o eq@sgdZddlZddlZddlmZddlmZmZmZddl m Z ddl m Z ddl mZddlmZmZmZdd lmZmZmZGd d d eZd#d dZd$ddZddZddZddZddZddZddZ ddZ!d%d d!Z"e"Z#d"Z$dS)&)generate construct import_keyRsaKeyoidN)Random)tobytesbordtostr) DerSequence) bytes_to_long)Integer)test_probable_primegenerate_probable_prime COMPOSITE)_expand_subject_public_key_info_create_subject_public_key_info _extract_subject_public_key_infoc@seZdZdZddZeddZeddZedd Zed d Z ed d Z eddZ ddZ ddZ ddZddZddZddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+Z . -d?d/d0ZeZeZd1d2Zd3d4Zd5d6Zd7d8Z d9d:Z!d;d<Z"d=d>Z#d-S)@raPClass defining an actual RSA key. Do not instantiate directly. Use :func:`generate`, :func:`construct` or :func:`import_key` instead. :ivar n: RSA modulus :vartype n: integer :ivar e: RSA public exponent :vartype e: integer :ivar d: RSA private exponent :vartype d: integer :ivar p: First factor of the RSA modulus :vartype p: integer :ivar q: Second factor of the RSA modulus :vartype q: integer :ivar u: Chinese remainder component (:math:`p^{-1} \text{mod } q`) :vartype u: integer :undocumented: exportKey, publickey cKst|}td}|tdB}|||fvrtd|D] \}}t|d||q||krC|j|jd|_|j|jd|_ dSdS)a.Build an RSA key. :Keywords: n : integer The modulus. e : integer The public exponent. d : integer The private exponent. Only required for private keys. p : integer The first factor of the modulus. Only required for private keys. q : integer The second factor of the modulus. Only required for private keys. u : integer The CRT coefficient (inverse of p modulo q). Only required for private keys. ne)pqduzSome RSA components are missing_N) setkeys ValueErroritemssetattr_d_p_dp_q_dq)selfkwargs input_set public_set private_set componentvaluer.:/usr/lib/python3/dist-packages/Cryptodome/PublicKey/RSA.py__init__Ns   zRsaKey.__init__cC t|jSN)int_nr'r.r.r/rl zRsaKey.ncCr1r2)r3_er5r.r.r/rpr6zRsaKey.ecC|stdt|jS)Nz-No private exponent available for public keys) has_privateAttributeErrorr3r"r5r.r.r/rt zRsaKey.dcCr8)Nz.No CRT component 'p' available for public keys)r9r:r3r#r5r.r.r/rzr;zRsaKey.pcCr8)Nz.No CRT component 'q' available for public keys)r9r:r3r%r5r.r.r/rr;zRsaKey.qcCr8)Nz.No CRT component 'u' available for public keys)r9r:r3_ur5r.r.r/rr;zRsaKey.ucCs |jS)zSize of the RSA modulus in bitsr4 size_in_bitsr5r.r.r/r>r6zRsaKey.size_in_bitscCs|jdddS)z9The minimal amount of bytes that can hold the RSA modulusrr=r5r.r.r/ size_in_bytesszRsaKey.size_in_bytescCs>d|kr|jkstdtdttt||j|jS)NrzPlaintext too large)r4rr3powr r7)r' plaintextr.r.r/_encrypts zRsaKey._encryptc Csd|kr|jkstdtd|stdtjd|jd}t|t||j|j|j}t||j|j }t||j |j }|||j |j }||j |}t ||j||j}|S)NrzCiphertext too largezThis is not a private keyr) min_inclusive max_exclusive)r4rr9 TypeErrorr random_rangerAr7r$r#r&r%r<_mult_modulo_bytesinverse) r' ciphertextrcpm1m2hmpresultr.r.r/_decrypt_to_bytess$ zRsaKey._decrypt_to_bytescCst||S)zLegacy private method)r rRr'rJr.r.r/_decryptszRsaKey._decryptcCs t|dS)z"Whether this is an RSA private keyr")hasattrr5r.r.r/r9s zRsaKey.has_privatecCdSNTr.r5r.r.r/ can_encryptzRsaKey.can_encryptcCrVrWr.r5r.r.r/can_signrYzRsaKey.can_signcCst|j|jdS)z^A matching RSA public key. Returns: a new :class:`RsaKey` object r)rr4r7r5r.r.r/ public_keyszRsaKey.public_keycCsH||kr dS|j|jks|j|jkrdS|sdS|j|jkS)NFT)r9rrrr'otherr.r.r/__eq__s z RsaKey.__eq__cCs ||k Sr2r.r\r.r.r/__ne__s z RsaKey.__ne__cCsddlm}|)Nr) PicklingError)pickler`)r'r`r.r.r/ __getstate__s zRsaKey.__getstate__cCsP|rdt|jt|jt|jt|jf}nd}dt|jt|j|fS)Nz, d=%d, p=%d, q=%d, u=%dzRsaKey(n=%d, e=%d%s))r9r3r"r#r%r<r4r7)r'extrar.r.r/__repr__s zRsaKey.__repr__cCs"|rd}nd}d|t|fS)NPrivatePublicz%s RSA key at 0x%X)r9id)r'key_typer.r.r/__str__szRsaKey.__str__PEMNrc Cs|durt|}|durtj}|dkrRdd|j|jfD\}}t|dd@r,d|}t|dd@r8d|}d||g}d d d|D} d t| dd S| rt d|j |j |j |j|j|j |jd |j |jd t|j|jg } |d krd} |dkr|rtdn6ddlm} |dkr|durd} | | td} nd} |sd}| | t||} d}n d} ttt |j |j g} |dkr| S|dkrddlm} | | | ||}t|Std|)a5 Export this RSA key. Args: format (string): The format to use for wrapping the key: - *'PEM'*. (*Default*) Text encoding, done according to `RFC1421`_/`RFC1423`_. - *'DER'*. Binary encoding. - *'OpenSSH'*. Textual encoding, done according to OpenSSH specification. Only suitable for public keys (not private keys). passphrase (string): (*For private keys only*) The pass phrase used for protecting the output. pkcs (integer): (*For private keys only*) The ASN.1 structure to use for serializing the key. Note that even in case of PEM encoding, there is an inner ASN.1 DER structure. With ``pkcs=1`` (*default*), the private key is encoded in a simple `PKCS#1`_ structure (``RSAPrivateKey``). With ``pkcs=8``, the private key is encoded in a `PKCS#8`_ structure (``PrivateKeyInfo``). .. note:: This parameter is ignored for a public key. For DER and PEM, an ASN.1 DER ``SubjectPublicKeyInfo`` structure is always used. protection (string): (*For private keys only*) The encryption scheme to use for protecting the private key. If ``None`` (default), the behavior depends on :attr:`format`: - For *'DER'*, the *PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC* scheme is used. The following operations are performed: 1. A 16 byte Triple DES key is derived from the passphrase using :func:`Cryptodome.Protocol.KDF.PBKDF2` with 8 bytes salt, and 1 000 iterations of :mod:`Cryptodome.Hash.HMAC`. 2. The private key is encrypted using CBC. 3. The encrypted key is encoded according to PKCS#8. - For *'PEM'*, the obsolete PEM encryption scheme is used. It is based on MD5 for key derivation, and Triple DES for encryption. Specifying a value for :attr:`protection` is only meaningful for PKCS#8 (that is, ``pkcs=8``) and only if a pass phrase is present too. The supported schemes for PKCS#8 are listed in the :mod:`Cryptodome.IO.PKCS8` module (see :attr:`wrap_algo` parameter). randfunc (callable): A function that provides random bytes. Only used for PEM encoding. The default is :func:`Cryptodome.Random.get_random_bytes`. Returns: byte string: the encoded key Raises: ValueError:when the format is unknown or when you try to encrypt a private key with *DER* format and PKCS#1. .. warning:: If you don't provide a pass phrase, the private key will be exported in the clear! .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt .. _`PKCS#1`: http://www.ietf.org/rfc/rfc3447.txt .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt NOpenSSHcSsg|]}|qSr.)to_bytes.0xr.r.r/ >sz%RsaKey.export_key..rsssh-rsacSs g|] }tdt||qS)>I)structpacklen)rokpr.r.r/rqDs ssh-rsa rzRSA PRIVATE KEYDERz&PKCS#1 private key cannot be encryptedPKCS8rkz PRIVATE KEYzENCRYPTED PRIVATE KEYz"PBKDF2WithHMAC-SHA1AndDES-EDE3-CBCz PUBLIC KEYrkz3Unknown key format '%s'. Cannot export the RSA key.)rrget_random_bytesr7r4r joinbinascii b2a_base64r9r rrrrrr rIencoder Cryptodome.IOr~wraprrrk)r'format passphrasepkcs protectionrandfunce_bytesn_byteskeyparts keystring binary_keyrir~rkpem_strr.r.r/ export_keysnM       zRsaKey.export_keycCtdNz0Use module Cryptodome.Signature.pkcs1_15 insteadNotImplementedError)r'MKr.r.r/sign{z RsaKey.signcCrrr)r'r signaturer.r.r/verify~rz RsaKey.verifycCrNz/Use module Cryptodome.Cipher.PKCS1_OAEP insteadr)r'rBrr.r.r/encryptrzRsaKey.encryptcCrrrrSr.r.r/decryptrzRsaKey.decryptcCtr2rr'rBr.r.r/blindrYz RsaKey.blindcCrr2rrr.r.r/unblindrYzRsaKey.unblindcCrr2rr5r.r.r/sizerYz RsaKey.size)rkNrNN)$__name__ __module__ __qualname____doc__r0propertyrrrrrrr>r@rCrRrTr9rXrZr[r^r_rbrerjr exportKey publickeyrrrrrrrr.r.r.r/r4sT         rc sv|dkrtdddksdkrtd|durtj}td}}t||kr|d|d>kr|d}||}tdd|d>||kr[tdd|d>fd d }t|||d td|dd >fd d}t|||d } | }d| d} | }||kr|d|d>ks5| kr| } | } t ||| | dS)a4Create a new RSA key pair. The algorithm closely follows NIST `FIPS 186-4`_ in its sections B.3.1 and B.3.3. The modulus is the product of two non-strong probable primes. Each prime passes a suitable number of Miller-Rabin tests with random bases and a single Lucas test. Args: bits (integer): Key length, or size (in bits) of the RSA modulus. It must be at least 1024, but **2048 is recommended.** The FIPS standard only defines 1024, 2048 and 3072. randfunc (callable): Function that returns random bytes. The default is :func:`Cryptodome.Random.get_random_bytes`. e (integer): Public RSA exponent. It must be an odd positive integer. It is typically a small number with very few ones in its binary representation. The FIPS standard requires the public exponent to be at least 65537 (the default). Returns: an RSA key object (:class:`RsaKey`, with private key). .. _FIPS 186-4: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf iz"RSA modulus length must be >= 1024rzBRSA public exponent must be a positive, odd integer larger than 2.Nrcs|ko |ddkSNr)gcd candidate)rmin_pr.r/filter_pszgenerate..filter_p) exact_bitsr prime_filterdcs*|ko|ddkot|kSr)rabsr)r min_distancemin_qrr.r/filter_qs zgenerate..filter_qrrrrrr) rrrr r>sqrtrlcmrIr) bitsrrrrsize_qsize_prrrrrr.)rrrrrr/rsB  !  rTcCsGdddt}|}td|D] \}}t||t|q|j}|j}t|ds/t||d}n|j} t|dr>|j } |j } nt| |d} | } | dd krV| d} | dd ksLd }td}|s|d krt| }|| krt |||}|dkr||dkrt |d|dkrt| |d} d }n|d9}|| ksj|d7}|s|d ksb|st d || d ksJ|| } t|dr|j}n| | }t||| | | |d}|rq|dks||krt dt| |dkrt d|d@st d|rq| dks| |krt dt| | dkr t d| | |krt dt| tkr#t dt| tkr.t d| d| d}|| d | d}|| t|dkrPt dt|drq|dks`|| krdt d| || dkrqt d|S)a!Construct an RSA key from a tuple of valid RSA components. The modulus **n** must be the product of two primes. The public exponent **e** must be odd and larger than 1. In case of a private key, the following equations must apply: .. math:: \begin{align} p*q &= n \\ e*d &\equiv 1 ( \text{mod lcm} [(p-1)(q-1)]) \\ p*u &\equiv 1 ( \text{mod } q) \end{align} Args: rsa_components (tuple): A tuple of integers, with at least 2 and no more than 6 items. The items come in the following order: 1. RSA modulus *n*. 2. Public exponent *e*. 3. Private exponent *d*. Only required if the key is private. 4. First factor of *n* (*p*). Optional, but the other factor *q* must also be present. 5. Second factor of *n* (*q*). Optional. 6. CRT coefficient *q*, that is :math:`p^{-1} \text{mod }q`. Optional. consistency_check (boolean): If ``True``, the library will verify that the provided components fulfil the main RSA properties. Raises: ValueError: when the key being imported fails the most basic RSA validity checks. Returns: An RSA key object (:class:`RsaKey`). c@s eZdZdS)zconstruct..InputCompsN)rrrr.r.r.r/ InputComps srrrrrrrrFrTz2Unable to compute factors p and q from exponent d.rzInvalid RSA public exponentz-RSA public exponent is not coprime to moduluszRSA modulus is not oddzInvalid RSA private exponentz.RSA private exponent is not coprime to modulusz RSA factors do not match moduluszRSA factor p is compositezRSA factor q is compositezInvalid RSA conditionzInvalid RSA component uzInvalid RSA component u with p)objectzipr!r rrrUrrrrrArrrrIr9rrr3)rsa_componentsconsistency_checkr input_compscompr-rrkeyrrrktottspottedakcandrphirr.r.r/rs(       $     rcGsNtj|ddd}|ddkrtdt|ddt|d|d gS) N T nr_elementsonly_ints_expectedrz(No PKCS#1 encoding of an RSA private keyr)r decoderrr rIencodedr(derr.r.r/_import_pkcs1_privateqs (rcGstj|ddd}t|S)NrTr)r rrrr.r.r/_import_pkcs1_publicsrcGs.t|\}}}|tks|durtdt|S)NzNo RSA subjectPublicKeyInfo)rrrr)rr(algoid encoded_keyparamsr.r.r/_import_subjectPublicKeyInfosrcGst|}t|Sr2)rr)rr(sp_infor.r.r/_import_x509_certsrcCs:ddlm}|||}|dtkrtdt|d|S)Nrr}zNo PKCS#8 encoded RSA keyr)rr~unwraprr_import_keyDER)rrr~rr.r.r/ _import_pkcs8s   rc CsBtttttf}|D]}z|||WStyYq wtd)z@Import an RSA key (public or private half), encoded in DER form.RSA key format is not supported)rrrrrr) extern_keyr decodingsdecodingr.r.r/rs rcCsddlm}m}m}m}|||\}}|dkrtd||\}}||\} }||\} }||\} }||\} }||\} }||\}}||dd|| | | | | fD}t|S)Nr)import_openssh_private_generic read_bytes read_string check_paddingzssh-rsazThis SSH key is not RSAcSsg|]}t|qSr.)r from_bytesrnr.r.r/rqsz/_import_openssh_private_rsa..)_opensshrrrrrr)datapasswordrrrrssh_name decryptedrrriqmprrrpaddedbuildr.r.r/_import_openssh_private_rsas       rcCsVddlm}t|}|durt|}|dr+t|}|||\}}}t||}|S|drD|t||\}}}|r?d}t||S|drt | dd} g} t | d krt d | dd d} | | d d | | d | d} t | d ks[t| d} t| d } t| | gSt |dkrt|dd krt||Std )aImport an RSA key (public or private). Args: extern_key (string or byte string): The RSA key to import. The following formats are supported for an RSA **public key**: - X.509 certificate (binary or PEM format) - X.509 ``subjectPublicKeyInfo`` DER SEQUENCE (binary or PEM encoding) - `PKCS#1`_ ``RSAPublicKey`` DER SEQUENCE (binary or PEM encoding) - An OpenSSH line (e.g. the content of ``~/.ssh/id_ecdsa``, ASCII) The following formats are supported for an RSA **private key**: - PKCS#1 ``RSAPrivateKey`` DER SEQUENCE (binary or PEM encoding) - `PKCS#8`_ ``PrivateKeyInfo`` or ``EncryptedPrivateKeyInfo`` DER SEQUENCE (binary or PEM encoding) - OpenSSH (text format, introduced in `OpenSSH 6.5`_) For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. passphrase (string or byte string): For private keys only, the pass phrase that encrypts the key. Returns: An RSA key object (:class:`RsaKey`). Raises: ValueError/IndexError/TypeError: When the given key cannot be parsed (possibly because the pass phrase is wrong). .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt .. _`PKCS#1`: http://www.ietf.org/rfc/rfc3447.txt .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt .. _`OpenSSH 6.5`: https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf rrNs-----BEGIN OPENSSH PRIVATE KEYs-----rz rrrur0r)rrkr startswithr rrrr a2b_base64splitrxrvunpackappendr rrr r)rrrk text_encodedopenssh_encodedmarkerenc_flagrQrrrlengthrrr.r.r/rs8 )         rz1.2.840.113549.1.1.1)Nr)Tr2)%__all__rrv CryptodomerCryptodome.Util.py3compatrr r Cryptodome.Util.asn1r Cryptodome.Util.numberr Cryptodome.Math.Numbersr Cryptodome.Math.PrimalityrrrCryptodome.PublicKeyrrrrrrrrrrrrrrr importKeyrr.r.r.r/s4     _ Q   P