Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.8/site-packages/cryptography/hazmat/primitives/serialization/ssh.py: 20%

1# This file is dual licensed under the terms of the Apache License, Version 

2# 2.0, and the BSD License. See the LICENSE file in the root of this repository 

3# for complete details. 

4 

5 

6import binascii 

7import enum 

8import os 

9import re 

10import typing 

11import warnings 

12from base64 import encodebytes as _base64_encode 

13 

14from cryptography import utils 

15from cryptography.exceptions import UnsupportedAlgorithm 

16from cryptography.hazmat.primitives import hashes 

17from cryptography.hazmat.primitives.asymmetric import ( 

18 dsa, 

19 ec, 

20 ed25519, 

21 padding, 

22 rsa, 

23) 

24from cryptography.hazmat.primitives.asymmetric import utils as asym_utils 

25from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes 

26from cryptography.hazmat.primitives.serialization import ( 

27 Encoding, 

28 KeySerializationEncryption, 

29 NoEncryption, 

30 PrivateFormat, 

31 PublicFormat, 

32 _KeySerializationEncryption, 

33) 

34 

35try: 

36 from bcrypt import kdf as _bcrypt_kdf 

37 

38 _bcrypt_supported = True 

39except ImportError: 

40 _bcrypt_supported = False 

41 

42 def _bcrypt_kdf( 

43 password: bytes, 

44 salt: bytes, 

45 desired_key_bytes: int, 

46 rounds: int, 

47 ignore_few_rounds: bool = False, 

48 ) -> bytes: 

49 raise UnsupportedAlgorithm("Need bcrypt module") 

50 

51 

52_SSH_ED25519 = b"ssh-ed25519" 

53_SSH_RSA = b"ssh-rsa" 

54_SSH_DSA = b"ssh-dss" 

55_ECDSA_NISTP256 = b"ecdsa-sha2-nistp256" 

56_ECDSA_NISTP384 = b"ecdsa-sha2-nistp384" 

57_ECDSA_NISTP521 = b"ecdsa-sha2-nistp521" 

58_CERT_SUFFIX = b"-cert-v01@openssh.com" 

59 

60# These are not key types, only algorithms, so they cannot appear 

61# as a public key type 

62_SSH_RSA_SHA256 = b"rsa-sha2-256" 

63_SSH_RSA_SHA512 = b"rsa-sha2-512" 

64 

65_SSH_PUBKEY_RC = re.compile(rb"\A(\S+)[ \t]+(\S+)") 

66_SK_MAGIC = b"openssh-key-v1\0" 

67_SK_START = b"-----BEGIN OPENSSH PRIVATE KEY-----" 

68_SK_END = b"-----END OPENSSH PRIVATE KEY-----" 

69_BCRYPT = b"bcrypt" 

70_NONE = b"none" 

71_DEFAULT_CIPHER = b"aes256-ctr" 

72_DEFAULT_ROUNDS = 16 

73 

74# re is only way to work on bytes-like data 

75_PEM_RC = re.compile(_SK_START + b"(.*?)" + _SK_END, re.DOTALL) 

76 

77# padding for max blocksize 

78_PADDING = memoryview(bytearray(range(1, 1 + 16))) 

79 

80# ciphers that are actually used in key wrapping 

81_SSH_CIPHERS: typing.Dict[ 

82 bytes, 

83 typing.Tuple[ 

84 typing.Type[algorithms.AES], 

85 int, 

86 typing.Union[typing.Type[modes.CTR], typing.Type[modes.CBC]], 

87 int, 

88 ], 

89] = { 

90 b"aes256-ctr": (algorithms.AES, 32, modes.CTR, 16), 

91 b"aes256-cbc": (algorithms.AES, 32, modes.CBC, 16), 

92} 

93 

94# map local curve name to key type 

95_ECDSA_KEY_TYPE = { 

96 "secp256r1": _ECDSA_NISTP256, 

97 "secp384r1": _ECDSA_NISTP384, 

98 "secp521r1": _ECDSA_NISTP521, 

99} 

100 

101 

102def _get_ssh_key_type( 

103 key: typing.Union["SSHPrivateKeyTypes", "SSHPublicKeyTypes"] 

104) -> bytes: 

105 if isinstance(key, ec.EllipticCurvePrivateKey): 

106 key_type = _ecdsa_key_type(key.public_key()) 

107 elif isinstance(key, ec.EllipticCurvePublicKey): 

108 key_type = _ecdsa_key_type(key) 

109 elif isinstance(key, (rsa.RSAPrivateKey, rsa.RSAPublicKey)): 

110 key_type = _SSH_RSA 

111 elif isinstance(key, (dsa.DSAPrivateKey, dsa.DSAPublicKey)): 

112 key_type = _SSH_DSA 

113 elif isinstance( 

114 key, (ed25519.Ed25519PrivateKey, ed25519.Ed25519PublicKey) 

115 ): 

116 key_type = _SSH_ED25519 

117 else: 

118 raise ValueError("Unsupported key type") 

119 

120 return key_type 

121 

122 

123def _ecdsa_key_type(public_key: ec.EllipticCurvePublicKey) -> bytes: 

124 """Return SSH key_type and curve_name for private key.""" 

125 curve = public_key.curve 

126 if curve.name not in _ECDSA_KEY_TYPE: 

127 raise ValueError( 

128 f"Unsupported curve for ssh private key: {curve.name!r}" 

129 ) 

130 return _ECDSA_KEY_TYPE[curve.name] 

131 

132 

133def _ssh_pem_encode( 

134 data: bytes, 

135 prefix: bytes = _SK_START + b"\n", 

136 suffix: bytes = _SK_END + b"\n", 

137) -> bytes: 

138 return b"".join([prefix, _base64_encode(data), suffix]) 

139 

140 

141def _check_block_size(data: bytes, block_len: int) -> None: 

142 """Require data to be full blocks""" 

143 if not data or len(data) % block_len != 0: 

144 raise ValueError("Corrupt data: missing padding") 

145 

146 

147def _check_empty(data: bytes) -> None: 

148 """All data should have been parsed.""" 

149 if data: 

150 raise ValueError("Corrupt data: unparsed data") 

151 

152 

153def _init_cipher( 

154 ciphername: bytes, 

155 password: typing.Optional[bytes], 

156 salt: bytes, 

157 rounds: int, 

158) -> Cipher[typing.Union[modes.CBC, modes.CTR]]: 

159 """Generate key + iv and return cipher.""" 

160 if not password: 

161 raise ValueError("Key is password-protected.") 

162 

163 algo, key_len, mode, iv_len = _SSH_CIPHERS[ciphername] 

164 seed = _bcrypt_kdf(password, salt, key_len + iv_len, rounds, True) 

165 return Cipher(algo(seed[:key_len]), mode(seed[key_len:])) 

166 

167 

168def _get_u32(data: memoryview) -> typing.Tuple[int, memoryview]: 

169 """Uint32""" 

170 if len(data) < 4: 

171 raise ValueError("Invalid data") 

172 return int.from_bytes(data[:4], byteorder="big"), data[4:] 

173 

174 

175def _get_u64(data: memoryview) -> typing.Tuple[int, memoryview]: 

176 """Uint64""" 

177 if len(data) < 8: 

178 raise ValueError("Invalid data") 

179 return int.from_bytes(data[:8], byteorder="big"), data[8:] 

180 

181 

182def _get_sshstr(data: memoryview) -> typing.Tuple[memoryview, memoryview]: 

183 """Bytes with u32 length prefix""" 

184 n, data = _get_u32(data) 

185 if n > len(data): 

186 raise ValueError("Invalid data") 

187 return data[:n], data[n:] 

188 

189 

190def _get_mpint(data: memoryview) -> typing.Tuple[int, memoryview]: 

191 """Big integer.""" 

192 val, data = _get_sshstr(data) 

193 if val and val[0] > 0x7F: 

194 raise ValueError("Invalid data") 

195 return int.from_bytes(val, "big"), data 

196 

197 

198def _to_mpint(val: int) -> bytes: 

199 """Storage format for signed bigint.""" 

200 if val < 0: 

201 raise ValueError("negative mpint not allowed") 

202 if not val: 

203 return b"" 

204 nbytes = (val.bit_length() + 8) // 8 

205 return utils.int_to_bytes(val, nbytes) 

206 

207 

208class _FragList: 

209 """Build recursive structure without data copy.""" 

210 

211 flist: typing.List[bytes] 

212 

213 def __init__( 

214 self, init: typing.Optional[typing.List[bytes]] = None 

215 ) -> None: 

216 self.flist = [] 

217 if init: 

218 self.flist.extend(init) 

219 

220 def put_raw(self, val: bytes) -> None: 

221 """Add plain bytes""" 

222 self.flist.append(val) 

223 

224 def put_u32(self, val: int) -> None: 

225 """Big-endian uint32""" 

226 self.flist.append(val.to_bytes(length=4, byteorder="big")) 

227 

228 def put_u64(self, val: int) -> None: 

229 """Big-endian uint64""" 

230 self.flist.append(val.to_bytes(length=8, byteorder="big")) 

231 

232 def put_sshstr(self, val: typing.Union[bytes, "_FragList"]) -> None: 

233 """Bytes prefixed with u32 length""" 

234 if isinstance(val, (bytes, memoryview, bytearray)): 

235 self.put_u32(len(val)) 

236 self.flist.append(val) 

237 else: 

238 self.put_u32(val.size()) 

239 self.flist.extend(val.flist) 

240 

241 def put_mpint(self, val: int) -> None: 

242 """Big-endian bigint prefixed with u32 length""" 

243 self.put_sshstr(_to_mpint(val)) 

244 

245 def size(self) -> int: 

246 """Current number of bytes""" 

247 return sum(map(len, self.flist)) 

248 

249 def render(self, dstbuf: memoryview, pos: int = 0) -> int: 

250 """Write into bytearray""" 

251 for frag in self.flist: 

252 flen = len(frag) 

253 start, pos = pos, pos + flen 

254 dstbuf[start:pos] = frag 

255 return pos 

256 

257 def tobytes(self) -> bytes: 

258 """Return as bytes""" 

259 buf = memoryview(bytearray(self.size())) 

260 self.render(buf) 

261 return buf.tobytes() 

262 

263 

264class _SSHFormatRSA: 

265 """Format for RSA keys. 

266 

267 Public: 

268 mpint e, n 

269 Private: 

270 mpint n, e, d, iqmp, p, q 

271 """ 

272 

273 def get_public(self, data: memoryview): 

274 """RSA public fields""" 

275 e, data = _get_mpint(data) 

276 n, data = _get_mpint(data) 

277 return (e, n), data 

278 

279 def load_public( 

280 self, data: memoryview 

281 ) -> typing.Tuple[rsa.RSAPublicKey, memoryview]: 

282 """Make RSA public key from data.""" 

283 (e, n), data = self.get_public(data) 

284 public_numbers = rsa.RSAPublicNumbers(e, n) 

285 public_key = public_numbers.public_key() 

286 return public_key, data 

287 

288 def load_private( 

289 self, data: memoryview, pubfields 

290 ) -> typing.Tuple[rsa.RSAPrivateKey, memoryview]: 

291 """Make RSA private key from data.""" 

292 n, data = _get_mpint(data) 

293 e, data = _get_mpint(data) 

294 d, data = _get_mpint(data) 

295 iqmp, data = _get_mpint(data) 

296 p, data = _get_mpint(data) 

297 q, data = _get_mpint(data) 

298 

299 if (e, n) != pubfields: 

300 raise ValueError("Corrupt data: rsa field mismatch") 

301 dmp1 = rsa.rsa_crt_dmp1(d, p) 

302 dmq1 = rsa.rsa_crt_dmq1(d, q) 

303 public_numbers = rsa.RSAPublicNumbers(e, n) 

304 private_numbers = rsa.RSAPrivateNumbers( 

305 p, q, d, dmp1, dmq1, iqmp, public_numbers 

306 ) 

307 private_key = private_numbers.private_key() 

308 return private_key, data 

309 

310 def encode_public( 

311 self, public_key: rsa.RSAPublicKey, f_pub: _FragList 

312 ) -> None: 

313 """Write RSA public key""" 

314 pubn = public_key.public_numbers() 

315 f_pub.put_mpint(pubn.e) 

316 f_pub.put_mpint(pubn.n) 

317 

318 def encode_private( 

319 self, private_key: rsa.RSAPrivateKey, f_priv: _FragList 

320 ) -> None: 

321 """Write RSA private key""" 

322 private_numbers = private_key.private_numbers() 

323 public_numbers = private_numbers.public_numbers 

324 

325 f_priv.put_mpint(public_numbers.n) 

326 f_priv.put_mpint(public_numbers.e) 

327 

328 f_priv.put_mpint(private_numbers.d) 

329 f_priv.put_mpint(private_numbers.iqmp) 

330 f_priv.put_mpint(private_numbers.p) 

331 f_priv.put_mpint(private_numbers.q) 

332 

333 

334class _SSHFormatDSA: 

335 """Format for DSA keys. 

336 

337 Public: 

338 mpint p, q, g, y 

339 Private: 

340 mpint p, q, g, y, x 

341 """ 

342 

343 def get_public( 

344 self, data: memoryview 

345 ) -> typing.Tuple[typing.Tuple, memoryview]: 

346 """DSA public fields""" 

347 p, data = _get_mpint(data) 

348 q, data = _get_mpint(data) 

349 g, data = _get_mpint(data) 

350 y, data = _get_mpint(data) 

351 return (p, q, g, y), data 

352 

353 def load_public( 

354 self, data: memoryview 

355 ) -> typing.Tuple[dsa.DSAPublicKey, memoryview]: 

356 """Make DSA public key from data.""" 

357 (p, q, g, y), data = self.get_public(data) 

358 parameter_numbers = dsa.DSAParameterNumbers(p, q, g) 

359 public_numbers = dsa.DSAPublicNumbers(y, parameter_numbers) 

360 self._validate(public_numbers) 

361 public_key = public_numbers.public_key() 

362 return public_key, data 

363 

364 def load_private( 

365 self, data: memoryview, pubfields 

366 ) -> typing.Tuple[dsa.DSAPrivateKey, memoryview]: 

367 """Make DSA private key from data.""" 

368 (p, q, g, y), data = self.get_public(data) 

369 x, data = _get_mpint(data) 

370 

371 if (p, q, g, y) != pubfields: 

372 raise ValueError("Corrupt data: dsa field mismatch") 

373 parameter_numbers = dsa.DSAParameterNumbers(p, q, g) 

374 public_numbers = dsa.DSAPublicNumbers(y, parameter_numbers) 

375 self._validate(public_numbers) 

376 private_numbers = dsa.DSAPrivateNumbers(x, public_numbers) 

377 private_key = private_numbers.private_key() 

378 return private_key, data 

379 

380 def encode_public( 

381 self, public_key: dsa.DSAPublicKey, f_pub: _FragList 

382 ) -> None: 

383 """Write DSA public key""" 

384 public_numbers = public_key.public_numbers() 

385 parameter_numbers = public_numbers.parameter_numbers 

386 self._validate(public_numbers) 

387 

388 f_pub.put_mpint(parameter_numbers.p) 

389 f_pub.put_mpint(parameter_numbers.q) 

390 f_pub.put_mpint(parameter_numbers.g) 

391 f_pub.put_mpint(public_numbers.y) 

392 

393 def encode_private( 

394 self, private_key: dsa.DSAPrivateKey, f_priv: _FragList 

395 ) -> None: 

396 """Write DSA private key""" 

397 self.encode_public(private_key.public_key(), f_priv) 

398 f_priv.put_mpint(private_key.private_numbers().x) 

399 

400 def _validate(self, public_numbers: dsa.DSAPublicNumbers) -> None: 

401 parameter_numbers = public_numbers.parameter_numbers 

402 if parameter_numbers.p.bit_length() != 1024: 

403 raise ValueError("SSH supports only 1024 bit DSA keys") 

404 

405 

406class _SSHFormatECDSA: 

407 """Format for ECDSA keys. 

408 

409 Public: 

410 str curve 

411 bytes point 

412 Private: 

413 str curve 

414 bytes point 

415 mpint secret 

416 """ 

417 

418 def __init__(self, ssh_curve_name: bytes, curve: ec.EllipticCurve): 

419 self.ssh_curve_name = ssh_curve_name 

420 self.curve = curve 

421 

422 def get_public( 

423 self, data: memoryview 

424 ) -> typing.Tuple[typing.Tuple, memoryview]: 

425 """ECDSA public fields""" 

426 curve, data = _get_sshstr(data) 

427 point, data = _get_sshstr(data) 

428 if curve != self.ssh_curve_name: 

429 raise ValueError("Curve name mismatch") 

430 if point[0] != 4: 

431 raise NotImplementedError("Need uncompressed point") 

432 return (curve, point), data 

433 

434 def load_public( 

435 self, data: memoryview 

436 ) -> typing.Tuple[ec.EllipticCurvePublicKey, memoryview]: 

437 """Make ECDSA public key from data.""" 

438 (curve_name, point), data = self.get_public(data) 

439 public_key = ec.EllipticCurvePublicKey.from_encoded_point( 

440 self.curve, point.tobytes() 

441 ) 

442 return public_key, data 

443 

444 def load_private( 

445 self, data: memoryview, pubfields 

446 ) -> typing.Tuple[ec.EllipticCurvePrivateKey, memoryview]: 

447 """Make ECDSA private key from data.""" 

448 (curve_name, point), data = self.get_public(data) 

449 secret, data = _get_mpint(data) 

450 

451 if (curve_name, point) != pubfields: 

452 raise ValueError("Corrupt data: ecdsa field mismatch") 

453 private_key = ec.derive_private_key(secret, self.curve) 

454 return private_key, data 

455 

456 def encode_public( 

457 self, public_key: ec.EllipticCurvePublicKey, f_pub: _FragList 

458 ) -> None: 

459 """Write ECDSA public key""" 

460 point = public_key.public_bytes( 

461 Encoding.X962, PublicFormat.UncompressedPoint 

462 ) 

463 f_pub.put_sshstr(self.ssh_curve_name) 

464 f_pub.put_sshstr(point) 

465 

466 def encode_private( 

467 self, private_key: ec.EllipticCurvePrivateKey, f_priv: _FragList 

468 ) -> None: 

469 """Write ECDSA private key""" 

470 public_key = private_key.public_key() 

471 private_numbers = private_key.private_numbers() 

472 

473 self.encode_public(public_key, f_priv) 

474 f_priv.put_mpint(private_numbers.private_value) 

475 

476 

477class _SSHFormatEd25519: 

478 """Format for Ed25519 keys. 

479 

480 Public: 

481 bytes point 

482 Private: 

483 bytes point 

484 bytes secret_and_point 

485 """ 

486 

487 def get_public( 

488 self, data: memoryview 

489 ) -> typing.Tuple[typing.Tuple, memoryview]: 

490 """Ed25519 public fields""" 

491 point, data = _get_sshstr(data) 

492 return (point,), data 

493 

494 def load_public( 

495 self, data: memoryview 

496 ) -> typing.Tuple[ed25519.Ed25519PublicKey, memoryview]: 

497 """Make Ed25519 public key from data.""" 

498 (point,), data = self.get_public(data) 

499 public_key = ed25519.Ed25519PublicKey.from_public_bytes( 

500 point.tobytes() 

501 ) 

502 return public_key, data 

503 

504 def load_private( 

505 self, data: memoryview, pubfields 

506 ) -> typing.Tuple[ed25519.Ed25519PrivateKey, memoryview]: 

507 """Make Ed25519 private key from data.""" 

508 (point,), data = self.get_public(data) 

509 keypair, data = _get_sshstr(data) 

510 

511 secret = keypair[:32] 

512 point2 = keypair[32:] 

513 if point != point2 or (point,) != pubfields: 

514 raise ValueError("Corrupt data: ed25519 field mismatch") 

515 private_key = ed25519.Ed25519PrivateKey.from_private_bytes(secret) 

516 return private_key, data 

517 

518 def encode_public( 

519 self, public_key: ed25519.Ed25519PublicKey, f_pub: _FragList 

520 ) -> None: 

521 """Write Ed25519 public key""" 

522 raw_public_key = public_key.public_bytes( 

523 Encoding.Raw, PublicFormat.Raw 

524 ) 

525 f_pub.put_sshstr(raw_public_key) 

526 

527 def encode_private( 

528 self, private_key: ed25519.Ed25519PrivateKey, f_priv: _FragList 

529 ) -> None: 

530 """Write Ed25519 private key""" 

531 public_key = private_key.public_key() 

532 raw_private_key = private_key.private_bytes( 

533 Encoding.Raw, PrivateFormat.Raw, NoEncryption() 

534 ) 

535 raw_public_key = public_key.public_bytes( 

536 Encoding.Raw, PublicFormat.Raw 

537 ) 

538 f_keypair = _FragList([raw_private_key, raw_public_key]) 

539 

540 self.encode_public(public_key, f_priv) 

541 f_priv.put_sshstr(f_keypair) 

542 

543 

544_KEY_FORMATS = { 

545 _SSH_RSA: _SSHFormatRSA(), 

546 _SSH_DSA: _SSHFormatDSA(), 

547 _SSH_ED25519: _SSHFormatEd25519(), 

548 _ECDSA_NISTP256: _SSHFormatECDSA(b"nistp256", ec.SECP256R1()), 

549 _ECDSA_NISTP384: _SSHFormatECDSA(b"nistp384", ec.SECP384R1()), 

550 _ECDSA_NISTP521: _SSHFormatECDSA(b"nistp521", ec.SECP521R1()), 

551} 

552 

553 

554def _lookup_kformat(key_type: bytes): 

555 """Return valid format or throw error""" 

556 if not isinstance(key_type, bytes): 

557 key_type = memoryview(key_type).tobytes() 

558 if key_type in _KEY_FORMATS: 

559 return _KEY_FORMATS[key_type] 

560 raise UnsupportedAlgorithm(f"Unsupported key type: {key_type!r}") 

561 

562 

563SSHPrivateKeyTypes = typing.Union[ 

564 ec.EllipticCurvePrivateKey, 

565 rsa.RSAPrivateKey, 

566 dsa.DSAPrivateKey, 

567 ed25519.Ed25519PrivateKey, 

568] 

569 

570 

571def load_ssh_private_key( 

572 data: bytes, 

573 password: typing.Optional[bytes], 

574 backend: typing.Any = None, 

575) -> SSHPrivateKeyTypes: 

576 """Load private key from OpenSSH custom encoding.""" 

577 utils._check_byteslike("data", data) 

578 if password is not None: 

579 utils._check_bytes("password", password) 

580 

581 m = _PEM_RC.search(data) 

582 if not m: 

583 raise ValueError("Not OpenSSH private key format") 

584 p1 = m.start(1) 

585 p2 = m.end(1) 

586 data = binascii.a2b_base64(memoryview(data)[p1:p2]) 

587 if not data.startswith(_SK_MAGIC): 

588 raise ValueError("Not OpenSSH private key format") 

589 data = memoryview(data)[len(_SK_MAGIC) :] 

590 

591 # parse header 

592 ciphername, data = _get_sshstr(data) 

593 kdfname, data = _get_sshstr(data) 

594 kdfoptions, data = _get_sshstr(data) 

595 nkeys, data = _get_u32(data) 

596 if nkeys != 1: 

597 raise ValueError("Only one key supported") 

598 

599 # load public key data 

600 pubdata, data = _get_sshstr(data) 

601 pub_key_type, pubdata = _get_sshstr(pubdata) 

602 kformat = _lookup_kformat(pub_key_type) 

603 pubfields, pubdata = kformat.get_public(pubdata) 

604 _check_empty(pubdata) 

605 

606 # load secret data 

607 edata, data = _get_sshstr(data) 

608 _check_empty(data) 

609 

610 if (ciphername, kdfname) != (_NONE, _NONE): 

611 ciphername_bytes = ciphername.tobytes() 

612 if ciphername_bytes not in _SSH_CIPHERS: 

613 raise UnsupportedAlgorithm( 

614 f"Unsupported cipher: {ciphername_bytes!r}" 

615 ) 

616 if kdfname != _BCRYPT: 

617 raise UnsupportedAlgorithm(f"Unsupported KDF: {kdfname!r}") 

618 blklen = _SSH_CIPHERS[ciphername_bytes][3] 

619 _check_block_size(edata, blklen) 

620 salt, kbuf = _get_sshstr(kdfoptions) 

621 rounds, kbuf = _get_u32(kbuf) 

622 _check_empty(kbuf) 

623 ciph = _init_cipher(ciphername_bytes, password, salt.tobytes(), rounds) 

624 edata = memoryview(ciph.decryptor().update(edata)) 

625 else: 

626 blklen = 8 

627 _check_block_size(edata, blklen) 

628 ck1, edata = _get_u32(edata) 

629 ck2, edata = _get_u32(edata) 

630 if ck1 != ck2: 

631 raise ValueError("Corrupt data: broken checksum") 

632 

633 # load per-key struct 

634 key_type, edata = _get_sshstr(edata) 

635 if key_type != pub_key_type: 

636 raise ValueError("Corrupt data: key type mismatch") 

637 private_key, edata = kformat.load_private(edata, pubfields) 

638 comment, edata = _get_sshstr(edata) 

639 

640 # yes, SSH does padding check *after* all other parsing is done. 

641 # need to follow as it writes zero-byte padding too. 

642 if edata != _PADDING[: len(edata)]: 

643 raise ValueError("Corrupt data: invalid padding") 

644 

645 if isinstance(private_key, dsa.DSAPrivateKey): 

646 warnings.warn( 

647 "SSH DSA keys are deprecated and will be removed in a future " 

648 "release.", 

649 utils.DeprecatedIn40, 

650 stacklevel=2, 

651 ) 

652 

653 return private_key 

654 

655 

656def _serialize_ssh_private_key( 

657 private_key: SSHPrivateKeyTypes, 

658 password: bytes, 

659 encryption_algorithm: KeySerializationEncryption, 

660) -> bytes: 

661 """Serialize private key with OpenSSH custom encoding.""" 

662 utils._check_bytes("password", password) 

663 if isinstance(private_key, dsa.DSAPrivateKey): 

664 warnings.warn( 

665 "SSH DSA key support is deprecated and will be " 

666 "removed in a future release", 

667 utils.DeprecatedIn40, 

668 stacklevel=4, 

669 ) 

670 

671 key_type = _get_ssh_key_type(private_key) 

672 kformat = _lookup_kformat(key_type) 

673 

674 # setup parameters 

675 f_kdfoptions = _FragList() 

676 if password: 

677 ciphername = _DEFAULT_CIPHER 

678 blklen = _SSH_CIPHERS[ciphername][3] 

679 kdfname = _BCRYPT 

680 rounds = _DEFAULT_ROUNDS 

681 if ( 

682 isinstance(encryption_algorithm, _KeySerializationEncryption) 

683 and encryption_algorithm._kdf_rounds is not None 

684 ): 

685 rounds = encryption_algorithm._kdf_rounds 

686 salt = os.urandom(16) 

687 f_kdfoptions.put_sshstr(salt) 

688 f_kdfoptions.put_u32(rounds) 

689 ciph = _init_cipher(ciphername, password, salt, rounds) 

690 else: 

691 ciphername = kdfname = _NONE 

692 blklen = 8 

693 ciph = None 

694 nkeys = 1 

695 checkval = os.urandom(4) 

696 comment = b"" 

697 

698 # encode public and private parts together 

699 f_public_key = _FragList() 

700 f_public_key.put_sshstr(key_type) 

701 kformat.encode_public(private_key.public_key(), f_public_key) 

702 

703 f_secrets = _FragList([checkval, checkval]) 

704 f_secrets.put_sshstr(key_type) 

705 kformat.encode_private(private_key, f_secrets) 

706 f_secrets.put_sshstr(comment) 

707 f_secrets.put_raw(_PADDING[: blklen - (f_secrets.size() % blklen)]) 

708 

709 # top-level structure 

710 f_main = _FragList() 

711 f_main.put_raw(_SK_MAGIC) 

712 f_main.put_sshstr(ciphername) 

713 f_main.put_sshstr(kdfname) 

714 f_main.put_sshstr(f_kdfoptions) 

715 f_main.put_u32(nkeys) 

716 f_main.put_sshstr(f_public_key) 

717 f_main.put_sshstr(f_secrets) 

718 

719 # copy result info bytearray 

720 slen = f_secrets.size() 

721 mlen = f_main.size() 

722 buf = memoryview(bytearray(mlen + blklen)) 

723 f_main.render(buf) 

724 ofs = mlen - slen 

725 

726 # encrypt in-place 

727 if ciph is not None: 

728 ciph.encryptor().update_into(buf[ofs:mlen], buf[ofs:]) 

729 

730 return _ssh_pem_encode(buf[:mlen]) 

731 

732 

733SSHPublicKeyTypes = typing.Union[ 

734 ec.EllipticCurvePublicKey, 

735 rsa.RSAPublicKey, 

736 dsa.DSAPublicKey, 

737 ed25519.Ed25519PublicKey, 

738] 

739 

740SSHCertPublicKeyTypes = typing.Union[ 

741 ec.EllipticCurvePublicKey, 

742 rsa.RSAPublicKey, 

743 ed25519.Ed25519PublicKey, 

744] 

745 

746 

747class SSHCertificateType(enum.Enum): 

748 USER = 1 

749 HOST = 2 

750 

751 

752class SSHCertificate: 

753 def __init__( 

754 self, 

755 _nonce: memoryview, 

756 _public_key: SSHPublicKeyTypes, 

757 _serial: int, 

758 _cctype: int, 

759 _key_id: memoryview, 

760 _valid_principals: typing.List[bytes], 

761 _valid_after: int, 

762 _valid_before: int, 

763 _critical_options: typing.Dict[bytes, bytes], 

764 _extensions: typing.Dict[bytes, bytes], 

765 _sig_type: memoryview, 

766 _sig_key: memoryview, 

767 _inner_sig_type: memoryview, 

768 _signature: memoryview, 

769 _tbs_cert_body: memoryview, 

770 _cert_key_type: bytes, 

771 _cert_body: memoryview, 

772 ): 

773 self._nonce = _nonce 

774 self._public_key = _public_key 

775 self._serial = _serial 

776 try: 

777 self._type = SSHCertificateType(_cctype) 

778 except ValueError: 

779 raise ValueError("Invalid certificate type") 

780 self._key_id = _key_id 

781 self._valid_principals = _valid_principals 

782 self._valid_after = _valid_after 

783 self._valid_before = _valid_before 

784 self._critical_options = _critical_options 

785 self._extensions = _extensions 

786 self._sig_type = _sig_type 

787 self._sig_key = _sig_key 

788 self._inner_sig_type = _inner_sig_type 

789 self._signature = _signature 

790 self._cert_key_type = _cert_key_type 

791 self._cert_body = _cert_body 

792 self._tbs_cert_body = _tbs_cert_body 

793 

794 @property 

795 def nonce(self) -> bytes: 

796 return bytes(self._nonce) 

797 

798 def public_key(self) -> SSHCertPublicKeyTypes: 

799 # make mypy happy until we remove DSA support entirely and 

800 # the underlying union won't have a disallowed type 

801 return typing.cast(SSHCertPublicKeyTypes, self._public_key) 

802 

803 @property 

804 def serial(self) -> int: