dissect.target 3.19.dev11__py3-none-any.whl → 3.19.dev13__py3-none-any.whl

dissect/target/plugins/apps/ssh/openssh.py

@@ -7,7 +7,6 @@ from typing import Iterator
 from dissect.target import Target
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.fsutil import TargetPath
-from dissect.target.helpers.ssh import SSHPrivateKey
 from dissect.target.plugin import export
 from dissect.target.plugins.apps.ssh.ssh import (
     AuthorizedKeysRecord,
@@ -15,6 +14,7 @@ from dissect.target.plugins.apps.ssh.ssh import (
     PrivateKeyRecord,
     PublicKeyRecord,
     SSHPlugin,
+    SSHPrivateKey,
     calculate_fingerprints,
 )
 

dissect/target/plugins/apps/ssh/ssh.py

@@ -1,10 +1,55 @@
 import base64
+import binascii
 from hashlib import md5, sha1, sha256
 
+from dissect.cstruct import cstruct
+
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import NamespacePlugin
 
+rfc4716_def = """
+struct ssh_string {
+    uint32 length;
+    char value[length];
+}
+
+struct ssh_private_key {
+    char magic[15];
+
+    ssh_string cipher;
+    ssh_string kdf_name;
+    ssh_string kdf_options;
+
+    uint32 number_of_keys;
+
+    ssh_string public;
+    ssh_string private;
+}
+"""
+
+c_rfc4716 = cstruct(endian=">").load(rfc4716_def)
+
+RFC4716_MARKER_START = b"-----BEGIN OPENSSH PRIVATE KEY-----"
+RFC4716_MARKER_END = b"-----END OPENSSH PRIVATE KEY-----"
+RFC4716_MAGIC = b"openssh-key-v1\x00"
+RFC4716_PADDING = b"\x01\x02\x03\x04\x05\x06\x07"
+RFC4716_NONE = b"none"
+
+PKCS8_MARKER_START = b"-----BEGIN PRIVATE KEY-----"
+PKCS8_MARKER_END = b"-----END PRIVATE KEY-----"
+PKCS8_MARKER_START_ENCRYPTED = b"-----BEGIN ENCRYPTED PRIVATE KEY-----"
+PKCS8_MARKER_END_ENCRYPTED = b"-----END ENCRYPTED PRIVATE KEY-----"
+
+PEM_MARKER_START_RSA = b"-----BEGIN RSA PRIVATE KEY-----"
+PEM_MARKER_END_RSA = b"-----END RSA PRIVATE KEY-----"
+PEM_MARKER_START_DSA = b"-----BEGIN DSA PRIVATE KEY-----"
+PEM_MARKER_END_DSA = b"-----END DSA PRIVATE KEY-----"
+PEM_MARKER_START_EC = b"-----BEGIN EC PRIVATE KEY-----"
+PEM_MARKER_END_EC = b"-----END EC PRIVATE KEY-----"
+PEM_ENCRYPTED = b"ENCRYPTED"
+
+
 OpenSSHUserRecordDescriptor = create_extended_descriptor([UserRecordDescriptorExtension])
 
 COMMON_ELLEMENTS = [
@@ -96,3 +141,135 @@ def calculate_fingerprints(public_key_decoded: bytes, ssh_keygen_format: bool =
         fingerprint_sha256 = digest_sha256.hex()
 
     return digest_md5.hex(), fingerprint_sha1, fingerprint_sha256
+
+
+def is_rfc4716(data: bytes) -> bool:
+    """Validate data is a valid looking SSH private key in the OpenSSH format."""
+    return data.startswith(RFC4716_MARKER_START) and data.endswith(RFC4716_MARKER_END)
+
+
+def decode_rfc4716(data: bytes) -> bytes:
+    """Base64 decode the private key data."""
+    encoded_key_data = data.removeprefix(RFC4716_MARKER_START).removesuffix(RFC4716_MARKER_END)
+    try:
+        return base64.b64decode(encoded_key_data)
+    except binascii.Error:
+        raise ValueError("Error decoding RFC4716 key data")
+
+
+def is_pkcs8(data: bytes) -> bool:
+    """Validate data is a valid looking PKCS8 SSH private key."""
+    return (data.startswith(PKCS8_MARKER_START) and data.endswith(PKCS8_MARKER_END)) or (
+        data.startswith(PKCS8_MARKER_START_ENCRYPTED) and data.endswith(PKCS8_MARKER_END_ENCRYPTED)
+    )
+
+
+def is_pem(data: bytes) -> bool:
+    """Validate data is a valid looking PEM SSH private key."""
+    return (
+        (data.startswith(PEM_MARKER_START_RSA) and data.endswith(PEM_MARKER_END_RSA))
+        or (data.startswith(PEM_MARKER_START_DSA) and data.endswith(PEM_MARKER_END_DSA))
+        or (data.startswith(PEM_MARKER_START_EC) and data.endswith(PEM_MARKER_END_EC))
+    )
+
+
+class SSHPrivateKey:
+    """A class to parse (OpenSSH-supported) SSH private keys.
+
+    OpenSSH supports three types of keys:
+    * RFC4716 (default)
+    * PKCS8
+    * PEM
+    """
+
+    def __init__(self, data: bytes):
+        self.key_type = None
+        self.public_key = None
+        self.comment = ""
+
+        if is_rfc4716(data):
+            self.format = "RFC4716"
+            self._parse_rfc4716(data)
+
+        elif is_pkcs8(data):
+            self.format = "PKCS8"
+            self.is_encrypted = data.startswith(PKCS8_MARKER_START_ENCRYPTED)
+
+        elif is_pem(data):
+            self.format = "PEM"
+            self._parse_pem(data)
+
+        else:
+            raise ValueError("Unsupported private key format")
+
+    def _parse_rfc4716(self, data: bytes) -> None:
+        """Parse OpenSSH format SSH private keys.
+
+        The format:
+        "openssh-key-v1"0x00    # NULL-terminated "Auth Magic" string
+        32-bit length, "none"   # ciphername length and string
+        32-bit length, "none"   # kdfname length and string
+        32-bit length, nil      # kdf (0 length, no kdf)
+        32-bit 0x01             # number of keys, hard-coded to 1 (no length)
+        32-bit length, sshpub   # public key in ssh format
+            32-bit length, keytype
+            32-bit length, pub0
+            32-bit length, pub1
+        32-bit length for rnd+prv+comment+pad
+            64-bit dummy checksum?  # a random 32-bit int, repeated
+            32-bit length, keytype  # the private key (including public)
+            32-bit length, pub0     # Public Key parts
+            32-bit length, pub1
+            32-bit length, prv0     # Private Key parts
+            ...                     # (number varies by type)
+            32-bit length, comment  # comment string
+            padding bytes 0x010203  # pad to blocksize (see notes below)
+
+        Source: https://coolaj86.com/articles/the-openssh-private-key-format/
+        """
+
+        key_data = decode_rfc4716(data)
+        private_key = c_rfc4716.ssh_private_key(key_data)
+
+        # RFC4716 only supports 1 key at the moment.
+        if private_key.magic != RFC4716_MAGIC or private_key.number_of_keys != 1:
+            raise ValueError("Unexpected number of keys for RFC4716 format private key")
+
+        self.is_encrypted = private_key.cipher.value != RFC4716_NONE
+
+        self.public_key = base64.b64encode(private_key.public.value)
+        public_key_type = c_rfc4716.ssh_string(private_key.public.value)
+        self.key_type = public_key_type.value
+
+        if not self.is_encrypted:
+            private_key_data = private_key.private.value.rstrip(RFC4716_PADDING)
+
+            # We skip the two dummy uint32s at the start.
+            private_key_index = 8
+
+            private_key_type = c_rfc4716.ssh_string(private_key_data[private_key_index:])
+            private_key_index += 4 + private_key_type.length
+            self.key_type = private_key_type.value
+
+            private_key_fields = []
+            while private_key_index < len(private_key_data):
+                field = c_rfc4716.ssh_string(private_key_data[private_key_index:])
+                private_key_index += 4 + field.length
+                private_key_fields.append(field)
+
+            # There is always a comment present (with a length field of 0 for empty comments).
+            self.comment = private_key_fields[-1].value
+
+    def _parse_pem(self, data: bytes) -> None:
+        """Detect key type and encryption of PEM keys."""
+        self.is_encrypted = PEM_ENCRYPTED in data
+
+        if data.startswith(PEM_MARKER_START_RSA):
+            self.key_type = "ssh-rsa"
+
+        elif data.startswith(PEM_MARKER_START_DSA):
+            self.key_type = "ssh-dss"
+
+        # This is not a valid SSH key type, but we currently do not detect the specific ecdsa variant.
+        else:
+            self.key_type = "ecdsa"

dissect/target/plugins/os/unix/_os.py

@@ -40,12 +40,18 @@ class UnixPlugin(OSPlugin):
     @export(record=UnixUserRecord)
     @arg("--sessions", action="store_true", help="Parse syslog for recent user sessions")
     def users(self, sessions: bool = False) -> Iterator[UnixUserRecord]:
-        """Recover users from /etc/passwd, /etc/master.passwd or /var/log/syslog session logins."""
+        """Yield unix user records from passwd files or syslog session logins.
+
+        Resources:
+            - https://manpages.ubuntu.com/manpages/oracular/en/man5/passwd.5.html
+        """
+
+        PASSWD_FILES = ["/etc/passwd", "/etc/passwd-", "/etc/master.passwd"]
 
         seen_users = set()
 
         # Yield users found in passwd files.
-        for passwd_file in ["/etc/passwd", "/etc/master.passwd"]:
+        for passwd_file in PASSWD_FILES:
             if (path := self.target.fs.path(passwd_file)).exists():
                 for line in path.open("rt"):
                     line = line.strip()
@@ -53,7 +59,12 @@ class UnixPlugin(OSPlugin):
                         continue
 
                     pwent = dict(enumerate(line.split(":")))
-                    seen_users.add((pwent.get(0), pwent.get(5), pwent.get(6)))
+
+                    current_user = (pwent.get(0), pwent.get(5), pwent.get(6))
+                    if current_user in seen_users:
+                        continue
+
+                    seen_users.add(current_user)
                     yield UnixUserRecord(
                         name=pwent.get(0),
                         passwd=pwent.get(1),

dissect/target/plugins/os/unix/shadow.py

@@ -29,39 +29,55 @@ class ShadowPlugin(Plugin):
         if not self.target.fs.path("/etc/shadow").exists():
             raise UnsupportedPluginError("No shadow file found")
 
+    SHADOW_FILES = ["/etc/shadow", "/etc/shadow-"]
+
     @export(record=UnixShadowRecord)
     def passwords(self) -> Iterator[UnixShadowRecord]:
-        """Recover shadow records from /etc/shadow files."""
-
-        if (path := self.target.fs.path("/etc/shadow")).exists():
-            for line in path.open("rt"):
-                line = line.strip()
-                if line == "" or line.startswith("#"):
-                    continue
-
-                shent = dict(enumerate(line.split(":")))
-                crypt = extract_crypt_details(shent)
-
-                # do not return a shadow record if we have no hash
-                if crypt.get("hash") is None or crypt.get("hash") == "":
-                    continue
-
-                yield UnixShadowRecord(
-                    name=shent.get(0),
-                    crypt=shent.get(1),
-                    algorithm=crypt.get("algo"),
-                    crypt_param=crypt.get("param"),
-                    salt=crypt.get("salt"),
-                    hash=crypt.get("hash"),
-                    last_change=shent.get(2),
-                    min_age=shent.get(3),
-                    max_age=shent.get(4),
-                    warning_period=shent.get(5),
-                    inactivity_period=shent.get(6),
-                    expiration_date=shent.get(7),
-                    unused_field=shent.get(8),
-                    _target=self.target,
-                )
+        """Yield shadow records from /etc/shadow files.
+
+        Resources:
+            - https://manpages.ubuntu.com/manpages/oracular/en/man5/passwd.5.html#file:/etc/shadow
+        """
+
+        seen_hashes = set()
+
+        for shadow_file in self.SHADOW_FILES:
+            if (path := self.target.fs.path(shadow_file)).exists():
+                for line in path.open("rt"):
+                    line = line.strip()
+                    if line == "" or line.startswith("#"):
+                        continue
+
+                    shent = dict(enumerate(line.split(":")))
+                    crypt = extract_crypt_details(shent)
+
+                    # do not return a shadow record if we have no hash
+                    if crypt.get("hash") is None or crypt.get("hash") == "":
+                        continue
+
+                    # prevent duplicate user hashes
+                    current_hash = (shent.get(0), crypt.get("hash"))
+                    if current_hash in seen_hashes:
+                        continue
+
+                    seen_hashes.add(current_hash)
+
+                    yield UnixShadowRecord(
+                        name=shent.get(0),
+                        crypt=shent.get(1),
+                        algorithm=crypt.get("algo"),
+                        crypt_param=crypt.get("param"),
+                        salt=crypt.get("salt"),
+                        hash=crypt.get("hash"),
+                        last_change=shent.get(2),
+                        min_age=shent.get(3),
+                        max_age=shent.get(4),
+                        warning_period=shent.get(5),
+                        inactivity_period=shent.get(6),
+                        expiration_date=shent.get(7),
+                        unused_field=shent.get(8),
+                        _target=self.target,
+                    )
 
 
 def extract_crypt_details(shent: dict) -> dict:

{dissect.target-3.19.dev11.dist-info → dissect.target-3.19.dev13.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.19.dev11
+Version: 3.19.dev13
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.19.dev11.dist-info → dissect.target-3.19.dev13.dist-info}/RECORD

@@ -65,7 +65,6 @@ dissect/target/helpers/record.py,sha256=lWl7k2Mp9Axllm0tXzPGJx2zj2zONsyY_p5g424T
 dissect/target/helpers/record_modifier.py,sha256=3I_rC5jqvl0TsW3V8OQ6Dltz_D8J4PU1uhhzbJGKm9c,3245
 dissect/target/helpers/regutil.py,sha256=kX-sSZbW8Qkg29Dn_9zYbaQrwLumrr4Y8zJ1EhHXIAM,27337
 dissect/target/helpers/shell_folder_ids.py,sha256=Behhb8oh0kMxrEk6YYKYigCDZe8Hw5QS6iK_d2hTs2Y,24978
-dissect/target/helpers/ssh.py,sha256=obB7sqUH0IoUo78NAmHM8TX0pgA_4GHICZ3TA3TW_0E,6324
 dissect/target/helpers/targetd.py,sha256=ELhUulzQ4OgXgHsWhsLgM14vut8Wm6btr7qTynlwKaE,1812
 dissect/target/helpers/utils.py,sha256=r36Bn0UL0E6Z8ajmQrHzC6RyUxTRdwJ1PNsd904Lmzs,4027
 dissect/target/helpers/compat/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -135,10 +134,10 @@ dissect/target/plugins/apps/remoteaccess/teamviewer.py,sha256=SiEH36HM2NvdPuCjfL
 dissect/target/plugins/apps/shell/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/shell/powershell.py,sha256=biPSMRWxPI6kRqP0-75yMtrw0Ti2Bzfl_xI3xbmmF48,2641
 dissect/target/plugins/apps/ssh/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/apps/ssh/openssh.py,sha256=yt3bX93Q9wfF25_vG9APMwfZWUUqCPyLlVJdhu20syI,7250
+dissect/target/plugins/apps/ssh/openssh.py,sha256=oaJeKmTvVMo4aePo4Ep7t0ludJPNuuokGEW07w4gAvQ,7216
 dissect/target/plugins/apps/ssh/opensshd.py,sha256=DaXKdgGF3GYHHA4buEvphcm6FF4C8YFjgD96Dv6rRnM,5510
 dissect/target/plugins/apps/ssh/putty.py,sha256=EmsXr2NbOB13-EWS5AkpEPMUhOkVl6FAy8JGUiaDhxk,10133
-dissect/target/plugins/apps/ssh/ssh.py,sha256=tTA87u0B8yY1yVCPV0VJdRUct6ggkir_pIziP-eKnVo,3009
+dissect/target/plugins/apps/ssh/ssh.py,sha256=d3U8PJbtMvOV3K0wV_9KzGt2oRs-mfNQz1_Xd6SNx0Y,9320
 dissect/target/plugins/apps/vpn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/vpn/openvpn.py,sha256=d-DGINTIHP_bvv3T09ZwbezHXGctvCyAhJ482m2_-a0,7654
 dissect/target/plugins/apps/vpn/wireguard.py,sha256=SoAMED_bwWJQ3nci5qEY-qV4wJKSSDZQ8K7DoJRYq0k,6521
@@ -184,7 +183,7 @@ dissect/target/plugins/general/scrape.py,sha256=Fz7BNXflvuxlnVulyyDhLpyU8D_hJdH6
 dissect/target/plugins/general/users.py,sha256=cQXPQ2XbkPjckCPHYTUW4JEhYN0_CT8JI8hJPZn3qSs,3030
 dissect/target/plugins/os/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/os/unix/_os.py,sha256=VQHx8PDhJ0NHzNuo3RIN3DGXkLqpGXbQe8M5ZbtI5nM,14277
+dissect/target/plugins/os/unix/_os.py,sha256=GcbP8HbK1XtwYFGbl8x0BdfoLAC2ROv9xieeFGI5dWM,14557
 dissect/target/plugins/os/unix/cronjobs.py,sha256=2ssj97UVJueyATVl7NMJmqd9uHflQ2tXUqdOCFIEje8,3182
 dissect/target/plugins/os/unix/datetime.py,sha256=gKfBdPyUirt3qmVYfOJ1oZXRPn8wRzssbZxR_ARrtk8,1518
 dissect/target/plugins/os/unix/etc.py,sha256=HoPEC1hxqurSnAXQAK-jf_HxdBIDe-1z_qSw_n-ViI4,258
@@ -192,7 +191,7 @@ dissect/target/plugins/os/unix/generic.py,sha256=6_MJrV1LbIxNQJwAZR0HEQljoxwF5BP
 dissect/target/plugins/os/unix/history.py,sha256=ptNGHkHOLJ5bE4r1PqtkQFcQHqzS6-qe5ms1tTGOJp8,6620
 dissect/target/plugins/os/unix/locale.py,sha256=V3R7mEyrH3f-h7SGAucByaYYDA2SIil9Qb-s3dPmDEA,3961
 dissect/target/plugins/os/unix/packagemanager.py,sha256=Wm2AAJOD_B3FAcZNXgWtSm_YwbvrHBYOP8bPmOXNjG4,2427
-dissect/target/plugins/os/unix/shadow.py,sha256=TvN04uzFnUttNMZAa6_1XdXSP-8V6ztbZNoetDvfD0w,3535
+dissect/target/plugins/os/unix/shadow.py,sha256=W6W6rMru7IVnuBc6sl5wsRWTOrJdS1s7_2_q7QRf7Is,4148
 dissect/target/plugins/os/unix/bsd/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/bsd/_os.py,sha256=e5rttTOFOmd7e2HqP9ZZFMEiPLBr-8rfH0XH1IIeroQ,1372
 dissect/target/plugins/os/unix/bsd/citrix/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -345,10 +344,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.19.dev11.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.19.dev11.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.19.dev11.dist-info/METADATA,sha256=K__-QEn5j-2bVryeNdtzhb6et_uhqklZ7KSWkBT33pM,12719
-dissect.target-3.19.dev11.dist-info/WHEEL,sha256=Wyh-_nZ0DJYolHNn1_hMa4lM7uDedD_RGVwbmTjyItk,91
-dissect.target-3.19.dev11.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.19.dev11.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.19.dev11.dist-info/RECORD,,
+dissect.target-3.19.dev13.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.19.dev13.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.19.dev13.dist-info/METADATA,sha256=oFZiiry3QZEqrgYijsGOlPjZn1DfUM3GBMdf8WZaIFc,12719
+dissect.target-3.19.dev13.dist-info/WHEEL,sha256=Wyh-_nZ0DJYolHNn1_hMa4lM7uDedD_RGVwbmTjyItk,91
+dissect.target-3.19.dev13.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.19.dev13.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.19.dev13.dist-info/RECORD,,

dissect/target/helpers/ssh.py

@@ -1,177 +0,0 @@
-import base64
-import binascii
-
-from dissect.cstruct import cstruct
-
-rfc4716_def = """
-struct ssh_string {
-    uint32 length;
-    char value[length];
-}
-
-struct ssh_private_key {
-    char magic[15];
-
-    ssh_string cipher;
-    ssh_string kdf_name;
-    ssh_string kdf_options;
-
-    uint32 number_of_keys;
-
-    ssh_string public;
-    ssh_string private;
-}
-"""
-
-c_rfc4716 = cstruct(endian=">").load(rfc4716_def)
-
-RFC4716_MARKER_START = b"-----BEGIN OPENSSH PRIVATE KEY-----"
-RFC4716_MARKER_END = b"-----END OPENSSH PRIVATE KEY-----"
-RFC4716_MAGIC = b"openssh-key-v1\x00"
-RFC4716_PADDING = b"\x01\x02\x03\x04\x05\x06\x07"
-RFC4716_NONE = b"none"
-
-PKCS8_MARKER_START = b"-----BEGIN PRIVATE KEY-----"
-PKCS8_MARKER_END = b"-----END PRIVATE KEY-----"
-PKCS8_MARKER_START_ENCRYPTED = b"-----BEGIN ENCRYPTED PRIVATE KEY-----"
-PKCS8_MARKER_END_ENCRYPTED = b"-----END ENCRYPTED PRIVATE KEY-----"
-
-PEM_MARKER_START_RSA = b"-----BEGIN RSA PRIVATE KEY-----"
-PEM_MARKER_END_RSA = b"-----END RSA PRIVATE KEY-----"
-PEM_MARKER_START_DSA = b"-----BEGIN DSA PRIVATE KEY-----"
-PEM_MARKER_END_DSA = b"-----END DSA PRIVATE KEY-----"
-PEM_MARKER_START_EC = b"-----BEGIN EC PRIVATE KEY-----"
-PEM_MARKER_END_EC = b"-----END EC PRIVATE KEY-----"
-PEM_ENCRYPTED = b"ENCRYPTED"
-
-
-class SSHPrivateKey:
-    """A class to parse (OpenSSH-supported) SSH private keys.
-
-    OpenSSH supports three types of keys:
-    * RFC4716 (default)
-    * PKCS8
-    * PEM
-    """
-
-    def __init__(self, data: bytes):
-        self.key_type = None
-        self.public_key = None
-        self.comment = ""
-
-        if is_rfc4716(data):
-            self.format = "RFC4716"
-            self._parse_rfc4716(data)
-
-        elif is_pkcs8(data):
-            self.format = "PKCS8"
-            self.is_encrypted = data.startswith(PKCS8_MARKER_START_ENCRYPTED)
-
-        elif is_pem(data):
-            self.format = "PEM"
-            self._parse_pem(data)
-
-        else:
-            raise ValueError("Unsupported private key format")
-
-    def _parse_rfc4716(self, data: bytes) -> None:
-        """Parse OpenSSH format SSH private keys.
-
-        The format:
-        "openssh-key-v1"0x00    # NULL-terminated "Auth Magic" string
-        32-bit length, "none"   # ciphername length and string
-        32-bit length, "none"   # kdfname length and string
-        32-bit length, nil      # kdf (0 length, no kdf)
-        32-bit 0x01             # number of keys, hard-coded to 1 (no length)
-        32-bit length, sshpub   # public key in ssh format
-            32-bit length, keytype
-            32-bit length, pub0
-            32-bit length, pub1
-        32-bit length for rnd+prv+comment+pad
-            64-bit dummy checksum?  # a random 32-bit int, repeated
-            32-bit length, keytype  # the private key (including public)
-            32-bit length, pub0     # Public Key parts
-            32-bit length, pub1
-            32-bit length, prv0     # Private Key parts
-            ...                     # (number varies by type)
-            32-bit length, comment  # comment string
-            padding bytes 0x010203  # pad to blocksize (see notes below)
-
-        Source: https://coolaj86.com/articles/the-openssh-private-key-format/
-        """
-
-        key_data = decode_rfc4716(data)
-        private_key = c_rfc4716.ssh_private_key(key_data)
-
-        # RFC4716 only supports 1 key at the moment.
-        if private_key.magic != RFC4716_MAGIC or private_key.number_of_keys != 1:
-            raise ValueError("Unexpected number of keys for RFC4716 format private key")
-
-        self.is_encrypted = private_key.cipher.value != RFC4716_NONE
-
-        self.public_key = base64.b64encode(private_key.public.value)
-        public_key_type = c_rfc4716.ssh_string(private_key.public.value)
-        self.key_type = public_key_type.value
-
-        if not self.is_encrypted:
-            private_key_data = private_key.private.value.rstrip(RFC4716_PADDING)
-
-            # We skip the two dummy uint32s at the start.
-            private_key_index = 8
-
-            private_key_type = c_rfc4716.ssh_string(private_key_data[private_key_index:])
-            private_key_index += 4 + private_key_type.length
-            self.key_type = private_key_type.value
-
-            private_key_fields = []
-            while private_key_index < len(private_key_data):
-                field = c_rfc4716.ssh_string(private_key_data[private_key_index:])
-                private_key_index += 4 + field.length
-                private_key_fields.append(field)
-
-            # There is always a comment present (with a length field of 0 for empty comments).
-            self.comment = private_key_fields[-1].value
-
-    def _parse_pem(self, data: bytes) -> None:
-        """Detect key type and encryption of PEM keys."""
-        self.is_encrypted = PEM_ENCRYPTED in data
-
-        if data.startswith(PEM_MARKER_START_RSA):
-            self.key_type = "ssh-rsa"
-
-        elif data.startswith(PEM_MARKER_START_DSA):
-            self.key_type = "ssh-dss"
-
-        # This is not a valid SSH key type, but we currently do not detect the specific ecdsa variant.
-        else:
-            self.key_type = "ecdsa"
-
-
-def is_rfc4716(data: bytes) -> bool:
-    """Validate data is a valid looking SSH private key in the OpenSSH format."""
-    return data.startswith(RFC4716_MARKER_START) and data.endswith(RFC4716_MARKER_END)
-
-
-def decode_rfc4716(data: bytes) -> bytes:
-    """Base64 decode the private key data."""
-    encoded_key_data = data.removeprefix(RFC4716_MARKER_START).removesuffix(RFC4716_MARKER_END)
-    try:
-        return base64.b64decode(encoded_key_data)
-    except binascii.Error:
-        raise ValueError("Error decoding RFC4716 key data")
-
-
-def is_pkcs8(data: bytes) -> bool:
-    """Validate data is a valid looking PKCS8 SSH private key."""
-    return (data.startswith(PKCS8_MARKER_START) and data.endswith(PKCS8_MARKER_END)) or (
-        data.startswith(PKCS8_MARKER_START_ENCRYPTED) and data.endswith(PKCS8_MARKER_END_ENCRYPTED)
-    )
-
-
-def is_pem(data: bytes) -> bool:
-    """Validate data is a valid looking PEM SSH private key."""
-    return (
-        (data.startswith(PEM_MARKER_START_RSA) and data.endswith(PEM_MARKER_END_RSA))
-        or (data.startswith(PEM_MARKER_START_DSA) and data.endswith(PEM_MARKER_END_DSA))
-        or (data.startswith(PEM_MARKER_START_EC) and data.endswith(PEM_MARKER_END_EC))
-    )