ffjWgdZddlZddlZddlZddlmZmZmZmZm Z ddl m Z ddl m Z mZddlmZddlmZmZmZmZmZddlmZdd lmZmZmZdd lmZmZm Z Gd d e!Z"d Z#ddZ$ddZ%dZ&dZ'dZ(dZ)dZ*ddZ+e+Z,dZ-dS))generate constructDsaKey import_keyN)bchrbordtobytestostr iter_range)Random)PKCS8PEM)SHA256) DerObject DerSequence DerInteger DerObjectId DerBitString)Integer)test_probable_prime COMPOSITEPROBABLY_PRIME)_expand_subject_public_key_info_create_subject_public_key_info _extract_subject_public_key_infoceZdZdZgdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZ ddZeZe ZdZdZdZdZdZdZdZdS)raClass defining an actual DSA key. Do not instantiate directly. Use :func:`generate`, :func:`construct` or :func:`import_key` instead. :ivar p: DSA modulus :vartype p: integer :ivar q: Order of the subgroup :vartype q: integer :ivar g: Generator :vartype g: integer :ivar y: Public key :vartype y: integer :ivar x: Private key :vartype x: integer :undocumented: exportKey, publickey ygpqxc t|}td}||s"tdt ||z z||z }|rB|tdkr/tdt |tdz zt ||_dS)Nrrr r!z$Some DSA components are missing = %sr"zUnknown DSA components = %s)setkeysissubset ValueErrorstrdict_key)selfkey_dict input_set public_set extra_sets v/builddir/build/BUILD/imunify360-venv-2.3.5/opt/imunify360/venv/lib64/python3.11/site-packages/Crypto/PublicKey/DSA.py__init__zDsaKey.__init__gs (( .// ""9-- :C i!7889:: : *  ;c&kk11: S[[!899:;; ;NN cstdd|cxkr jksntdfddD\}}}}t jd|}||z|}||z} t||||z} |||z| | zzz|z} tt| | fS)Nz)DSA public key cannot be used for signingzk is not between 2 and q-1c*g|]}j|Sr,.0compr-s r2 z DsaKey._sign..yGGG$dioGGGr4)r"r!r r) min_inclusive max_exclusive) has_private TypeErrorr!r)r random_rangeinversepowmapint) r-mkr"r!r r blind_factor inv_blind_kblind_xrss ` r2_signz DsaKey._signss!! IGHH HA9:: :GGGG2FGGG 1a+!9:<<< #a'0033 l" 1aLL1  L1,w{: ;q @3Ar4c8|\}}fddD\}}}}d|cxkr|krnnd|cxkr|ksndSt||} | |z|z} | |z|z} t|| |t|| |z|z|z} | |kS)Nc*g|]}j|Sr8r9r:s r2r=z"DsaKey._verify..r>r4)rr!r rrF)rrDrE) r-rHsigrMrNrr!r rwu1u2vs ` r2_verifyzDsaKey._verifys1GGGG2FGGG 1aA  1q9999199995 AJJ  q ! !!eq[!eq[ B]]SB]] *Q .! 3Av r4cd|jvS)z!Whether this is a DSA private keyr"r9r-s r2rAzDsaKey.has_privatesdir4cdS)NFr8rYs r2 can_encryptzDsaKey.can_encryptsur4cdS)NTr8rYs r2can_signzDsaKey.can_signstr4cXtfddD}t|S)z^A matching DSA public key. Returns: a new :class:`DsaKey` object c36K|]}|j|fVdSNr9)r;rIr-s r2 z$DsaKey.public_key..s. Q Qq!TYq\!2 Q Q Q Q Q Qr4r$)r+r)r-public_componentss` r2 public_keyzDsaKey.public_keys8! Q Q Q Q

.s'AAADIdO$$AAAr4)r r!rr8rYs`r2domainz DsaKey.domains BAAAAAAAr4cg}|jD]m}|dkr@t|j}|d|fzHt ||r||n|r|dd|jjt|d |fzS)Nr zp(%d)privatez <%s @0x%x %s>,) rfrr size_in_bitsappendhasattrrA __class____name__idjoin)r-attrsrIbitss r2__repr__zDsaKey.__repr__s  ACxxtv3355 Ww.////q!!  Q      $ LL # # #$."92d88SXXe__!UUUr4cr t|j|S#t$rt|wxYwr`)rGr,KeyErrorAttributeError)r-items r2 __getattr__zDsaKey.__getattr__sD 'ty'' ' ' ' ' && & 's6rNc|t|}| tj}|dkrcfddD}dfd|D}dg|z}dd |D} d t j| dd zSt jjj g} r|d }|rS|sd }tj  } tj| t ||| |} |rd} nd} d}n|dkr|rt#ddjjj jj g}t | } d} n;|rt#dt't tj| } d} |dkr| S|dkr)t)j | | dz||}t|St#d|z)aExport this DSA key. Args: format (string): The encoding for the output: - *'PEM'* (default). ASCII as per `RFC1421`_/ `RFC1423`_. - *'DER'*. Binary ASN.1 encoding. - *'OpenSSH'*. ASCII one-liner as per `RFC4253`_. Only suitable for public keys, not for private keys. passphrase (string): *Private keys only*. The pass phrase to protect the output. pkcs8 (boolean): *Private keys only*. If ``True`` (default), the key is encoded with `PKCS#8`_. If ``False``, it is encoded in the custom OpenSSL/OpenSSH container. protection (string): *Only in combination with a pass phrase*. The encryption scheme to use to protect the output. If :data:`pkcs8` takes value ``True``, this is the PKCS#8 algorithm to use for deriving the secret and encrypting the private DSA key. For a complete list of algorithms, see :mod:`Crypto.IO.PKCS8`. The default is *PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC*. If :data:`pkcs8` is ``False``, the obsolete PEM encryption scheme is used. It is based on MD5 for key derivation, and Triple DES for encryption. Parameter :data:`protection` is then ignored. The combination ``format='DER'`` and ``pkcs8=False`` is not allowed if a passphrase is present. randfunc (callable): A function that returns random bytes. By default it is :func:`Crypto.Random.get_random_bytes`. Returns: byte string : the encoded key Raises: ValueError : when the format is unknown or when you try to encrypt a private key with *DER* format and OpenSSL/OpenSSH. .. warning:: If you don't provide a pass phrase, the private key will be exported in the clear! .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt .. _RFC4253: http://www.ietf.org/rfc/rfc4253.txt .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt NOpenSSHcNg|]!}j|"Sr8)r,to_bytes)r;r"r-s r2r=z%DsaKey.export_key..s+JJJDIaL))++JJJr4)r r!rrcZt|ddzrtd|zS|S)Nr)rrr%s r2funczDsaKey.export_key..funcs.1JJ%77Q;&Hr4c&g|] }|Sr8r8)r;r"rs r2r=z%DsaKey.export_key..s!***DDGG***r4ssh-dssr4cXg|]'}tjdt||z(S)>I)structpacklen)r;kps r2r=z%DsaKey.export_key..s/PPPV[s2ww77"<PPPr4ssh-dss Tz"PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC) key_paramsrandfunczENCRYPTED PRIVATEPRIVATErz#DSA private key cannot be encryptedrz DSA PRIVATEz*PKCS#8 is only meaningful for private keysPUBLICDERz KEYz3Unknown key format '%s'. Cannot export the DSA key.)r r get_random_bytesr}binascii b2a_base64rr r!rrArr"encoder wrapoidr)rrr)r-formatpkcs8 passphrase protectionrtup1tup2keyparts keystringparams private_key binary_keykey_typeintspem_strrs` @r2 export_keyzDsaKey.export_keysgv  ! ,,J  .H Y  JJJJ5IJJJD    +***T***D"|d*HPPxPPPI!4Y!?!?!DD Ddfdfdf566      } )!F!EJ(007799 "Z +S* *v)1""" )2HH(H! U??z?$%JKKK4646464646B(..5577 ( O !MNNN8 *46 2 2F<.s\ + + +j 3 3 < < > >>??FFHH + + +r4c6g|]}tj|Sr8r from_bytes)r;rVs r2r=z$_generate_domain..s# 0 0 0g ## 0 0 0r4c2g|]}|d|zzzS)r6r8)r;iVoutlens r2r=z$_generate_domain..s+CCC1q6z*+CCCr4sggen)getr)r digest_sizerrrrrrrwr sum itertoolscountrrrE)LrNnb_r! upper_bitUWXcr errrrrrs @@@@r2_generate_domainrks 3((,,Q//Ay6:;;;  ! #F VaF"Q&A Q!f* B  Aa!e I a * *n < <x||  vz$//6688 9 9Y] K MA  a * *n < < >>  q Fa!e I + + + + +!!a%(( + + + 0 0Q 0 0 0 CCCCCZ]]CCC1!r'Q'A!f*,=> @ @ A M " "~~1$$$$ QK QK >>  q q( + +~ = =!a%$ Q1 A## 7NT!WW $wu~~'>'>'@'@ @  vz!}}3355 6 6 1aLL 66 E  q!T?r4c| tj}|rtt|\}}}t |t k}|t |t kz}||dz |zdkz}||dkp||kz}|t |||dkz}|rtdnt||\}}}}| }| } ||krtd||fz|| fdvrtd|| fzd|cxkr|ksntdtj | d z| } | |dz zdz} t || |} | |||| d } t| S) aGenerate a new DSA key pair. The algorithm follows Appendix A.1/A.2 and B.1 of `FIPS 186-4`_, respectively for domain generation and key pair generation. Args: bits (integer): Key length, or size (in bits) of the DSA modulus *p*. It must be 1024, 2048 or 3072. randfunc (callable): Random number generation function; it accepts a single integer N and return a string of random data N bytes long. If not specified, :func:`Crypto.Random.get_random_bytes` is used. domain (tuple): The DSA domain parameters *p*, *q* and *g* as a list of 3 integers. Size of *p* and *q* must comply to `FIPS 186-4`_. If not specified, the parameters are created anew. Returns: :class:`DsaKey` : a new DSA key object Raises: ValueError : when **bits** is too little, too big, or not a multiple of 64. .. _FIPS 186-4: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf Nr6rzInvalid DSA domain parametersz?Mismatch between size of modulus (%d) and 'bits' parameter (%d)))rr)rr)rr)rrz;Lengths of p and q (%d, %d) are not compatibleto FIPS 186-3zIncorrent DSA generatorr) exact_bitsrr) r rrFrrrrEr)rrwrandomr)rrrsr r!r fmt_error_rrrr"rr.s r2rrs<* 6gv&&1a(**i7 (++y88 q1uka'' Q!V%qAv% SAq\\Q&&  ><== = >&dH55 1a A ADyy69:D BCC C 1v000),-q6233 3 q9999199992333 !b&8<<1 Ssu--22 SUaZ135CE>1 3   ; !5su~ 5I SUCE3511SU: :I75666 Jr4c|rtdt|ddddkrtdfddD}t|S) Nz-DSA private key already comes with parametersT) nr_elementsonly_ints_expectedrzNo version foundc g|] }| Sr8r8)r;r<ders r2r=z+_import_openssl_private..'s 1 1 13t9 1 1 1r4)rr6r)r)rdecoder)encodedrrrrs @r2_import_openssl_privater !sz JHIII --  wA$  O OC 1v{{+,,, 1 1 1 1 1 1 1C S>>r4c`t|\}}}|tkrtd|r|rtdt|j}t t|p|\}}} || ||f} t| S)NzNo DSA subjectPublicKeyInfozToo many DSA parameters) rrr)rr valuelistrr) r rralgoid encoded_key emb_paramsrr r!rrs r2_import_subjectPublicKeyInfor+s'Fw'O'O#FK }}6777 4*42333 K((.A;==''(<*==>>GAq! aA,C S>>r4cBt|}t|d|Sr`)rr)r rrsp_infos r2_import_x509_certr9s!.w77G 'v > >>r4c|rtdtj||}|dtkrtdt |dj}tt|d\}}}t|||||||f}t|S)Nz"PKCS#8 already includes parametersrzNo PKCS#8 encoded DSA keyr6r) r)r unwraprrr rrrrEr) r rrrIr"r r!rrs r2 _import_pkcs8r?s ?=>>> Wj))Ats{{4555 AaD!!'A;==''!--..GAq! q!Q<<Aq! $C S>>r4cttttf}|D]!} ||||cS#t$rYwxYwt d)z?Import a DSA key (public or private half), encoded in DER form.DSA key format is not supported)r rrrr))key_datarr decodingsdecodings r2_import_key_derrKsx)-" I  8Hj&99 9 9 9    D  6 7 77s / <<cBt|}|t|}|dr;tjt ||\}}}|rd}t ||dS|drt j|dd}gt|dkrctj d|ddd} |dd|z|d|zd}t|dkcdd krfd d D}t|St|dkr*t|dd krt ||dStd )aImport a DSA key. Args: extern_key (string or byte string): The DSA key to import. The following formats are supported for a DSA **public** key: - X.509 certificate (binary DER or PEM) - X.509 ``subjectPublicKeyInfo`` (binary DER or PEM) - OpenSSH (ASCII one-liner, see `RFC4253`_) The following formats are supported for a DSA **private** key: - `PKCS#8`_ ``PrivateKeyInfo`` or ``EncryptedPrivateKeyInfo`` DER SEQUENCE (binary or PEM) - OpenSSL/OpenSSH custom format (binary or PEM) For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. passphrase (string): In case of an encrypted private key, this is the pass phrase from which the decryption key is derived. Encryption may be applied either at the `PKCS#8`_ or at the PEM level. Returns: :class:`DsaKey` : a DSA key object Raises: ValueError : when the given key cannot be parsed (possibly because the pass phrase is wrong). .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt .. _RFC4253: http://www.ietf.org/rfc/rfc4253.txt .. _PKCS#8: http://www.ietf.org/rfc/rfc5208.txt Ns-----r r6rrrrcDg|]}tj|Sr8r)r;r"rs r2r=zimport_key..s(IIIq7%hqk22IIIr4)rrr6r0r)r startswithrr r rr a2b_base64splitrrunpackrxrrr)) extern_keyrrmarkerenc_flagrlengthrrs @r2rr\sP$$JZ(( X&&6"%*U:->-> "K"Kfh  JsJ555[)) "' (8(8(>(>q(ABB )nnq  ]42A277:F OOIaF l3 4 4 4!!f*++.I)nnq   A;* $ $IIIILIIICS>> ! :tJqM22d::z:t<<< 6 7 77r4z1.2.840.10040.4.1)NN)Tr`).__all__rrrCrypto.Util.py3compatrrr r r Cryptor Crypto.IOr r Crypto.HashrCrypto.Util.asn1rrrrrCrypto.Math.NumbersrCrypto.Math.PrimalityrrrCrypto.PublicKeyrrrobjectrrrrr rrrrr importKeyrr8r4r2r7sF2 = < < HHHHHHHHHHHHHH  ('''''3333333333@@@@@@@@@@@Z"Z"Z"Z"Z"VZ"Z"Z"z222jFFFFR....p   ???   888"C8C8C8C8N  r4