tfw! LdZddlmZmZmZmZddlmZmZm Z ddl m Z GddeZ Gdde Z Gd d e ZGd d e Ze eGd dZe eGddZe eGddZe eGddZe eGddZe eGddZe eGddZe e GddZeeeeeeeedZdZdZd Zd!Zd"Zd#Zd$S)%z SSH key exchange handling. )sha1sha256sha384sha512) Attribute Interface implementer)errorc>eZdZdZedZedZdS)_IKexAlgorithmzB An L{_IKexAlgorithm} describes a key exchange algorithm. zAn L{int} giving the preference of the algorithm when negotiating key exchange. Algorithms with lower precedence values are more preferred.zqA callable hash algorithm constructor (e.g. C{hashlib.sha256}) suitable for use with this key exchange algorithm.N)__name__ __module__ __qualname____doc__r preference hashProcessorU/var/www/surfInsights/venv3-11/lib/python3.11/site-packages/twisted/conch/ssh/_kex.pyr r sH J I =MMMrr c>eZdZdZedZedZdS)_IFixedGroupKexAlgorithmzu An L{_IFixedGroupKexAlgorithm} describes a key exchange algorithm with a fixed prime / generator group. zdAn L{int} giving the prime number used in Diffie-Hellman key exchange, or L{None} if not applicable.zAn L{int} giving the generator number used in Diffie-Hellman key exchange, or L{None} if not applicable. (This is not related to Python generator functions.)N)r rrrrprime generatorrrrrr"sH I 2  E   'IIIrrceZdZdZdS)#_IEllipticCurveExchangeKexAlgorithmz An L{_IEllipticCurveExchangeKexAlgorithm} describes a key exchange algorithm that uses an elliptic curve exchange between the client and server. Nr rrrrrrrr4srrceZdZdZdS)_IGroupExchangeKexAlgorithmz An L{_IGroupExchangeKexAlgorithm} describes a key exchange algorithm that uses group exchange between the client and server. A prime / generator group should be chosen at run time based on the requested size. See RFC 4419. Nrrrrrr;srrceZdZdZdZeZdS)_Curve25519SHA256z Elliptic Curve Key Exchange using Curve25519 and SHA256. Defined in U{https://datatracker.ietf.org/doc/draft-ietf-curdle-ssh-curves/}. Nr rrrrrrrrrr r E$ JMMMrr ceZdZdZdZeZdS)_Curve25519SHA256LibSSHzN As L{_Curve25519SHA256}, but with a pre-standardized algorithm name. Nr"rrrr%r%Ps$JMMMrr%ceZdZdZdZeZdS)_ECDH256aX Elliptic Curve Key Exchange with SHA-256 as HASH. Defined in RFC 5656. Note that C{ecdh-sha2-nistp256} takes priority over nistp384 or nistp512. This is the same priority from OpenSSH. C{ecdh-sha2-nistp256} is considered preety good cryptography. If you need something better consider using C{curve25519-sha256}. Nr"rrrr(r(Zs$  JMMMrr(ceZdZdZdZeZdS)_ECDH384zT Elliptic Curve Key Exchange with SHA-384 as HASH. Defined in RFC 5656. N)r rrrrrrrrrr+r+kr#rr+ceZdZdZdZeZdS)_ECDH512zT Elliptic Curve Key Exchange with SHA-512 as HASH. Defined in RFC 5656. N)r rrrrrrrrrr.r.vr#rr.ceZdZdZdZeZdS)_DHGroupExchangeSHA256zc Diffie-Hellman Group and Key Exchange with SHA-256 as HASH. Defined in RFC 4419, 4.2. Nr"rrrr1r1r#rr1ceZdZdZdZeZdS)_DHGroupExchangeSHA1za Diffie-Hellman Group and Key Exchange with SHA-1 as HASH. Defined in RFC 4419, 4.1. N)r rrrrrrrrrr4r4s$ JMMMrr4c4eZdZdZdZeZedZdZ dS)_DHGroup14SHA1z Diffie-Hellman key exchange with SHA-1 as HASH and Oakley Group 14 (2048-bit MODP Group). Defined in RFC 4253, 8.2. i32317006071311007300338913926423828248817941241140239112842009751400741706634354222619689417363569347117901737909704191754605873209195028853758986185622153212175412514901774520270235796078236248884246189477587641105928646099411723245426622522193230540919037680524235519125679715870117001058055877651038861847280257976054903569732561526167081339361799541336476559160368317896729073178384589680639671900977202194168647225871031411336429319536193471636533209717077448227988588565369208645296636077250268955505928362751121174096972998068410554359584866583291642136218231078990999448652468262416972035911852507045361090559r&N) r rrrrrrintrrrrrr7r7sA JM C   EIIIrr7)curve25519-sha256scurve25519-sha256@libssh.orgs$diffie-hellman-group-exchange-sha256s"diffie-hellman-group-exchange-sha1sdiffie-hellman-group14-sha1secdh-sha2-nistp256secdh-sha2-nistp384secdh-sha2-nistp521c\|tvrtjd|t|S)aY Get a description of a named key exchange algorithm. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A description of the key exchange algorithm named by C{kexAlgorithm}. @rtype: L{_IKexAlgorithm} @raises ConchError: if the key exchange algorithm is not found. z$Unsupported key exchange algorithm: )_kexAlgorithmsr ConchError kexAlgorithms rgetKexrAs4>))TlTTUUU , ''rcPtt|S)a  Returns C{True} if C{kexAlgorithm} is an elliptic curve. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: C{str} @return: C{True} if C{kexAlgorithm} is an elliptic curve, otherwise C{False}. @rtype: C{bool} )r providedByrAr?s risEllipticCurverDs  / 9 9&:N:N O OOrcPtt|S)a+ Returns C{True} if C{kexAlgorithm} has a fixed prime / generator group. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: C{True} if C{kexAlgorithm} has a fixed prime / generator group, otherwise C{False}. @rtype: L{bool} )rrCrAr?s r isFixedGrouprFs  $ . .vl/C/C D DDrc.t|}|jS)a Get the hash algorithm callable to use in key exchange. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A callable hash algorithm constructor (e.g. C{hashlib.sha256}). @rtype: C{callable} )rArr@kexs rgetHashProcessorrJs   C  rc<t|}|j|jfS)z Get the generator and the prime to use in key exchange. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A L{tuple} containing L{int} generator and L{int} prime. @rtype: L{tuple} )rArrrHs rgetDHGeneratorAndPrimerLs    C =#) ##rcddlm}ddlm}ddlm}|}t tD]}| drE| dd}| | ||}n,| dr| }nd}|s|tfd  S) z Get a list of supported key exchange algorithm names in order of preference. @return: A C{list} of supported key exchange algorithm names. @rtype: C{list} of L{bytes} r)default_backend)ec) _curveTablesecdhsecdsar;Tc|jS)N)r)r@ kexAlgorithmss rz*getSupportedKeyExchanges..$s l0K0Vr)key)cryptography.hazmat.backendsrN)cryptography.hazmat.primitives.asymmetricrOtwisted.conch.ssh.keysrPr=copylist startswithreplace+elliptic_curve_exchange_algorithm_supportedECDHx25519_supportedpopsorted)rNrOrPbackend keyAlgorithmkeyAlgorithmDsa supportedrRs @rgetSupportedKeyExchangesres8=<<<<<<<<<<<222222oG"''))M]++ , ,  " "7 + + *227HEEOKK ;7II $ $%9 : : 0022III ,   l + + + VVVV   rN)rhashlibrrrrzope.interfacerrr twisted.conchr r rrrr r%r(r+r.r1r4r7r=rArDrFrJrLrerrrris  100000000000<<<<<<<<<<Y"~$..  01121  01121  011       21    01121  01121  ())*)  ())*)  %&&'&6,+--%<%<%>%>-C-C-E-E+?+?+A+A$2N$4$4#8::#8::#8::  ((($ P P P E E E    $ $ $r