mirror of
https://github.com/evennia/evennia.git
synced 2026-03-21 15:26:30 +01:00
2016 lines
No EOL
243 KiB
HTML
2016 lines
No EOL
243 KiB
HTML
|
|
<!DOCTYPE html>
|
|
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
<title>twisted.conch.ssh.keys — Evennia latest documentation</title>
|
|
<link rel="stylesheet" href="../../../../_static/nature.css" type="text/css" />
|
|
<link rel="stylesheet" href="../../../../_static/pygments.css" type="text/css" />
|
|
<link rel="stylesheet" type="text/css" href="../../../../_static/pygments.css?v=d75fae25" />
|
|
<link rel="stylesheet" type="text/css" href="../../../../_static/nature.css?v=245aff17" />
|
|
<script id="documentation_options" data-url_root="../../../../" src="../../../../_static/documentation_options.js"></script>
|
|
<script src="../../../../_static/documentation_options.js?v=c6e86fd7"></script>
|
|
<script src="../../../../_static/doctools.js?v=9bcbadda"></script>
|
|
<script src="../../../../_static/sphinx_highlight.js?v=dc90522c"></script>
|
|
<link rel="index" title="Index" href="../../../../genindex.html" />
|
|
<link rel="search" title="Search" href="../../../../search.html" />
|
|
</head><body>
|
|
|
|
|
|
|
|
|
|
<div class="related" role="navigation" aria-label="related navigation">
|
|
<h3>Navigation</h3>
|
|
<ul>
|
|
<li class="right" style="margin-right: 10px">
|
|
<a href="../../../../genindex.html" title="General Index"
|
|
accesskey="I">index</a></li>
|
|
<li class="right" >
|
|
<a href="../../../../py-modindex.html" title="Python Module Index"
|
|
>modules</a> |</li>
|
|
<li class="nav-item nav-item-0"><a href="../../../../index.html">Evennia latest</a> »</li>
|
|
<li class="nav-item nav-item-1"><a href="../../../index.html" accesskey="U">Module code</a> »</li>
|
|
<li class="nav-item nav-item-this"><a href="">twisted.conch.ssh.keys</a></li>
|
|
</ul>
|
|
</div>
|
|
|
|
<div class="document">
|
|
|
|
<div class="documentwrapper">
|
|
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
|
|
<div class="sphinxsidebarwrapper">
|
|
<search id="searchbox" style="display: none" role="search">
|
|
<h3 id="searchlabel">Quick search</h3>
|
|
<div class="searchformwrapper">
|
|
<form class="search" action="../../../../search.html" method="get">
|
|
<input type="text" name="q" aria-labelledby="searchlabel" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"/>
|
|
<input type="submit" value="Go" />
|
|
</form>
|
|
</div>
|
|
</search>
|
|
<script>document.getElementById('searchbox').style.display = "block"</script><h3>Links</h3>
|
|
<ul>
|
|
<li><a href="https://www.evennia.com/docs/latest/index.html">Documentation Top</a> </li>
|
|
<li><a href="https://www.evennia.com">Evennia Home</a> </li>
|
|
<li><a href="https://github.com/evennia/evennia">Github</a> </li>
|
|
<li><a href="http://games.evennia.com">Game Index</a> </li>
|
|
<li>
|
|
<a href="https://discord.gg/AJJpcRUhtF">Discord</a> -
|
|
<a href="https://github.com/evennia/evennia/discussions">Discussions</a> -
|
|
<a href="https://evennia.blogspot.com/">Blog</a>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
<div class="bodywrapper">
|
|
<div class="body" role="main">
|
|
|
|
<h1>Source code for twisted.conch.ssh.keys</h1><div class="highlight"><pre>
|
|
<span></span><span class="c1"># -*- test-case-name: twisted.conch.test.test_keys -*-</span>
|
|
<span class="c1"># Copyright (c) Twisted Matrix Laboratories.</span>
|
|
<span class="c1"># See LICENSE for details.</span>
|
|
|
|
<span class="sd">"""</span>
|
|
<span class="sd">Handling of RSA, DSA, ECDSA, and Ed25519 keys.</span>
|
|
<span class="sd">"""</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">__future__</span><span class="w"> </span><span class="kn">import</span> <span class="n">annotations</span>
|
|
|
|
<span class="kn">import</span><span class="w"> </span><span class="nn">binascii</span>
|
|
<span class="kn">import</span><span class="w"> </span><span class="nn">struct</span>
|
|
<span class="kn">import</span><span class="w"> </span><span class="nn">unicodedata</span>
|
|
<span class="kn">import</span><span class="w"> </span><span class="nn">warnings</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">base64</span><span class="w"> </span><span class="kn">import</span> <span class="n">b64encode</span><span class="p">,</span> <span class="n">decodebytes</span><span class="p">,</span> <span class="n">encodebytes</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">hashlib</span><span class="w"> </span><span class="kn">import</span> <span class="n">md5</span><span class="p">,</span> <span class="n">sha256</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">typing</span><span class="w"> </span><span class="kn">import</span> <span class="n">Any</span>
|
|
|
|
<span class="kn">import</span><span class="w"> </span><span class="nn">bcrypt</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">constantly</span><span class="w"> </span><span class="kn">import</span> <span class="n">NamedConstant</span><span class="p">,</span> <span class="n">Names</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">cryptography</span><span class="w"> </span><span class="kn">import</span> <span class="n">utils</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">cryptography.exceptions</span><span class="w"> </span><span class="kn">import</span> <span class="n">InvalidSignature</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">cryptography.hazmat.backends</span><span class="w"> </span><span class="kn">import</span> <span class="n">default_backend</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">cryptography.hazmat.primitives</span><span class="w"> </span><span class="kn">import</span> <span class="n">hashes</span><span class="p">,</span> <span class="n">serialization</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">cryptography.hazmat.primitives.asymmetric</span><span class="w"> </span><span class="kn">import</span> <span class="n">dsa</span><span class="p">,</span> <span class="n">ec</span><span class="p">,</span> <span class="n">ed25519</span><span class="p">,</span> <span class="n">padding</span><span class="p">,</span> <span class="n">rsa</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">cryptography.hazmat.primitives.ciphers</span><span class="w"> </span><span class="kn">import</span> <span class="n">Cipher</span><span class="p">,</span> <span class="n">algorithms</span><span class="p">,</span> <span class="n">modes</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">cryptography.hazmat.primitives.serialization</span><span class="w"> </span><span class="kn">import</span> <span class="p">(</span>
|
|
<span class="n">load_pem_private_key</span><span class="p">,</span>
|
|
<span class="n">load_ssh_public_key</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">typing_extensions</span><span class="w"> </span><span class="kn">import</span> <span class="n">Literal</span>
|
|
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">twisted.conch.ssh</span><span class="w"> </span><span class="kn">import</span> <span class="n">common</span><span class="p">,</span> <span class="n">sexpy</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">twisted.conch.ssh.common</span><span class="w"> </span><span class="kn">import</span> <span class="n">int_to_bytes</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">twisted.python</span><span class="w"> </span><span class="kn">import</span> <span class="n">randbytes</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">twisted.python.compat</span><span class="w"> </span><span class="kn">import</span> <span class="n">iterbytes</span><span class="p">,</span> <span class="n">nativeString</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">twisted.python.deprecate</span><span class="w"> </span><span class="kn">import</span> <span class="n">_mutuallyExclusiveArguments</span>
|
|
|
|
<span class="k">try</span><span class="p">:</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">cryptography.hazmat.primitives.asymmetric.utils</span><span class="w"> </span><span class="kn">import</span> <span class="p">(</span>
|
|
<span class="n">decode_dss_signature</span><span class="p">,</span>
|
|
<span class="n">encode_dss_signature</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="k">except</span> <span class="ne">ImportError</span><span class="p">:</span>
|
|
<span class="kn">from</span><span class="w"> </span><span class="nn">cryptography.hazmat.primitives.asymmetric.utils</span><span class="w"> </span><span class="kn">import</span> <span class="p">(</span> <span class="c1"># type: ignore[no-redef,attr-defined]</span>
|
|
<span class="n">decode_rfc6979_signature</span> <span class="k">as</span> <span class="n">decode_dss_signature</span><span class="p">,</span>
|
|
<span class="n">encode_rfc6979_signature</span> <span class="k">as</span> <span class="n">encode_dss_signature</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
|
|
|
|
<span class="c1"># Curve lookup table</span>
|
|
<span class="n">_curveTable</span> <span class="o">=</span> <span class="p">{</span>
|
|
<span class="sa">b</span><span class="s2">"ecdsa-sha2-nistp256"</span><span class="p">:</span> <span class="n">ec</span><span class="o">.</span><span class="n">SECP256R1</span><span class="p">(),</span>
|
|
<span class="sa">b</span><span class="s2">"ecdsa-sha2-nistp384"</span><span class="p">:</span> <span class="n">ec</span><span class="o">.</span><span class="n">SECP384R1</span><span class="p">(),</span>
|
|
<span class="sa">b</span><span class="s2">"ecdsa-sha2-nistp521"</span><span class="p">:</span> <span class="n">ec</span><span class="o">.</span><span class="n">SECP521R1</span><span class="p">(),</span>
|
|
<span class="p">}</span>
|
|
|
|
<span class="n">_secToNist</span> <span class="o">=</span> <span class="p">{</span>
|
|
<span class="sa">b</span><span class="s2">"secp256r1"</span><span class="p">:</span> <span class="sa">b</span><span class="s2">"nistp256"</span><span class="p">,</span>
|
|
<span class="sa">b</span><span class="s2">"secp384r1"</span><span class="p">:</span> <span class="sa">b</span><span class="s2">"nistp384"</span><span class="p">,</span>
|
|
<span class="sa">b</span><span class="s2">"secp521r1"</span><span class="p">:</span> <span class="sa">b</span><span class="s2">"nistp521"</span><span class="p">,</span>
|
|
<span class="p">}</span>
|
|
|
|
|
|
<span class="n">Ed25519PublicKey</span> <span class="o">=</span> <span class="n">ed25519</span><span class="o">.</span><span class="n">Ed25519PublicKey</span>
|
|
<span class="n">Ed25519PrivateKey</span> <span class="o">=</span> <span class="n">ed25519</span><span class="o">.</span><span class="n">Ed25519PrivateKey</span>
|
|
|
|
|
|
<span class="k">class</span><span class="w"> </span><span class="nc">BadKeyError</span><span class="p">(</span><span class="ne">Exception</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Raised when a key isn't what we expected from it.</span>
|
|
|
|
<span class="sd"> XXX: we really need to check for bad keys</span>
|
|
<span class="sd"> """</span>
|
|
|
|
|
|
<span class="k">class</span><span class="w"> </span><span class="nc">BadSignatureAlgorithmError</span><span class="p">(</span><span class="ne">Exception</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Raised when a public key signature algorithm name isn't defined for this</span>
|
|
<span class="sd"> public key format.</span>
|
|
<span class="sd"> """</span>
|
|
|
|
|
|
<span class="k">class</span><span class="w"> </span><span class="nc">EncryptedKeyError</span><span class="p">(</span><span class="ne">Exception</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Raised when an encrypted key is presented to fromString/fromFile without</span>
|
|
<span class="sd"> a password.</span>
|
|
<span class="sd"> """</span>
|
|
|
|
|
|
<span class="k">class</span><span class="w"> </span><span class="nc">BadFingerPrintFormat</span><span class="p">(</span><span class="ne">Exception</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Raises when unsupported fingerprint formats are presented to fingerprint.</span>
|
|
<span class="sd"> """</span>
|
|
|
|
|
|
<span class="k">class</span><span class="w"> </span><span class="nc">FingerprintFormats</span><span class="p">(</span><span class="n">Names</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Constants representing the supported formats of key fingerprints.</span>
|
|
|
|
<span class="sd"> @cvar MD5_HEX: Named constant representing fingerprint format generated</span>
|
|
<span class="sd"> using md5[RFC1321] algorithm in hexadecimal encoding.</span>
|
|
<span class="sd"> @type MD5_HEX: L{constantly.NamedConstant}</span>
|
|
|
|
<span class="sd"> @cvar SHA256_BASE64: Named constant representing fingerprint format</span>
|
|
<span class="sd"> generated using sha256[RFC4634] algorithm in base64 encoding</span>
|
|
<span class="sd"> @type SHA256_BASE64: L{constantly.NamedConstant}</span>
|
|
<span class="sd"> """</span>
|
|
|
|
<span class="n">MD5_HEX</span> <span class="o">=</span> <span class="n">NamedConstant</span><span class="p">()</span>
|
|
<span class="n">SHA256_BASE64</span> <span class="o">=</span> <span class="n">NamedConstant</span><span class="p">()</span>
|
|
|
|
|
|
<span class="k">class</span><span class="w"> </span><span class="nc">PassphraseNormalizationError</span><span class="p">(</span><span class="ne">Exception</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Raised when a passphrase contains Unicode characters that cannot be</span>
|
|
<span class="sd"> normalized using the available Unicode character database.</span>
|
|
<span class="sd"> """</span>
|
|
|
|
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_normalizePassphrase</span><span class="p">(</span><span class="n">passphrase</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Normalize a passphrase, which may be Unicode.</span>
|
|
|
|
<span class="sd"> If the passphrase is Unicode, this follows the requirements of U{NIST</span>
|
|
<span class="sd"> 800-63B, section</span>
|
|
<span class="sd"> 5.1.1.2<https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver>}</span>
|
|
<span class="sd"> for Unicode characters in memorized secrets: it applies the</span>
|
|
<span class="sd"> Normalization Process for Stabilized Strings using NFKC normalization.</span>
|
|
<span class="sd"> The passphrase is then encoded using UTF-8.</span>
|
|
|
|
<span class="sd"> @type passphrase: L{bytes} or L{unicode} or L{None}</span>
|
|
<span class="sd"> @param passphrase: The passphrase to normalize.</span>
|
|
|
|
<span class="sd"> @return: The normalized passphrase, if any.</span>
|
|
<span class="sd"> @rtype: L{bytes} or L{None}</span>
|
|
<span class="sd"> @raises PassphraseNormalizationError: if the passphrase is Unicode and</span>
|
|
<span class="sd"> cannot be normalized using the available Unicode character database.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">passphrase</span><span class="p">,</span> <span class="nb">str</span><span class="p">):</span>
|
|
<span class="c1"># The Normalization Process for Stabilized Strings requires aborting</span>
|
|
<span class="c1"># with an error if the string contains any unassigned code point.</span>
|
|
<span class="k">if</span> <span class="nb">any</span><span class="p">(</span><span class="n">unicodedata</span><span class="o">.</span><span class="n">category</span><span class="p">(</span><span class="n">c</span><span class="p">)</span> <span class="o">==</span> <span class="s2">"Cn"</span> <span class="k">for</span> <span class="n">c</span> <span class="ow">in</span> <span class="n">passphrase</span><span class="p">):</span>
|
|
<span class="c1"># Perhaps not very helpful, but we don't want to leak any other</span>
|
|
<span class="c1"># information about the passphrase.</span>
|
|
<span class="k">raise</span> <span class="n">PassphraseNormalizationError</span><span class="p">()</span>
|
|
<span class="k">return</span> <span class="n">unicodedata</span><span class="o">.</span><span class="n">normalize</span><span class="p">(</span><span class="s2">"NFKC"</span><span class="p">,</span> <span class="n">passphrase</span><span class="p">)</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"UTF-8"</span><span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="n">passphrase</span>
|
|
|
|
|
|
<div class="viewcode-block" id="Key">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key">[docs]</a>
|
|
<span class="k">class</span><span class="w"> </span><span class="nc">Key</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> An object representing a key. A key can be either a public or</span>
|
|
<span class="sd"> private key. A public key can verify a signature; a private key can</span>
|
|
<span class="sd"> create or verify a signature. To generate a string that can be stored</span>
|
|
<span class="sd"> on disk, use the toString method. If you have a private key, but want</span>
|
|
<span class="sd"> the string representation of the public key, use Key.public().toString().</span>
|
|
<span class="sd"> """</span>
|
|
|
|
<div class="viewcode-block" id="Key.fromFile">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.fromFile">[docs]</a>
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">fromFile</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">filename</span><span class="p">,</span> <span class="nb">type</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">passphrase</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Load a key from a file.</span>
|
|
|
|
<span class="sd"> @param filename: The path to load key data from.</span>
|
|
|
|
<span class="sd"> @type type: L{str} or L{None}</span>
|
|
<span class="sd"> @param type: A string describing the format the key data is in, or</span>
|
|
<span class="sd"> L{None} to attempt detection of the type.</span>
|
|
|
|
<span class="sd"> @type passphrase: L{bytes} or L{None}</span>
|
|
<span class="sd"> @param passphrase: The passphrase the key is encrypted with, or L{None}</span>
|
|
<span class="sd"> if there is no encryption.</span>
|
|
|
|
<span class="sd"> @rtype: L{Key}</span>
|
|
<span class="sd"> @return: The loaded key.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="n">filename</span><span class="p">,</span> <span class="s2">"rb"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">fromString</span><span class="p">(</span><span class="n">f</span><span class="o">.</span><span class="n">read</span><span class="p">(),</span> <span class="nb">type</span><span class="p">,</span> <span class="n">passphrase</span><span class="p">)</span></div>
|
|
|
|
|
|
<div class="viewcode-block" id="Key.fromString">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.fromString">[docs]</a>
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">fromString</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="nb">type</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">passphrase</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a Key object corresponding to the string data.</span>
|
|
<span class="sd"> type is optionally the type of string, matching a _fromString_*</span>
|
|
<span class="sd"> method. Otherwise, the _guessStringType() classmethod will be used</span>
|
|
<span class="sd"> to guess a type. If the key is encrypted, passphrase is used as</span>
|
|
<span class="sd"> the decryption key.</span>
|
|
|
|
<span class="sd"> @type data: L{bytes}</span>
|
|
<span class="sd"> @param data: The key data.</span>
|
|
|
|
<span class="sd"> @type type: L{str} or L{None}</span>
|
|
<span class="sd"> @param type: A string describing the format the key data is in, or</span>
|
|
<span class="sd"> L{None} to attempt detection of the type.</span>
|
|
|
|
<span class="sd"> @type passphrase: L{bytes} or L{None}</span>
|
|
<span class="sd"> @param passphrase: The passphrase the key is encrypted with, or L{None}</span>
|
|
<span class="sd"> if there is no encryption.</span>
|
|
|
|
<span class="sd"> @rtype: L{Key}</span>
|
|
<span class="sd"> @return: The loaded key.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="nb">str</span><span class="p">):</span>
|
|
<span class="n">data</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"utf-8"</span><span class="p">)</span>
|
|
<span class="n">passphrase</span> <span class="o">=</span> <span class="n">_normalizePassphrase</span><span class="p">(</span><span class="n">passphrase</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="nb">type</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="nb">type</span> <span class="o">=</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_guessStringType</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="nb">type</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"cannot guess the type of </span><span class="si">{</span><span class="n">data</span><span class="si">!r}</span><span class="s2">"</span><span class="p">)</span>
|
|
<span class="n">method</span> <span class="o">=</span> <span class="nb">getattr</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="sa">f</span><span class="s2">"_fromString_</span><span class="si">{</span><span class="nb">type</span><span class="o">.</span><span class="n">upper</span><span class="p">()</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">method</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"no _fromString method for </span><span class="si">{</span><span class="nb">type</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">method</span><span class="o">.</span><span class="vm">__code__</span><span class="o">.</span><span class="n">co_argcount</span> <span class="o">==</span> <span class="mi">2</span><span class="p">:</span> <span class="c1"># No passphrase</span>
|
|
<span class="k">if</span> <span class="n">passphrase</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="s2">"key not encrypted"</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="n">method</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="n">method</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">passphrase</span><span class="p">)</span></div>
|
|
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromString_BLOB</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">blob</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a public key object corresponding to this public key blob.</span>
|
|
<span class="sd"> The format of a RSA public key blob is::</span>
|
|
<span class="sd"> string 'ssh-rsa'</span>
|
|
<span class="sd"> integer e</span>
|
|
<span class="sd"> integer n</span>
|
|
|
|
<span class="sd"> The format of a DSA public key blob is::</span>
|
|
<span class="sd"> string 'ssh-dss'</span>
|
|
<span class="sd"> integer p</span>
|
|
<span class="sd"> integer q</span>
|
|
<span class="sd"> integer g</span>
|
|
<span class="sd"> integer y</span>
|
|
|
|
<span class="sd"> The format of ECDSA-SHA2-* public key blob is::</span>
|
|
<span class="sd"> string 'ecdsa-sha2-[identifier]'</span>
|
|
<span class="sd"> integer x</span>
|
|
<span class="sd"> integer y</span>
|
|
|
|
<span class="sd"> identifier is the standard NIST curve name.</span>
|
|
|
|
<span class="sd"> The format of an Ed25519 public key blob is::</span>
|
|
<span class="sd"> string 'ssh-ed25519'</span>
|
|
<span class="sd"> string a</span>
|
|
|
|
<span class="sd"> @type blob: L{bytes}</span>
|
|
<span class="sd"> @param blob: The key data.</span>
|
|
|
|
<span class="sd"> @return: A new key.</span>
|
|
<span class="sd"> @rtype: L{twisted.conch.ssh.keys.Key}</span>
|
|
<span class="sd"> @raises BadKeyError: if the key type (the first string) is unknown.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">keyType</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">blob</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">keyType</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"ssh-rsa"</span><span class="p">:</span>
|
|
<span class="n">e</span><span class="p">,</span> <span class="n">n</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">rest</span><span class="p">,</span> <span class="mi">2</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="p">(</span><span class="n">rsa</span><span class="o">.</span><span class="n">RSAPublicNumbers</span><span class="p">(</span><span class="n">e</span><span class="p">,</span> <span class="n">n</span><span class="p">)</span><span class="o">.</span><span class="n">public_key</span><span class="p">(</span><span class="n">default_backend</span><span class="p">()))</span>
|
|
|
|
<span class="k">if</span> <span class="n">keyType</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"ssh-dss"</span><span class="p">:</span>
|
|
<span class="n">p</span><span class="p">,</span> <span class="n">q</span><span class="p">,</span> <span class="n">g</span><span class="p">,</span> <span class="n">y</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">rest</span><span class="p">,</span> <span class="mi">4</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="p">(</span>
|
|
<span class="n">dsa</span><span class="o">.</span><span class="n">DSAPublicNumbers</span><span class="p">(</span>
|
|
<span class="n">y</span><span class="o">=</span><span class="n">y</span><span class="p">,</span> <span class="n">parameter_numbers</span><span class="o">=</span><span class="n">dsa</span><span class="o">.</span><span class="n">DSAParameterNumbers</span><span class="p">(</span><span class="n">p</span><span class="o">=</span><span class="n">p</span><span class="p">,</span> <span class="n">q</span><span class="o">=</span><span class="n">q</span><span class="p">,</span> <span class="n">g</span><span class="o">=</span><span class="n">g</span><span class="p">)</span>
|
|
<span class="p">)</span><span class="o">.</span><span class="n">public_key</span><span class="p">(</span><span class="n">default_backend</span><span class="p">())</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">keyType</span> <span class="ow">in</span> <span class="n">_curveTable</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="p">(</span>
|
|
<span class="n">ec</span><span class="o">.</span><span class="n">EllipticCurvePublicKey</span><span class="o">.</span><span class="n">from_encoded_point</span><span class="p">(</span>
|
|
<span class="n">_curveTable</span><span class="p">[</span><span class="n">keyType</span><span class="p">],</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">rest</span><span class="p">,</span> <span class="mi">2</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span>
|
|
<span class="p">)</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">keyType</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"sk-ecdsa-sha2-nistp256@openssh.com"</span><span class="p">:</span>
|
|
<span class="n">keyObject</span> <span class="o">=</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromECEncodedPoint</span><span class="p">(</span>
|
|
<span class="n">encodedPoint</span><span class="o">=</span><span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">rest</span><span class="p">,</span> <span class="mi">2</span><span class="p">)[</span><span class="mi">1</span><span class="p">],</span>
|
|
<span class="n">curve</span><span class="o">=</span><span class="sa">b</span><span class="s2">"ecdsa-sha2-nistp256"</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="n">keyObject</span><span class="o">.</span><span class="n">_sk</span> <span class="o">=</span> <span class="kc">True</span>
|
|
<span class="k">return</span> <span class="n">keyObject</span>
|
|
|
|
<span class="k">if</span> <span class="n">keyType</span> <span class="ow">in</span> <span class="p">[</span><span class="sa">b</span><span class="s2">"ssh-ed25519"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">"sk-ssh-ed25519@openssh.com"</span><span class="p">]:</span>
|
|
<span class="n">a</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">rest</span><span class="p">)</span>
|
|
<span class="n">keyObject</span> <span class="o">=</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromEd25519Components</span><span class="p">(</span><span class="n">a</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">keyType</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"sk-ssh-"</span><span class="p">):</span>
|
|
<span class="n">keyObject</span><span class="o">.</span><span class="n">_sk</span> <span class="o">=</span> <span class="kc">True</span>
|
|
<span class="k">return</span> <span class="n">keyObject</span>
|
|
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown blob type: </span><span class="si">{</span><span class="n">keyType</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromString_PRIVATE_BLOB</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">blob</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a private key object corresponding to this private key blob.</span>
|
|
<span class="sd"> The blob formats are as follows:</span>
|
|
|
|
<span class="sd"> RSA keys::</span>
|
|
<span class="sd"> string 'ssh-rsa'</span>
|
|
<span class="sd"> integer n</span>
|
|
<span class="sd"> integer e</span>
|
|
<span class="sd"> integer d</span>
|
|
<span class="sd"> integer u</span>
|
|
<span class="sd"> integer p</span>
|
|
<span class="sd"> integer q</span>
|
|
|
|
<span class="sd"> DSA keys::</span>
|
|
<span class="sd"> string 'ssh-dss'</span>
|
|
<span class="sd"> integer p</span>
|
|
<span class="sd"> integer q</span>
|
|
<span class="sd"> integer g</span>
|
|
<span class="sd"> integer y</span>
|
|
<span class="sd"> integer x</span>
|
|
|
|
<span class="sd"> EC keys::</span>
|
|
<span class="sd"> string 'ecdsa-sha2-[identifier]'</span>
|
|
<span class="sd"> string identifier</span>
|
|
<span class="sd"> string q</span>
|
|
<span class="sd"> integer privateValue</span>
|
|
|
|
<span class="sd"> identifier is the standard NIST curve name.</span>
|
|
|
|
<span class="sd"> Ed25519 keys::</span>
|
|
<span class="sd"> string 'ssh-ed25519'</span>
|
|
<span class="sd"> string a</span>
|
|
<span class="sd"> string k || a</span>
|
|
|
|
|
|
<span class="sd"> @type blob: L{bytes}</span>
|
|
<span class="sd"> @param blob: The key data.</span>
|
|
|
|
<span class="sd"> @return: A new key.</span>
|
|
<span class="sd"> @rtype: L{twisted.conch.ssh.keys.Key}</span>
|
|
<span class="sd"> @raises BadKeyError: if</span>
|
|
<span class="sd"> * the key type (the first string) is unknown</span>
|
|
<span class="sd"> * the curve name of an ECDSA key does not match the key type</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">keyType</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">blob</span><span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">keyType</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"ssh-rsa"</span><span class="p">:</span>
|
|
<span class="n">n</span><span class="p">,</span> <span class="n">e</span><span class="p">,</span> <span class="n">d</span><span class="p">,</span> <span class="n">u</span><span class="p">,</span> <span class="n">p</span><span class="p">,</span> <span class="n">q</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">rest</span><span class="p">,</span> <span class="mi">6</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromRSAComponents</span><span class="p">(</span><span class="n">n</span><span class="o">=</span><span class="n">n</span><span class="p">,</span> <span class="n">e</span><span class="o">=</span><span class="n">e</span><span class="p">,</span> <span class="n">d</span><span class="o">=</span><span class="n">d</span><span class="p">,</span> <span class="n">p</span><span class="o">=</span><span class="n">p</span><span class="p">,</span> <span class="n">q</span><span class="o">=</span><span class="n">q</span><span class="p">)</span>
|
|
<span class="k">elif</span> <span class="n">keyType</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"ssh-dss"</span><span class="p">:</span>
|
|
<span class="n">p</span><span class="p">,</span> <span class="n">q</span><span class="p">,</span> <span class="n">g</span><span class="p">,</span> <span class="n">y</span><span class="p">,</span> <span class="n">x</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">rest</span><span class="p">,</span> <span class="mi">5</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromDSAComponents</span><span class="p">(</span><span class="n">y</span><span class="o">=</span><span class="n">y</span><span class="p">,</span> <span class="n">g</span><span class="o">=</span><span class="n">g</span><span class="p">,</span> <span class="n">p</span><span class="o">=</span><span class="n">p</span><span class="p">,</span> <span class="n">q</span><span class="o">=</span><span class="n">q</span><span class="p">,</span> <span class="n">x</span><span class="o">=</span><span class="n">x</span><span class="p">)</span>
|
|
<span class="k">elif</span> <span class="n">keyType</span> <span class="ow">in</span> <span class="n">_curveTable</span><span class="p">:</span>
|
|
<span class="n">curve</span> <span class="o">=</span> <span class="n">_curveTable</span><span class="p">[</span><span class="n">keyType</span><span class="p">]</span>
|
|
<span class="n">curveName</span><span class="p">,</span> <span class="n">q</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">rest</span><span class="p">,</span> <span class="mi">2</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">curveName</span> <span class="o">!=</span> <span class="n">_secToNist</span><span class="p">[</span><span class="n">curve</span><span class="o">.</span><span class="n">name</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"ascii"</span><span class="p">)]:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span>
|
|
<span class="s2">"ECDSA curve name </span><span class="si">%r</span><span class="s2"> does not match key "</span>
|
|
<span class="s2">"type </span><span class="si">%r</span><span class="s2">"</span> <span class="o">%</span> <span class="p">(</span><span class="n">curveName</span><span class="p">,</span> <span class="n">keyType</span><span class="p">)</span>
|
|
<span class="p">)</span>
|
|
<span class="n">privateValue</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">rest</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromECEncodedPoint</span><span class="p">(</span>
|
|
<span class="n">encodedPoint</span><span class="o">=</span><span class="n">q</span><span class="p">,</span> <span class="n">curve</span><span class="o">=</span><span class="n">keyType</span><span class="p">,</span> <span class="n">privateValue</span><span class="o">=</span><span class="n">privateValue</span>
|
|
<span class="p">)</span>
|
|
<span class="k">elif</span> <span class="n">keyType</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"ssh-ed25519"</span><span class="p">:</span>
|
|
<span class="c1"># OpenSSH's format repeats the public key bytes for some reason.</span>
|
|
<span class="c1"># We're only interested in the private key here anyway.</span>
|
|
<span class="n">a</span><span class="p">,</span> <span class="n">combined</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">rest</span><span class="p">,</span> <span class="mi">2</span><span class="p">)</span>
|
|
<span class="n">k</span> <span class="o">=</span> <span class="n">combined</span><span class="p">[:</span><span class="mi">32</span><span class="p">]</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromEd25519Components</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">k</span><span class="o">=</span><span class="n">k</span><span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown blob type: </span><span class="si">{</span><span class="n">keyType</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromString_PUBLIC_OPENSSH</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a public key object corresponding to this OpenSSH public key</span>
|
|
<span class="sd"> string. The format of an OpenSSH public key string is::</span>
|
|
<span class="sd"> <key type> <base64-encoded public key blob></span>
|
|
|
|
<span class="sd"> @type data: L{bytes}</span>
|
|
<span class="sd"> @param data: The key data.</span>
|
|
|
|
<span class="sd"> @return: A new key.</span>
|
|
<span class="sd"> @rtype: L{twisted.conch.ssh.keys.Key}</span>
|
|
<span class="sd"> @raises BadKeyError: if the blob type is unknown.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="c1"># ECDSA keys don't need base64 decoding which is required</span>
|
|
<span class="c1"># for RSA or DSA key.</span>
|
|
<span class="k">if</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"ecdsa-sha2"</span><span class="p">):</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="p">(</span><span class="n">load_ssh_public_key</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">default_backend</span><span class="p">()))</span>
|
|
<span class="n">blob</span> <span class="o">=</span> <span class="n">decodebytes</span><span class="p">(</span><span class="n">data</span><span class="o">.</span><span class="n">split</span><span class="p">()[</span><span class="mi">1</span><span class="p">])</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromString_BLOB</span><span class="p">(</span><span class="n">blob</span><span class="p">)</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromPrivateOpenSSH_v1</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">passphrase</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a private key object corresponding to this OpenSSH private key</span>
|
|
<span class="sd"> string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.</span>
|
|
|
|
<span class="sd"> The format of an openssh-key-v1 private key string is::</span>
|
|
<span class="sd"> -----BEGIN OPENSSH PRIVATE KEY-----</span>
|
|
<span class="sd"> <base64-encoded SSH protocol string></span>
|
|
<span class="sd"> -----END OPENSSH PRIVATE KEY-----</span>
|
|
|
|
<span class="sd"> The SSH protocol string is as described in</span>
|
|
<span class="sd"> U{PROTOCOL.key<https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key>}.</span>
|
|
|
|
<span class="sd"> @type data: L{bytes}</span>
|
|
<span class="sd"> @param data: The key data.</span>
|
|
|
|
<span class="sd"> @type passphrase: L{bytes} or L{None}</span>
|
|
<span class="sd"> @param passphrase: The passphrase the key is encrypted with, or L{None}</span>
|
|
<span class="sd"> if it is not encrypted.</span>
|
|
|
|
<span class="sd"> @return: A new key.</span>
|
|
<span class="sd"> @rtype: L{twisted.conch.ssh.keys.Key}</span>
|
|
<span class="sd"> @raises BadKeyError: if</span>
|
|
<span class="sd"> * a passphrase is provided for an unencrypted key</span>
|
|
<span class="sd"> * the SSH protocol encoding is incorrect</span>
|
|
<span class="sd"> @raises EncryptedKeyError: if</span>
|
|
<span class="sd"> * a passphrase is not provided for an encrypted key</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">lines</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">strip</span><span class="p">()</span><span class="o">.</span><span class="n">splitlines</span><span class="p">()</span>
|
|
<span class="n">keyList</span> <span class="o">=</span> <span class="n">decodebytes</span><span class="p">(</span><span class="sa">b</span><span class="s2">""</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">lines</span><span class="p">[</span><span class="mi">1</span><span class="p">:</span><span class="o">-</span><span class="mi">1</span><span class="p">]))</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="n">keyList</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"openssh-key-v1</span><span class="se">\0</span><span class="s2">"</span><span class="p">):</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="s2">"unknown OpenSSH private key format"</span><span class="p">)</span>
|
|
<span class="n">keyList</span> <span class="o">=</span> <span class="n">keyList</span><span class="p">[</span><span class="nb">len</span><span class="p">(</span><span class="sa">b</span><span class="s2">"openssh-key-v1</span><span class="se">\0</span><span class="s2">"</span><span class="p">)</span> <span class="p">:]</span>
|
|
<span class="n">cipher</span><span class="p">,</span> <span class="n">kdf</span><span class="p">,</span> <span class="n">kdfOptions</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">keyList</span><span class="p">,</span> <span class="mi">3</span><span class="p">)</span>
|
|
<span class="n">n</span> <span class="o">=</span> <span class="n">struct</span><span class="o">.</span><span class="n">unpack</span><span class="p">(</span><span class="s2">"!L"</span><span class="p">,</span> <span class="n">rest</span><span class="p">[:</span><span class="mi">4</span><span class="p">])[</span><span class="mi">0</span><span class="p">]</span>
|
|
<span class="k">if</span> <span class="n">n</span> <span class="o">!=</span> <span class="mi">1</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span>
|
|
<span class="s2">"only OpenSSH private key files containing "</span>
|
|
<span class="s2">"a single key are supported"</span>
|
|
<span class="p">)</span>
|
|
<span class="c1"># Ignore public key</span>
|
|
<span class="n">_</span><span class="p">,</span> <span class="n">encPrivKeyList</span><span class="p">,</span> <span class="n">_</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">rest</span><span class="p">[</span><span class="mi">4</span><span class="p">:],</span> <span class="mi">2</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">cipher</span> <span class="o">!=</span> <span class="sa">b</span><span class="s2">"none"</span><span class="p">:</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="n">passphrase</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">EncryptedKeyError</span><span class="p">(</span>
|
|
<span class="s2">"Passphrase must be provided "</span> <span class="s2">"for an encrypted key"</span>
|
|
<span class="p">)</span>
|
|
<span class="c1"># Determine cipher</span>
|
|
<span class="k">if</span> <span class="n">cipher</span> <span class="ow">in</span> <span class="p">(</span><span class="sa">b</span><span class="s2">"aes128-ctr"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">"aes192-ctr"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">"aes256-ctr"</span><span class="p">):</span>
|
|
<span class="n">algorithmClass</span> <span class="o">=</span> <span class="n">algorithms</span><span class="o">.</span><span class="n">AES</span>
|
|
<span class="n">blockSize</span> <span class="o">=</span> <span class="mi">16</span>
|
|
<span class="n">keySize</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">cipher</span><span class="p">[</span><span class="mi">3</span><span class="p">:</span><span class="mi">6</span><span class="p">])</span> <span class="o">//</span> <span class="mi">8</span>
|
|
<span class="n">ivSize</span> <span class="o">=</span> <span class="n">blockSize</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown encryption type </span><span class="si">{</span><span class="n">cipher</span><span class="si">!r}</span><span class="s2">"</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">kdf</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"bcrypt"</span><span class="p">:</span>
|
|
<span class="n">salt</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">kdfOptions</span><span class="p">)</span>
|
|
<span class="n">rounds</span> <span class="o">=</span> <span class="n">struct</span><span class="o">.</span><span class="n">unpack</span><span class="p">(</span><span class="s2">"!L"</span><span class="p">,</span> <span class="n">rest</span><span class="p">[:</span><span class="mi">4</span><span class="p">])[</span><span class="mi">0</span><span class="p">]</span>
|
|
<span class="n">decKey</span> <span class="o">=</span> <span class="n">bcrypt</span><span class="o">.</span><span class="n">kdf</span><span class="p">(</span>
|
|
<span class="n">passphrase</span><span class="p">,</span>
|
|
<span class="n">salt</span><span class="p">,</span>
|
|
<span class="n">keySize</span> <span class="o">+</span> <span class="n">ivSize</span><span class="p">,</span>
|
|
<span class="n">rounds</span><span class="p">,</span>
|
|
<span class="c1"># We can only use the number of rounds that OpenSSH used.</span>
|
|
<span class="n">ignore_few_rounds</span><span class="o">=</span><span class="kc">True</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown KDF type </span><span class="si">{</span><span class="n">kdf</span><span class="si">!r}</span><span class="s2">"</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">encPrivKeyList</span><span class="p">)</span> <span class="o">%</span> <span class="n">blockSize</span><span class="p">)</span> <span class="o">!=</span> <span class="mi">0</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="s2">"bad padding"</span><span class="p">)</span>
|
|
<span class="n">decryptor</span> <span class="o">=</span> <span class="n">Cipher</span><span class="p">(</span>
|
|
<span class="n">algorithmClass</span><span class="p">(</span><span class="n">decKey</span><span class="p">[:</span><span class="n">keySize</span><span class="p">]),</span>
|
|
<span class="n">modes</span><span class="o">.</span><span class="n">CTR</span><span class="p">(</span><span class="n">decKey</span><span class="p">[</span><span class="n">keySize</span> <span class="p">:</span> <span class="n">keySize</span> <span class="o">+</span> <span class="n">ivSize</span><span class="p">]),</span>
|
|
<span class="n">backend</span><span class="o">=</span><span class="n">default_backend</span><span class="p">(),</span>
|
|
<span class="p">)</span><span class="o">.</span><span class="n">decryptor</span><span class="p">()</span>
|
|
<span class="n">privKeyList</span> <span class="o">=</span> <span class="n">decryptor</span><span class="o">.</span><span class="n">update</span><span class="p">(</span><span class="n">encPrivKeyList</span><span class="p">)</span> <span class="o">+</span> <span class="n">decryptor</span><span class="o">.</span><span class="n">finalize</span><span class="p">()</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">if</span> <span class="n">kdf</span> <span class="o">!=</span> <span class="sa">b</span><span class="s2">"none"</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span>
|
|
<span class="s2">"private key specifies KDF </span><span class="si">%r</span><span class="s2"> but no "</span> <span class="s2">"cipher"</span> <span class="o">%</span> <span class="p">(</span><span class="n">kdf</span><span class="p">,)</span>
|
|
<span class="p">)</span>
|
|
<span class="n">privKeyList</span> <span class="o">=</span> <span class="n">encPrivKeyList</span>
|
|
<span class="n">check1</span> <span class="o">=</span> <span class="n">struct</span><span class="o">.</span><span class="n">unpack</span><span class="p">(</span><span class="s2">"!L"</span><span class="p">,</span> <span class="n">privKeyList</span><span class="p">[:</span><span class="mi">4</span><span class="p">])[</span><span class="mi">0</span><span class="p">]</span>
|
|
<span class="n">check2</span> <span class="o">=</span> <span class="n">struct</span><span class="o">.</span><span class="n">unpack</span><span class="p">(</span><span class="s2">"!L"</span><span class="p">,</span> <span class="n">privKeyList</span><span class="p">[</span><span class="mi">4</span><span class="p">:</span><span class="mi">8</span><span class="p">])[</span><span class="mi">0</span><span class="p">]</span>
|
|
<span class="k">if</span> <span class="n">check1</span> <span class="o">!=</span> <span class="n">check2</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="s2">"check values do not match: </span><span class="si">%d</span><span class="s2"> != </span><span class="si">%d</span><span class="s2">"</span> <span class="o">%</span> <span class="p">(</span><span class="n">check1</span><span class="p">,</span> <span class="n">check2</span><span class="p">))</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromString_PRIVATE_BLOB</span><span class="p">(</span><span class="n">privKeyList</span><span class="p">[</span><span class="mi">8</span><span class="p">:])</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromPrivateOpenSSH_PEM</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">passphrase</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a private key object corresponding to this OpenSSH private key</span>
|
|
<span class="sd"> string, in the old PEM-based format.</span>
|
|
|
|
<span class="sd"> The format of a PEM-based OpenSSH private key string is::</span>
|
|
<span class="sd"> -----BEGIN <key type> PRIVATE KEY-----</span>
|
|
<span class="sd"> [Proc-Type: 4,ENCRYPTED</span>
|
|
<span class="sd"> DEK-Info: DES-EDE3-CBC,<initialization value>]</span>
|
|
<span class="sd"> <base64-encoded ASN.1 structure></span>
|
|
<span class="sd"> ------END <key type> PRIVATE KEY------</span>
|
|
|
|
<span class="sd"> The ASN.1 structure of a RSA key is::</span>
|
|
<span class="sd"> (0, n, e, d, p, q)</span>
|
|
|
|
<span class="sd"> The ASN.1 structure of a DSA key is::</span>
|
|
<span class="sd"> (0, p, q, g, y, x)</span>
|
|
|
|
<span class="sd"> The ASN.1 structure of a ECDSA key is::</span>
|
|
<span class="sd"> (ECParameters, OID, NULL)</span>
|
|
|
|
<span class="sd"> @type data: L{bytes}</span>
|
|
<span class="sd"> @param data: The key data.</span>
|
|
|
|
<span class="sd"> @type passphrase: L{bytes} or L{None}</span>
|
|
<span class="sd"> @param passphrase: The passphrase the key is encrypted with, or L{None}</span>
|
|
<span class="sd"> if it is not encrypted.</span>
|
|
|
|
<span class="sd"> @return: A new key.</span>
|
|
<span class="sd"> @rtype: L{twisted.conch.ssh.keys.Key}</span>
|
|
<span class="sd"> @raises BadKeyError: if</span>
|
|
<span class="sd"> * a passphrase is provided for an unencrypted key</span>
|
|
<span class="sd"> * the ASN.1 encoding is incorrect</span>
|
|
<span class="sd"> @raises EncryptedKeyError: if</span>
|
|
<span class="sd"> * a passphrase is not provided for an encrypted key</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">lines</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">strip</span><span class="p">()</span><span class="o">.</span><span class="n">splitlines</span><span class="p">()</span>
|
|
<span class="n">kind</span> <span class="o">=</span> <span class="n">lines</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="mi">11</span><span class="p">:</span><span class="o">-</span><span class="mi">17</span><span class="p">]</span>
|
|
<span class="c1"># cryptography considers an empty byte string a passphrase, but</span>
|
|
<span class="c1"># twisted considers that to be "no password". So we need to convert</span>
|
|
<span class="c1"># to None on empty.</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="n">passphrase</span><span class="p">:</span>
|
|
<span class="n">passphrase</span> <span class="o">=</span> <span class="kc">None</span>
|
|
<span class="k">if</span> <span class="n">kind</span> <span class="ow">in</span> <span class="p">(</span><span class="sa">b</span><span class="s2">"EC"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">"RSA"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">"DSA"</span><span class="p">):</span>
|
|
<span class="k">try</span><span class="p">:</span>
|
|
<span class="n">key</span> <span class="o">=</span> <span class="n">load_pem_private_key</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">passphrase</span><span class="p">,</span> <span class="n">default_backend</span><span class="p">())</span>
|
|
<span class="k">except</span> <span class="ne">TypeError</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">EncryptedKeyError</span><span class="p">(</span>
|
|
<span class="s2">"Passphrase must be provided for an encrypted key"</span>
|
|
<span class="p">)</span>
|
|
<span class="k">except</span> <span class="ne">ValueError</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="s2">"Failed to decode key (Bad Passphrase?)"</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="p">(</span><span class="n">key</span><span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown key type </span><span class="si">{</span><span class="n">kind</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromString_PRIVATE_OPENSSH</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">passphrase</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a private key object corresponding to this OpenSSH private key</span>
|
|
<span class="sd"> string. If the key is encrypted, passphrase MUST be provided.</span>
|
|
<span class="sd"> Providing a passphrase for an unencrypted key is an error.</span>
|
|
|
|
<span class="sd"> @type data: L{bytes}</span>
|
|
<span class="sd"> @param data: The key data.</span>
|
|
|
|
<span class="sd"> @type passphrase: L{bytes} or L{None}</span>
|
|
<span class="sd"> @param passphrase: The passphrase the key is encrypted with, or L{None}</span>
|
|
<span class="sd"> if it is not encrypted.</span>
|
|
|
|
<span class="sd"> @return: A new key.</span>
|
|
<span class="sd"> @rtype: L{twisted.conch.ssh.keys.Key}</span>
|
|
<span class="sd"> @raises BadKeyError: if</span>
|
|
<span class="sd"> * a passphrase is provided for an unencrypted key</span>
|
|
<span class="sd"> * the encoding is incorrect</span>
|
|
<span class="sd"> @raises EncryptedKeyError: if</span>
|
|
<span class="sd"> * a passphrase is not provided for an encrypted key</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="n">data</span><span class="o">.</span><span class="n">strip</span><span class="p">()</span><span class="o">.</span><span class="n">splitlines</span><span class="p">()[</span><span class="mi">0</span><span class="p">][</span><span class="mi">11</span><span class="p">:</span><span class="o">-</span><span class="mi">17</span><span class="p">]</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"OPENSSH"</span><span class="p">:</span>
|
|
<span class="c1"># New-format (openssh-key-v1) key</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromPrivateOpenSSH_v1</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">passphrase</span><span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="c1"># Old-format (PEM) key</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromPrivateOpenSSH_PEM</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">passphrase</span><span class="p">)</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromString_PUBLIC_LSH</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a public key corresponding to this LSH public key string.</span>
|
|
<span class="sd"> The LSH public key string format is::</span>
|
|
<span class="sd"> <s-expression: ('public-key', (<key type>, (<name, <value>)+))></span>
|
|
|
|
<span class="sd"> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e.</span>
|
|
<span class="sd"> The names for a DSA (key type 'dsa') key are: y, g, p, q.</span>
|
|
|
|
<span class="sd"> @type data: L{bytes}</span>
|
|
<span class="sd"> @param data: The key data.</span>
|
|
|
|
<span class="sd"> @return: A new key.</span>
|
|
<span class="sd"> @rtype: L{twisted.conch.ssh.keys.Key}</span>
|
|
<span class="sd"> @raises BadKeyError: if the key type is unknown</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">sexp</span> <span class="o">=</span> <span class="n">sexpy</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="n">decodebytes</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="mi">1</span><span class="p">:</span><span class="o">-</span><span class="mi">1</span><span class="p">]))</span>
|
|
<span class="k">assert</span> <span class="n">sexp</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"public-key"</span>
|
|
<span class="n">kd</span> <span class="o">=</span> <span class="p">{}</span>
|
|
<span class="k">for</span> <span class="n">name</span><span class="p">,</span> <span class="n">data</span> <span class="ow">in</span> <span class="n">sexp</span><span class="p">[</span><span class="mi">1</span><span class="p">][</span><span class="mi">1</span><span class="p">:]:</span>
|
|
<span class="n">kd</span><span class="p">[</span><span class="n">name</span><span class="p">]</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">data</span><span class="p">))[</span><span class="mi">0</span><span class="p">]</span>
|
|
<span class="k">if</span> <span class="n">sexp</span><span class="p">[</span><span class="mi">1</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"dsa"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromDSAComponents</span><span class="p">(</span>
|
|
<span class="n">y</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"y"</span><span class="p">],</span> <span class="n">g</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"g"</span><span class="p">],</span> <span class="n">p</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"p"</span><span class="p">],</span> <span class="n">q</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"q"</span><span class="p">]</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">elif</span> <span class="n">sexp</span><span class="p">[</span><span class="mi">1</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"rsa-pkcs1-sha1"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromRSAComponents</span><span class="p">(</span><span class="n">n</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"n"</span><span class="p">],</span> <span class="n">e</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"e"</span><span class="p">])</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown lsh key type </span><span class="si">{</span><span class="n">sexp</span><span class="p">[</span><span class="mi">1</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromString_PRIVATE_LSH</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a private key corresponding to this LSH private key string.</span>
|
|
<span class="sd"> The LSH private key string format is::</span>
|
|
<span class="sd"> <s-expression: ('private-key', (<key type>, (<name>, <value>)+))></span>
|
|
|
|
<span class="sd"> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q.</span>
|
|
<span class="sd"> The names for a DSA (key type 'dsa') key are: y, g, p, q, x.</span>
|
|
|
|
<span class="sd"> @type data: L{bytes}</span>
|
|
<span class="sd"> @param data: The key data.</span>
|
|
|
|
<span class="sd"> @return: A new key.</span>
|
|
<span class="sd"> @rtype: L{twisted.conch.ssh.keys.Key}</span>
|
|
<span class="sd"> @raises BadKeyError: if the key type is unknown</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">sexp</span> <span class="o">=</span> <span class="n">sexpy</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="k">assert</span> <span class="n">sexp</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"private-key"</span>
|
|
<span class="n">kd</span> <span class="o">=</span> <span class="p">{}</span>
|
|
<span class="k">for</span> <span class="n">name</span><span class="p">,</span> <span class="n">data</span> <span class="ow">in</span> <span class="n">sexp</span><span class="p">[</span><span class="mi">1</span><span class="p">][</span><span class="mi">1</span><span class="p">:]:</span>
|
|
<span class="n">kd</span><span class="p">[</span><span class="n">name</span><span class="p">]</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">data</span><span class="p">))[</span><span class="mi">0</span><span class="p">]</span>
|
|
<span class="k">if</span> <span class="n">sexp</span><span class="p">[</span><span class="mi">1</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"dsa"</span><span class="p">:</span>
|
|
<span class="k">assert</span> <span class="nb">len</span><span class="p">(</span><span class="n">kd</span><span class="p">)</span> <span class="o">==</span> <span class="mi">5</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">kd</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromDSAComponents</span><span class="p">(</span>
|
|
<span class="n">y</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"y"</span><span class="p">],</span> <span class="n">g</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"g"</span><span class="p">],</span> <span class="n">p</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"p"</span><span class="p">],</span> <span class="n">q</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"q"</span><span class="p">],</span> <span class="n">x</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"x"</span><span class="p">]</span>
|
|
<span class="p">)</span>
|
|
<span class="k">elif</span> <span class="n">sexp</span><span class="p">[</span><span class="mi">1</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"rsa-pkcs1"</span><span class="p">:</span>
|
|
<span class="k">assert</span> <span class="nb">len</span><span class="p">(</span><span class="n">kd</span><span class="p">)</span> <span class="o">==</span> <span class="mi">8</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">kd</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"p"</span><span class="p">]</span> <span class="o">></span> <span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"q"</span><span class="p">]:</span> <span class="c1"># Make p smaller than q</span>
|
|
<span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"p"</span><span class="p">],</span> <span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"q"</span><span class="p">]</span> <span class="o">=</span> <span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"q"</span><span class="p">],</span> <span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"p"</span><span class="p">]</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromRSAComponents</span><span class="p">(</span>
|
|
<span class="n">n</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"n"</span><span class="p">],</span> <span class="n">e</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"e"</span><span class="p">],</span> <span class="n">d</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"d"</span><span class="p">],</span> <span class="n">p</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"p"</span><span class="p">],</span> <span class="n">q</span><span class="o">=</span><span class="n">kd</span><span class="p">[</span><span class="sa">b</span><span class="s2">"q"</span><span class="p">]</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown lsh key type </span><span class="si">{</span><span class="n">sexp</span><span class="p">[</span><span class="mi">1</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromString_AGENTV3</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a private key object corresponsing to the Secure Shell Key</span>
|
|
<span class="sd"> Agent v3 format.</span>
|
|
|
|
<span class="sd"> The SSH Key Agent v3 format for a RSA key is::</span>
|
|
<span class="sd"> string 'ssh-rsa'</span>
|
|
<span class="sd"> integer e</span>
|
|
<span class="sd"> integer d</span>
|
|
<span class="sd"> integer n</span>
|
|
<span class="sd"> integer u</span>
|
|
<span class="sd"> integer p</span>
|
|
<span class="sd"> integer q</span>
|
|
|
|
<span class="sd"> The SSH Key Agent v3 format for a DSA key is::</span>
|
|
<span class="sd"> string 'ssh-dss'</span>
|
|
<span class="sd"> integer p</span>
|
|
<span class="sd"> integer q</span>
|
|
<span class="sd"> integer g</span>
|
|
<span class="sd"> integer y</span>
|
|
<span class="sd"> integer x</span>
|
|
|
|
<span class="sd"> @type data: L{bytes}</span>
|
|
<span class="sd"> @param data: The key data.</span>
|
|
|
|
<span class="sd"> @return: A new key.</span>
|
|
<span class="sd"> @rtype: L{twisted.conch.ssh.keys.Key}</span>
|
|
<span class="sd"> @raises BadKeyError: if the key type (the first string) is unknown</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">keyType</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">keyType</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"ssh-dss"</span><span class="p">:</span>
|
|
<span class="n">p</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">q</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">g</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">y</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">x</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromDSAComponents</span><span class="p">(</span><span class="n">y</span><span class="o">=</span><span class="n">y</span><span class="p">,</span> <span class="n">g</span><span class="o">=</span><span class="n">g</span><span class="p">,</span> <span class="n">p</span><span class="o">=</span><span class="n">p</span><span class="p">,</span> <span class="n">q</span><span class="o">=</span><span class="n">q</span><span class="p">,</span> <span class="n">x</span><span class="o">=</span><span class="n">x</span><span class="p">)</span>
|
|
<span class="k">elif</span> <span class="n">keyType</span> <span class="o">==</span> <span class="sa">b</span><span class="s2">"ssh-rsa"</span><span class="p">:</span>
|
|
<span class="n">e</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">d</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">n</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">u</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">p</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">q</span><span class="p">,</span> <span class="n">data</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="o">.</span><span class="n">_fromRSAComponents</span><span class="p">(</span><span class="n">n</span><span class="o">=</span><span class="n">n</span><span class="p">,</span> <span class="n">e</span><span class="o">=</span><span class="n">e</span><span class="p">,</span> <span class="n">d</span><span class="o">=</span><span class="n">d</span><span class="p">,</span> <span class="n">p</span><span class="o">=</span><span class="n">p</span><span class="p">,</span> <span class="n">q</span><span class="o">=</span><span class="n">q</span><span class="p">,</span> <span class="n">u</span><span class="o">=</span><span class="n">u</span><span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown key type </span><span class="si">{</span><span class="n">keyType</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_guessStringType</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Guess the type of key in data. The types map to _fromString_*</span>
|
|
<span class="sd"> methods.</span>
|
|
|
|
<span class="sd"> @type data: L{bytes}</span>
|
|
<span class="sd"> @param data: The key data.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"ssh-"</span><span class="p">)</span> <span class="ow">or</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"ecdsa-sha2-"</span><span class="p">):</span>
|
|
<span class="k">return</span> <span class="s2">"public_openssh"</span>
|
|
|
|
<span class="c1"># Twisted doesn't support certificate based keys yet.</span>
|
|
<span class="c1"># https://github.com/openssh/openssh-portable/blob/05f2b141cfcc60c7cdedf9450d2b9d390c19eaad/PROTOCOL.u2f#L96C1-L97C31</span>
|
|
<span class="k">if</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"sk-ecdsa-sha2-nistp256-cert-v01"</span><span class="p">)</span> <span class="ow">or</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span>
|
|
<span class="sa">b</span><span class="s2">"sk-ssh-ed25519-cert-v01"</span>
|
|
<span class="p">):</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="s2">"certificate based keys are not supported"</span><span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"sk-ecdsa-sha2-nistp256"</span><span class="p">)</span> <span class="ow">or</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span>
|
|
<span class="sa">b</span><span class="s2">"sk-ssh-ed25519"</span>
|
|
<span class="p">):</span>
|
|
<span class="c1"># OpenSSH FIDO2 security keys have similar public format.</span>
|
|
<span class="c1"># They have the extra "application" string,</span>
|
|
<span class="c1"># which for now is ignored.</span>
|
|
<span class="k">return</span> <span class="s2">"public_openssh"</span>
|
|
|
|
<span class="k">if</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"-----BEGIN"</span><span class="p">):</span>
|
|
<span class="k">return</span> <span class="s2">"private_openssh"</span>
|
|
|
|
<span class="k">if</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"{"</span><span class="p">):</span>
|
|
<span class="k">return</span> <span class="s2">"public_lsh"</span>
|
|
|
|
<span class="k">if</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"("</span><span class="p">):</span>
|
|
<span class="k">return</span> <span class="s2">"private_lsh"</span>
|
|
|
|
<span class="k">if</span> <span class="p">(</span>
|
|
<span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"</span><span class="se">\x00\x00\x00\x07</span><span class="s2">ssh-"</span><span class="p">)</span>
|
|
<span class="ow">or</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"</span><span class="se">\x00\x00\x00\x13</span><span class="s2">ecdsa-"</span><span class="p">)</span>
|
|
<span class="ow">or</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"</span><span class="se">\x00\x00\x00\x0b</span><span class="s2">ssh-ed25519"</span><span class="p">)</span>
|
|
<span class="ow">or</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s1">'</span><span class="se">\x00\x00\x00</span><span class="s1">"sk-ecdsa-sha2-nistp256@openssh.com'</span><span class="p">)</span>
|
|
<span class="ow">or</span> <span class="n">data</span><span class="o">.</span><span class="n">startswith</span><span class="p">(</span><span class="sa">b</span><span class="s2">"</span><span class="se">\x00\x00\x00\x1a</span><span class="s2">sk-ssh-ed25519@openssh.com"</span><span class="p">)</span>
|
|
<span class="p">):</span>
|
|
<span class="n">ignored</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
|
|
<span class="n">count</span> <span class="o">=</span> <span class="mi">0</span>
|
|
<span class="k">while</span> <span class="n">rest</span><span class="p">:</span>
|
|
<span class="n">count</span> <span class="o">+=</span> <span class="mi">1</span>
|
|
<span class="n">ignored</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getMP</span><span class="p">(</span><span class="n">rest</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">count</span> <span class="o">></span> <span class="mi">4</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="s2">"agentv3"</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="s2">"blob"</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromRSAComponents</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">n</span><span class="p">,</span> <span class="n">e</span><span class="p">,</span> <span class="n">d</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">p</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">q</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">u</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Build a key from RSA numerical components.</span>
|
|
|
|
<span class="sd"> @type n: L{int}</span>
|
|
<span class="sd"> @param n: The 'n' RSA variable.</span>
|
|
|
|
<span class="sd"> @type e: L{int}</span>
|
|
<span class="sd"> @param e: The 'e' RSA variable.</span>
|
|
|
|
<span class="sd"> @type d: L{int} or L{None}</span>
|
|
<span class="sd"> @param d: The 'd' RSA variable (optional for a public key).</span>
|
|
|
|
<span class="sd"> @type p: L{int} or L{None}</span>
|
|
<span class="sd"> @param p: The 'p' RSA variable (optional for a public key).</span>
|
|
|
|
<span class="sd"> @type q: L{int} or L{None}</span>
|
|
<span class="sd"> @param q: The 'q' RSA variable (optional for a public key).</span>
|
|
|
|
<span class="sd"> @type u: L{int} or L{None}</span>
|
|
<span class="sd"> @param u: The 'u' RSA variable. Ignored, as its value is determined by</span>
|
|
<span class="sd"> p and q.</span>
|
|
|
|
<span class="sd"> @rtype: L{Key}</span>
|
|
<span class="sd"> @return: An RSA key constructed from the values as given.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">publicNumbers</span> <span class="o">=</span> <span class="n">rsa</span><span class="o">.</span><span class="n">RSAPublicNumbers</span><span class="p">(</span><span class="n">e</span><span class="o">=</span><span class="n">e</span><span class="p">,</span> <span class="n">n</span><span class="o">=</span><span class="n">n</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">d</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="c1"># We have public components.</span>
|
|
<span class="n">keyObject</span> <span class="o">=</span> <span class="n">publicNumbers</span><span class="o">.</span><span class="n">public_key</span><span class="p">(</span><span class="n">default_backend</span><span class="p">())</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">privateNumbers</span> <span class="o">=</span> <span class="n">rsa</span><span class="o">.</span><span class="n">RSAPrivateNumbers</span><span class="p">(</span>
|
|
<span class="n">p</span><span class="o">=</span><span class="n">p</span><span class="p">,</span>
|
|
<span class="n">q</span><span class="o">=</span><span class="n">q</span><span class="p">,</span>
|
|
<span class="n">d</span><span class="o">=</span><span class="n">d</span><span class="p">,</span>
|
|
<span class="n">dmp1</span><span class="o">=</span><span class="n">rsa</span><span class="o">.</span><span class="n">rsa_crt_dmp1</span><span class="p">(</span><span class="n">d</span><span class="p">,</span> <span class="n">p</span><span class="p">),</span>
|
|
<span class="n">dmq1</span><span class="o">=</span><span class="n">rsa</span><span class="o">.</span><span class="n">rsa_crt_dmq1</span><span class="p">(</span><span class="n">d</span><span class="p">,</span> <span class="n">q</span><span class="p">),</span>
|
|
<span class="n">iqmp</span><span class="o">=</span><span class="n">rsa</span><span class="o">.</span><span class="n">rsa_crt_iqmp</span><span class="p">(</span><span class="n">p</span><span class="p">,</span> <span class="n">q</span><span class="p">),</span>
|
|
<span class="n">public_numbers</span><span class="o">=</span><span class="n">publicNumbers</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="n">keyObject</span> <span class="o">=</span> <span class="n">privateNumbers</span><span class="o">.</span><span class="n">private_key</span><span class="p">(</span><span class="n">default_backend</span><span class="p">())</span>
|
|
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="p">(</span><span class="n">keyObject</span><span class="p">)</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromDSAComponents</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">y</span><span class="p">,</span> <span class="n">p</span><span class="p">,</span> <span class="n">q</span><span class="p">,</span> <span class="n">g</span><span class="p">,</span> <span class="n">x</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Build a key from DSA numerical components.</span>
|
|
|
|
<span class="sd"> @type y: L{int}</span>
|
|
<span class="sd"> @param y: The 'y' DSA variable.</span>
|
|
|
|
<span class="sd"> @type p: L{int}</span>
|
|
<span class="sd"> @param p: The 'p' DSA variable.</span>
|
|
|
|
<span class="sd"> @type q: L{int}</span>
|
|
<span class="sd"> @param q: The 'q' DSA variable.</span>
|
|
|
|
<span class="sd"> @type g: L{int}</span>
|
|
<span class="sd"> @param g: The 'g' DSA variable.</span>
|
|
|
|
<span class="sd"> @type x: L{int} or L{None}</span>
|
|
<span class="sd"> @param x: The 'x' DSA variable (optional for a public key)</span>
|
|
|
|
<span class="sd"> @rtype: L{Key}</span>
|
|
<span class="sd"> @return: A DSA key constructed from the values as given.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">publicNumbers</span> <span class="o">=</span> <span class="n">dsa</span><span class="o">.</span><span class="n">DSAPublicNumbers</span><span class="p">(</span>
|
|
<span class="n">y</span><span class="o">=</span><span class="n">y</span><span class="p">,</span> <span class="n">parameter_numbers</span><span class="o">=</span><span class="n">dsa</span><span class="o">.</span><span class="n">DSAParameterNumbers</span><span class="p">(</span><span class="n">p</span><span class="o">=</span><span class="n">p</span><span class="p">,</span> <span class="n">q</span><span class="o">=</span><span class="n">q</span><span class="p">,</span> <span class="n">g</span><span class="o">=</span><span class="n">g</span><span class="p">)</span>
|
|
<span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">x</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="c1"># We have public components.</span>
|
|
<span class="n">keyObject</span> <span class="o">=</span> <span class="n">publicNumbers</span><span class="o">.</span><span class="n">public_key</span><span class="p">(</span><span class="n">default_backend</span><span class="p">())</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">privateNumbers</span> <span class="o">=</span> <span class="n">dsa</span><span class="o">.</span><span class="n">DSAPrivateNumbers</span><span class="p">(</span><span class="n">x</span><span class="o">=</span><span class="n">x</span><span class="p">,</span> <span class="n">public_numbers</span><span class="o">=</span><span class="n">publicNumbers</span><span class="p">)</span>
|
|
<span class="n">keyObject</span> <span class="o">=</span> <span class="n">privateNumbers</span><span class="o">.</span><span class="n">private_key</span><span class="p">(</span><span class="n">default_backend</span><span class="p">())</span>
|
|
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="p">(</span><span class="n">keyObject</span><span class="p">)</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromECComponents</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">,</span> <span class="n">curve</span><span class="p">,</span> <span class="n">privateValue</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Build a key from EC components.</span>
|
|
|
|
<span class="sd"> @param x: The affine x component of the public point used for verifying.</span>
|
|
<span class="sd"> @type x: L{int}</span>
|
|
|
|
<span class="sd"> @param y: The affine y component of the public point used for verifying.</span>
|
|
<span class="sd"> @type y: L{int}</span>
|
|
|
|
<span class="sd"> @param curve: NIST name of elliptic curve.</span>
|
|
<span class="sd"> @type curve: L{bytes}</span>
|
|
|
|
<span class="sd"> @param privateValue: The private value.</span>
|
|
<span class="sd"> @type privateValue: L{int}</span>
|
|
<span class="sd"> """</span>
|
|
|
|
<span class="n">publicNumbers</span> <span class="o">=</span> <span class="n">ec</span><span class="o">.</span><span class="n">EllipticCurvePublicNumbers</span><span class="p">(</span>
|
|
<span class="n">x</span><span class="o">=</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="o">=</span><span class="n">y</span><span class="p">,</span> <span class="n">curve</span><span class="o">=</span><span class="n">_curveTable</span><span class="p">[</span><span class="n">curve</span><span class="p">]</span>
|
|
<span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">privateValue</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="c1"># We have public components.</span>
|
|
<span class="n">keyObject</span> <span class="o">=</span> <span class="n">publicNumbers</span><span class="o">.</span><span class="n">public_key</span><span class="p">(</span><span class="n">default_backend</span><span class="p">())</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">privateNumbers</span> <span class="o">=</span> <span class="n">ec</span><span class="o">.</span><span class="n">EllipticCurvePrivateNumbers</span><span class="p">(</span>
|
|
<span class="n">private_value</span><span class="o">=</span><span class="n">privateValue</span><span class="p">,</span> <span class="n">public_numbers</span><span class="o">=</span><span class="n">publicNumbers</span>
|
|
<span class="p">)</span>
|
|
<span class="n">keyObject</span> <span class="o">=</span> <span class="n">privateNumbers</span><span class="o">.</span><span class="n">private_key</span><span class="p">(</span><span class="n">default_backend</span><span class="p">())</span>
|
|
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="p">(</span><span class="n">keyObject</span><span class="p">)</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromECEncodedPoint</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">encodedPoint</span><span class="p">,</span> <span class="n">curve</span><span class="p">,</span> <span class="n">privateValue</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Build a key from an EC encoded point.</span>
|
|
|
|
<span class="sd"> @param encodedPoint: The public point encoded as in SEC 1 v2.0</span>
|
|
<span class="sd"> section 2.3.3.</span>
|
|
<span class="sd"> @type encodedPoint: L{bytes}</span>
|
|
|
|
<span class="sd"> @param curve: NIST name of elliptic curve.</span>
|
|
<span class="sd"> @type curve: L{bytes}</span>
|
|
|
|
<span class="sd"> @param privateValue: The private value.</span>
|
|
<span class="sd"> @type privateValue: L{int}</span>
|
|
<span class="sd"> """</span>
|
|
|
|
<span class="k">if</span> <span class="n">privateValue</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="c1"># We have public components.</span>
|
|
<span class="n">keyObject</span> <span class="o">=</span> <span class="n">ec</span><span class="o">.</span><span class="n">EllipticCurvePublicKey</span><span class="o">.</span><span class="n">from_encoded_point</span><span class="p">(</span>
|
|
<span class="n">_curveTable</span><span class="p">[</span><span class="n">curve</span><span class="p">],</span> <span class="n">encodedPoint</span>
|
|
<span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">keyObject</span> <span class="o">=</span> <span class="n">ec</span><span class="o">.</span><span class="n">derive_private_key</span><span class="p">(</span>
|
|
<span class="n">privateValue</span><span class="p">,</span> <span class="n">_curveTable</span><span class="p">[</span><span class="n">curve</span><span class="p">],</span> <span class="n">default_backend</span><span class="p">()</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="p">(</span><span class="n">keyObject</span><span class="p">)</span>
|
|
|
|
<span class="nd">@classmethod</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_fromEd25519Components</span><span class="p">(</span><span class="bp">cls</span><span class="p">,</span> <span class="n">a</span><span class="p">,</span> <span class="n">k</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""Build a key from Ed25519 components.</span>
|
|
|
|
<span class="sd"> @param a: The Ed25519 public key, as defined in RFC 8032 section</span>
|
|
<span class="sd"> 5.1.5.</span>
|
|
<span class="sd"> @type a: L{bytes}</span>
|
|
|
|
<span class="sd"> @param k: The Ed25519 private key, as defined in RFC 8032 section</span>
|
|
<span class="sd"> 5.1.5.</span>
|
|
<span class="sd"> @type k: L{bytes}</span>
|
|
<span class="sd"> """</span>
|
|
|
|
<span class="k">if</span> <span class="n">Ed25519PublicKey</span> <span class="ow">is</span> <span class="kc">None</span> <span class="ow">or</span> <span class="n">Ed25519PrivateKey</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="s2">"Ed25519 keys not supported on this system"</span><span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">k</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="n">keyObject</span> <span class="o">=</span> <span class="n">Ed25519PublicKey</span><span class="o">.</span><span class="n">from_public_bytes</span><span class="p">(</span><span class="n">a</span><span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">keyObject</span> <span class="o">=</span> <span class="n">Ed25519PrivateKey</span><span class="o">.</span><span class="n">from_private_bytes</span><span class="p">(</span><span class="n">k</span><span class="p">)</span>
|
|
|
|
<span class="k">return</span> <span class="bp">cls</span><span class="p">(</span><span class="n">keyObject</span><span class="p">)</span>
|
|
|
|
<div class="viewcode-block" id="Key.__init__">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.__init__">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="fm">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">keyObject</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Initialize with a private or public</span>
|
|
<span class="sd"> C{cryptography.hazmat.primitives.asymmetric} key.</span>
|
|
|
|
<span class="sd"> @param keyObject: Low level key.</span>
|
|
<span class="sd"> @type keyObject: C{cryptography.hazmat.primitives.asymmetric} key.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span> <span class="o">=</span> <span class="n">keyObject</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_sk</span> <span class="o">=</span> <span class="kc">False</span></div>
|
|
|
|
|
|
<span class="k">def</span><span class="w"> </span><span class="fm">__eq__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">other</span><span class="p">:</span> <span class="nb">object</span><span class="p">)</span> <span class="o">-></span> <span class="nb">bool</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return True if other represents an object with the same key.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">other</span><span class="p">,</span> <span class="n">Key</span><span class="p">):</span>
|
|
<span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="n">other</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="ow">and</span> <span class="bp">self</span><span class="o">.</span><span class="n">data</span><span class="p">()</span> <span class="o">==</span> <span class="n">other</span><span class="o">.</span><span class="n">data</span><span class="p">()</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="bp">NotImplemented</span>
|
|
|
|
<span class="k">def</span><span class="w"> </span><span class="fm">__repr__</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> <span class="o">-></span> <span class="nb">str</span><span class="p">:</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a pretty representation of this object.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"EC"</span><span class="p">:</span>
|
|
<span class="n">data</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">data</span><span class="p">()</span>
|
|
<span class="n">name</span> <span class="o">=</span> <span class="n">data</span><span class="p">[</span><span class="s2">"curve"</span><span class="p">]</span><span class="o">.</span><span class="n">decode</span><span class="p">(</span><span class="s2">"utf-8"</span><span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">isPublic</span><span class="p">():</span>
|
|
<span class="n">out</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">"<Elliptic Curve Public Key (</span><span class="si">{</span><span class="n">name</span><span class="p">[</span><span class="o">-</span><span class="mi">3</span><span class="p">:]</span><span class="si">}</span><span class="s2"> bits)"</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">out</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">"<Elliptic Curve Private Key (</span><span class="si">{</span><span class="n">name</span><span class="p">[</span><span class="o">-</span><span class="mi">3</span><span class="p">:]</span><span class="si">}</span><span class="s2"> bits)"</span>
|
|
|
|
<span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="ow">in</span> <span class="nb">sorted</span><span class="p">(</span><span class="n">data</span><span class="o">.</span><span class="n">items</span><span class="p">()):</span>
|
|
<span class="k">if</span> <span class="n">k</span> <span class="o">==</span> <span class="s2">"curve"</span><span class="p">:</span>
|
|
<span class="n">out</span> <span class="o">+=</span> <span class="sa">f</span><span class="s2">"</span><span class="se">\n</span><span class="s2">curve:</span><span class="se">\n\t</span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="s2">"</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">out</span> <span class="o">+=</span> <span class="sa">f</span><span class="s2">"</span><span class="se">\n</span><span class="si">{</span><span class="n">k</span><span class="si">}</span><span class="s2">:</span><span class="se">\n\t</span><span class="si">{</span><span class="n">v</span><span class="si">}</span><span class="s2">"</span>
|
|
|
|
<span class="k">return</span> <span class="n">out</span> <span class="o">+</span> <span class="s2">"></span><span class="se">\n</span><span class="s2">"</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">lines</span> <span class="o">=</span> <span class="p">[</span>
|
|
<span class="s2">"<</span><span class="si">%s</span><span class="s2"> </span><span class="si">%s</span><span class="s2"> (</span><span class="si">%s</span><span class="s2"> bits)"</span>
|
|
<span class="o">%</span> <span class="p">(</span>
|
|
<span class="n">nativeString</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()),</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">isPublic</span><span class="p">()</span> <span class="ow">and</span> <span class="s2">"Public Key"</span> <span class="ow">or</span> <span class="s2">"Private Key"</span><span class="p">,</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">size</span><span class="p">(),</span>
|
|
<span class="p">)</span>
|
|
<span class="p">]</span>
|
|
<span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="ow">in</span> <span class="nb">sorted</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">data</span><span class="p">()</span><span class="o">.</span><span class="n">items</span><span class="p">()):</span>
|
|
<span class="n">lines</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="sa">f</span><span class="s2">"attr </span><span class="si">{</span><span class="n">k</span><span class="si">}</span><span class="s2">:"</span><span class="p">)</span>
|
|
<span class="n">by</span> <span class="o">=</span> <span class="n">v</span> <span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"Ed25519"</span> <span class="k">else</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">v</span><span class="p">)[</span><span class="mi">4</span><span class="p">:]</span>
|
|
<span class="k">while</span> <span class="n">by</span><span class="p">:</span>
|
|
<span class="n">m</span> <span class="o">=</span> <span class="n">by</span><span class="p">[:</span><span class="mi">15</span><span class="p">]</span>
|
|
<span class="n">by</span> <span class="o">=</span> <span class="n">by</span><span class="p">[</span><span class="mi">15</span><span class="p">:]</span>
|
|
<span class="n">o</span> <span class="o">=</span> <span class="s2">""</span>
|
|
<span class="k">for</span> <span class="n">c</span> <span class="ow">in</span> <span class="n">iterbytes</span><span class="p">(</span><span class="n">m</span><span class="p">):</span>
|
|
<span class="n">o</span> <span class="o">=</span> <span class="n">o</span> <span class="o">+</span> <span class="sa">f</span><span class="s2">"</span><span class="si">{</span><span class="nb">ord</span><span class="p">(</span><span class="n">c</span><span class="p">)</span><span class="si">:</span><span class="s2">02x</span><span class="si">}</span><span class="s2">:"</span>
|
|
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">m</span><span class="p">)</span> <span class="o"><</span> <span class="mi">15</span><span class="p">:</span>
|
|
<span class="n">o</span> <span class="o">=</span> <span class="n">o</span><span class="p">[:</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span>
|
|
<span class="n">lines</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s2">"</span><span class="se">\t</span><span class="s2">"</span> <span class="o">+</span> <span class="n">o</span><span class="p">)</span>
|
|
<span class="n">lines</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="o">=</span> <span class="n">lines</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="o">+</span> <span class="s2">">"</span>
|
|
<span class="k">return</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">"</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">lines</span><span class="p">)</span>
|
|
|
|
<div class="viewcode-block" id="Key.isPublic">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.isPublic">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">isPublic</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Check if this instance is a public key.</span>
|
|
|
|
<span class="sd"> @return: C{True} if this is a public key.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">return</span> <span class="nb">isinstance</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span>
|
|
<span class="p">(</span>
|
|
<span class="n">rsa</span><span class="o">.</span><span class="n">RSAPublicKey</span><span class="p">,</span>
|
|
<span class="n">dsa</span><span class="o">.</span><span class="n">DSAPublicKey</span><span class="p">,</span>
|
|
<span class="n">ec</span><span class="o">.</span><span class="n">EllipticCurvePublicKey</span><span class="p">,</span>
|
|
<span class="n">ed25519</span><span class="o">.</span><span class="n">Ed25519PublicKey</span><span class="p">,</span>
|
|
<span class="p">),</span>
|
|
<span class="p">)</span></div>
|
|
|
|
|
|
<div class="viewcode-block" id="Key.public">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.public">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">public</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Returns a version of this key containing only the public key data.</span>
|
|
<span class="sd"> If this is a public key, this may or may not be the same object</span>
|
|
<span class="sd"> as self.</span>
|
|
|
|
<span class="sd"> @rtype: L{Key}</span>
|
|
<span class="sd"> @return: A public key.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">isPublic</span><span class="p">():</span>
|
|
<span class="k">return</span> <span class="bp">self</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="n">Key</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">public_key</span><span class="p">())</span></div>
|
|
|
|
|
|
<div class="viewcode-block" id="Key.fingerprint">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.fingerprint">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">fingerprint</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="nb">format</span><span class="o">=</span><span class="n">FingerprintFormats</span><span class="o">.</span><span class="n">MD5_HEX</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> The fingerprint of a public key consists of the output of the</span>
|
|
<span class="sd"> message-digest algorithm in the specified format.</span>
|
|
<span class="sd"> Supported formats include L{FingerprintFormats.MD5_HEX} and</span>
|
|
<span class="sd"> L{FingerprintFormats.SHA256_BASE64}</span>
|
|
|
|
<span class="sd"> The input to the algorithm is the public key data as specified by [RFC4253].</span>
|
|
|
|
<span class="sd"> The output of sha256[RFC4634] algorithm is presented to the</span>
|
|
<span class="sd"> user in the form of base64 encoded sha256 hashes.</span>
|
|
<span class="sd"> Example: C{US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=}</span>
|
|
|
|
<span class="sd"> The output of the MD5[RFC1321](default) algorithm is presented to the user as</span>
|
|
<span class="sd"> a sequence of 16 octets printed as hexadecimal with lowercase letters</span>
|
|
<span class="sd"> and separated by colons.</span>
|
|
<span class="sd"> Example: C{c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87}</span>
|
|
|
|
<span class="sd"> @param format: Format for fingerprint generation. Consists</span>
|
|
<span class="sd"> hash function and representation format.</span>
|
|
<span class="sd"> Default is L{FingerprintFormats.MD5_HEX}</span>
|
|
|
|
<span class="sd"> @since: 8.2</span>
|
|
|
|
<span class="sd"> @return: the user presentation of this L{Key}'s fingerprint, as a</span>
|
|
<span class="sd"> string.</span>
|
|
|
|
<span class="sd"> @rtype: L{str}</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="nb">format</span> <span class="ow">is</span> <span class="n">FingerprintFormats</span><span class="o">.</span><span class="n">SHA256_BASE64</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="n">nativeString</span><span class="p">(</span><span class="n">b64encode</span><span class="p">(</span><span class="n">sha256</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">blob</span><span class="p">())</span><span class="o">.</span><span class="n">digest</span><span class="p">()))</span>
|
|
<span class="k">elif</span> <span class="nb">format</span> <span class="ow">is</span> <span class="n">FingerprintFormats</span><span class="o">.</span><span class="n">MD5_HEX</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="n">nativeString</span><span class="p">(</span>
|
|
<span class="sa">b</span><span class="s2">":"</span><span class="o">.</span><span class="n">join</span><span class="p">(</span>
|
|
<span class="p">[</span><span class="n">binascii</span><span class="o">.</span><span class="n">hexlify</span><span class="p">(</span><span class="n">x</span><span class="p">)</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="n">iterbytes</span><span class="p">(</span><span class="n">md5</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">blob</span><span class="p">())</span><span class="o">.</span><span class="n">digest</span><span class="p">())]</span>
|
|
<span class="p">)</span>
|
|
<span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadFingerPrintFormat</span><span class="p">(</span><span class="sa">f</span><span class="s2">"Unsupported fingerprint format: </span><span class="si">{</span><span class="nb">format</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span></div>
|
|
|
|
|
|
<div class="viewcode-block" id="Key.type">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.type">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">type</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> <span class="o">-></span> <span class="n">Literal</span><span class="p">[</span><span class="s2">"RSA"</span><span class="p">,</span> <span class="s2">"DSA"</span><span class="p">,</span> <span class="s2">"EC"</span><span class="p">,</span> <span class="s2">"Ed25519"</span><span class="p">]:</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return the type of the object we wrap. Currently this can only be</span>
|
|
<span class="sd"> 'RSA', 'DSA', 'EC', or 'Ed25519'.</span>
|
|
|
|
<span class="sd"> @rtype: L{str}</span>
|
|
<span class="sd"> @raises RuntimeError: If the object type is unknown.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span> <span class="p">(</span><span class="n">rsa</span><span class="o">.</span><span class="n">RSAPublicKey</span><span class="p">,</span> <span class="n">rsa</span><span class="o">.</span><span class="n">RSAPrivateKey</span><span class="p">)):</span>
|
|
<span class="k">return</span> <span class="s2">"RSA"</span>
|
|
<span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span> <span class="p">(</span><span class="n">dsa</span><span class="o">.</span><span class="n">DSAPublicKey</span><span class="p">,</span> <span class="n">dsa</span><span class="o">.</span><span class="n">DSAPrivateKey</span><span class="p">)):</span>
|
|
<span class="k">return</span> <span class="s2">"DSA"</span>
|
|
<span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span> <span class="p">(</span><span class="n">ec</span><span class="o">.</span><span class="n">EllipticCurvePublicKey</span><span class="p">,</span> <span class="n">ec</span><span class="o">.</span><span class="n">EllipticCurvePrivateKey</span><span class="p">)</span>
|
|
<span class="p">):</span>
|
|
<span class="k">return</span> <span class="s2">"EC"</span>
|
|
<span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span> <span class="p">(</span><span class="n">ed25519</span><span class="o">.</span><span class="n">Ed25519PublicKey</span><span class="p">,</span> <span class="n">ed25519</span><span class="o">.</span><span class="n">Ed25519PrivateKey</span><span class="p">)</span>
|
|
<span class="p">):</span>
|
|
<span class="k">return</span> <span class="s2">"Ed25519"</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="ne">RuntimeError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown type of object: </span><span class="si">{</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="si">!r}</span><span class="s2">"</span><span class="p">)</span></div>
|
|
|
|
|
|
<div class="viewcode-block" id="Key.sshType">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.sshType">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">sshType</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Get the type of the object we wrap as defined in the SSH protocol,</span>
|
|
<span class="sd"> defined in RFC 4253, Section 6.6 and RFC 8332, section 4 (this is a</span>
|
|
<span class="sd"> public key format name, not a public key algorithm name). Currently</span>
|
|
<span class="sd"> this can only be b'ssh-rsa', b'ssh-dss', b'ecdsa-sha2-[identifier]'</span>
|
|
<span class="sd"> or b'ssh-ed25519'.</span>
|
|
|
|
<span class="sd"> identifier is the standard NIST curve name</span>
|
|
|
|
<span class="sd"> @return: The key type format.</span>
|
|
<span class="sd"> @rtype: L{bytes}</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">_sk</span><span class="p">:</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"EC"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="sa">b</span><span class="s2">"sk-ecdsa-sha2-nistp256@openssh.com"</span>
|
|
<span class="c1"># FIXME: https://github.com/twisted/twisted/issues/12304</span>
|
|
<span class="c1"># We only support 2 key types,</span>
|
|
<span class="c1"># so if the key was loaded with success and it's</span>
|
|
<span class="c1"># not ECDSA, it must be an ED25519 key.</span>
|
|
<span class="k">return</span> <span class="sa">b</span><span class="s2">"sk-ssh-ed25519@openssh.com"</span>
|
|
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"EC"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="p">(</span>
|
|
<span class="sa">b</span><span class="s2">"ecdsa-sha2-"</span> <span class="o">+</span> <span class="n">_secToNist</span><span class="p">[</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">curve</span><span class="o">.</span><span class="n">name</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"ascii"</span><span class="p">)]</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">return</span> <span class="p">{</span>
|
|
<span class="s2">"RSA"</span><span class="p">:</span> <span class="sa">b</span><span class="s2">"ssh-rsa"</span><span class="p">,</span>
|
|
<span class="s2">"DSA"</span><span class="p">:</span> <span class="sa">b</span><span class="s2">"ssh-dss"</span><span class="p">,</span>
|
|
<span class="s2">"Ed25519"</span><span class="p">:</span> <span class="sa">b</span><span class="s2">"ssh-ed25519"</span><span class="p">,</span>
|
|
<span class="p">}[</span><span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()]</span></div>
|
|
|
|
|
|
<div class="viewcode-block" id="Key.supportedSignatureAlgorithms">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.supportedSignatureAlgorithms">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">supportedSignatureAlgorithms</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Get the public key signature algorithms supported by this key.</span>
|
|
|
|
<span class="sd"> @return: A list of supported public key signature algorithm names.</span>
|
|
<span class="sd"> @rtype: L{list} of L{bytes}</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"RSA"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="p">[</span><span class="sa">b</span><span class="s2">"rsa-sha2-512"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">"rsa-sha2-256"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">"ssh-rsa"</span><span class="p">]</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="p">[</span><span class="bp">self</span><span class="o">.</span><span class="n">sshType</span><span class="p">()]</span></div>
|
|
|
|
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_getHashAlgorithm</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">signatureType</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a hash algorithm for this key type given an SSH signature</span>
|
|
<span class="sd"> algorithm name, or L{None} if no such hash algorithm is defined for</span>
|
|
<span class="sd"> this key type.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"EC"</span><span class="p">:</span>
|
|
<span class="c1"># Hash algorithm depends on key size</span>
|
|
<span class="k">if</span> <span class="n">signatureType</span> <span class="o">==</span> <span class="bp">self</span><span class="o">.</span><span class="n">sshType</span><span class="p">():</span>
|
|
<span class="n">keySize</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">size</span><span class="p">()</span>
|
|
<span class="k">if</span> <span class="n">keySize</span> <span class="o"><=</span> <span class="mi">256</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="n">hashes</span><span class="o">.</span><span class="n">SHA256</span><span class="p">()</span>
|
|
<span class="k">elif</span> <span class="n">keySize</span> <span class="o"><=</span> <span class="mi">384</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="n">hashes</span><span class="o">.</span><span class="n">SHA384</span><span class="p">()</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="n">hashes</span><span class="o">.</span><span class="n">SHA512</span><span class="p">()</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="kc">None</span>
|
|
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"Ed25519"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="n">hashes</span><span class="o">.</span><span class="n">SHA512</span><span class="p">()</span>
|
|
|
|
<span class="k">return</span> <span class="p">{</span>
|
|
<span class="p">(</span><span class="s2">"RSA"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">"ssh-rsa"</span><span class="p">):</span> <span class="n">hashes</span><span class="o">.</span><span class="n">SHA1</span><span class="p">(),</span>
|
|
<span class="p">(</span><span class="s2">"RSA"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">"rsa-sha2-256"</span><span class="p">):</span> <span class="n">hashes</span><span class="o">.</span><span class="n">SHA256</span><span class="p">(),</span>
|
|
<span class="p">(</span><span class="s2">"RSA"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">"rsa-sha2-512"</span><span class="p">):</span> <span class="n">hashes</span><span class="o">.</span><span class="n">SHA512</span><span class="p">(),</span>
|
|
<span class="p">(</span><span class="s2">"DSA"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">"ssh-dss"</span><span class="p">):</span> <span class="n">hashes</span><span class="o">.</span><span class="n">SHA1</span><span class="p">(),</span>
|
|
<span class="p">}</span><span class="o">.</span><span class="n">get</span><span class="p">((</span><span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">(),</span> <span class="n">signatureType</span><span class="p">))</span>
|
|
|
|
<div class="viewcode-block" id="Key.size">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.size">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">size</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return the size of the object we wrap.</span>
|
|
|
|
<span class="sd"> @return: The size of the key.</span>
|
|
<span class="sd"> @rtype: L{int}</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="mi">0</span>
|
|
<span class="k">elif</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"EC"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">curve</span><span class="o">.</span><span class="n">key_size</span>
|
|
<span class="k">elif</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"Ed25519"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="mi">256</span>
|
|
<span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">key_size</span></div>
|
|
|
|
|
|
<div class="viewcode-block" id="Key.data">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.data">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">data</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> <span class="o">-></span> <span class="nb">dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return the values of the public key as a dictionary.</span>
|
|
|
|
<span class="sd"> @rtype: L{dict}</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span> <span class="n">rsa</span><span class="o">.</span><span class="n">RSAPublicKey</span><span class="p">):</span>
|
|
<span class="n">rsa_pub_numbers</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">public_numbers</span><span class="p">()</span>
|
|
<span class="k">return</span> <span class="p">{</span>
|
|
<span class="s2">"n"</span><span class="p">:</span> <span class="n">rsa_pub_numbers</span><span class="o">.</span><span class="n">n</span><span class="p">,</span>
|
|
<span class="s2">"e"</span><span class="p">:</span> <span class="n">rsa_pub_numbers</span><span class="o">.</span><span class="n">e</span><span class="p">,</span>
|
|
<span class="p">}</span>
|
|
<span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span> <span class="n">rsa</span><span class="o">.</span><span class="n">RSAPrivateKey</span><span class="p">):</span>
|
|
<span class="n">rsa_priv_numbers</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">private_numbers</span><span class="p">()</span>
|
|
<span class="k">return</span> <span class="p">{</span>
|
|
<span class="s2">"n"</span><span class="p">:</span> <span class="n">rsa_priv_numbers</span><span class="o">.</span><span class="n">public_numbers</span><span class="o">.</span><span class="n">n</span><span class="p">,</span>
|
|
<span class="s2">"e"</span><span class="p">:</span> <span class="n">rsa_priv_numbers</span><span class="o">.</span><span class="n">public_numbers</span><span class="o">.</span><span class="n">e</span><span class="p">,</span>
|
|
<span class="s2">"d"</span><span class="p">:</span> <span class="n">rsa_priv_numbers</span><span class="o">.</span><span class="n">d</span><span class="p">,</span>
|
|
<span class="s2">"p"</span><span class="p">:</span> <span class="n">rsa_priv_numbers</span><span class="o">.</span><span class="n">p</span><span class="p">,</span>
|
|
<span class="s2">"q"</span><span class="p">:</span> <span class="n">rsa_priv_numbers</span><span class="o">.</span><span class="n">q</span><span class="p">,</span>
|
|
<span class="c1"># Use a trick: iqmp is q^-1 % p, u is p^-1 % q</span>
|
|
<span class="s2">"u"</span><span class="p">:</span> <span class="n">rsa</span><span class="o">.</span><span class="n">rsa_crt_iqmp</span><span class="p">(</span><span class="n">rsa_priv_numbers</span><span class="o">.</span><span class="n">q</span><span class="p">,</span> <span class="n">rsa_priv_numbers</span><span class="o">.</span><span class="n">p</span><span class="p">),</span>
|
|
<span class="p">}</span>
|
|
<span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span> <span class="n">dsa</span><span class="o">.</span><span class="n">DSAPublicKey</span><span class="p">):</span>
|
|
<span class="n">dsa_pub_numbers</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">public_numbers</span><span class="p">()</span>
|
|
<span class="k">return</span> <span class="p">{</span>
|
|
<span class="s2">"y"</span><span class="p">:</span> <span class="n">dsa_pub_numbers</span><span class="o">.</span><span class="n">y</span><span class="p">,</span>
|
|
<span class="s2">"g"</span><span class="p">:</span> <span class="n">dsa_pub_numbers</span><span class="o">.</span><span class="n">parameter_numbers</span><span class="o">.</span><span class="n">g</span><span class="p">,</span>
|
|
<span class="s2">"p"</span><span class="p">:</span> <span class="n">dsa_pub_numbers</span><span class="o">.</span><span class="n">parameter_numbers</span><span class="o">.</span><span class="n">p</span><span class="p">,</span>
|
|
<span class="s2">"q"</span><span class="p">:</span> <span class="n">dsa_pub_numbers</span><span class="o">.</span><span class="n">parameter_numbers</span><span class="o">.</span><span class="n">q</span><span class="p">,</span>
|
|
<span class="p">}</span>
|
|
<span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span> <span class="n">dsa</span><span class="o">.</span><span class="n">DSAPrivateKey</span><span class="p">):</span>
|
|
<span class="n">dsa_priv_numbers</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">private_numbers</span><span class="p">()</span>
|
|
<span class="k">return</span> <span class="p">{</span>
|
|
<span class="s2">"x"</span><span class="p">:</span> <span class="n">dsa_priv_numbers</span><span class="o">.</span><span class="n">x</span><span class="p">,</span>
|
|
<span class="s2">"y"</span><span class="p">:</span> <span class="n">dsa_priv_numbers</span><span class="o">.</span><span class="n">public_numbers</span><span class="o">.</span><span class="n">y</span><span class="p">,</span>
|
|
<span class="s2">"g"</span><span class="p">:</span> <span class="n">dsa_priv_numbers</span><span class="o">.</span><span class="n">public_numbers</span><span class="o">.</span><span class="n">parameter_numbers</span><span class="o">.</span><span class="n">g</span><span class="p">,</span>
|
|
<span class="s2">"p"</span><span class="p">:</span> <span class="n">dsa_priv_numbers</span><span class="o">.</span><span class="n">public_numbers</span><span class="o">.</span><span class="n">parameter_numbers</span><span class="o">.</span><span class="n">p</span><span class="p">,</span>
|
|
<span class="s2">"q"</span><span class="p">:</span> <span class="n">dsa_priv_numbers</span><span class="o">.</span><span class="n">public_numbers</span><span class="o">.</span><span class="n">parameter_numbers</span><span class="o">.</span><span class="n">q</span><span class="p">,</span>
|
|
<span class="p">}</span>
|
|
<span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span> <span class="n">ec</span><span class="o">.</span><span class="n">EllipticCurvePublicKey</span><span class="p">):</span>
|
|
<span class="n">ec_pub_numbers</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">public_numbers</span><span class="p">()</span>
|
|
<span class="k">return</span> <span class="p">{</span>
|
|
<span class="s2">"x"</span><span class="p">:</span> <span class="n">ec_pub_numbers</span><span class="o">.</span><span class="n">x</span><span class="p">,</span>
|
|
<span class="s2">"y"</span><span class="p">:</span> <span class="n">ec_pub_numbers</span><span class="o">.</span><span class="n">y</span><span class="p">,</span>
|
|
<span class="s2">"curve"</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">sshType</span><span class="p">(),</span>
|
|
<span class="p">}</span>
|
|
<span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span> <span class="n">ec</span><span class="o">.</span><span class="n">EllipticCurvePrivateKey</span><span class="p">):</span>
|
|
<span class="n">ec_priv_numbers</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">private_numbers</span><span class="p">()</span>
|
|
<span class="k">return</span> <span class="p">{</span>
|
|
<span class="s2">"x"</span><span class="p">:</span> <span class="n">ec_priv_numbers</span><span class="o">.</span><span class="n">public_numbers</span><span class="o">.</span><span class="n">x</span><span class="p">,</span>
|
|
<span class="s2">"y"</span><span class="p">:</span> <span class="n">ec_priv_numbers</span><span class="o">.</span><span class="n">public_numbers</span><span class="o">.</span><span class="n">y</span><span class="p">,</span>
|
|
<span class="s2">"privateValue"</span><span class="p">:</span> <span class="n">ec_priv_numbers</span><span class="o">.</span><span class="n">private_value</span><span class="p">,</span>
|
|
<span class="s2">"curve"</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">sshType</span><span class="p">(),</span>
|
|
<span class="p">}</span>
|
|
<span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span> <span class="n">ed25519</span><span class="o">.</span><span class="n">Ed25519PublicKey</span><span class="p">):</span>
|
|
<span class="k">return</span> <span class="p">{</span>
|
|
<span class="s2">"a"</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">public_bytes</span><span class="p">(</span>
|
|
<span class="n">serialization</span><span class="o">.</span><span class="n">Encoding</span><span class="o">.</span><span class="n">Raw</span><span class="p">,</span> <span class="n">serialization</span><span class="o">.</span><span class="n">PublicFormat</span><span class="o">.</span><span class="n">Raw</span>
|
|
<span class="p">),</span>
|
|
<span class="p">}</span>
|
|
<span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="p">,</span> <span class="n">ed25519</span><span class="o">.</span><span class="n">Ed25519PrivateKey</span><span class="p">):</span>
|
|
<span class="k">return</span> <span class="p">{</span>
|
|
<span class="s2">"a"</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">public_key</span><span class="p">()</span><span class="o">.</span><span class="n">public_bytes</span><span class="p">(</span>
|
|
<span class="n">serialization</span><span class="o">.</span><span class="n">Encoding</span><span class="o">.</span><span class="n">Raw</span><span class="p">,</span> <span class="n">serialization</span><span class="o">.</span><span class="n">PublicFormat</span><span class="o">.</span><span class="n">Raw</span>
|
|
<span class="p">),</span>
|
|
<span class="s2">"k"</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">private_bytes</span><span class="p">(</span>
|
|
<span class="n">serialization</span><span class="o">.</span><span class="n">Encoding</span><span class="o">.</span><span class="n">Raw</span><span class="p">,</span>
|
|
<span class="n">serialization</span><span class="o">.</span><span class="n">PrivateFormat</span><span class="o">.</span><span class="n">Raw</span><span class="p">,</span>
|
|
<span class="n">serialization</span><span class="o">.</span><span class="n">NoEncryption</span><span class="p">(),</span>
|
|
<span class="p">),</span>
|
|
<span class="p">}</span>
|
|
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="ne">RuntimeError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"Unexpected key type: </span><span class="si">{</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span></div>
|
|
|
|
|
|
<div class="viewcode-block" id="Key.blob">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.blob">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">blob</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return the public key blob for this key. The blob is the</span>
|
|
<span class="sd"> over-the-wire format for public keys.</span>
|
|
|
|
<span class="sd"> SECSH-TRANS RFC 4253 Section 6.6.</span>
|
|
|
|
<span class="sd"> RSA keys::</span>
|
|
<span class="sd"> string 'ssh-rsa'</span>
|
|
<span class="sd"> integer e</span>
|
|
<span class="sd"> integer n</span>
|
|
|
|
<span class="sd"> DSA keys::</span>
|
|
<span class="sd"> string 'ssh-dss'</span>
|
|
<span class="sd"> integer p</span>
|
|
<span class="sd"> integer q</span>
|
|
<span class="sd"> integer g</span>
|
|
<span class="sd"> integer y</span>
|
|
|
|
<span class="sd"> EC keys::</span>
|
|
<span class="sd"> string 'ecdsa-sha2-[identifier]'</span>
|
|
<span class="sd"> integer x</span>
|
|
<span class="sd"> integer y</span>
|
|
|
|
<span class="sd"> identifier is the standard NIST curve name</span>
|
|
|
|
<span class="sd"> Ed25519 keys::</span>
|
|
<span class="sd"> string 'ssh-ed25519'</span>
|
|
<span class="sd"> string a</span>
|
|
|
|
<span class="sd"> @rtype: L{bytes}</span>
|
|
<span class="sd"> """</span>
|
|
<span class="nb">type</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span>
|
|
<span class="n">data</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">data</span><span class="p">()</span>
|
|
<span class="k">if</span> <span class="nb">type</span> <span class="o">==</span> <span class="s2">"RSA"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="sa">b</span><span class="s2">"ssh-rsa"</span><span class="p">)</span> <span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"e"</span><span class="p">])</span> <span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"n"</span><span class="p">])</span>
|
|
<span class="k">elif</span> <span class="nb">type</span> <span class="o">==</span> <span class="s2">"DSA"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="p">(</span>
|
|
<span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="sa">b</span><span class="s2">"ssh-dss"</span><span class="p">)</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"p"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"q"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"g"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"y"</span><span class="p">])</span>
|
|
<span class="p">)</span>
|
|
<span class="k">elif</span> <span class="nb">type</span> <span class="o">==</span> <span class="s2">"EC"</span><span class="p">:</span>
|
|
<span class="n">byteLength</span> <span class="o">=</span> <span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">curve</span><span class="o">.</span><span class="n">key_size</span> <span class="o">+</span> <span class="mi">7</span><span class="p">)</span> <span class="o">//</span> <span class="mi">8</span>
|
|
<span class="k">return</span> <span class="p">(</span>
|
|
<span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"curve"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"curve"</span><span class="p">][</span><span class="o">-</span><span class="mi">8</span><span class="p">:])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span>
|
|
<span class="sa">b</span><span class="s2">"</span><span class="se">\x04</span><span class="s2">"</span>
|
|
<span class="o">+</span> <span class="n">utils</span><span class="o">.</span><span class="n">int_to_bytes</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"x"</span><span class="p">],</span> <span class="n">byteLength</span><span class="p">)</span>
|
|
<span class="o">+</span> <span class="n">utils</span><span class="o">.</span><span class="n">int_to_bytes</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"y"</span><span class="p">],</span> <span class="n">byteLength</span><span class="p">)</span>
|
|
<span class="p">)</span>
|
|
<span class="p">)</span>
|
|
<span class="k">elif</span> <span class="nb">type</span> <span class="o">==</span> <span class="s2">"Ed25519"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="sa">b</span><span class="s2">"ssh-ed25519"</span><span class="p">)</span> <span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"a"</span><span class="p">])</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown key type: </span><span class="si">{</span><span class="nb">type</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span></div>
|
|
|
|
|
|
<div class="viewcode-block" id="Key.privateBlob">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.privateBlob">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">privateBlob</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return the private key blob for this key. The blob is the</span>
|
|
<span class="sd"> over-the-wire format for private keys:</span>
|
|
|
|
<span class="sd"> Specification in OpenSSH PROTOCOL.agent</span>
|
|
|
|
<span class="sd"> RSA keys::</span>
|
|
|
|
<span class="sd"> string 'ssh-rsa'</span>
|
|
<span class="sd"> integer n</span>
|
|
<span class="sd"> integer e</span>
|
|
<span class="sd"> integer d</span>
|
|
<span class="sd"> integer u</span>
|
|
<span class="sd"> integer p</span>
|
|
<span class="sd"> integer q</span>
|
|
|
|
<span class="sd"> DSA keys::</span>
|
|
|
|
<span class="sd"> string 'ssh-dss'</span>
|
|
<span class="sd"> integer p</span>
|
|
<span class="sd"> integer q</span>
|
|
<span class="sd"> integer g</span>
|
|
<span class="sd"> integer y</span>
|
|
<span class="sd"> integer x</span>
|
|
|
|
<span class="sd"> EC keys::</span>
|
|
|
|
<span class="sd"> string 'ecdsa-sha2-[identifier]'</span>
|
|
<span class="sd"> integer x</span>
|
|
<span class="sd"> integer y</span>
|
|
<span class="sd"> integer privateValue</span>
|
|
|
|
<span class="sd"> identifier is the NIST standard curve name.</span>
|
|
|
|
<span class="sd"> Ed25519 keys::</span>
|
|
|
|
<span class="sd"> string 'ssh-ed25519'</span>
|
|
<span class="sd"> string a</span>
|
|
<span class="sd"> string k || a</span>
|
|
<span class="sd"> """</span>
|
|
<span class="nb">type</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span>
|
|
<span class="n">data</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">data</span><span class="p">()</span>
|
|
<span class="k">if</span> <span class="nb">type</span> <span class="o">==</span> <span class="s2">"RSA"</span><span class="p">:</span>
|
|
<span class="n">iqmp</span> <span class="o">=</span> <span class="n">rsa</span><span class="o">.</span><span class="n">rsa_crt_iqmp</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"p"</span><span class="p">],</span> <span class="n">data</span><span class="p">[</span><span class="s2">"q"</span><span class="p">])</span>
|
|
<span class="k">return</span> <span class="p">(</span>
|
|
<span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="sa">b</span><span class="s2">"ssh-rsa"</span><span class="p">)</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"n"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"e"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"d"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">iqmp</span><span class="p">)</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"p"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"q"</span><span class="p">])</span>
|
|
<span class="p">)</span>
|
|
<span class="k">elif</span> <span class="nb">type</span> <span class="o">==</span> <span class="s2">"DSA"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="p">(</span>
|
|
<span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="sa">b</span><span class="s2">"ssh-dss"</span><span class="p">)</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"p"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"q"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"g"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"y"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"x"</span><span class="p">])</span>
|
|
<span class="p">)</span>
|
|
<span class="k">elif</span> <span class="nb">type</span> <span class="o">==</span> <span class="s2">"EC"</span><span class="p">:</span>
|
|
<span class="n">encPub</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">public_key</span><span class="p">()</span><span class="o">.</span><span class="n">public_bytes</span><span class="p">(</span>
|
|
<span class="n">serialization</span><span class="o">.</span><span class="n">Encoding</span><span class="o">.</span><span class="n">X962</span><span class="p">,</span>
|
|
<span class="n">serialization</span><span class="o">.</span><span class="n">PublicFormat</span><span class="o">.</span><span class="n">UncompressedPoint</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="k">return</span> <span class="p">(</span>
|
|
<span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"curve"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"curve"</span><span class="p">][</span><span class="o">-</span><span class="mi">8</span><span class="p">:])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">encPub</span><span class="p">)</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"privateValue"</span><span class="p">])</span>
|
|
<span class="p">)</span>
|
|
<span class="k">elif</span> <span class="nb">type</span> <span class="o">==</span> <span class="s2">"Ed25519"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="p">(</span>
|
|
<span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="sa">b</span><span class="s2">"ssh-ed25519"</span><span class="p">)</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"a"</span><span class="p">])</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"k"</span><span class="p">]</span> <span class="o">+</span> <span class="n">data</span><span class="p">[</span><span class="s2">"a"</span><span class="p">])</span>
|
|
<span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown key type: </span><span class="si">{</span><span class="nb">type</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span></div>
|
|
|
|
|
|
<div class="viewcode-block" id="Key.toString">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.toString">[docs]</a>
|
|
<span class="nd">@_mutuallyExclusiveArguments</span><span class="p">(</span>
|
|
<span class="p">[</span>
|
|
<span class="p">[</span><span class="s2">"extra"</span><span class="p">,</span> <span class="s2">"comment"</span><span class="p">],</span>
|
|
<span class="p">[</span><span class="s2">"extra"</span><span class="p">,</span> <span class="s2">"passphrase"</span><span class="p">],</span>
|
|
<span class="p">]</span>
|
|
<span class="p">)</span>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">toString</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="nb">type</span><span class="p">,</span> <span class="n">extra</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">subtype</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">comment</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">passphrase</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Create a string representation of this key. If the key is a private</span>
|
|
<span class="sd"> key and you want the representation of its public key, use</span>
|
|
<span class="sd"> C{key.public().toString()}. type maps to a _toString_* method.</span>
|
|
|
|
<span class="sd"> @param type: The type of string to emit. Currently supported values</span>
|
|
<span class="sd"> are C{'OPENSSH'}, C{'LSH'}, and C{'AGENTV3'}.</span>
|
|
<span class="sd"> @type type: L{str}</span>
|
|
|
|
<span class="sd"> @param extra: Any extra data supported by the selected format which</span>
|
|
<span class="sd"> is not part of the key itself. For public OpenSSH keys, this is</span>
|
|
<span class="sd"> a comment. For private OpenSSH keys, this is a passphrase to</span>
|
|
<span class="sd"> encrypt with. (Deprecated since Twisted 20.3.0; use C{comment}</span>
|
|
<span class="sd"> or C{passphrase} as appropriate instead.)</span>
|
|
<span class="sd"> @type extra: L{bytes} or L{unicode} or L{None}</span>
|
|
|
|
<span class="sd"> @param subtype: A subtype of the requested C{type} to emit. Only</span>
|
|
<span class="sd"> supported for private OpenSSH keys, for which the currently</span>
|
|
<span class="sd"> supported subtypes are C{'PEM'} and C{'v1'}. If not given, an</span>
|
|
<span class="sd"> appropriate default is used.</span>
|
|
<span class="sd"> @type subtype: L{str} or L{None}</span>
|
|
|
|
<span class="sd"> @param comment: A comment to include with the key. Only supported</span>
|
|
<span class="sd"> for OpenSSH keys.</span>
|
|
|
|
<span class="sd"> Present since Twisted 20.3.0.</span>
|
|
|
|
<span class="sd"> @type comment: L{bytes} or L{unicode} or L{None}</span>
|
|
|
|
<span class="sd"> @param passphrase: A passphrase to encrypt the key with. Only</span>
|
|
<span class="sd"> supported for private OpenSSH keys.</span>
|
|
|
|
<span class="sd"> Present since Twisted 20.3.0.</span>
|
|
|
|
<span class="sd"> @type passphrase: L{bytes} or L{unicode} or L{None}</span>
|
|
|
|
<span class="sd"> @rtype: L{bytes}</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="n">extra</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="c1"># Compatibility with old parameter format.</span>
|
|
<span class="n">warnings</span><span class="o">.</span><span class="n">warn</span><span class="p">(</span>
|
|
<span class="s2">"The 'extra' argument to "</span>
|
|
<span class="s2">"twisted.conch.ssh.keys.Key.toString was deprecated in "</span>
|
|
<span class="s2">"Twisted 20.3.0; use 'comment' or 'passphrase' instead."</span><span class="p">,</span>
|
|
<span class="ne">DeprecationWarning</span><span class="p">,</span>
|
|
<span class="n">stacklevel</span><span class="o">=</span><span class="mi">3</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">isPublic</span><span class="p">():</span>
|
|
<span class="n">comment</span> <span class="o">=</span> <span class="n">extra</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">passphrase</span> <span class="o">=</span> <span class="n">extra</span>
|
|
<span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">comment</span><span class="p">,</span> <span class="nb">str</span><span class="p">):</span>
|
|
<span class="n">comment</span> <span class="o">=</span> <span class="n">comment</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"utf-8"</span><span class="p">)</span>
|
|
<span class="n">passphrase</span> <span class="o">=</span> <span class="n">_normalizePassphrase</span><span class="p">(</span><span class="n">passphrase</span><span class="p">)</span>
|
|
<span class="n">method</span> <span class="o">=</span> <span class="nb">getattr</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="sa">f</span><span class="s2">"_toString_</span><span class="si">{</span><span class="nb">type</span><span class="o">.</span><span class="n">upper</span><span class="p">()</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">method</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown key type: </span><span class="si">{</span><span class="nb">type</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="n">method</span><span class="p">(</span><span class="n">subtype</span><span class="o">=</span><span class="n">subtype</span><span class="p">,</span> <span class="n">comment</span><span class="o">=</span><span class="n">comment</span><span class="p">,</span> <span class="n">passphrase</span><span class="o">=</span><span class="n">passphrase</span><span class="p">)</span></div>
|
|
|
|
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_toPublicOpenSSH</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">comment</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a public OpenSSH key string.</span>
|
|
|
|
<span class="sd"> See _fromString_PUBLIC_OPENSSH for the string format.</span>
|
|
|
|
<span class="sd"> @type comment: L{bytes} or L{None}</span>
|
|
<span class="sd"> @param comment: A comment to include with the key, or L{None} to</span>
|
|
<span class="sd"> omit the comment.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"EC"</span><span class="p">:</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="n">comment</span><span class="p">:</span>
|
|
<span class="n">comment</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">""</span>
|
|
<span class="k">return</span> <span class="p">(</span>
|
|
<span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">public_bytes</span><span class="p">(</span>
|
|
<span class="n">serialization</span><span class="o">.</span><span class="n">Encoding</span><span class="o">.</span><span class="n">OpenSSH</span><span class="p">,</span> <span class="n">serialization</span><span class="o">.</span><span class="n">PublicFormat</span><span class="o">.</span><span class="n">OpenSSH</span>
|
|
<span class="p">)</span>
|
|
<span class="o">+</span> <span class="sa">b</span><span class="s2">" "</span>
|
|
<span class="o">+</span> <span class="n">comment</span>
|
|
<span class="p">)</span><span class="o">.</span><span class="n">strip</span><span class="p">()</span>
|
|
|
|
<span class="n">b64Data</span> <span class="o">=</span> <span class="n">encodebytes</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">blob</span><span class="p">())</span><span class="o">.</span><span class="n">replace</span><span class="p">(</span><span class="sa">b</span><span class="s2">"</span><span class="se">\n</span><span class="s2">"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">""</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="n">comment</span><span class="p">:</span>
|
|
<span class="n">comment</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">""</span>
|
|
<span class="k">return</span> <span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">sshType</span><span class="p">()</span> <span class="o">+</span> <span class="sa">b</span><span class="s2">" "</span> <span class="o">+</span> <span class="n">b64Data</span> <span class="o">+</span> <span class="sa">b</span><span class="s2">" "</span> <span class="o">+</span> <span class="n">comment</span><span class="p">)</span><span class="o">.</span><span class="n">strip</span><span class="p">()</span>
|
|
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_toPrivateOpenSSH_v1</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">comment</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">passphrase</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a private OpenSSH key string, in the "openssh-key-v1" format</span>
|
|
<span class="sd"> introduced in OpenSSH 6.5.</span>
|
|
|
|
<span class="sd"> See _fromPrivateOpenSSH_v1 for the string format.</span>
|
|
|
|
<span class="sd"> @type passphrase: L{bytes} or L{None}</span>
|
|
<span class="sd"> @param passphrase: The passphrase to encrypt the key with, or L{None}</span>
|
|
<span class="sd"> if it is not encrypted.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="n">passphrase</span><span class="p">:</span>
|
|
<span class="c1"># For now we just hardcode the cipher to the one used by</span>
|
|
<span class="c1"># OpenSSH. We could make this configurable later if it's</span>
|
|
<span class="c1"># needed.</span>
|
|
<span class="n">cipher</span> <span class="o">=</span> <span class="n">algorithms</span><span class="o">.</span><span class="n">AES</span>
|
|
<span class="n">cipherName</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"aes256-ctr"</span>
|
|
<span class="n">kdfName</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"bcrypt"</span>
|
|
<span class="n">blockSize</span> <span class="o">=</span> <span class="n">cipher</span><span class="o">.</span><span class="n">block_size</span> <span class="o">//</span> <span class="mi">8</span>
|
|
<span class="n">keySize</span> <span class="o">=</span> <span class="mi">32</span>
|
|
<span class="n">ivSize</span> <span class="o">=</span> <span class="n">blockSize</span>
|
|
<span class="n">salt</span> <span class="o">=</span> <span class="n">randbytes</span><span class="o">.</span><span class="n">secureRandom</span><span class="p">(</span><span class="n">ivSize</span><span class="p">)</span>
|
|
<span class="n">rounds</span> <span class="o">=</span> <span class="mi">100</span>
|
|
<span class="n">kdfOptions</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">salt</span><span class="p">)</span> <span class="o">+</span> <span class="n">struct</span><span class="o">.</span><span class="n">pack</span><span class="p">(</span><span class="s2">"!L"</span><span class="p">,</span> <span class="n">rounds</span><span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">cipherName</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"none"</span>
|
|
<span class="n">kdfName</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"none"</span>
|
|
<span class="n">blockSize</span> <span class="o">=</span> <span class="mi">8</span>
|
|
<span class="n">kdfOptions</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">""</span>
|
|
<span class="n">check</span> <span class="o">=</span> <span class="n">randbytes</span><span class="o">.</span><span class="n">secureRandom</span><span class="p">(</span><span class="mi">4</span><span class="p">)</span>
|
|
<span class="n">privKeyList</span> <span class="o">=</span> <span class="n">check</span> <span class="o">+</span> <span class="n">check</span> <span class="o">+</span> <span class="bp">self</span><span class="o">.</span><span class="n">privateBlob</span><span class="p">()</span> <span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">comment</span> <span class="ow">or</span> <span class="sa">b</span><span class="s2">""</span><span class="p">)</span>
|
|
<span class="n">padByte</span> <span class="o">=</span> <span class="mi">0</span>
|
|
<span class="k">while</span> <span class="nb">len</span><span class="p">(</span><span class="n">privKeyList</span><span class="p">)</span> <span class="o">%</span> <span class="n">blockSize</span><span class="p">:</span>
|
|
<span class="n">padByte</span> <span class="o">+=</span> <span class="mi">1</span>
|
|
<span class="n">privKeyList</span> <span class="o">+=</span> <span class="nb">bytes</span><span class="p">((</span><span class="n">padByte</span> <span class="o">&</span> <span class="mh">0xFF</span><span class="p">,))</span>
|
|
<span class="k">if</span> <span class="n">passphrase</span><span class="p">:</span>
|
|
<span class="n">encKey</span> <span class="o">=</span> <span class="n">bcrypt</span><span class="o">.</span><span class="n">kdf</span><span class="p">(</span><span class="n">passphrase</span><span class="p">,</span> <span class="n">salt</span><span class="p">,</span> <span class="n">keySize</span> <span class="o">+</span> <span class="n">ivSize</span><span class="p">,</span> <span class="mi">100</span><span class="p">)</span>
|
|
<span class="n">encryptor</span> <span class="o">=</span> <span class="n">Cipher</span><span class="p">(</span>
|
|
<span class="n">cipher</span><span class="p">(</span><span class="n">encKey</span><span class="p">[:</span><span class="n">keySize</span><span class="p">]),</span>
|
|
<span class="n">modes</span><span class="o">.</span><span class="n">CTR</span><span class="p">(</span><span class="n">encKey</span><span class="p">[</span><span class="n">keySize</span> <span class="p">:</span> <span class="n">keySize</span> <span class="o">+</span> <span class="n">ivSize</span><span class="p">]),</span>
|
|
<span class="n">backend</span><span class="o">=</span><span class="n">default_backend</span><span class="p">(),</span>
|
|
<span class="p">)</span><span class="o">.</span><span class="n">encryptor</span><span class="p">()</span>
|
|
<span class="n">encPrivKeyList</span> <span class="o">=</span> <span class="n">encryptor</span><span class="o">.</span><span class="n">update</span><span class="p">(</span><span class="n">privKeyList</span><span class="p">)</span> <span class="o">+</span> <span class="n">encryptor</span><span class="o">.</span><span class="n">finalize</span><span class="p">()</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">encPrivKeyList</span> <span class="o">=</span> <span class="n">privKeyList</span>
|
|
<span class="n">blob</span> <span class="o">=</span> <span class="p">(</span>
|
|
<span class="sa">b</span><span class="s2">"openssh-key-v1</span><span class="se">\0</span><span class="s2">"</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">cipherName</span><span class="p">)</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">kdfName</span><span class="p">)</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">kdfOptions</span><span class="p">)</span>
|
|
<span class="o">+</span> <span class="n">struct</span><span class="o">.</span><span class="n">pack</span><span class="p">(</span><span class="s2">"!L"</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">blob</span><span class="p">())</span>
|
|
<span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">encPrivKeyList</span><span class="p">)</span>
|
|
<span class="p">)</span>
|
|
<span class="n">b64Data</span> <span class="o">=</span> <span class="n">encodebytes</span><span class="p">(</span><span class="n">blob</span><span class="p">)</span><span class="o">.</span><span class="n">replace</span><span class="p">(</span><span class="sa">b</span><span class="s2">"</span><span class="se">\n</span><span class="s2">"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">""</span><span class="p">)</span>
|
|
<span class="n">lines</span> <span class="o">=</span> <span class="p">(</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"-----BEGIN OPENSSH PRIVATE KEY-----"</span><span class="p">]</span>
|
|
<span class="o">+</span> <span class="p">[</span><span class="n">b64Data</span><span class="p">[</span><span class="n">i</span> <span class="p">:</span> <span class="n">i</span> <span class="o">+</span> <span class="mi">64</span><span class="p">]</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">b64Data</span><span class="p">),</span> <span class="mi">64</span><span class="p">)]</span>
|
|
<span class="o">+</span> <span class="p">[</span><span class="sa">b</span><span class="s2">"-----END OPENSSH PRIVATE KEY-----"</span><span class="p">]</span>
|
|
<span class="p">)</span>
|
|
<span class="k">return</span> <span class="sa">b</span><span class="s2">"</span><span class="se">\n</span><span class="s2">"</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">lines</span><span class="p">)</span> <span class="o">+</span> <span class="sa">b</span><span class="s2">"</span><span class="se">\n</span><span class="s2">"</span>
|
|
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_toPrivateOpenSSH_PEM</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">passphrase</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a private OpenSSH key string, in the old PEM-based format.</span>
|
|
|
|
<span class="sd"> See _fromPrivateOpenSSH_PEM for the string format.</span>
|
|
|
|
<span class="sd"> @type passphrase: L{bytes} or L{None}</span>
|
|
<span class="sd"> @param passphrase: The passphrase to encrypt the key with, or L{None}</span>
|
|
<span class="sd"> if it is not encrypted.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="n">passphrase</span><span class="p">:</span>
|
|
<span class="c1"># unencrypted private key</span>
|
|
<span class="n">encryptor</span> <span class="o">=</span> <span class="n">serialization</span><span class="o">.</span><span class="n">NoEncryption</span><span class="p">()</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">encryptor</span> <span class="o">=</span> <span class="n">serialization</span><span class="o">.</span><span class="n">BestAvailableEncryption</span><span class="p">(</span><span class="n">passphrase</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">!=</span> <span class="s2">"Ed25519"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">private_bytes</span><span class="p">(</span>
|
|
<span class="n">serialization</span><span class="o">.</span><span class="n">Encoding</span><span class="o">.</span><span class="n">PEM</span><span class="p">,</span>
|
|
<span class="n">serialization</span><span class="o">.</span><span class="n">PrivateFormat</span><span class="o">.</span><span class="n">TraditionalOpenSSL</span><span class="p">,</span>
|
|
<span class="n">encryptor</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="c1"># TODO: why not just support serialization here</span>
|
|
<span class="k">assert</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"Ed25519"</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span>
|
|
<span class="s2">"cannot serialize Ed25519 key to OpenSSH PEM format; use v1 "</span> <span class="s2">"instead"</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_toString_OPENSSH</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">subtype</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">comment</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">passphrase</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a public or private OpenSSH string. See</span>
|
|
<span class="sd"> L{_fromString_PUBLIC_OPENSSH} and L{_fromPrivateOpenSSH_PEM} for the</span>
|
|
<span class="sd"> string formats.</span>
|
|
|
|
<span class="sd"> @param subtype: A subtype to emit. Only supported for private keys,</span>
|
|
<span class="sd"> for which the currently supported subtypes are C{'PEM'} and C{'v1'}.</span>
|
|
<span class="sd"> If not given, an appropriate default is used.</span>
|
|
<span class="sd"> @type subtype: L{str} or L{None}</span>
|
|
|
|
<span class="sd"> @param comment: Comment for a public key.</span>
|
|
<span class="sd"> @type comment: L{bytes}</span>
|
|
|
|
<span class="sd"> @param passphrase: Passphrase for a private key.</span>
|
|
<span class="sd"> @type passphrase: L{bytes}</span>
|
|
|
|
<span class="sd"> @rtype: L{bytes}</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">isPublic</span><span class="p">():</span>
|
|
<span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">_toPublicOpenSSH</span><span class="p">(</span><span class="n">comment</span><span class="o">=</span><span class="n">comment</span><span class="p">)</span>
|
|
<span class="c1"># No pre-v1 format is defined for Ed25519 keys.</span>
|
|
<span class="k">elif</span> <span class="n">subtype</span> <span class="o">==</span> <span class="s2">"v1"</span> <span class="ow">or</span> <span class="p">(</span><span class="n">subtype</span> <span class="ow">is</span> <span class="kc">None</span> <span class="ow">and</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"Ed25519"</span><span class="p">):</span>
|
|
<span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">_toPrivateOpenSSH_v1</span><span class="p">(</span><span class="n">comment</span><span class="o">=</span><span class="n">comment</span><span class="p">,</span> <span class="n">passphrase</span><span class="o">=</span><span class="n">passphrase</span><span class="p">)</span>
|
|
<span class="k">elif</span> <span class="n">subtype</span> <span class="ow">is</span> <span class="kc">None</span> <span class="ow">or</span> <span class="n">subtype</span> <span class="o">==</span> <span class="s2">"PEM"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">_toPrivateOpenSSH_PEM</span><span class="p">(</span><span class="n">passphrase</span><span class="o">=</span><span class="n">passphrase</span><span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown subtype </span><span class="si">{</span><span class="n">subtype</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_toString_LSH</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a public or private LSH key. See _fromString_PUBLIC_LSH and</span>
|
|
<span class="sd"> _fromString_PRIVATE_LSH for the key formats.</span>
|
|
|
|
<span class="sd"> @rtype: L{bytes}</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">data</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">data</span><span class="p">()</span>
|
|
<span class="nb">type</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">isPublic</span><span class="p">():</span>
|
|
<span class="k">if</span> <span class="nb">type</span> <span class="o">==</span> <span class="s2">"RSA"</span><span class="p">:</span>
|
|
<span class="n">keyData</span> <span class="o">=</span> <span class="n">sexpy</span><span class="o">.</span><span class="n">pack</span><span class="p">(</span>
|
|
<span class="p">[</span>
|
|
<span class="p">[</span>
|
|
<span class="sa">b</span><span class="s2">"public-key"</span><span class="p">,</span>
|
|
<span class="p">[</span>
|
|
<span class="sa">b</span><span class="s2">"rsa-pkcs1-sha1"</span><span class="p">,</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"n"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"n"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"e"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"e"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">],</span>
|
|
<span class="p">]</span>
|
|
<span class="p">]</span>
|
|
<span class="p">)</span>
|
|
<span class="k">elif</span> <span class="nb">type</span> <span class="o">==</span> <span class="s2">"DSA"</span><span class="p">:</span>
|
|
<span class="n">keyData</span> <span class="o">=</span> <span class="n">sexpy</span><span class="o">.</span><span class="n">pack</span><span class="p">(</span>
|
|
<span class="p">[</span>
|
|
<span class="p">[</span>
|
|
<span class="sa">b</span><span class="s2">"public-key"</span><span class="p">,</span>
|
|
<span class="p">[</span>
|
|
<span class="sa">b</span><span class="s2">"dsa"</span><span class="p">,</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"p"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"p"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"q"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"q"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"g"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"g"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"y"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"y"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">],</span>
|
|
<span class="p">]</span>
|
|
<span class="p">]</span>
|
|
<span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown key type </span><span class="si">{</span><span class="nb">type</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="sa">b</span><span class="s2">"{"</span> <span class="o">+</span> <span class="n">encodebytes</span><span class="p">(</span><span class="n">keyData</span><span class="p">)</span><span class="o">.</span><span class="n">replace</span><span class="p">(</span><span class="sa">b</span><span class="s2">"</span><span class="se">\n</span><span class="s2">"</span><span class="p">,</span> <span class="sa">b</span><span class="s2">""</span><span class="p">)</span> <span class="o">+</span> <span class="sa">b</span><span class="s2">"}"</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">if</span> <span class="nb">type</span> <span class="o">==</span> <span class="s2">"RSA"</span><span class="p">:</span>
|
|
<span class="n">p</span><span class="p">,</span> <span class="n">q</span> <span class="o">=</span> <span class="n">data</span><span class="p">[</span><span class="s2">"p"</span><span class="p">],</span> <span class="n">data</span><span class="p">[</span><span class="s2">"q"</span><span class="p">]</span>
|
|
<span class="n">iqmp</span> <span class="o">=</span> <span class="n">rsa</span><span class="o">.</span><span class="n">rsa_crt_iqmp</span><span class="p">(</span><span class="n">p</span><span class="p">,</span> <span class="n">q</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="n">sexpy</span><span class="o">.</span><span class="n">pack</span><span class="p">(</span>
|
|
<span class="p">[</span>
|
|
<span class="p">[</span>
|
|
<span class="sa">b</span><span class="s2">"private-key"</span><span class="p">,</span>
|
|
<span class="p">[</span>
|
|
<span class="sa">b</span><span class="s2">"rsa-pkcs1"</span><span class="p">,</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"n"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"n"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"e"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"e"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"d"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"d"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"p"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">q</span><span class="p">)[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"q"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">p</span><span class="p">)[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"a"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"d"</span><span class="p">]</span> <span class="o">%</span> <span class="p">(</span><span class="n">q</span> <span class="o">-</span> <span class="mi">1</span><span class="p">))[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"b"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"d"</span><span class="p">]</span> <span class="o">%</span> <span class="p">(</span><span class="n">p</span> <span class="o">-</span> <span class="mi">1</span><span class="p">))[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"c"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">iqmp</span><span class="p">)[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">],</span>
|
|
<span class="p">]</span>
|
|
<span class="p">]</span>
|
|
<span class="p">)</span>
|
|
<span class="k">elif</span> <span class="nb">type</span> <span class="o">==</span> <span class="s2">"DSA"</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="n">sexpy</span><span class="o">.</span><span class="n">pack</span><span class="p">(</span>
|
|
<span class="p">[</span>
|
|
<span class="p">[</span>
|
|
<span class="sa">b</span><span class="s2">"private-key"</span><span class="p">,</span>
|
|
<span class="p">[</span>
|
|
<span class="sa">b</span><span class="s2">"dsa"</span><span class="p">,</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"p"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"p"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"q"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"q"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"g"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"g"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"y"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"y"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">[</span><span class="sa">b</span><span class="s2">"x"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"x"</span><span class="p">])[</span><span class="mi">4</span><span class="p">:]],</span>
|
|
<span class="p">],</span>
|
|
<span class="p">]</span>
|
|
<span class="p">]</span>
|
|
<span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadKeyError</span><span class="p">(</span><span class="sa">f</span><span class="s2">"unknown key type </span><span class="si">{</span><span class="nb">type</span><span class="si">}</span><span class="s2">'"</span><span class="p">)</span>
|
|
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_toString_AGENTV3</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Return a private Secure Shell Agent v3 key. See</span>
|
|
<span class="sd"> _fromString_AGENTV3 for the key format.</span>
|
|
|
|
<span class="sd"> @rtype: L{bytes}</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">data</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">data</span><span class="p">()</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">isPublic</span><span class="p">():</span>
|
|
<span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"RSA"</span><span class="p">:</span>
|
|
<span class="n">values</span> <span class="o">=</span> <span class="p">(</span>
|
|
<span class="n">data</span><span class="p">[</span><span class="s2">"e"</span><span class="p">],</span>
|
|
<span class="n">data</span><span class="p">[</span><span class="s2">"d"</span><span class="p">],</span>
|
|
<span class="n">data</span><span class="p">[</span><span class="s2">"n"</span><span class="p">],</span>
|
|
<span class="n">data</span><span class="p">[</span><span class="s2">"u"</span><span class="p">],</span>
|
|
<span class="n">data</span><span class="p">[</span><span class="s2">"p"</span><span class="p">],</span>
|
|
<span class="n">data</span><span class="p">[</span><span class="s2">"q"</span><span class="p">],</span>
|
|
<span class="p">)</span>
|
|
<span class="k">elif</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span> <span class="o">==</span> <span class="s2">"DSA"</span><span class="p">:</span>
|
|
<span class="n">values</span> <span class="o">=</span> <span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="s2">"p"</span><span class="p">],</span> <span class="n">data</span><span class="p">[</span><span class="s2">"q"</span><span class="p">],</span> <span class="n">data</span><span class="p">[</span><span class="s2">"g"</span><span class="p">],</span> <span class="n">data</span><span class="p">[</span><span class="s2">"y"</span><span class="p">],</span> <span class="n">data</span><span class="p">[</span><span class="s2">"x"</span><span class="p">])</span>
|
|
<span class="k">return</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">sshType</span><span class="p">())</span> <span class="o">+</span> <span class="sa">b</span><span class="s2">""</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="nb">map</span><span class="p">(</span><span class="n">common</span><span class="o">.</span><span class="n">MP</span><span class="p">,</span> <span class="n">values</span><span class="p">))</span>
|
|
|
|
<div class="viewcode-block" id="Key.sign">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.sign">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">sign</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">signatureType</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Sign some data with this key.</span>
|
|
|
|
<span class="sd"> SECSH-TRANS RFC 4253 Section 6.6.</span>
|
|
|
|
<span class="sd"> @type data: L{bytes}</span>
|
|
<span class="sd"> @param data: The data to sign.</span>
|
|
|
|
<span class="sd"> @type signatureType: L{bytes}</span>
|
|
<span class="sd"> @param signatureType: The SSH public key algorithm name to sign this</span>
|
|
<span class="sd"> data with, or L{None} to use a reasonable default for the key.</span>
|
|
|
|
<span class="sd"> @rtype: L{bytes}</span>
|
|
<span class="sd"> @return: A signature for the given data.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">keyType</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span>
|
|
<span class="k">if</span> <span class="n">signatureType</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="c1"># Use the SSH public key type name by default, since for all</span>
|
|
<span class="c1"># current key types this can also be used as a public key</span>
|
|
<span class="c1"># algorithm name. (This exists for compatibility; new code</span>
|
|
<span class="c1"># should explicitly specify a public key algorithm name.)</span>
|
|
<span class="n">signatureType</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">sshType</span><span class="p">()</span>
|
|
|
|
<span class="n">hashAlgorithm</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_getHashAlgorithm</span><span class="p">(</span><span class="n">signatureType</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">hashAlgorithm</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">raise</span> <span class="n">BadSignatureAlgorithmError</span><span class="p">(</span>
|
|
<span class="sa">f</span><span class="s2">"public key signature algorithm </span><span class="si">{</span><span class="n">signatureType</span><span class="si">}</span><span class="s2"> is not "</span>
|
|
<span class="sa">f</span><span class="s2">"defined for </span><span class="si">{</span><span class="n">keyType</span><span class="si">}</span><span class="s2"> keys"</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">keyType</span> <span class="o">==</span> <span class="s2">"RSA"</span><span class="p">:</span>
|
|
<span class="n">sig</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">sign</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">padding</span><span class="o">.</span><span class="n">PKCS1v15</span><span class="p">(),</span> <span class="n">hashAlgorithm</span><span class="p">)</span>
|
|
<span class="n">ret</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">sig</span><span class="p">)</span>
|
|
|
|
<span class="k">elif</span> <span class="n">keyType</span> <span class="o">==</span> <span class="s2">"DSA"</span><span class="p">:</span>
|
|
<span class="n">sig</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">sign</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">hashAlgorithm</span><span class="p">)</span>
|
|
<span class="p">(</span><span class="n">r</span><span class="p">,</span> <span class="n">s</span><span class="p">)</span> <span class="o">=</span> <span class="n">decode_dss_signature</span><span class="p">(</span><span class="n">sig</span><span class="p">)</span>
|
|
<span class="c1"># SSH insists that the DSS signature blob be two 160-bit integers</span>
|
|
<span class="c1"># concatenated together. The sig[0], [1] numbers from obj.sign</span>
|
|
<span class="c1"># are just numbers, and could be any length from 0 to 160 bits.</span>
|
|
<span class="c1"># Make sure they are padded out to 160 bits (20 bytes each)</span>
|
|
<span class="n">ret</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">int_to_bytes</span><span class="p">(</span><span class="n">r</span><span class="p">,</span> <span class="mi">20</span><span class="p">)</span> <span class="o">+</span> <span class="n">int_to_bytes</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="mi">20</span><span class="p">))</span>
|
|
|
|
<span class="k">elif</span> <span class="n">keyType</span> <span class="o">==</span> <span class="s2">"EC"</span><span class="p">:</span> <span class="c1"># Pragma: no branch</span>
|
|
<span class="n">signature</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">sign</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">ec</span><span class="o">.</span><span class="n">ECDSA</span><span class="p">(</span><span class="n">hashAlgorithm</span><span class="p">))</span>
|
|
<span class="p">(</span><span class="n">r</span><span class="p">,</span> <span class="n">s</span><span class="p">)</span> <span class="o">=</span> <span class="n">decode_dss_signature</span><span class="p">(</span><span class="n">signature</span><span class="p">)</span>
|
|
|
|
<span class="n">rb</span> <span class="o">=</span> <span class="n">int_to_bytes</span><span class="p">(</span><span class="n">r</span><span class="p">)</span>
|
|
<span class="n">sb</span> <span class="o">=</span> <span class="n">int_to_bytes</span><span class="p">(</span><span class="n">s</span><span class="p">)</span>
|
|
|
|
<span class="c1"># Int_to_bytes returns rb[0] as a str in python2</span>
|
|
<span class="c1"># and an as int in python3</span>
|
|
<span class="k">if</span> <span class="nb">type</span><span class="p">(</span><span class="n">rb</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> <span class="ow">is</span> <span class="nb">str</span><span class="p">:</span>
|
|
<span class="n">rcomp</span> <span class="o">=</span> <span class="nb">ord</span><span class="p">(</span><span class="n">rb</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">rcomp</span> <span class="o">=</span> <span class="n">rb</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
|
|
|
|
<span class="c1"># If the MSB is set, prepend a null byte for correct formatting.</span>
|
|
<span class="k">if</span> <span class="n">rcomp</span> <span class="o">&</span> <span class="mh">0x80</span><span class="p">:</span>
|
|
<span class="n">rb</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"</span><span class="se">\x00</span><span class="s2">"</span> <span class="o">+</span> <span class="n">rb</span>
|
|
|
|
<span class="k">if</span> <span class="nb">type</span><span class="p">(</span><span class="n">sb</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> <span class="ow">is</span> <span class="nb">str</span><span class="p">:</span>
|
|
<span class="n">scomp</span> <span class="o">=</span> <span class="nb">ord</span><span class="p">(</span><span class="n">sb</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">scomp</span> <span class="o">=</span> <span class="n">sb</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
|
|
|
|
<span class="k">if</span> <span class="n">scomp</span> <span class="o">&</span> <span class="mh">0x80</span><span class="p">:</span>
|
|
<span class="n">sb</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"</span><span class="se">\x00</span><span class="s2">"</span> <span class="o">+</span> <span class="n">sb</span>
|
|
|
|
<span class="n">ret</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">rb</span><span class="p">)</span> <span class="o">+</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">sb</span><span class="p">))</span>
|
|
|
|
<span class="k">elif</span> <span class="n">keyType</span> <span class="o">==</span> <span class="s2">"Ed25519"</span><span class="p">:</span>
|
|
<span class="n">ret</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span><span class="o">.</span><span class="n">sign</span><span class="p">(</span><span class="n">data</span><span class="p">))</span>
|
|
<span class="k">return</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">signatureType</span><span class="p">)</span> <span class="o">+</span> <span class="n">ret</span></div>
|
|
|
|
|
|
<div class="viewcode-block" id="Key.verify">
|
|
<a class="viewcode-back" href="../../../../api/evennia.server.portal.ssh.html#evennia.server.portal.ssh.Key.verify">[docs]</a>
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">verify</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">signature</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> Verify a signature using this key.</span>
|
|
|
|
<span class="sd"> @type signature: L{bytes}</span>
|
|
<span class="sd"> @param signature: The signature to verify.</span>
|
|
|
|
<span class="sd"> @type data: L{bytes}</span>
|
|
<span class="sd"> @param data: The signed data.</span>
|
|
|
|
<span class="sd"> @rtype: L{bool}</span>
|
|
<span class="sd"> @return: C{True} if the signature is valid.</span>
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">signature</span><span class="p">)</span> <span class="o">==</span> <span class="mi">40</span><span class="p">:</span>
|
|
<span class="c1"># DSA key with no padding</span>
|
|
<span class="n">signatureType</span><span class="p">,</span> <span class="n">signature</span> <span class="o">=</span> <span class="sa">b</span><span class="s2">"ssh-dss"</span><span class="p">,</span> <span class="n">common</span><span class="o">.</span><span class="n">NS</span><span class="p">(</span><span class="n">signature</span><span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">signatureType</span><span class="p">,</span> <span class="n">signature</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">signature</span><span class="p">)</span>
|
|
|
|
<span class="n">hashAlgorithm</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_getHashAlgorithm</span><span class="p">(</span><span class="n">signatureType</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">hashAlgorithm</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="kc">False</span>
|
|
|
|
<span class="n">keyType</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">type</span><span class="p">()</span>
|
|
<span class="k">if</span> <span class="n">keyType</span> <span class="o">==</span> <span class="s2">"RSA"</span><span class="p">:</span>
|
|
<span class="n">k</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">isPublic</span><span class="p">():</span>
|
|
<span class="n">k</span> <span class="o">=</span> <span class="n">k</span><span class="o">.</span><span class="n">public_key</span><span class="p">()</span>
|
|
<span class="n">args</span> <span class="o">=</span> <span class="p">(</span>
|
|
<span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">signature</span><span class="p">)[</span><span class="mi">0</span><span class="p">],</span>
|
|
<span class="n">data</span><span class="p">,</span>
|
|
<span class="n">padding</span><span class="o">.</span><span class="n">PKCS1v15</span><span class="p">(),</span>
|
|
<span class="n">hashAlgorithm</span><span class="p">,</span>
|
|
<span class="p">)</span>
|
|
<span class="k">elif</span> <span class="n">keyType</span> <span class="o">==</span> <span class="s2">"DSA"</span><span class="p">:</span>
|
|
<span class="n">concatenatedSignature</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">signature</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span>
|
|
<span class="n">r</span> <span class="o">=</span> <span class="nb">int</span><span class="o">.</span><span class="n">from_bytes</span><span class="p">(</span><span class="n">concatenatedSignature</span><span class="p">[:</span><span class="mi">20</span><span class="p">],</span> <span class="s2">"big"</span><span class="p">)</span>
|
|
<span class="n">s</span> <span class="o">=</span> <span class="nb">int</span><span class="o">.</span><span class="n">from_bytes</span><span class="p">(</span><span class="n">concatenatedSignature</span><span class="p">[</span><span class="mi">20</span><span class="p">:],</span> <span class="s2">"big"</span><span class="p">)</span>
|
|
<span class="n">signature</span> <span class="o">=</span> <span class="n">encode_dss_signature</span><span class="p">(</span><span class="n">r</span><span class="p">,</span> <span class="n">s</span><span class="p">)</span>
|
|
<span class="n">k</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">isPublic</span><span class="p">():</span>
|
|
<span class="n">k</span> <span class="o">=</span> <span class="n">k</span><span class="o">.</span><span class="n">public_key</span><span class="p">()</span>
|
|
<span class="n">args</span> <span class="o">=</span> <span class="p">(</span><span class="n">signature</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">hashAlgorithm</span><span class="p">)</span>
|
|
|
|
<span class="k">elif</span> <span class="n">keyType</span> <span class="o">==</span> <span class="s2">"EC"</span><span class="p">:</span> <span class="c1"># Pragma: no branch</span>
|
|
<span class="n">concatenatedSignature</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">signature</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span>
|
|
<span class="n">rstr</span><span class="p">,</span> <span class="n">sstr</span><span class="p">,</span> <span class="n">rest</span> <span class="o">=</span> <span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">concatenatedSignature</span><span class="p">,</span> <span class="mi">2</span><span class="p">)</span>
|
|
<span class="n">r</span> <span class="o">=</span> <span class="nb">int</span><span class="o">.</span><span class="n">from_bytes</span><span class="p">(</span><span class="n">rstr</span><span class="p">,</span> <span class="s2">"big"</span><span class="p">)</span>
|
|
<span class="n">s</span> <span class="o">=</span> <span class="nb">int</span><span class="o">.</span><span class="n">from_bytes</span><span class="p">(</span><span class="n">sstr</span><span class="p">,</span> <span class="s2">"big"</span><span class="p">)</span>
|
|
<span class="n">signature</span> <span class="o">=</span> <span class="n">encode_dss_signature</span><span class="p">(</span><span class="n">r</span><span class="p">,</span> <span class="n">s</span><span class="p">)</span>
|
|
|
|
<span class="n">k</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">isPublic</span><span class="p">():</span>
|
|
<span class="n">k</span> <span class="o">=</span> <span class="n">k</span><span class="o">.</span><span class="n">public_key</span><span class="p">()</span>
|
|
|
|
<span class="n">args</span> <span class="o">=</span> <span class="p">(</span><span class="n">signature</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">ec</span><span class="o">.</span><span class="n">ECDSA</span><span class="p">(</span><span class="n">hashAlgorithm</span><span class="p">))</span>
|
|
|
|
<span class="k">elif</span> <span class="n">keyType</span> <span class="o">==</span> <span class="s2">"Ed25519"</span><span class="p">:</span>
|
|
<span class="n">k</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_keyObject</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">isPublic</span><span class="p">():</span>
|
|
<span class="n">k</span> <span class="o">=</span> <span class="n">k</span><span class="o">.</span><span class="n">public_key</span><span class="p">()</span>
|
|
<span class="n">args</span> <span class="o">=</span> <span class="p">(</span><span class="n">common</span><span class="o">.</span><span class="n">getNS</span><span class="p">(</span><span class="n">signature</span><span class="p">)[</span><span class="mi">0</span><span class="p">],</span> <span class="n">data</span><span class="p">)</span>
|
|
|
|
<span class="k">try</span><span class="p">:</span>
|
|
<span class="n">k</span><span class="o">.</span><span class="n">verify</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">)</span>
|
|
<span class="k">except</span> <span class="n">InvalidSignature</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="kc">False</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="kc">True</span></div>
|
|
</div>
|
|
|
|
|
|
|
|
<span class="k">def</span><span class="w"> </span><span class="nf">_getPersistentRSAKey</span><span class="p">(</span><span class="n">location</span><span class="p">,</span> <span class="n">keySize</span><span class="o">=</span><span class="mi">4096</span><span class="p">):</span>
|
|
<span class="w"> </span><span class="sd">"""</span>
|
|
<span class="sd"> This function returns a persistent L{Key}.</span>
|
|
|
|
<span class="sd"> The key is loaded from a PEM file in C{location}. If it does not exist, a</span>
|
|
<span class="sd"> key with the key size of C{keySize} is generated and saved.</span>
|
|
|
|
<span class="sd"> @param location: Where the key is stored.</span>
|
|
<span class="sd"> @type location: L{twisted.python.filepath.FilePath}</span>
|
|
|
|
<span class="sd"> @param keySize: The size of the key, if it needs to be generated.</span>
|
|
<span class="sd"> @type keySize: L{int}</span>
|
|
|
|
<span class="sd"> @returns: A persistent key.</span>
|
|
<span class="sd"> @rtype: L{Key}</span>
|
|
<span class="sd"> """</span>
|
|
<span class="n">location</span><span class="o">.</span><span class="n">parent</span><span class="p">()</span><span class="o">.</span><span class="n">makedirs</span><span class="p">(</span><span class="n">ignoreExistingDirectory</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span>
|
|
|
|
<span class="c1"># If it doesn't exist, we want to generate a new key and save it</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="n">location</span><span class="o">.</span><span class="n">exists</span><span class="p">():</span>
|
|
<span class="n">privateKey</span> <span class="o">=</span> <span class="n">rsa</span><span class="o">.</span><span class="n">generate_private_key</span><span class="p">(</span>
|
|
<span class="n">public_exponent</span><span class="o">=</span><span class="mi">65537</span><span class="p">,</span> <span class="n">key_size</span><span class="o">=</span><span class="n">keySize</span><span class="p">,</span> <span class="n">backend</span><span class="o">=</span><span class="n">default_backend</span><span class="p">()</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="n">pem</span> <span class="o">=</span> <span class="n">privateKey</span><span class="o">.</span><span class="n">private_bytes</span><span class="p">(</span>
|
|
<span class="n">encoding</span><span class="o">=</span><span class="n">serialization</span><span class="o">.</span><span class="n">Encoding</span><span class="o">.</span><span class="n">PEM</span><span class="p">,</span>
|
|
<span class="nb">format</span><span class="o">=</span><span class="n">serialization</span><span class="o">.</span><span class="n">PrivateFormat</span><span class="o">.</span><span class="n">TraditionalOpenSSL</span><span class="p">,</span>
|
|
<span class="n">encryption_algorithm</span><span class="o">=</span><span class="n">serialization</span><span class="o">.</span><span class="n">NoEncryption</span><span class="p">(),</span>
|
|
<span class="p">)</span>
|
|
|
|
<span class="n">location</span><span class="o">.</span><span class="n">setContent</span><span class="p">(</span><span class="n">pem</span><span class="p">)</span>
|
|
|
|
<span class="c1"># By this point (save any hilarious race conditions) we should have a</span>
|
|
<span class="c1"># working PEM file. Load it!</span>
|
|
<span class="c1"># (Future archaeological readers: I chose not to short circuit above,</span>
|
|
<span class="c1"># because then there's two exit paths to this code!)</span>
|
|
<span class="k">with</span> <span class="n">location</span><span class="o">.</span><span class="n">open</span><span class="p">(</span><span class="s2">"rb"</span><span class="p">)</span> <span class="k">as</span> <span class="n">keyFile</span><span class="p">:</span>
|
|
<span class="n">privateKey</span> <span class="o">=</span> <span class="n">serialization</span><span class="o">.</span><span class="n">load_pem_private_key</span><span class="p">(</span>
|
|
<span class="n">keyFile</span><span class="o">.</span><span class="n">read</span><span class="p">(),</span> <span class="n">password</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="n">backend</span><span class="o">=</span><span class="n">default_backend</span><span class="p">()</span>
|
|
<span class="p">)</span>
|
|
<span class="k">return</span> <span class="n">Key</span><span class="p">(</span><span class="n">privateKey</span><span class="p">)</span>
|
|
</pre></div>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
<div class="related" role="navigation" aria-label="related navigation">
|
|
<h3>Navigation</h3>
|
|
<ul>
|
|
<li class="right" style="margin-right: 10px">
|
|
<a href="../../../../genindex.html" title="General Index"
|
|
>index</a></li>
|
|
<li class="right" >
|
|
<a href="../../../../py-modindex.html" title="Python Module Index"
|
|
>modules</a> |</li>
|
|
<li class="nav-item nav-item-0"><a href="../../../../index.html">Evennia latest</a> »</li>
|
|
<li class="nav-item nav-item-1"><a href="../../../index.html" >Module code</a> »</li>
|
|
<li class="nav-item nav-item-this"><a href="">twisted.conch.ssh.keys</a></li>
|
|
</ul>
|
|
</div>
|
|
|
|
|
|
|
|
<div class="footer" role="contentinfo">
|
|
© Copyright 2024, The Evennia developer community.
|
|
Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 8.2.3.
|
|
</div>
|
|
</body>
|
|
</html> |