diff options
Diffstat (limited to 'frozen_deps/Cryptodome/PublicKey/ECC.py')
-rw-r--r-- | frozen_deps/Cryptodome/PublicKey/ECC.py | 56 |
1 files changed, 40 insertions, 16 deletions
diff --git a/frozen_deps/Cryptodome/PublicKey/ECC.py b/frozen_deps/Cryptodome/PublicKey/ECC.py index 84a4e07..4546742 100644 --- a/frozen_deps/Cryptodome/PublicKey/ECC.py +++ b/frozen_deps/Cryptodome/PublicKey/ECC.py @@ -101,7 +101,7 @@ int ed25519_neg(Point *p); int ed25519_get_xy(uint8_t *xb, uint8_t *yb, size_t modsize, Point *p); int ed25519_double(Point *p); int ed25519_add(Point *P1, const Point *P2); -int ed25519_scalar(Point *P, uint8_t *scalar, size_t scalar_len, uint64_t seed); +int ed25519_scalar(Point *P, const uint8_t *scalar, size_t scalar_len, uint64_t seed); """) _ed448_lib = load_pycryptodome_raw_lib("Cryptodome.PublicKey._ed448", """ @@ -534,6 +534,9 @@ class EccPoint(object): return self def __eq__(self, point): + if not isinstance(point, EccPoint): + return False + cmp_func = lib_func(self, "cmp") return 0 == cmp_func(self._point.get(), point._point.get()) @@ -753,7 +756,7 @@ class EccKey(object): if curve_name not in _curves: raise ValueError("Unsupported curve (%s)" % curve_name) self._curve = _curves[curve_name] - self.curve = curve_name + self.curve = self._curve.desc count = int(self._d is not None) + int(self._seed is not None) @@ -801,6 +804,9 @@ class EccKey(object): return self._curve.desc in ("Ed25519", "Ed448") def __eq__(self, other): + if not isinstance(other, EccKey): + return False + if other.has_private() != self.has_private(): return False @@ -809,7 +815,7 @@ class EccKey(object): def __repr__(self): if self.has_private(): if self._is_eddsa(): - extra = ", seed=%s" % self._seed.hex() + extra = ", seed=%s" % tostr(binascii.hexlify(self._seed)) else: extra = ", d=%d" % int(self._d) else: @@ -957,7 +963,7 @@ class EccKey(object): from Cryptodome.IO import PKCS8 if kwargs.get('passphrase', None) is not None and 'protection' not in kwargs: - raise ValueError("At least the 'protection' parameter should be present") + raise ValueError("At least the 'protection' parameter must be present") if self._is_eddsa(): oid = self._curve.oid @@ -1035,7 +1041,7 @@ class EccKey(object): Args: format (string): - The format to use for encoding the key: + The output format: - ``'DER'``. The key will be encoded in ASN.1 DER format (binary). For a public key, the ASN.1 ``subjectPublicKeyInfo`` structure @@ -1056,20 +1062,25 @@ class EccKey(object): * For NIST P-curves: equivalent to ``'SEC1'``. * For EdDSA curves: ``bytes`` in the format defined in `RFC8032`_. - passphrase (byte string or string): - The passphrase to use for protecting the private key. + passphrase (bytes or string): + (*Private keys only*) The passphrase to protect the + private key. use_pkcs8 (boolean): - Only relevant for private keys. - + (*Private keys only*) If ``True`` (default and recommended), the `PKCS#8`_ representation will be used. It must be ``True`` for EdDSA curves. + If ``False`` and a passphrase is present, the obsolete PEM + encryption will be used. + protection (string): When a private key is exported with password-protection and PKCS#8 (both ``DER`` and ``PEM`` formats), this parameter MUST be - present and be a valid algorithm supported by :mod:`Cryptodome.IO.PKCS8`. - It is recommended to use ``PBKDF2WithHMAC-SHA1AndAES128-CBC``. + present, + For all possible protection schemes, + refer to :ref:`the encryption parameters of PKCS#8<enc_params>`. + It is recommended to use ``'PBKDF2WithHMAC-SHA5126AndAES128-CBC'``. compress (boolean): If ``True``, the method returns a more compact representation @@ -1080,6 +1091,16 @@ class EccKey(object): This parameter is ignored for EdDSA curves, as compression is mandatory. + prot_params (dict): + When a private key is exported with password-protection + and PKCS#8 (both ``DER`` and ``PEM`` formats), this dictionary + contains the parameters to use to derive the encryption key + from the passphrase. + For all possible values, + refer to :ref:`the encryption parameters of PKCS#8<enc_params>`. + The recommendation is to use ``{'iteration_count':21000}`` for PBKDF2, + and ``{'iteration_count':131072}`` for scrypt. + .. warning:: If you don't provide a passphrase, the private key will be exported in the clear! @@ -1115,8 +1136,11 @@ class EccKey(object): raise ValueError("Empty passphrase") use_pkcs8 = args.pop("use_pkcs8", True) - if not use_pkcs8 and self._is_eddsa(): - raise ValueError("'pkcs8' must be True for EdDSA curves") + if not use_pkcs8: + if self._is_eddsa(): + raise ValueError("'pkcs8' must be True for EdDSA curves") + if 'protection' in args: + raise ValueError("'protection' is only supported for PKCS#8") if ext_format == "PEM": if use_pkcs8: @@ -1390,8 +1414,8 @@ def _import_rfc5915_der(encoded, passphrase, curve_oid=None): d = Integer.from_bytes(scalar_bytes) # Decode public key (if any) - if len(private_key) == 4: - public_key_enc = DerBitString(explicit=1).decode(private_key[3]).value + if len(private_key) > 2: + public_key_enc = DerBitString(explicit=1).decode(private_key[-1]).value public_key = _import_public_der(public_key_enc, curve_oid=curve_oid) point_x = public_key.pointQ.x point_y = public_key.pointQ.y @@ -1766,7 +1790,7 @@ def import_key(encoded, passphrase=None, curve_name=None): return _import_der(encoded, passphrase) # SEC1 - if len(encoded) > 0 and bord(encoded[0]) in b'\x02\x03\x04': + if len(encoded) > 0 and bord(encoded[0]) in (0x02, 0x03, 0x04): if curve_name is None: raise ValueError("No curve name was provided") return _import_public_der(encoded, curve_name=curve_name) |