__pycache__/__init__.cpython-39.opt-1.pyc000064400000007176151116031670014117 0ustar00a Me@sUddlmZmZmZmZmZddlZddlm Z ddl m Z ddl m Z ddlmZejdrddlmZmZdd lmZmZdd lmZmZdd lmZmZmZmZm Z d Z!nd Z!eee"ej#j$fZ%iZ&eee e%fee fe'd<e!rje&(e j)dfee j*dfee j+dfee j,dfee j-dfee j.dfee j/dfe e j0dfee j1dfee j2dfee j3dfei dee4e5fe%ee dddZ6eee dddZ7dee4e5fee eeej#j$e5fee"ddddZ8dS))DictOptionalTupleTypeUnionN)GenericPrivateKey) Algorithm)UnsupportedAlgorithm)DNSKEYZdnssec) PrivateDSAPrivateDSANSEC3SHA1)PrivateECDSAP256SHA256PrivateECDSAP384SHA384) PrivateED448PrivateED25519) PrivateRSAMD5PrivateRSASHA1PrivateRSASHA1NSEC3SHA1PrivateRSASHA256PrivateRSASHA512TF algorithms) algorithmprefixreturncCs6t|}t||f}|r |Stdt|dS)zGet Private Key class from Algorithm. *algorithm*, a ``str`` or ``int`` specifying the DNSKEY algorithm. Raises ``UnsupportedAlgorithm`` if the algorithm is unknown. Returns a ``dns.dnssecalgs.GenericPrivateKey`` z)algorithm "%s" not supported by dnspythonN)rmakergetr Zto_text)rrclsr;/usr/lib/python3.9/site-packages/dns/dnssecalgs/__init__.pyget_algorithm_cls.s  r)dnskeyrcCs^d}|jtjkr&tj|jd\}}n,|jtjkrRt|jd}|jd|d}t |j|S)zGet Private Key class from DNSKEY. *dnskey*, a ``DNSKEY`` to get Algorithm class for. Raises ``UnsupportedAlgorithm`` if the algorithm is unknown. Returns a ``dns.dnssecalgs.GenericPrivateKey`` Nr) rr PRIVATEDNSdnsnameZ from_wirekey PRIVATEOIDintr)r r_lengthrrrget_algorithm_cls_from_dnskeyBs   r*)r algorithm_clsr$oidrcCst|tstdt|}d}|tjkrV|dur:tdt|trPt j |}|}nH|tj kr|durptdt t|g|}n|rtdn |rtd|t||f<dS)aRegister Algorithm Private Key class. *algorithm*, a ``str`` or ``int`` specifying the DNSKEY algorithm. *algorithm_cls*: A `GenericPrivateKey` class. *name*, an optional ``dns.name.Name`` or ``str``, for for PRIVATEDNS algorithms. *oid*: an optional BER-encoded `bytes` for PRIVATEOID algorithms. Raises ``ValueError`` if a name or oid is specified incorrectly. zInvalid algorithm classNz'Name required for PRIVATEDNS algorithmsz&OID required for PRIVATEOID algorithmsz,Name only supported for PRIVATEDNS algorithmz+OID only supported for PRIVATEOID algorithm) issubclassr TypeErrorrrr" ValueError isinstancestrr#r$Z from_textr&byteslenr)rr+r$r,rrrrregister_algorithm_clsTs&       r4)N)NN)9typingrrrrrZdns.namer#Zdns.dnssecalgs.baserZdns.dnssectypesrZ dns.exceptionr Zdns.rdtypes.ANY.DNSKEYr Z _featuresZhaveZdns.dnssecalgs.dsar r Zdns.dnssecalgs.ecdsar rZdns.dnssecalgs.eddsarrZdns.dnssecalgs.rsarrrrrZ_have_cryptographyr2r$NameZAlgorithmPrefixr__annotations__updateZRSAMD5ZDSAZRSASHA1Z DSANSEC3SHA1ZRSASHA1NSEC3SHA1Z RSASHA256Z RSASHA512ZECDSAP256SHA256ZECDSAP384SHA384ZED25519ZED448r'r1rr*r4rrrrsX                    __pycache__/__init__.cpython-39.pyc000064400000007176151116031670013160 0ustar00a Me@sUddlmZmZmZmZmZddlZddlm Z ddl m Z ddl m Z ddlmZejdrddlmZmZdd lmZmZdd lmZmZdd lmZmZmZmZm Z d Z!nd Z!eee"ej#j$fZ%iZ&eee e%fee fe'd<e!rje&(e j)dfee j*dfee j+dfee j,dfee j-dfee j.dfee j/dfe e j0dfee j1dfee j2dfee j3dfei dee4e5fe%ee dddZ6eee dddZ7dee4e5fee eeej#j$e5fee"ddddZ8dS))DictOptionalTupleTypeUnionN)GenericPrivateKey) Algorithm)UnsupportedAlgorithm)DNSKEYZdnssec) PrivateDSAPrivateDSANSEC3SHA1)PrivateECDSAP256SHA256PrivateECDSAP384SHA384) PrivateED448PrivateED25519) PrivateRSAMD5PrivateRSASHA1PrivateRSASHA1NSEC3SHA1PrivateRSASHA256PrivateRSASHA512TF algorithms) algorithmprefixreturncCs6t|}t||f}|r |Stdt|dS)zGet Private Key class from Algorithm. *algorithm*, a ``str`` or ``int`` specifying the DNSKEY algorithm. Raises ``UnsupportedAlgorithm`` if the algorithm is unknown. Returns a ``dns.dnssecalgs.GenericPrivateKey`` z)algorithm "%s" not supported by dnspythonN)rmakergetr Zto_text)rrclsr;/usr/lib/python3.9/site-packages/dns/dnssecalgs/__init__.pyget_algorithm_cls.s  r)dnskeyrcCs^d}|jtjkr&tj|jd\}}n,|jtjkrRt|jd}|jd|d}t |j|S)zGet Private Key class from DNSKEY. *dnskey*, a ``DNSKEY`` to get Algorithm class for. Raises ``UnsupportedAlgorithm`` if the algorithm is unknown. Returns a ``dns.dnssecalgs.GenericPrivateKey`` Nr) rr PRIVATEDNSdnsnameZ from_wirekey PRIVATEOIDintr)r r_lengthrrrget_algorithm_cls_from_dnskeyBs   r*)r algorithm_clsr$oidrcCst|tstdt|}d}|tjkrV|dur:tdt|trPt j |}|}nH|tj kr|durptdt t|g|}n|rtdn |rtd|t||f<dS)aRegister Algorithm Private Key class. *algorithm*, a ``str`` or ``int`` specifying the DNSKEY algorithm. *algorithm_cls*: A `GenericPrivateKey` class. *name*, an optional ``dns.name.Name`` or ``str``, for for PRIVATEDNS algorithms. *oid*: an optional BER-encoded `bytes` for PRIVATEOID algorithms. Raises ``ValueError`` if a name or oid is specified incorrectly. zInvalid algorithm classNz'Name required for PRIVATEDNS algorithmsz&OID required for PRIVATEOID algorithmsz,Name only supported for PRIVATEDNS algorithmz+OID only supported for PRIVATEOID algorithm) issubclassr TypeErrorrrr" ValueError isinstancestrr#r$Z from_textr&byteslenr)rr+r$r,rrrrregister_algorithm_clsTs&       r4)N)NN)9typingrrrrrZdns.namer#Zdns.dnssecalgs.baserZdns.dnssectypesrZ dns.exceptionr Zdns.rdtypes.ANY.DNSKEYr Z _featuresZhaveZdns.dnssecalgs.dsar r Zdns.dnssecalgs.ecdsar rZdns.dnssecalgs.eddsarrZdns.dnssecalgs.rsarrrrrZ_have_cryptographyr2r$NameZAlgorithmPrefixr__annotations__updateZRSAMD5ZDSAZRSASHA1Z DSANSEC3SHA1ZRSASHA1NSEC3SHA1Z RSASHA256Z RSASHA512ZECDSAP256SHA256ZECDSAP384SHA384ZED25519ZED448r'r1rr*r4rrrrsX                    __pycache__/base.cpython-39.opt-1.pyc000064400000007253151116031670013266 0ustar00a Me @sddlmZmZddlmZmZmZddlZddl Zddl m Z ddl m Z ddlmZddlmZGdd d eZGd d d eZdS) )ABCabstractmethod)AnyOptionalTypeN) Algorithm)AlgorithmKeyMismatch)DNSKEY)Flagc@seZdZUeed<eeddddZeeeddddZ eed d d Z e e ddd d Z ejdfeee dddZe ee ddddZe eeddddZeed ddZdS)GenericPublicKey algorithmNkeyreturncCsdSNselfrrr7/usr/lib/python3.9/site-packages/dns/dnssecalgs/base.py__init__szGenericPublicKey.__init__) signaturedatarcCsdS)zVerify signed DNSSEC dataNr)rrrrrrverifyszGenericPublicKey.verifyrcCsdS)zEncode key as bytes for DNSKEYNrrrrrencode_key_bytessz!GenericPublicKey.encode_key_bytescCs|j|jkrtdSr)r rclsrrrr!_ensure_algorithm_key_combinations z2GenericPublicKey._ensure_algorithm_key_combination)flagsprotocolrcCs"ttjjtjj|||j|dS)zReturn public key as DNSKEY)ZrdclassZrdtyper r!r r)r dnsZ rdataclassINZ rdatatyper r)rr r!rrr to_dnskey szGenericPublicKey.to_dnskeycCsdS)zCreate public key from DNSKEYNrrrrr from_dnskey+szGenericPublicKey.from_dnskey) public_pemrcCsdS)zXCreate public key from PEM-encoded SubjectPublicKeyInfo as specified in RFC 5280Nr)rr&rrrfrom_pem0szGenericPublicKey.from_pemcCsdS)zVReturn public-key as PEM-encoded SubjectPublicKeyInfo as specified in RFC 5280Nrrrrrto_pem6szGenericPublicKey.to_pem)__name__ __module__ __qualname__r__annotations__rrrbytesrr classmethodr rr ZZONEintr$r%r'r(rrrrr s$  r c@seZdZUeeed<eeddddZede e e ddd Z ed d d d Z e ede ee ddddZedee e dddZdS)GenericPrivateKeyZ public_clsNr cCsdSrrrrrrr?szGenericPrivateKey.__init__F)rrrcCsdS)zSign DNSSEC dataNr)rrrrrrsignCszGenericPrivateKey.signr rcCsdS)zReturn public key instanceNrrrrr public_keyGszGenericPrivateKey.public_key) private_pempasswordrcCsdS)z*Create private key from PEM-encoded PKCS#8Nr)rr3r4rrrr'KszGenericPrivateKey.from_pem)r4rcCsdS)z(Return private key as PEM-encoded PKCS#8Nr)rr4rrrr(RszGenericPrivateKey.to_pem)F)N)N)r)r*r+rr r,rrrr-boolr1r2r.rr'r(rrrrr0<s  r0)abcrrtypingrrrZdns.rdataclassr"Z dns.rdatatypeZdns.dnssectypesrZ dns.exceptionrZdns.rdtypes.ANY.DNSKEYr Zdns.rdtypes.dnskeybaser r r0rrrrs    0__pycache__/base.cpython-39.pyc000064400000007253151116031670012327 0ustar00a Me @sddlmZmZddlmZmZmZddlZddl Zddl m Z ddl m Z ddlmZddlmZGdd d eZGd d d eZdS) )ABCabstractmethod)AnyOptionalTypeN) Algorithm)AlgorithmKeyMismatch)DNSKEY)Flagc@seZdZUeed<eeddddZeeeddddZ eed d d Z e e ddd d Z ejdfeee dddZe ee ddddZe eeddddZeed ddZdS)GenericPublicKey algorithmNkeyreturncCsdSNselfrrr7/usr/lib/python3.9/site-packages/dns/dnssecalgs/base.py__init__szGenericPublicKey.__init__) signaturedatarcCsdS)zVerify signed DNSSEC dataNr)rrrrrrverifyszGenericPublicKey.verifyrcCsdS)zEncode key as bytes for DNSKEYNrrrrrencode_key_bytessz!GenericPublicKey.encode_key_bytescCs|j|jkrtdSr)r rclsrrrr!_ensure_algorithm_key_combinations z2GenericPublicKey._ensure_algorithm_key_combination)flagsprotocolrcCs"ttjjtjj|||j|dS)zReturn public key as DNSKEY)ZrdclassZrdtyper r!r r)r dnsZ rdataclassINZ rdatatyper r)rr r!rrr to_dnskey szGenericPublicKey.to_dnskeycCsdS)zCreate public key from DNSKEYNrrrrr from_dnskey+szGenericPublicKey.from_dnskey) public_pemrcCsdS)zXCreate public key from PEM-encoded SubjectPublicKeyInfo as specified in RFC 5280Nr)rr&rrrfrom_pem0szGenericPublicKey.from_pemcCsdS)zVReturn public-key as PEM-encoded SubjectPublicKeyInfo as specified in RFC 5280Nrrrrrto_pem6szGenericPublicKey.to_pem)__name__ __module__ __qualname__r__annotations__rrrbytesrr classmethodr rr ZZONEintr$r%r'r(rrrrr s$  r c@seZdZUeeed<eeddddZede e e ddd Z ed d d d Z e ede ee ddddZedee e dddZdS)GenericPrivateKeyZ public_clsNr cCsdSrrrrrrr?szGenericPrivateKey.__init__F)rrrcCsdS)zSign DNSSEC dataNr)rrrrrrsignCszGenericPrivateKey.signr rcCsdS)zReturn public key instanceNrrrrr public_keyGszGenericPrivateKey.public_key) private_pempasswordrcCsdS)z*Create private key from PEM-encoded PKCS#8Nr)rr3r4rrrr'KszGenericPrivateKey.from_pem)r4rcCsdS)z(Return private key as PEM-encoded PKCS#8Nr)rr4rrrr(RszGenericPrivateKey.to_pem)F)N)N)r)r*r+rr r,rrrr-boolr1r2r.rr'r(rrrrr0<s  r0)abcrrtypingrrrZdns.rdataclassr"Z dns.rdatatypeZdns.dnssectypesrZ dns.exceptionrZdns.rdtypes.ANY.DNSKEYr Zdns.rdtypes.dnskeybaser r r0rrrrs    0__pycache__/cryptography.cpython-39.opt-1.pyc000064400000005234151116031670015104 0ustar00a Mey @s`ddlmZmZmZddlmZddlmZmZddl m Z GdddeZ GdddeZ d S) )AnyOptionalType) serialization)GenericPrivateKeyGenericPublicKey)AlgorithmKeyMismatchc@sXeZdZUdZeed<dZeed<eddddZee ddd d Z e d d d Z dS)CryptographyPublicKeyNkeykey_clsr returncCs,|jdurtdt||js"t||_dSNzUndefined private key classr TypeError isinstancerr selfr r?/usr/lib/python3.9/site-packages/dns/dnssecalgs/cryptography.py__init__ s zCryptographyPublicKey.__init__r) public_pemr cCst|}||dSNr )rZload_pem_public_key)clsrr rrrfrom_pems zCryptographyPublicKey.from_pemr cCs|jjtjjtjjdS)N)encodingformat)r Z public_bytesrEncodingPEMZ PublicFormatZSubjectPublicKeyInforrrrto_pemszCryptographyPublicKey.to_pem) __name__ __module__ __qualname__r r__annotations__r r classmethodbytesrr"rrrrr s    r c@seZdZUdZeed<dZeed<eeed<eddddZ dd d d Z e de e e d d ddZde e e dddZdS)CryptographyPrivateKeyNr r public_clsr cCs,|jdurtdt||js"t||_dSrrrrrrr's zCryptographyPrivateKey.__init__r rcCs|j|jdSr)r*r public_keyr!rrrr+0sz!CryptographyPrivateKey.public_keyr) private_pempasswordr cCstj||d}||dS)N)r-r)rZload_pem_private_key)rr,r-r rrrr3szCryptographyPrivateKey.from_pem)r-r cCs2|rt|}nt}|jjtjjtjj|dS)N)rrencryption_algorithm) rZBestAvailableEncryptionZ NoEncryptionr Z private_bytesrr Z PrivateFormatZPKCS8)rr-r.rrrr":s zCryptographyPrivateKey.to_pem)N)N)r#r$r%r rr&r rr rr+r'r(rrr"rrrrr)"s     r)N) typingrrrZcryptography.hazmat.primitivesrZdns.dnssecalgs.baserrZ dns.exceptionrr r)rrrrs   __pycache__/cryptography.cpython-39.pyc000064400000005234151116031670014145 0ustar00a Mey @s`ddlmZmZmZddlmZddlmZmZddl m Z GdddeZ GdddeZ d S) )AnyOptionalType) serialization)GenericPrivateKeyGenericPublicKey)AlgorithmKeyMismatchc@sXeZdZUdZeed<dZeed<eddddZee ddd d Z e d d d Z dS)CryptographyPublicKeyNkeykey_clsr returncCs,|jdurtdt||js"t||_dSNzUndefined private key classr TypeError isinstancerr selfr r?/usr/lib/python3.9/site-packages/dns/dnssecalgs/cryptography.py__init__ s zCryptographyPublicKey.__init__r) public_pemr cCst|}||dSNr )rZload_pem_public_key)clsrr rrrfrom_pems zCryptographyPublicKey.from_pemr cCs|jjtjjtjjdS)N)encodingformat)r Z public_bytesrEncodingPEMZ PublicFormatZSubjectPublicKeyInforrrrto_pemszCryptographyPublicKey.to_pem) __name__ __module__ __qualname__r r__annotations__r r classmethodbytesrr"rrrrr s    r c@seZdZUdZeed<dZeed<eeed<eddddZ dd d d Z e de e e d d ddZde e e dddZdS)CryptographyPrivateKeyNr r public_clsr cCs,|jdurtdt||js"t||_dSrrrrrrr's zCryptographyPrivateKey.__init__r rcCs|j|jdSr)r*r public_keyr!rrrr+0sz!CryptographyPrivateKey.public_keyr) private_pempasswordr cCstj||d}||dS)N)r-r)rZload_pem_private_key)rr,r-r rrrr3szCryptographyPrivateKey.from_pem)r-r cCs2|rt|}nt}|jjtjjtjj|dS)N)rrencryption_algorithm) rZBestAvailableEncryptionZ NoEncryptionr Z private_bytesrr Z PrivateFormatZPKCS8)rr-r.rrrr":s zCryptographyPrivateKey.to_pem)N)N)r#r$r%r rr&r rr rr+r'r(rrr"rrrrr)"s     r)N) typingrrrZcryptography.hazmat.primitivesrZdns.dnssecalgs.baserrZ dns.exceptionrr r)rrrrs   __pycache__/dsa.cpython-39.opt-1.pyc000064400000007263151116031670013124 0ustar00a Me @sddlZddlmZddlmZddlmZmZddlm Z m Z ddl m Z ddl mZGdd d e ZGd d d e ZGd d d eZGdddeZdS)N)default_backend)hashes)dsautils)CryptographyPrivateKeyCryptographyPublicKey) Algorithm)DNSKEYc@s`eZdZUejed<ejZejZ e Z e e ddddZe dddZeedd d d ZdS) PublicDSAkeyN) signaturedatareturncCsJ|dd}|dd}tt|dt|d}|j|||jdS)Nbig)rZencode_dss_signatureint from_bytesr verify chosen_hash)selfr r Zsig_rZsig_sZsigr6/usr/lib/python3.9/site-packages/dns/dnssecalgs/dsa.pyrs   zPublicDSA.verify)rcCs|j}|jjddd}|dkr.tdd|d}td|}||jjdd7}||jj |d7}||jj |d7}||j |d7}|S)z,Encode a public key per RFC 2536, section 2.@zunsupported DSA key size!Br) r Zpublic_numberskey_size ValueErrorstructpackZparameter_numbersqto_bytespgy)rZpndsa_toctetsresrrrencode_key_bytess   zPublicDSA.encode_key_bytes)r rc Cs|||j}td|dd\}|dd}d|d}|dd}|dd}|d|}||d}|d|}||d}|d|}|tt|dtt|dt|dt|d t dS) Nrrrrrrrr ) Z!_ensure_algorithm_key_combinationr runpackrZDSAPublicNumbersrrZDSAParameterNumbers public_keyr) clsr Zkeyptrtr'Zdsa_qZdsa_pZdsa_gZdsa_yrrr from_dnskey(s0              zPublicDSA.from_dnskey)__name__ __module__ __qualname__rZ DSAPublicKey__annotations__key_clsrZDSA algorithmrZSHA1rbytesrr) classmethodr r/rrrrr s  r c@sJeZdZUejed<ejZeZd e e e dddZ e e ddddZd S) PrivateDSAr F)r rrc Cs|j}|jdkrtd|j||jj}t|\}}|jddd}d}t d|t j ||ddt j ||dd} |r| | || S) z1Sign using a private key per RFC 2536, section 3.izDSA key size overflowrrrrr)length byteorder)r r,rrsign public_clsrrZdecode_dss_signaturerr rr"r) rr rZpublic_dsa_keyZ der_signatureZdsa_rZdsa_sr&r'r rrrr;Gs    zPrivateDSA.sign)rrcCs|tj|ddS)N)rr*)rZgenerate_private_key)r-rrrrgenerateYs zPrivateDSA.generateN)F)r0r1r2rZ DSAPrivateKeyr3r4r r<r6boolr;r7rr=rrrrr8Bs  r8c@seZdZejZdS)PublicDSANSEC3SHA1N)r0r1r2rZ DSANSEC3SHA1r5rrrrr?`sr?c@seZdZeZdS)PrivateDSANSEC3SHA1N)r0r1r2r?r<rrrrr@dsr@)rZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrrZdns.dnssecalgs.cryptographyrrZdns.dnssectypesrZdns.rdtypes.ANY.DNSKEYr r r8r?r@rrrrs    6__pycache__/dsa.cpython-39.pyc000064400000007263151116031670012165 0ustar00a Me @sddlZddlmZddlmZddlmZmZddlm Z m Z ddl m Z ddl mZGdd d e ZGd d d e ZGd d d eZGdddeZdS)N)default_backend)hashes)dsautils)CryptographyPrivateKeyCryptographyPublicKey) Algorithm)DNSKEYc@s`eZdZUejed<ejZejZ e Z e e ddddZe dddZeedd d d ZdS) PublicDSAkeyN) signaturedatareturncCsJ|dd}|dd}tt|dt|d}|j|||jdS)Nbig)rZencode_dss_signatureint from_bytesr verify chosen_hash)selfr r Zsig_rZsig_sZsigr6/usr/lib/python3.9/site-packages/dns/dnssecalgs/dsa.pyrs   zPublicDSA.verify)rcCs|j}|jjddd}|dkr.tdd|d}td|}||jjdd7}||jj |d7}||jj |d7}||j |d7}|S)z,Encode a public key per RFC 2536, section 2.@zunsupported DSA key size!Br) r Zpublic_numberskey_size ValueErrorstructpackZparameter_numbersqto_bytespgy)rZpndsa_toctetsresrrrencode_key_bytess   zPublicDSA.encode_key_bytes)r rc Cs|||j}td|dd\}|dd}d|d}|dd}|dd}|d|}||d}|d|}||d}|d|}|tt|dtt|dt|dt|d t dS) Nrrrrrrrr ) Z!_ensure_algorithm_key_combinationr runpackrZDSAPublicNumbersrrZDSAParameterNumbers public_keyr) clsr Zkeyptrtr'Zdsa_qZdsa_pZdsa_gZdsa_yrrr from_dnskey(s0              zPublicDSA.from_dnskey)__name__ __module__ __qualname__rZ DSAPublicKey__annotations__key_clsrZDSA algorithmrZSHA1rbytesrr) classmethodr r/rrrrr s  r c@sJeZdZUejed<ejZeZd e e e dddZ e e ddddZd S) PrivateDSAr F)r rrc Cs|j}|jdkrtd|j||jj}t|\}}|jddd}d}t d|t j ||ddt j ||dd} |r| | || S) z1Sign using a private key per RFC 2536, section 3.izDSA key size overflowrrrrr)length byteorder)r r,rrsign public_clsrrZdecode_dss_signaturerr rr"r) rr rZpublic_dsa_keyZ der_signatureZdsa_rZdsa_sr&r'r rrrr;Gs    zPrivateDSA.sign)rrcCs|tj|ddS)N)rr*)rZgenerate_private_key)r-rrrrgenerateYs zPrivateDSA.generateN)F)r0r1r2rZ DSAPrivateKeyr3r4r r<r6boolr;r7rr=rrrrr8Bs  r8c@seZdZejZdS)PublicDSANSEC3SHA1N)r0r1r2rZ DSANSEC3SHA1r5rrrrr?`sr?c@seZdZeZdS)PrivateDSANSEC3SHA1N)r0r1r2r?r<rrrrr@dsr@)rZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrrZdns.dnssecalgs.cryptographyrrZdns.dnssectypesrZdns.rdtypes.ANY.DNSKEYr r r8r?r@rrrrs    6__pycache__/ecdsa.cpython-39.opt-1.pyc000064400000007353151116031670013434 0ustar00a Me @sddlmZddlmZddlmZmZddlmZm Z ddl m Z ddl m Z Gddde ZGd d d eZGd d d eZGd ddeZGdddeZGdddeZdS))default_backend)hashes)ecutils)CryptographyPrivateKeyCryptographyPublicKey) Algorithm)DNSKEYc@sveZdZUejed<ejZeed<ej ed<ej ed<e ed<e e dddd Z e d d d Zeedd ddZdS) PublicECDSAkey algorithm chosen_hashcurveoctetsN) signaturedatareturncCsT|d|j}||jd}tt|dt|d}|j||t|j dS)Nrbig) rrZencode_dss_signatureint from_bytesr verifyrECDSAr )selfrrZsig_rZsig_sZsigr8/usr/lib/python3.9/site-packages/dns/dnssecalgs/ecdsa.pyrs zPublicECDSA.verifyrcCs*|j}|j|jd|j|jdS)z,Encode a public key per RFC 6605, section 4.r)r Zpublic_numbersxto_bytesry)rZpnrrrencode_key_bytess zPublicECDSA.encode_key_bytes)r rcCs`|||jd|j}|j|j|jd}|tj|jt|dt|ddt dS)Nrr)rrrr ) Z!_ensure_algorithm_key_combinationr rrZEllipticCurvePublicNumbersrrr public_keyr)clsr Zecdsa_xZecdsa_yrrr from_dnskeys   zPublicECDSA.from_dnskey)__name__ __module__ __qualname__rZEllipticCurvePublicKey__annotations__key_clsrrZ HashAlgorithmZ EllipticCurverbytesrr classmethodr r$rrrrr s    r c@sHeZdZUejed<ejZeZd e e e dddZ e ddddZ d S) PrivateECDSAr F)rrrcCsf|j|t|jj}t|\}}tj ||jj ddtj ||jj dd}|rb| |||S)z1Sign using a private key per RFC 6605, section 4.r)length byteorder) r signrr public_clsr rZdecode_dss_signaturerrrr"r)rrrZ der_signatureZdsa_rZdsa_srrrrr/2s zPrivateECDSA.signrcCs|tj|jjtddS)N)rZbackendr!)rZgenerate_private_keyr0rr)r#rrrgenerate=s  zPrivateECDSA.generateN)F)r%r&r'rZEllipticCurvePrivateKeyr(r)r r0r*boolr/r+r1rrrrr,-s   r,c@s&eZdZejZeZe Z dZ dS)PublicECDSAP256SHA256 N) r%r&r'rZECDSAP256SHA256r rZSHA256r rZ SECP256R1rrrrrrr3Fsr3c@seZdZeZdS)PrivateECDSAP256SHA256N)r%r&r'r3r0rrrrr5Msr5c@s&eZdZejZeZe Z dZ dS)PublicECDSAP384SHA3840N) r%r&r'rZECDSAP384SHA384r rZSHA384r rZ SECP384R1rrrrrrr6Qsr6c@seZdZeZdS)PrivateECDSAP384SHA384N)r%r&r'r6r0rrrrr8Xsr8N)Zcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrrZdns.dnssecalgs.cryptographyrrZdns.dnssectypesrZdns.rdtypes.ANY.DNSKEYr r r,r3r5r6r8rrrrs    #__pycache__/ecdsa.cpython-39.pyc000064400000007353151116031670012475 0ustar00a Me @sddlmZddlmZddlmZmZddlmZm Z ddl m Z ddl m Z Gddde ZGd d d eZGd d d eZGd ddeZGdddeZGdddeZdS))default_backend)hashes)ecutils)CryptographyPrivateKeyCryptographyPublicKey) Algorithm)DNSKEYc@sveZdZUejed<ejZeed<ej ed<ej ed<e ed<e e dddd Z e d d d Zeedd ddZdS) PublicECDSAkey algorithm chosen_hashcurveoctetsN) signaturedatareturncCsT|d|j}||jd}tt|dt|d}|j||t|j dS)Nrbig) rrZencode_dss_signatureint from_bytesr verifyrECDSAr )selfrrZsig_rZsig_sZsigr8/usr/lib/python3.9/site-packages/dns/dnssecalgs/ecdsa.pyrs zPublicECDSA.verifyrcCs*|j}|j|jd|j|jdS)z,Encode a public key per RFC 6605, section 4.r)r Zpublic_numbersxto_bytesry)rZpnrrrencode_key_bytess zPublicECDSA.encode_key_bytes)r rcCs`|||jd|j}|j|j|jd}|tj|jt|dt|ddt dS)Nrr)rrrr ) Z!_ensure_algorithm_key_combinationr rrZEllipticCurvePublicNumbersrrr public_keyr)clsr Zecdsa_xZecdsa_yrrr from_dnskeys   zPublicECDSA.from_dnskey)__name__ __module__ __qualname__rZEllipticCurvePublicKey__annotations__key_clsrrZ HashAlgorithmZ EllipticCurverbytesrr classmethodr r$rrrrr s    r c@sHeZdZUejed<ejZeZd e e e dddZ e ddddZ d S) PrivateECDSAr F)rrrcCsf|j|t|jj}t|\}}tj ||jj ddtj ||jj dd}|rb| |||S)z1Sign using a private key per RFC 6605, section 4.r)length byteorder) r signrr public_clsr rZdecode_dss_signaturerrrr"r)rrrZ der_signatureZdsa_rZdsa_srrrrr/2s zPrivateECDSA.signrcCs|tj|jjtddS)N)rZbackendr!)rZgenerate_private_keyr0rr)r#rrrgenerate=s  zPrivateECDSA.generateN)F)r%r&r'rZEllipticCurvePrivateKeyr(r)r r0r*boolr/r+r1rrrrr,-s   r,c@s&eZdZejZeZe Z dZ dS)PublicECDSAP256SHA256 N) r%r&r'rZECDSAP256SHA256r rZSHA256r rZ SECP256R1rrrrrrr3Fsr3c@seZdZeZdS)PrivateECDSAP256SHA256N)r%r&r'r3r0rrrrr5Msr5c@s&eZdZejZeZe Z dZ dS)PublicECDSAP384SHA3840N) r%r&r'rZECDSAP384SHA384r rZSHA384r rZ SECP384R1rrrrrrr6Qsr6c@seZdZeZdS)PrivateECDSAP384SHA384N)r%r&r'r6r0rrrrr8Xsr8N)Zcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrrZdns.dnssecalgs.cryptographyrrZdns.dnssectypesrZdns.rdtypes.ANY.DNSKEYr r r,r3r5r6r8rrrrs    #__pycache__/eddsa.cpython-39.opt-1.pyc000064400000005665151116031670013441 0ustar00a Mez@sddlmZddlmZddlmZmZddlmZm Z ddl m Z ddl m Z Gddde ZGd d d eZGd d d eZGd ddeZGdddeZGdddeZdS))Type) serialization)ed448ed25519)CryptographyPrivateKeyCryptographyPublicKey) Algorithm)DNSKEYc@s@eZdZeeddddZedddZeeddd d ZdS) PublicEDDSAN) signaturedatareturncCs|j||dS)N)keyverify)selfr r r8/usr/lib/python3.9/site-packages/dns/dnssecalgs/eddsa.pyr szPublicEDDSA.verifyr cCs|jjtjjtjjdS)z,Encode a public key per RFC 8080, section 3.)encodingformat)rZ public_bytesrZEncodingZRawZ PublicFormat)rrrrencode_key_bytess zPublicEDDSA.encode_key_bytes)rr cCs||||j|jdSN)r)Z!_ensure_algorithm_key_combinationkey_clsZfrom_public_bytesr)clsrrrr from_dnskeys  zPublicEDDSA.from_dnskey) __name__ __module__ __qualname__bytesrr classmethodr rrrrrr sr c@s@eZdZUeeed<d eeedddZe ddddZ d S) PrivateEDDSA public_clsF)r rr cCs$|j|}|r ||||S)z1Sign using a private key per RFC 8080, section 4.)rsignZ public_keyr)rr rr rrrr" s zPrivateEDDSA.signrcCs||jdSr)rgenerate)rrrrr#'szPrivateEDDSA.generateN)F) rrrrr __annotations__rboolr"rr#rrrrr s  r c@s$eZdZUejed<ejZejZ dS) PublicED25519rN) rrrrZEd25519PublicKeyr$rrZED25519 algorithmrrrrr&,s  r&c@s"eZdZUejed<ejZeZdS)PrivateED25519rN) rrrrZEd25519PrivateKeyr$rr&r!rrrrr(2s  r(c@s$eZdZUejed<ejZejZ dS) PublicED448rN) rrrrZEd448PublicKeyr$rrZED448r'rrrrr)8s  r)c@s"eZdZUejed<ejZeZdS) PrivateED448rN) rrrrZEd448PrivateKeyr$rr)r!rrrrr*>s  r*N)typingrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrrZdns.dnssecalgs.cryptographyrrZdns.dnssectypesrZdns.rdtypes.ANY.DNSKEYr r r r&r(r)r*rrrrs    __pycache__/eddsa.cpython-39.pyc000064400000005665151116031670012502 0ustar00a Mez@sddlmZddlmZddlmZmZddlmZm Z ddl m Z ddl m Z Gddde ZGd d d eZGd d d eZGd ddeZGdddeZGdddeZdS))Type) serialization)ed448ed25519)CryptographyPrivateKeyCryptographyPublicKey) Algorithm)DNSKEYc@s@eZdZeeddddZedddZeeddd d ZdS) PublicEDDSAN) signaturedatareturncCs|j||dS)N)keyverify)selfr r r8/usr/lib/python3.9/site-packages/dns/dnssecalgs/eddsa.pyr szPublicEDDSA.verifyr cCs|jjtjjtjjdS)z,Encode a public key per RFC 8080, section 3.)encodingformat)rZ public_bytesrZEncodingZRawZ PublicFormat)rrrrencode_key_bytess zPublicEDDSA.encode_key_bytes)rr cCs||||j|jdSN)r)Z!_ensure_algorithm_key_combinationkey_clsZfrom_public_bytesr)clsrrrr from_dnskeys  zPublicEDDSA.from_dnskey) __name__ __module__ __qualname__bytesrr classmethodr rrrrrr sr c@s@eZdZUeeed<d eeedddZe ddddZ d S) PrivateEDDSA public_clsF)r rr cCs$|j|}|r ||||S)z1Sign using a private key per RFC 8080, section 4.)rsignZ public_keyr)rr rr rrrr" s zPrivateEDDSA.signrcCs||jdSr)rgenerate)rrrrr#'szPrivateEDDSA.generateN)F) rrrrr __annotations__rboolr"rr#rrrrr s  r c@s$eZdZUejed<ejZejZ dS) PublicED25519rN) rrrrZEd25519PublicKeyr$rrZED25519 algorithmrrrrr&,s  r&c@s"eZdZUejed<ejZeZdS)PrivateED25519rN) rrrrZEd25519PrivateKeyr$rr&r!rrrrr(2s  r(c@s$eZdZUejed<ejZejZ dS) PublicED448rN) rrrrZEd448PublicKeyr$rrZED448r'rrrrr)8s  r)c@s"eZdZUejed<ejZeZdS) PrivateED448rN) rrrrZEd448PrivateKeyr$rr)r!rrrrr*>s  r*N)typingrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrrZdns.dnssecalgs.cryptographyrrZdns.dnssectypesrZdns.rdtypes.ANY.DNSKEYr r r r&r(r)r*rrrrs    __pycache__/rsa.cpython-39.opt-1.pyc000064400000011354151116031670013136 0ustar00a Me @s$ddlZddlZddlmZddlmZddlmZmZddl m Z m Z ddl m Z ddlmZGdd d e ZGd d d e ZGd d d eZGdddeZGdddeZGdddeZGdddeZGdddeZGdddeZGdddeZGdddeZGdddeZdS) N)default_backend)hashes)paddingrsa)CryptographyPrivateKeyCryptographyPublicKey) Algorithm)DNSKEYc@sdeZdZUejed<ejZeed<ej ed<e e ddddZ e dd d Z e edd d d ZdS) PublicRSAkey algorithm chosen_hashN) signaturedatareturncCs|j||t|jdS)N)r verifyrPKCS1v15r )selfrrr6/usr/lib/python3.9/site-packages/dns/dnssecalgs/rsa.pyrszPublicRSA.verify)rcCs|j}tt|jd}tj|j|dd}|dkrLdt d|}n t d|}|j dkst|j d kr|t d |||j |j d ddS) z,Encode a public key per RFC 3110, section 2.big)length byteorder!H!Biizunsupported RSA key length) r Zpublic_numbersmathZceilint bit_lengtheto_bytesstructpackn ValueError)rZpnZ_exp_lenZexpZ exp_headerrrrencode_key_bytess  zPublicRSA.encode_key_bytes)r rcCs|||j}td|dd\}|dd}|dkr\td|dd\}|dd}|d|}||d}|tt|dt|dt dS)Nrrrrr ) Z!_ensure_algorithm_key_combinationr r$unpackrZRSAPublicNumbersr from_bytes public_keyr)clsr ZkeyptrZbytes_Zrsa_eZrsa_nrrr from_dnskey#s      zPublicRSA.from_dnskey)__name__ __module__ __qualname__rZ RSAPublicKey__annotations__key_clsrrZ HashAlgorithmbytesrr( classmethodr r0rrrrr s    r c@sNeZdZUejed<ejZeZdZ d e e e dddZ e edddd Zd S) PrivateRSAr iF)rrrcCs0|j|t|jj}|r,||||S)z1Sign using a private key per RFC 3110, section 3.)r signrr public_clsr r.r)rrrrrrrr9;szPrivateRSA.sign)key_sizercCs|tj|j|tddS)N)Zpublic_exponentr;Zbackendr+)rZgenerate_private_keydefault_public_exponentr)r/r;rrrgenerateBszPrivateRSA.generateN)F)r1r2r3rZ RSAPrivateKeyr4r5r r:r<r6boolr9r7r r=rrrrr85s  r8c@seZdZejZeZdS) PublicRSAMD5N) r1r2r3rZRSAMD5r rZMD5r rrrrr?Msr?c@seZdZeZdS) PrivateRSAMD5N)r1r2r3r?r:rrrrr@Rsr@c@seZdZejZeZdS) PublicRSASHA1N) r1r2r3rZRSASHA1r rSHA1r rrrrrAVsrAc@seZdZeZdS)PrivateRSASHA1N)r1r2r3rAr:rrrrrC[srCc@seZdZejZeZdS)PublicRSASHA1NSEC3SHA1N) r1r2r3rZRSASHA1NSEC3SHA1r rrBr rrrrrD_srDc@seZdZeZdS)PrivateRSASHA1NSEC3SHA1N)r1r2r3rDr:rrrrrEdsrEc@seZdZejZeZdS)PublicRSASHA256N) r1r2r3rZ RSASHA256r rZSHA256r rrrrrFhsrFc@seZdZeZdS)PrivateRSASHA256N)r1r2r3rFr:rrrrrGmsrGc@seZdZejZeZdS)PublicRSASHA512N) r1r2r3rZ RSASHA512r rZSHA512r rrrrrHqsrHc@seZdZeZdS)PrivateRSASHA512N)r1r2r3rHr:rrrrrIvsrI)rr$Zcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrrZdns.dnssecalgs.cryptographyrrZdns.dnssectypesrZdns.rdtypes.ANY.DNSKEYr r r8r?r@rArCrDrErFrGrHrIrrrrs&    (__pycache__/rsa.cpython-39.pyc000064400000011354151116031670012177 0ustar00a Me @s$ddlZddlZddlmZddlmZddlmZmZddl m Z m Z ddl m Z ddlmZGdd d e ZGd d d e ZGd d d eZGdddeZGdddeZGdddeZGdddeZGdddeZGdddeZGdddeZGdddeZGdddeZdS) N)default_backend)hashes)paddingrsa)CryptographyPrivateKeyCryptographyPublicKey) Algorithm)DNSKEYc@sdeZdZUejed<ejZeed<ej ed<e e ddddZ e dd d Z e edd d d ZdS) PublicRSAkey algorithm chosen_hashN) signaturedatareturncCs|j||t|jdS)N)r verifyrPKCS1v15r )selfrrr6/usr/lib/python3.9/site-packages/dns/dnssecalgs/rsa.pyrszPublicRSA.verify)rcCs|j}tt|jd}tj|j|dd}|dkrLdt d|}n t d|}|j dkst|j d kr|t d |||j |j d ddS) z,Encode a public key per RFC 3110, section 2.big)length byteorder!H!Biizunsupported RSA key length) r Zpublic_numbersmathZceilint bit_lengtheto_bytesstructpackn ValueError)rZpnZ_exp_lenZexpZ exp_headerrrrencode_key_bytess  zPublicRSA.encode_key_bytes)r rcCs|||j}td|dd\}|dd}|dkr\td|dd\}|dd}|d|}||d}|tt|dt|dt dS)Nrrrrr ) Z!_ensure_algorithm_key_combinationr r$unpackrZRSAPublicNumbersr from_bytes public_keyr)clsr ZkeyptrZbytes_Zrsa_eZrsa_nrrr from_dnskey#s      zPublicRSA.from_dnskey)__name__ __module__ __qualname__rZ RSAPublicKey__annotations__key_clsrrZ HashAlgorithmbytesrr( classmethodr r0rrrrr s    r c@sNeZdZUejed<ejZeZdZ d e e e dddZ e edddd Zd S) PrivateRSAr iF)rrrcCs0|j|t|jj}|r,||||S)z1Sign using a private key per RFC 3110, section 3.)r signrr public_clsr r.r)rrrrrrrr9;szPrivateRSA.sign)key_sizercCs|tj|j|tddS)N)Zpublic_exponentr;Zbackendr+)rZgenerate_private_keydefault_public_exponentr)r/r;rrrgenerateBszPrivateRSA.generateN)F)r1r2r3rZ RSAPrivateKeyr4r5r r:r<r6boolr9r7r r=rrrrr85s  r8c@seZdZejZeZdS) PublicRSAMD5N) r1r2r3rZRSAMD5r rZMD5r rrrrr?Msr?c@seZdZeZdS) PrivateRSAMD5N)r1r2r3r?r:rrrrr@Rsr@c@seZdZejZeZdS) PublicRSASHA1N) r1r2r3rZRSASHA1r rSHA1r rrrrrAVsrAc@seZdZeZdS)PrivateRSASHA1N)r1r2r3rAr:rrrrrC[srCc@seZdZejZeZdS)PublicRSASHA1NSEC3SHA1N) r1r2r3rZRSASHA1NSEC3SHA1r rrBr rrrrrD_srDc@seZdZeZdS)PrivateRSASHA1NSEC3SHA1N)r1r2r3rDr:rrrrrEdsrEc@seZdZejZeZdS)PublicRSASHA256N) r1r2r3rZ RSASHA256r rZSHA256r rrrrrFhsrFc@seZdZeZdS)PrivateRSASHA256N)r1r2r3rFr:rrrrrGmsrGc@seZdZejZeZdS)PublicRSASHA512N) r1r2r3rZ RSASHA512r rZSHA512r rrrrrHqsrHc@seZdZeZdS)PrivateRSASHA512N)r1r2r3rHr:rrrrrIvsrI)rr$Zcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrrZdns.dnssecalgs.cryptographyrrZdns.dnssectypesrZdns.rdtypes.ANY.DNSKEYr r r8r?r@rArCrDrErFrGrHrIrrrrs&    (__init__.py000064400000010267151116031670006664 0ustar00from typing import Dict, Optional, Tuple, Type, Union import dns.name from dns.dnssecalgs.base import GenericPrivateKey from dns.dnssectypes import Algorithm from dns.exception import UnsupportedAlgorithm from dns.rdtypes.ANY.DNSKEY import DNSKEY if dns._features.have("dnssec"): from dns.dnssecalgs.dsa import PrivateDSA, PrivateDSANSEC3SHA1 from dns.dnssecalgs.ecdsa import PrivateECDSAP256SHA256, PrivateECDSAP384SHA384 from dns.dnssecalgs.eddsa import PrivateED448, PrivateED25519 from dns.dnssecalgs.rsa import ( PrivateRSAMD5, PrivateRSASHA1, PrivateRSASHA1NSEC3SHA1, PrivateRSASHA256, PrivateRSASHA512, ) _have_cryptography = True else: _have_cryptography = False AlgorithmPrefix = Optional[Union[bytes, dns.name.Name]] algorithms: Dict[Tuple[Algorithm, AlgorithmPrefix], Type[GenericPrivateKey]] = {} if _have_cryptography: algorithms.update( { (Algorithm.RSAMD5, None): PrivateRSAMD5, (Algorithm.DSA, None): PrivateDSA, (Algorithm.RSASHA1, None): PrivateRSASHA1, (Algorithm.DSANSEC3SHA1, None): PrivateDSANSEC3SHA1, (Algorithm.RSASHA1NSEC3SHA1, None): PrivateRSASHA1NSEC3SHA1, (Algorithm.RSASHA256, None): PrivateRSASHA256, (Algorithm.RSASHA512, None): PrivateRSASHA512, (Algorithm.ECDSAP256SHA256, None): PrivateECDSAP256SHA256, (Algorithm.ECDSAP384SHA384, None): PrivateECDSAP384SHA384, (Algorithm.ED25519, None): PrivateED25519, (Algorithm.ED448, None): PrivateED448, } ) def get_algorithm_cls( algorithm: Union[int, str], prefix: AlgorithmPrefix = None ) -> Type[GenericPrivateKey]: """Get Private Key class from Algorithm. *algorithm*, a ``str`` or ``int`` specifying the DNSKEY algorithm. Raises ``UnsupportedAlgorithm`` if the algorithm is unknown. Returns a ``dns.dnssecalgs.GenericPrivateKey`` """ algorithm = Algorithm.make(algorithm) cls = algorithms.get((algorithm, prefix)) if cls: return cls raise UnsupportedAlgorithm( 'algorithm "%s" not supported by dnspython' % Algorithm.to_text(algorithm) ) def get_algorithm_cls_from_dnskey(dnskey: DNSKEY) -> Type[GenericPrivateKey]: """Get Private Key class from DNSKEY. *dnskey*, a ``DNSKEY`` to get Algorithm class for. Raises ``UnsupportedAlgorithm`` if the algorithm is unknown. Returns a ``dns.dnssecalgs.GenericPrivateKey`` """ prefix: AlgorithmPrefix = None if dnskey.algorithm == Algorithm.PRIVATEDNS: prefix, _ = dns.name.from_wire(dnskey.key, 0) elif dnskey.algorithm == Algorithm.PRIVATEOID: length = int(dnskey.key[0]) prefix = dnskey.key[0 : length + 1] return get_algorithm_cls(dnskey.algorithm, prefix) def register_algorithm_cls( algorithm: Union[int, str], algorithm_cls: Type[GenericPrivateKey], name: Optional[Union[dns.name.Name, str]] = None, oid: Optional[bytes] = None, ) -> None: """Register Algorithm Private Key class. *algorithm*, a ``str`` or ``int`` specifying the DNSKEY algorithm. *algorithm_cls*: A `GenericPrivateKey` class. *name*, an optional ``dns.name.Name`` or ``str``, for for PRIVATEDNS algorithms. *oid*: an optional BER-encoded `bytes` for PRIVATEOID algorithms. Raises ``ValueError`` if a name or oid is specified incorrectly. """ if not issubclass(algorithm_cls, GenericPrivateKey): raise TypeError("Invalid algorithm class") algorithm = Algorithm.make(algorithm) prefix: AlgorithmPrefix = None if algorithm == Algorithm.PRIVATEDNS: if name is None: raise ValueError("Name required for PRIVATEDNS algorithms") if isinstance(name, str): name = dns.name.from_text(name) prefix = name elif algorithm == Algorithm.PRIVATEOID: if oid is None: raise ValueError("OID required for PRIVATEOID algorithms") prefix = bytes([len(oid)]) + oid elif name: raise ValueError("Name only supported for PRIVATEDNS algorithm") elif oid: raise ValueError("OID only supported for PRIVATEOID algorithm") algorithms[(algorithm, prefix)] = algorithm_cls base.py000064400000004616151116031670006040 0ustar00from abc import ABC, abstractmethod # pylint: disable=no-name-in-module from typing import Any, Optional, Type import dns.rdataclass import dns.rdatatype from dns.dnssectypes import Algorithm from dns.exception import AlgorithmKeyMismatch from dns.rdtypes.ANY.DNSKEY import DNSKEY from dns.rdtypes.dnskeybase import Flag class GenericPublicKey(ABC): algorithm: Algorithm @abstractmethod def __init__(self, key: Any) -> None: pass @abstractmethod def verify(self, signature: bytes, data: bytes) -> None: """Verify signed DNSSEC data""" @abstractmethod def encode_key_bytes(self) -> bytes: """Encode key as bytes for DNSKEY""" @classmethod def _ensure_algorithm_key_combination(cls, key: DNSKEY) -> None: if key.algorithm != cls.algorithm: raise AlgorithmKeyMismatch def to_dnskey(self, flags: int = Flag.ZONE, protocol: int = 3) -> DNSKEY: """Return public key as DNSKEY""" return DNSKEY( rdclass=dns.rdataclass.IN, rdtype=dns.rdatatype.DNSKEY, flags=flags, protocol=protocol, algorithm=self.algorithm, key=self.encode_key_bytes(), ) @classmethod @abstractmethod def from_dnskey(cls, key: DNSKEY) -> "GenericPublicKey": """Create public key from DNSKEY""" @classmethod @abstractmethod def from_pem(cls, public_pem: bytes) -> "GenericPublicKey": """Create public key from PEM-encoded SubjectPublicKeyInfo as specified in RFC 5280""" @abstractmethod def to_pem(self) -> bytes: """Return public-key as PEM-encoded SubjectPublicKeyInfo as specified in RFC 5280""" class GenericPrivateKey(ABC): public_cls: Type[GenericPublicKey] @abstractmethod def __init__(self, key: Any) -> None: pass @abstractmethod def sign(self, data: bytes, verify: bool = False) -> bytes: """Sign DNSSEC data""" @abstractmethod def public_key(self) -> "GenericPublicKey": """Return public key instance""" @classmethod @abstractmethod def from_pem( cls, private_pem: bytes, password: Optional[bytes] = None ) -> "GenericPrivateKey": """Create private key from PEM-encoded PKCS#8""" @abstractmethod def to_pem(self, password: Optional[bytes] = None) -> bytes: """Return private key as PEM-encoded PKCS#8""" cryptography.py000064400000004571151116031670007661 0ustar00from typing import Any, Optional, Type from cryptography.hazmat.primitives import serialization from dns.dnssecalgs.base import GenericPrivateKey, GenericPublicKey from dns.exception import AlgorithmKeyMismatch class CryptographyPublicKey(GenericPublicKey): key: Any = None key_cls: Any = None def __init__(self, key: Any) -> None: # pylint: disable=super-init-not-called if self.key_cls is None: raise TypeError("Undefined private key class") if not isinstance( # pylint: disable=isinstance-second-argument-not-valid-type key, self.key_cls ): raise AlgorithmKeyMismatch self.key = key @classmethod def from_pem(cls, public_pem: bytes) -> "GenericPublicKey": key = serialization.load_pem_public_key(public_pem) return cls(key=key) def to_pem(self) -> bytes: return self.key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, ) class CryptographyPrivateKey(GenericPrivateKey): key: Any = None key_cls: Any = None public_cls: Type[CryptographyPublicKey] def __init__(self, key: Any) -> None: # pylint: disable=super-init-not-called if self.key_cls is None: raise TypeError("Undefined private key class") if not isinstance( # pylint: disable=isinstance-second-argument-not-valid-type key, self.key_cls ): raise AlgorithmKeyMismatch self.key = key def public_key(self) -> "CryptographyPublicKey": return self.public_cls(key=self.key.public_key()) @classmethod def from_pem( cls, private_pem: bytes, password: Optional[bytes] = None ) -> "GenericPrivateKey": key = serialization.load_pem_private_key(private_pem, password=password) return cls(key=key) def to_pem(self, password: Optional[bytes] = None) -> bytes: encryption_algorithm: serialization.KeySerializationEncryption if password: encryption_algorithm = serialization.BestAvailableEncryption(password) else: encryption_algorithm = serialization.NoEncryption() return self.key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=encryption_algorithm, ) dsa.py000064400000006651151116031670005676 0ustar00import struct from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import dsa, utils from dns.dnssecalgs.cryptography import CryptographyPrivateKey, CryptographyPublicKey from dns.dnssectypes import Algorithm from dns.rdtypes.ANY.DNSKEY import DNSKEY class PublicDSA(CryptographyPublicKey): key: dsa.DSAPublicKey key_cls = dsa.DSAPublicKey algorithm = Algorithm.DSA chosen_hash = hashes.SHA1() def verify(self, signature: bytes, data: bytes) -> None: sig_r = signature[1:21] sig_s = signature[21:] sig = utils.encode_dss_signature( int.from_bytes(sig_r, "big"), int.from_bytes(sig_s, "big") ) self.key.verify(sig, data, self.chosen_hash) def encode_key_bytes(self) -> bytes: """Encode a public key per RFC 2536, section 2.""" pn = self.key.public_numbers() dsa_t = (self.key.key_size // 8 - 64) // 8 if dsa_t > 8: raise ValueError("unsupported DSA key size") octets = 64 + dsa_t * 8 res = struct.pack("!B", dsa_t) res += pn.parameter_numbers.q.to_bytes(20, "big") res += pn.parameter_numbers.p.to_bytes(octets, "big") res += pn.parameter_numbers.g.to_bytes(octets, "big") res += pn.y.to_bytes(octets, "big") return res @classmethod def from_dnskey(cls, key: DNSKEY) -> "PublicDSA": cls._ensure_algorithm_key_combination(key) keyptr = key.key (t,) = struct.unpack("!B", keyptr[0:1]) keyptr = keyptr[1:] octets = 64 + t * 8 dsa_q = keyptr[0:20] keyptr = keyptr[20:] dsa_p = keyptr[0:octets] keyptr = keyptr[octets:] dsa_g = keyptr[0:octets] keyptr = keyptr[octets:] dsa_y = keyptr[0:octets] return cls( key=dsa.DSAPublicNumbers( # type: ignore int.from_bytes(dsa_y, "big"), dsa.DSAParameterNumbers( int.from_bytes(dsa_p, "big"), int.from_bytes(dsa_q, "big"), int.from_bytes(dsa_g, "big"), ), ).public_key(default_backend()), ) class PrivateDSA(CryptographyPrivateKey): key: dsa.DSAPrivateKey key_cls = dsa.DSAPrivateKey public_cls = PublicDSA def sign(self, data: bytes, verify: bool = False) -> bytes: """Sign using a private key per RFC 2536, section 3.""" public_dsa_key = self.key.public_key() if public_dsa_key.key_size > 1024: raise ValueError("DSA key size overflow") der_signature = self.key.sign(data, self.public_cls.chosen_hash) dsa_r, dsa_s = utils.decode_dss_signature(der_signature) dsa_t = (public_dsa_key.key_size // 8 - 64) // 8 octets = 20 signature = ( struct.pack("!B", dsa_t) + int.to_bytes(dsa_r, length=octets, byteorder="big") + int.to_bytes(dsa_s, length=octets, byteorder="big") ) if verify: self.public_key().verify(signature, data) return signature @classmethod def generate(cls, key_size: int) -> "PrivateDSA": return cls( key=dsa.generate_private_key(key_size=key_size), ) class PublicDSANSEC3SHA1(PublicDSA): algorithm = Algorithm.DSANSEC3SHA1 class PrivateDSANSEC3SHA1(PrivateDSA): public_cls = PublicDSANSEC3SHA1 ecdsa.py000064400000005710151116031670006201 0ustar00from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import ec, utils from dns.dnssecalgs.cryptography import CryptographyPrivateKey, CryptographyPublicKey from dns.dnssectypes import Algorithm from dns.rdtypes.ANY.DNSKEY import DNSKEY class PublicECDSA(CryptographyPublicKey): key: ec.EllipticCurvePublicKey key_cls = ec.EllipticCurvePublicKey algorithm: Algorithm chosen_hash: hashes.HashAlgorithm curve: ec.EllipticCurve octets: int def verify(self, signature: bytes, data: bytes) -> None: sig_r = signature[0 : self.octets] sig_s = signature[self.octets :] sig = utils.encode_dss_signature( int.from_bytes(sig_r, "big"), int.from_bytes(sig_s, "big") ) self.key.verify(sig, data, ec.ECDSA(self.chosen_hash)) def encode_key_bytes(self) -> bytes: """Encode a public key per RFC 6605, section 4.""" pn = self.key.public_numbers() return pn.x.to_bytes(self.octets, "big") + pn.y.to_bytes(self.octets, "big") @classmethod def from_dnskey(cls, key: DNSKEY) -> "PublicECDSA": cls._ensure_algorithm_key_combination(key) ecdsa_x = key.key[0 : cls.octets] ecdsa_y = key.key[cls.octets : cls.octets * 2] return cls( key=ec.EllipticCurvePublicNumbers( curve=cls.curve, x=int.from_bytes(ecdsa_x, "big"), y=int.from_bytes(ecdsa_y, "big"), ).public_key(default_backend()), ) class PrivateECDSA(CryptographyPrivateKey): key: ec.EllipticCurvePrivateKey key_cls = ec.EllipticCurvePrivateKey public_cls = PublicECDSA def sign(self, data: bytes, verify: bool = False) -> bytes: """Sign using a private key per RFC 6605, section 4.""" der_signature = self.key.sign(data, ec.ECDSA(self.public_cls.chosen_hash)) dsa_r, dsa_s = utils.decode_dss_signature(der_signature) signature = int.to_bytes( dsa_r, length=self.public_cls.octets, byteorder="big" ) + int.to_bytes(dsa_s, length=self.public_cls.octets, byteorder="big") if verify: self.public_key().verify(signature, data) return signature @classmethod def generate(cls) -> "PrivateECDSA": return cls( key=ec.generate_private_key( curve=cls.public_cls.curve, backend=default_backend() ), ) class PublicECDSAP256SHA256(PublicECDSA): algorithm = Algorithm.ECDSAP256SHA256 chosen_hash = hashes.SHA256() curve = ec.SECP256R1() octets = 32 class PrivateECDSAP256SHA256(PrivateECDSA): public_cls = PublicECDSAP256SHA256 class PublicECDSAP384SHA384(PublicECDSA): algorithm = Algorithm.ECDSAP384SHA384 chosen_hash = hashes.SHA384() curve = ec.SECP384R1() octets = 48 class PrivateECDSAP384SHA384(PrivateECDSA): public_cls = PublicECDSAP384SHA384 eddsa.py000064400000003572151116031670006206 0ustar00from typing import Type from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import ed448, ed25519 from dns.dnssecalgs.cryptography import CryptographyPrivateKey, CryptographyPublicKey from dns.dnssectypes import Algorithm from dns.rdtypes.ANY.DNSKEY import DNSKEY class PublicEDDSA(CryptographyPublicKey): def verify(self, signature: bytes, data: bytes) -> None: self.key.verify(signature, data) def encode_key_bytes(self) -> bytes: """Encode a public key per RFC 8080, section 3.""" return self.key.public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw ) @classmethod def from_dnskey(cls, key: DNSKEY) -> "PublicEDDSA": cls._ensure_algorithm_key_combination(key) return cls( key=cls.key_cls.from_public_bytes(key.key), ) class PrivateEDDSA(CryptographyPrivateKey): public_cls: Type[PublicEDDSA] def sign(self, data: bytes, verify: bool = False) -> bytes: """Sign using a private key per RFC 8080, section 4.""" signature = self.key.sign(data) if verify: self.public_key().verify(signature, data) return signature @classmethod def generate(cls) -> "PrivateEDDSA": return cls(key=cls.key_cls.generate()) class PublicED25519(PublicEDDSA): key: ed25519.Ed25519PublicKey key_cls = ed25519.Ed25519PublicKey algorithm = Algorithm.ED25519 class PrivateED25519(PrivateEDDSA): key: ed25519.Ed25519PrivateKey key_cls = ed25519.Ed25519PrivateKey public_cls = PublicED25519 class PublicED448(PublicEDDSA): key: ed448.Ed448PublicKey key_cls = ed448.Ed448PublicKey algorithm = Algorithm.ED448 class PrivateED448(PrivateEDDSA): key: ed448.Ed448PrivateKey key_cls = ed448.Ed448PrivateKey public_cls = PublicED448 rsa.py000064400000006743151116031670005716 0ustar00import math import struct from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import padding, rsa from dns.dnssecalgs.cryptography import CryptographyPrivateKey, CryptographyPublicKey from dns.dnssectypes import Algorithm from dns.rdtypes.ANY.DNSKEY import DNSKEY class PublicRSA(CryptographyPublicKey): key: rsa.RSAPublicKey key_cls = rsa.RSAPublicKey algorithm: Algorithm chosen_hash: hashes.HashAlgorithm def verify(self, signature: bytes, data: bytes) -> None: self.key.verify(signature, data, padding.PKCS1v15(), self.chosen_hash) def encode_key_bytes(self) -> bytes: """Encode a public key per RFC 3110, section 2.""" pn = self.key.public_numbers() _exp_len = math.ceil(int.bit_length(pn.e) / 8) exp = int.to_bytes(pn.e, length=_exp_len, byteorder="big") if _exp_len > 255: exp_header = b"\0" + struct.pack("!H", _exp_len) else: exp_header = struct.pack("!B", _exp_len) if pn.n.bit_length() < 512 or pn.n.bit_length() > 4096: raise ValueError("unsupported RSA key length") return exp_header + exp + pn.n.to_bytes((pn.n.bit_length() + 7) // 8, "big") @classmethod def from_dnskey(cls, key: DNSKEY) -> "PublicRSA": cls._ensure_algorithm_key_combination(key) keyptr = key.key (bytes_,) = struct.unpack("!B", keyptr[0:1]) keyptr = keyptr[1:] if bytes_ == 0: (bytes_,) = struct.unpack("!H", keyptr[0:2]) keyptr = keyptr[2:] rsa_e = keyptr[0:bytes_] rsa_n = keyptr[bytes_:] return cls( key=rsa.RSAPublicNumbers( int.from_bytes(rsa_e, "big"), int.from_bytes(rsa_n, "big") ).public_key(default_backend()) ) class PrivateRSA(CryptographyPrivateKey): key: rsa.RSAPrivateKey key_cls = rsa.RSAPrivateKey public_cls = PublicRSA default_public_exponent = 65537 def sign(self, data: bytes, verify: bool = False) -> bytes: """Sign using a private key per RFC 3110, section 3.""" signature = self.key.sign(data, padding.PKCS1v15(), self.public_cls.chosen_hash) if verify: self.public_key().verify(signature, data) return signature @classmethod def generate(cls, key_size: int) -> "PrivateRSA": return cls( key=rsa.generate_private_key( public_exponent=cls.default_public_exponent, key_size=key_size, backend=default_backend(), ) ) class PublicRSAMD5(PublicRSA): algorithm = Algorithm.RSAMD5 chosen_hash = hashes.MD5() class PrivateRSAMD5(PrivateRSA): public_cls = PublicRSAMD5 class PublicRSASHA1(PublicRSA): algorithm = Algorithm.RSASHA1 chosen_hash = hashes.SHA1() class PrivateRSASHA1(PrivateRSA): public_cls = PublicRSASHA1 class PublicRSASHA1NSEC3SHA1(PublicRSA): algorithm = Algorithm.RSASHA1NSEC3SHA1 chosen_hash = hashes.SHA1() class PrivateRSASHA1NSEC3SHA1(PrivateRSA): public_cls = PublicRSASHA1NSEC3SHA1 class PublicRSASHA256(PublicRSA): algorithm = Algorithm.RSASHA256 chosen_hash = hashes.SHA256() class PrivateRSASHA256(PrivateRSA): public_cls = PublicRSASHA256 class PublicRSASHA512(PublicRSA): algorithm = Algorithm.RSASHA512 chosen_hash = hashes.SHA512() class PrivateRSASHA512(PrivateRSA): public_cls = PublicRSASHA512