o

�h�P�@s�UdZd
dl
mZmZ
d
dlZd
dlmZmZmZm	Z	m
Z

ddlmZm
Z
mZmZ
ddlmZmZmZ
ddlmZmZ
e
ed	fZeeeeegefZe	eeefZeeeegefZe	eefZeeeegefZ e	e e	ed
ffZ!e
d�
Z"e
d�
Z#e
d
�
Z$e
d�
Z%e
d�
Z&e
d�
Z'e
d�
Z(e
d�
Z)e
d�
Z*e
d�
Z+e
d�
Z,e
d�
Z-e
d�
Z.e
d�
Z/e
d�
Z0e
d�
Z1e
d�
Z2e
d�
Z3e
d�
Z4e
d�
Z5iZ6eeefe7d<iZ8eeefe7d <iZ9ee
efe7d!<iZ:ee	eefe
fe7d"<iZ;ee
efe7d#<iZ<eee
fe7d$<iZ=ee
e!fe7d%<iZ>eee
fe7d&<iZ?ee
efe7d'<iZ@eee
fe7d(<Gd)d*�d*eA�ZBGd+d	�d	�ZCd,ed-ed.ed/ed0ed1efd2d3�ZDd,ed-ed.ed/ed0ed4ed1efd5d6�ZEd7ed-ed,ed8ed1ef
d9d:�ZFd7ed-ed,ed8ed1ef
d;d<�ZGd=ed8ed>ed1efd?d@�ZHdAed-edBed1efdCdD�ZId7ed-ed1efdEdF�ZJdGedHed8ed1dfdIdJ�ZKdKedLedMe
dNed,ed8ed1dfdOdP�ZLdQedRe
dNed8ed1df
dSdT�ZMdUedVe
dNe dWed1df
dXdY�ZNdLedZe
d1dfd[d\�ZOd]edGed-ed1e	eeeffd^d_�ZPd]edHed`ed-ed1ef
dadb�ZQd]edKedLedced-ed1efddde�ZRdfed-ed1efdgdh�ZSdiZTdjdke"eFedjfdjdle#eFedjfdmdle(eGedmfdndle'eGednfdodle&eGedpfdqdle%eGedrffZUdse-eHdsfdte.eHdtfdue/eHdufdve+eHdvfdwe)eHdwfdje,eHdjfdne*eHdnffZVdxe0eIff
ZWdle1fdye2fdze3fd{e4fd|e5ffZXeTD]ZYeKeY�
�q�eUD]ZZeLeZ�
�q�eVD]Z[eMe[�
�q�eWD]Z\eNe\�
�q�eXD]Z]eOe]�
�q�dS)}z2Asymmetric key password based encryption functions�)�md5�sha1N)�Callable�Dict�Sequence�Tuple�Union�
)�ASN1DecodeError�ObjectIdentifier�
der_encode�
der_decode)�BasicCipher�get_cipher_params�pbkdf2_hmac)�
BytesOrStr�HashType�_RFC1423Pad.z1.2.840.113549.1.5.3z1.2.840.113549.1.5.10z1.2.840.113549.1.5.13z1.2.840.113549.1.12.1.1z1.2.840.113549.1.12.1.2z1.2.840.113549.1.12.1.3z1.2.840.113549.1.12.1.4z1.2.840.113533.7.66.10z1.2.840.113549.3.7z1.3.6.1.4.1.3029.1.2z1.3.14.3.2.7z2.16.840.1.101.3.4.1.2z2.16.840.1.101.3.4.1.22z2.16.840.1.101.3.4.1.42z1.2.840.113549.1.5.12z1.2.840.113549.2.7z1.2.840.113549.2.8z1.2.840.113549.2.9z1.2.840.113549.2.10z1.2.840.113549.2.11�
_pkcs1_cipher�_pkcs1_dek_name�_pkcs8_handler�_pkcs8_cipher_oid�
_pbes2_cipher�_pbes2_cipher_oid�
_pbes2_kdf�_pbes2_kdf_oid�
_pbes2_prf�_pbes2_prf_oidc
@seZ
dZd
ZdS)�KeyEncryptionErrorz�Key encryption error

       This exception is raised by key decryption functions when the data
       provided is not a valid encrypted private key.

    N)�__name__�
__module__�__qualname__�__doc__�r#r#�B/usr/local/CyberPanel/lib/python3.10/site-packages/asyncssh/pbe.pyrVs
rc@sNeZ
dZd
Zdedededefdd�Zded	efd
d�Zded	efdd
�Z	dS)ra9
RFC 1423 padding functions

       This class implements RFC 1423 padding for encryption and
       decryption of data by block ciphers. On encryption, the data is
       padded by between 1 and the cipher's block size number of bytes,
       with the padding value being equal to the length of the padding.

    �cipher_name�
block_size�key�ivcCst|
||�|_
||_dS)
N)r�_cipher�_block_size)�selfr%r&r'r(r#r#r$�__init__is

z_RFC1423Pad.__init__�data�returncCs2|jt
|
�
|j}|
|t|f
�
7}
|j�|
�
S)
zPad data before encrypting it)r*�len�bytesr)�encrypt�r+r-�padr#r#r$r1ns

z_RFC1423Pad.encryptcCsj|j�
|
�
}
|
r1|
d
}d|k
r|jk
r1n
td�
�
|
|d�|t|f
�
kr1|
d|�Std�
�
)z,Remove padding from data after decrypting it���r	NzUnable to decrypt key)r)�decryptr*r0rr2r#r#r$r5us

�
z_RFC1423Pad.decryptN)
rr r!r"�str�intr0r,r1r5r#r#r#r$r_s

	
�

��hash_alg�
passphrase�salt�count�key_sizer.c	Csnt|
t
�r
|
�d
�
}
|
|}t|�
D]}||�
��}qt|�
|k
r1|t|||
|||t|�
�S|d|�S)a�
PKCS#5 v1.5 key derivation function for password-based encryption

       This function implements the PKCS#5 v1.5 algorithm for deriving
       an encryption key from a passphrase and salt.

       The standard PBKDF1 function cannot generate more key bytes than
       the hash digest size, but 3DES uses a modified form of it which
       calls PBKDF1 recursively on the result to generate more key data.
       Support for this is implemented here.

    �utf-8N)�
isinstancer6�encode�range�digestr/�_pbkdf1)r8r9r:r;r<r'�
_r#r#r$rB�s







�rB�idxcCs
d
tdt
dtfdd�}|�j}|t|f
�
}t|
t�r |
�d�
}
t|||�||
d|��
}	d}
t|
�
|kr�||	}t|�
D]}||�
�	�}q>t
�
|||�d	�}
td
t|	�
|�D]$}t
�
|	|||�d	�|
dd|d>}|�|d	�|	|||�<qX|
|7}
t|
�
|ks6|
d
|�S)z�PKCS#12 key derivation function for password-based encryption

       This function implements the PKCS#12 algorithm for deriving an
       encryption key from a passphrase and salt.

    r-�
vr.cSs8t|�
}||
d
|
|
}||d
||d|�S)z9Make a block a multiple of v bytes long by repeating datar	N)
r/)r-rE�
l�sizer#r#r$�_make_block�s

z_pbkdf_p12.<locals>._make_blockzutf-16bes��bigr
r	�N)r0r7r&r>r6r?�	bytearrayr/r@rA�
from_bytes�to_bytes)r8r9r:r;r<rDrHrE�
D�
Ir'�
A�
i�
B�
xr#r#r$�
_pbkdf_p12�s$	








,

�rU�paramsr%cCs�t|t
�rt|�
d
kst|dt�rt|dt�std�
�
|\}}t|�
\}}}t||
||||�}	|	d|�|	|d�}	}
t|||	|
�S)aD
PKCS#5 v1.5 cipher selection function for password-based encryption

       This function implements the PKCS#5 v1.5 algorithm for password-based
       encryption. It returns a cipher object which can be used to encrypt
       or decrypt data based on the specified encryption parameters,
       passphrase, and salt.

    �r
r	z#Invalid PBES1 encryption parametersN)	r>�tupler/r0r7rrrBr)rVr9r8r%r:r;r<�iv_sizer&r'r(r#r#r$�_pbes1�s
��

rZcCs�t|t
�r#t|�
d
ks#t|dt�r#|dr#t|dt�r#|ddkr'td�
�
|\}}t|�
\}}}t||
|||d�}	|dkrGt||	d�}
|
St||
|||d
�}t	|||	|�}
|
S)a<
PKCS#12 cipher selection function for password-based encryption

       This function implements the PKCS#12 algorithm for password-based
       encryption. It returns a cipher object which can be used to encrypt
       or decrypt data based on the specified encryption parameters,
       passphrase, and salt.

    rWr
r	z+Invalid PBES1 PKCS#12 encryption parametersrI)
r>rXr/r0r7rrrUrr)rVr9r8r%r:r;r<rYr&r'�cipherr(r#r#r$�_pbe_p12�s$
�
��


�
r\�
enc_paramsr'cCsZt|
�
\}}}t
|�
d
kst|dt�std�
�
t
|d�
|kr$td�
�
t|
|||d�S)z�PKCS#5 v2.0 handler for PBES2 ciphers with an IV as a parameter

       This function returns the appropriate cipher object to use for
       PBES2 encryption for ciphers that have only an IV as an encryption
       parameter.

    r	r
�#Invalid PBES2 encryption parametersz&Invalid length IV for PBES2 encryption)rr/r>r0rr)r]r%r'rCrYr&r#r#r$�	_pbes2_iv�s	

r_�
kdf_params�default_key_sizecCs"
t|�
d
kst
|dt�rt|d�
dkrtd�
�
t|d�
}t
|dt�r-t
|d
t�s1td�
�
|�d�
}|�d�
}|rJt
|dt�rJ|�d�
}n|}|r}t
|dt�ryt|d�
dkryt
|ddt�ry|dd}|t	vrut	|}n
td�
�
td�
�
d}t
|
t
�r�|
�d�
}
t||
|||�S)	z�PKCS#5 v2.0 handler for PBKDF2 key derivation

       This function parses the PBKDF2 arguments from a PKCS#8 encrypted key
       and returns the encryption key to use for encryption.

    r	r
rWz'Invalid PBES2 key derivation parametersz$Unknown PBES2 pseudo-random functionz/Invalid PBES2 pseudo-random function parametersrr=)
r/r>rXr�listr0r7�poprrr6r?r)r`r9rar:r;r<�prf_alg�	hash_namer#r#r$�
_pbes2_pbkdf2
s4	


�





�





rfc
Cs�t|t
�r)t|�
d
ks)t|dt
�r)t|d�
dks)t|dt
�r)t|d�
dkr-td�
�
t|d�
}|�d�
}|tv
r@td�
�
t|d�
}|�d�
}|tv
rStd�
�
t|\}}t|\}}	t|	�
\}
}}|||
|
g|�
R�}|||	|�S)a=
PKCS#5 v2.0 cipher selection function for password-based encryption

       This function implements the PKCS#5 v2.0 algorithm for password-based
       encryption. It returns a cipher object which can be used to encrypt
       or decrypt data based on the specified encryption parameters and
       passphrase.

    rWr
r	r^z%Unknown PBES2 key derivation functionz"Unknown PBES2 encryption algorithm)	r>rXr/rrbrcrrr)
rVr9r`�kdf_algr]�enc_alg�kdf_handler�kdf_args�enc_handlerr%rarCr'r#r#r$�_pbes2B
s*

�

�










rl�pkcs1_cipher_name�pkcs1_dek_namecCs|t|
<|
t
|<d
S)z8Register a cipher used for PKCS#1 private key encryptionN)rr)rmrnr%r#r#r$�register_pkcs1_ciphere
s
ro�pkcs8_cipher_namere�pkcs8_cipher_oid�handlercCs|||ft|<|t
||
f<d
S)z8Register a cipher used for PKCS#8 private key encryptionN)rr)rprerqrrr8r%r#r#r$�register_pkcs8_cipherm
s
rs�pbes2_cipher_name�pbes2_cipher_oidcC�||ft|
<|
t
|<d
S)z%Register a PBES2 encryption algorithmN)rr)rtrurrr%r#r#r$�register_pbes2_cipherw
s
rw�kdf_name�kdf_oid�argscGrv)z(Register a PBES2 key derivation functionN)rr)rxryrrrzr#r#r$�register_pbes2_kdf�
s
r{�prf_oidcCs|t|
<|
t
|<d
S)z'Register a PBES2 pseudo-random functionN)rr)rer|r#r#r$�register_pbes2_prf�
s
r}r-cCsn|
tvr3t|
}t
|}t|�
\}}}t�|�
}tt||d
d�d|�}	t|||	|�}
|||
�|�
fSt	d�
�
)z�Encrypt PKCS#1 key data

       This function encrypts PKCS#1 key data using the specified cipher
       and passphrase. Available ciphers include:

           aes128-cbc, aes192-cbc, aes256-cbc, des-cbc, des3-cbc

    NrKr	�#Unknown PKCS#1 encryption algorithm)
rrr�os�urandomrBrrr1r)r-rmr9rnr%r<rYr&r(r'r[r#r#r$�
pkcs1_encrypt�
s





r�r(c
CsV|
tvr't|
}t
|�
\}}}tt||d
d�d|�}t||||�}	|	�|�
Std�
�
)z�Decrypt PKCS#1 key data

       This function decrypts PKCS#1 key data using the specified algorithm,
       initialization vector, and passphrase. The algorithm name and IV
       should be taken from the PEM DEK-Info header.

    NrKr	r~)rrrBrrr5r)
r-rnr(r9r%r<rCr&r'r[r#r#r$�
pkcs1_decrypt�
s





r��versioncCs
|d
kr(|
|ftvr(t|
|f}t
|\}}}|}	t�d�
df}
||
|||�}nS|dkrw|
tvrwt|
}t|\}
}t|�
\}
}}
t�d�
dg}t�|�
}||f}|dkrg|tvrc|�t|df�

nt	d�
�
t
}	tt|�
f|f}
t
|
|�}nt	d�
�
t|	|
f|�|�
f�
S)	aEncrypt PKCS#8 key data

       This function encrypts PKCS#8 key data using the specified cipher,
       hash, encryption version, and passphrase.

       Available ciphers include:

           aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc,
           des-cbc, des2-cbc, des3-cbc, rc4-40, and rc4-128

       Available hashes include:

           md5, sha1, sha256, sha384, sha512

       Available versions include 1 for PBES1 and 2 for PBES2.

       Only some combinations of cipher, hash, and version are supported.

    r	rKirWrNzUnknown PBES2 hash function�#Unknown PKCS#8 encryption algorithm)rrrr�rrrr�appendr�_ES2�_ES2_PBKDF2rXrlrr1)r-rprer�r9rqrrr8r%�algrVr[rurCrYr`r(r]r#r#r$�
pkcs8_encrypt�
s,














r��key_datac
	Cs�t|t
�rt|�
d
krtd�
�
|\}}t|t
�r#t|�
d
ks#t|t�s'td�
�
|\}}|tkr5t||
�}n|tvrHt|\}}}	|||
||	�}ntd�
�
zt|�	|�
�
WSt
tfyb


td�
d�w)z�Decrypt PKCS#8 key data

       This function decrypts key data in PKCS#8 EncryptedPrivateKeyInfo
       format using the specified passphrase.

    rWz#Invalid PKCS#8 encrypted key formatr�z!Invalid PKCS#8 encrypted key dataN)r>rXr/rr0r�rlrr
r5r
�UnicodeDecodeError)
r�r9�
alg_paramsr-r�rVr[rrr8r%r#r#r$�
pkcs8_decrypt�
s&

�







�r�))�
aes128-cbcsAES-128-CBCr�)�
aes192-cbcsAES-192-CBCr�)�
aes256-cbcsAES-256-CBCr�)�des-cbcsDES-CBCr�)�des3-cbcsDES-EDE3-CBCr�r�rrzdes2-cbcr�zrc4-40�	arcfour40zrc4-128�arcfourr�r�r�zblowfish-cbczcast128-cbc�pbkdf2�sha224�sha256�sha384�sha512)^r"�hashlibrrr�typingrrrrr�asn1r
rrr
�cryptorrr�miscrr�_Cipher�objectr6�_PKCS8CipherHandler�_PKCS8Cipherr0�_PBES2CipherHandler�_PBES2Cipherr7�_PBES2KDFHandler�	_PBES2KDF�_ES1_MD5_DES�
_ES1_SHA1_DESr��_P12_RC4_128�_P12_RC4_40�	_P12_DES3�	_P12_DES2�_ES2_CAST128�	_ES2_DES3�_ES2_BF�_ES2_DES�_ES2_AES128�_ES2_AES192�_ES2_AES256r��	_ES2_SHA1�_ES2_SHA224�_ES2_SHA256�_ES2_SHA384�_ES2_SHA512r�__annotations__rrrrrrrrr�
ValueErrorrrrBrUrZr\r_rfrlrorsrwr{r}r�r�r�r��_pkcs1_cipher_list�_pkcs8_cipher_list�_pbes2_cipher_list�_pbes2_kdf_list�_pbes2_prf_list�_pkcs1_cipher_args�_pkcs8_cipher_args�_pbes2_cipher_args�_pbes2_kdf_args�_pbes2_prf_argsr#r#r#r$�<module>
sJ


























	$
�
�

�
�
�
�

�(
�

�
�

�

�

�0
#
�

�

����
�

���
�


�
�

�

�

�
�

�
�
�

�5!	



�












��



�




�