U cc,@sdZddlmZmZddlmZddlmZmZddl m Z ddl m Z m Z ddlmZddlmZdd lmZdd lmZdd lmZGd d d eZGdddeZGdddeZdS)z ECDSA keys )InvalidSignatureUnsupportedAlgorithm)default_backend)hashes serialization)ec)decode_dss_signatureencode_dss_signature) four_byte)Message)PKey) SSHException) deflate_longc@seZdZdZddZdS) _ECDSACurvez Represents a specific ECDSA Curve (nistp256, nistp384, etc). Handles the generation of the key format identifier and the selection of the proper hash function. Also grabs the proper curve from the 'ecdsa' package. cCsT||_|j|_d|j|_|jdkr.tj|_n|jdkrBtj|_ntj|_||_ dS)N ecdsa-sha2-i) nist_namekey_size key_lengthkey_format_identifierrSHA256 hash_objectSHA384SHA512 curve_class)selfrrr5/tmp/pip-unpacked-wheel-rglolp_m/paramiko/ecdsakey.py__init__0s     z_ECDSACurve.__init__N)__name__ __module__ __qualname____doc__rrrrrr'src@s8eZdZdZddZddZddZdd Zd d Zd S) _ECDSACurveSetz A collection to hold the ECDSA curves. Allows querying by oid and by key format identifier. The two ways in which ECDSAKey needs to be able to look up curves. cCs ||_dSN ecdsa_curves)rr&rrrrIsz_ECDSACurveSet.__init__cCsdd|jDS)NcSsg|] }|jqSr)r).0curverrr MszA_ECDSACurveSet.get_key_format_identifier_list..r%rrrrget_key_format_identifier_listLsz-_ECDSACurveSet.get_key_format_identifier_listcCs"|jD]}|j|kr|SqdSr$)r&r)rrr(rrrget_by_curve_classOs  z!_ECDSACurveSet.get_by_curve_classcCs"|jD]}|j|kr|SqdSr$)r&r)rrr(rrrget_by_key_format_identifierTs  z+_ECDSACurveSet.get_by_key_format_identifiercCs"|jD]}|j|kr|SqdSr$)r&r)rrr(rrrget_by_key_lengthYs  z _ECDSACurveSet.get_by_key_lengthN) rr r!r"rr+r,r-r.rrrrr#Bs r#c@seZdZdZeeejdeejdeej dgZ d+ddZ e d d Z d d Zd dZeddZddZddZddZd,ddZddZd-ddZd.ddZe eddfdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*ZdS)/ECDSAKeyz\ Representation of an ECDSA key which can be used to sign and verify SSH2 data. Znistp256Znistp384Znistp521NTcCsTd|_d|_d|_|dk r*|||dS|dk rB|||dS|dkrZ|dk rZt|}|dk r|\|_|_|jjj}|j ||_ n| } d} | | r| dt |  } |j| |_ |j} dd| D} |j|| | d| } | |j jkr td| |}ztj|j |}||_Wntk rNtdYnXdS)Nz-cert-v01@openssh.comcSsg|]}d|qS)z{}-cert-v01@openssh.com)format)r'xrrrr)sz%ECDSAKey.__init__..)msgkey_typeZ cert_typezCan't handle curve of type {}zInvalid public key) verifying_key signing_keyZ public_blob_from_private_key_from_private_key_filer r( __class__ _ECDSA_CURVESr, ecdsa_curveget_textendswithlenr-r+Z_check_type_and_load_certrr r0 get_binaryrZEllipticCurvePublicKeyZfrom_encoded_pointr ValueError)rr2datafilenamepasswordvalsfile_objZvalidate_pointZc_classr3suffixZ key_typesZ cert_typesZ curvenameZ pointinfokeyrrrrmsZ        zECDSAKey.__init__cCs |jSr$)r9r+)clsrrr supported_key_format_identifierssz)ECDSAKey.supported_key_format_identifierscCs|j}t}||jj||jj|}|jjdd}t |j dd}d|t ||}t |j dd}d|t ||}t ||}|||S)NF)Zadd_sign_padding)r4r add_stringr:rrpublic_numbersr(rrr1r=yr asbytes)rrFmZnumbersZkey_size_bytesZx_bytesZy_bytesZ point_strrrrrOs  zECDSAKey.asbytescCs|Sr$)rOr*rrr__str__szECDSAKey.__str__cCs||jj|jjfSr$)get_namer4rMr1rNr*rrr_fieldss  zECDSAKey._fieldscCs|jjSr$)r:rr*rrrrRszECDSAKey.get_namecCs|jjSr$)r:rr*rrrget_bitsszECDSAKey.get_bitscCs |jdk Sr$)r5r*rrrcan_signszECDSAKey.can_signcCsTt|j}|j||}t|\}}t}||jj || |||Sr$) rECDSAr:rr5signrr rLr _sigencode)rr@ algorithmZecdsasigrsrPrrr sign_ssh_datas zECDSAKey.sign_ssh_datacCst||jjkrdS|}||\}}t||}z |j||t |j Wnt k rjYdSXdSdS)NFT) r;r:rr> _sigdecoder r4verifyrrVrr)rr@r2rZZsigRZsigS signaturerrrverify_ssh_sigs zECDSAKey.verify_ssh_sigcCs|j||jtjj|ddSN)rB)Z_write_private_key_filer5r PrivateFormatTraditionalOpenSSL)rrArBrrrwrite_private_key_files zECDSAKey.write_private_key_filecCs|j||jtjj|ddSrb)Z_write_private_keyr5rrcrd)rrDrBrrrwrite_private_keys zECDSAKey.write_private_keycCsT|dk r2|j|}|dkr*td||}tj|td}t|| fdS)a Generate a new private ECDSA key. This factory function can be used to generate a new host key or authentication key. :param progress_func: Not used for this type of key. :returns: A new private key (`.ECDSAKey`) object NzUnsupported key length: {:d})backend)rC) r9r.r?r0rrZgenerate_private_keyrr/ public_key)rGr(Z progress_funcbitsZ private_keyrrrgenerates  zECDSAKey.generatecCs|d||}||dSNZEC)Z_read_private_key_file _decode_key)rrArBr@rrrr7szECDSAKey._from_private_key_filecCs|d||}||dSrk)Z_read_private_keyrl)rrDrBr@rrrr6szECDSAKey._from_private_keyc Cs*|\}}||jkrbztj|dtd}Wn6ttttfk r^}ztt |W5d}~XYnXn||j krzXt |}| }| }|}d|} |j| } | stdt|| t}Wn.tk r}ztt |W5d}~XYnXn ||||_||_|jj} |j| |_dS)N)rBrgrzInvalid key curve identifier)Z_PRIVATE_KEY_FORMAT_ORIGINALrZload_der_private_keyrr?AssertionError TypeErrorrr strZ_PRIVATE_KEY_FORMAT_OPENSSHr r;r> get_mpintr9r-rZderive_private_keyr ExceptionZ_got_bad_key_format_idr5rhr4r(r8r,r:) rr@ZpkformatrFer2Z curve_nameZverkeyZsigkeynamer(rrrrrlsJ        zECDSAKey._decode_keycCs"t}|||||Sr$)r Z add_mpintrO)rr[r\r2rrrrXCs  zECDSAKey._sigencodecCs t|}|}|}||fSr$)r rp)rrZr2r[r\rrrr^IszECDSAKey._sigdecode)NNNNNNT)N)N)N)rr r!r"r#rrZ SECP256R1Z SECP384R1Z SECP521R1r9r classmethodrHrOrQpropertyrSrRrTrUr]rarerfrjr7r6rlrXr^rrrrr/_sF     =     'r/N)r"Zcryptography.exceptionsrrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrZ/cryptography.hazmat.primitives.asymmetric.utilsrr Zparamiko.commonr Zparamiko.messager Z paramiko.pkeyr Zparamiko.ssh_exceptionr Z paramiko.utilrobjectrr#r/rrrrs