o e@sddlmZddlZddlZddlZddlmZddlmZm Z m Z m Z m Z ddl mZmZddlmZddlmZmZmZmZddlmZmZmZmZmZmZmZdd lm Z m!Z!m"Z"dd l#m$Z$m%Z%dd l&m'Z'dd l(m)Z)ed dZ*eddZ+eddZ,ddZ-eddZ.iZ/gda0ddZ1e1[1gda2ddZ3e3[3gda4ddZ5e5[5gd a6d!d"Z7e7[7gd#a8d$d%Z9e9[9d&d'ga:d(d)Z;e;[;d*d+gaZ?Gd0d1d1e@ZAeAe/d2jBe/d2jCd2ZDe/d2jEeDd3ZFe/GeHIt0eF[D[Fb0eAe/d4jBe/d4jCd4ZJe/d4jEeJd3ZKe/GeHIt2eK[J[Kb2eAe/d5jBe/d5jCd5ZLe/d5jEeLd3ZMe/GeHIt4eM[L[Mb4eAe/d6jBe/d6jCd6ZNe/d6jEeNd3ZOe/GeHIt6eO[N[Ob6eAe/d7jBe/d7jCd7ZPe/d7jEePd3ZQe/GeHIt8eQ[P[Qb8eAe/d'jBe/d'jCd'ZRe/d'jEeRd3ZSe/GeHIt:eS[R[Sb:eAe/d+jBe/d+jCd+ZTe/d+jEeTd3ZUe/GeHItd?ZYd@dAZZd\dBdCZ[dDdEZ\dFdGZ]dHdIZ^dJdKZ_dLdMZ`dNdOZadPdQZbd[dRdSZceddTkr_ddleZedUZfe/d5jghZidVZjeeeZkelejD]ZmeiefZnq)eodWeeeekejdXdYeeeZkelejD]ZmenefZnqGeodZeeeekejdXdYdSdS)])print_functionN) namedtuple)bordtobytestostrbchr is_string) bytes_to_long long_to_bytes)Integer) DerObjectIdDerOctetString DerSequence DerBitString)load_pycryptodome_raw_lib VoidPointer SmartPointerc_size_t c_uint8_ptr c_ulonglong null_pointer)_expand_subject_public_key_info_create_subject_public_key_info _extract_subject_public_key_info)SHA512SHAKE256)get_random_bytes) getrandbitszCrypto.PublicKey._ec_wsa typedef void EcContext; typedef void EcPoint; int ec_ws_new_context(EcContext **pec_ctx, const uint8_t *modulus, const uint8_t *b, const uint8_t *order, size_t len, uint64_t seed); void ec_free_context(EcContext *ec_ctx); int ec_ws_new_point(EcPoint **pecp, const uint8_t *x, const uint8_t *y, size_t len, const EcContext *ec_ctx); void ec_ws_free_point(EcPoint *ecp); int ec_ws_get_xy(uint8_t *x, uint8_t *y, size_t len, const EcPoint *ecp); int ec_ws_double(EcPoint *p); int ec_ws_add(EcPoint *ecpa, EcPoint *ecpb); int ec_ws_scalar(EcPoint *ecp, const uint8_t *k, size_t len, uint64_t seed); int ec_ws_clone(EcPoint **pecp2, const EcPoint *ecp); int ec_ws_cmp(const EcPoint *ecp1, const EcPoint *ecp2); int ec_ws_neg(EcPoint *p); zCrypto.PublicKey._ed25519ai typedef void Point; int ed25519_new_point(Point **out, const uint8_t x[32], const uint8_t y[32], size_t modsize, const void *context); int ed25519_clone(Point **P, const Point *Q); void ed25519_free_point(Point *p); int ed25519_cmp(const Point *p1, const Point *p2); int ed25519_neg(Point *p); int ed25519_get_xy(uint8_t *xb, uint8_t *yb, size_t modsize, Point *p); int ed25519_double(Point *p); int ed25519_add(Point *P1, const Point *P2); int ed25519_scalar(Point *P, const uint8_t *scalar, size_t scalar_len, uint64_t seed); zCrypto.PublicKey._ed448a* typedef void EcContext; typedef void PointEd448; int ed448_new_context(EcContext **pec_ctx); void ed448_context(EcContext *ec_ctx); void ed448_free_context(EcContext *ec_ctx); int ed448_new_point(PointEd448 **out, const uint8_t x[56], const uint8_t y[56], size_t len, const EcContext *context); int ed448_clone(PointEd448 **P, const PointEd448 *Q); void ed448_free_point(PointEd448 *p); int ed448_cmp(const PointEd448 *p1, const PointEd448 *p2); int ed448_neg(PointEd448 *p); int ed448_get_xy(uint8_t *xb, uint8_t *yb, size_t len, const PointEd448 *p); int ed448_double(PointEd448 *p); int ed448_add(PointEd448 *P1, const PointEd448 *P2); int ed448_scalar(PointEd448 *P, const uint8_t *scalar, size_t scalar_len, uint64_t seed); cCsN|jjdkrttd|}|S|jjdkrttd|}|Sttd|}|S)NEd25519Zed25519_Ed448Zed448_Zec_ws_)_curvedescgetattr _ed25519_lib _ed448_lib_ec_lib)Zecc_obj func_nameresultr(DD:\Projects\ConvertPro\env\Lib\site-packages\Crypto/PublicKey/ECC.pylib_funcs  r*_Curvez

t d| t | tj } tt|t|t|t|t|dd d | d d d } ttt| dS)Nl l 9{uDjSg9g(Bl 1(i&^#a;l +'1t:_|v!a:@ml H<^W]dZ{cxW\Iq@z#Error %d initializing P-192 contextz1.2.840.10045.3.1.1r-zecdsa-sha2-nistp192r,)r rr%ec_ws_new_context address_ofrrlenrr ImportErrorrgetec_free_contextr+r _curvesupdatedictfromkeys p192_names) pborderGxGyZ p192_modulusZp192_bZ p192_orderZec_p192_contextr'contextr,r(r(r) init_p192B        rC)p224 NIST P-224zP-224Z prime224v1Z secp224r1Znistp224c Cr.)Nl?lF eY8 w-X"PVd/%PP!-l=*8%(?l!"X!#BXtJ9!'|%VA-l4~ f&Dv@h!fE0m9_ qlM/r0z#Error %d initializing P-224 contextz 1.3.132.0.33rFzecdsa-sha2-nistp224rE)r rr%r2r3rrr4rrr5rr6r7r+r r8r9r:r; p224_names) r=r>r?r@rAZ p224_modulusZp224_bZ p224_orderZec_p224_contextr'rBrEr(r(r) init_p224rDrJ)p256 NIST P-256zP-256Z prime256v1Z secp256r1Znistp256c Cr.)Nl?@lK`Opq^cv 3,e< 1U]>{|R*ZlQ%x +Ohbi+}s@lB11e %:f=K`wrH7gHK8hklQ~o]l+fUg+<)Z?8O?q!O r0z#Error %d initializing P-256 contextz1.2.840.10045.3.1.7rLzecdsa-sha2-nistp256rK)r rr%r2r3rrr4rrr5rr6r7r+r r8r9r:r; p256_names) r=r>r?r@rAZ p256_modulusZp256_bZ p256_orderZec_p256_contextr'rBrKr(r(r) init_p256rDrP)p384 NIST P-384zP-384Z prime384v1Z secp384r1Znistp384c Cr.)Nl~l*'#.TEbc+Z'@=D 1 "(?7N2Z_+|S/1fls)e`gwl X_[nlv|l dxRjoyU8T( :ss"nZL8k&"_Ul_!uR/sX0 @qaNQNB&JxS8KJEY K%l0r0z#Error %d initializing P-384 contextiz 1.3.132.0.34rRzecdsa-sha2-nistp384rQ)r rr%r2r3rrr4rrr5rr6r7r+r r8r9r:r; p384_names) r=r>r?r@rAZ p384_modulusZp384_bZ p384_orderZec_p384_contextr'rBrQr(r(r) init_p3840rDrU)p521 NIST P-521zP-521Z prime521v1Z secp521r1Znistp521c Cr.)Nl#l#?VQ(zO%b95~cte1oR{V;LH w>l-rZE]"Sr&Ga9}*Fl# dp"z\}[z3"nZ;PK# `7roCQl#f=xK)H-apY$3^Q n%k{;/K!u{4-{?$Od8V1l3s: l#Pf?QE$XN!85aZU WL9YLhz f$Du13otc!% pMxjRr`Br0z#Error %d initializing P-521 contexti z 1.3.132.0.35rWzecdsa-sha2-nistp521rV)r rr%r2r3rrr4rrr5rr6r7r+r r8r9r:r; p521_names) r=r>r?r@rAZ p521_modulusZp521_bZ p521_orderZec_p521_contextr'rBrVr(r(r) init_p521_rDrZed25519rc CsTd}d}d}d}tt|dt|t|t|ddddddd }ttt|dS) NlS9i @eM^w|olUK5J,{$%Xci\-G' lJ[sii!lXfL33ffL33ffL33ffL33ff 1.3.101.112r ssh-ed25519r[)r+r r8r9r:r; ed25519_names)r=r?r@rAr[r(r(r) init_ed25519s$ raed448rc Csd}d}d}d}t}t|}|rtd|t|tj}tt |dt |t |t |ddd|ddd }t t t|dS) N?lDVJ Ru8a6!m,&vD}D2_l^@ 518`b8Cl\p*At(qmj.<+FaS[/SDZ74_3  lzadoeC@ ZK^DsxssZhNx02>Ilq2 vIZu gt' z#Error %d initializing Ed448 contexti 1.3.101.113rrb)rr$Zed448_new_contextr3r5rr6Zed448_free_contextr+r r8r9r:r; ed448_names)r=r?r@rAZ ed448_contextr'rBrbr(r(r) init_ed448s.  rfc@s eZdZdS)UnsupportedEccFeatureN)__name__ __module__ __qualname__r(r(r(r)rgsrgc@seZdZdZd,ddZddZddZd d Zd d Zd dZ ddZ ddZ ddZ e ddZe ddZe ddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+S)-EccPointaPA class to model a point on an Elliptic Curve. The class supports operators for: * Adding two points: ``R = S + T`` * In-place addition: ``S += T`` * Negating a point: ``R = -T`` * Comparing two points: ``if S == T: ...`` or ``if S != T: ...`` * Multiplying a point by a scalar: ``R = S*k`` * In-place multiplication by a scalar: ``T *= k`` :ivar x: The affine X-coordinate of the ECC point :vartype x: integer :ivar y: The affine Y-coordinate of the ECC point :vartype y: integer :ivar xy: The tuple with affine X- and Y- coordinates rKc Cs zt||_Wntytdt|w||_|}t||}t||}t||ks4t||kr8tdt |d}t |d}t |_ z|jj } Wn tyYt} Ynw||j t|t|t|| } | r{| dkrutdtd| t|j ||_ dS)NzUnknown curve name %szIncorrect coordinate length new_point free_pointz)The EC point does not belong to the curvez(Error %d while instantiating an EC point)r8r KeyError ValueErrorstr _curve_name size_in_bytesr r4r*r_pointrBr6AttributeErrorrr3rrr) selfxycurve modulus_bytesxbybrl free_funcrBr'r(r(r)__init__s<        zEccPoint.__init__cCsXt|d}t|d}t|_||j|j}|r!td|t|j||_|S)Nclonermz"Error %d while cloning an EC point)r*rrtr3r6rpr)rvpointrr}r'r(r(r)set s    z EccPoint.setcCs2t|tsdSt|d}d||j|jkS)NFcmpr) isinstancerkr*rtr6)rvrZcmp_funcr(r(r)__eq__s  zEccPoint.__eq__cCs ||k SNr()rvrr(r(r)__ne__  zEccPoint.__ne__cCs4t|d}|}||j}|rtd||S)Nnegz$Error %d while inverting an EC point)r*copyrtr6rp)rvZneg_funcnpr'r(r(r)__neg__#s  zEccPoint.__neg__cCs|j\}}t|||j}|S)zReturn a copy of this point.)xyrkrr)rvrwrxrr(r(r)r+s z EccPoint.copycC |jjdvS)Nr[rb)r namervr(r(r) _is_eddsa1 zEccPoint._is_eddsacCs|r |jdkS|jdkS)z,``True`` if this is the *point-at-infinity*.r)rr)rrwrrr(r(r)is_point_at_infinity4s  zEccPoint.is_point_at_infinitycCs$|r tdd|jStdd|jS)z-Return the *point-at-infinity* for the curve.r)rrkrrrr(r(r)point_at_infinity<szEccPoint.point_at_infinitycC |jdS)Nrrrr(r(r)rwD z EccPoint.xcCr)Nrrrr(r(r)rxHrz EccPoint.ycCsj|}t|}t|}t|d}|t|t|t||j}|r)td|tt |tt |fS)Nget_xyz#Error %d while encoding an EC point) rs bytearrayr*rrrtr6rpr r )rvrzr{r|rr'r(r(r)rLs  z EccPoint.xycCs|ddS)z"Size of each coordinate, in bytes.) size_in_bitsrr(r(r)rs[szEccPoint.size_in_bytescCs|jjS)z!Size of each coordinate, in bits.)r modulus_bitsrr(r(r)r_szEccPoint.size_in_bitscCs,t|d}||j}|rtd||S)zuDouble this point (in-place operation). Returns: This same object (to enable chaining). doublez#Error %d while doubling an EC pointr*rtr6rp)rvZ double_funcr'r(r(r)rcs  zEccPoint.doublecCsDt|d}||j|j}|r |dkrtdtd||S)zAdd a second point to this oneaddz#EC points are not on the same curvez#Error %d while adding two EC pointsr)rvrZadd_funcr'r(r(r)__iadd__ps  zEccPoint.__iadd__cCs|}||7}|S)z8Return a new point, the addition of this one and anotherr)rvrrr(r(r)__add__{zEccPoint.__add__cCs^t|d}|dkr tdt|}||jt|tt|tt d}|r-td||S)zMultiply this point by a scalarscalarrz?Scalar multiplication is only defined for non-negative integersr0z%Error %d during scalar multiplication) r*rpr rtr6rrr4rr)rvrZ scalar_funcsbr'r(r(r)__imul__s     zEccPoint.__imul__cCs|}||9}|S)z2Return a new point, the scalar product of this oner)rvrrr(r(r)__mul__rzEccPoint.__mul__cCs ||Sr)r)rvZ left_handr(r(r)__rmul__rzEccPoint.__rmul__N)rK)rhrirj__doc__r~rrrrrrrrpropertyrwrxrrsrrrrrrrr(r(r(r)rks2 &      rkr,)GrErKrQrVc@seZdZdZddZddZddZdd Zd d Zd d Z ddZ e ddZ e ddZ e ddZddZddZddZddZd0dd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/S)1EccKeyaClass defining an ECC key. Do not instantiate directly. Use :func:`generate`, :func:`construct` or :func:`import_key` instead. :ivar curve: The name of the curve as defined in the `ECC table`_. :vartype curve: string :ivar pointQ: an ECC point representating the public component. :vartype pointQ: :class:`EccPoint` :ivar d: A scalar that represents the private component in NIST P curves. It is smaller than the order of the generator point. :vartype d: integer :ivar seed: A seed that representats the private component in EdDSA curves (Ed25519, 32 bytes; Ed448, 57 bytes). :vartype seed: bytes cKsFt|}|dd}|dd|_|dd|_|dd|_|dur*|jr*|jj}|r4tdt||tvr>t d|t||_ |j j |_ t |jdut |jdu}|dkre|jdurct d dS|d krmt d |s|jdurzt d t|j|_d |jkr|j jkst dt ddS|jdurt d|j jdkrt|jdkrt dt|j}|dd|_t|dd}|ddM<|dd@dB|d<n>|j jdkrt|jdkrt dt|jd}|dd|_t|dd}|ddM<|ddO<d|d<tj|dd |_dS)!aiCreate a new ECC key Keywords: curve : string The name of the curve. d : integer Mandatory for a private key one NIST P curves. It must be in the range ``[1..order-1]``. seed : bytes Mandatory for a private key on the Ed25519 (32 bytes) or Ed448 (57 bytes) curve. point : EccPoint Mandatory for a public key. If provided for a private key, the implementation will NOT check whether it matches ``d``. Only one parameter among ``d``, ``seed`` or ``point`` may be used. ryNdseedrUnknown parameters: zUnsupported curve (%s)rzGAt lest one between parameters 'point', 'd' or 'seed' must be specifiedz,Parameters d and seed are mutually exclusivez7Parameter 'seed' can only be used with Ed25519 or Ed448rz;Parameter d must be an integer smaller than the curve orderz/Parameter d can only be used with NIST P curvesr[rMz0Parameter seed must be 32 bytes long for Ed25519r0rb9z.Parameter seed must be 57 bytes long for Ed448r78little byteorder)r:pop_d_seedrtrr TypeErrorrqr8rpr r!ryintrr r?rr4rnewdigest_prefixrrread from_bytes)rvkwargskwargs_ curve_namecountZ seed_hashtmpr(r(r)r~sb         zEccKey.__init__cCr)N)rr)r r!rr(r(r)r#rzEccKey._is_eddsacCs.t|tsdS||krdS|j|jkS)NF)rr has_privatepointQ)rvotherr(r(r)r&s  z EccKey.__eq__cCsZ|r|rdtt|j}n dt|j}nd}|jj \}}d|j j |||fS)Nz , seed=%sz, d=%dz,EccKey(curve='%s', point_x=%d, point_y=%d%s)) rrrbinasciihexlifyrrrrrr r!)rvextrarwrxr(r(r)__repr__/s zEccKey.__repr__cCs |jduS)zJ``True`` if this key can be used for making signatures or decrypting data.N)rrr(r(r)r:s zEccKey.has_privatec Csd|kr |jjksJJ|jj}tjd|d}|j|}|||}|jj|j|}||||||}||fS)Nrr) min_inclusive max_exclusive)r r?r random_rangerinverserrw) rvzkr?ZblindZblind_dZ inv_blind_krsr(r(r)_sign@s  z EccKey._signcCsR|jj}|d|}|jj|||}|j||d|}||j|dkS)Nrr)r r?rrrrw)rvrrsr?ZsinvZpoint1Zpoint2r(r(r)_verifyOs zEccKey._verifycC|std|jSNzThis is not a private ECC key)rrprrr(r(r)rVzEccKey.dcCrr)rrprrr(r(r)r\rz EccKey.seedcCs |jdur |jj|j|_|jSr)rtr rrrr(r(r)rbs z EccKey.pointQcCst|jj|jdS)z^A matching ECC public key. Returns: a new :class:`EccKey` object )ryr)rr r!rrr(r(r) public_keyhszEccKey.public_keycCsn|rtd|j}|r%|jjrd}nd}||jj|}|Sd|jj||jj|}|S)Nz+SEC1 format is unsupported for EdDSA curves)rrprrsrxis_oddrwto_bytes)rvcompressrz first_byterr(r(r) _export_SEC1qs"     zEccKey._export_SEC1cCs|jj\}}|jjdkr%t|jddd}|d@d>|dB|d<t|S|jjdkr@t|jd dd}|d@d>|d <t|Std ) Nr[rMrrrrrrbrrzNot an EdDSA key to export)rrr rrrrpbytes)rvrwrxr'r(r(r) _export_eddsas   zEccKey._export_eddsacCsD|r|jj}|}d}n d}||}t|jj}t|||S)N1.2.840.10045.2.1)rr oidrrr r)rvrrrparamsr(r(r)_export_subjectPublicKeyInfos  z#EccKey._export_subjectPublicKeyInfoTcCsx|sJ|j}d|jj||jj|}dt|j|t|j j ddt |ddg}|s6|d=t | S)NrrrZexplicitr)rrrsrwrrxr rr r rrrencode)rvinclude_ec_paramsrzrseqr(r(r)_export_rfc5915_private_ders      z"EccKey._export_rfc5915_private_dercKsddlm}|dddurd|vrtd|r(|jj}t|j }d}nd}|j dd}t |jj}|j ||fd |i|}|S) NrPKCS8 passphrase protection5At least the 'protection' parameter should be presentrF)rZ key_params) Crypto.IOrr6rprr rr rrrr wrap)rvrrr private_keyrr'r(r(r) _export_pkcs8s$   zEccKey._export_pkcs8cCs"ddlm}||}||dS)NrPEMz PUBLIC KEY)rrrr)rvrr encoded_derr(r(r)_export_public_pems   zEccKey._export_public_pemcKs*ddlm}|}|j|d|fi|S)NrrzEC PRIVATE KEY)rrrrrvrrrrr(r(r)_export_private_pems zEccKey._export_private_pemcCs ddlm}|}||dS)Nrrz PRIVATE KEY)rrrr)rvrrr(r(r)(_export_private_clear_pkcs8_in_clear_pems  z/EccKey._export_private_clear_pkcs8_in_clear_pemcKsDddlm}|s Jd|vrtd|jdd|i|}||dS)NrrrrrzENCRYPTED PRIVATE KEYr()rrrprrrr(r(r),_export_private_encrypted_pkcs8_in_clear_pems  z3EccKey._export_private_encrypted_pkcs8_in_clear_pemc Cs|rtd|jj}|durtd|jj|dkr)|}t|t|f}n;|j}|rDd|jj }t ||jj |}nd|jj ||jj |}|dd}t|t||f}ddd |D}|d tt|S) Nz"Cannot export OpenSSH private keysz Cannot export %s keys as OpenSSHr_rr-cSs g|] }tdt||qS)>I)structpackr4).0rwr(r(r) s z*EccKey._export_openssh.. )rrpr opensshrrrrrsrxrrrwrsplitjoinrr b2a_base64) rvrr!rcompsrzrmiddleZblobr(r(r)_export_opensshs.    zEccKey._export_opensshcKsx|}|d}|dvrtd||dd}|r|dd}t|r1t|}|s1td|d d }|sA|rAtd |d kr_|rV|rR|j|fi|S|S|j |fi|S|d kr{|rk|sktd|rw|j dd|i|S| Std||rtd||d kr| |S|d kr| |S|dkr||S|dkr|jjdvr|S||S||S)a Export this ECC key. Args: format (string): The format to use for encoding the key: - ``'DER'``. The key will be encoded in ASN.1 DER format (binary). For a public key, the ASN.1 ``subjectPublicKeyInfo`` structure defined in `RFC5480`_ will be used. For a private key, the ASN.1 ``ECPrivateKey`` structure defined in `RFC5915`_ is used instead (possibly within a PKCS#8 envelope, see the ``use_pkcs8`` flag below). - ``'PEM'``. The key will be encoded in a PEM_ envelope (ASCII). - ``'OpenSSH'``. The key will be encoded in the OpenSSH_ format (ASCII, public keys only). - ``'SEC1'``. The public key (i.e., the EC point) will be encoded into ``bytes`` according to Section 2.3.3 of `SEC1`_ (which is a subset of the older X9.62 ITU standard). Only for NIST P-curves. - ``'raw'``. The public key will be encoded as ``bytes``, without any metadata. * For NIST P-curves: equivalent to ``'SEC1'``. * For EdDSA curves: ``bytes`` in the format defined in `RFC8032`_. passphrase (byte string or string): The passphrase to use for protecting the private key. use_pkcs8 (boolean): Only relevant for private keys. If ``True`` (default and recommended), the `PKCS#8`_ representation will be used. It must be ``True`` for EdDSA curves. protection (string): When a private key is exported with password-protection and PKCS#8 (both ``DER`` and ``PEM`` formats), this parameter MUST be present and be a valid algorithm supported by :mod:`Crypto.IO.PKCS8`. It is recommended to use ``PBKDF2WithHMAC-SHA1AndAES128-CBC``. compress (boolean): If ``True``, the method returns a more compact representation of the public key, with the X-coordinate only. If ``False`` (default), the method returns the full public key. This parameter is ignored for EdDSA curves, as compression is mandatory. .. warning:: If you don't provide a passphrase, the private key will be exported in the clear! .. note:: When exporting a private key with password-protection and `PKCS#8`_ (both ``DER`` and ``PEM`` formats), any extra parameters to ``export_key()`` will be passed to :mod:`Crypto.IO.PKCS8`. .. _PEM: http://www.ietf.org/rfc/rfc1421.txt .. _`PEM encryption`: http://www.ietf.org/rfc/rfc1423.txt .. _OpenSSH: http://www.openssh.com/txt/rfc5656.txt .. _RFC5480: https://tools.ietf.org/html/rfc5480 .. _SEC1: https://www.secg.org/sec1-v2.pdf Returns: A multi-line string (for ``'PEM'`` and ``'OpenSSH'``) or ``bytes`` (for ``'DER'``, ``'SEC1'``, and ``'raw'``) with the encoded key. format)rDERZOpenSSHSEC1rawzUnknown format '%s'rFrNzEmpty passphrase use_pkcs8Tz%'pkcs8' must be True for EdDSA curvesrrz8Private keys can only be encrpyted with DER using PKCS#8z2Private keys cannot be exported in the '%s' formatzUnexpected parameters: '%s'rrrr()rrrprrrrr rrrrrrrr rrr)rvrargsZ ext_formatrrrr(r(r) export_keysTF             zEccKey.export_keyN)T)rhrirjrr~rrrrrrrrrrrrrrrrrrrr rrr(r(r(r)rs6L        rcKs|d}t|}|dt}|rtdt|t|jdkr,|d}t||d}|St|jdkr?|d}t||d}|Stjd |j |d }t||d }|S) a1Generate a new private key on the given curve. Args: curve (string): Mandatory. It must be a curve name defined in the `ECC table`_. randfunc (callable): Optional. The RNG to read randomness from. If ``None``, :func:`Crypto.Random.get_random_bytes` is used. ryrandfuncrr[rMryrrbrr)rrr )ryr) rr8rrrqrrr rr?)rrryr rnew_keyrr(r(r)generates&      r#cKs|d}t|}|dd}|dd}d|vrtdd||fvr*t||||d<tdi|}|rJd|vrJ|j|j}|j||fkrJt d|S) aBuild a new ECC key (private or public) starting from some base components. In most cases, you will already have an existing key which you can read in with :func:`import_key` instead of this function. Args: curve (string): Mandatory. The name of the elliptic curve, as defined in the `ECC table`_. d (integer): Mandatory for a private key and a NIST P-curve (e.g., P-256): the integer in the range ``[1..order-1]`` that represents the key. seed (bytes): Mandatory for a private key and an EdDSA curve. It must be 32 bytes for Ed25519, and 57 bytes for Ed448. point_x (integer): Mandatory for a public key: the X coordinate (affine) of the ECC point. point_y (integer): Mandatory for a public key: the Y coordinate (affine) of the ECC point. Returns: :class:`EccKey` : a new ECC key object rypoint_xNpoint_yrzUnknown keyword: pointz(Private and public ECC keys do not matchr() r8rrrkrrrrrrp)rrryr$r%r"Zpub_keyr(r(r) constructs    r&c CsPtD]\}}|r|j|krn||krnq|r td|td||j}t|d}|dkrZt|dd|krCtdt |d|d}t ||dd}nG|d vrt|d|krjtdt |dd}|d |d |j  |j}|dkr| r|j|}|d kr|r|j|}ntd t|||d S) aConvert an encoded EC point into an EccKey object ec_point: byte string with the EC point (SEC1-encoded) curve_oid: string with the name the curve curve_name: string with the OID of the curve Either curve_id or curve_name must be specified Unsupported ECC curve (OID: %s)zUnsupported ECC curve (%s)rrrzIncorrect EC point lengthNrr*zIncorrect EC point encodingryr$r%)r8itemsrrgr=rsrr4rpr rr>sqrtrZis_evenr&) ec_point curve_oidrrrryrzZ point_typerwrxr(r(r)_import_public_ders8      r0c Gst|\}}}d}dtfdtfd}||vr9|std|z t|j}Wn ty2tdwt||dS||vrX||\}} |rKtd|| |\} } t| | |d St d |) z4Convert a subjectPublicKeyInfo into an EccKey objectrz 1.3.132.1.12z 1.3.132.1.13rrr^rdz%Missing ECC parameters for ECC OID %szError decoding namedCurver/z(Unexpected ECC parameters for ECC OID %s)r$r%ryzUnsupported ECC OID: %s) r_import_ed25519_public_key_import_ed448_public_keyrpr decodevaluer0r&rg) encodedrrr.r nist_p_oids eddsa_oidsr/rimport_eddsa_public_keyrwrxr(r(r)_import_subjectPublicKeyInfos*       r<cCs<tj|dd}|ddkrtdztdd|dj}|dur*||kr*td|}Wn ty6Ynw|dur?td tD] \}}|j|krNnqCtd |t |dj }|j }t ||krmtd t|} t |dkrtdd|d j} t| |d } | jj} | jj} nd} } t|| | | dS)N)r*r()Z nr_elementsrrz!Incorrect ECC private key versionrrzCurve mismatchzNo curve foundr'zPrivate key is too smallr3)ryrr$r%)rr6rpr r7r8r,rrgr payloadr=rsr4r rrr0rrwrxr&)r8rr/r parametersrryZ scalar_bytesrzrZpublic_key_encrr$r%r(r(r)_import_rfc5915_derPs<          r@c Csddlm}|||\}}}d}ddd}||vr't|j}t|||S||vrD|dur3tdd}t|j } t ||| dSt d |) Nrrr1rrr2z.EdDSA ECC private key must not have parametersr!z!Unsupported ECC purpose (OID: %s)) rrunwrapr r6r7r@rpr r>r&rg) r8rrZalgo_oidrrr9r:r/rr(r(r) _import_pkcs8s   rBcGst|}t|Sr)rr<)r8rZsp_infor(r(r)_import_x509_certsrCc Cszt||WSty}z|d}~wtttfyYnwzt||WSty4}z|d}~wtttfy?Ynwzt||WStyT}z|d}~wtttfy_Ynwzt||WStyt}z|d}~wtttfyYtdw)NzNot an ECC DER key)r<rgrpr IndexErrorrCr@rB)r8rerrr(r(r) _import_dersB    rFc Cs|d}t|dvrtdzt|d}g}t|dkrDtd|ddd}||dd||d|d}t|dks|d|dkrPtd|dd rt D]#\}}|j dureq[|j d slq[t |j d d }|d|kr~nq[td |t |d |jd}W|S|ddkrt|d\} } td| | d}W|Std|dtttjfytd|dw)N r)zNot an openssh public keyrr(r rzMismatch in openssh public key ecdsa-sha2- ecdsa-sha2r rzUnsupported ECC curve: r3 ssh-ed25519rr+zUnsupported SSH key type: zError parsing SSH key type: )rr4rpr a2b_base64r unpackappend startswithr8r,rrr0rr4r&rDrError) r8partsZ keystringZkeypartsZlkrryrZecc_keyrwrxr(r(r)_import_openssh_publicsD         rQcCsddlm}m}m}m}|||\}}ddtdfi}|dr||\} }| tvr/td| t| } | j dd } ||\} }t | d d krLt d t | d | dkrZt dt | dd| } t | d| d}||\}}t |}|| d}n/||vr||\}}}||\} }|| \} }||\}}|d|}||d}nt d|||\}}||td| |d|S)Nr)import_openssh_private_generic read_bytes read_string check_paddingr_rrMrIzUnsupported ECC curve %srrrr(z/Only uncompressed OpenSSH EC keys are supportedrzIncorrect public key length)rry)rryzUnsupport SSH agent key type:)r$r%r()Z_opensshrRrSrTrUr4rNr8rgrrrpr4r rr&)datapasswordrRrSrTrUZkey_typeZ decryptedZ eddsa_keysZecdsa_curve_nameryrzrr$r%rrrrr;Zseed_lenZprivate_public_keyr_paddedr(r(r)_import_openssh_private_eccs>               rZc Cst|dkr tdtd}d}t|}|dd?}|ddM<tj|dd }||kr1td |d kr7d S|d d |}|d ||d |}z%||}|||} t| |} | d @|krl|| } W| |fSW| |fSty{tdw)a~Import an Ed25519 ECC public key, encoded as raw bytes as described in RFC8032_. Args: encoded (bytes): The Ed25519 public key to import. It must be 32 bytes long. Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed. .. _RFC8032: https://datatracker.ietf.org/doc/html/rfc8032 rMz9Incorrect length. Only Ed25519 public keys are supported.r\lx&(7Z/ ;(P8se:8 w6RrrrrrzInvalid Ed25519 key (y)rrrrzInvalid Ed25519 public key)r4rpr rrr_tonelli_shanks r8r=rrxZx_lsbr%uvZv_invZx2r$r(r(r)r4*s4        r4c Cst|dkr tdtd}d}|dd}t|dd?}tj|dd }||kr-td |d kr3d S|d d |}|d ||d |}z%||}|||} t| |} | d @|krh|| } W| |fSW| |fStywtdw)azImport an Ed448 ECC public key, encoded as raw bytes as described in RFC8032_. Args: encoded (bytes): The Ed448 public key to import. It must be 57 bytes long. Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed. .. _RFC8032: https://datatracker.ietf.org/doc/html/rfc8032 rz7Incorrect length. Only Ed448 public keys are supported.rclVg?NrrrrzInvalid Ed448 key (y)rr[rzInvalid Ed448 public key)r4rpr rrrr\r]r(r(r)r5Ws2        r5c Cs`ddlm}t|}|durt|}|dr+t|}|||\}}}t||}|S|drtt|}d} d} tj| d| d |tj d }|||\} }}|rSd}zt | |}W|St yi} z| d} ~ wt yst d w|d r}t |St|dkrt|dd krt ||St|dkrt|ddvr|durt dt||dSt d)a Import an ECC key (public or private). Args: encoded (bytes or multi-line string): The ECC key to import. The function will try to automatically detect the right format. Supported formats for an ECC **public** key: * X.509 certificate: binary (DER) or ASCII (PEM). * X.509 ``subjectPublicKeyInfo``: binary (DER) or ASCII (PEM). * SEC1_ (or X9.62), as ``bytes``. NIST P curves only. You must also provide the ``curve_name`` (with a value from the `ECC table`_) * OpenSSH line, defined in RFC5656_ and RFC8709_ (ASCII). This is normally the content of files like ``~/.ssh/id_ecdsa.pub``. Supported formats for an ECC **private** key: * A binary ``ECPrivateKey`` structure, as defined in `RFC5915`_ (DER). NIST P curves only. * A `PKCS#8`_ structure (or the more recent Asymmetric Key Package, RFC5958_): binary (DER) or ASCII (PEM). * `OpenSSH 6.5`_ and newer versions (ASCII). Private keys can be in the clear or password-protected. For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. passphrase (byte string): The passphrase to use for decrypting a private key. Encryption may be applied protected at the PEM level (not recommended) or at the PKCS#8 level (recommended). This parameter is ignored if the key in input is not encrypted. curve_name (string): For a SEC1 encoding only. This is the name of the curve, as defined in the `ECC table`_. .. note:: To import EdDSA private and public keys, when encoded as raw ``bytes``, use: * :func:`Crypto.Signature.eddsa.import_public_key`, or * :func:`Crypto.Signature.eddsa.import_private_key`. Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed (possibly because the pass phrase is wrong). .. _RFC1421: https://datatracker.ietf.org/doc/html/rfc1421 .. _RFC1423: https://datatracker.ietf.org/doc/html/rfc1423 .. _RFC5915: https://datatracker.ietf.org/doc/html/rfc5915 .. _RFC5656: https://datatracker.ietf.org/doc/html/rfc5656 .. _RFC8709: https://datatracker.ietf.org/doc/html/rfc8709 .. _RFC5958: https://datatracker.ietf.org/doc/html/rfc5958 .. _`PKCS#8`: https://datatracker.ietf.org/doc/html/rfc5208 .. _`OpenSSH 6.5`: https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf .. _SEC1: https://www.secg.org/sec1-v2.pdf rrNs-----BEGIN OPENSSH PRIVATE KEYs-----z-----BEGIN EC PARAMETERS-----z-----END EC PARAMETERS-----z.*?r)flagsz(Invalid DER encoding inside the PEM file)rHrJrSszNo curve name was provided)rzECC key format is not supported)rrrrNrr6rZresubDOTALLrFrgrprQr4rr0) r8rrrZ text_encodedZopenssh_encodedmarkerZenc_flagr'Zecparams_startZ ecparams_endZ der_encodedZuefr(r(r) import_keysL ?        re__main__l_,)N$c hKf-5lks   $      '''''ON" 68 42!.7- , t