o n~b@sddlmZddlZddlZddlZddlmZddlmZm Z m Z m Z m Z ddl mZmZddlmZddlmZmZmZmZddlmZmZmZdd lmZmZmZmZm Z m!Z!dd l"m#Z#dd l$m%Z%ed d Z&eddZ'iZ(gda)ddZ*e*[*gda+ddZ,e,[,gda-ddZ.e.[.gda/ddZ0e0[0gda1ddZ2e2[2Gdd d e3Z4Gd!d"d"e5Z6e6e(d#j7e(d#j8d#Z9e(d#j:e9d$Z;e(t)e;[9[;b)e6e(d%j7e(d%j8d%Z?e(d%j:e?d$Z@e(t+e@[?[@b+e6e(d&j7e(d&j8d&ZAe(d&j:eAd$ZBe(t-eB[A[Bb-e6e(d'j7e(d'j8d'ZCe(d'j:eCd$ZDe(t/eD[C[Db/e6e(d(j7e(d(j8d(ZEe(d(j:eEd$ZFe(t1eF[E[Fb1Gd)d*d*e5ZGd+d,ZHd-d.ZIdHd/d0ZJd1d2ZKdId3d4ZLd5d6ZMd7d8ZNd9d:ZOd;d<ZPd=d>ZQdHd?d@ZReSdAkrddlTZTdBZUe(d&jVWZXdCZYeTTZZe[eYD]Z\eXeUZ]qe^dDeTTeZeYdEdFeTTZZe[eYD]Z\e]eUZ]qe^dGeTTeZeYdEdFdSdS)J)print_functionN) namedtuple)bordtobytestostrbchr is_string) bytes_to_long long_to_bytes)Integer) DerObjectIdDerOctetString DerSequence DerBitString)_expand_subject_public_key_info_create_subject_public_key_info _extract_subject_public_key_info)load_pycryptodome_raw_lib VoidPointer SmartPointerc_size_t c_uint8_ptr c_ulonglong)get_random_bytes) getrandbitszCryptodome.PublicKey._ec_wsav typedef void EcContext; typedef void EcPoint; int ec_ws_new_context(EcContext **pec_ctx, const uint8_t *modulus, const uint8_t *b, const uint8_t *order, size_t len, uint64_t seed); void ec_free_context(EcContext *ec_ctx); int ec_ws_new_point(EcPoint **pecp, const uint8_t *x, const uint8_t *y, size_t len, const EcContext *ec_ctx); void ec_free_point(EcPoint *ecp); int ec_ws_get_xy(uint8_t *x, uint8_t *y, size_t len, const EcPoint *ecp); int ec_ws_double(EcPoint *p); int ec_ws_add(EcPoint *ecpa, EcPoint *ecpb); int ec_ws_scalar(EcPoint *ecp, const uint8_t *k, size_t len, uint64_t seed); int ec_ws_clone(EcPoint **pecp2, const EcPoint *ecp); int ec_ws_copy(EcPoint *ecp1, const EcPoint *ecp2); int ec_ws_cmp(const EcPoint *ecp1, const EcPoint *ecp2); int ec_ws_neg(EcPoint *p); int ec_ws_normalize(EcPoint *ecp); int ec_ws_is_pai(EcPoint *ecp); _Curvez7p b order Gx Gy G modulus_bits oid context desc openssh)p192 NIST P-192zP-192Z prime192v1Z secp192r1Znistp192c Cd}d}d}d}d}t|d}t|d}t|d}t}t|t|t|t|tt|tt d} | r>t d| t | tj } tt|t|t|t|t|dd d | d d } ttt| dS) Nl l 9{uDjSg9g(Bl 1(i&^#a;l +'1t:_|v!a:@ml H<^W]dZ{cxW\Iq@z#Error %d initializing P-192 contextz1.2.840.10045.3.1.1rzecdsa-sha2-nistp192)r r_ec_libec_ws_new_context address_ofrrlenrr ImportErrorrgetec_free_contextrr _curvesupdatedictfromkeys p192_names) pborderGxGyZ p192_modulusZp192_bZ p192_orderZec_p192_contextresultcontextrr5C/usr/local/lib/python3.10/dist-packages/Cryptodome/PublicKey/ECC.py init_p192c@        r7)p224 NIST P-224zP-224Z prime224v1Z secp224r1Znistp224c Cr) Nl?lF eY8 w-X"PVd/%PP!-l=*8%(?l!"X!#BXtJ9!'|%VA-l4~ f&Dv@h!fE0m9_ qlM/r z#Error %d initializing P-224 contextz 1.3.132.0.33r:zecdsa-sha2-nistp224)r rr"r#r$rrr%rrr&rr'r(rr r)r*r+r, p224_names) r.r/r0r1r2Z p224_modulusZp224_bZ p224_orderZec_p224_contextr3r4r9r5r5r6 init_p224r8r>)p256 NIST P-256zP-256Z prime256v1Z secp256r1Znistp256c Cr) Nl?@lK`Opq^cv 3,e< 1U]>{|R*ZlQ%x +Ohbi+}s@lB11e %:f=K`wrH7gHK8hklQ~o]l+fUg+<)Z?8O?q!O r z#Error %d initializing P-256 contextz1.2.840.10045.3.1.7r@zecdsa-sha2-nistp256)r rr"r#r$rrr%rrr&rr'r(rr r)r*r+r, p256_names) r.r/r0r1r2Z p256_modulusZp256_bZ p256_orderZec_p256_contextr3r4r?r5r5r6 init_p256r8rD)p384 NIST P-384zP-384Z prime384v1Z secp384r1Znistp384c Cr) Nl~l*'#.TEbc+Z'@=D 1 "(?7N2Z_+|S/1fls)e`gwl X_[nlv|l dxRjoyU8T( :ss"nZL8k&"_Ul_!uR/sX0 @qaNQNB&JxS8KJEY K%l0r z#Error %d initializing P-384 contextiz 1.3.132.0.34rFzecdsa-sha2-nistp384)r rr"r#r$rrr%rrr&rr'r(rr r)r*r+r, p384_names) r.r/r0r1r2Z p384_modulusZp384_bZ p384_orderZec_p384_contextr3r4rEr5r5r6 init_p384r8rI)p521 NIST P-521zP-521Z prime521v1Z secp521r1Znistp521c Cr) Nl#l#?VQ(zO%b95~cte1oR{V;LH w>l-rZE]"Sr&Ga9}*Fl# dp"z\}[z3"nZ;PK# `7roCQl#f=xK)H-apY$3^Q n%k{;/K!u{4-{?$Od8V1l3s: l#Pf?QE$XN!85aZU WL9YLhz f$Du13otc!% pMxjRr`Br z#Error %d initializing P-521 contexti z 1.3.132.0.35rKzecdsa-sha2-nistp521)r rr"r#r$rrr%rrr&rr'r(rr r)r*r+r, p521_names) r.r/r0r1r2Z p521_modulusZp521_bZ p521_orderZec_p521_contextr3r4rJr5r5r6 init_p521r8rNc@s eZdZdS)UnsupportedEccFeatureN)__name__ __module__ __qualname__r5r5r5r6rOEsrOc@seZdZdZd(ddZddZddZd d Zd d Zd dZ ddZ e ddZ e ddZ e ddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'S))EccPointa=A class to abstract a point over an Elliptic Curve. The class support special methods for: * Adding two points: ``R = S + T`` * In-place addition: ``S += T`` * Negating a point: ``R = -T`` * Comparing two points: ``if S == T: ...`` * Multiplying a point by a scalar: ``R = S*k`` * In-place multiplication by a scalar: ``T *= k`` :ivar x: The affine X-coordinate of the ECC point :vartype x: integer :ivar y: The affine Y-coordinate of the ECC point :vartype y: integer :ivar xy: The tuple with X- and Y- coordinates r?c Cszt||_Wntytdt|w||_|}|jj}t||}t||}t ||ks8t ||krtdnt |j|_d|jkrU|jj ksZtd td |jj |_ dS) aCreate a new ECC key Keywords: curve : string It must be *"p256"*, *"P-256"*, *"prime256v1"* or *"secp256r1"*. d : integer Only for a private key. It must be in the range ``[1..order-1]``. point : EccPoint Mandatory for a public key. If provided for a private key, the implementation will NOT check whether it matches ``d``. r`NdrfUnknown parameters: zUnsupported curve (%s)zBEither private or public ECC component must be specified, not bothrtzInvalid ECC private component) r+pop_dr[ TypeErrorrXr)rWrUr r0descr`)r]kwargskwargs_ curve_namer5r5r6rds&      zEccKey.__init__cCs ||kr dS|j|jkS)NF) has_privatepointQ)r]otherr5r5r6riAs z EccKey.__eq__cCs<|r dt|j}nd}|jj\}}d|jj|||fS)Nz, d=%dz,EccKey(curve='%s', point_x=%d, point_y=%d%s))rintrrrmrUr)r]extrar^r_r5r5r6__repr__Gs  zEccKey.__repr__cCs |jduS)zJ``True`` if this key can be used for making signatures or decrypting data.N)rror5r5r6rOs zEccKey.has_privatec Csd|kr |jjksJJ|jj}tjd|d}|j|}|||}|jj|j|}||||||}||fS)Nrrt) min_inclusive max_exclusive)rUr0r random_rangerinverserr^) r]zkr0ZblindZblind_dZ inv_blind_krsr5r5r6_signTs  z EccKey._signcCsR|jj}|d|}|jj|||}|j||d|}||j|dkS)Nrtr)rUr0rrrr^)r]rrsr0ZsinvZpoint1Zpoint2r5r5r6_verifybs zEccKey._verifycCs|std|jS)NzThis is not a private ECC key)rrWrror5r5r6riszEccKey.dcCs |jdur |jj|j|_|jSr)r[rUrrror5r5r6ros z EccKey.pointQcCst|jj|jdS)z^A matching ECC public key. Returns: a new :class:`EccKey` object )r`rf)rrUrrror5r5r6 public_keyuszEccKey.public_keycCs^|j}|r|jjrd}nd}||jj|}|Sd|jj||jj|}|S)N)rrZr_is_oddr^to_bytes)r]compressra first_byterr5r5r6 _export_SEC1~s     zEccKey._export_SEC1cCs"||}d}t||t|jjS)N1.2.840.10045.2.1)rrr rUoid)r]rrunrestricted_oidr5r5r6_export_subjectPublicKeyInfos  z#EccKey._export_subjectPublicKeyInfoTcCsx|sJ|j}d|jj||jj|}dt|j|t|j j ddt |ddg}|s6|d=t | S)Nrrtrexplicit)rrrZr^rr_r rr rUrrrencode)r]include_ec_paramsrarseqr5r5r6_export_private_ders      zEccKey._export_private_dercKs`ddlm}|dddurd|vrtdd}|jdd}|j||fd t|jji|}|S) NrPKCS8 passphrase protection5At least the 'protection' parameter should be presentrF)rZ key_params) Cryptodome.IOrr'rWrwrapr rUr)r]rrr private_keyr3r5r5r6 _export_pkcs8s   zEccKey._export_pkcs8cCs"ddlm}||}||dS)NrPEMz PUBLIC KEY)rrrr)r]rr encoded_derr5r5r6_export_public_pems   zEccKey._export_public_pemcKs*ddlm}|}|j|d|fi|S)NrrzEC PRIVATE KEY)rrrrr]rrrrr5r5r6_export_private_pems zEccKey._export_private_pemcCs ddlm}|}||dS)Nrrz PRIVATE KEY)rrrr)r]rrr5r5r6(_export_private_clear_pkcs8_in_clear_pems  z/EccKey._export_private_clear_pkcs8_in_clear_pemcKsDddlm}|s Jd|vrtd|jdd|i|}||dS)NrrrrrzENCRYPTED PRIVATE KEYr5)rrrWrrrr5r5r6,_export_private_encrypted_pkcs8_in_clear_pems  z3EccKey._export_private_encrypted_pkcs8_in_clear_pemc Cs|rtd|jj}|j}|r'd|jj}t||jj |}nd|jj ||jj |}| dd}t |t ||f}d dd|D}|dtt|S) Nz"Cannot export OpenSSH private keysrr-cSs g|] }tdt||qS)>I)structpackr%).0r^r5r5r6 s z*EccKey._export_openssh.. )rrWrUopensshrrZr_rrr^rsplitrjoinrbinascii b2a_base64) r]rrrarrmiddlecompsZblobr5r5r6_export_opensshs$    zEccKey._export_opensshcKs>|}|d}|dvrtd||dd}|rw|dd}t|r1t|}|s1td|d d }|d krU|rL|rH|j|fi|S|S|j|fi|S|d krq|ra|satd |rm|j dd|i|S| Std||rtd||d kr| |S|d kr| |S|dkr| |S||S)a Export this ECC key. Args: format (string): The format to use for encoding the key: - ``'DER'``. The key will be encoded in ASN.1 DER format (binary). For a public key, the ASN.1 ``subjectPublicKeyInfo`` structure defined in `RFC5480`_ will be used. For a private key, the ASN.1 ``ECPrivateKey`` structure defined in `RFC5915`_ is used instead (possibly within a PKCS#8 envelope, see the ``use_pkcs8`` flag below). - ``'PEM'``. The key will be encoded in a PEM_ envelope (ASCII). - ``'OpenSSH'``. The key will be encoded in the OpenSSH_ format (ASCII, public keys only). - ``'SEC1'``. The public key (i.e., the EC point) will be encoded into ``bytes`` according to Section 2.3.3 of `SEC1`_ (which is a subset of the older X9.62 ITU standard). passphrase (byte string or string): The passphrase to use for protecting the private key. use_pkcs8 (boolean): Only relevant for private keys. If ``True`` (default and recommended), the `PKCS#8`_ representation will be used. If ``False``, the much weaker `PEM encryption`_ mechanism will be used. protection (string): When a private key is exported with password-protection and PKCS#8 (both ``DER`` and ``PEM`` formats), this parameter MUST be present and be a valid algorithm supported by :mod:`Cryptodome.IO.PKCS8`. It is recommended to use ``PBKDF2WithHMAC-SHA1AndAES128-CBC``. compress (boolean): If ``True``, the method returns a more compact representation of the public key, with the X-coordinate only. If ``False`` (default), the method returns the full public key. .. warning:: If you don't provide a passphrase, the private key will be exported in the clear! .. note:: When exporting a private key with password-protection and `PKCS#8`_ (both ``DER`` and ``PEM`` formats), any extra parameters to ``export_key()`` will be passed to :mod:`Cryptodome.IO.PKCS8`. .. _PEM: http://www.ietf.org/rfc/rfc1421.txt .. _`PEM encryption`: http://www.ietf.org/rfc/rfc1423.txt .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt .. _OpenSSH: http://www.openssh.com/txt/rfc5656.txt .. _RFC5480: https://tools.ietf.org/html/rfc5480 .. _RFC5915: http://www.ietf.org/rfc/rfc5915.txt .. _SEC1: https://www.secg.org/sec1-v2.pdf Returns: A multi-line string (for PEM and OpenSSH) or ``bytes`` (for DER and SEC1) with the encoded key. format)rDERZOpenSSHSEC1zUnknown format '%s'rFrNzEmpty passphrase use_pkcs8Trrz8Private keys can only be encrpyted with DER using PKCS#8z2Private keys cannot be exported in the '%s' formatzUnexpected parameters: '%s'rr5)rjrrWrrrrrrrrrrrr)r]rargsZ ext_formatrrrr5r5r6 export_keysHA          zEccKey.export_keyN)T)rPrQrRrrdrirrrrrrrrrrrrrrrrrrr5r5r5r6rs."     rcKsP|d}t|}|dt}|rtdt|tjd|j|d}t||dS)a:Generate a new private key on the given curve. Args: curve (string): Mandatory. It must be a curve name defined in :numref:`curve_names`. randfunc (callable): Optional. The RNG to read randomness from. If ``None``, :func:`Cryptodome.Random.get_random_bytes` is used. r`randfuncrrt)rrr)r`r) rr)rrrXr rr0r)rrr`rrr5r5r6generategs   rcKs|d}t|}|dd}|dd}d|vrtdd||fvr*t||||d<|dd}|durHd|vrH|j|}|j||fkrHtdtd i|S) a(Build a new ECC key (private or public) starting from some base components. Args: curve (string): Mandatory. It must be a curve name defined in :numref:`curve_names`. d (integer): Only for a private key. It must be in the range ``[1..order-1]``. point_x (integer): Mandatory for a public key. X coordinate (affine) of the ECC point. point_y (integer): Mandatory for a public key. Y coordinate (affine) of the ECC point. Returns: :class:`EccKey` : a new ECC key object r`point_xNpoint_yrfzUnknown keyword: pointrz(Private and public ECC keys do not matchr5) r)rrrSr'rrmrWr)rrr`rrrZpub_keyr5r5r6 constructs     rc CsPtD]\}}|r|j|krn||krnq|r td|td||j}t|d}|dkrZt|dd|krCtdt |d|d}t ||dd}nG|d vrt|d|krjtdt |dd}|d |d |j  |j}|dkr| r|j|}|d kr|r|j|}ntd t|||d S) aConvert an encoded EC point into an EccKey object ec_point: byte string with the EC point (SEC1-encoded) curve_oid: string with the name the curve curve_name: string with the OID of the curve Either curve_id or curve_name must be specified Unsupported ECC curve (OID: %s)zUnsupported ECC curve (%s)rrtrzIncorrect EC point lengthN)rrzIncorrect EC point encoding)r`rr)r)itemsrrOr.rZrr%rWr from_bytesr/sqrtrZis_evenr) ec_point curve_oidrrYr`raZ point_typer^r_r5r5r6_import_public_ders8      rc GsZt|\}}}d}d}d}||||fvrtd||s tdt|j}t||dS)z4Convert a subjectPublicKeyInfo into an EccKey objectr 1.3.132.1.12 1.3.132.1.13!Unsupported ECC purpose (OID: %s)zMissing ECC parametersr)rrOrWr decodevaluer) encodedrrrparamsrecdh_oid ecmqv_oidrr5r5r6_import_subjectPublicKeyInfos   rcCs<tj|dd}|ddkrtdztdd|dj}|dur*||kr*td|}Wn ty6Ynw|dur?td tD] \}}|j|krNnqCtd |t |dj }|j }t ||krmtd t|} t |d krtdd|d j} t| |d} | jj} | jj} nd} } t|| | | dS)N)rr)Z nr_elementsrrtz!Incorrect ECC private key versionrrzCurve mismatchzNo curve foundrzPrivate key is too smallrrr)r`rrr)rrrWr rr)rrrOr payloadr.rZr%r rrrrr^r_r)rrrr parametersrr`Z scalar_bytesrarZpublic_key_encrrrr5r5r6_import_private_der s<          rc Cs^ddlm}|||\}}}d}d}d}||||fvr"td|t|j} t||| S)Nrrrrrr)rrunwraprOr rrr) rrrZalgo_oidrrrrrrr5r5r6 _import_pkcs8>s    rcGst|}t|Sr)rr)rrZsp_infor5r5r6_import_x509_certXsrc Cszt||WSty}z|d}~wtttfyYnwzt||WSty4}z|d}~wtttfy?Ynwzt||WStyT}z|d}~wtttfy_Ynwzt||WStyt}z|d}~wtttfyYtdw)NzNot an ECC DER key)rrOrWr IndexErrorrrr)rrerrr5r5r6 _import_der^sB    rcCst|dd}g}t|dkr7td|ddd}||dd||d|d}t|dkstD]\}}t |j dd}|d|krQnq;t dt |d|j d S) N rtrrrrrzUnsupported ECC curver)r a2b_base64rr%runpackappendr)rrrrWrr)rZ keystringZkeypartsZlkrr`rr5r5r6_import_openssh_publics   rcCsddlm}m}m}m}|||\}}||\}}|tvr#td|t|} | jdd} ||\} }t| ddkr@t dt | d | dkrNt d t | dd| } t | d| d} t | | |d }||\}}t |}||\}}||t|||d S) Nrt)import_openssh_private_generic read_bytes read_string check_paddingzUnsupported ECC curve %srvrwrrz/Only uncompressed OpenSSH EC keys are supportedrzIncorrect public key length)r`)r`rrf)Z_opensshrrr r r)rOryrrWr%r rrSr)datapasswordrrr r Zssh_nameZ decryptednamer`rarrrrfrr_paddedr5r5r6_import_openssh_private_eccs(      rc Cs`ddlm}t|}|durt|}|dr+t|}|||\}}}t||}|S|drtt|}d} d} tj| d| d |tj d }|||\} }}|rSd}zt | |}W|St yi} z| d} ~ wt yst d w|d r}t |St|dkrt|dd krt ||St|dkrt|ddvr|durt dt||dSt d)aImport an ECC key (public or private). Args: encoded (bytes or multi-line string): The ECC key to import. An ECC **public** key can be: - An X.509 certificate, binary (DER) or ASCII (PEM) - An X.509 ``subjectPublicKeyInfo``, binary (DER) or ASCII (PEM) - A SEC1_ (or X9.62) byte string. You must also provide the ``curve_name``. - An OpenSSH line (e.g. the content of ``~/.ssh/id_ecdsa``, ASCII) An ECC **private** key can be: - In binary format (DER, see section 3 of `RFC5915`_ or `PKCS#8`_) - In ASCII format (PEM or `OpenSSH 6.5+`_) Private keys can be in the clear or password-protected. For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. passphrase (byte string): The passphrase to use for decrypting a private key. Encryption may be applied protected at the PEM level or at the PKCS#8 level. This parameter is ignored if the key in input is not encrypted. curve_name (string): For a SEC1 byte string only. This is the name of the ECC curve, as defined in :numref:`curve_names`. Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed (possibly because the pass phrase is wrong). .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt .. _RFC5915: http://www.ietf.org/rfc/rfc5915.txt .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt .. _`OpenSSH 6.5+`: https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf .. _SEC1: https://www.secg.org/sec1-v2.pdf rrNs-----BEGIN OPENSSH PRIVATE KEYs-----z-----BEGIN EC PARAMETERS-----z-----END EC PARAMETERS-----z.*?r)flagsz(Invalid DER encoding inside the PEM files ecdsa-sha2-rGszNo curve name was provided)rzECC key format is not supported)rrr startswithrrrresubDOTALLrrOrWrr%rr) rrrrZ text_encodedZopenssh_encodedmarkerZenc_flagr3Zecparams_startZ ecparams_endZ der_encodedZuefr5r5r6 import_keysL 0        r__main__l_,)N$c hKf-5lkrCrDrHrIrMrNrWrOobjectrSr1r2Zp192_G_replacerr*r+r,Zp224_Gr9Zp256_Gr?Zp384_GrEZp521_GrJrrrrrrrrrrrrrPtimerrrjrfcountstartranger^ZpointXprintr5r5r5r6s        "&&&&&.Y ,8 '2! ! e