Vh" UdZddlmZddlmZmZmZmZddlm Z m Z ddl m Z m Z mZddlmZe rddlmZGdd e ZGd d e ZGd d eZGddeZGddeZeeGddZeeGddZeeGddZeeGddZeeGddZeeGddZeeGddZeeGd d!Zeeeeeeeed"Zd#e d$<d,d%Z!d-d&Z"d-d'Z#d.d(Z$d/d)Z%d0d*Z&y+)1z SSH key exchange handling. ) annotations)sha1sha256sha384sha512) TYPE_CHECKINGProtocol) Attribute Interface implementer)error)_HashceZdZdddZy) _HashFactorycyN)selfdatas F/home/dcms/DCMS/lib/python3.12/site-packages/twisted/conch/ssh/_kex.py__call__z_HashFactory.__call__s N).)rbytesreturnr)__name__ __module__ __qualname__rrrrrrs rrcFeZdZUdZedZded<edZded<y) _IKexAlgorithmzB An L{_IKexAlgorithm} describes a key exchange algorithm. zAn L{int} giving the preference of the algorithm when negotiating key exchange. Algorithms with lower precedence values are more preferred.int preferencezqA callable hash algorithm constructor (e.g. C{hashlib.sha256}) suitable for use with this key exchange algorithm.r hashProcessorN)rrr__doc__r r!__annotations__r"rrrrrs7  J #, =#M<rrc0eZdZdZedZedZy)_IFixedGroupKexAlgorithmzu An L{_IFixedGroupKexAlgorithm} describes a key exchange algorithm with a fixed prime / generator group. zdAn L{int} giving the prime number used in Diffie-Hellman key exchange, or L{None} if not applicable.zAn L{int} giving the generator number used in Diffie-Hellman key exchange, or L{None} if not applicable. (This is not related to Python generator functions.)N)rrrr#r prime generatorrrrr&r&-s)  2 E  'Irr&ceZdZdZy)#_IEllipticCurveExchangeKexAlgorithmz An L{_IEllipticCurveExchangeKexAlgorithm} describes a key exchange algorithm that uses an elliptic curve exchange between the client and server. Nrrrr#rrrr*r*?srr*ceZdZdZy)_IGroupExchangeKexAlgorithmz An L{_IGroupExchangeKexAlgorithm} describes a key exchange algorithm that uses group exchange between the client and server. A prime / generator group should be chosen at run time based on the requested size. See RFC 4419. Nr+rrrr-r-Fsrr-ceZdZdZdZeZy)_Curve25519SHA256z Elliptic Curve Key Exchange using Curve25519 and SHA256. Defined in U{https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-curves/}. Nrrrr#r!rr"rrrr/r/P JMrr/ceZdZdZdZeZy)_Curve25519SHA256LibSSHzN As L{_Curve25519SHA256}, but with a pre-standardized algorithm name. Nr1rrrr4r4[sJMrr4ceZdZdZdZeZy)_ECDH256aX Elliptic Curve Key Exchange with SHA-256 as HASH. Defined in RFC 5656. Note that C{ecdh-sha2-nistp256} takes priority over nistp384 or nistp512. This is the same priority from OpenSSH. C{ecdh-sha2-nistp256} is considered preety good cryptography. If you need something better consider using C{curve25519-sha256}. Nr1rrrr7r7es JMrr7ceZdZdZdZeZy)_ECDH384zT Elliptic Curve Key Exchange with SHA-384 as HASH. Defined in RFC 5656. N)rrrr#r!rr"rrrr:r:vr2rr:ceZdZdZdZeZy)_ECDH512zT Elliptic Curve Key Exchange with SHA-512 as HASH. Defined in RFC 5656. N)rrrr#r!rr"rrrr=r=r2rr=ceZdZdZdZeZy)_DHGroupExchangeSHA256zc Diffie-Hellman Group and Key Exchange with SHA-256 as HASH. Defined in RFC 4419, 4.2. Nr1rrrr@r@r2rr@ceZdZdZdZeZy)_DHGroupExchangeSHA1za Diffie-Hellman Group and Key Exchange with SHA-1 as HASH. Defined in RFC 4419, 4.1. N)rrrr#r!rr"rrrrCrCs JMrrCc,eZdZdZdZeZedZdZ y)_DHGroup14SHA1z Diffie-Hellman key exchange with SHA-1 as HASH and Oakley Group 14 (2048-bit MODP Group). Defined in RFC 4253, 8.2. i32317006071311007300338913926423828248817941241140239112842009751400741706634354222619689417363569347117901737909704191754605873209195028853758986185622153212175412514901774520270235796078236248884246189477587641105928646099411723245426622522193230540919037680524235519125679715870117001058055877651038861847280257976054903569732561526167081339361799541336476559160368317896729073178384589680639671900977202194168647225871031411336429319536193471636533209717077448227988588565369208645296636077250268955505928362751121174096972998068410554359584866583291642136218231078990999448652468262416972035911852507045361090559r5N) rrrr#r!rr"r r'r(rrrrFrFs) JM   EIrrF)curve25519-sha256scurve25519-sha256@libssh.orgs$diffie-hellman-group-exchange-sha256s"diffie-hellman-group-exchange-sha1sdiffie-hellman-group14-sha1secdh-sha2-nistp256secdh-sha2-nistp384secdh-sha2-nistp521zdict[bytes, _IKexAlgorithm]_kexAlgorithmscT|tvrtjd|t|S)aY Get a description of a named key exchange algorithm. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A description of the key exchange algorithm named by C{kexAlgorithm}. @rtype: L{_IKexAlgorithm} @raises ConchError: if the key exchange algorithm is not found. z$Unsupported key exchange algorithm: )rJr ConchError kexAlgorithms rgetKexrOs1>)!ElEUVWW , ''rc>tjt|S)z Returns C{True} if C{kexAlgorithm} is an elliptic curve. @param kexAlgorithm: The key exchange algorithm name. @return: C{True} if C{kexAlgorithm} is an elliptic curve, otherwise C{False}. )r* providedByrOrMs risEllipticCurverRs / 9 9&:N OOrc>tjt|S)z Returns C{True} if C{kexAlgorithm} has a fixed prime / generator group. @param kexAlgorithm: The key exchange algorithm name. @return: C{True} if C{kexAlgorithm} has a fixed prime / generator group, otherwise C{False}. )r&rQrOrMs r isFixedGrouprTs $ . .vl/C DDrc0t|}|jS)z Get the hash algorithm callable to use in key exchange. @param kexAlgorithm: The key exchange algorithm name. @return: A callable hash algorithm constructor (e.g. C{hashlib.sha256}). )rOr"rNkexs rgetHashProcessorrXs  C   rcZtt|}|j|jfS)z Get the generator and the prime to use in key exchange. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A L{tuple} containing L{int} generator and L{int} prime. @rtype: L{tuple} )r&rOr(r'rVs rgetDHGeneratorAndPrimerZs& #6,#7 8C ==#)) ##rcddlm}ddlm}ddlm}|}t jtD]}|jdr6|jdd}|j|j||}n$|jdr|j}nd}|rqj|tfd  S) z Get a list of supported key exchange algorithm names in order of preference. @return: A C{list} of supported key exchange algorithm names. r)default_backend)ec) _curveTablesecdhsecdsarITc"|jSr)r!)rN kexAlgorithmss rz*getSupportedKeyExchanges..(s l0K0V0Vr)key)cryptography.hazmat.backendsr\)cryptography.hazmat.primitives.asymmetricr]twisted.conch.ssh.keysr^rJcopylist startswithreplace+elliptic_curve_exchange_algorithm_supportedECDHx25519_supportedpopsorted)r\r]r^backend keyAlgorithmkeyAlgorithmDsa supportedr`s @rgetSupportedKeyExchangesrs s=<2G"'')M]+ ,  " "7 +*227HEOKK ;7I $ $%9 :002II   l + , V rN)rNrrr)rNrrbool)rNrrr)rNrrztuple[int, int])rz list[bytes])'r# __future__rhashlibrrrrtypingrr zope.interfacer r r twisted.conchr rrrr&r*r-r/r4r7r:r=r@rCrFrJr$rOrRrTrXrZrsrrrrzs #00*<< 8 Y"~$.. 012 012 01  2   012 012 ()* ()* %&'6,-%<%>-C-E+?+A$2$4#:#:#: /+ ($ P E  $r