o n~bW@sgdZddlZddlZddlZddlmZmZmZmZm Z ddl m Z ddl m Z mZddlmZddlmZmZmZmZmZddlmZdd lmZmZmZdd lmZmZm Z Gd d d e!Z"d dZ#d!ddZ$d"ddZ%ddZ&ddZ'ddZ(ddZ)ddZ*d#ddZ+e+Z,d Z-dS)$)generate constructDsaKey import_keyN)bchrbordtobytestostr iter_range)Random)PKCS8PEM)SHA256) DerObject DerSequence DerInteger DerObjectId DerBitString)Integer)test_probable_prime COMPOSITEPROBABLY_PRIME)_expand_subject_public_key_info_create_subject_public_key_info _extract_subject_public_key_infoc@seZdZdZgdZddZddZddZd d Zd d Z d dZ ddZ ddZ ddZ ddZddZddZddZ  d/dd ZeZe Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.ZdS)0raClass defining an actual DSA key. Do not instantiate directly. Use :func:`generate`, :func:`construct` or :func:`import_key` instead. :ivar p: DSA modulus :vartype p: integer :ivar q: Order of the subgroup :vartype q: integer :ivar g: Generator :vartype g: integer :ivar y: Public key :vartype y: integer :ivar x: Private key :vartype x: integer :undocumented: exportKey, publickey ygpqxcCspt|}td}||stdt||||}|r1|tdkr1tdt|tdt||_dS)Nrrrrz$Some DSA components are missing = %sr zUnknown DSA components = %s)setkeysissubset ValueErrorstrdict_key)selfkey_dictZ input_setZ public_setZ extra_setr,C/usr/local/lib/python3.10/dist-packages/Cryptodome/PublicKey/DSA.py__init__gs   zDsaKey.__init__c sstdd|krjkstdtdfdddD\}}}}tjd|d}|||}||} t||||} |||| | |} tt | | fS)Nz)DSA public key cannot be used for signingzk is not between 2 and q-1cg|]}j|qSr,r).0compr*r,r- yz DsaKey._sign..)r rrr)Z min_inclusiveZ max_exclusive) has_private TypeErrorrr&rZ random_rangeinversepowmapint) r*mkr rrrZ blind_factorZ inv_blind_kZblind_xrsr,r5r-_signssz DsaKey._signc s|\}}fdddD\}}}}d|kr|kr*ndSd|kr)|ks,dSdSt||} | ||} | ||} t|| |t|| |||} | |kS)Ncr0r,r1r2r5r,r-r6r7z"DsaKey._verify..)rrrrrF)rr:r;) r*r>sigr@rArrrrwu1u2vr,r5r-_verifys   zDsaKey._verifycCs d|jvS)z!Whether this is a DSA private keyr r1r5r,r,r-r8s zDsaKey.has_privatecCdS)NFr,r5r,r,r- can_encryptzDsaKey.can_encryptcCrI)NTr,r5r,r,r-can_signrKzDsaKey.can_signcstfdddD}t|S)z^A matching DSA public key. Returns: a new :class:`DsaKey` object c3s|] }|j|fVqdSNr1)r3r?r5r,r- sz$DsaKey.public_key..r!)r(r)r*Zpublic_componentsr,r5r- public_keyszDsaKey.public_keycCsPt|t|krdSd}|jD]}|o$t|j|dt|j|dk}q|S)NFT)boolr8_keydatagetattrr))r*otherresultr4r,r,r-__eq__s  z DsaKey.__eq__cCs || SrM)rU)r*rSr,r,r-__ne__s z DsaKey.__ne__cCsddlm}|)Nr) PicklingError)picklerW)r*rWr,r,r- __getstate__s zDsaKey.__getstate__csfdddDS)zPThe DSA domain parameters. Returns tuple : (p,q,g) csg|] }tj|qSr,)r=r)r2r5r,r-r6z!DsaKey.domain..)rrrr,r5r,r5r-domainsz DsaKey.domaincCszg}|jD] }|dkrt|j}|d|fqt||r%||q|r/|dd|jjt |d |fS)Nrzp(%d)privatez <%s @0x%x %s>,) rQrr size_in_bitsappendhasattrr8 __class____name__idjoin)r*attrsr?bitsr,r,r-__repr__s    zDsaKey.__repr__cCs(zt|j|WStyt|wrM)r=r)KeyErrorAttributeError)r*itemr,r,r- __getattr__s  zDsaKey.__getattr__r Ncs|durt|}|durtj}|dkrCfdddD}ddfdd|D}d g|}d d d|D} d t| dd Stjjj g}  r|durWd}|ry|s]d}t j  } tj| t||| |d} |rtd} nd} d}n1|dkr|rtddjjj jj g}t| } d} n|rtdttt j| } d} |dkr| S|dkrt | | d||}t|Std|)aExport this DSA key. Args: format (string): The encoding for the output: - *'PEM'* (default). ASCII as per `RFC1421`_/ `RFC1423`_. - *'DER'*. Binary ASN.1 encoding. - *'OpenSSH'*. ASCII one-liner as per `RFC4253`_. Only suitable for public keys, not for private keys. passphrase (string): *Private keys only*. The pass phrase to protect the output. pkcs8 (boolean): *Private keys only*. If ``True`` (default), the key is encoded with `PKCS#8`_. If ``False``, it is encoded in the custom OpenSSL/OpenSSH container. protection (string): *Only in combination with a pass phrase*. The encryption scheme to use to protect the output. If :data:`pkcs8` takes value ``True``, this is the PKCS#8 algorithm to use for deriving the secret and encrypting the private DSA key. For a complete list of algorithms, see :mod:`Cryptodome.IO.PKCS8`. The default is *PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC*. If :data:`pkcs8` is ``False``, the obsolete PEM encryption scheme is used. It is based on MD5 for key derivation, and Triple DES for encryption. Parameter :data:`protection` is then ignored. The combination ``format='DER'`` and ``pkcs8=False`` is not allowed if a passphrase is present. randfunc (callable): A function that returns random bytes. By default it is :func:`Cryptodome.Random.get_random_bytes`. Returns: byte string : the encoded key Raises: ValueError : when the format is unknown or when you try to encrypt a private key with *DER* format and OpenSSL/OpenSSH. .. warning:: If you don't provide a pass phrase, the private key will be exported in the clear! .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt .. _RFC4253: http://www.ietf.org/rfc/rfc4253.txt .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt NZOpenSSHcsg|] }j|qSr,)r)to_bytesr3r r5r,r-r6rZz%DsaKey.export_key..)rrrrcSs t|dd@rtd|S|S)Nr)rrr"r,r,r-funcs zDsaKey.export_key..funccsg|]}|qSr,r,rm)ror,r-r6ssh-dsscSs g|] }tdt||qS)>I)structpacklen)r3kpr,r,r-r6 ssh-dss Tz"PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC)Z key_paramsrandfunczENCRYPTED PRIVATEZPRIVATEr z#DSA private key cannot be encryptedrz DSA PRIVATEz*PKCS#8 is only meaningful for private keysZPUBLICZDERz KEYz3Unknown key format '%s'. Cannot export the DSA key.)rr get_random_bytesrdbinascii b2a_base64rrrrr8rr encoder wrapoidr&rrr )r*formatZpkcs8 passphraseZ protectionr{Ztup1Ztup2keyparts keystringparamsZ private_keyZ binary_keyZkey_typeZintsZpem_strr,)ror*r- export_keysd;      zDsaKey.export_keycCtdNz+Use module Cryptodome.Signature.DSS insteadNotImplementedError)r*MKr,r,r-signUz DsaKey.signcCrrr)r*r signaturer,r,r-verifyXrz DsaKey.verifycCtrMr)r* plaintextrr,r,r-encrypt[rKzDsaKey.encryptcCrrMr)r*Z ciphertextr,r,r-decrypt^rKzDsaKey.decryptcCrrMrr*rBr,r,r-blindarKz DsaKey.blindcCrrMrrr,r,r-unblinddrKzDsaKey.unblindcCrrMrr5r,r,r-sizegrKz DsaKey.size)r NNNN)rb __module__ __qualname____doc__rQr.rBrHr8rJrLrOrUrVrYr[rgrkrZ exportKeyZ publickeyrrrrrrrr,r,r,r-rNs8       ~ rcsdddd|}|durtd|tjd|dd}|d|}td }d|d>}t||tkrZ|d tt |d@}||BdB}t||tks;| |ksbJdd|d>} fd d t |dDdd Dt fdd t |D|d|>d@d|>}t||} | |ksJ| |d} | | d} | |krt| |tkrn|d7qk| d|} t dD]&} dtdt| }tt| }t|| | }|dkrnq| ||fS)z+Generate a new set of DSA domain parameters) NzInvalid modulus length (%d)r/@Tcs*g|]}tt|qSr,)rnewrrldigest)r3j)offsetseedr,r-r6s"z$_generate_domain..cSsg|]}t|qSr,r from_bytes)r3rGr,r,r-r6r7cs g|] }|d|>qS)r/r,)r3i)Voutlenr,r-r6rxsggen)getr&r digest_sizerrrrrrr^r sum itertoolscountrrlr;)Lr{NnZb_rZ upper_bitUWXcrerrr,)rrrrr-_generate_domainksV                rcCsH|durtj}|rDtt|\}}}t|tk}|t|tkO}||d|dkO}||dkp1||kO}|t|||dkO}|rCtdn t||\}}}}| }| } ||kratd||f|| fdvrotd|| fd|kr||kstdtdtj | d |d } | |dd} t|| |} | |||| d } t | S) aGenerate a new DSA key pair. The algorithm follows Appendix A.1/A.2 and B.1 of `FIPS 186-4`_, respectively for domain generation and key pair generation. Args: bits (integer): Key length, or size (in bits) of the DSA modulus *p*. It must be 1024, 2048 or 3072. randfunc (callable): Random number generation function; it accepts a single integer N and return a string of random data N bytes long. If not specified, :func:`Cryptodome.Random.get_random_bytes` is used. domain (tuple): The DSA domain parameters *p*, *q* and *g* as a list of 3 integers. Size of *p* and *q* must comply to `FIPS 186-4`_. If not specified, the parameters are created anew. Returns: :class:`DsaKey` : a new DSA key object Raises: ValueError : when **bits** is too little, too big, or not a multiple of 64. .. _FIPS 186-4: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf Nr/rzInvalid DSA domain parametersz?Mismatch between size of modulus (%d) and 'bits' parameter (%d)))rr)rr)rr)rrz;Lengths of p and q (%d, %d) are not compatibleto FIPS 186-3zIncorrent DSA generatorr)Z exact_bitsr{r) r r|r<rrrr;r&rr^randomr)rfr{r[rrr fmt_error_rrrr rr+r,r,r-rs@   rTcCsttdtt|}t|}d}|rut|jtk}|t|jtkO}||jd|jdkO}||j dkp9|j |jkO}|t |j |j|jdkO}||j dkpS|j |jkO}t |dru||j dkpe|j |jkO}|t |j |j |j|j kO}|r{td|S)aConstruct a DSA key from a tuple of valid DSA components. Args: tup (tuple): A tuple of long integers, with 4 or 5 items in the following order: 1. Public key (*y*). 2. Sub-group generator (*g*). 3. Modulus, finite field order (*p*). 4. Sub-group order (*q*). 5. Private key (*x*). Optional. consistency_check (boolean): If ``True``, the library will verify that the provided components fulfil the main DSA properties. Raises: ValueError: when the key being imported fails the most basic DSA validity checks. Returns: :class:`DsaKey` : a DSA key object rFr/rr zInvalid DSA key components)r(zipr<rrrrrrrr;rr`r r&)tupZconsistency_checkr+keyrr,r,r-rs  rcsL|rtdtj|dddddkrtdfddd D}t|S) Nz-DSA private key already comes with parametersT)Z nr_elementsZonly_ints_expectedrzNo version foundcsg|]}|qSr,r,r2derr,r-r6'rpz+_import_openssl_private..)rr/r)r&rdecoder)encodedrrrr,rr-_import_openssl_private!s rc Csjt|\}}}|tkrtd|r|rtdt|j}tt|p%|\}}} || ||f} t| S)NzNo DSA subjectPublicKeyInfozToo many DSA parameters) rrr&rrvaluelistrr) rrrZalgoidZ encoded_keyZ emb_paramsrrrrrr,r,r-_import_subjectPublicKeyInfo+s rcCst|}t|d|SrM)rr)rrrZsp_infor,r,r-_import_x509_cert9s rc Csv|rtdt||}|dtkrtdt|dj}tt|d\}}}t |||||||f}t |S)Nz"PKCS#8 already includes parametersrzNo PKCS#8 encoded DSA keyr/r) r&r unwraprrrrrrr;r) rrrr?r rrrrr,r,r- _import_pkcs8?s  rc CsBttttf}|D]}z ||||WStyYqwtd)z?Import a DSA key (public or private half), encoded in DER form.DSA key format is not supported)rrrrr&)Zkey_datarrZ decodingsZdecodingr,r,r-_import_key_derKs rcst|}|dur t|}|dr&tt||\}}}|r d}t||dS|drut|dd}gt |dkrbt d|ddd} |dd||d|d}t |dks=dd krufd d d D}t |St |dkrt|dd krt||dStd)aImport a DSA key. Args: extern_key (string or byte string): The DSA key to import. The following formats are supported for a DSA **public** key: - X.509 certificate (binary DER or PEM) - X.509 ``subjectPublicKeyInfo`` (binary DER or PEM) - OpenSSH (ASCII one-liner, see `RFC4253`_) The following formats are supported for a DSA **private** key: - `PKCS#8`_ ``PrivateKeyInfo`` or ``EncryptedPrivateKeyInfo`` DER SEQUENCE (binary or PEM) - OpenSSL/OpenSSH custom format (binary or PEM) For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. passphrase (string): In case of an encrypted private key, this is the pass phrase from which the decryption key is derived. Encryption may be applied either at the `PKCS#8`_ or at the PEM level. Returns: :class:`DsaKey` : a DSA key object Raises: ValueError : when the given key cannot be parsed (possibly because the pass phrase is wrong). .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt .. _RFC4253: http://www.ietf.org/rfc/rfc4253.txt .. _PKCS#8: http://www.ietf.org/rfc/rfc5208.txt Ns-----ry r/rrsrrqcsg|] }t|qSr,rrmrr,r-r6rZzimport_key..)rrr/r0r)r startswithr rr rr} a2b_base64splitrvrtunpackr_rrr&)Z extern_keyrrmarkerZenc_flagrlengthrr,rr-r\s,(      rz1.2.840.10040.4.1)NN)TrM).__all__r}rtrZCryptodome.Util.py3compatrrrr r Z Cryptodomer Z Cryptodome.IOr r ZCryptodome.HashrZCryptodome.Util.asn1rrrrrZCryptodome.Math.NumbersrZCryptodome.Math.PrimalityrrrZCryptodome.PublicKeyrrrobjectrrrrrrrrrrZ importKeyrr,r,r,r-s4     5 I8  G