o MfI@sddlmZddlZddlZddlZddlmZddlmZm Z m Z m Z m Z ddl mZmZddlmZddlmZmZmZmZddlmZmZmZmZmZmZmZdd lm Z m!Z!m"Z"dd l#m$Z$m%Z%dd l&m'Z'dd l(m)Z)ed dZ*eddZ+eddZ,ddZ-eddZ.iZ/gda0ddZ1e1[1gda2ddZ3e3[3gda4ddZ5e5[5gd a6d!d"Z7e7[7gd#a8d$d%Z9e9[9d&d'ga:d(d)Z;e;[;d*d+gaZ?Gd0d1d1e@ZAeAe/d2jBe/d2jCd2ZDe/d2jEeDd3ZFe/GeHIt0eF[D[Fb0eAe/d4jBe/d4jCd4ZJe/d4jEeJd3ZKe/GeHIt2eK[J[Kb2eAe/d5jBe/d5jCd5ZLe/d5jEeLd3ZMe/GeHIt4eM[L[Mb4eAe/d6jBe/d6jCd6ZNe/d6jEeNd3ZOe/GeHIt6eO[N[Ob6eAe/d7jBe/d7jCd7ZPe/d7jEePd3ZQe/GeHIt8eQ[P[Qb8eAe/d'jBe/d'jCd'ZRe/d'jEeRd3ZSe/GeHIt:eS[R[Sb:eAe/d+jBe/d+jCd+ZTe/d+jEeTd3ZUe/GeHItd?ZYd@dAZZd\dBdCZ[dDdEZ\dFdGZ]dHdIZ^dJdKZ_dLdMZ`dNdOZadPdQZbd[dRdSZceddTkr_ddleZedUZfe/d5jghZidVZjeeeZkelejD]ZmeiefZnq)eodWeeeekejdXdYeeeZkelejD]ZmenefZnqGeodZeeeekejdXdYdSdS)])print_functionN) namedtuple)bordtobytestostrbchr is_string) bytes_to_long long_to_bytes)Integer) DerObjectIdDerOctetString DerSequence DerBitString)load_pycryptodome_raw_lib VoidPointer SmartPointerc_size_t c_uint8_ptr c_ulonglong null_pointer)_expand_subject_public_key_info_create_subject_public_key_info _extract_subject_public_key_info)SHA512SHAKE256)get_random_bytes) getrandbitszCrypto.PublicKey._ec_wsa typedef void EcContext; typedef void EcPoint; int ec_ws_new_context(EcContext **pec_ctx, const uint8_t *modulus, const uint8_t *b, const uint8_t *order, size_t len, uint64_t seed); void ec_free_context(EcContext *ec_ctx); int ec_ws_new_point(EcPoint **pecp, const uint8_t *x, const uint8_t *y, size_t len, const EcContext *ec_ctx); void ec_ws_free_point(EcPoint *ecp); int ec_ws_get_xy(uint8_t *x, uint8_t *y, size_t len, const EcPoint *ecp); int ec_ws_double(EcPoint *p); int ec_ws_add(EcPoint *ecpa, EcPoint *ecpb); int ec_ws_scalar(EcPoint *ecp, const uint8_t *k, size_t len, uint64_t seed); int ec_ws_clone(EcPoint **pecp2, const EcPoint *ecp); int ec_ws_cmp(const EcPoint *ecp1, const EcPoint *ecp2); int ec_ws_neg(EcPoint *p); zCrypto.PublicKey._ed25519ai typedef void Point; int ed25519_new_point(Point **out, const uint8_t x[32], const uint8_t y[32], size_t modsize, const void *context); int ed25519_clone(Point **P, const Point *Q); void ed25519_free_point(Point *p); int ed25519_cmp(const Point *p1, const Point *p2); int ed25519_neg(Point *p); int ed25519_get_xy(uint8_t *xb, uint8_t *yb, size_t modsize, Point *p); int ed25519_double(Point *p); int ed25519_add(Point *P1, const Point *P2); int ed25519_scalar(Point *P, const uint8_t *scalar, size_t scalar_len, uint64_t seed); zCrypto.PublicKey._ed448a* typedef void EcContext; typedef void PointEd448; int ed448_new_context(EcContext **pec_ctx); void ed448_context(EcContext *ec_ctx); void ed448_free_context(EcContext *ec_ctx); int ed448_new_point(PointEd448 **out, const uint8_t x[56], const uint8_t y[56], size_t len, const EcContext *context); int ed448_clone(PointEd448 **P, const PointEd448 *Q); void ed448_free_point(PointEd448 *p); int ed448_cmp(const PointEd448 *p1, const PointEd448 *p2); int ed448_neg(PointEd448 *p); int ed448_get_xy(uint8_t *xb, uint8_t *yb, size_t len, const PointEd448 *p); int ed448_double(PointEd448 *p); int ed448_add(PointEd448 *P1, const PointEd448 *P2); int ed448_scalar(PointEd448 *P, const uint8_t *scalar, size_t scalar_len, uint64_t seed); cCsN|jjdkrttd|}|S|jjdkrttd|}|Sttd|}|S)NEd25519ed25519_Ed448ed448_ec_ws_)_curvedescgetattr _ed25519_lib _ed448_lib_ec_lib)ecc_obj func_nameresultr,U/var/www/html/humari/django-venv/lib/python3.10/site-packages/Crypto/PublicKey/ECC.pylib_funcs  r._Curvez

t d| t | tj } tt|t|t|t|t|dd d | d d d } ttt| dS)Nl l 9{uDjSg9g(Bl 1(i&^#a;l +'1t:_|v!a:@ml H<^W]dZ{cxW\Iq@z#Error %d initializing P-192 contextz1.2.840.10045.3.1.1r1zecdsa-sha2-nistp192r0)r rr(ec_ws_new_context address_ofrrlenrr ImportErrorrgetec_free_contextr/r _curvesupdatedictfromkeys p192_names) pborderGxGy p192_modulusp192_b p192_orderec_p192_contextr+contextr0r,r,r- init_p192B        rN)p224 NIST P-224zP-224 prime224v1 secp224r1nistp224c Cr5)Nl?lF eY8 w-X"PVd/%PP!-l=*8%(?l!"X!#BXtJ9!'|%VA-l4~ f&Dv@h!fE0m9_ qlM/r7z#Error %d initializing P-224 contextz 1.3.132.0.33rQzecdsa-sha2-nistp224rP)r rr(r9r:rrr;rrr<rr=r>r/r r?r@rArB p224_names) rDrErFrGrH p224_modulusp224_b p224_orderec_p224_contextr+rMrPr,r,r- init_p224rOr\)p256 NIST P-256zP-256 prime256v1 secp256r1nistp256c Cr5)Nl?@lK`Opq^cv 3,e< 1U]>{|R*ZlQ%x +Ohbi+}s@lB11e %:f=K`wrH7gHK8hklQ~o]l+fUg+<)Z?8O?q!O r7z#Error %d initializing P-256 contextz1.2.840.10045.3.1.7r^zecdsa-sha2-nistp256r])r rr(r9r:rrr;rrr<rr=r>r/r r?r@rArB p256_names) rDrErFrGrH p256_modulusp256_b p256_orderec_p256_contextr+rMr]r,r,r- init_p256rOri)p384 NIST P-384zP-384 prime384v1 secp384r1nistp384c Cr5)Nl~l*'#.TEbc+Z'@=D 1 "(?7N2Z_+|S/1fls)e`gwl X_[nlv|l dxRjoyU8T( :ss"nZL8k&"_Ul_!uR/sX0 @qaNQNB&JxS8KJEY K%l0r7z#Error %d initializing P-384 contextiz 1.3.132.0.34rkzecdsa-sha2-nistp384rj)r rr(r9r:rrr;rrr<rr=r>r/r r?r@rArB p384_names) rDrErFrGrH p384_modulusp384_b p384_orderec_p384_contextr+rMrjr,r,r- init_p3840rOru)p521 NIST P-521zP-521 prime521v1 secp521r1nistp521c Cr5)Nl#l#?VQ(zO%b95~cte1oR{V;LH w>l-rZE]"Sr&Ga9}*Fl# dp"z\}[z3"nZ;PK# `7roCQl#f=xK)H-apY$3^Q n%k{;/K!u{4-{?$Od8V1l3s: l#Pf?QE$XN!85aZU WL9YLhz f$Du13otc!% pMxjRr`Br7z#Error %d initializing P-521 contexti z 1.3.132.0.35rwzecdsa-sha2-nistp521rv)r rr(r9r:rrr;rrr<rr=r>r/r r?r@rArB p521_names) rDrErFrGrH p521_modulusp521_b p521_orderec_p521_contextr+rMrvr,r,r- init_p521_rOred25519rc CsTd}d}d}d}tt|dt|t|t|ddddddd }ttt|dS) NlS9i @eM^w|olUK5J,{$%Xci\-G' lJ[sii!lXfL33ffL33ffL33ffL33ff 1.3.101.112r ssh-ed25519r)r/r r?r@rArB ed25519_names)rDrFrGrHrr,r,r- init_ed25519s$ red448r c Csd}d}d}d}t}t|}|rtd|t|tj}tt |dt |t |t |ddd|ddd }t t t|dS) N?lDVJ Ru8a6!m,&vD}D2_l^@ 518`b8Cl\p*At(qmj.<+FaS[/SDZ74_3  lzadoeC@ ZK^DsxssZhNx02>Ilq2 vIZu gt' z#Error %d initializing Ed448 contexti 1.3.101.113r r)rr'ed448_new_contextr:r<rr=ed448_free_contextr/r r?r@rArB ed448_names)rDrFrGrH ed448_contextr+rMrr,r,r- init_ed448s.  rc@s eZdZdS)UnsupportedEccFeatureN)__name__ __module__ __qualname__r,r,r,r-rsrc@seZdZdZd,ddZddZddZd d Zd d Zd dZ ddZ ddZ ddZ e ddZe ddZe ddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+S)-EccPointaPA class to model a point on an Elliptic Curve. The class supports operators for: * Adding two points: ``R = S + T`` * In-place addition: ``S += T`` * Negating a point: ``R = -T`` * Comparing two points: ``if S == T: ...`` or ``if S != T: ...`` * Multiplying a point by a scalar: ``R = S*k`` * In-place multiplication by a scalar: ``T *= k`` :ivar x: The affine X-coordinate of the ECC point :vartype x: integer :ivar y: The affine Y-coordinate of the ECC point :vartype y: integer :ivar xy: The tuple with affine X- and Y- coordinates r]c Cs zt||_Wntytdt|w||_|}t||}t||}t||ks4t||kr8tdt |d}t |d}t |_ z|jj } Wn tyYt} Ynw||j t|t|t|| } | r{| dkrutdtd| t|j ||_ dS)NzUnknown curve name %szIncorrect coordinate length new_point free_pointz)The EC point does not belong to the curvez(Error %d while instantiating an EC point)r?r#KeyError ValueErrorstr _curve_name size_in_bytesr r;r.r_pointrMr=AttributeErrorrr:rrr) selfxycurve modulus_bytesxbybr free_funcrMr+r,r,r-__init__s<        zEccPoint.__init__cCsXt|d}t|d}t|_||j|j}|r!td|t|j||_|S)Nclonerz"Error %d while cloning an EC point)r.rrr:r=rr)rpointrrr+r,r,r-set s    z EccPoint.setcCs2t|tsdSt|d}d||j|jkS)NFcmpr) isinstancerr.rr=)rrcmp_funcr,r,r-__eq__s  zEccPoint.__eq__cCs ||k SNr,)rrr,r,r-__ne__  zEccPoint.__ne__cCs4t|d}|}||j}|rtd||S)Nnegz$Error %d while inverting an EC point)r.copyrr=r)rneg_funcnpr+r,r,r-__neg__#s  zEccPoint.__neg__cCs|j\}}t|||j}|S)zReturn a copy of this point.)xyrr)rrrrr,r,r-r+s z EccPoint.copycC |jjdvS)Nrr)r#namerr,r,r- _is_eddsa1 zEccPoint._is_eddsacCs|r |jdkS|jdkS)z,``True`` if this is the *point-at-infinity*.r)rr)rrrrr,r,r-is_point_at_infinity4s  zEccPoint.is_point_at_infinitycCs$|r tdd|jStdd|jS)z-Return the *point-at-infinity* for the curve.r)rrrrr,r,r-point_at_infinity<szEccPoint.point_at_infinitycC |jdS)Nrrrr,r,r-rD z EccPoint.xcCr)Nrrrr,r,r-rHrz EccPoint.ycCsj|}t|}t|}t|d}|t|t|t||j}|r)td|tt |tt |fS)Nget_xyz#Error %d while encoding an EC point) r bytearrayr.rrrr=rr r )rrrrrr+r,r,r-rLs  z EccPoint.xycCs|ddS)z"Size of each coordinate, in bytes.) size_in_bitsrr,r,r-r[szEccPoint.size_in_bytescCs|jjS)z!Size of each coordinate, in bits.)r# modulus_bitsrr,r,r-r_szEccPoint.size_in_bitscCs,t|d}||j}|rtd||S)zuDouble this point (in-place operation). Returns: This same object (to enable chaining). doublez#Error %d while doubling an EC pointr.rr=r)r double_funcr+r,r,r-rcs  zEccPoint.doublecCsDt|d}||j|j}|r |dkrtdtd||S)zAdd a second point to this oneaddz#EC points are not on the same curvez#Error %d while adding two EC pointsr)rradd_funcr+r,r,r-__iadd__ps  zEccPoint.__iadd__cCs|}||7}|S)z8Return a new point, the addition of this one and anotherr)rrrr,r,r-__add__{zEccPoint.__add__cCs^t|d}|dkr tdt|}||jt|tt|tt d}|r-td||S)zMultiply this point by a scalarscalarrz?Scalar multiplication is only defined for non-negative integersr7z%Error %d during scalar multiplication) r.rr rr=rrr;rr)rr scalar_funcsbr+r,r,r-__imul__s     zEccPoint.__imul__cCs|}||9}|S)z2Return a new point, the scalar product of this oner)rrrr,r,r-__mul__rzEccPoint.__mul__cCs ||Sr)r)r left_handr,r,r-__rmul__rzEccPoint.__rmul__N)r])rrr__doc__rrrrrrrrrpropertyrrrrrrrrrrrr,r,r,r-rs2 &      rr0)GrPr]rjrvc@seZdZdZddZddZddZdd Zd d Zd d Z ddZ e ddZ e ddZ e ddZddZddZddZddZd0dd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/S)1EccKeyaClass defining an ECC key. Do not instantiate directly. Use :func:`generate`, :func:`construct` or :func:`import_key` instead. :ivar curve: The name of the curve as defined in the `ECC table`_. :vartype curve: string :ivar pointQ: an ECC point representating the public component. :vartype pointQ: :class:`EccPoint` :ivar d: A scalar that represents the private component in NIST P curves. It is smaller than the order of the generator point. :vartype d: integer :ivar seed: A seed that representats the private component in EdDSA curves (Ed25519, 32 bytes; Ed448, 57 bytes). :vartype seed: bytes cKsFt|}|dd}|dd|_|dd|_|dd|_|dur*|jr*|jj}|r4tdt||tvr>t d|t||_ |j j |_ t |jdut |jdu}|dkre|jdurct d dS|d krmt d |s|jdurzt d t|j|_d |jkr|j jkst dt ddS|jdurt d|j jdkrt|jdkrt dt|j}|dd|_t|dd}|ddM<|dd@dB|d<n>|j jdkrt|jdkrt dt|jd}|dd|_t|dd}|ddM<|ddO<d|d<tj|dd |_dS)!aiCreate a new ECC key Keywords: curve : string The name of the curve. d : integer Mandatory for a private key one NIST P curves. It must be in the range ``[1..order-1]``. seed : bytes Mandatory for a private key on the Ed25519 (32 bytes) or Ed448 (57 bytes) curve. point : EccPoint Mandatory for a public key. If provided for a private key, the implementation will NOT check whether it matches ``d``. Only one parameter among ``d``, ``seed`` or ``point`` may be used. rNdseedrUnknown parameters: zUnsupported curve (%s)rzGAt lest one between parameters 'point', 'd' or 'seed' must be specifiedz,Parameters d and seed are mutually exclusivez7Parameter 'seed' can only be used with Ed25519 or Ed448rz;Parameter d must be an integer smaller than the curve orderz/Parameter d can only be used with NIST P curvesrrbz0Parameter seed must be 32 bytes long for Ed25519r7r9z.Parameter seed must be 57 bytes long for Ed448r78little byteorder)rApop_d_seedrr TypeErrorrr?rr#r$rintrr rFrr;rnewdigest_prefixrrread from_bytes)rkwargskwargs_ curve_namecount seed_hashtmpr,r,r-rsb         zEccKey.__init__cCr)N)rr )r#r$rr,r,r-r#rzEccKey._is_eddsacCs.t|tsdS||krdS|j|jkS)NF)rr has_privatepointQ)rotherr,r,r-r&s  z EccKey.__eq__cCsZ|r|rdtt|j}n dt|j}nd}|jj \}}d|j j |||fS)Nz , seed=%sz, d=%dz,EccKey(curve='%s', point_x=%d, point_y=%d%s)) rrrbinasciihexlifyrrrrrr#r$)rextrarrr,r,r-__repr__/s zEccKey.__repr__cCs |jduS)zJ``True`` if this key can be used for making signatures or decrypting data.N)rrr,r,r-r:s zEccKey.has_privatec Csd|kr |jjksJJ|jj}tjd|d}|j|}|||}|jj|j|}||||||}||fS)Nrr) min_inclusive max_exclusive)r#rFr random_rangerinverserr) rzkrFblindblind_d inv_blind_krsr,r,r-_sign@s  z EccKey._signcCsR|jj}|d|}|jj|||}|j||d|}||j|dkS)Nrr)r#rFr rrr)rr rsrFsinvpoint1point2r,r,r-_verifyOs zEccKey._verifycC|std|jSNzThis is not a private ECC key)rrrrr,r,r-rVzEccKey.dcCrr)rrrrr,r,r-r\rz EccKey.seedcCs |jdur |jj|j|_|jSr)rr#rrrr,r,r-rbs z EccKey.pointQcCst|jj|jdS)z^A matching ECC public key. Returns: a new :class:`EccKey` object )rr)rr#r$rrr,r,r- public_keyhszEccKey.public_keycCsn|rtd|j}|r%|jjrd}nd}||jj|}|Sd|jj||jj|}|S)Nz+SEC1 format is unsupported for EdDSA curves)rrrrris_oddrto_bytes)rcompressr first_byterr,r,r- _export_SEC1qs"     zEccKey._export_SEC1cCs|jj\}}|jjdkr%t|jddd}|d@d>|dB|d<t|S|jjdkr@t|jd dd}|d@d>|d <t|Std ) NrrbrrrrrrrrzNot an EdDSA key to export)rrr#rrr!rbytes)rrrr+r,r,r- _export_eddsas   zEccKey._export_eddsacCsD|r|jj}|}d}n d}||}t|jj}t|||S)N1.2.840.10045.2.1)rr#oidr&r$r r)rr"r(rparamsr,r,r-_export_subjectPublicKeyInfos  z#EccKey._export_subjectPublicKeyInfoTcCsx|sJ|j}d|jj||jj|}dt|j|t|j j ddt |ddg}|s6|d=t | S)Nrrrexplicitr)rrrrr!rr rr r#r(rrencode)rinclude_ec_paramsrrseqr,r,r-_export_rfc5915_private_ders      z"EccKey._export_rfc5915_private_dercKsddlm}|dddurd|vrtd|r(|jj}t|j }d}nd}|j dd}t |jj}|j ||fd |i|}|S) NrPKCS8 passphrase protectionz3At least the 'protection' parameter must be presentr'F)r. key_params) Crypto.IOr2r=rrr#r(r rr-r0r wrap)rrr2r( private_keyr)r+r,r,r- _export_pkcs8s$   zEccKey._export_pkcs8cCs"ddlm}||}||dS)NrPEMz PUBLIC KEY)r6r;r*r-)rr"r; encoded_derr,r,r-_export_public_pems   zEccKey._export_public_pemcKs*ddlm}|}|j|d|fi|S)Nrr:zEC PRIVATE KEY)r6r;r0r-rr3rr;r<r,r,r-_export_private_pems zEccKey._export_private_pemcCs ddlm}|}||dS)Nrr:z PRIVATE KEY)r6r;r9r-)rr;r<r,r,r-(_export_private_clear_pkcs8_in_clear_pems  z/EccKey._export_private_clear_pkcs8_in_clear_pemcKsDddlm}|s Jd|vrtd|jdd|i|}||dS)Nrr:r4z5At least the 'protection' parameter should be presentr3zENCRYPTED PRIVATE KEYr,)r6r;rr9r-r>r,r,r-,_export_private_encrypted_pkcs8_in_clear_pems  z3EccKey._export_private_encrypted_pkcs8_in_clear_pemc Cs|rtd|jj}|durtd|jj|dkr)|}t|t|f}n;|j}|rDd|jj }t ||jj |}nd|jj ||jj |}|dd}t|t||f}ddd |D}|d tt|S) Nz"Cannot export OpenSSH private keysz Cannot export %s keys as OpenSSHrrr-cSs g|] }tdt||qS)>I)structpackr;).0rr,r,r- s z*EccKey._export_openssh.. )rrr#opensshrr&rrrrr rrr!splitjoinrr b2a_base64) rr"r$rcompsrr#middleblobr,r,r-_export_opensshs.    zEccKey._export_opensshcKs|}|d}|dvrtd||dd}|r|dd}t|r1t|}|s1td|d d }|sI|rAtd d |vrItd |dkrg|r^|rZ|j|fi|S|S|j |fi|S|dkr|rs|sstd|r|j dd|i|S| Std||rtd||dkr| |S|dkr| |S|dkr||S|dkr|jjdvr|S||S||S)aExport this ECC key. Args: format (string): The output format: - ``'DER'``. The key will be encoded in ASN.1 DER format (binary). For a public key, the ASN.1 ``subjectPublicKeyInfo`` structure defined in `RFC5480`_ will be used. For a private key, the ASN.1 ``ECPrivateKey`` structure defined in `RFC5915`_ is used instead (possibly within a PKCS#8 envelope, see the ``use_pkcs8`` flag below). - ``'PEM'``. The key will be encoded in a PEM_ envelope (ASCII). - ``'OpenSSH'``. The key will be encoded in the OpenSSH_ format (ASCII, public keys only). - ``'SEC1'``. The public key (i.e., the EC point) will be encoded into ``bytes`` according to Section 2.3.3 of `SEC1`_ (which is a subset of the older X9.62 ITU standard). Only for NIST P-curves. - ``'raw'``. The public key will be encoded as ``bytes``, without any metadata. * For NIST P-curves: equivalent to ``'SEC1'``. * For EdDSA curves: ``bytes`` in the format defined in `RFC8032`_. passphrase (bytes or string): (*Private keys only*) The passphrase to protect the private key. use_pkcs8 (boolean): (*Private keys only*) If ``True`` (default and recommended), the `PKCS#8`_ representation will be used. It must be ``True`` for EdDSA curves. If ``False`` and a passphrase is present, the obsolete PEM encryption will be used. protection (string): When a private key is exported with password-protection and PKCS#8 (both ``DER`` and ``PEM`` formats), this parameter MUST be present, For all possible protection schemes, refer to :ref:`the encryption parameters of PKCS#8`. It is recommended to use ``'PBKDF2WithHMAC-SHA5126AndAES128-CBC'``. compress (boolean): If ``True``, the method returns a more compact representation of the public key, with the X-coordinate only. If ``False`` (default), the method returns the full public key. This parameter is ignored for EdDSA curves, as compression is mandatory. prot_params (dict): When a private key is exported with password-protection and PKCS#8 (both ``DER`` and ``PEM`` formats), this dictionary contains the parameters to use to derive the encryption key from the passphrase. For all possible values, refer to :ref:`the encryption parameters of PKCS#8`. The recommendation is to use ``{'iteration_count':21000}`` for PBKDF2, and ``{'iteration_count':131072}`` for scrypt. .. warning:: If you don't provide a passphrase, the private key will be exported in the clear! .. note:: When exporting a private key with password-protection and `PKCS#8`_ (both ``DER`` and ``PEM`` formats), any extra parameters to ``export_key()`` will be passed to :mod:`Crypto.IO.PKCS8`. .. _PEM: http://www.ietf.org/rfc/rfc1421.txt .. _`PEM encryption`: http://www.ietf.org/rfc/rfc1423.txt .. _OpenSSH: http://www.openssh.com/txt/rfc5656.txt .. _RFC5480: https://tools.ietf.org/html/rfc5480 .. _SEC1: https://www.secg.org/sec1-v2.pdf Returns: A multi-line string (for ``'PEM'`` and ``'OpenSSH'``) or ``bytes`` (for ``'DER'``, ``'SEC1'``, and ``'raw'``) with the encoded key. format)r;DEROpenSSHSEC1rawzUnknown format '%s'r"Fr3NzEmpty passphrase use_pkcs8Tz%'pkcs8' must be True for EdDSA curvesr4z)'protection' is only supported for PKCS#8r;rSz8Private keys can only be encrpyted with DER using PKCS#8z2Private keys cannot be exported in the '%s' formatzUnexpected parameters: '%s'rUrVrr,)rrrrrrrrAr@r?r9r0r=r*r$r#rr&rQ)rrargs ext_formatr"r3rWr,r,r- export_keysZU            zEccKey.export_keyN)T)rrrrrrrrrrrrrrrrr$r&r*r0r9r=r?r@rArQrZr,r,r,r-rs6L        rcKs|d}t|}|dt}|rtdt|t|jdkr,|d}t||d}|St|jdkr?|d}t||d}|Stjd |j |d }t||d }|S) a1Generate a new private key on the given curve. Args: curve (string): Mandatory. It must be a curve name defined in the `ECC table`_. randfunc (callable): Optional. The RNG to read randomness from. If ``None``, :func:`Crypto.Random.get_random_bytes` is used. rrandfuncrrrbrrrrr)rr r[)rr) rr?rrrrrr r rF)rrrr[rnew_keyrr,r,r-generates&      r^cKs|d}t|}|dd}|dd}d|vrtdd||fvr*t||||d<tdi|}|rJd|vrJ|j|j}|j||fkrJt d|S) aBuild a new ECC key (private or public) starting from some base components. In most cases, you will already have an existing key which you can read in with :func:`import_key` instead of this function. Args: curve (string): Mandatory. The name of the elliptic curve, as defined in the `ECC table`_. d (integer): Mandatory for a private key and a NIST P-curve (e.g., P-256): the integer in the range ``[1..order-1]`` that represents the key. seed (bytes): Mandatory for a private key and an EdDSA curve. It must be 32 bytes for Ed25519, and 57 bytes for Ed448. point_x (integer): Mandatory for a public key: the X coordinate (affine) of the ECC point. point_y (integer): Mandatory for a public key: the Y coordinate (affine) of the ECC point. Returns: :class:`EccKey` : a new ECC key object rpoint_xNpoint_yrzUnknown keyword: pointz(Private and public ECC keys do not matchr,) r?rrrrrrrrr)rrrr_r`r]pub_keyr,r,r- constructs    rbc CsPtD]\}}|r|j|krn||krnq|r td|td||j}t|d}|dkrZt|dd|krCtdt |d|d}t ||dd}nG|d vrt|d|krjtdt |dd}|d |d |j  |j}|dkr| r|j|}|d kr|r|j|}ntd t|||d S) aConvert an encoded EC point into an EccKey object ec_point: byte string with the EC point (SEC1-encoded) curve_oid: string with the name the curve curve_name: string with the OID of the curve Either curve_id or curve_name must be specified Unsupported ECC curve (OID: %s)zUnsupported ECC curve (%s)rrrzIncorrect EC point lengthNrrfzIncorrect EC point encodingrr_r`)r?itemsr(rrDrrr;rr rrEsqrtr is_evenrb) ec_point curve_oidrrrr point_typerrr,r,r-_import_public_ders8      rnc Gst|\}}}d}dtfdtfd}||vr9|std|z t|j}Wn ty2tdwt||dS||vrX||\}} |rKtd|| |\} } t| | |d St d |) z4Convert a subjectPublicKeyInfo into an EccKey objectr'z 1.3.132.1.12z 1.3.132.1.13rr rrz%Missing ECC parameters for ECC OID %szError decoding namedCurverlz(Unexpected ECC parameters for ECC OID %s)r_r`rzUnsupported ECC OID: %s) r_import_ed25519_public_key_import_ed448_public_keyrr decodevaluernrbr) encodedrr(rkr) nist_p_oids eddsa_oidsrlrimport_eddsa_public_keyrrr,r,r-_import_subjectPublicKeyInfo.s*       rzcCs<tj|dd}|ddkrtdztdd|dj}|dur*||kr*td|}Wn ty6Ynw|dur?td tD] \}}|j|krNnqCtd |t |dj }|j }t ||krmtd t|} t |dkrtdd|d j} t| |d } | jj} | jj} nd} } t|| | | dS)N)rfrd) nr_elementsrrz!Incorrect ECC private key versionr+rzCurve mismatchzNo curve foundrczPrivate key is too smallrq)rrr_r`)rrtrr rur?rhr(rr payloadrDrr;r rrrnrrrrb)rvr3rlr8 parametersrr scalar_bytesrrpublic_key_encrr_r`r,r,r-_import_rfc5915_derbs<          rc Csddlm}|||\}}}d}ddd}||vr't|j}t|||S||vrD|dur3tdd}t|j } t ||| dSt d |) Nrr1rorr rpz.EdDSA ECC private key must not have parametersr\z!Unsupported ECC purpose (OID: %s)) r6r2unwrapr rtrurrr r}rbr) rvr3r2algo_oidr8r)rwrxrlrr,r,r- _import_pkcs8s   rcGst|}t|Sr)rrz)rvrsp_infor,r,r-_import_x509_certsrc Cszt||WSty}z|d}~wtttfyYnwzt||WSty4}z|d}~wtttfy?Ynwzt||WStyT}z|d}~wtttfy_Ynwzt||WStyt}z|d}~wtttfyYtdw)NzNot an ECC DER key)rzrrr IndexErrorrrr)rvr3errr,r,r- _import_dersB    rc Cs|d}t|dvrtdzt|d}g}t|dkrDtd|ddd}||dd||d|d}t|dks|d|dkrPtd|dd rt D]#\}}|j dureq[|j d slq[t |j d d }|d|kr~nq[td |t |d |jd}W|S|ddkrt|d\} } td| | d}W|Std|dtttjfytd|dw)N rezNot an openssh public keyrrdrDrzMismatch in openssh public key ecdsa-sha2- ecdsa-sha2rBrzUnsupported ECC curve: rq ssh-ed25519rrgzUnsupported SSH key type: zError parsing SSH key type: )rKr;rr a2b_base64rEunpackappend startswithr?rhrJrrnr(rrrbrrError) rvparts keystringkeypartslkrrrOecc_keyrrr,r,r-_import_openssh_publicsD         rcCsddlm}m}m}m}|||\}}ddtdfi}|dr||\} }| tvr/td| t| } | j dd } ||\} }t | d d krLt d t | d | dkrZt dt | dd| } t | d| d}||\}}t |}|| d}n/||vr||\}}}||\} }|| \} }||\}}|d|}||d}nt d|||\}}||td| |d|S)Nr)import_openssh_private_generic read_bytes read_string check_paddingrrrbrzUnsupported ECC curve %srrrrdz/Only uncompressed OpenSSH EC keys are supportedrzIncorrect public key length)rr)rrzUnsupport SSH agent key type:)r_r`r,)_opensshrrrrrrrr?rrrrr;r rrb)datapasswordrrrrkey_type decrypted eddsa_keysecdsa_curve_namerrrr_r`r8rr)rryseed_lenprivate_public_keyr_paddedr,r,r-_import_openssh_private_eccs>               rc Cst|dkr tdtd}d}t|}|dd?}|ddM<tj|dd }||kr1td |d kr7d S|d d |}|d ||d |}z%||}|||} t| |} | d @|krl|| } W| |fSW| |fSty{tdw)a~Import an Ed25519 ECC public key, encoded as raw bytes as described in RFC8032_. Args: encoded (bytes): The Ed25519 public key to import. It must be 32 bytes long. Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed. .. _RFC8032: https://datatracker.ietf.org/doc/html/rfc8032 rbz9Incorrect length. Only Ed25519 public keys are supported.rlx&(7Z/ ;(P8se:8 w6RrrrrrzInvalid Ed25519 key (y)rrrrzInvalid Ed25519 public key)r;rr rrr _tonelli_shanks rvrDrrx_lsbr`uvv_invx2r_r,r,r-rr<s4        rrc Cst|dkr tdtd}d}|dd}t|dd?}tj|dd }||kr-td |d kr3d S|d d |}|d ||d |}z%||}|||} t| |} | d @|krh|| } W| |fSW| |fStywtdw)azImport an Ed448 ECC public key, encoded as raw bytes as described in RFC8032_. Args: encoded (bytes): The Ed448 public key to import. It must be 57 bytes long. Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed. .. _RFC8032: https://datatracker.ietf.org/doc/html/rfc8032 rz7Incorrect length. Only Ed448 public keys are supported.rlVg?NrrrrzInvalid Ed448 key (y)rrrzInvalid Ed448 public key)r;rr rrr rrr,r,r-rsis2        rsc Cs`ddlm}t|}|durt|}|dr+t|}|||\}}}t||}|S|drtt|}d} d} tj| d| d |tj d }|||\} }}|rSd}zt | |}W|St yi} z| d} ~ wt yst d w|d r}t |St|dkrt|dd krt ||St|dkrt|ddvr|durt dt||dSt d)a Import an ECC key (public or private). Args: encoded (bytes or multi-line string): The ECC key to import. The function will try to automatically detect the right format. Supported formats for an ECC **public** key: * X.509 certificate: binary (DER) or ASCII (PEM). * X.509 ``subjectPublicKeyInfo``: binary (DER) or ASCII (PEM). * SEC1_ (or X9.62), as ``bytes``. NIST P curves only. You must also provide the ``curve_name`` (with a value from the `ECC table`_) * OpenSSH line, defined in RFC5656_ and RFC8709_ (ASCII). This is normally the content of files like ``~/.ssh/id_ecdsa.pub``. Supported formats for an ECC **private** key: * A binary ``ECPrivateKey`` structure, as defined in `RFC5915`_ (DER). NIST P curves only. * A `PKCS#8`_ structure (or the more recent Asymmetric Key Package, RFC5958_): binary (DER) or ASCII (PEM). * `OpenSSH 6.5`_ and newer versions (ASCII). Private keys can be in the clear or password-protected. For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. passphrase (byte string): The passphrase to use for decrypting a private key. Encryption may be applied protected at the PEM level (not recommended) or at the PKCS#8 level (recommended). This parameter is ignored if the key in input is not encrypted. curve_name (string): For a SEC1 encoding only. This is the name of the curve, as defined in the `ECC table`_. .. note:: To import EdDSA private and public keys, when encoded as raw ``bytes``, use: * :func:`Crypto.Signature.eddsa.import_public_key`, or * :func:`Crypto.Signature.eddsa.import_private_key`. Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed (possibly because the pass phrase is wrong). .. _RFC1421: https://datatracker.ietf.org/doc/html/rfc1421 .. _RFC1423: https://datatracker.ietf.org/doc/html/rfc1423 .. _RFC5915: https://datatracker.ietf.org/doc/html/rfc5915 .. _RFC5656: https://datatracker.ietf.org/doc/html/rfc5656 .. _RFC8709: https://datatracker.ietf.org/doc/html/rfc8709 .. _RFC5958: https://datatracker.ietf.org/doc/html/rfc5958 .. _`PKCS#8`: https://datatracker.ietf.org/doc/html/rfc5208 .. _`OpenSSH 6.5`: https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf .. _SEC1: https://www.secg.org/sec1-v2.pdf rr:Ns-----BEGIN OPENSSH PRIVATE KEYs-----z-----BEGIN EC PARAMETERS-----z-----END EC PARAMETERS-----z.*?r)flagsz(Invalid DER encoding inside the PEM file)rrro)rrfrdzNo curve name was provided)rzECC key format is not supported)r6r;rrrrtrresubDOTALLrrrrr;rrn) rvr3rr; text_encodedopenssh_encodedmarkerenc_flagr+ecparams_start ecparams_end der_encodeduefr,r,r- import_keysL ?        r__main__l_,)N$c hKf-5lks   $      '''''O`" 68 42!.7- , t