U  W[@szdZddlmZmZddlmZmZmZmZddl m Z m Z m Z ddl mZddlmZGddde ZGd d d eZGd d d eZGd ddeZe eGdddeZe eGdddeZe eGdddeZe eGdddeZe eGdddeZe eGdddeZeeeeeedZddZddZd d!Zd"d#Z d$d%Z!d&d'Z"d(S))z SSH key exchange handling. )absolute_importdivision)sha1sha256sha384sha512) Attribute implementer Interface)error)longc@s eZdZdZedZedZdS)_IKexAlgorithmzB An L{_IKexAlgorithm} describes a key exchange algorithm. zAn L{int} giving the preference of the algorithm when negotiating key exchange. Algorithms with lower precedence values are more preferred.zqA callable hash algorithm constructor (e.g. C{hashlib.sha256}) suitable for use with this key exchange algorithm.N)__name__ __module__ __qualname____doc__r preference hashProcessorrr8/usr/lib/python3/dist-packages/twisted/conch/ssh/_kex.pyr sr c@s eZdZdZedZedZdS)_IFixedGroupKexAlgorithmzu An L{_IFixedGroupKexAlgorithm} describes a key exchange algorithm with a fixed prime / generator group. zdA L{long} giving the prime number used in Diffie-Hellman key exchange, or L{None} if not applicable.zA L{long} giving the generator number used in Diffie-Hellman key exchange, or L{None} if not applicable. (This is not related to Python generator functions.)N)rrrrrprime generatorrrrrr#src@seZdZdZdS)#_IEllipticCurveExchangeKexAlgorithmz An L{_IEllipticCurveExchangeKexAlgorithm} describes a key exchange algorithm that uses an elliptic curve exchange between the client and server. Nrrrrrrrrr4src@seZdZdZdS)_IGroupExchangeKexAlgorithmz An L{_IGroupExchangeKexAlgorithm} describes a key exchange algorithm that uses group exchange between the client and server. A prime / generator group should be chosen at run time based on the requested size. See RFC 4419. Nrrrrrr<src@seZdZdZdZeZdS)_ECDH256zT Elliptic Curve Key Exchange with SHA-256 as HASH. Defined in RFC 5656. NrrrrrrrrrrrrGsrc@seZdZdZdZeZdS)_ECDH384zT Elliptic Curve Key Exchange with SHA-384 as HASH. Defined in RFC 5656. N)rrrrrrrrrrrrRsrc@seZdZdZdZeZdS)_ECDH512zT Elliptic Curve Key Exchange with SHA-512 as HASH. Defined in RFC 5656. N)rrrrrrrrrrrr!]sr!c@seZdZdZdZeZdS)_DHGroupExchangeSHA256zc Diffie-Hellman Group and Key Exchange with SHA-256 as HASH. Defined in RFC 4419, 4.2. Nrrrrrr#hsr#c@seZdZdZdZeZdS)_DHGroupExchangeSHA1za Diffie-Hellman Group and Key Exchange with SHA-1 as HASH. Defined in RFC 4419, 4.1. N)rrrrrrrrrrrr%tsr%c@s$eZdZdZdZeZedZdZ dS)_DHGroup14SHA1z Diffie-Hellman key exchange with SHA-1 as HASH and Oakley Group 14 (2048-bit MODP Group). Defined in RFC 4253, 8.2. Ai32317006071311007300338913926423828248817941241140239112842009751400741706634354222619689417363569347117901737909704191754605873209195028853758986185622153212175412514901774520270235796078236248884246189477587641105928646099411723245426622522193230540919037680524235519125679715870117001058055877651038861847280257976054903569732561526167081339361799541336476559160368317896729073178384589680639671900977202194168647225871031411336429319536193471636533209717077448227988588565369208645296636077250268955505928362751121174096972998068410554359584866583291642136218231078990999448652468262416972035911852507045361090559r N) rrrrrrrr rrrrrrr's  r')s$diffie-hellman-group-exchange-sha256s"diffie-hellman-group-exchange-sha1sdiffie-hellman-group14-sha1secdh-sha2-nistp256secdh-sha2-nistp384secdh-sha2-nistp521cCs |tkrtd|ft|S)aY Get a description of a named key exchange algorithm. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A description of the key exchange algorithm named by C{kexAlgorithm}. @rtype: L{_IKexAlgorithm} @raises ConchError: if the key exchange algorithm is not found. z&Unsupported key exchange algorithm: %s)_kexAlgorithmsr Z ConchError kexAlgorithmrrrgetKexs r,cCstt|S)a  Returns C{True} if C{kexAlgorithm} is an elliptic curve. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: C{str} @return: C{True} if C{kexAlgorithm} is an elliptic curve, otherwise C{False}. @rtype: C{bool} )r providedByr,r*rrrisEllipticCurves r.cCstt|S)a+ Returns C{True} if C{kexAlgorithm} has a fixed prime / generator group. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: C{True} if C{kexAlgorithm} has a fixed prime / generator group, otherwise C{False}. @rtype: L{bool} )rr-r,r*rrr isFixedGroups r/cCst|}|jS)a Get the hash algorithm callable to use in key exchange. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A callable hash algorithm constructor (e.g. C{hashlib.sha256}). @rtype: C{callable} )r,rr+ZkexrrrgetHashProcessors r1cCst|}|j|jfS)z Get the generator and the prime to use in key exchange. @param kexAlgorithm: The key exchange algorithm name. @type kexAlgorithm: L{bytes} @return: A L{tuple} containing L{long} generator and L{long} prime. @rtype: L{tuple} )r,rrr0rrrgetDHGeneratorAndPrimes r2csddlm}ddlm}ddlm}|}ttD]<}| dr:| dd}| | ||}|s: |q:tfddd S) z Get a list of supported key exchange algorithm names in order of preference. @return: A C{list} of supported key exchange algorithm names. @rtype: C{list} of L{bytes} r)default_backend)ec) _curveTablesecdhsecdsacs |jS)N)rr*Z kexAlgorithmsrr z*getSupportedKeyExchanges..)key)Zcryptography.hazmat.backendsr3Z)cryptography.hazmat.primitives.asymmetricr4Ztwisted.conch.ssh.keysr5r)copylist startswithreplaceZ+elliptic_curve_exchange_algorithm_supportedZECDHpopsorted)r3r4r5ZbackendZ keyAlgorithmZkeyAlgorithmDsaZ supportedrr6rgetSupportedKeyExchangess$        r@N)#rZ __future__rrZhashlibrrrrZzope.interfacerr r Z twisted.conchr Ztwisted.python.compatr r rrrobjectrrr!r#r%r'r)r,r.r/r1r2r@rrrrsD