o e@s ddlmZddlZddlZddlZddlmZddlmZm Z m Z m Z m Z ddl mZmZddlmZddlmZmZmZmZddlmZmZmZdd lmZmZmZmZm Z m!Z!dd l"m#Z#dd l$m%Z%ed d Z&eddZ'iZ(gda)ddZ*e*[*gda+ddZ,e,[,gda-ddZ.e.[.Gddde/Z0Gddde1Z2e2e(dj3e(dj4dZ5e(dj6e5dZ7e(8e9:t)e7[5[7b)e2e(dj3e(dj4dZ;e(dj6e;dZe(8e9:t-e>[=[>b-Gd!d"d"e1Z?d#d$Z@d%d&ZAd'd(ZBd)d*ZCd@d+d,ZDd-d.ZEd/d0ZFd1d2ZGd3d4ZHd5d6ZId@d7d8ZJeKd9krddlLZLd:ZMe(djNOZPd;ZQeLLZReSeQD]ZTePeMZUqXeVdeLLZReSeQD]ZTeUeMZUqveVd?eLLeReQd=d>dSdS)A)print_functionN) namedtuple)bordtobytestostrbchr is_string) bytes_to_long long_to_bytes)Integer) DerObjectIdDerOctetString DerSequence DerBitString)_expand_subject_public_key_info_create_subject_public_key_info _extract_subject_public_key_info)load_pycryptodome_raw_lib VoidPointer SmartPointerc_size_t c_uint8_ptr c_ulonglong)get_random_bytes) getrandbitszCryptodome.PublicKey._ec_wsav typedef void EcContext; typedef void EcPoint; int ec_ws_new_context(EcContext **pec_ctx, const uint8_t *modulus, const uint8_t *b, const uint8_t *order, size_t len, uint64_t seed); void ec_free_context(EcContext *ec_ctx); int ec_ws_new_point(EcPoint **pecp, const uint8_t *x, const uint8_t *y, size_t len, const EcContext *ec_ctx); void ec_free_point(EcPoint *ecp); int ec_ws_get_xy(uint8_t *x, uint8_t *y, size_t len, const EcPoint *ecp); int ec_ws_double(EcPoint *p); int ec_ws_add(EcPoint *ecpa, EcPoint *ecpb); int ec_ws_scalar(EcPoint *ecp, const uint8_t *k, size_t len, uint64_t seed); int ec_ws_clone(EcPoint **pecp2, const EcPoint *ecp); int ec_ws_copy(EcPoint *ecp1, const EcPoint *ecp2); int ec_ws_cmp(const EcPoint *ecp1, const EcPoint *ecp2); int ec_ws_neg(EcPoint *p); int ec_ws_normalize(EcPoint *ecp); int ec_ws_is_pai(EcPoint *ecp); _Curvez7p b order Gx Gy G modulus_bits oid context desc openssh)p256 NIST P-256zP-256 prime256v1 secp256r1nistp256c Cd}d}d}d}d}t|d}t|d}t|d}t}t|t|t|t|tt|tt d} | r>t d| t | tj } tt|t|t|t|t|dd d | d d } ttt| dS) Nl?@lK`Opq^cv 3,e< 1U]>{|R*ZlQ%x +Ohbi+}s@lB11e %:f=K`wrH7gHK8hklQ~o]l+fUg+<)Z?8O?q!O @z#Error %d initializing P-256 contextz1.2.840.10045.3.1.7rzecdsa-sha2-nistp256)r r_ec_libec_ws_new_context address_ofrrlenrr ImportErrorrgetec_free_contextrr _curvesupdatedictfromkeys p256_names) pborderGxGy p256_modulusp256_b p256_orderec_p256_contextresultcontextrr<:/usr/lib/python3/dist-packages/Cryptodome/PublicKey/ECC.py init_p256c@        r>)p384 NIST P-384zP-384 prime384v1 secp384r1nistp384c Cr!) Nl~l*'#.TEbc+Z'@=D 1 "(?7N2Z_+|S/1fls)e`gwl X_[nlv|l dxRjoyU8T( :ss"nZL8k&"_Ul_!uR/sX0 @qaNQNB&JxS8KJEY K%l0r#z#Error %d initializing P-384 contextiz 1.3.132.0.34rAzecdsa-sha2-nistp384)r rr%r&r'rrr(rrr)rr*r+rr r,r-r.r/ p384_names) r1r2r3r4r5 p384_modulusp384_b p384_orderec_p384_contextr:r;r@r<r<r= init_p384r?rK)p521 NIST P-521zP-521 prime521v1 secp521r1nistp521c Cr!) Nl#l#?VQ(zO%b95~cte1oR{V;LH w>l-rZE]"Sr&Ga9}*Fl# dp"z\}[z3"nZ;PK# `7roCQl#f=xK)H-apY$3^Q n%k{;/K!u{4-{?$Od8V1l3s: l#Pf?QE$XN!85aZU WL9YLhz f$Du13otc!% pMxjRr`Br#z#Error %d initializing P-521 contexti z 1.3.132.0.35rMzecdsa-sha2-nistp521)r rr%r&r'rrr(rrr)rr*r+rr r,r-r.r/ p521_names) r1r2r3r4r5 p521_modulusp521_b p521_orderec_p521_contextr:r;rLr<r<r= init_p521r?rWc@s eZdZdS)UnsupportedEccFeatureN)__name__ __module__ __qualname__r<r<r<r=rXsrXc@seZdZdZd(ddZddZddZd d Zd d Zd dZ ddZ e ddZ e ddZ e ddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'S))EccPointa=A class to abstract a point over an Elliptic Curve. The class support special methods for: * Adding two points: ``R = S + T`` * In-place addition: ``S += T`` * Negating a point: ``R = -T`` * Comparing two points: ``if S == T: ...`` * Multiplying a point by a scalar: ``R = S*k`` * In-place multiplication by a scalar: ``T *= k`` :ivar x: The affine X-coordinate of the ECC point :vartype x: integer :ivar y: The affine Y-coordinate of the ECC point :vartype y: integer :ivar xy: The tuple with X- and Y- coordinates rc Cszt||_Wntytdt|w||_|}|jj}t||}t||}t ||ks8t ||krtdnt |j|_d|jkrU|jj ksZtd td |jj |_ dS) aCreate a new ECC key Keywords: curve : string It must be *"p256"*, *"P-256"*, *"prime256v1"* or *"secp256r1"*. d : integer Only for a private key. It must be in the range ``[1..order-1]``. point : EccPoint Mandatory for a public key. If provided for a private key, the implementation will NOT check whether it matches ``d``. rjNdrqUnknown parameters: zUnsupported curve (%s)zBEither private or public ECC component must be specified, not bothrzInvalid ECC private component) r.pop_drd TypeErrorrar,r`r^r r3descrj)rgkwargskwargs_ curve_namer<r<r=rns&      zEccKey.__init__cCs ||kr dS|j|jkS)NF) has_privatepointQ)rgotherr<r<r=rus z EccKey.__eq__cCs<|r dt|j}nd}|jj\}}d|jj|||fS)Nz, d=%dz,EccKey(curve='%s', point_x=%d, point_y=%d%s))rintrrrzr^r)rgextrarhrir<r<r=__repr__s  zEccKey.__repr__cCs |jduS)zJ``True`` if this key can be used for making signatures or decrypting data.N)rr|r<r<r=rs zEccKey.has_privatec Csd|kr |jjksJJ|jj}tjd|d}|j|}|||}|jj|j|}||||||}||fS)Nrr) min_inclusive max_exclusive)r^r3r random_rangerinverserrh) rgzkr3blindblind_d inv_blind_krsr<r<r=_signs  z EccKey._signcCsR|jj}|d|}|jj|||}|j||d|}||j|dkS)Nrr)r^r3rrrrh)rgrrsr3sinvpoint1point2r<r<r=_verifys zEccKey._verifycCs|std|jS)NzThis is not a private ECC key)rr`rr|r<r<r=rszEccKey.dcCs |jdur |jj|j|_|jSr)rdr^rrr|r<r<r=r s z EccKey.pointQcCst|jj|jdS)z^A matching ECC public key. Returns: a new :class:`EccKey` object )rjrq)rr^rrr|r<r<r= public_keyszEccKey.public_keycCsn|j}|rd|jj}t||jj|}nd|jj||jj|}d}t||t|j j S)N1.2.840.10045.2.1) rrcriis_oddrrhto_bytesrr r^oid)rgcompressrk first_byterunrestricted_oidr<r<r=_export_subjectPublicKeyInfos     z#EccKey._export_subjectPublicKeyInfoTcCsx|sJ|j}d|jj||jj|}dt|j|t|j j ddt |ddg}|s6|d=t | S)Nrrrexplicitr)rrrcrhrrir rr r^rrrencode)rginclude_ec_paramsrkrseqr<r<r=_export_private_der2s      zEccKey._export_private_dercKs`ddlm}|dddurd|vrtdd}|jdd}|j||fd t|jji|}|S) NrPKCS8 passphrase protection5At least the 'protection' parameter should be presentrF)r key_params) Cryptodome.IOrr*r`rwrapr r^r)rgrrr private_keyr:r<r<r= _export_pkcs8Ms   zEccKey._export_pkcs8cCs"ddlm}||}||dS)NrPEMz PUBLIC KEY)rrrr)rgrr encoded_derr<r<r=_export_public_pem[s   zEccKey._export_public_pemcKs*ddlm}|}|j|d|fi|S)NrrzEC PRIVATE KEY)rrrrrgrrrrr<r<r=_export_private_pemas zEccKey._export_private_pemcCs ddlm}|}||dS)Nrrz PRIVATE KEY)rrrr)rgrrr<r<r=(_export_private_clear_pkcs8_in_clear_pemgs  z/EccKey._export_private_clear_pkcs8_in_clear_pemcKsDddlm}|s Jd|vrtd|jdd|i|}||dS)NrrrrrzENCRYPTED PRIVATE KEYr<)rrr`rrrr<r<r=,_export_private_encrypted_pkcs8_in_clear_pemms  z3EccKey._export_private_encrypted_pkcs8_in_clear_pemc Cs|rtd|jj}|j}|r'd|jj}t||jj |}nd|jj ||jj |}| dd}t |t ||f}d dd|D}|dtt|S) Nz"Cannot export OpenSSH private keysrr-cSs g|] }tdt||qS)>I)structpackr().0rhr<r<r= s z*EccKey._export_openssh.. )rr`r^opensshrrcrirrrhrsplitrjoinrbinascii b2a_base64) rgrrrkrrmiddlecompsblobr<r<r=_export_opensshvs$    zEccKey._export_opensshcKs(|}|d}|dvrtd||dd}|ru|dd}t|r1t|}|s1td|d d }|d krU|rL|rH|j|fi|S|S|j|fi|S|d krq|ra|satd |rm|j dd|i|S| Std|r}td||d kr| |S|d kr| |S| |S)a Export this ECC key. Args: format (string): The format to use for encoding the key: - ``'DER'``. The key will be encoded in ASN.1 DER format (binary). For a public key, the ASN.1 ``subjectPublicKeyInfo`` structure defined in `RFC5480`_ will be used. For a private key, the ASN.1 ``ECPrivateKey`` structure defined in `RFC5915`_ is used instead (possibly within a PKCS#8 envelope, see the ``use_pkcs8`` flag below). - ``'PEM'``. The key will be encoded in a PEM_ envelope (ASCII). - ``'OpenSSH'``. The key will be encoded in the OpenSSH_ format (ASCII, public keys only). passphrase (byte string or string): The passphrase to use for protecting the private key. use_pkcs8 (boolean): Only relevant for private keys. If ``True`` (default and recommended), the `PKCS#8`_ representation will be used. If ``False``, the much weaker `PEM encryption`_ mechanism will be used. protection (string): When a private key is exported with password-protection and PKCS#8 (both ``DER`` and ``PEM`` formats), this parameter MUST be present and be a valid algorithm supported by :mod:`Cryptodome.IO.PKCS8`. It is recommended to use ``PBKDF2WithHMAC-SHA1AndAES128-CBC``. compress (boolean): If ``True``, a more compact representation of the public key with the X-coordinate only is used. If ``False`` (default), the full public key will be exported. .. warning:: If you don't provide a passphrase, the private key will be exported in the clear! .. note:: When exporting a private key with password-protection and `PKCS#8`_ (both ``DER`` and ``PEM`` formats), any extra parameters to ``export_key()`` will be passed to :mod:`Cryptodome.IO.PKCS8`. .. _PEM: http://www.ietf.org/rfc/rfc1421.txt .. _`PEM encryption`: http://www.ietf.org/rfc/rfc1423.txt .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt .. _OpenSSH: http://www.openssh.com/txt/rfc5656.txt .. _RFC5480: https://tools.ietf.org/html/rfc5480 .. _RFC5915: http://www.ietf.org/rfc/rfc5915.txt Returns: A multi-line string (for PEM and OpenSSH) or bytes (for DER) with the encoded key. format)rDEROpenSSHzUnknown format '%s'rFrNzEmpty passphrase use_pkcs8Trrz8Private keys can only be encrpyted with DER using PKCS#8z1Private keys cannot be exported in OpenSSH formatzUnexpected parameters: '%s'r<)rvrr`rrrrrrrrrrr)rgrargs ext_formatrrrr<r<r= export_keys@<         zEccKey.export_keyN)T)rYrZr[rrnrurrrrrrrrrrrrrrrrrr<r<r<r=rs,"    rcKsP|d}t|}|dt}|rtdt|tjd|j|d}t||dS)a:Generate a new private key on the given curve. Args: curve (string): Mandatory. It must be a curve name defined in :numref:`curve_names`. randfunc (callable): Optional. The RNG to read randomness from. If ``None``, :func:`Cryptodome.Random.get_random_bytes` is used. rjrandfuncrr)rrr)rjr) rr,rrrar rr3r)rrrjrrr<r<r=generates   rcKs|d}t|}|dd}|dd}d|vrtdd||fvr*t||||d<|dd}|durHd|vrH|j|}|j||fkrHtdtd i|S) a(Build a new ECC key (private or public) starting from some base components. Args: curve (string): Mandatory. It must be a curve name defined in :numref:`curve_names`. d (integer): Only for a private key. It must be in the range ``[1..order-1]``. point_x (integer): Mandatory for a public key. X coordinate (affine) of the ECC point. point_y (integer): Mandatory for a public key. Y coordinate (affine) of the ECC point. Returns: :class:`EccKey` : a new ECC key object rjpoint_xNpoint_yrqzUnknown keyword: pointrz(Private and public ECC keys do not matchr<) r,rrr\r*rrzr`r)rrrjrrrpub_keyr<r<r= construct s     rcCs0tD] \}}|j|krnqtd||j}t|d}|dkrJt|dd|kr3tdt |d|d}t ||dd}nG|dvrt|d|krZtdt |dd}|d |d |j  |j}|dkr| r|j|}|d kr|r|j|}ntd t|||d S) zConvert an encoded EC point into an EccKey object curve_name: string with the OID of the curve ec_point: byte string with the EC point (not DER encoded) Unsupported ECC curve (OID: %s)rrrzIncorrect EC point lengthN)rrzIncorrect EC point encoding)rjrr)r,itemsrrXr1rcrr(r`r from_bytesr2sqrtris_evenr) curve_oidec_pointrrjrk point_typerhrir<r<r=_import_public_der8s0     rc GsXt|\}}}d}d}d}||||fvrtd||s tdt|j}t||S)z4Convert a subjectPublicKeyInfo into an EccKey objectr 1.3.132.1.12 1.3.132.1.13!Unsupported ECC purpose (OID: %s)zMissing ECC parameters)rrXr`r decodevaluer) encodedrrrparamsrecdh_oid ecmqv_oidrr<r<r=_import_subjectPublicKeyInfogs   rcCs:tj|dd}|ddkrtdztdd|dj}|dur*||kr*td|}Wn ty6Ynw|dur?td tD] \}}|j|krNnqCtd |t |dj }|j }t ||krmtd t|} t |d krtdd|d j} t|| } | jj} | jj} nd} } t|| | | dS)N)rr) nr_elementsrrz!Incorrect ECC private key versionrrzCurve mismatchzNo curve foundrzPrivate key is too smallrr)rjrrr)rr r`r r r,rrrXr payloadr1rcr(r rrrrrhrir)rrrr parametersrrj scalar_bytesrkrpublic_key_encrrrr<r<r=_import_private_ders<          rc Cs^ddlm}|||\}}}d}d}d}||||fvr"td|t|j} t||| S)Nrrrr r r )rrunwraprXr r r r) rrralgo_oidrrrrrrr<r<r= _import_pkcs8s    rcGst|}t|Sr)rr)rrsp_infor<r<r=_import_x509_certsrc Cszt||WSty}z|d}~wtttfyYnwzt||WSty4}z|d}~wtttfy?Ynwzt||WStyT}z|d}~wtttfy_Ynwzt||WStyt}z|d}~wtttfyYtdw)NzNot an ECC DER key)rrXr`r IndexErrorrrr)rrerrr<r<r= _import_dersB    r cCst|dd}g}t|dkr7td|ddd}||dd||d|d}t|dkstD]\}}t |j dd}|d|krQnq;t dt |j |dS) N rrrrrrzUnsupported ECC curve)r a2b_base64rr(runpackappendr,rrrr`rr)r keystringkeypartslkrrjrr<r<r=_import_openssh_publics   r(cCsddlm}m}m}m}|||\}}||\}}|tvr#td|t|} | jdd} ||\} }t| ddkr@t dt | d | dkrNt d t | dd| } t | d| d} t | | |d }||\}}t |}||\}}||t|||d S) Nr)import_openssh_private_generic read_bytes read_string check_paddingzUnsupported ECC curve %srrrrz/Only uncompressed OpenSSH EC keys are supportedrzIncorrect public key length)rj)rjrrq)_opensshr)r*r+r,r,rXrrr`r(r rr\r)datapasswordr)r*r+r,ssh_name decryptednamerjrkrrrrqrr_paddedr<r<r=_import_openssh_private_eccs(      r5c Cs(ddlm}t|}|durt|}|dr+t|}|||\}}}t||}|S|drtt|}d}d} tj|d| d |tj d }|||\} }}|rSd}zt | |}W|St yi} z| d} ~ wt yst d w|d r}t |St|dkrt|dd krt ||St d)aImport an ECC key (public or private). Args: encoded (bytes or multi-line string): The ECC key to import. An ECC **public** key can be: - An X.509 certificate, binary (DER) or ASCII (PEM) - An X.509 ``subjectPublicKeyInfo``, binary (DER) or ASCII (PEM) - An OpenSSH line (e.g. the content of ``~/.ssh/id_ecdsa``, ASCII) An ECC **private** key can be: - In binary format (DER, see section 3 of `RFC5915`_ or `PKCS#8`_) - In ASCII format (PEM or `OpenSSH 6.5+`_) Private keys can be in the clear or password-protected. For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. passphrase (byte string): The passphrase to use for decrypting a private key. Encryption may be applied protected at the PEM level or at the PKCS#8 level. This parameter is ignored if the key in input is not encrypted. Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed (possibly because the pass phrase is wrong). .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt .. _RFC5915: http://www.ietf.org/rfc/rfc5915.txt .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt .. _`OpenSSH 6.5+`: https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf rrNs-----BEGIN OPENSSH PRIVATE KEYs-----z-----BEGIN EC PARAMETERS-----z-----END EC PARAMETERS-----z.*?r)flagsz(Invalid DER encoding inside the PEM files ecdsa-sha2-rEzECC key format is not supported)rrr startswithrr r5resubDOTALLr rXr`r(r(r) rrr text_encodedopenssh_encodedmarkerenc_flagr:ecparams_start ecparams_end der_encodeduefr<r<r= import_key5sD )       rC__main__l_,)N$c hKf-5lkrFrKrRrWr`rXobjectr\r4r5p256_G_replacerr-r.r/p384_Gr@p521_GrLrrrrrrrrr r(r5rCrYtimerrrvrqcountstartrangerhpointXprintr<r<r<r=s        "&&&.J,/ '2! ! X