derivepassphrase.git

@@ -5,6 +5,9 @@ div.doc-contents:not(.first) {

 }

 /* Mark external links as such. */

+div.doc-contents a[href^="https://"]::after,

+div.doc-contents a[href^="http://"]::after,

+div.doc-contents a[href^="//"]::after,

 a.external::after,

 a.autorefs-external::after {

   /* https://primer.style/octicons/arrow-up-right-24 */

@@ -1 +1,13 @@

 # API reference

+

+Top-level modules:

+

+Module                  | Description

+----------------------- | --------------------------------------------------------------------

+[`derivepassphrase`][]  | Work-alike for vault(1) - deterministic, stateless password manager.

+[`sequin`][]            | Python port of Sequin, a pseudorandom number generator.

+[`ssh_agent_client`][]  | A bare-bones SSH agent client supporting signing and key listing.

+

+  [derivepassphrase]: reference/derivepassphrase.md

+  [sequin]: reference/sequin.md

+  [ssh_agent_client]: reference/ssh_agent_client.md

@@ -0,0 +1,4 @@

+::: derivepassphrase

+    heading_level: 1

+    options:

+      show_submodules: true

@@ -0,0 +1,2 @@

+::: sequin

+    heading_level: 1

@@ -0,0 +1,4 @@

+::: ssh_agent_client

+    heading_level: 1

+    options:

+      show_submodules: true

@@ -56,6 +56,8 @@ plugins:

             docstring_options:

               ignore_init_summary: true

               returns_multiple_items: false

+            merge_init_into_class: true

+            show_source: false

             heading_level: 2

             show_object_full_path: false

             show_root_members_full_path: false

@@ -75,7 +77,11 @@ nav:

   - derivepassphrase documentation: index.md

   #- tutorials.md

   #- How-Tos: how-tos.md

-  - Reference: reference.md

+  - Reference:

+    - API overview: reference.md

+    - Module derivepassphrase: reference/derivepassphrase.md

+    - Module sequin: reference/sequin.md

+    - Module ssh_agent_client: reference/ssh_agent_client.md

   #- explanation.md

 markdown_extensions:

@@ -1,3 +1,305 @@

 # SPDX-FileCopyrightText: 2024 Marco Ricci <m@the13thletter.info>

 #

 # SPDX-License-Identifier: MIT

+

+"""Work-alike of vault(1) – a deterministic, stateless password manager

+

+"""

+

+from __future__ import annotations

+

+import collections

+import hashlib

+import math

+import warnings

+

+from typing import assert_type, reveal_type

+

+import sequin

+import ssh_agent_client

+

+class Vault:

+    """A work-alike of James Coglan's vault.

+

+    Store settings for generating (actually: deriving) passphrases for

+    named services, with various constraints, given only a master

+    passphrase.  Also, actually generate the passphrase.  The derivation

+    is deterministic and non-secret; only the master passphrase need be

+    kept secret.  The implementation is compatible with [vault][].

+

+    [James Coglan explains the passphrase derivation algorithm in great

+    detail][ALGORITHM] in his blog post on said topic: A principally

+    infinite bit stream is obtained by running a key-derivation function

+    on the master passphrase and the service name, then this bit stream

+    is fed into a [sequin][] to generate random numbers in the correct

+    range, and finally these random numbers select passphrase characters

+    until the desired length is reached.

+

+    [vault]: https://getvau.lt

+    [ALGORITHM]: https://blog.jcoglan.com/2012/07/16/designing-vaults-generator-algorithm/

+

+    """

+    _UUID = b'e87eb0f4-34cb-46b9-93ad-766c5ab063e7'

+    """A tag used by vault in the bit stream generation."""

+    _CHARSETS: collections.OrderedDict[str, bytes]

+    """

+        Known character sets from which to draw passphrase characters.

+        Relies on a certain, fixed order for their definition and their

+        contents.

+

+    """

+    _CHARSETS = collections.OrderedDict([

+        ('lower', b'abcdefghijklmnopqrstuvwxyz'),

+        ('upper', b'ABCDEFGHIJKLMNOPQRSTUVWXYZ'),

+        ('alpha', b''),  # Placeholder.

+        ('number', b'0123456789'),

+        ('alphanum', b''),  # Placeholder.

+        ('space', b' '),

+        ('dash', b'-_'),

+        ('symbol', b'!"#$%&\'()*+,./:;<=>?@[\\]^{|}~-_'),

+        ('all', b''),  # Placeholder.

+    ])

+    _CHARSETS['alpha'] = _CHARSETS['lower'] + _CHARSETS['upper']

+    _CHARSETS['alphanum'] = _CHARSETS['alpha'] + _CHARSETS['number']

+    _CHARSETS['all'] = (_CHARSETS['alphanum'] + _CHARSETS['space']

+                        + _CHARSETS['symbol'])

+

+    def __init__(

+        self, *, phrase: bytes | bytearray = b'', length: int = 20,

+        repeat: int = 0, lower: int | None = None,

+        upper: int | None = None, number: int | None = None,

+        space: int | None = None, dash: int | None = None,

+        symbol: int | None = None,

+    ) -> None:

+        """Initialize the Vault object.

+

+        Args:

+            phrase:

+                The master passphrase from which to derive the service

+                passphrases.

+            length:

+                Desired passphrase length.

+            repeat:

+                The maximum number of immediate character repetitions

+                allowed in the passphrase.  Disabled if set to 0.

+            lower:

+                Optional constraint on lowercase characters.  If

+                positive, include this many lowercase characters

+                somewhere in the passphrase.  If 0, avoid lowercase

+                characters altogether.

+            upper:

+                Same as `lower`, but for uppercase characters.

+            number:

+                Same as `lower`, but for ASCII digits.

+            space:

+                Same as `lower`, but for the space character.

+            dash:

+                Same as `lower`, but for the hyphen-minus and underscore

+                characters.

+            symbol:

+                Same as `lower`, but for all other hitherto unlisted

+                ASCII printable characters (except backquote).

+

+        """

+        self._phrase = bytes(phrase)

+        self._length = length

+        self._repeat = repeat

+        self._allowed = bytearray(self._CHARSETS['all'])

+        self._required: list[bytes] = []

+        def subtract_or_require(

+            count: int | None, characters: bytes | bytearray

+        ) -> None:

+            if not isinstance(count, int):

+                return

+            elif count <= 0:

+                self._allowed = self._subtract(characters, self._allowed)

+            else:

+                for _ in range(count):

+                    self._required.append(characters)

+        subtract_or_require(lower, self._CHARSETS['lower'])

+        subtract_or_require(upper, self._CHARSETS['upper'])

+        subtract_or_require(number, self._CHARSETS['number'])

+        subtract_or_require(space, self._CHARSETS['space'])

+        subtract_or_require(dash, self._CHARSETS['dash'])

+        subtract_or_require(symbol, self._CHARSETS['symbol'])

+        if len(self._required) < self._length:

+            raise ValueError('requested passphrase length too short')

+        if not self._allowed:

+            raise ValueError('no allowed characters left')

+        for _ in range(len(self._required), self._length):

+            self._required.append(bytes(self._allowed))

+

+    def _entropy_upper_bound(self) -> int:

+        """Estimate the passphrase entropy, given the current settings.

+

+        The entropy is the base 2 logarithm of the amount of

+        possibilities.  We operate directly on the logarithms, and round

+        each summand up, overestimating the true entropy.

+

+        """

+        factors: list[int] = []

+        for i, charset in enumerate(self._required):

+            factors.append(i + 1)

+            factors.append(len(charset))

+        return sum(int(math.ceil(math.log2(f))) for f in factors)

+

+    @classmethod

+    def create_hash(

+        cls, key: bytes | bytearray, message: bytes | bytearray, *,

+        length: int = 32,

+    ) -> bytes:

+        """Create a pseudorandom byte stream from key and message.

+

+        Args:

+            key:

+                A cryptographic key.  Typically a master passphrase, or

+                an SSH signature.

+            message:

+                A message.  Typically a vault service name.

+            length:

+                The length of the byte stream to generate.

+

+        Returns:

+            A pseudorandom byte string of length `length`.

+

+        Note:

+            Shorter values returned from this method (with the same key

+            and message) are prefixes of longer values returned from

+            this method.  (This property is inherited from the

+            underlying PBKDF2 function.)  It is thus safe (if slow) to

+            call this method with the same input with ever-increasing

+            target lengths.

+

+        """

+        return hashlib.pbkdf2_hmac(hash_name='sha1', password=key,

+                                   salt=message, iterations=8, dklen=length)

+

+    def generate(

+        self, service_name: str, /, *, phrase: bytes | bytearray = b'',

+    ) -> bytes | bytearray:

+        """Generate a service passphrase.

+

+        Args:

+            service_name:

+                The service name.

+            phrase:

+                If given, override the passphrase given during

+                construction.

+

+        """

+        entropy_bound = self._entropy_upper_bound()

+        # Use a safety factor, because a sequin will potentially throw

+        # bits away and we cannot rely on having generated a hash of

+        # exactly the right length.

+        safety_factor = 2

+        hash_length = int(math.ceil(safety_factor * entropy_bound / 8))

+        if not phrase:

+            phrase = self._phrase

+        # Repeat the passphrase generation with ever-increasing hash

+        # lengths, until the passphrase can be formed without exhausting

+        # the sequin.  See the guarantee in the create_hash method for

+        # why this works.

+        while True:

+            try:

+                required = self._required[:]

+                seq = sequin.Sequin(self.create_hash(

+                    key=phrase,

+                    message=(service_name.encode('utf-8') + self._UUID),

+                    length=hash_length))

+                result = bytearray()

+                while len(result) < self._length:

+                    pos = seq.generate(len(required))

+                    charset = required.pop(pos)

+                    # Determine if an unlucky choice right now might

+                    # violate the restriction on repeated characters.

+                    # That is, check if the current partial passphrase

+                    # ends with r - 1 copies of the same character

+                    # (where r is the repeat limit that must not be

+                    # reached), and if so, remove this same character

+                    # from the current character's allowed set.

+                    previous = result[-1] if result else None

+                    i = self._repeat - 1

+                    same = (i >= 0) if previous is not None else False

+                    while same and i > 0:

+                        i -= 1

+                        if same:

+                            other_pos = -(self._repeat - i)

+                            same = (result[other_pos] == previous)

+                    if same:

+                        assert previous is not None  # for the type checker

+                        charset = self._subtract(bytes([previous]), charset)

+                    # End checking for repeated characters.

+                    index = seq.generate(len(charset))

+                    result.extend(charset[index:index+1])

+            except sequin.SequinExhaustedException:

+                hash_length *= 2

+            else:

+                return result

+

+    @classmethod

+    def phrase_from_signature(

+        cls, key: bytes | bytearray, /

+    ) -> bytes | bytearray:

+        """Obtain the master passphrase from a configured SSH key.

+

+        vault allows the usage of certain SSH keys to derive a master

+        passphrase, by signing the vault UUID with the SSH key.  The key

+        type must ensure that signatures are deterministic.

+

+        Args:

+            key: The (public) SSH key to use for signing.

+

+        Returns:

+            The signature of the vault UUID under this key.

+

+        Raises:

+            ValueError:

+                The SSH key is principally unsuitable for this use case.

+                Usually this means that the signature is not

+                deterministic.

+

+        """

+        deterministic_signature_types = {

+            'ssh-ed25519':

+                lambda k: k.startswith(b'\x00\x00\x00\x0bssh-ed25519'),

+            'ssh-rsa':

+                lambda k: k.startswith(b'\x00\x00\x00\x07ssh-rsa'),

+        }

+        if not any(v(key) for v in deterministic_signature_types.values()):

+            raise ValueError(

+                'unsuitable SSH key: bad key, or signature not deterministic')

+        with ssh_agent_client.SSHAgentClient() as client:

+            ret = client.sign(key, cls._UUID)

+        return ret

+

+    def _subtract(

+        self, charset: bytes | bytearray, allowed: bytes | bytearray,

+    ) -> bytearray:

+        """Remove the characters in charset from allowed.

+

+        This preserves the relative order of characters in `allowed`.

+

+        Args:

+            charset: Characters to remove.

+            allowed: Character set to remove the other characters from.

+

+        Returns:

+            The pruned character set.

+

+        Raises:

+            ValueError: `charset` contained duplicate characters.

+

+        """

+        allowed = (allowed if isinstance(allowed, bytearray)

+                   else bytearray(allowed))

+        assert_type(allowed, bytearray)

+        if len(frozenset(charset)) != len(charset):

+            raise ValueError('duplicate characters in set')

+        for c in charset:

+            try:

+                pos = allowed.index(c)

+            except LookupError:

+                pass

+            else:

+                allowed[pos:pos+1] = []

+        return allowed

@@ -0,0 +1,5 @@

+# SPDX-FileCopyrightText: 2024 Marco Ricci <m@the13thletter.info>

+#

+# SPDX-License-Identifier: MIT

+__version__ = "0.0.1"

+__author__ = "Marco Ricci <m@the13thletter.info>"

@@ -0,0 +1,277 @@

+# SPDX-FileCopyrightText: 2024 Marco Ricci <m@the13thletter.info>

+#

+# SPDX-License-Identifier: MIT

+

+"""A Python reimplementation of James Coglan's "sequin" Node.js module.

+

+James Coglan's "sequin" Node.js module provides a pseudorandom number

+generator (using rejection sampling on a stream of input numbers) that

+attempts to minimize the amount of information it throws away:

+(non-degenerate) rejected samples are fed into a stream of higher-order

+numbers from which the next random number generation request will be

+served.  The sequin module is used in Coglan's "vault" module (a

+deterministic, stateless password manager that recomputes passwords

+instead of storing them), and this reimplementation is used for

+a similar purpose.

+

+The main API is the [`Sequin`] [sequin.Sequin] class, which is

+thoroughly documented.

+

+"""

+

+from __future__ import annotations

+

+import collections

+import math

+

+from collections.abc import Sequence, MutableSequence

+from typing import assert_type, Literal, TypeAlias

+

+__all__ = ('Sequin', 'SequinExhaustedException')

+

+class Sequin:

+    """Generate pseudorandom non-negative numbers in different ranges.

+

+    Given a (presumed high-quality) uniformly random sequence of input

+    bits, generate pseudorandom non-negative integers in a certain range

+    on each call of the `generate` method.  (It is permissible to

+    specify a different range per call to `generate`; this is the main

+    use case.)  We use a modified version of rejection sampling, where

+    rejected values are stored in "rejection queues" if possible, and

+    these rejection queues re-seed the next round of rejection sampling.

+

+    This is a Python reimplementation of James Coglan's [Node.js sequin

+    module][JS_SEQUIN], as introduced in [his blog post][BLOG_POST].  It

+    uses a [technique by Christian Lawson-Perfect][SEQUIN_TECHNIQUE].

+    I do not know why the original module is called "sequin"; I presume

+    it to be a pun on "sequence".

+

+    [JS_SEQUIN]: https://www.npmjs.com/package/sequin

+    [BLOG_POST]: https://blog.jcoglan.com/2012/07/16/designing-vaults-generator-algorithm/

+    [SEQUIN_TECHNIQUE]: https://checkmyworking.com/2012/06/converting-a-stream-of-binary-digits-to-a-stream-of-base-n-digits/

+

+    """

+    def __init__(

+        self,

+        sequence: str | bytes | bytearray | Sequence[int],

+    ):

+        """Initialize the Sequin.

+

+        Args:

+            sequence:

+                A sequence of bits, or things convertible to bits, to

+                seed the pseudorandom number generator.  Byte and text

+                strings are converted to 8-bit integer sequences.

+                (Conversion will fail if the text string contains

+                non-ISO-8859-1 characters.)  The numbers are then

+                converted to bits.

+

+        """

+        def uint8_to_bits(value):

+            """Yield individual bits of an 8-bit number, MSB first."""

+            for i in (0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01):

+                yield 1 if value | i == value else 0

+        if isinstance(sequence, str):

+            sequence = tuple(sequence.encode('iso-8859-1'))

+        else:

+            sequence = tuple(sequence)

+        assert_type(sequence, tuple[int, ...])

+        self.bases: dict[int, MutableSequence[int]] = {}

+        gen = (bit for num in sequence for bit in uint8_to_bits(num))

+        self.bases[2] = collections.deque(gen)

+

+    def _all_or_nothing_shift(

+        self, count: int, /, *, base: int = 2

+    ) -> Sequence[int]:

+        """Shift and return items if and only if there are enough.

+

+        Args:

+            count: Number of items to shift/consume.

+            base: Use the base `base` sequence.

+

+        Returns:

+            If there are sufficient items in the sequence left, then

+            consume them from the sequence and return them.  Otherwise,

+            consume nothing, and return nothing.

+

+        Notes:

+            We currently remove now-empty sequences from the registry of

+            sequences.

+

+        Examples:

+            >>> seq = Sequin([1, 0, 1, 0, 0, 1, 0, 0, 0, 1])

+            >>> seq.bases

+            {2: deque([1, 0, 1, 0, 0, 1, 0, 0, 0, 1])}

+            >>> seq._all_or_nothing_shift(3)

+            (1, 0, 1)

+            >>> seq._all_or_nothing_shift(3)

+            (0, 0, 1)

+            >>> seq.bases[2]

+            deque([0, 0, 0, 1])

+            >>> seq._all_or_nothing_shift(5)

+            ()

+            >>> seq.bases[2]

+            deque([0, 0, 0, 1])

+            >>> seq._all_or_nothing_shift(4)

+            (0, 0, 0, 1)

+            >>> 2 in seq.bases  # now-empty sequences are removed

+            False

+

+        """

+        try:

+            seq = self.bases[base]

+        except KeyError:

+            return ()

+        else:

+            chunk = tuple(seq[:count])

+            if len(chunk) == count:

+                del seq[:count]

+                # Clean up queues.

+                if not seq:

+                    del self.bases[base]

+                return chunk

+            return ()

+

+    @staticmethod

+    def _big_endian_number(

+        digits: Sequence[int], /, *, base: int = 2

+    ) -> int:

+        """Evaluate the given integer sequence as a big endian number.

+

+        Args:

+            digits: A sequence of integers to evaluate.

+            base: The number base to evaluate those integers in.

+

+        Raises:

+            ValueError: `base` is an invalid base.

+            ValueError: Not all integers are valid base `base` digits.

+

+        Examples:

+            >>> Sequin._big_endian_number([1, 2, 3, 4, 5, 6, 7, 8], base=10)

+            12345678

+            >>> Sequin._big_endian_number([0, 0, 0, 0, 1, 4, 9, 7], base=10)

+            1497

+            >>> Sequin._big_endian_number([1, 0, 0, 1, 0, 0, 0, 0], base=2)

+            144

+            >>> Sequin._big_endian_number([1, 7, 5, 5], base=8) == 0o1755

+            True

+            >>> Sequin._big_endian_number([-1], base=3)  # doctest: +ELLIPSIS

+            Traceback (most recent call last):

+                ...

+            ValueError: ...

+            >>> Sequin._big_endian_number([0], base=1)  # doctest: +ELLIPSIS

+            Traceback (most recent call last):

+                ...

+            ValueError: ...

+

+        """

+        if base < 2:

+            raise ValueError(f'invalid base: {base!r}')

+        ret = 0

+        allowed_range = range(base)

+        n = len(digits)

+        for i in range(n):

+            i2 = (n - 1) - i

+            x = digits[i]

+            if not isinstance(x, int):

+                raise TypeError(f'not an integer: {x!r}')

+            if x not in allowed_range:

+                raise ValueError(f'invalid base {base!r} digit: {x!r}')

+            ret += (base ** i2) * x

+        return ret

+

+    def generate(self, n: int, /) -> int:

+        """Generate a base `n` non-negative integer.

+

+        We attempt to generate a value using rejection sampling.  If the

+        generated sample is outside the desired range (i.e., is

+        rejected), then attempt to reuse the sample by seeding

+        a "higher-order" input sequence of uniformly random numbers (for

+        a different base).

+

+        Args:

+            n:

+                Generate numbers in the range 0, ..., `n` - 1.

+                (Inclusive.)

+

+        Returns:

+            A pseudorandom number in the range 0, ..., `n` - 1.

+

+        Raises:

+            SequinExhaustedException:

+                The sequin is exhausted.

+

+        """

+        value = self._generate_inner(n, base=2)

+        if value == n:

+            raise SequinExhaustedException('Sequin is exhausted')

+        return value

+

+    def _generate_inner(

+        self, n: int, /, *, base: int = 2

+    ) -> int:

+        """Recursive call to generate a base `n` non-negative integer.

+

+        We first determine the correct exponent `k` to generate base `n`

+        numbers from a stream of base `base` numbers, then attempt to

+        take `k` numbers from the base `base` sequence (or bail if not

+        possible).  If the resulting number `v` is out of range for

+        base `n`, then push `v - n` onto the rejection queue for

+        base `r` = `base` ** `k` - `n`, and attempt to generate the

+        requested base `n` integer from the sequence of base `r` numbers

+        next.  (This recursion is not attempted if `r` = 1.)  Otherwise,

+        return the number.

+

+        Args:

+            n:

+                Generate numbers in the range 0, ..., `n` - 1.

+                (Inclusive.)

+            base:

+                Use the base `base` sequence as a source for

+                pseudorandom numbers.

+

+        Returns:

+            A pseudorandom number in the range 0, ..., `n` - 1 if

+            possible, or `n` if the stream is exhausted.

+

+        """

+        # p = base ** k, where k is the smallest integer such that

+        # p >= n.  We determine p and k inductively.

+        p = 1

+        k = 0

+        while p < n:

+            p *= base

+            k += 1

+        # The remainder r of p and n is used as the base for rejection

+        # queue.

+        r = p - n

+        # The generated number v is initialized to n because of the

+        # while loop below.

+        v = n

+        while v > n - 1:

+            list_slice = self._all_or_nothing_shift(k, base=base)

+            if not list_slice:

+                return n

+            v = self._big_endian_number(list_slice, base=base)

+            if v > n - 1:

+                # If r is 0, then p == n, so v < n, or rather

+                # v <= n - 1.

+                assert r > 0

+                if r == 1:

+                    continue

+                self._stash(v - n, base=r)

+                v = self._generate_inner(n, base=r)

+        return v

+

+    def _stash(self, value: int, /, *, base: int = 2) -> None:

+        """Stash `value` on the base `base` sequence."""

+        if base not in self.bases:

+            self.bases[base] = collections.deque()

+        self.bases[base].append(value)

+

+class SequinExhaustedException(Exception):

+    """The sequin is exhausted.

+

+    No more values can be generated from this sequin.

+

+    """

@@ -0,0 +1,5 @@

+# SPDX-FileCopyrightText: 2024 Marco Ricci <m@the13thletter.info>

+#

+# SPDX-License-Identifier: MIT

+__version__ = "0.0.1"

+__author__ = "Marco Ricci <m@the13thletter.info>"

@@ -0,0 +1,259 @@

+# SPDX-FileCopyrightText: 2024 Marco Ricci <m@the13thletter.info>

+#

+# SPDX-License-Identifier: MIT

+

+"""A bare-bones SSH agent client supporting signing and key listing."""

+

+from __future__ import annotations

+

+import collections

+import enum

+import errno

+import os

+import pathlib

+import socket

+

+from collections.abc import Sequence, MutableSequence

+from typing import Any, NamedTuple, Self, TypeAlias

+from ssh_agent_client.types import KeyCommentPair, SSH_AGENT, SSH_AGENTC

+

+__all__ = ('SSHAgentClient',)

+

+_socket = socket

+

+class SSHAgentClient:

+    """A bare-bones SSH agent client supporting signing and key listing.

+

+    The main use case is requesting the agent sign some data, after

+    checking that the necessary key is already loaded.

+

+    The main fleshed out methods are `list_keys` and `sign`, which

+    implement the `REQUEST_IDENTITIES` and `SIGN_REQUEST` requests.  If

+    you *really* wanted to, there is enough infrastructure in place to

+    issue other requests as defined in the protocol---it's merely the

+    wrapper functions and the protocol numbers table that are missing.

+

+    Attributes:

+        connection:

+            The socket connected to the SSH agent.

+        ssh_auth_sock:

+            The UNIX domain socket the SSH agent is listening on.  Unset

+            if socket auto-discovery is not used.

+

+    """

+    connection: socket.socket

+    ssh_auth_sock: str | None

+    def __init__(

+        self, /, *, socket: socket.socket | None = None, timeout: int = 125

+    ) -> None:

+        """Initialize the client.

+

+        Args:

+            socket:

+                An optional socket, connected to the SSH agent.  If not

+                given, we query the `SSH_AUTH_SOCK` environment

+                variable to auto-discover the correct socket address.

+            timeout:

+                A connection timeout for the SSH agent.  Only used if

+                the socket is not yet connected.  The default value

+                gives ample time for agent connections forwarded via

+                SSH on high-latency networks (e.g. Tor).

+

+        """

+        self.ssh_auth_sock = None

+        if socket is not None:

+            self.connection = socket

+        else:

+            self.connection = _socket.socket(family=_socket.AF_UNIX)

+        try:

+            self.connection.getpeername()

+        except OSError as e:

+            if e.errno != errno.ENOTCONN:

+                raise

+            try:

+                self.ssh_auth_sock = os.environ['SSH_AUTH_SOCK']

+            except KeyError as e:

+                raise RuntimeError(

+                    "Can't find running ssh-agent: missing SSH_AUTH_SOCK"

+                ) from e

+            self.connection.settimeout(timeout)

+            try:

+                self.connection.connect(self.ssh_auth_sock)

+            except FileNotFoundError as e:

+                raise RuntimeError(

+                    "Can't find running ssh-agent: unusable SSH_AUTH_SOCK"

+                ) from e

+

+    def __enter__(self) -> Self:

+        """Context management: defer to `self.connection`."""

+        self.connection.__enter__()

+        return self

+

+    def __exit__(

+        self, exc_type: Any, exc_val: Any, exc_tb: Any

+    ) -> bool:

+        """Context management: defer to `self.connection`."""

+        return bool(

+            self.connection.__exit__(

+                exc_type, exc_val, exc_tb)  # type: ignore[func-returns-value]

+        )

+

+    @staticmethod

+    def uint32(num, /) -> bytes:

+        """Format the number as a `uint32`, as per the agent protocol."""

+        return int.to_bytes(num, 4, 'big', signed=False)

+

+    @classmethod

+    def string(cls, payload: bytes | bytearray, /) -> bytes | bytearray:

+        """Format the payload as an SSH string, as per the agent protocol."""

+        ret = bytearray()

+        ret.extend(cls.uint32(len(payload)))

+        ret.extend(payload)

+        return ret

+

+    @classmethod

+    def unstring(cls, bytestring: bytes | bytearray, /) -> bytes | bytearray:

+        """Unpack an SSH string."""

+        n = len(bytestring)

+        if n < 4:

+            raise ValueError('malformed SSH byte string')

+        elif n != 4 + int.from_bytes(bytestring[:4], 'big', signed=False):

+            raise ValueError('malformed SSH byte string')

+        return bytestring[4:]

+

+    def request(

+        self, code: int, payload: bytes | bytearray, /

+    ) -> tuple[int, bytes | bytearray]:

+        """Issue a generic request to the SSH agent.

+

+        Args:

+            code:

+                The request code.  See the SSH agent protocol for

+                protocol numbers to use here (and which protocol numbers

+                to expect in a response).

+            payload:

+                A byte string containing the payload, or "contents", of

+                the request.  Request-specific.  `request` will add any

+                necessary wire framing around the request code and the

+                payload.

+

+        Returns:

+            A 2-tuple consisting of the response code and the payload,

+            with all wire framing removed.

+

+        Raises:

+            EOFError:

+                The response from the SSH agent is truncated or missing.

+

+        """

+        request_message = bytearray([code])

+        request_message.extend(payload)

+        self.connection.sendall(self.string(request_message))

+        chunk = self.connection.recv(4)

+        if len(chunk) < 4:

+            raise EOFError('cannot read response length')

+        response_length = int.from_bytes(chunk, 'big', signed=False)

+        response = self.connection.recv(response_length)

+        if len(response) < response_length:

+            raise EOFError('truncated response from SSH agent')

+        return response[0], response[1:]

+

+    def list_keys(self) -> Sequence[KeyCommentPair]:

+        """Request a list of keys known to the SSH agent.

+

+        Returns:

+            A read-only sequence of key/comment pairs.

+

+        Raises:

+            EOFError:

+                The response from the SSH agent is truncated or missing.

+            RuntimeError:

+                The response from the SSH agent is too long.

+

+        """

+        response_code, response = self.request(

+            SSH_AGENTC.REQUEST_IDENTITIES.value, b'')

+        if response_code != SSH_AGENT.IDENTITIES_ANSWER.value:

+            raise RuntimeError(

+                f'error return from SSH agent: '

+                f'{response_code = }, {response = }'

+            )

+        response_stream = collections.deque(response)

+        def shift(num: int) -> bytes:

+            buf = collections.deque(bytes())

+            for i in range(num):

+                try:

+                    val = response_stream.popleft()

+                except IndexError:

+                    response_stream.extendleft(reversed(buf))

+                    raise EOFError(

+                        'truncated response from SSH agent'

+                    ) from None

+                buf.append(val)

+            return bytes(buf)

+        key_count = int.from_bytes(shift(4), 'big')

+        keys: collections.deque[KeyCommentPair] = collections.deque()

+        for i in range(key_count):

+            key_size = int.from_bytes(shift(4), 'big')

+            key = shift(key_size)

+            comment_size = int.from_bytes(shift(4), 'big')

+            comment = shift(comment_size)

+            # Both `key` and `comment` are not wrapped as SSH strings.

+            keys.append(KeyCommentPair(key, comment))

+        if response_stream:

+            raise RuntimeError('overlong response from SSH agent')

+        return keys

+

+    def sign(

+        self, /, key: bytes | bytearray, payload: bytes | bytearray,

+        *, flags: int = 0, check_if_key_loaded: bool = False,

+    ) -> bytes | bytearray:

+        """Request the SSH agent sign the payload with the key.

+

+        Args:

+            key:

+                The public SSH key to sign the payload with, in the same

+                format as returned by, e.g., the `list_keys` method.

+                The corresponding private key must have previously been

+                loaded into the agent to successfully issue a signature.

+            payload:

+                A byte string of data to sign.

+            flags:

+                Optional flags for the signing request.  Currently

+                passed on as-is to the agent.  In real-world usage, this

+                could be used, e.g., to request more modern hash

+                algorithms when signing with RSA keys.  (No such

+                real-world usage is currently implemented.)

+            check_if_key_loaded:

+                If true, check beforehand (via `list_keys`) if the

+                corresponding key has been loaded into the agent.

+

+        Returns:

+            The binary signature of the payload under the given key.

+

+        Raises:

+            EOFError:

+                The response from the SSH agent is truncated or missing.

+            RuntimeError:

+                The response from the SSH agent is too long.

+            RuntimeError:

+                The agent failed to complete the request.

+            RuntimeError:

+                `check_if_key_loaded` is true, and the `key` was not

+                loaded into the agent.

+

+        """

+        if check_if_key_loaded:

+            loaded_keys = frozenset({pair.key for pair in self.list_keys()})

+            if bytes(key) not in loaded_keys:

+                raise RuntimeError('target SSH key not loaded into agent')

+        request_data = bytearray(self.string(key))

+        request_data.extend(self.string(payload))

+        request_data.extend(self.uint32(flags))

+        response_code, response = self.request(

+            SSH_AGENTC.SIGN_REQUEST.value, request_data)

+        if response_code != SSH_AGENT.SIGN_RESPONSE.value:

+            raise RuntimeError(

+                f'signing data failed: {response_code = }, {response = }'

+            )

+        return self.unstring(response)

@@ -0,0 +1,50 @@

+# SPDX-FileCopyrightText: 2024 Marco Ricci <m@the13thletter.info>

+#

+# SPDX-License-Identifier: MIT

+

+"""Common typing declarations for the parent module."""

+

+from __future__ import annotations

+

+import enum

+

+from typing import NamedTuple

+

+__all__ = ('KeyCommentPair', 'SSH_AGENT', 'SSH_AGENTC')

+

+class KeyCommentPair(NamedTuple):

+    """SSH key plus comment pair.  For typing purposes.

+

+    Attributes:

+        key: SSH key.

+        comment: SSH key comment.

+

+    """

+    key: bytes | bytearray

+    comment: bytes | bytearray

+

+class SSH_AGENTC(enum.Enum):

+    """SSH agent protocol numbers: client requests.

+

+    Attributes:

+        REQUEST_IDENTITIES:

+            List identities.  Expecting `SSH_AGENT.IDENTITIES_ANSWER`.

+        SIGN_REQUEST:

+            Sign data.  Expecting `SSH_AGENT.SIGN_RESPONSE`.

+

+    """

+    REQUEST_IDENTITIES: int = 11

+    SIGN_REQUEST: int = 13

+

+class SSH_AGENT(enum.Enum):

+    """SSH agent protocol numbers: server replies.

+

+    Attributes:

+        IDENTITIES_ANSWER:

+            Successful answer to `SSH_AGENTC.REQUEST_IDENTITIES`.

+        SIGN_RESPONSE:

+            Successful answer to `SSH_AGENTC.SIGN_REQUEST`.

+

+    """

+    IDENTITIES_ANSWER: int = 12

+    SIGN_RESPONSE: int = 14