,h;ddlmZddlmZddlmZddlmZddlm Z ddl m Z ddgZ Gd de ZGd d eZGd d eZGddeZddZy)) DerSequence) long_to_bytes)Integer)HMAC)EccKey)DsaKey DssSigSchemenewc4eZdZdZdZdZdZdZdZdZ y) r zkA (EC)DSA signature object. Do not instantiate directly. Use :func:`Crypto.Signature.DSS.new`. c||_||_||_|jj|_|jdz dzdz|_y)zCreate a new Digital Signature Standard (DSS) object. Do not instantiate this object directly, use `Crypto.Signature.DSS.new` instead. N)_key _encoding_order size_in_bits _order_bits _order_bytes)selfkeyencodingorders V/var/www/html/Resume-Scraper/venv/lib/python3.12/site-packages/Crypto/Signature/DSS.py__init__zDssSigScheme.__init__3sK ! ;;335!--1a7!;c6|jjS)zRReturn ``True`` if this signature object can be used for signing messages.)r has_private)rs rcan_signzDssSigScheme.can_signAsyy$$&&rctdNzTo be provided by subclassesNotImplementedErrorrmsg_hashs r_compute_noncezDssSigScheme._compute_nonceG!"@AArctdr r!r#s r _valid_hashzDssSigScheme._valid_hashJr&rc |jjs td|j|s t d|j |}t j|jd|j}|jj||}|jdk(r5dj|Dcgc]}t||jc}}|St|j}|Scc}w)aCompute the DSA/ECDSA signature of a message. Args: msg_hash (hash object): The hash that was carried out over the message. The object belongs to the :mod:`Crypto.Hash` package. Under mode ``'fips-186-3'``, the hash must be a FIPS approved secure hash (SHA-2 or SHA-3). :return: The signature as ``bytes`` :raise ValueError: if the hash algorithm is incompatible to the (EC)DSA key :raise TypeError: if the (EC)DSA key has no private half zPrivate key is needed to signHash is not sufficiently strongNbinaryr)rr TypeErrorr( ValueErrorr%r from_bytesdigestr_signrjoinrrencode)rr$noncezsig_pairxoutputs rsignzDssSigScheme.signMsyy$$&;< <)>? ?##H-   x01C$2C2CD E99??1e, >>X %XX(02#$ -Q0A0AB23F !*113F 2s=C>c|j|s td|jdk(rit|d|jzk7r td|d|j||jdfDcgc]}t j |c}\}}na tj|d}t|dk7s|js td t |d t |d }}d |cxkr|jkr.n td d |cxkr|jkstd td t j |jd|j}|jj|||f}|s td ycc}w#ttf$r tdwxYw)aCheck if a certain (EC)DSA signature is authentic. Args: msg_hash (hash object): The hash that was carried out over the message. This is an object belonging to the :mod:`Crypto.Hash` module. Under mode ``'fips-186-3'``, the hash must be a FIPS approved secure hash (SHA-2 or SHA-3). signature (``bytes``): The signature that needs to be validated. :raise ValueError: if the signature is not authentic r*r+z'The signature is not authentic (length)NT)strictz$The signature is not authentic (DER)z,The signature is not authentic (DER content)rr z"The signature is not authentic (d)zThe signature is not authenticF)r(r-rlenrrr.rdecode IndexError hasOnlyIntsrr/r_verify) rr$ signaturer6r_primes_primeder_seqr4results rverifyzDssSigScheme.verifyzs )>? ? >>X %9~!d&7&7"78 !JKK*34FT5F5F*G*3D4E4E4F*G*I J$%!( 2 21 5 J GW I%-..y.F7|q (;(;(= !OPP&wqz2GGAJ4GWGG)dkk)AB B45w3L3LAB B4MAB B   x01C$2C2CD E""1w&89=> >) J  + I !GHH Is2F F%%GN) __name__ __module__ __qualname____doc__rrr%r(r8rFrrr r -s( <' BB+Z*rc<eZdZfdZdZdZdZdZdZxZ S)DeterministicDsaSigSchemec>tt| |||||_yN)superrMr _private_key)rrrr private_key __class__s rrz"DeterministicDsaSigScheme.__init__s '7XuM'rctj|}|jj}t |dz}||kDr|||z z}|S)zSee 2.3.2 in RFC6979r)rr.rrr<)rbstrrEq_lenb_lens r _bits2intz#DeterministicDsaSigScheme._bits2intsM##D) ((*D A  5=  &F rcbd|cxkr|jksJJt||jS)zSee 2.3.3 in RFC6979r)rrr)r int_mod_qs r _int2octetsz%DeterministicDsaSigScheme._int2octetss19*t{{****Y(9(9::rc|j|}||jkr|}n||jz }|j|S)zSee 2.3.4 in RFC6979)rXrr[)rrUz1z2s r _bits2octetsz&DeterministicDsaSigScheme._bits2octetssB^^D !  Bdkk!B##rcL|j}d|jz}d|jz}dD]}}tj|||z|j |j z|j |z|j}tj|||j}d}d|cxkr|jksn|dk7rMtj||dz|j}tj|||j}d}t||jkrCtj|||j}||z }t||jkrC|j|}d|cxkr|jks|S|S)z!Generate k in a deterministic way)rbrarr) r/ digest_sizerr r[rQr_rr<rrX)rmhashh1mask_vnonce_kint_octr3mask_ts rr%z(DeterministicDsaSigScheme._compute_nonces \\^5,,,E---) ?Ghhw%/#//0A0AB C#004 56;=>DVX  XXgvu5<<>F ?u*t{{*{((7FW,<#(**0&('659@@BFf+ 1 11'659@@B& f+ 1 11 NN6*E!u*t{{*" #+" rcy)NTrKr#s rr(z%DeterministicDsaSigScheme._valid_hashsr) rGrHrIrrXr[r_r%r( __classcell__rSs@rrMrMs"( ; $&PrrMc.eZdZdZfdZdZdZxZS)FipsDsaSigScheme))i))rq)i rsctt| |||||_t |j j }||jf|jvrd||jfz}t|y)Nz+L/N (%d, %d) is not compliant to FIPS 186-3) rPror _randfuncrprr_fips_186_3_L_Nr-)rrrrrandfuncLerrorrSs rrzFipsDsaSigScheme.__init__su .sHeD! CEEN ' ' ) t (<(< <B4++,-EU# # =rcZtjd|j|jSNr ) min_inclusive max_exclusiverx)r random_rangerrur#s rr%zFipsDsaSigScheme._compute_nonce s%##!26++-1^^= =rcZ|jdk(xs|jjdS)z*Verify that SHA-1, SHA-2 or SHA-3 are usedz 1.3.14.3.2.26z2.16.840.1.101.3.4.2.)oid startswithr#s rr(zFipsDsaSigScheme._valid_hashs- /A ''(?@ Br)rGrHrIrwrr%r(rlrms@rroros O$= Brroc*eZdZfdZdZdZxZS)FipsEcDsaSigSchemec>tt| |||||_yrO)rPrrru)rrrrrxrSs rrzFipsEcDsaSigScheme.__init__s  $0hF!rctjd|jjj|j Sr|)rrr_curverrur#s rr%z!FipsEcDsaSigScheme._compute_nonces1##!26))2B2B2H2H-1^^= =rc|jjj}d}d}d}d}||z|z|z} |j|v}|S#t$rd}Y|SwxYw)zxVerify that the strength of the hash matches or exceeds the strength of the EC. We fail if the hash is too weak.)z2.16.840.1.101.3.4.2.4z2.16.840.1.101.3.4.2.7z2.16.840.1.101.3.4.2.5)z2.16.840.1.101.3.4.2.1z2.16.840.1.101.3.4.2.8z2.16.840.1.101.3.4.2.6)z2.16.840.1.101.3.4.2.2z2.16.840.1.101.3.4.2.9)z2.16.840.1.101.3.4.2.3z2.16.840.1.101.3.4.2.10F)rpointQrrAttributeError) rr$ modulus_bitssha224sha256sha384sha512shsrEs rr(zFipsEcDsaSigScheme._valid_hash"s{yy''446 `_EFvo&/ \\S(F  F  sA AA)rGrHrIrr%r(rlrms@rrrs"= rrNc4|dvrtd|zt|tr>|jj}d}|j j dsStdt|trt|j}d}n tdtt|z|jr t||}nd}|d k(rt||||S|d k(r,t|trt||||St!||||Std |z) a Create a signature object :class:`DssSigScheme` that can perform (EC)DSA signature or verification. .. note:: Refer to `NIST SP 800 Part 1 Rev 4`_ (or newer release) for an overview of the recommended key lengths. Args: key (:class:`Crypto.PublicKey.DSA` or :class:`Crypto.PublicKey.ECC`): The key to use for computing the signature (*private* keys only) or for verifying one. For DSA keys, let ``L`` and ``N`` be the bit lengths of the modulus ``p`` and of ``q``: the pair ``(L,N)`` must appear in the following list, in compliance to section 4.2 of `FIPS 186-4`_: - (1024, 160) *legacy only; do not create new signatures with this* - (2048, 224) *deprecated; do not create new signatures with this* - (2048, 256) - (3072, 256) For ECC, only keys over P-224, P-256, P-384, and P-521 are accepted. mode (string): The parameter can take these values: - ``'fips-186-3'``. The signature generation is randomized and carried out according to `FIPS 186-3`_: the nonce ``k`` is taken from the RNG. - ``'deterministic-rfc6979'``. The signature generation is not randomized. See RFC6979_. encoding (string): How the signature is encoded. This value determines the output of :meth:`sign` and the input to :meth:`verify`. The following values are accepted: - ``'binary'`` (default), the signature is the raw concatenation of ``r`` and ``s``. It is defined in the IEEE P.1363 standard. For DSA, the size in bytes of the signature is ``N/4`` bytes (e.g. 64 for ``N=256``). For ECDSA, the signature is always twice the length of a point coordinate (e.g. 64 bytes for P-256). - ``'der'``, the signature is a ASN.1 DER SEQUENCE with two INTEGERs (``r`` and ``s``). It is defined in RFC3279_. The size of the signature is variable. randfunc (callable): A function that returns random ``bytes``, of a given length. If omitted, the internal RNG is used. Only applicable for the *'fips-186-3'* mode. .. _FIPS 186-3: http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf .. _FIPS 186-4: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf .. _NIST SP 800 Part 1 Rev 4: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf .. _RFC6979: http://tools.ietf.org/html/rfc6979 .. _RFC3279: https://tools.ietf.org/html/rfc3279#section-2.2.2 )r+derzUnknown encoding '%s'dNISTz ECC key is not on a NIST P curver6zUnsupported key type Nzdeterministic-rfc6979z fips-186-3zUnknown DSS mode '%s')r- isinstancerrrcurverrrqstrtypergetattrrMrro)rmoderrxrprivate_key_attrrRs rr r 6s D((08;<<#v   yy##F+?@ @ C 03tCy>ABB c#34   &&(h{KK   c6 "%c8UHE E#C5(C C04788r)r+N)Crypto.Util.asn1rCrypto.Util.numberrCrypto.Math.Numbersr Crypto.HashrCrypto.PublicKey.ECCrCrypto.PublicKey.DSAr__all__objectr rMrorr rKrrrscD),''' 5 !w6wtK K\B|BD>]9r