U Mf@sddlmZddlZddlZddlZddlmZddlmZm Z m Z m Z m Z ddl mZmZddlmZddlmZmZmZmZddlmZmZmZmZmZmZmZdd lm Z m!Z!m"Z"dd l#m$Z$m%Z%dd l&m'Z'dd l(m)Z)ed dZ*eddZ+eddZ,ddZ-eddZ.iZ/ddddddga0ddZ1e1[1dd d!d"d#d$ga2d%d&Z3e3[3d'd(d)d*d+d,ga4d-d.Z5e5[5d/d0d1d2d3d4ga6d5d6Z7e7[7d7d8d9d:d;dZ9e9[9d?d@ga:dAdBZ;e;[;dCdDgaZ?GdIdJdJe@ZAeAe/djBe/djCdZDe/djEeDdKZFe/GeHIt0eF[D[Fb0eAe/djBe/djCdZJe/djEeJdKZKe/GeHIt2eK[J[Kb2eAe/d'jBe/d'jCd'ZLe/d'jEeLdKZMe/GeHIt4eM[L[Mb4eAe/d/jBe/d/jCd/ZNe/d/jEeNdKZOe/GeHIt6eO[N[Ob6eAe/d7jBe/d7jCd7ZPe/d7jEePdKZQe/GeHIt8eQ[P[Qb8eAe/d@jBe/d@jCd@ZRe/d@jEeRdKZSe/GeHIt:eS[R[Sb:eAe/dDjBe/dDjCdDZTe/dDjEeTdKZUe/GeHItr?r@Z p224_modulusZp224_bZ p224_orderZec_p224_contextr'rArCr(r(r) init_p224sB        rHp256 NIST P-256zP-256Z prime256v1Z secp256r1Znistp256c Csd}d}d}d}d}t|d}t|d}t|d}t}t|t|t|t|tt|tt d} | r|t d| t | tj } tt|t|t|t|t|dd d | d d d } ttt| dS)Nl?@lK`Opq^cv 3,e< 1U]>{|R*ZlQ%x +Ohbi+}s@lB11e %:f=K`wrH7gHK8hklQ~o]l+fUg+<)Z?8O?q!O r/z#Error %d initializing P-256 contextz1.2.840.10045.3.1.7rJzecdsa-sha2-nistp256rI)r rr%r1r2rrr3rrr4rr5r6r+r r7r8r9r: p256_names) r<r=r>r?r@Z p256_modulusZp256_bZ p256_orderZec_p256_contextr'rArIr(r(r) init_p256sB        rNp384 NIST P-384zP-384Z prime384v1Z secp384r1Znistp384c Csd}d}d}d}d}t|d}t|d}t|d}t}t|t|t|t|tt|tt d} | r|t d| t | tj } tt|t|t|t|t|dd d | d d d } ttt| dS)Nl~l*'#.TEbc+Z'@=D 1 "(?7N2Z_+|S/1fls)e`gwl X_[nlv|l dxRjoyU8T( :ss"nZL8k&"_Ul_!uR/sX0 @qaNQNB&JxS8KJEY K%l0r/z#Error %d initializing P-384 contextiz 1.3.132.0.34rPzecdsa-sha2-nistp384rO)r rr%r1r2rrr3rrr4rr5r6r+r r7r8r9r: p384_names) r<r=r>r?r@Z p384_modulusZp384_bZ p384_orderZec_p384_contextr'rArOr(r(r) init_p3840sB        rSp521 NIST P-521zP-521Z prime521v1Z secp521r1Znistp521c Csd}d}d}d}d}t|d}t|d}t|d}t}t|t|t|t|tt|tt d} | r|t d| t | tj } tt|t|t|t|t|dd d | d d d } ttt| dS)Nl#l#?VQ(zO%b95~cte1oR{V;LH w>l-rZE]"Sr&Ga9}*Fl# dp"z\}[z3"nZ;PK# `7roCQl#f=xK)H-apY$3^Q n%k{;/K!u{4-{?$Od8V1l3s: l#Pf?QE$XN!85aZU WL9YLhz f$Du13otc!% pMxjRr`Br/z#Error %d initializing P-521 contexti z 1.3.132.0.35rUzecdsa-sha2-nistp521rT)r rr%r1r2rrr3rrr4rr5r6r+r r7r8r9r: p521_names) r<r=r>r?r@Z p521_modulusZp521_bZ p521_orderZec_p521_contextr'rArTr(r(r) init_p521_sB        rXed25519rc CsTd}d}d}d}tt|dt|t|t|ddddddd }ttt|dS) NlS9i @eM^w|olUK5J,{$%Xci\-G' lJ[sii!lXfL33ffL33ffL33ffL33ff 1.3.101.112r ssh-ed25519rY)r+r r7r8r9r: ed25519_names)r<r>r?r@rYr(r(r) init_ed25519s$ r_ed448rc Csd}d}d}d}t}t|}|r4td|t|tj}tt |dt |t |t |ddd|ddd }t t t|dS) N?lDVJ Ru8a6!m,&vD}D2_l^@ 518`b8Cl\p*At(qmj.<+FaS[/SDZ74_3  lzadoeC@ ZK^DsxssZhNx02>Ilq2 vIZu gt' z#Error %d initializing Ed448 contexti 1.3.101.113rr`)rr$Zed448_new_contextr2r4rr5Zed448_free_contextr+r r7r8r9r: ed448_names)r<r>r?r@Z ed448_contextr'rAr`r(r(r) init_ed448s.  rdc@s eZdZdS)UnsupportedEccFeatureN)__name__ __module__ __qualname__r(r(r(r)resrec@seZdZdZd,ddZddZddZd d Zd d Zd dZ ddZ ddZ ddZ e ddZe ddZe ddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+S)-EccPointaPA class to model a point on an Elliptic Curve. The class supports operators for: * Adding two points: ``R = S + T`` * In-place addition: ``S += T`` * Negating a point: ``R = -T`` * Comparing two points: ``if S == T: ...`` or ``if S != T: ...`` * Multiplying a point by a scalar: ``R = S*k`` * In-place multiplication by a scalar: ``T *= k`` :ivar x: The affine X-coordinate of the ECC point :vartype x: integer :ivar y: The affine Y-coordinate of the ECC point :vartype y: integer :ivar xy: The tuple with affine X- and Y- coordinates rIc Cszt||_Wn$tk r2tdt|YnX||_|}t||}t||}t||ksnt||krvtdt |d}t |d}t |_ z|jj } Wntk rt} YnX||j t|t|t|| } | r| dkrtdtd| t|j ||_ dS)NzUnknown curve name %szIncorrect coordinate length new_point free_pointz)The EC point does not belong to the curvez(Error %d while instantiating an EC point)r7r KeyError ValueErrorstr _curve_name size_in_bytesr r3r*r_pointrAr5AttributeErrorrr2rrr) selfxycurve modulus_bytesxbybrj free_funcrAr'r(r(r)__init__s8       zEccPoint.__init__cCsXt|d}t|d}t|_||j|j}|rBtd|t|j||_|S)Nclonerkz"Error %d while cloning an EC point)r*rrrr2r5rnr)rtpointr}r{r'r(r(r)set s    z EccPoint.setcCs2t|tsdSt|d}d||j|jkS)NFcmpr) isinstancerir*rrr5)rtr~Zcmp_funcr(r(r)__eq__s  zEccPoint.__eq__cCs ||k SNr()rtr~r(r(r)__ne__ szEccPoint.__ne__cCs4t|d}|}||j}|r0td||S)Nnegz$Error %d while inverting an EC point)r*copyrrr5rn)rtZneg_funcnpr'r(r(r)__neg__#s   zEccPoint.__neg__cCs|j\}}t|||j}|S)zReturn a copy of this point.)xyrirp)rtrurvrr(r(r)r+s z EccPoint.copycCs |jjdkS)NrYr`)r namertr(r(r) _is_eddsa1szEccPoint._is_eddsacCs |r|jdkS|jdkSdS)z,``True`` if this is the *point-at-infinity*.r)rrN)rrurrr(r(r)is_point_at_infinity4s zEccPoint.is_point_at_infinitycCs(|rtdd|jStdd|jSdS)z-Return the *point-at-infinity* for the curve.rN)rrirprr(r(r)point_at_infinity<szEccPoint.point_at_infinitycCs |jdS)Nrrrr(r(r)ruDsz EccPoint.xcCs |jdS)Nrrrr(r(r)rvHsz EccPoint.ycCsj|}t|}t|}t|d}|t|t|t||j}|rRtd|tt |tt |fS)Nget_xyz#Error %d while encoding an EC point) rq bytearrayr*rrrrr5rnr r )rtrxryrzrr'r(r(r)rLs  z EccPoint.xycCs|ddS)z"Size of each coordinate, in bytes.) size_in_bitsrr(r(r)rq[szEccPoint.size_in_bytescCs|jjS)z!Size of each coordinate, in bits.)r modulus_bitsrr(r(r)r_szEccPoint.size_in_bitscCs,t|d}||j}|r(td||S)zuDouble this point (in-place operation). Returns: This same object (to enable chaining). doublez#Error %d while doubling an EC pointr*rrr5rn)rtZ double_funcr'r(r(r)rcs   zEccPoint.doublecCsDt|d}||j|j}|r@|dkr4tdtd||S)zAdd a second point to this oneaddz#EC points are not on the same curvez#Error %d while adding two EC pointsr)rtr~Zadd_funcr'r(r(r)__iadd__ps  zEccPoint.__iadd__cCs|}||7}|S)z8Return a new point, the addition of this one and anotherr)rtr~rr(r(r)__add__{szEccPoint.__add__cCs^t|d}|dkrtdt|}||jt|tt|tt d}|rZtd||S)zMultiply this point by a scalarscalarrz?Scalar multiplication is only defined for non-negative integersr/z%Error %d during scalar multiplication) r*rnr rrr5rrr3rr)rtrZ scalar_funcZsbr'r(r(r)__imul__s     zEccPoint.__imul__cCs|}||9}|S)z2Return a new point, the scalar product of this oner)rtrrr(r(r)__mul__szEccPoint.__mul__cCs ||Sr)r)rtZ left_handr(r(r)__rmul__szEccPoint.__rmul__N)rI)rfrgrh__doc__r|rrrrrrrrpropertyrurvrrqrrrrrrrr(r(r(r)ris0 &     ri)Gc@seZdZdZddZddZddZdd Zd d Zd d Z ddZ e ddZ e ddZ e ddZddZddZddZddZd0dd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/S)1EccKeyaClass defining an ECC key. Do not instantiate directly. Use :func:`generate`, :func:`construct` or :func:`import_key` instead. :ivar curve: The name of the curve as defined in the `ECC table`_. :vartype curve: string :ivar pointQ: an ECC point representating the public component. :vartype pointQ: :class:`EccPoint` :ivar d: A scalar that represents the private component in NIST P curves. It is smaller than the order of the generator point. :vartype d: integer :ivar seed: A seed that representats the private component in EdDSA curves (Ed25519, 32 bytes; Ed448, 57 bytes). :vartype seed: bytes cKsNt|}|dd}|dd|_|dd|_|dd|_|dkrT|jrT|jj}|rhtdt||tkr|t d|t||_ |j j |_ t |jdk t |jdk }|dkr|jdkrt d dS|d krt d |s.|jdk rt d t|j|_d |jkr |j jksJnt dn|jdk rBt d|j jdkrt|jdkrht dt|j}|dd|_t|dd}|ddM<|dd@dB|d<n~|j jdkr:t|jdkrt dt|jd}|dd|_t|dd}|ddM<|ddO<d|d<tj|dd |_dS)!aiCreate a new ECC key Keywords: curve : string The name of the curve. d : integer Mandatory for a private key one NIST P curves. It must be in the range ``[1..order-1]``. seed : bytes Mandatory for a private key on the Ed25519 (32 bytes) or Ed448 (57 bytes) curve. point : EccPoint Mandatory for a public key. If provided for a private key, the implementation will NOT check whether it matches ``d``. Only one parameter among ``d``, ``seed`` or ``point`` may be used. rwNdseedr~Unknown parameters: zUnsupported curve (%s)rzGAt lest one between parameters 'point', 'd' or 'seed' must be specifiedz,Parameters d and seed are mutually exclusivez7Parameter 'seed' can only be used with Ed25519 or Ed448rz;Parameter d must be an integer smaller than the curve orderz/Parameter d can only be used with NIST P curvesrYrKz0Parameter seed must be 32 bytes long for Ed25519r/r`9z.Parameter seed must be 57 bytes long for Ed448r78little byteorder)r9pop_d_seedrrrp TypeErrorror7rnr r!rwintrr r>rr3rnewdigest_prefixrrread from_bytes)rtkwargsZkwargs_ curve_namecountZ seed_hashtmpr(r(r)r|s\           zEccKey.__init__cCs |jjdkS)N)rr)r r!rr(r(r)r#szEccKey._is_eddsacCs.t|tsdS||kr"dS|j|jkS)NF)rr has_privatepointQ)rtotherr(r(r)r&s  z EccKey.__eq__cCsZ|r6|r&dtt|j}q:dt|j}nd}|jj \}}d|j j |||fS)Nz , seed=%sz, d=%dz,EccKey(curve='%s', point_x=%d, point_y=%d%s)) rrrbinasciihexlifyrrrrrr r!)rtextrarurvr(r(r)__repr__/s zEccKey.__repr__cCs |jdk S)zJ``True`` if this key can be used for making signatures or decrypting data.N)rrr(r(r)r:szEccKey.has_privatec Cs~d|kr|jjksnt|jj}tjd|d}|j|}|||}|jj|j|}||||||}||fS)Nrr) min_inclusive max_exclusive) r r>AssertionErrorr random_rangerinverserru) rtzkr>ZblindZblind_dZ inv_blind_krsr(r(r)_sign@s z EccKey._signcCsR|jj}|d|}|jj|||}|j||d|}||j|dkS)Nrr)r r>rrrru)rtrrsr>ZsinvZpoint1Zpoint2r(r(r)_verifyOs zEccKey._verifycCs|std|jSNzThis is not a private ECC key)rrnrrr(r(r)rVszEccKey.dcCs|std|jSr)rrnrrr(r(r)r\sz EccKey.seedcCs |jdkr|jj|j|_|jSr)rrr rrrr(r(r)rbs z EccKey.pointQcCst|jj|jdS)z^A matching ECC public key. Returns: a new :class:`EccKey` object )rwr~)rr r!rrr(r(r) public_keyhszEccKey.public_keycCsl|rtd|j}|rH|jjr0d}nd}||jj|}n d|jj||jj|}|S)Nz+SEC1 format is unsupported for EdDSA curves)rrnrrqrvis_oddruto_bytes)rtcompressrx first_byterr(r(r) _export_SEC1qs      zEccKey._export_SEC1cCs|jj\}}|jjdkrDt|jddd}|d@d>|dB|d<n8|jjdkrtt|jd dd}|d@d>|d <ntd t|S) NrYrKrrrrrr`rrzNot an EdDSA key to export)rrr rrrrnbytes)rtrurvr'r(r(r) _export_eddsas   zEccKey._export_eddsacCsD|r|jj}|}d}nd}||}t|jj}t|||S)N1.2.840.10045.2.1)rr oidrrr r)rtrrrparamsr(r(r)_export_subjectPublicKeyInfos  z#EccKey._export_subjectPublicKeyInfoTcCsx|s t|j}d|jj||jj|}dt|j|t |j j ddt |ddg}|sl|d=t |S)Nrrrexplicitr)rrrrqrurrvr rr r rrrencode)rtinclude_ec_paramsrxrseqr(r(r)_export_rfc5915_private_ders    z"EccKey._export_rfc5915_private_dercKsddlm}|dddk r,d|kr,td|rP|jj}t|j }d}nd}|j dd}t |jj}|j ||fd |i|}|S) NrPKCS8 passphrase protectionz3At least the 'protection' parameter must be presentrF)rZ key_params) Cryptodome.IOrr5rnrr rr rrrr wrap)rtrrr private_keyrr'r(r(r) _export_pkcs8s$   zEccKey._export_pkcs8cCs"ddlm}||}||dS)NrPEMz PUBLIC KEY)rrrr)rtrr encoded_derr(r(r)_export_public_pems  zEccKey._export_public_pemcKs&ddlm}|}|j|d|f|S)NrrzEC PRIVATE KEY)rrrrrtrrrrr(r(r)_export_private_pems zEccKey._export_private_pemcCs ddlm}|}||dS)Nrrz PRIVATE KEY)rrrr)rtrrr(r(r)(_export_private_clear_pkcs8_in_clear_pems z/EccKey._export_private_clear_pkcs8_in_clear_pemcKsDddlm}|std|kr$td|jfd|i|}||dS)Nrrrz5At least the 'protection' parameter should be presentrzENCRYPTED PRIVATE KEY)rrrrnrrrr(r(r),_export_private_encrypted_pkcs8_in_clear_pems  z3EccKey._export_private_encrypted_pkcs8_in_clear_pemc Cs|rtd|jj}|dkr2td|jjn|dkrT|}t|t|f}nv|j}|rd|jj }t ||jj |}n d|jj ||jj |}|dd}t|t||f}ddd |D}|d tt|S) Nz"Cannot export OpenSSH private keysz Cannot export %s keys as OpenSSHr]rr-cSs g|]}tdt||qS)>I)structpackr3).0rur(r(r) sz*EccKey._export_openssh.. )rrnr opensshrrrrrqrvrrrursplitjoinrr b2a_base64) rtrr!rcompsrxrmiddleZblobr(r(r)_export_opensshs.    zEccKey._export_opensshcKs|}|d}|dkr&td||dd}|r|dd}t|rdt|}|sdtd|d d }|s|rtd d |krtd |dkr|r|r|j|f|S|Sn|j |f|SnJ|dkr |r|std|r|j fd|i|S| Sn td|n|r*td||dkr>| |S|dkrR| |S|dkrf||S|dkr|jjdkr|S||Sn ||SdS)aExport this ECC key. Args: format (string): The output format: - ``'DER'``. The key will be encoded in ASN.1 DER format (binary). For a public key, the ASN.1 ``subjectPublicKeyInfo`` structure defined in `RFC5480`_ will be used. For a private key, the ASN.1 ``ECPrivateKey`` structure defined in `RFC5915`_ is used instead (possibly within a PKCS#8 envelope, see the ``use_pkcs8`` flag below). - ``'PEM'``. The key will be encoded in a PEM_ envelope (ASCII). - ``'OpenSSH'``. The key will be encoded in the OpenSSH_ format (ASCII, public keys only). - ``'SEC1'``. The public key (i.e., the EC point) will be encoded into ``bytes`` according to Section 2.3.3 of `SEC1`_ (which is a subset of the older X9.62 ITU standard). Only for NIST P-curves. - ``'raw'``. The public key will be encoded as ``bytes``, without any metadata. * For NIST P-curves: equivalent to ``'SEC1'``. * For EdDSA curves: ``bytes`` in the format defined in `RFC8032`_. passphrase (bytes or string): (*Private keys only*) The passphrase to protect the private key. use_pkcs8 (boolean): (*Private keys only*) If ``True`` (default and recommended), the `PKCS#8`_ representation will be used. It must be ``True`` for EdDSA curves. If ``False`` and a passphrase is present, the obsolete PEM encryption will be used. protection (string): When a private key is exported with password-protection and PKCS#8 (both ``DER`` and ``PEM`` formats), this parameter MUST be present, For all possible protection schemes, refer to :ref:`the encryption parameters of PKCS#8`. It is recommended to use ``'PBKDF2WithHMAC-SHA5126AndAES128-CBC'``. compress (boolean): If ``True``, the method returns a more compact representation of the public key, with the X-coordinate only. If ``False`` (default), the method returns the full public key. This parameter is ignored for EdDSA curves, as compression is mandatory. prot_params (dict): When a private key is exported with password-protection and PKCS#8 (both ``DER`` and ``PEM`` formats), this dictionary contains the parameters to use to derive the encryption key from the passphrase. For all possible values, refer to :ref:`the encryption parameters of PKCS#8`. The recommendation is to use ``{'iteration_count':21000}`` for PBKDF2, and ``{'iteration_count':131072}`` for scrypt. .. warning:: If you don't provide a passphrase, the private key will be exported in the clear! .. note:: When exporting a private key with password-protection and `PKCS#8`_ (both ``DER`` and ``PEM`` formats), any extra parameters to ``export_key()`` will be passed to :mod:`Cryptodome.IO.PKCS8`. .. _PEM: http://www.ietf.org/rfc/rfc1421.txt .. _`PEM encryption`: http://www.ietf.org/rfc/rfc1423.txt .. _OpenSSH: http://www.openssh.com/txt/rfc5656.txt .. _RFC5480: https://tools.ietf.org/html/rfc5480 .. _SEC1: https://www.secg.org/sec1-v2.pdf Returns: A multi-line string (for ``'PEM'`` and ``'OpenSSH'``) or ``bytes`` (for ``'DER'``, ``'SEC1'``, and ``'raw'``) with the encoded key. format)rDERZOpenSSHSEC1rawzUnknown format '%s'rFrNzEmpty passphrase use_pkcs8Tz%'pkcs8' must be True for EdDSA curvesrz)'protection' is only supported for PKCS#8rrz8Private keys can only be encrpyted with DER using PKCS#8z2Private keys cannot be exported in the '%s' formatzUnexpected parameters: '%s'rrr)rrrnrrrrrrrrrrrrr rrr )rtrargsZ ext_formatrrrr(r(r) export_keysZU                  zEccKey.export_keyN)T)rfrgrhrr|rrrrrrrrrrrrrrrrrrrrr rr(r(r(r)rs4L         rcKs|d}t|}|dt}|r2tdt|t|jdkrV|d}t||d}nBt|jdkrz|d}t||d}ntjd |j |d }t||d }|S) a5Generate a new private key on the given curve. Args: curve (string): Mandatory. It must be a curve name defined in the `ECC table`_. randfunc (callable): Optional. The RNG to read randomness from. If ``None``, :func:`Cryptodome.Random.get_random_bytes` is used. rwrandfuncrrYrKrwrr`rr)rrr)rwr) rr7rrrorrr rr>)rrrwrrnew_keyrr(r(r)generates"   rcKs|d}t|}|dd}|dd}d|kr8tdd||fkrTt||||d<tf|}|rd|kr|j|j}|j||fkrt d|S)aBuild a new ECC key (private or public) starting from some base components. In most cases, you will already have an existing key which you can read in with :func:`import_key` instead of this function. Args: curve (string): Mandatory. The name of the elliptic curve, as defined in the `ECC table`_. d (integer): Mandatory for a private key and a NIST P-curve (e.g., P-256): the integer in the range ``[1..order-1]`` that represents the key. seed (bytes): Mandatory for a private key and an EdDSA curve. It must be 32 bytes for Ed25519, and 57 bytes for Ed448. point_x (integer): Mandatory for a public key: the X coordinate (affine) of the ECC point. point_y (integer): Mandatory for a public key: the Y coordinate (affine) of the ECC point. Returns: :class:`EccKey` : a new ECC key object rwpoint_xNpoint_yr~zUnknown keyword: pointz(Private and public ECC keys do not match) r7rrrirrrrrrn)rrrwrrrZpub_keyr(r(r) constructs     rc Cs\tD]&\}}|r"|j|kr"qN||krqNq|rBtd|n td||j}t|d}|dkrt|dd|krtdt |d|d}t ||dd}n|d krFt|d|krtdt |dd}|d |d |j  |j}|dkr&| r&|j|}|d krN|rN|j|}ntd t|||d S) aConvert an encoded EC point into an EccKey object ec_point: byte string with the EC point (SEC1-encoded) curve_oid: string with the name the curve curve_name: string with the OID of the curve Either curve_id or curve_name must be specified Unsupported ECC curve (OID: %s)zUnsupported ECC curve (%s)rrrzIncorrect EC point lengthNrrzIncorrect EC point encodingrwrr)r7itemsrrer<rqrr3rnr rr=sqrtrZis_evenr) ec_point curve_oidrrprwrxZ point_typerurvr(r(r)_import_public_ders4      r%c Gst|\}}}d}dtfdtfd}||krx|s|ddkrHt|d\} } td| | d}ntd|dWn.tttjfk rtd|dYnX|S)N rzNot an openssh public keyrrrrzMismatch in openssh public key ecdsa-sha2- ecdsa-sha2rrzUnsupported ECC curve: r( ssh-ed25519rr zUnsupported SSH key type: zError parsing SSH key type: )rr3rnr a2b_base64runpackappend startswithr7r!rrr%rr)rr9rError) r-partsZ keystringZkeypartsZlkrrwr Zecc_keyrurvr(r(r)_import_openssh_publics<       rFcCsddlm}m}m}m}|||\}}ddtdfi}|dr||\} }| tkr`td| t| } | j dd } ||\} }t | d d krt d t | d | dkrt dt | dd| } t | d| d}||\}}t |}|| d}n`||krX||\}}}||\} }|| \} }||\}}|d|}||d}n t d|||\}}||tf| |d|S)Nr)import_openssh_private_generic read_bytes read_string check_paddingr]rrKr>zUnsupported ECC curve %srrrrz/Only uncompressed OpenSSH EC keys are supportedrzIncorrect public key length)rrw)rrwzUnsupport SSH agent key type:)rr)Z_opensshrGrHrIrJr)rCr7rerrrnr3r rr)datapasswordrGrHrIrJZkey_typeZ decryptedZ eddsa_keysZecdsa_curve_namerwrxrrrrrrrr0Zseed_lenZprivate_public_keyr_Zpaddedr(r(r)_import_openssh_private_eccs@               rNc Cst|dkrtdtd}d}t|}|dd?}|ddM<tj|dd }||krbtd |d krnd S|d d |}|d ||d |}z:||}|||} t| |} | d @|kr|| } Wntk rtdYnX| |fS)a~Import an Ed25519 ECC public key, encoded as raw bytes as described in RFC8032_. Args: encoded (bytes): The Ed25519 public key to import. It must be 32 bytes long. Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed. .. _RFC8032: https://datatracker.ietf.org/doc/html/rfc8032 rKz9Incorrect length. Only Ed25519 public keys are supported.rZlx&(7Z/ ;(P8se:8 w6RrrrrrzInvalid Ed25519 key (y)rrrrzInvalid Ed25519 public key)r3rnr rrr_tonelli_shanks r-r<rrvZx_lsbruvZv_invZx2rr(r(r)r)<s.       r)c Cst|dkrtdtd}d}|dd}t|dd?}tj|dd }||krZtd |d krfd S|d d |}|d ||d |}z:||}|||} t| |} | d @|kr|| } Wntk rtdYnX| |fS)azImport an Ed448 ECC public key, encoded as raw bytes as described in RFC8032_. Args: encoded (bytes): The Ed448 public key to import. It must be 57 bytes long. Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed. .. _RFC8032: https://datatracker.ietf.org/doc/html/rfc8032 rz7Incorrect length. Only Ed448 public keys are supported.ralVg?NrrrrzInvalid Ed448 key (y)rrOrzInvalid Ed448 public key)r3rnr rrrrPrQr(r(r)r*is,       r*c Csddlm}t|}|dk r$t|}|drVt|}|||\}}}t||}|S|drt|}d} d} tj| d| d |tj d }|||\} }}|rd}zt | |}Wn@t k r} z| W5d} ~ XYnt k rt d YnX|S|d rt |St|dkr8t|dd kr8t ||St|dkrvt|ddkrv|dkrjt dt||dSt ddS)a Import an ECC key (public or private). Args: encoded (bytes or multi-line string): The ECC key to import. The function will try to automatically detect the right format. Supported formats for an ECC **public** key: * X.509 certificate: binary (DER) or ASCII (PEM). * X.509 ``subjectPublicKeyInfo``: binary (DER) or ASCII (PEM). * SEC1_ (or X9.62), as ``bytes``. NIST P curves only. You must also provide the ``curve_name`` (with a value from the `ECC table`_) * OpenSSH line, defined in RFC5656_ and RFC8709_ (ASCII). This is normally the content of files like ``~/.ssh/id_ecdsa.pub``. Supported formats for an ECC **private** key: * A binary ``ECPrivateKey`` structure, as defined in `RFC5915`_ (DER). NIST P curves only. * A `PKCS#8`_ structure (or the more recent Asymmetric Key Package, RFC5958_): binary (DER) or ASCII (PEM). * `OpenSSH 6.5`_ and newer versions (ASCII). Private keys can be in the clear or password-protected. For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. passphrase (byte string): The passphrase to use for decrypting a private key. Encryption may be applied protected at the PEM level (not recommended) or at the PKCS#8 level (recommended). This parameter is ignored if the key in input is not encrypted. curve_name (string): For a SEC1 encoding only. This is the name of the curve, as defined in the `ECC table`_. .. note:: To import EdDSA private and public keys, when encoded as raw ``bytes``, use: * :func:`Cryptodome.Signature.eddsa.import_public_key`, or * :func:`Cryptodome.Signature.eddsa.import_private_key`. Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed (possibly because the pass phrase is wrong). .. _RFC1421: https://datatracker.ietf.org/doc/html/rfc1421 .. _RFC1423: https://datatracker.ietf.org/doc/html/rfc1423 .. _RFC5915: https://datatracker.ietf.org/doc/html/rfc5915 .. _RFC5656: https://datatracker.ietf.org/doc/html/rfc5656 .. _RFC8709: https://datatracker.ietf.org/doc/html/rfc8709 .. _RFC5958: https://datatracker.ietf.org/doc/html/rfc5958 .. _`PKCS#8`: https://datatracker.ietf.org/doc/html/rfc5208 .. _`OpenSSH 6.5`: https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf .. _SEC1: https://www.secg.org/sec1-v2.pdf rrNs-----BEGIN OPENSSH PRIVATE KEYs-----z-----BEGIN EC PARAMETERS-----z-----END EC PARAMETERS-----z.*?r)flagsz(Invalid DER encoding inside the PEM file)r=r?rQ)rrrzNo curve name was provided)rzECC key format is not supported)rrrrCrr+rNresubDOTALLr;rernrFr3rr%) r-rrrZ text_encodedZopenssh_encodedmarkerZenc_flagr'Zecparams_startZ ecparams_endZ der_encodedZuefr(r(r) import_keysH?          rY__main__l_,)N$c hKf-5lks   $       ' ' ' ' 'O`"6 84 2!.7-, t