wec@sddlmZddlmZmZddlmZmZddlm Z m Z m Z m Z dZ dZdefdYZd d Zd S( i(tInteger(tSHA512tSHAKE256(tbchrtis_bytes(tEccKeyt constructt_import_ed25519_public_keyt_import_ed448_public_keycCst|dkr-t|\}}d}nCt|dkrZt|\}}d}ntdt|td|d|d|S( sCreate a new Ed25519 or Ed448 public key object, starting from the key encoded as raw ``bytes``, in the format described in RFC8032. Args: encoded (bytes): The EdDSA public key to import. It must be 32 bytes for Ed25519, and 57 bytes for Ed448. Returns: :class:`Crypto.PublicKey.EccKey` : a new ECC key object. Raises: ValueError: when the given key cannot be parsed. i tEd25519i9tEd448sNot an EdDSA key (%d bytes)tcurvetpoint_xtpoint_y(tlenRRt ValueErrorR(tencodedtxtyt curve_name((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pytimport_public_key)s  cCsUt|dkrd}n't|dkr6d}n tdtd|d|S(sCreate a new Ed25519 or Ed448 private key object, starting from the key encoded as raw ``bytes``, in the format described in RFC8032. Args: encoded (bytes): The EdDSA private key to import. It must be 32 bytes for Ed25519, and 57 bytes for Ed448. Returns: :class:`Crypto.PublicKey.EccKey` : a new ECC key object. Raises: ValueError: when the given key cannot be parsed. i ted25519i9ted448s8Incorrect length. Only EdDSA private keys are supported.tseedR (RRR(RR((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pytimport_private_keyEs    tEdDSASigSchemecBsVeZdZdZdZdZdZdZdZdZ dZ RS( slAn EdDSA signature object. Do not instantiate directly. Use :func:`Crypto.Signature.eddsa.new`. cCs4||_||_|j|_|jj|_dS(sCreate a new EdDSA object. Do not instantiate this object directly, use `Crypto.Signature.DSS.new` instead. N(t_keyt_contextt _export_eddsat_At_curvetordert_order(tselftkeytcontext((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pyt__init__is  cCs |jjS(sRReturn ``True`` if this signature object can be used for signing messages.(Rt has_private(R!((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pytcan_signuscCs|jjstdn|jjjdkrrt|tj}|pTt|sftdn|j }n`|jjjdkrt|t j }|pt|stdn|j }n t d|||S(sJCompute the EdDSA signature of a message. Args: msg_or_hash (bytes or a hash object): The message to sign (``bytes``, in case of *PureEdDSA*) or the hash that was carried out over the message (hash object, for *HashEdDSA*). The hash object must be :class:`Crypto.Hash.SHA512` for Ed25519, and :class:`Crypto.Hash.SHAKE256` object for Ed448. :return: The signature as ``bytes``. It is always 64 bytes for Ed25519, and 114 bytes for Ed448. :raise TypeError: if the EdDSA key has no private half sPrivate key is needed to signRs-'msg_or_hash' must be bytes of a SHA-512 hashRs.'msg_or_hash' must be bytes of a SHAKE256 hashsIncorrect curve for EdDSA(RR%t TypeErrorRtnamet isinstanceRt SHA512HashRt _sign_ed25519Rt SHAKE256_XOFt _sign_ed448R(R!t msg_or_hashtphteddsa_sign_method((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pytsign{s   c Cs0|js|rHt|}dt|tt|j|j}nd}|r`|jn|}tj||jj|j}t j |d|j }t d||jj jj}tj|||j|j} t j | d|j } || |jj|j } || jddS(Ns SigEd25519 no Ed25519 collisionsttlittletpointi (RtintRRtdigestRtnewRt_prefixRt from_bytesR RRtGRRtdtto_bytes( R!R.R/tflagtdom2tPHMtr_hashtrtR_pktk_hashtkts((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pyR+s -#"$c Cs!t|}dt|tt|j|j}|rK|jdn|}tj||jj|jd}t j |d|j }t d||jj jj}tj|||j|jd} t j | d|j } || |jj|j } || jddS(NtSigEd448i@irR3R4i9(R5RRRtreadRR7RR8RR9R RRR:RRR;R<( R!R.R/R=tdom4R?R@RARBRCRDRE((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pyR-s *&"'cCs|jjjdkrTt|tj}|p6t|sHtdn|j}n`|jjjdkrt|t j }|pt|stdn|j }n t d||||S(sCheck if an EdDSA signature is authentic. Args: msg_or_hash (bytes or a hash object): The message to verify (``bytes``, in case of *PureEdDSA*) or the hash that was carried out over the message (hash object, for *HashEdDSA*). The hash object must be :class:`Crypto.Hash.SHA512` object for Ed25519, and :class:`Crypto.Hash.SHAKE256` for Ed448. signature (``bytes``): The signature that needs to be validated. It must be 64 bytes for Ed25519, and 114 bytes for Ed448. :raise ValueError: if the signature is not authentic Rs-'msg_or_hash' must be bytes of a SHA-512 hashRs.'msg_or_hash' must be bytes of a SHAKE256 hashsIncorrect curve for EdDSA( RRR(R)RR*RR't_verify_ed25519RR,t _verify_ed448R(R!R.t signatureR/teddsa_verify_method((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pytverifys   c Cst|dkr!tdn|js0|rit|}dt|tt|j|j}nd}|r|jn|}yt|d j}Wntk rtdnXtj |dd}||j krtdnt j ||d |j |j} tj | d|j } |d |jjj} d || d |jj} | | krtd ndS( Ni@s'The signature is not authentic (length)s SigEd25519 no Ed25519 collisionsR2i s"The signature is not authentic (R)R3s"The signature is not authentic (S)isThe signature is not authentic(RRRR5RR6RtpointQRR9R RR7RRRR:( R!R.RKR/R=R>R?tRRERCRDtpoint1tpoint2((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pyRIs( - ( c Csst|dkr!tdnt|}dt|tt|j|j}|rl|jdn|}yt|d j}Wntk rtdnXtj |dd}||j krtdnt j ||d |j |jd} tj | d|j } |d |jjj} d || d |jj} | | krotd ndS( Nirs'The signature is not authentic (length)RFi@i9s"The signature is not authentic (R)R3s"The signature is not authentic (S)isThe signature is not authentic(RRR5RRRGRRNRR9R RR7RRRR:( R!R.RKR/R=RHR?RORERCRDRPRQ((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pyRJs$ * + ( t__name__t __module__t__doc__R$R&R1R+R-RMRIRJ(((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pyRcs  #   # #cCst|t s|j r,tdn|dkrGtdn|dkr\d}n!t|dkr}tdnt||S(sCreate a signature object :class:`EdDSASigScheme` that can perform or verify an EdDSA signature. Args: key (:class:`Crypto.PublicKey.ECC` object): The key to use for computing the signature (*private* keys only) or for verifying one. The key must be on the curve ``Ed25519`` or ``Ed448``. mode (string): This parameter must be ``'rfc8032'``. context (bytes): Up to 255 bytes of `context `_, which is a constant byte string to segregate different protocols or different applications of the same key. s&EdDSA can only be used with EdDSA keystrfc8032sMode must be 'rfc8032'R2is3Context for EdDSA must not be longer than 255 bytesN(R)Rt _is_eddsaRtNoneRR(R"tmodeR#((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pyR79s   N(tCrypto.Math.NumbersRt Crypto.HashRRtCrypto.Util.py3compatRRtCrypto.PublicKey.ECCRRRRRRtobjectRRWR7(((s</usr/lib64/python2.7/site-packages/Crypto/Signature/eddsa.pyts"