hIV ddlmZddlZddlZddlZddlmZddlmZm Z m Z m Z m Z ddl mZmZddlmZddlmZmZmZmZddlmZmZmZmZmZmZmZdd lm Z m!Z!m"Z"dd l#m$Z$m%Z%dd l&m'Z'dd l(m)Z)ed dZ*eddZ+eddZ,dZ-eddZ.iZ/gda0dZ1e1[1gda2dZ3e3[3gda4dZ5e5[5gda6dZ7e7[7gda8dZ9e9[9d d!ga:d"Z;e;[;d#d$gaZ?Gd(d)e@ZAeAe/d*je/d*jd*ZDe/d*jeD+ZFe/jeHjt`eF[D[Fb0eAe/d,je/d,jd,ZJe/d,jeJ+ZKe/jeHjtdeK[J[Kb2eAe/d-je/d-jd-ZLe/d-jeL+ZMe/jeHjtheM[L[Mb4eAe/d.je/d.jd.ZNe/d.jeN+ZOe/jeHjtleO[N[Ob6eAe/d/je/d/jd/ZPe/d/jeP+ZQe/jeHjtpeQ[P[Qb8eAe/d!je/d!jd!ZRe/d!jeR+ZSe/jeHjtteS[R[Sb:eAe/d$je/d$jd$ZTe/d$jeT+ZUe/jeHjtxeU[T[Ub<Gd0d1e@ZVd2ZWd3ZXdFd4ZYd5ZZdGd6Z[d7Z\d8Z]d9Z^d:Z_d;Z`d<Zad=ZbdFd>Zcedd?k(rddleZed@Zfe/d-jjZidAZjeejZkelejD]ZmeiefzZn eodBeejekz ejz dCzdDeejZkelejD]ZmenefzZn eodEeejekz ejz dCzdDyy)H)print_functionN) namedtuple)bordtobytestostrbchr is_string) bytes_to_long long_to_bytes)Integer) DerObjectIdDerOctetString DerSequence DerBitString)load_pycryptodome_raw_lib VoidPointer SmartPointerc_size_t c_uint8_ptr c_ulonglong null_pointer)_expand_subject_public_key_info_create_subject_public_key_info _extract_subject_public_key_info)SHA512SHAKE256)get_random_bytes) getrandbitszCrypto.PublicKey._ec_wsa typedef void EcContext; typedef void EcPoint; int ec_ws_new_context(EcContext **pec_ctx, const uint8_t *modulus, const uint8_t *b, const uint8_t *order, size_t len, uint64_t seed); void ec_free_context(EcContext *ec_ctx); int ec_ws_new_point(EcPoint **pecp, const uint8_t *x, const uint8_t *y, size_t len, const EcContext *ec_ctx); void ec_ws_free_point(EcPoint *ecp); int ec_ws_get_xy(uint8_t *x, uint8_t *y, size_t len, const EcPoint *ecp); int ec_ws_double(EcPoint *p); int ec_ws_add(EcPoint *ecpa, EcPoint *ecpb); int ec_ws_scalar(EcPoint *ecp, const uint8_t *k, size_t len, uint64_t seed); int ec_ws_clone(EcPoint **pecp2, const EcPoint *ecp); int ec_ws_cmp(const EcPoint *ecp1, const EcPoint *ecp2); int ec_ws_neg(EcPoint *p); zCrypto.PublicKey._ed25519ai typedef void Point; int ed25519_new_point(Point **out, const uint8_t x[32], const uint8_t y[32], size_t modsize, const void *context); int ed25519_clone(Point **P, const Point *Q); void ed25519_free_point(Point *p); int ed25519_cmp(const Point *p1, const Point *p2); int ed25519_neg(Point *p); int ed25519_get_xy(uint8_t *xb, uint8_t *yb, size_t modsize, Point *p); int ed25519_double(Point *p); int ed25519_add(Point *P1, const Point *P2); int ed25519_scalar(Point *P, const uint8_t *scalar, size_t scalar_len, uint64_t seed); zCrypto.PublicKey._ed448a* typedef void EcContext; typedef void PointEd448; int ed448_new_context(EcContext **pec_ctx); void ed448_context(EcContext *ec_ctx); void ed448_free_context(EcContext *ec_ctx); int ed448_new_point(PointEd448 **out, const uint8_t x[56], const uint8_t y[56], size_t len, const EcContext *context); int ed448_clone(PointEd448 **P, const PointEd448 *Q); void ed448_free_point(PointEd448 *p); int ed448_cmp(const PointEd448 *p1, const PointEd448 *p2); int ed448_neg(PointEd448 *p); int ed448_get_xy(uint8_t *xb, uint8_t *yb, size_t len, const PointEd448 *p); int ed448_double(PointEd448 *p); int ed448_add(PointEd448 *P1, const PointEd448 *P2); int ed448_scalar(PointEd448 *P, const uint8_t *scalar, size_t scalar_len, uint64_t seed); c|jjdk(rttd|z}|S|jjdk(rttd|z}|Stt d|z}|S)NEd25519ed25519_Ed448ed448_ec_ws_)_curvedescgetattr _ed25519_lib _ed448_lib_ec_lib)ecc_obj func_nameresults _/var/www/html/retail-simulation-api/retail/lib/python3.12/site-packages/Crypto/PublicKey/ECC.pylib_funcr/sp~~i'zI'=> M    'X %9: M(Y"67 M_Curvez

E ;B ;B B'L 1b !Fub)J!mO  & &'A'A'C'2<'@'26':'2:'>'/L0A'B'2;r?'C )F?&HII?..0'2I2IJG '!*!*%."+"+'' D NN4==T23r0)p224 NIST P-224zP-224 prime224v1 secp224r1nistp224cd}d}d}d}d}t|d}t|d}t|d}t}tj|j t |t |t |t t|ttd} | rtd| zt|jtj} tt|t|t|t|t|dd d | d d d } t j#t$j't(| y)Nl?lF eY8 w-X"PVd/%PP!-l=*8%(?l!"X!#BXtJ9!'|%VA-l4~ f&Dv@h!fE0m9_ qlM/r9z#Error %d initializing P-224 contextz 1.3.132.0.33rRzecdsa-sha2-nistp224rQ)r rr*r;r<rrr=rrr>rr?r@r1r rArBrCrD p224_names) rFrGrHrIrJ p224_modulusp224_b p224_orderec_p224_contextr-rOrQs r. init_p224r^sBABA FE CB CB B'L 1b !Fub)J!mO  & &'A'A'C'2<'@'26':'2:'>'/L0A'B'2;r?'C )F?&HII?..0'2I2IJG '!*!*%."+"+ ' D NN4==T23r0)p256 NIST P-256zP-256 prime256v1 secp256r1nistp256cd}d}d}d}d}t|d}t|d}t|d}t}tj|j t |t |t |t t|ttd} | rtd| zt|jtj} tt|t|t|t|t|dd d | d d d } t j#t$j't(| y)Nl?@lK`Opq^cv 3,e< 1U]>{|R*ZlQ%x +Ohbi+}s@lB11e %:f=K`wrH7gHK8hklQ~o]l+fUg+<)Z?8O?q!O r9z#Error %d initializing P-256 contextz1.2.840.10045.3.1.7r`zecdsa-sha2-nistp256r_)r rr*r;r<rrr=rrr>rr?r@r1r rArBrCrD p256_names) rFrGrHrIrJ p256_modulusp256_b p256_orderec_p256_contextr-rOr_s r. init_p256rlsJAJA NE KB KB B'L 1b !Fub)J!mO  & &'A'A'C'2<'@'26':'2:'>'/L0A'B'2;r?'C )F?&HII?..0'2I2IJG '!*!*%."+"+'' D NN4==T23r0)p384 NIST P-384zP-384 prime384v1 secp384r1nistp384cd}d}d}d}d}t|d}t|d}t|d}t}tj|j t |t |t |t t|ttd} | rtd| zt|jtj} tt|t|t|t|t|dd d | d d d } t j#t$j't(| y)Nl~l*'#.TEbc+Z'@=D 1 "(?7N2Z_+|S/1fls)e`gwl X_[nlv|l dxRjoyU8T( :ss"nZL8k&"_Ul_!uR/sX0 @qaNQNB&JxS8KJEY K%l0r9z#Error %d initializing P-384 contextiz 1.3.132.0.34rnzecdsa-sha2-nistp384rm)r rr*r;r<rrr=rrr>rr?r@r1r rArBrCrD p384_names) rFrGrHrIrJ p384_modulusp384_b p384_orderec_p384_contextr-rOrms r. init_p384ry0sjAjA nE kB kB B'L 1b !Fub)J!mO  & &'A'A'C'2<'@'26':'2:'>'/L0A'B'2;r?'C )F?&HII?..0'2I2IJG '!*!*%."+"+ ' D NN4==T23r0)p521 NIST P-521zP-521 prime521v1 secp521r1nistp521cd}d}d}d}d}t|d}t|d}t|d}t}tj|j t |t |t |t t|ttd} | rtd| zt|jtj} tt|t|t|t|t|dd d | d d d } t j#t$j't(| y)Nl#l#?VQ(zO%b95~cte1oR{V;LH w>l-rZE]"Sr&Ga9}*Fl# dp"z\}[z3"nZ;PK# `7roCQl#f=xK)H-apY$3^Q n%k{;/K!u{4-{?$Od8V1l3s: l#Pf?QE$XN!85aZU WL9YLhz f$Du13otc!% pMxjRr`Br9z#Error %d initializing P-521 contexti z 1.3.132.0.35r{zecdsa-sha2-nistp521rz)r rr*r;r<rrr=rrr>rr?r@r1r rArBrCrD p521_names) rFrGrHrIrJ p521_modulusp521_b p521_orderec_p521_contextr-rOrzs r. init_p521r_s, SA SA WE TB TB B'L 1b !Fub)J!mO  & &'A'A'C'2<'@'26':'2:'>'/L0A'B'2;r?'C )F?&HII?..0'2I2IJG '!*!*%."+"+ ' D NN4==T23r0ed25519r cd}d}d}d}tt|dt|t|t|ddddddd }tjtj t |y) NlS9i @eM^w|olUK5J,{$%Xci\-G' lJ[sii!lXfL33ffL33ffL33ffL33ff 1.3.101.112r ssh-ed25519r)r1r rArBrCrD ed25519_names)rFrHrIrJrs r. init_ed25519rslJA NE KB KBWQZU^R[R[""  G NN4==89r0ed448r"cd}d}d}d}t}tj|j}|rt d|zt |j tj}tt|dt|t|t|ddd|ddd }tjtjt|y) N?lDVJ Ru8a6!m,&vD}D2_l^@ 518`b8Cl\p*At(qmj.<+FaS[/SDZ74_3  lzadoeC@ ZK^DsxssZhNx02>Ilq2 vIZu gt' z#Error %d initializing Ed448 contexti 1.3.101.113r"r)rr)ed448_new_contextr<r>rr?ed448_free_contextr1r rArBrCrD ed448_names)rFrHrIrJ ed448_contextr-rOrs r. init_ed448rszA ~E {B {BMM  ) )-*B*B*D EF ?&HII=,,. 0M0MNG 71:5>2;2;  E NN4==e45r0c eZdZy)UnsupportedEccFeatureN)__name__ __module__ __qualname__r0r.rrsr0rceZdZdZddZdZdZdZdZdZ dZ d Z d Z e d Ze d Ze d ZdZdZdZdZdZdZdZdZy)EccPointaPA class to model a point on an Elliptic Curve. The class supports operators for: * Adding two points: ``R = S + T`` * In-place addition: ``S += T`` * Negating a point: ``R = -T`` * Comparing two points: ``if S == T: ...`` or ``if S != T: ...`` * Multiplying a point by a scalar: ``R = S*k`` * In-place multiplication by a scalar: ``T *= k`` :ivar x: The affine X-coordinate of the ECC point :vartype x: integer :ivar y: The affine Y-coordinate of the ECC point :vartype y: integer :ivar xy: The tuple with affine X- and Y- coordinates c t||_||_|j }t||}t||}t||k7st||k7r tdt|d}t|d}t|_ |jjj} ||jj!t#|t#|t%|| } | r| dk(r tdtd| zt'|jj||_ y#t$rtdt |zwxYw#t$r t} YwxYw)NzUnknown curve name %szIncorrect coordinate length new_point free_pointz)The EC point does not belong to the curvez(Error %d while instantiating an EC point)rAr%KeyError ValueErrorstr _curve_name size_in_bytesr r=r/r_pointrOr?AttributeErrorrr<rrr) selfxycurve modulus_bytesxbybr free_funcrOr-s r.__init__zEccPoint.__init__sZ C!%.DK!**, 1m , 1m , r7m #s2w-'?:; ;T;/ T<0 !m  #kk))--/G4;;113&r?&r?#M2" $ | !LMMG&PQ Q#4;;??#4i@ A C4s5zAB B C" #"G #sD;$E;!EE10E1c8t|d}t|d}t|_||jj|jj }|rt d|zt |jj ||_|S)Nclonerz"Error %d while cloning an EC point)r/rrr<r?rr)rpointrrr-s r.setz EccPoint.set sw'T<0 !m t{{--/||'')+ AFJK K"4;;??#4i@  r0ct|tsyt|d}d||jj |jj k(S)NFcmpr) isinstancerr/rr?)rrcmp_funcs r.__eq__zEccPoint.__eq__sE%*D%(HT[[__. 0@0@0BCCCr0c||k( SNr)rrs r.__ne__zEccPoint.__ne__ s5=  r0ct|d}|j}||jj}|rt d|z|S)Nnegz$Error %d while inverting an EC point)r/copyrr?r)rneg_funcnpr-s r.__neg__zEccPoint.__neg__#sFD%( YY["))--/* CfLM M r0cR|j\}}t|||j}|S)zReturn a copy of this point.)xyrr)rrrrs r.rz EccPoint.copy+s(ww1 aD,, - r0c2|jjdvS)Nrr)r%namers r. _is_eddsazEccPoint._is_eddsa1{{#777r0c^|jr|jdk(S|jdk(S)z,``True`` if this is the *point-at-infinity*.r)rr)rrrrs r.is_point_at_infinityzEccPoint.is_point_at_infinity4s+ >> 66Q; 77f$ $r0c~|jrtdd|jStdd|jS)z-Return the *point-at-infinity* for the curve.r)rrrrs r.point_at_infinityzEccPoint.point_at_infinity<s8 >> Aq$"2"23 3Aq$"2"23 3r0c |jdS)Nrrrs r.rz EccPoint.xDwwqzr0c |jdS)Nrrrs r.rz EccPoint.yHrr0cR|j}t|}t|}t|d}|t|t|t ||j j }|rtd|ztt|tt|fS)Nget_xyz#Error %d while encoding an EC point) r bytearrayr/rrrr?rr r )rrrrrr-s r.rz EccPoint.xyLs**, } % } %$) B#B / )+ BVKL L b)*GM"4E,FGGr0c.|jdzdzS)z"Size of each coordinate, in bytes.) size_in_bitsrs r.rzEccPoint.size_in_bytes[s!!#a'A--r0c.|jjS)z!Size of each coordinate, in bits.)r% modulus_bitsrs r.rzEccPoint.size_in_bits_s{{'''r0c~t|d}||jj}|rtd|z|S)zuDouble this point (in-place operation). Returns: This same object (to enable chaining). doublez#Error %d while doubling an EC pointr/rr?r)r double_funcr-s r.rzEccPoint.doublecs>tX. T[[__./ BVKL L r0ct|d}||jj|jj}|r|dk(r tdtd|z|S)zAdd a second point to this oneaddz#EC points are not on the same curvez#Error %d while adding two EC pointsr)rradd_funcr-s r.__iadd__zEccPoint.__iadd__ps`D%($++//+U\\-=-=-?@ | !FGGBVKL L r0c0|j}||z }|S)z8Return a new point, the addition of this one and anotherr)rrrs r.__add__zEccPoint.__add__{sYY[ e  r0c t|d}|dkr tdt|}||jj t |t t|ttd}|rtd|z|S)zMultiply this point by a scalarscalarrz?Scalar multiplication is only defined for non-negative integersr9z%Error %d during scalar multiplication) r/rr rr?rrr=rr)rr scalar_funcsbr-s r.__imul__zEccPoint.__imul__s~tX. A:^_ _ 6 "T[[__.(_%c"g.(R9; DvMN N r0c0|j}||z}|S)z2Return a new point, the scalar product of this oner)rrrs r.__mul__zEccPoint.__mul__sYY[ f  r0c$|j|Sr)r)r left_hands r.__rmul__zEccPoint.__rmul__s||I&&r0N)r_)rrr__doc__rrrrrrrrrpropertyrrrrrrrrrrrrr0r.rrs($AL D! 8%4 H H.(   'r0rr2)GrQr_rmrzceZdZdZdZdZdZdZdZdZ dZ e d Z e d Z e d Zd Zd ZdZdZddZdZdZdZdZdZdZdZy)EccKeyaClass defining an ECC key. Do not instantiate directly. Use :func:`generate`, :func:`construct` or :func:`import_key` instead. :ivar curve: The name of the curve as defined in the `ECC table`_. :vartype curve: string :ivar pointQ: an ECC point representating the public component. :vartype pointQ: :class:`EccPoint` :ivar d: A scalar that represents the private component in NIST P curves. It is smaller than the order of the generator point. :vartype d: integer :ivar seed: A seed that representats the private component in EdDSA curves (Ed25519, 32 bytes; Ed448, 57 bytes). :vartype seed: bytes c ^t|}|jdd}|jdd|_|jdd|_|jdd|_|"|jr|jj }|rt dt|z|tvrtd|zt||_ |jj|_ t|jdut|jduz}|dk(r|j td y|d k(r td |jsr|j td t|j|_d |jcxkr#|jj kstdtdy|j td|jj"dk(rt%|jdk7r tdt'j(|jj+}|dd|_t/|dd}|dxxdzcc<|ddzdz|d<n|jj"dk(rt%|jdk7r tdt1j(|jj3d}|dd|_t/|dd}|dxxdzcc<|dxxdzcc<d|d<tj4d |_y)!aiCreate a new ECC key Keywords: curve : string The name of the curve. d : integer Mandatory for a private key one NIST P curves. It must be in the range ``[1..order-1]``. seed : bytes Mandatory for a private key on the Ed25519 (32 bytes) or Ed448 (57 bytes) curve. point : EccPoint Mandatory for a public key. If provided for a private key, the implementation will NOT check whether it matches ``d``. Only one parameter among ``d``, ``seed`` or ``point`` may be used. rNdseedrUnknown parameters: zUnsupported curve (%s)rzGAt lest one between parameters 'point', 'd' or 'seed' must be specifiedz,Parameters d and seed are mutually exclusivez7Parameter 'seed' can only be used with Ed25519 or Ed448rz;Parameter d must be an integer smaller than the curve orderz/Parameter d can only be used with NIST P curvesrrez0Parameter seed must be 32 bytes long for Ed25519r9r9z.Parameter seed must be 57 bytes long for Ed448r78little byteorder)rCpop_d_seedrr TypeErrorrrArr%r&rintrr rHrr=rnewdigest_prefixrrread from_bytes)rkwargskwargs_ curve_namecount seed_hashtmps r.rzEccKey.__init__s&v,[[$/ ++c4([[. kk'40  $++00J 2S\AB B W $5 BC Cj) [[%% DGG4'(3tzz/E+FF A:{{" !jkk  A:KL L~~zz% !Z[[dgg&DG3$++"3"33 !^__4 !^__4ww" !RSS{{9,tzz?b($%WXX"JJtzz299; (~  #2/A$r7T>T1B!!W,tzz?b($%UVV$LL499#> (~  #2/A$B4B((ADGr0c2|jjdvS)N)r r")r%r&rs r.rzEccKey._is_eddsa#rr0ct|tsy|j|jk7ry|j|jk(S)NF)rr has_privatepointQ)rothers r.rz EccKey.__eq__&s?%(    $"2"2"4 4||t{{**r0c<|jrU|jr,dttj|j z}ndt |jz}nd}|jj\}}d|jj|||fzS)Nz , seed=%sz, d=%dz,EccKey(curve='%s', point_x=%d, point_y=%d%s)) rrrbinasciihexlifyrrr rrr%r&)rextrarrs r.__repr__zEccKey.__repr__/s    ~~#eH,<,> JK K 113 {{}}##%$ $ $++--00?@J "++--00?@++--00?@Jr0c|jj\}}|jjdk(r8t |j dd}|dzdz|dz|d<t|S|jjdk(r2t |j d d}|dzdz|d <t|St d ) Nrrer r rrrrrrzNot an EdDSA key to export)rrr%rrrFrbytes)rrrr-s r. _export_eddsazEccKey._export_eddsas{{~~1 ;;  y (qzz"zABFq5Q,&*4F2J V} [[   (qzz"zABFa%AF2JV}9: :r0c|jr)|jj}|j}d}n2d}|j |}t |jj}t |||S)N1.2.840.10045.2.1)rr%oidrLrIr r)rrGrOr@paramss r._export_subjectPublicKeyInfoz#EccKey._export_subjectPublicKeyInfosh >> ++//C++-JF%C**84J 1F.s/9/57 7r0c|jsJ|jj}d|jjj |z|jj j |z}dt |jj |t|jjdt|dg}|s|d=t|jS)NrDrrexplicitr)rrrrrFrrrr r%rOrrencode)rinclude_ec_paramsrr@seqs r._export_rfc5915_private_derz"EccKey._export_rfc5915_private_ders!!! 113 kkmm,,];<kkmm,,];< dffoom<=4;;??Q7J35 !A3&&((r0c ~ddlm}|jddd|vr td|j r<|j j }t|jj}d}n3d}|jd}t|j j }|j||fd |i|}|S) NrPKCS8 passphrase protectionz3At least the 'protection' parameter must be presentrNF)rV key_params) Crypto.IOr[r?rrr%rOrrrUrXr wrap)rrr[rO private_keyrPr-s r. _export_pkcs8zEccKey._export_pkcs8s# ::lD ) 5,f:TRS S >> ++//C(4;;=KF%C::U:SK 1FK&'-&%& r0cTddlm}|j|}|j|dS)NrPEMz PUBLIC KEY)r_rerQrU)rrGre encoded_ders r._export_public_pemzEccKey._export_public_pems&!77A zz+|44r0c Xddlm}|j}|j|d|fi|S)NrrdzEC PRIVATE KEY)r_rerXrUrr\rrerfs r._export_private_pemzEccKey._export_private_pems.!668 szz+'7NvNNr0cRddlm}|j}|j|dS)Nrrdz PRIVATE KEY)r_rerbrU)rrerfs r.(_export_private_clear_pkcs8_in_clear_pemz/EccKey._export_private_clear_pkcs8_in_clear_pems$!((* zz+}55r0c ddlm}|sJd|vr td|jdd|i|}|j |dS)Nrrdr]z5At least the 'protection' parameter should be presentr\zENCRYPTED PRIVATE KEYr)r_rerrbrUris r.,_export_private_encrypted_pkcs8_in_clear_pemz3EccKey._export_private_encrypted_pkcs8_in_clear_pemsM!z v %TU U(d((IJI&I zz+'>??r0c |jr td|jj}|"td|jjz|dk(r'|j }t |t |f}n|jj}|rYd|jjjz}t||jjj|z}nNd|jjj|z|jjj|z}|jdd}t |t ||f}dj|Dcgc]$}t!j"dt%||z&c}} |d zt't)j*| zScc}w) Nz"Cannot export OpenSSH private keysz Cannot export %s keys as OpenSSHrrrD-r0>I )rrr%opensshrrLrrrrrErrrFsplitjoinstructpackr=rr# b2a_base64) rrGr&r@compsrrHmiddlerblobs r._export_opensshzEccKey._export_opensshs    AB B{{"" <?$++BRBRRS S ] "++-JT]GJ$78E KK557M!5!5!77 ":."kkmm44]CD &"kkmm44]CD"kkmm44]CD ZZ_Q'FT]GFOZ@ExxF1T3q62Q6FGczE("5"5d";<<<Gs?)Gc |j}|jd}|dvrtd|z|jdd}|jr|jdd}t |rt |}|s td|jd d }|s*|j r td d |vr td |dk(r:|r%|r|j|fi|S|jS|j|fi|S|dk(r5|r |s td|r|jdd|i|S|jStd|z|rtd|z|dk(r|j|S|dk(r|j|S|dk(r|j|S|dk(r9|jj dvr|j#S|j|S|j%|S)aExport this ECC key. Args: format (string): The output format: - ``'DER'``. The key will be encoded in ASN.1 DER format (binary). For a public key, the ASN.1 ``subjectPublicKeyInfo`` structure defined in `RFC5480`_ will be used. For a private key, the ASN.1 ``ECPrivateKey`` structure defined in `RFC5915`_ is used instead (possibly within a PKCS#8 envelope, see the ``use_pkcs8`` flag below). - ``'PEM'``. The key will be encoded in a PEM_ envelope (ASCII). - ``'OpenSSH'``. The key will be encoded in the OpenSSH_ format (ASCII, public keys only). - ``'SEC1'``. The public key (i.e., the EC point) will be encoded into ``bytes`` according to Section 2.3.3 of `SEC1`_ (which is a subset of the older X9.62 ITU standard). Only for NIST P-curves. - ``'raw'``. The public key will be encoded as ``bytes``, without any metadata. * For NIST P-curves: equivalent to ``'SEC1'``. * For EdDSA curves: ``bytes`` in the format defined in `RFC8032`_. passphrase (bytes or string): (*Private keys only*) The passphrase to protect the private key. use_pkcs8 (boolean): (*Private keys only*) If ``True`` (default and recommended), the `PKCS#8`_ representation will be used. It must be ``True`` for EdDSA curves. If ``False`` and a passphrase is present, the obsolete PEM encryption will be used. protection (string): When a private key is exported with password-protection and PKCS#8 (both ``DER`` and ``PEM`` formats), this parameter MUST be present, For all possible protection schemes, refer to :ref:`the encryption parameters of PKCS#8`. It is recommended to use ``'PBKDF2WithHMAC-SHA5126AndAES128-CBC'``. compress (boolean): If ``True``, the method returns a more compact representation of the public key, with the X-coordinate only. If ``False`` (default), the method returns the full public key. This parameter is ignored for EdDSA curves, as compression is mandatory. prot_params (dict): When a private key is exported with password-protection and PKCS#8 (both ``DER`` and ``PEM`` formats), this dictionary contains the parameters to use to derive the encryption key from the passphrase. For all possible values, refer to :ref:`the encryption parameters of PKCS#8`. The recommendation is to use ``{'iteration_count':21000}`` for PBKDF2, and ``{'iteration_count':131072}`` for scrypt. .. warning:: If you don't provide a passphrase, the private key will be exported in the clear! .. note:: When exporting a private key with password-protection and `PKCS#8`_ (both ``DER`` and ``PEM`` formats), any extra parameters to ``export_key()`` will be passed to :mod:`Crypto.IO.PKCS8`. .. _PEM: http://www.ietf.org/rfc/rfc1421.txt .. _`PEM encryption`: http://www.ietf.org/rfc/rfc1423.txt .. _OpenSSH: http://www.openssh.com/txt/rfc5656.txt .. _RFC5480: https://tools.ietf.org/html/rfc5480 .. _SEC1: https://www.secg.org/sec1-v2.pdf Returns: A multi-line string (for ``'PEM'`` and ``'OpenSSH'``) or ``bytes`` (for ``'DER'``, ``'SEC1'``, and ``'raw'``) with the encoded key. format)reDEROpenSSHSEC1rawzUnknown format '%s'rGFr\NzEmpty passphrase use_pkcs8Tz%'pkcs8' must be True for EdDSA curvesr]z)'protection' is only supported for PKCS#8rerz8Private keys can only be encrpyted with DER using PKCS#8z2Private keys cannot be exported in the '%s' formatzUnexpected parameters: '%s'rrrr)rr rrr rrrnrlrjrbrXrgrQrIr%rrLr|)rrargs ext_formatrGr\rs r. export_keyzEccKey.export_keys!j{{}XXh' E E2Z?@ @88J.    ,5J$$Z0 !$%788d3I>>#$%LMM4'$%PQQU"!PtPPQ[d_cdd#LLNN3433JG$GGu$i$%_``-4--LLtLL;;== "68B"CDD !>!EFFU"..x88u$88BBv%((22u$;;##';;--//,,X66++H55r0N)T)rrrrrrrr&rr4r:rrrrr@rIrLrQrXrbrgrjrlrnr|rrr0r.rrs*JBX8+ `# ,   A8  7)6*5 O 6 @=:L6r0rc |jd}t|}|jdt}|rtdt |zt|j dk(r|d}t ||}|St|j dk(r|d}t ||}|Stjd |j| }t || }|S) a1Generate a new private key on the given curve. Args: curve (string): Mandatory. It must be a curve name defined in the `ECC table`_. randfunc (callable): Optional. The RNG to read randomness from. If ``None``, :func:`Crypto.Random.get_random_bytes` is used. rrandfuncrrrerrrrr)r)r*r)rr) r rArrrrrr r+rH)rrrrrnew_keyrs r.generatersG$J J Ezz*&67H .V<==z9,|z5 N   ! !W ,|z5 N  q/4{{*2 4zQ/ Nr0c \|d}t|}|jdd}|jdd}d|vr tdd||fvrt||||d<t di|}|j r9d|vr5|j |jz}|j||fk7r td|S) aBuild a new ECC key (private or public) starting from some base components. In most cases, you will already have an existing key which you can read in with :func:`import_key` instead of this function. Args: curve (string): Mandatory. The name of the elliptic curve, as defined in the `ECC table`_. d (integer): Mandatory for a private key and a NIST P-curve (e.g., P-256): the integer in the range ``[1..order-1]`` that represents the key. seed (bytes): Mandatory for a private key and an EdDSA curve. It must be 32 bytes for Ed25519, and 57 bytes for Ed448. point_x (integer): Mandatory for a public key: the X coordinate (affine) of the ECC point. point_y (integer): Mandatory for a public key: the Y coordinate (affine) of the ECC point. Returns: :class:`EccKey` : a new ECC key object rpoint_xNpoint_yrzUnknown keyword: pointz(Private and public ECC keys do not matchr) rAr rrrrrrrr)rrrrrrpub_keys r. constructrs<J J EjjD)GjjD)G&011 GW%%"7GZ@wvGF!2''GII% ::'7+ +GH H Nr0cFtjD]\}}|r|j|k(rn'||k(sn|rtd|ztd|z|jj }t |d}|dk(rVt|dd|zzk7r tdtj|d|dz}tj||dzd}n|d vrt|d|zk7r tdtj|dd}|d z|d zz |jzj|j}|dk(r|jr|j|z }|d k(r+|jr|j|z }n td t||| S) aConvert an encoded EC point into an EccKey object ec_point: byte string with the EC point (SEC1-encoded) curve_oid: string with the name the curve curve_name: string with the OID of the curve Either curve_id or curve_name must be specified Unsupported ECC curve (OID: %s)zUnsupported ECC curve (%s)rrrzIncorrect EC point lengthNrrzIncorrect EC point encodingrrr)rAitemsrOrrFrrr=rr rrGsqrtrEis_evenr) ec_point curve_oidrrrr point_typerrs r._import_public_derrs&mmo U i/   $  . '(II(UV V'(Dz(QR RGG))+Mhqk"JT x=Q]!22 389 9   x-/: ;   x a(89 : | # x=Q. /89 9   x| , TAaCZ%'' ! ' ' 0  !((*! A  !))+! A677 ;1 ==r0ct|\}}}d}dtfdtfd}||vrA|std|z t j |j }t||S||vr1||\}} |rtd|z| |\} } t| | | Std |z#t$r tdwxYw) z4Convert a subjectPublicKeyInfo into an EccKey objectrNz 1.3.132.1.12z 1.3.132.1.13r r"rrz%Missing ECC parameters for ECC OID %szError decoding namedCurverz(Unexpected ECC parameters for ECC OID %s)rrrzUnsupported ECC OID: %s) r_import_ed25519_public_key_import_ed448_public_keyrr decodevaluerrr) encodedrrOrrP nist_p_oids eddsa_oidsrrimport_eddsa_public_keyrrs r._import_subjectPublicKeyInfor.s #;<J  kDsJK K :# ,,V4::I "(i@@ .8o+ + G#MN N&x01AZ@@#$=$CDD# :89 9 :s #B++Ccjtj|d}|ddk7r td tdj|dj}|||k7r td|}| td t j D]\}}|j|k(sntd |ztj|dj}|jj}t||k7r td tj|} t|dkDrbt!dj|d j} t#| | } | j$j&} | j$j(} ndx} } t+|| | | S#t$rYEwxYw)N)rr) nr_elementsrrz!Incorrect ECC private key versionrSrzCurve mismatchzNo curve foundrzPrivate key is too smallr)rrrr)rrrr rrArrOrrpayloadrFrr=r rrrrrrr)rr\rra parametersrr scalar_bytesrrpublic_key_encr@rrs r._import_rfc5915_derrbs-&&wF&CK1~<==  !,33KNCII  Z9%<-. . )**$]]_ E 99 ! -$$E $QRR!#**;q>:BBLGG))+M <M)344<(A ;!%q188RIOO')L ##%%##%%  ' :GW MM7    s > 8  ~ .%,]]_! E==(}}// = !4!4S!9!!<=A;&(&5!!:V!CDD(! JG N1X '-hqk:DAqiAFG N 9E!HDE E  8>> 2D7%(BCCDs%A1F!BF!:+F!''F!F!!0Gcddlm}m}m}m}|||\}}ddt dfi}|j dr||\} }| tvrtd| zt| } | jdzd z} ||\} }t| d d k7r td t| d | zdzk7r tdtj| dd| z} tj| d| zd}||\}}tj|}|| d}nG||vr5||\}}}||\} }|| \} }||\}}|d|}||d}ntd|z||\}}||td| |d|S)Nr)import_openssh_private_generic read_bytes read_string check_paddingrr rerzUnsupported ECC curve %srrrrz/Only uncompressed OpenSSH EC keys are supportedrzIncorrect public key length)rr)rrzUnsupport SSH agent key type:)rrr)_opensshrrrrrrrArrrrr=r rr)datapasswordrrrrkey_type decrypted eddsa_keysecdsa_curve_namerrr@rrrarrPrrseed_lenprivate_public_keyr_paddeds r._import_openssh_private_eccrsCC9xHHi  #=rBJ <(&1)&<#) 7 *'(BEU(UV V()++a/A5 *9 5 I  1 ! #NO O z?a-/!3 3:; ;$$Z!M/%BC$$Z-0@%AB!+I!6 Y   { +#34 Z 8B88L5 +X *9 5 I2:>(29(=%I!)8,488CDDI&IAv&  @Wg @ @@r0ct|dk7r tdtd}d}t|}|ddz }|dxxdzcc<tj|d }||k\r td |d k(ry |d zd z |z}|d z|z|zd z|z} |j |}||z|z} tj | |} | d z|k7r|| z } | |fS#t$r tdwxYw)a~Import an Ed25519 ECC public key, encoded as raw bytes as described in RFC8032_. Args: encoded (bytes): The Ed25519 public key to import. It must be 32 bytes long. Returns: :class:`EccKey` : a new ECC key object Raises: ValueError: when the given key cannot be parsed. .. _RFC8032: https://datatracker.ietf.org/doc/html/rfc8032 rez9Incorrect length. Only Ed25519 public keys are supported.rlx&(7Z/ ;(P8se:8 w6Rrrrr r zInvalid Ed25519 key (y)rrrrzInvalid Ed25519 public key)r=rr rrr,_tonelli_shanks rrFrrx_lsbruvv_invx2rs r.rr<s" 7|rTUURSAUA'A bEQJEbETME  h7G!|233!| !a1A 1*q.A  !Q&A7 ! %i1_))"a0 aKE !'kG G  75667s rs>& "GG;',,===@@)*, $$=@ >))DG "''@C ,4 H\ ]  $4N   $4N   $4N   $4N   $4N  I& :,  6:  J J'vJ'\ '&/$$gfo&8&8& Av&)t}}Z./ D* '&/$$gfo&8&8& Av&)t}}Z./ D* '&/$$gfo&8&8& Av&)t}}Z./ D* '&/$$gfo&8&8& Av&)t}}Z./ D* '&/$$gfo&8&8& Av&)t}}Z./ D* WY'**GI,>,A,A9 M )  % % % 2t}}]G45 w 77#&&(8(;(;W E!!G!,t}}[%01 UKZ6VZ6zD3l5>p1Eh/NdT81 +B+\4An*Z)Xq8h zJA FO   " " $E E DIIKE 5\ +  e+u4t;TB DIIKE 5\! #idiikE&9U%BT%I4P#r0