normalize�encode��
passphrases r0�_normalizePassphraserNxsM��&�*�c�"��C�
�C�C�/�0�0��$�$�V�Z�8�?�?��H�H��r/c��eZdZdZed.d��Zed.d��Zed��Zed��Zed��Z	ed��Z
ed	��Zed
��Zed��Z
ed��Zed
��Zed��Zed/d��Zed0d��Zed0d��Zed0d��Zed0d��Zd�Zd1d�Zd2d�Zd�Zd�Zej8fd�Zd3d�Zd�Zd�Z d�Z!d�Z"d4d�Z#d �Z$d!�Z%e&d"d#gd"d$gg�d/d%��Z'd0d&�Z(d.d'�Z)d0d(�Z*d5d)�Z+d*�Z,d+�Z-d0d,�Z.d-�Z/y)6�Keyau
    An object representing a key.  A key can be either a public or
    private key.  A public key can verify a signature; a private key can
    create or verify a signature.  To generate a string that can be stored
    on disk, use the toString method.  If you have a private key, but want
    the string representation of the public key, use Key.public().toString().
    Nc��t|d�5}|j|j�||�cddd�S#1swYyxYw)a�
        Load a key from a file.

        @param filename: The path to load key data from.

        @type type: L{str} or L{None}
        @param type: A string describing the format the key data is in, or
        L{None} to attempt detection of the type.

        @type passphrase: L{bytes} or L{None}
        @param passphrase: The passphrase the key is encrypted with, or L{None}
        if there is no encryption.

        @rtype: L{Key}
        @return: The loaded key.
        �rbN)�open�
fromString�read)�cls�filename�typerM�fs     r0�fromFilezKey.fromFile�s;��$�(�D�
!�	>�Q��>�>�!�&�&�(�D�*�=�	>�	>�	>�s	�!8�Ac�j�t|t�r|jd�}t|�}|�|j	|�}|�td|����t
|d|j���d�}|�td|����|jjdk(r|rtd��||�S|||�S)a
        Return a Key object corresponding to the string data.
        type is optionally the type of string, matching a _fromString_*
        method.  Otherwise, the _guessStringType() classmethod will be used
        to guess a type.  If the key is encrypted, passphrase is used as
        the decryption key.

        @type data: L{bytes}
        @param data: The key data.

        @type type: L{str} or L{None}
        @param type: A string describing the format the key data is in, or
        L{None} to attempt detection of the type.

        @type passphrase: L{bytes} or L{None}
        @param passphrase: The passphrase the key is encrypted with, or L{None}
        if there is no encryption.

        @rtype: L{Key}
        @return: The loaded key.
        �utf-8Nzcannot guess the type of �_fromString_zno _fromString method for �zkey not encrypted)
rGrHrKrN�_guessStringTyper(�getattr�upper�__code__�co_argcount)rV�datarXrM�methods     r0rTzKey.fromString�s���.�d�C� ��;�;�w�'�D�)�*�5�
��<��'�'��-�D��<�� 9�$��B�C�C����T�Z�Z�\�N�;�T�B���>�� :�4�&�A�B�B��?�?�&�&�!�+��!�"5�6�6��$�<���$�
�+�+r/c
��tj|�\}}|dk(rMtj|d�\}}}|tj||�jt
���S|dk(rftj|d�\}}}}	}|tj|	tj|||����jt
���S|tvrD|tjjt|tj|d�d��S|dk(r)tj|�\}
}|j|
�Std	|����)
a�
        Return a public key object corresponding to this public key blob.
        The format of a RSA public key blob is::
            string 'ssh-rsa'
            integer e
            integer n

        The format of a DSA public key blob is::
            string 'ssh-dss'
            integer p
            integer q
            integer g
            integer y

        The format of ECDSA-SHA2-* public key blob is::
            string 'ecdsa-sha2-[identifier]'
            integer x
            integer y

            identifier is the standard NIST curve name.

        The format of an Ed25519 public key blob is::
            string 'ssh-ed25519'
            string a

        @type blob: L{bytes}
        @param blob: The key data.

        @return: A new key.
        @rtype: L{twisted.conch.ssh.keys.Key}
        @raises BadKeyError: if the key type (the first string) is unknown.
        �ssh-rsar^�ssh-dss���p�q�g��y�parameter_numbers��ssh-ed25519�unknown blob type: )r�getNS�getMPr�RSAPublicNumbers�
public_keyrr�DSAPublicNumbers�DSAParameterNumbers�_curveTabler�EllipticCurvePublicKey�from_encoded_point�_fromEd25519Componentsr()rV�blob�keyType�rest�e�nrkrlrmro�as           r0�_fromString_BLOBzKey._fromString_BLOB�s?��D���T�*�
����j� ����d�A�.�J�A�q�$��s�+�+�A�q�1�<�<�_�=N�O�P�P�
�
�
"�%�|�|�D�!�4��A�q�!�Q����$�$��3�+B�+B�Q�!�q�+Q���*�_�.�/��
�
��
#���)�)�<�<���(�&�,�,�t�Q�*?��*B���
�
��
&��l�l�4�(�G�A�t��-�-�a�0�0�� 3�G�9�=�>�>r/c��tj|�\}}|dk(r4tj|d�\}}}}}}	}|j|||||	��S|dk(r3tj|d�\}}	}
}}}|j	||
||	|��S|t
vr�t
|}
tj|d�\}}	}|t|
jjd�k7rtd	|�d
|����tj|�\}}|j|	||��S|dk(r2tj|d�\}}}|d
d}|j||��Std|����)a6
        Return a private key object corresponding to this private key blob.
        The blob formats are as follows:

        RSA keys::
            string 'ssh-rsa'
            integer n
            integer e
            integer d
            integer u
            integer p
            integer q

        DSA keys::
            string 'ssh-dss'
            integer p
            integer q
            integer g
            integer y
            integer x

        EC keys::
            string 'ecdsa-sha2-[identifier]'
            string identifier
            string q
            integer privateValue

            identifier is the standard NIST curve name.

        Ed25519 keys::
            string 'ssh-ed25519'
            string a
            string k || a


        @type blob: L{bytes}
        @param blob: The key data.

        @return: A new key.
        @rtype: L{twisted.conch.ssh.keys.Key}
        @raises BadKeyError: if
            * the key type (the first string) is unknown
            * the curve name of an ECDSA key does not match the key type
        rg��r�r��drkrlrh��rormrkrl�xr^�asciizECDSA curve name z does not match key type )�encodedPoint�curve�privateValuerrN� )�krs)rrtru�_fromRSAComponents�_fromDSAComponentsrz�
_secToNist�namerKr(�_fromECEncodedPointr})rVr~rr�r�r�r��urkrlrmror�r��	curveNamer�r��combinedr�s                   r0�_fromString_PRIVATE_BLOBzKey._fromString_PRIVATE_BLOBs���\���T�*�
����j� �%+�\�\�$��%:�"�A�q�!�Q��1�d��)�)�A��a�1��)�B�B�
�
�
"�"(�,�,�t�Q�"7��A�q�!�Q��4��)�)�A��a�1��)�B�B�
��
#���(�E�!'���d�A�!6��I�q�$��J�u�z�z�'8�'8��'A�B�B�!�!*�G�5���"(���d�!3��L�$��*�*��g�L�+��
���
&�!'���T�1� 5��A�x����"�
�A��-�-�a�1�-�5�5�� 3�G�9�=�>�>r/c��|jd�r|t|t���St|j	�d�}|j|�S)a�
        Return a public key object corresponding to this OpenSSH public key
        string.  The format of an OpenSSH public key string is::
            <key type> <base64-encoded public key blob>

        @type data: L{bytes}
        @param data: The key data.

        @return: A new key.
        @rtype: L{twisted.conch.ssh.keys.Key}
        @raises BadKeyError: if the blob type is unknown.
        s
ecdsa-sha2rq)�
startswithrrr�splitr�)rVrdr~s   r0�_fromString_PUBLIC_OPENSSHzKey._fromString_PUBLIC_OPENSSHasK�� �?�?�=�)��*�4��1B�C�D�D��4�:�:�<��?�+���#�#�D�)�)r/c	���|j�j�}tdj|dd��}|j	d�std��|t
d�d}tj|d�\}}}}tjd|dd	�d
}	|	dk7rtd��tj|d	dd�\}
}}
|d
k7�r/|std��|dvr&tj}d}
t|dd�dz}|
}ntd|����|dk(rRtj|�\}}tjd|dd	�d
}tj ||||z|d��}ntd|����t
|�|
zd
k7rtd��t#||d|�t%j&||||z�t)���j+�}|j-|�|j/�z}n|d
k7rtd|�d���|}tjd|dd	�d
}tjd|d	d�d
}||k7rtd||fz��|j1|dd�S)a*
        Return a private key object corresponding to this OpenSSH private key
        string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.

        The format of an openssh-key-v1 private key string is::
            -----BEGIN OPENSSH PRIVATE KEY-----
            <base64-encoded SSH protocol string>
            -----END OPENSSH PRIVATE KEY-----

        The SSH protocol string is as described in
        U{PROTOCOL.key<https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key>}.

        @type data: L{bytes}
        @param data: The key data.

        @type passphrase: L{bytes} or L{None}
        @param passphrase: The passphrase the key is encrypted with, or L{None}
        if it is not encrypted.

        @return: A new key.
        @rtype: L{twisted.conch.ssh.keys.Key}
        @raises BadKeyError: if
            * a passphrase is provided for an unencrypted key
            * the SSH protocol encoding is incorrect
        @raises EncryptedKeyError: if
            * a passphrase is not provided for an encrypted key
        r/rq����openssh-key-v1z"unknown OpenSSH private key formatN��!LrirzDonly OpenSSH private key files containing a single key are supportedr^�none�0Passphrase must be provided for an encrypted key)s
aes128-ctrs
aes192-ctr�
aes256-ctr�r��zunknown encryption type �bcryptT)�ignore_few_roundszunknown KDF type zbad padding��backendzprivate key specifies KDF z but no cipherz#check values do not match: %d != %d)�strip�
splitlinesr�joinr�r(�lenrrt�struct�unpackr5r�AES�int�bcrypt�kdfrr�CTRr�	decryptor�update�finalizer�)rVrdrM�lines�keyList�cipherr��
kdfOptionsr�r��_�encPrivKeyList�algorithmClass�	blockSize�keySize�ivSize�salt�rounds�decKeyr��privKeyList�check1�check2s                       r0�_fromPrivateOpenSSH_v1zKey._fromPrivateOpenSSH_v1vs���:�
�
��'�'�)���c�h�h�u�Q�r�{�3�4���!�!�"5�6��B�C�C��#�1�2�4�5��(.���W�a�(@�%���Z���M�M�$��R�a��)�!�,����6��-��
�
 &�|�|�D���H�a�8���>�1��W���'�I����F�F�!+�����	��f�Q�q�k�*�a�/��"��!�$<�V�J�"G�H�H��i��#�\�\�*�5�
��d����t�T�"�1�X�6�q�9��������f�$��&*�
��"�$5�c�W�"=�>�>��N�#�i�/�A�5�!�-�0�0���v�h�w�/�0��	�	�&��7�V�+;�<�=�'�)���i�k�	
�
$�*�*�>�:�Y�=O�=O�=Q�Q�K��g�~�!�GJ�L���)�K����t�[��!�_�5�a�8�����t�[��1�%5�6�q�9���V���C�v�v�FV�V�W�W��+�+�K���O�<�<r/c��|j�j�}|ddd}|sd}|dvr	t||t��}||�Std|����#t$rtd��t$rtd��wxYw)	a�
        Return a private key object corresponding to this OpenSSH private key
        string, in the old PEM-based format.

        The format of a PEM-based OpenSSH private key string is::
            -----BEGIN <key type> PRIVATE KEY-----
            [Proc-Type: 4,ENCRYPTED
            DEK-Info: DES-EDE3-CBC,<initialization value>]
            <base64-encoded ASN.1 structure>
            ------END <key type> PRIVATE KEY------

        The ASN.1 structure of a RSA key is::
            (0, n, e, d, p, q)

        The ASN.1 structure of a DSA key is::
            (0, p, q, g, y, x)

        The ASN.1 structure of a ECDSA key is::
            (ECParameters, OID, NULL)

        @type data: L{bytes}
        @param data: The key data.

        @type passphrase: L{bytes} or L{None}
        @param passphrase: The passphrase the key is encrypted with, or L{None}
        if it is not encrypted.

        @return: A new key.
        @rtype: L{twisted.conch.ssh.keys.Key}
        @raises BadKeyError: if
            * a passphrase is provided for an unencrypted key
            * the ASN.1 encoding is incorrect
        @raises EncryptedKeyError: if
            * a passphrase is not provided for an encrypted key
        r����N)sECsRSAsDSAr�z&Failed to decode key (Bad Passphrase?)�unknown key type )r�r�rr�	TypeErrorr5�
ValueErrorr()rVrdrMr��kind�keys      r0�_fromPrivateOpenSSH_PEMzKey._fromPrivateOpenSSH_PEM�s���J�
�
��'�'�)���Q�x��3�����J��*�*�
L�*�4��_�=N�O���s�8�O�� 1�$��8�9�9���
�'�F����
L�!�"J�K�K�
L�s�A�(Bc��|j�j�ddddk(r|j||�S|j||�S)a�
        Return a private key object corresponding to this OpenSSH private key
        string.  If the key is encrypted, passphrase MUST be provided.
        Providing a passphrase for an unencrypted key is an error.

        @type data: L{bytes}
        @param data: The key data.

        @type passphrase: L{bytes} or L{None}
        @param passphrase: The passphrase the key is encrypted with, or L{None}
        if it is not encrypted.

        @return: A new key.
        @rtype: L{twisted.conch.ssh.keys.Key}
        @raises BadKeyError: if
            * a passphrase is provided for an unencrypted key
            * the encoding is incorrect
        @raises EncryptedKeyError: if
            * a passphrase is not provided for an encrypted key
        rr�r�sOPENSSH)r�r�r�r�)rVrdrMs   r0�_fromString_PRIVATE_OPENSSHzKey._fromString_PRIVATE_OPENSSHsO��,�:�:�<�"�"�$�Q�'��3�/�:�=��-�-�d�J�?�?��.�.�t�Z�@�@r/c��tjt|dd��}|ddk(sJ�i}|dddD]3\}}tjtj
|��d||<�5|dddk(r!|j
|d|d|d	|d
��S|dddk(r|j|d
|d��Std|dd����)a
        Return a public key corresponding to this LSH public key string.
        The LSH public key string format is::
            <s-expression: ('public-key', (<key type>, (<name, <value>)+))>

        The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e.
        The names for a DSA (key type 'dsa') key are: y, g, p, q.

        @type data: L{bytes}
        @param data: The key data.

        @return: A new key.
        @rtype: L{twisted.conch.ssh.keys.Key}
        @raises BadKeyError: if the key type is unknown
        rqr�r�
public-keyN�dsa�y�g�p�q�rormrkrl�rsa-pkcs1-sha1�n�e�r�r��unknown lsh key type )	r�parserrru�NSr�r�r(�rVrd�sexp�kdr�s     r0�_fromString_PUBLIC_LSHzKey._fromString_PUBLIC_LSH%s���"�{�{�;�t�A�b�z�2�3���A�w�-�'�'�'�
���q�'�!�"�+�	8�J�D�$��|�|�F�I�I�d�O�4�Q�7�B�t�H�	8���7�1�:����)�)��T�(�b��h�"�T�(�b��h�*��
��!�W�Q�Z�,�
,��)�)�B�t�H��4��)�A�A�� 5�d�1�g�a�j�\�B�C�Cr/c�X�tj|�}|ddk(sJ�i}|dddD]3\}}tjtj|��d||<�5|dddk(rCt|�dk(sJt|���|j
|d|d|d	|d
|d��S|ddd
k(r_t|�dk(sJt|���|d	|d
kDr|d
|d	c|d	<|d
<|j|d|d|d|d	|d
��Std|dd����)a+
        Return a private key corresponding to this LSH private key string.
        The LSH private key string format is::
            <s-expression: ('private-key', (<key type>, (<name>, <value>)+))>

        The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q.
        The names for a DSA (key type 'dsa') key are: y, g, p, q, x.

        @type data: L{bytes}
        @param data: The key data.

        @return: A new key.
        @rtype: L{twisted.conch.ssh.keys.Key}
        @raises BadKeyError: if the key type is unknown
        r�private-keyrqNr�r�r�r�r�r��xr��	rsa-pkcs1r�r�r��dr�r�)	rr�rrur�r�r�r�r(r�s     r0�_fromString_PRIVATE_LSHzKey._fromString_PRIVATE_LSHEsp��"�{�{�4� ���A�w�.�(�(�(�
���q�'�!�"�+�	8�J�D�$��|�|�F�I�I�d�O�4�Q�7�B�t�H�	8���7�1�:����r�7�a�<�(��R��(�<��)�)��T�(�b��h�"�T�(�b��h�"�T�(�*��
��!�W�Q�Z�<�
'��r�7�a�<�(��R��(�<��$�x�"�T�(�"�%'��X�r�$�x�"��4��"�T�(��)�)��T�(�b��h�"�T�(�b��h�"�T�(�*��
�
� 5�d�1�g�a�j�\�B�C�Cr/c���tj|�\}}|dk(r�tj|�\}}tj|�\}}tj|�\}}tj|�\}}tj|�\}}|j|||||��S|dk(r�tj|�\}}tj|�\}	}tj|�\}
}tj|�\}}tj|�\}}tj|�\}}|j	|
||	|||��Std|����)a�
        Return a private key object corresponsing to the Secure Shell Key
        Agent v3 format.

        The SSH Key Agent v3 format for a RSA key is::
            string 'ssh-rsa'
            integer e
            integer d
            integer n
            integer u
            integer p
            integer q

        The SSH Key Agent v3 format for a DSA key is::
            string 'ssh-dss'
            integer p
            integer q
            integer g
            integer y
            integer x

        @type data: L{bytes}
        @param data: The key data.

        @return: A new key.
        @rtype: L{twisted.conch.ssh.keys.Key}
        @raises BadKeyError: if the key type (the first string) is unknown
        rhr�rg�r�r�r�rkrlr�r�)rrtrur�r�r()rVrdrrkrlrmror�r�r�r�r�s            r0�_fromString_AGENTV3zKey._fromString_AGENTV3ks9��<���T�*�
����j� ��l�l�4�(�G�A�t��l�l�4�(�G�A�t��l�l�4�(�G�A�t��l�l�4�(�G�A�t��l�l�4�(�G�A�t��)�)�A��a�1��)�B�B�
�
�
"��l�l�4�(�G�A�t��l�l�4�(�G�A�t��l�l�4�(�G�A�t��l�l�4�(�G�A�t��l�l�4�(�G�A�t��l�l�4�(�G�A�t��)�)�A��a�1��Q�)�G�G�� 1�'��;�<�<r/c��|jd�s|jd�ry|jd�ry|jd�ry|jd�ry	|jd
�s"|jd�s|jd�rCtj|�\}}d
}|r |dz
}tj|�\}}|r� |dkDryyy)z�
        Guess the type of key in data.  The types map to _fromString_*
        methods.

        @type data: L{bytes}
        @param data: The key data.
        sssh-�ecdsa-sha2-�public_opensshs
-----BEGIN�private_openssh�{�
public_lsh�(�private_lshsssh-s
ecdsa-sssh-ed25519rrqri�agentv3r~N)r�rrtru)rVrd�ignoredr��counts     r0r_zKey._guessStringType�s����?�?�7�#�t���~�'F�#�
�_�_�]�
+�$�
�_�_�T�
"��
�_�_�T�
"� ��O�O�3�4����8�9����=�>�"�L�L��.�M�G�T��E����
�� &���T� 2�
�����q�y� ��?r/c�Z�tj||��}|�|jt��}nqtj|||tj
||�tj||�tj||�|��}	|	jt��}||�S)a�
        Build a key from RSA numerical components.

        @type n: L{int}
        @param n: The 'n' RSA variable.

        @type e: L{int}
        @param e: The 'e' RSA variable.

        @type d: L{int} or L{None}
        @param d: The 'd' RSA variable (optional for a public key).

        @type p: L{int} or L{None}
        @param p: The 'p' RSA variable (optional for a public key).

        @type q: L{int} or L{None}
        @param q: The 'q' RSA variable (optional for a public key).

        @type u: L{int} or L{None}
        @param u: The 'u' RSA variable. Ignored, as its value is determined by
        p and q.

        @rtype: L{Key}
        @return: An RSA key constructed from the values as given.
        )r�r�)rkrlr��dmp1�dmq1�iqmp�public_numbers)	rrvrwr�RSAPrivateNumbers�rsa_crt_dmp1�rsa_crt_dmq1�rsa_crt_iqmp�private_key)
rVr�r�r�rkrlr��
publicNumbers�	keyObject�privateNumberss
          r0r�zKey._fromRSAComponents�s���6�,�,�q�A�6�
��9�%�0�0��1B�C�I� �2�2�����%�%�a��+��%�%�a��+��%�%�a��+�,��N�'�2�2�?�3D�E�I��9�~�r/c��tj|tj|||����}|�|jt	��}n0tj
||��}|j
t	��}||�S)a
        Build a key from DSA numerical components.

        @type y: L{int}
        @param y: The 'y' DSA variable.

        @type p: L{int}
        @param p: The 'p' DSA variable.

        @type q: L{int}
        @param q: The 'q' DSA variable.

        @type g: L{int}
        @param g: The 'g' DSA variable.

        @type x: L{int} or L{None}
        @param x: The 'x' DSA variable (optional for a public key)

        @rtype: L{Key}
        @return: A DSA key constructed from the values as given.
        rjrn)r�r)rrxryrwr�DSAPrivateNumbersr)	rVrorkrlrmr�rr	r
s	         r0r�zKey._fromDSAComponents�sq��.�,�,��3�#:�#:�Q�!�q�#I�
�
�
�9�%�0�0��1B�C�I� �2�2�Q�}�U�N�&�2�2�?�3D�E�I��9�~�r/c���tj||t|��}|�|jt	��}n0tj
||��}|j
t	��}||�S)a�
        Build a key from EC components.

        @param x: The affine x component of the public point used for verifying.
        @type x: L{int}

        @param y: The affine y component of the public point used for verifying.
        @type y: L{int}

        @param curve: NIST name of elliptic curve.
        @type curve: L{bytes}

        @param privateValue: The private value.
        @type privateValue: L{int}
        �r�ror�)�
private_valuer)r�EllipticCurvePublicNumbersrzrwr�EllipticCurvePrivateNumbersr)rVr�ror�r�rr	r
s        r0�_fromECComponentszKey._fromECComponentsso��$�5�5��1�K��.�
�
���%�0�0��1B�C�I��;�;�*�=��N�'�2�2�?�3D�E�I��9�~�r/c��|�(tjjt||�}n&tj|t|t��}||�S)aa
        Build a key from an EC encoded point.

        @param encodedPoint: The public point encoded as in SEC 1 v2.0
        section 2.3.3.
        @type encodedPoint: L{bytes}

        @param curve: NIST name of elliptic curve.
        @type curve: L{bytes}

        @param privateValue: The private value.
        @type privateValue: L{int}
        )rr{r|rz�derive_private_keyr)rVr�r�r�r	s     r0r�zKey._fromECEncodedPoint,sW�� ���1�1�D�D��E�"�L��I��-�-��k�%�0�/�2C��I��9�~�r/c��t�t�td��|�tj|�}ntj	|�}||�S)aBuild a key from Ed25519 components.

        @param a: The Ed25519 public key, as defined in RFC 8032 section
            5.1.5.
        @type a: L{bytes}

        @param k: The Ed25519 private key, as defined in RFC 8032 section
            5.1.5.
        @type k: L{bytes}
        z)Ed25519 keys not supported on this system)�Ed25519PublicKey�Ed25519PrivateKeyr(�from_public_bytes�from_private_bytes)rVr�r�r	s    r0r}zKey._fromEd25519ComponentsHsK���#�'8�'@��I�J�J��9�(�:�:�1�=�I�)�<�<�Q�?�I��9�~�r/c��||_y)z�
        Initialize with a private or public
        C{cryptography.hazmat.primitives.asymmetric} key.

        @param keyObject: Low level key.
        @type keyObject: C{cryptography.hazmat.primitives.asymmetric} key.
        N)�
_keyObject)�selfr	s  r0�__init__zKey.__init___s��$��r/c��t|t�rD|j�|j�k(xr!|j�|j�k(StS)zN
        Return True if other represents an object with the same key.
        )rGrPrXrd�NotImplemented)r�others  r0�__eq__z
Key.__eq__isA���e�S�!��9�9�;�%�*�*�,�.�N�4�9�9�;�%�*�*�,�3N�N�!�!r/c��|j�dk(r�|j�}|djd�}|j�r
d|dd�d�}n	d|dd�d�}t	|j��D]\}}|dk(r	|d	|��z
}�|d
|�d|��z
}� |dzSd
t
|j���d|j�xrdxsd�d|j��d�g}t	|j�j��D]�\}}|jd|�d��|j�dk(r|ntj|�dd}|s�K|dd}|dd}d}	t|�D]}
|	t|
�d�d�z}	�t|�dkr|	dd}	|jd|	z�|r�X��|ddz|d<d
j|�S)z@
        Return a pretty representation of this object.
        �ECr�r\z<Elliptic Curve Public Key (���Nz bits)z<Elliptic Curve Private Key (z	
curve:
	�
z:
	z>
�<� z
Public KeyzPrivate Keyz (zattr �:�Ed25519ri���02xr��	�>)rXrd�decode�isPublic�sorted�itemsr�size�appendr�MPr�ordr�r�)rrdr��outr��vr��by�m�orDs           r0�__repr__zKey.__repr__rs����9�9�;�$���9�9�;�D���=�'�'��0�D��}�}��4�T�"�#�Y�K�v�F��5�d�2�3�i�[��G���t�z�z�|�,�
,���1���<��\�$��0�0�C��R��s�%��s�+�+�C�	
,���;���(!�����-��M�M�O�4��E�
�E��I�I�K�	��E��t�y�y�{�0�0�2�3�
+���1����u�Q�C�q�\�*��)�)�+��2�Q��	�	�!��Q�R�8H����3�B��A��B�C��B��A�&�q�\�1���3�q�6�#�,�a� 0�0��1��1�v��{��c�r�F���L�L����*��
+��b�	�C��E�"�I��9�9�U�#�#r/c��t|jtjtj
tjtjf�S)zl
        Check if this instance is a public key.

        @return: C{True} if this is a public key.
        )
rGrr�RSAPublicKeyr�DSAPublicKeyrr{rr�rs r0r0zKey.isPublic�sA����O�O�� � �� � ��)�)��(�(�	
�
�	
r/c�l�|j�r|St|jj��S)z�
        Returns a version of this key containing only the public key data.
        If this is a public key, this may or may not be the same object
        as self.

        @rtype: L{Key}
        @return: A public key.
        )r0rPrrwr@s r0�publicz
Key.public�s*���=�=�?��K��t���1�1�3�4�4r/c
��|tjur9ttt	|j��j
���S|tjuritdjtt|j��j
��D�cgc]}tj|���c}��Std|����cc}w)aO
        The fingerprint of a public key consists of the output of the
        message-digest algorithm in the specified format.
        Supported formats include L{FingerprintFormats.MD5_HEX} and
        L{FingerprintFormats.SHA256_BASE64}

        The input to the algorithm is the public key data as specified by [RFC4253].

        The output of sha256[RFC4634] algorithm is presented to the
        user in the form of base64 encoded sha256 hashes.
        Example: C{US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=}

        The output of the MD5[RFC1321](default) algorithm is presented to the user as
        a sequence of 16 octets printed as hexadecimal with lowercase letters
        and separated by colons.
        Example: C{c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87}

        @param format: Format for fingerprint generation. Consists
            hash function and representation format.
            Default is L{FingerprintFormats.MD5_HEX}

        @since: 8.2

        @return: the user presentation of this L{Key}'s fingerprint, as a
        string.

        @rtype: L{str}
        �:z Unsupported fingerprint format: )r9r;rrrr~�digestr:r�rr�binascii�hexlifyr7)r�formatr�s   r0�fingerprintzKey.fingerprint�s���:�'�5�5�5��	�&�����*=�*D�*D�*F� G�H�H�
�)�1�1�
1���	�	�2;�C��	�	��<L�<S�<S�<U�2V�W�Q�X�%�%�a�(�W���
�'�)I�&��'R�S�S��	Xs� Cc���t|jtjtjf�ryt|jt
jt
jf�ryt|jtjtjf�ryt|jtjtjf�rytd|j����)z�
        Return the type of the object we wrap.  Currently this can only be
        'RSA', 'DSA', 'EC', or 'Ed25519'.

        @rtype: L{str}
        @raises RuntimeError: If the object type is unknown.
        �RSA�DSAr#r)zunknown type of object: )rGrrr>�
RSAPrivateKeyrr?�
DSAPrivateKeyrr{�EllipticCurvePrivateKeyrrr�RuntimeErrorr@s r0rXzKey.type�s����d�o�o��(8�(8�#�:K�:K�'L�M��
����#�*:�*:�C�<M�<M�)N�
O��
��O�O�b�7�7��9S�9S�T�
��
��O�O�g�6�6��8Q�8Q�R�
���!9�$�/�/�9L�M�N�Nr/c���|j�dk(r9dt|jjjjd�zSdddd�|j�S)a�
        Get the type of the object we wrap as defined in the SSH protocol,
        defined in RFC 4253, Section 6.6 and RFC 8332, section 4 (this is a
        public key format name, not a public key algorithm name). Currently
        this can only be b'ssh-rsa', b'ssh-dss', b'ecdsa-sha2-[identifier]'
        or b'ssh-ed25519'.

        identifier is the standard NIST curve name

        @return: The key type format.
        @rtype: L{bytes}
        r#r�r�rgrhrr)rKrLr))rXr�rr�r�rKr@s r0�sshTypezKey.sshType�sd���9�9�;�$����D�O�O�,A�,A�,F�,F�,M�,M�g�,V�!W�W�
�
"�!�)���i�i�k�	�
r/c�R�|j�dk(rgd�S|j�gS)z�
        Get the public key signature algorithms supported by this key.

        @return: A list of supported public key signature algorithm names.
        @rtype: L{list} of L{bytes}
        rK)�rsa-sha2-512�rsa-sha2-256rg)rXrRr@s r0�supportedSignatureAlgorithmsz Key.supportedSignatureAlgorithmss'���9�9�;�%��A�A��L�L�N�#�#r/c��|j�dk(rj||j�k(rV|j�}|dkrtj�S|dkrtj
�Stj�Sytj�tj�tj�tj�tj�d�j|j�|f�S)z�
        Return a hash algorithm for this key type given an SSH signature
        algorithm name, or L{None} if no such hash algorithm is defined for
        this key type.
        r#�i�N))rKrg)rKrU)rKrT)rLrh)r)rr)	rXrRr3r
�SHA256�SHA384�SHA512�SHA1�get)r�
signatureTyper�s   r0�_getHashAlgorithmzKey._getHashAlgorithms����9�9�;�$�������.��)�)�+���c�>�!�=�=�?�*���^�!�=�=�?�*�!�=�=�?�*��&,�[�[�]�*0�-�-�/�*0�-�-�/�%+�[�[�]�-3�]�]�_���c�4�9�9�;�
�.�/�

0r/c���|j�y|j�dk(r |jjjS|j�dk(ry|jjS)zv
        Return the size of the object we wrap.

        @return: The size of the key.
        @rtype: L{int}
        rr#r)rX)rrXr��key_sizer@s r0r3zKey.size:sV���?�?�"��
�Y�Y�[�D�
 ��?�?�(�(�1�1�1�
�Y�Y�[�I�
%�����'�'�'r/c	�R	�t|jtj�r3|jj	�}|j
|jd�St|jtj�r�|jj�}|jj
|jj|j|j|jtj|j|j�d�St|jtj�rg|jj	�}|j|j j"|j j|j jd�St|jtj$�r�|jj�}|j&|jj|jj j"|jj j|jj jd�St|jt(j*�rB|jj	�}|j&|j|j-�d�St|jt(j.�ra|jj�}|jj&|jj|j0|j-�d�St|jt2j4�rNd|jj7t8j:j<t8j>j<�iSt|jt2j@�r�|jjC�j7t8j:j<t8j>j<�|jjEt8j:j<t8jFj<t9jH��d�StKd	|j����)
z_
        Return the values of the public key as a dictionary.

        @rtype: L{dict}
        r�r�r�)r�rormrkrlr)r�ror�r�r�)r�r�zUnexpected key type: )&rGrrr>rr�r�rM�private_numbersr�rkrlrrr?rorprmrNr�rr{rRrOrrr�public_bytesr�Encoding�Raw�PublicFormatrrw�
private_bytes�
PrivateFormat�NoEncryptionrP)r�rsa_pub_numbers�rsa_priv_numbers�dsa_pub_numbers�dsa_priv_numbers�ec_pub_numbers�ec_priv_numberss       r0rdzKey.dataIsr���d�o�o�s�'7�'7�8�"�o�o�<�<�>�O�$�&�&�$�&�&��
������):�):�
;�#���>�>�@��%�4�4�6�6�%�4�4�6�6�%�'�'�%�'�'�%�'�'��%�%�&6�&8�&8�:J�:L�:L�M��
������)9�)9�
:�"�o�o�<�<�>�O�$�&�&�$�6�6�8�8�$�6�6�8�8�$�6�6�8�8�	�
������):�):�
;�#���>�>�@��%�'�'�%�4�4�6�6�%�4�4�F�F�H�H�%�4�4�F�F�H�H�%�4�4�F�F�H�H��
������)B�)B�
C�!�_�_�;�;�=�N�#�%�%�#�%�%������
�
�����)C�)C�
D�"�o�o�=�=�?�O�$�3�3�5�5�$�3�3�5�5� /� =� =�����	�
������)A�)A�
B��T�_�_�1�1�!�*�*�.�.�
�0J�0J�0N�0N���
�
�����)B�)B�
C��_�_�/�/�1�>�>�!�*�*�.�.�
�0J�0J�0N�0N���_�_�2�2�!�*�*�.�.�!�/�/�3�3�!�.�.�0��		�	
��!6�t���6G�H�I�Ir/c��|j�}|j�}|dk(rGtjd�tj|d�ztj|d�zS|dk(rytjd�tj|d�ztj|d�ztj|d	�ztj|d
�zS|dk(r�|j
jjdzd
z}tj|d�tj|ddd�ztjdtj|d|�ztj|d
|�z�zS|dk(r.tjd�tj|d�zStd|����)a�
        Return the public key blob for this key. The blob is the
        over-the-wire format for public keys.

        SECSH-TRANS RFC 4253 Section 6.6.

        RSA keys::
            string 'ssh-rsa'
            integer e
            integer n

        DSA keys::
            string 'ssh-dss'
            integer p
            integer q
            integer g
            integer y

        EC keys::
            string 'ecdsa-sha2-[identifier]'
            integer x
            integer y

            identifier is the standard NIST curve name

        Ed25519 keys::
            string 'ssh-ed25519'
            string a

        @rtype: L{bytes}
        rKrgr�r�rLrhrkrlrmror#�r�r����N�r�r)rrr��unknown key type: )rXrdrr�r5rr�rar
rr()rrXrd�
byteLengths    r0r~zKey.blob�s���@�y�y�{���y�y�{���5�=��9�9�Z�(�6�9�9�T�#�Y�+?�?�&�)�)�D�QT�I�BV�V�V�
�U�]��	�	�*�%��)�)�D��I�&�'��)�)�D��I�&�'��)�)�D��I�&�'��)�)�D��I�&�	'�
��T�\��/�/�/�/�8�8�1�<��B�J��	�	�$�w�-�(��)�)�D��M�"�#�.�/�0��)�)���(�(��c��J�?�@��(�(��c��J�?�@���
��Y�
��9�9�^�,�v�y�y��c��/C�C�C�� 2�4�&�9�:�:r/c�F�|j�}|j�}|dk(r�tj|d|d�}t	j
d�t	j|d�zt	j|d�zt	j|d�zt	j|�zt	j|d�zt	j|d�zS|dk(r�t	j
d	�t	j|d�zt	j|d�zt	j|d
�zt	j|d�zt	j|d�zS|d
k(r�|jj�jtjjtjj�}t	j
|d�t	j
|ddd�zt	j
|�zt	j|d�zS|dk(rMt	j
d�t	j
|d�zt	j
|d|dz�zStd|����)a1
        Return the private key blob for this key. The blob is the
        over-the-wire format for private keys:

        Specification in OpenSSH PROTOCOL.agent

        RSA keys::

            string 'ssh-rsa'
            integer n
            integer e
            integer d
            integer u
            integer p
            integer q

        DSA keys::

            string 'ssh-dss'
            integer p
            integer q
            integer g
            integer y
            integer x

        EC keys::

            string 'ecdsa-sha2-[identifier]'
            integer x
            integer y
            integer privateValue

            identifier is the NIST standard curve name.

        Ed25519 keys::

            string 'ssh-ed25519'
            string a
            string k || a
        rKrkrlrgr�r�r�rLrhrmror�r#r�rsNr�r)rrr�r�ru)rXrdrrrr�r5rrwrdrre�X962rg�UncompressedPointr()rrXrdr�encPubs     r0�privateBlobzKey.privateBlob�sZ��R�y�y�{���y�y�{���5�=��#�#�D��I�t�C�y�9�D��	�	�*�%��)�)�D��I�&�'��)�)�D��I�&�'��)�)�D��I�&�'��)�)�D�/�	"�
�)�)�D��I�&�'��)�)�D��I�&�
'�
��U�]��	�	�*�%��)�)�D��I�&�'��)�)�D��I�&�'��)�)�D��I�&�'��)�)�D��I�&�	'�
�)�)�D��I�&�'�
��T�\��_�_�/�/�1�>�>��&�&�+�+��*�*�<�<��F�
�	�	�$�w�-�(��)�)�D��M�"�#�.�/�0��)�)�F�#�$��)�)�D��0�1�2�
��Y�
��	�	�.�)��)�)�D��I�&�'��)�)�D��I��S�	�1�2�3�
�� 2�4�&�9�:�:r/�extra�commentrMc�2�|�1tjdtd��|j�r|}n|}t	|t
�r|j
d�}t|�}t|d|j���d�}|�td|����||||��S)	a
        Create a string representation of this key.  If the key is a private
        key and you want the representation of its public key, use
        C{key.public().toString()}.  type maps to a _toString_* method.

        @param type: The type of string to emit.  Currently supported values
            are C{'OPENSSH'}, C{'LSH'}, and C{'AGENTV3'}.
        @type type: L{str}

        @param extra: Any extra data supported by the selected format which
            is not part of the key itself.  For public OpenSSH keys, this is
            a comment.  For private OpenSSH keys, this is a passphrase to
            encrypt with.  (Deprecated since Twisted 20.3.0; use C{comment}
            or C{passphrase} as appropriate instead.)
        @type extra: L{bytes} or L{unicode} or L{None}

        @param subtype: A subtype of the requested C{type} to emit.  Only
            supported for private OpenSSH keys, for which the currently
            supported subtypes are C{'PEM'} and C{'v1'}.  If not given, an
            appropriate default is used.
        @type subtype: L{str} or L{None}

        @param comment: A comment to include with the key.  Only supported
            for OpenSSH keys.

            Present since Twisted 20.3.0.

        @type comment: L{bytes} or L{unicode} or L{None}

        @param passphrase: A passphrase to encrypt the key with.  Only
            supported for private OpenSSH keys.

            Present since Twisted 20.3.0.

        @type passphrase: L{bytes} or L{unicode} or L{None}

        @rtype: L{bytes}
        Nz�The 'extra' argument to twisted.conch.ssh.keys.Key.toString was deprecated in Twisted 20.3.0; use 'comment' or 'passphrase' instead.r�)�
stacklevelr\�
_toString_ru)�subtyper}rM)�warnings�warn�DeprecationWarningr0rGrHrKrNr`rar()rrXr|r�r}rMres       r0�toStringzKey.toString$s���Z���M�M�I�#��
��}�}����"�
��g�s�#��n�n�W�-�G�)�*�5�
����D�J�J�L�>�:�D�A���>�� 2�4�&�9�:�:��g�w�:�N�Nr/c��|j�dk(rd|sd}|jjtjj
tjj
�dz|zj�St|j��jdd�}|sd}|j�dz|zdz|zj�S)a
        Return a public OpenSSH key string.

        See _fromString_PUBLIC_OPENSSH for the string format.

        @type comment: L{bytes} or L{None}
        @param comment: A comment to include with the key, or L{None} to
        omit the comment.
        r#r/� �
)rXrrdrre�OpenSSHrgr�rr~�replacerR)rr}�b64Datas   r0�_toPublicOpenSSHzKey._toPublicOpenSSHfs����9�9�;�$��������,�,�!�*�*�2�2�M�4N�4N�4V�4V�����	�
�e�g�

��d�i�i�k�*�2�2�5�#�>����G������%��/�$�6��@�G�G�I�Ir/c	���|rktj}d}d}|jdz}d}|}tj|�}	d}
tj|	�tjd|
�z}nd}d}d}d}tjd	�}||z|j�ztj|xsd�z}
d
}t|
�|zr&|dz
}|
t|dzf�z
}
t|
�|zr�&|r�tj|	zd�}t|d
|�tj ||||z�t#���j%�}|j'|
�|j)�z}n|
}dtj|�ztj|�ztj|�ztjdd�ztj|j+��ztj|�z}t-|�j/dd�}dgt1d
t|�d�D�cgc]
}|||dz��c}zdgz}dj3|�dzScc}w)aP
        Return a private OpenSSH key string, in the "openssh-key-v1" format
        introduced in OpenSSH 6.5.

        See _fromPrivateOpenSSH_v1 for the string format.

        @type passphrase: L{bytes} or L{None}
        @param passphrase: The passphrase to encrypt the key with, or L{None}
        if it is not encrypted.
        r�r�r�r��dr�r�r/rirrq�Nr�r�r�s#-----BEGIN OPENSSH PRIVATE KEY-----�@s!-----END OPENSSH PRIVATE KEY-----)rr��
block_sizer�secureRandomrr�r��packr{r��bytesr�r�rrr�r�	encryptorr�r�r~rr��ranger�)rr}rMr��
cipherName�kdfNamer�r�r�r�r�r��checkr��padByte�encKeyr�r�r~r��ir�s                      r0�_toPrivateOpenSSH_v1zKey._toPrivateOpenSSH_v1�sq��� �^�^�F�&�J��G��)�)�Q�.�I��G��F��)�)�&�1�D��F����4��6�;�;�t�V�+D�D�J� �J��G��I��J��&�&�q�)���e�m�d�&6�&6�&8�8�6�9�9�W�^�PS�;T�T�����+���*��q�L�G��5�'�D�.�!2�3�3�K��+���*���Z�Z�
�D�'�F�2B�C�H�F���v�h�w�'�(��	�	�&��7�V�+;�<�=�'�)���i�k�	
�
'�-�-�k�:�Y�=O�=O�=Q�Q�N�(�N���i�i�
�#�
$��i�i�� �
!��i�i�
�#�
$��k�k�$��"�	
#�
�i�i��	�	��$�
%��i�i��'�

(�	
��d�#�+�+�E�3�7��
3�4�,1�!�S��\�2�,F�G�q�w�q�1�r�6�"�G�
H�3�4�
5�	�
�z�z�%� �5�(�(��Hs�I/c�Z�|stj�}ntj|�}|j�dk7rM|jjtjjtjj|�S|j�dk(sJ�td��)a,
        Return a private OpenSSH key string, in the old PEM-based format.

        See _fromPrivateOpenSSH_PEM for the string format.

        @type passphrase: L{bytes} or L{None}
        @param passphrase: The passphrase to encrypt the key with, or L{None}
        if it is not encrypted.
        r)zBcannot serialize Ed25519 key to OpenSSH PEM format; use v1 instead)rrj�BestAvailableEncryptionrXrrhre�PEMri�TraditionalOpenSSLr�)rrMr�s   r0�_toPrivateOpenSSH_PEMzKey._toPrivateOpenSSH_PEM�s����%�2�2�4�I�%�=�=�j�I�I��9�9�;�)�#��?�?�0�0��&�&�*�*��+�+�>�>���
��9�9�;�)�+�+�+��W��
r/c���|j�r|j|��S|dk(s|�&|j�dk(r|j||��S|�|dk(r|j	|��Std|����)ar
        Return a public or private OpenSSH string.  See
        L{_fromString_PUBLIC_OPENSSH} and L{_fromPrivateOpenSSH_PEM} for the
        string formats.

        @param subtype: A subtype to emit.  Only supported for private keys,
            for which the currently supported subtypes are C{'PEM'} and C{'v1'}.
            If not given, an appropriate default is used.
        @type subtype: L{str} or L{None}

        @param comment: Comment for a public key.
        @type comment: L{bytes}

        @param passphrase: Passphrase for a private key.
        @type passphrase: L{bytes}

        @rtype: L{bytes}
        )r}�v1r))r}rMr�rLzunknown subtype )r0r�rXr�r�r�)rr�r}rMs    r0�_toString_OPENSSHzKey._toString_OPENSSH�s���&�=�=�?��(�(��(�9�9�
��_���T�Y�Y�[�I�5M��,�,�W��,�T�T�
�_��5� 0��-�-��-�D�D��/��y�9�:�:r/c�D�|j�}|j�}|j��r|dk(rRtjdddtj|d�ddgdtj|d	�ddgggg�}n�|d
k(r�tjdddtj|d
�ddgdtj|d�ddgdtj|d�ddgdtj|d�ddgggg�}ntd|����dt|�jdd�zdzS|dk(�r|d
|d}}tj||�}tjdddtj|d�ddgdtj|d	�ddgdtj|d�ddgdtj|�ddgdtj|�ddgdtj|d|dz
z�ddgdtj|d|dz
z�ddgd tj|�ddgg	gg�S|d
k(r�tjdddtj|d
�ddgdtj|d�ddgdtj|d�ddgdtj|d�ddgd!tj|d"�ddgggg�Std|�d#���)$z�
        Return a public or private LSH key.  See _fromString_PUBLIC_LSH and
        _fromString_PRIVATE_LSH for the key formats.

        @rtype: L{bytes}
        rKr�r�r�r�riNr�r�rLr�r�rkr�rlr�rmr�ror�r�r�r/�}r�r�r�r��arq�b�cr�r��')rdrXr0rr�rr5r(rr�rr)r�kwargsrdrX�keyDatarkrlrs        r0�
_toString_LSHzKey._toString_LSH�se���y�y�{���y�y�{���=�=�?��u�}��*�*�*� 1�!%�v�y�y��c��';�A�B�'?� @�!%�v�y�y��c��';�A�B�'?� @���	�������*�*�*� &�!%�v�y�y��c��';�A�B�'?� @�!%�v�y�y��c��';�A�B�'?� @�!%�v�y�y��c��';�A�B�'?� @�!%�v�y�y��c��';�A�B�'?� @��	��
��"�$5�d�V�"<�=�=��+�g�.�6�6�u�c�B�B�T�I�I��u�}��C�y�$�s�)�1���'�'��1�-���z�z�+� ,�!%�v�y�y��c��';�A�B�'?� @�!%�v�y�y��c��';�A�B�'?� @�!%�v�y�y��c��';�A�B�'?� @�!%�v�y�y��|�A�B�'7� 8�!%�v�y�y��|�A�B�'7� 8�!%�v�y�y��c��a�!�e�1D�'E�a�b�'I� J�!%�v�y�y��c��a�!�e�1D�'E�a�b�'I� J�!%�v�y�y���q�r�':� ;�
�
����$����z�z�+� &�!%�v�y�y��c��';�A�B�'?� @�!%�v�y�y��c��';�A�B�'?� @�!%�v�y�y��c��';�A�B�'?� @�!%�v�y�y��c��';�A�B�'?� @�!%�v�y�y��c��';�A�B�'?� @�
�
���� "�$5�d�V�1�"=�>�>r/c��|j�}|j�s�|j�dk(r|d|d|d|d|d|df}n)|j�dk(r|d|d|d	|d
|df}tj|j��dj
ttj��zSy
)z�
        Return a private Secure Shell Agent v3 key.  See
        _fromString_AGENTV3 for the key format.

        @rtype: L{bytes}
        rKr�r�r�r�rkrlrLrmror�r/N)	rdr0rXrr�rRr��mapr5)rr�rd�valuess    r0�_toString_AGENTV3zKey._toString_AGENTV3Is����y�y�{���}�}���y�y�{�e�#���I���I���I���I���I���I�
�������%��s�)�T�#�Y��S�	�4��9�d�3�i�P���9�9�T�\�\�^�,�s�x�x��F�I�I�v�8N�/O�O�O�r/c�l�|j�}|�|j�}|j|�}|�td|�d|�d���|dk(rF|jj|t
j�|�}tj|�}�n�|dk(rX|jj||�}t|�\}}tjt|d�t|d�z�}�n.|dk(r�|jj|tj|��}	t|	�\}}t|�}
t|�}t|
d�turt|
d�}n|
d}|d	zrd
|
z}
t|d�turt|d�}
n|d}
|
d	zrd
|z}tjtj|
�tj|�z�}n3|dk(r.tj|jj|��}tj|�zS)a�
        Sign some data with this key.

        SECSH-TRANS RFC 4253 Section 6.6.

        @type data: L{bytes}
        @param data: The data to sign.

        @type signatureType: L{bytes}
        @param signatureType: The SSH public key algorithm name to sign this
        data with, or L{None} to use a reasonable default for the key.

        @rtype: L{bytes}
        @return: A signature for the given data.
        zpublic key signature algorithm z is not defined for z keysrKrL�r#r��r))rXrRr_r2r�signr�PKCS1v15rr�r#rr�ECDSArHr6)rrdr^r�
hashAlgorithm�sig�ret�r�s�	signaturerR�sb�rcomp�scomps              r0r�zKey.sign_s��� �)�)�+��� �
!�L�L�N�M��.�.�}�=�
�� �,�1�-��A�&�i�u�.��
�
�e���/�/�&�&�t�W�-=�-=�-?��O�C��)�)�C�.�C�
��
��/�/�&�&�t�]�;�C�)�#�.�F�Q��
�)�)�L��B�/�,�q�"�2E�E�F�C�
��_����,�,�T�2�8�8�M�3J�K�I�)�)�4�F�Q���a��B��a��B��B�q�E�{�c�!��B�q�E�
���1����t�|��r�\���B�q�E�{�c�!��B�q�E�
���1����t�|��r�\���)�)�F�I�I�b�M�F�I�I�b�M�9�:�C�
�	�
!��)�)�D�O�O�0�0��6�7�C��y�y��'�#�-�-r/c���t|�dk(rdtj|�}}ntj|�\}}|j	|�}|�y|j�}|dk(r\|j}|j�s|j�}tj|�d|tj�|f}�n�|dk(r�tj|�d}tj|ddd	�}	tj|ddd	�}
t|	|
�}|j}|j�s|j�}|||f}n�|d
k(r�tj|�d}tj|d�\}}}
tj|d	�}	tj|d	�}
t|	|
�}|j}|j�s|j�}||tj|�f}nK|dk(rF|j}|j�s|j�}tj|�d|f}	j �y
#t"$rYywxYw)a
        Verify a signature using this key.

        @type signature: L{bytes}
        @param signature: The signature to verify.

        @type data: L{bytes}
        @param data: The signed data.

        @rtype: L{bool}
        @return: C{True} if the signature is valid.
        �(rhNFrKrrLr��bigr#r^r)T)r�rr�rtr_rXrr0rwrr�r��
from_bytesr$rr��verifyr)rr�rdr^r�rr��args�concatenatedSignaturer�r��rstr�sstrr�s              r0r�z
Key.verify�s$���y�>�R��'1�6�9�9�Y�3G�9�M�'-�|�|�I�'>�$�M�9��.�.�}�=�
�� ���)�)�+���e�����A��=�=�?��L�L�N�����Y�'��*��� � �"��	�D���
�$*�L�L��$;�A�$>�!����4�S�b�9�5�A�A����4�R�S�9�5�A�A�,�Q��2�I����A��=�=�?��L�L�N���t�]�3�D�
��_�$*�L�L��$;�A�$>�!�%�|�|�,A�1�E��D�$�����t�U�+�A����t�U�+�A�,�Q��2�I����A��=�=�?��L�L�N���t�R�X�X�m�%<�=�D�
�	�
!����A��=�=�?��L�L�N���L�L��+�A�.��5�D�	��A�H�H�d�O��� �	��	�s�I!�!	I-�,I-)NN)NNNN)N)r �object�return�bool)r�rH)r�z&Literal['RSA', 'DSA', 'EC', 'Ed25519'])r�zdict[str, Any])NNN)0r*r+r,r-�classmethodrZrTr�r�r�r�r�r�r�r�r�r_r�r�rr�r}rr!r<r0rBr9r:rIrXrRrVr_r3rdr~r{r"r�r�r�r�r�r�r�r�r�r.r/r0rPrP�s*����>��>�(�%,��%,�N�6?��6?�p�H?��H?�T�*��*�(�V=��V=�p�6:��6:�p�A��A�8�D��D�>�#D��#D�J�.=��.=�`����>�*��*�X� �� �D����>����6����,$�"�*$�X
� 5�"4�!;�!;�&T�PO�.�0
$�0�6
(�JJ�X:;�xQ;�f!�
�i� �
�l�#�	
��:O�
�:O�xJ�4<)�|�8;�:P?�dP�,J.�XDr/rPc�0�|j�jd��|j�s�tjd|t���}|j
tjjtjjtj���}|j|�|jd�5}tj|j!�dt���}t#|�cddd�S#1swYyxYw)	a�
    This function returns a persistent L{Key}.

    The key is loaded from a PEM file in C{location}. If it does not exist, a
    key with the key size of C{keySize} is generated and saved.

    @param location: Where the key is stored.
    @type location: L{twisted.python.filepath.FilePath}

    @param keySize: The size of the key, if it needs to be generated.
    @type keySize: L{int}

    @returns: A persistent key.
    @rtype: L{Key}
    T)�ignoreExistingDirectoryi)�public_exponentrar�)�encodingrH�encryption_algorithmrRN)�passwordr�)�parent�makedirs�existsr�generate_private_keyrrhrrer�rir�rj�
setContentrSrrUrP)�locationr��
privateKey�pem�keyFiles     r0�_getPersistentRSAKeyr��s��� 
�O�O����t��<��?�?���-�-�!�G�_�=N�
�
��&�&�"�+�+�/�/� �.�.�A�A�!.�!;�!;�!=�'�
��	���C� �
���t�	���"�7�7��L�L�N�T�?�3D�
�
��:��	���s�	9D�D)i)Nr-�
__future__rrFr�rAr��base64rrr�hashlibrr�typingr	r��cryptographyr
�cryptography.exceptionsr�cryptography.hazmat.backendsr�cryptography.hazmat.primitivesr
r�)cryptography.hazmat.primitives.asymmetricrrrrr�&cryptography.hazmat.primitives.ciphersrrr�,cryptography.hazmat.primitives.serializationrrr�twisted.conch.sshrr�twisted.conch.ssh.commonr�twisted.pythonr�twisted.python.compatrr�twisted.python.constantsr r!�twisted.python.deprecater"�/cryptography.hazmat.primitives.asymmetric.utilsr#r$�ImportErrorr%r&�	SECP256R1�	SECP384R1�	SECP521R1rzr�rr�	Exceptionr(r2r5r7r9r=rNrPr�r.r/r0�<module>r�s9��
�#��
���6�6���
��4�8�@�T�T�L�L���+�1�$�9�9�@�	��)�B�L�L�N�(�B�L�L�N�(�B�L�L�N�������
��+�+���-�-���)������	���9��$��$�"�9���>X�X�v2(��O6�����s� E
�

E�E