U g0@srddlmZddlmZmZddlmZmZddlm Z m Z m Z m Z ddZ ddZGd d d eZdd d Zd S))Integer)SHA512SHAKE256)bchris_bytes)EccKey construct_import_ed25519_public_key_import_ed448_public_keycCsZt|dkrt|\}}d}n.t|dkr/tmp/pip-unpacked-wheel-_q8s9isk/Cryptodome/Signature/eddsa.pyimport_public_key)s    rcCs8t|dkrd}nt|dkr$d}ntdt||dS)aCreate a new Ed25519 or Ed448 private key object, starting from the key encoded as raw ``bytes``, in the format described in RFC8032. Args: encoded (bytes): The EdDSA private key to import. It must be 32 bytes for Ed25519, and 57 bytes for Ed448. Returns: :class:`Cryptodome.PublicKey.EccKey` : a new ECC key object. Raises: ValueError: when the given key cannot be parsed. r Zed25519r Zed448z8Incorrect length. Only EdDSA private keys are supported.)seedr)rrr)rrrrrimport_private_keyEs   rc@sPeZdZdZddZddZddZdd Zd d Zd d Z ddZ ddZ dS)EdDSASigSchemezpAn EdDSA signature object. Do not instantiate directly. Use :func:`Cryptodome.Signature.eddsa.new`. cCs$||_||_||_|jj|_dS)zCreate a new EdDSA object. Do not instantiate this object directly, use `Cryptodome.Signature.DSS.new` instead. N)_key_context_export_eddsa_public_A_curveorder_order)selfkeycontextrrr__init__is zEdDSASigScheme.__init__cCs |jS)zRReturn ``True`` if this signature object can be used for signing messages.)r has_private)r#rrrcan_signuszEdDSASigScheme.can_signcCs|jstd|jjdkrFt|tj}|s>t|s>td|j}n<|jjdkrzt|t j }|srt|srtd|j }nt d|||S)aRCompute the EdDSA signature of a message. Args: msg_or_hash (bytes or a hash object): The message to sign (``bytes``, in case of *PureEdDSA*) or the hash that was carried out over the message (hash object, for *HashEdDSA*). The hash object must be :class:`Cryptodome.Hash.SHA512` for Ed25519, and :class:`Cryptodome.Hash.SHAKE256` object for Ed448. :return: The signature as ``bytes``. It is always 64 bytes for Ed25519, and 114 bytes for Ed448. :raise TypeError: if the EdDSA key has no private half zPrivate key is needed to signr -'msg_or_hash' must be bytes of a SHA-512 hashr.'msg_or_hash' must be bytes of a SHAKE256 hashIncorrect curve for EdDSA) rr' TypeErrorr isinstancer SHA512Hashr _sign_ed25519r SHAKE256_XOF _sign_ed448r)r# msg_or_hashphZeddsa_sign_methodrrrsign{s       zEdDSASigScheme.signc Cs|js |r4t|}dt|tt|j|j}nd}|rD|n|}t||jj|}t |d|j }t ||jj jd}t|||j|} t | d|j } || |jj|j } || ddS)N SigEd25519 no Ed25519 collisionslittleZpointr )rintrrdigestrnewr_prefixr from_bytesr"rr Grrdto_bytes) r#r2r3flagdom2PHMr_hashrR_pkk_hashksrrrr/s    zEdDSASigScheme._sign_ed25519c Cst|}dt|tt|j|j}|r6|dn|}t||jj|d}t |d|j }t ||jj jd}t|||j|d} t | d|j } || |jj|j } || ddS)NSigEd448@rr7r8r )r9rrrreadrr;rr<rr=r"rr r>rrr?r@) r#r2r3rAdom4rCrDrErFrGrHrIrrrr1s  zEdDSASigScheme._sign_ed448cCs||jjdkr4t|tj}|s,t|s,td|j}n<|jjdkrht|tj }|s`t|s`td|j }nt d||||S)aCheck if an EdDSA signature is authentic. Args: msg_or_hash (bytes or a hash object): The message to verify (``bytes``, in case of *PureEdDSA*) or the hash that was carried out over the message (hash object, for *HashEdDSA*). The hash object must be :class:`Cryptodome.Hash.SHA512` object for Ed25519, and :class:`Cryptodome.Hash.SHAKE256` for Ed448. signature (``bytes``): The signature that needs to be validated. It must be 64 bytes for Ed25519, and 114 bytes for Ed448. :raise ValueError: if the signature is not authentic r r)rr*r+) rrr-rr.rr,_verify_ed25519rr0 _verify_ed448r)r#r2 signaturer3Zeddsa_verify_methodrrrverifys      zEdDSASigScheme.verifyc Cs,t|dkrtd|js|rHt|}dt|tt|j|j}nd}|rX|n|}zt|ddj}Wntk rtdYnXt |ddd}||j krtdt ||dd|j |} t | d|j } |d |jjj} d || d |jj} | | kr(td dS) NrK'The signature is not authentic (length)r5r6r "The signature is not authentic (R)r7"The signature is not authentic (S)The signature is not authentic)rrrr9rr:rpointQrr=r"rr;rrr r>) r#r2rQr3rArBrCRrIrGrHpoint1point2rrrrOs0     $ zEdDSASigScheme._verify_ed25519c Cs t|dkrtdt|}dt|tt|j|j}|rJ|dn|}zt|ddj}Wntk rtdYnXt |ddd}||j krtdt ||dd|j |d} t | d|j } |d |jjj} d || d |jj} | | krtd dS) NrLrSrJrKr rTr7rUrVrW)rrr9rrrMrrXrr=r"rr;rrr r>) r#r2rQr3rArNrCrYrIrGrHrZr[rrrrPs,    & zEdDSASigScheme._verify_ed448N) __name__ __module__ __qualname____doc__r&r(r4r/r1rRrOrPrrrrrcs ###rNcCsXt|tr|jdkrtd|dkr,td|dkr:d}nt|dkrNtdt||S) aCreate a signature object :class:`EdDSASigScheme` that can perform or verify an EdDSA signature. Args: key (:class:`Cryptodome.PublicKey.ECC` object): The key to use for computing the signature (*private* keys only) or for verifying one. The key must be on the curve ``Ed25519`` or ``Ed448``. mode (string): This parameter must be ``'rfc8032'``. context (bytes): Up to 255 bytes of `context `_, which is a constant byte string to segregate different protocols or different applications of the same key. )r rz&EdDSA can only be used with EdDSA keysZrfc8032zMode must be 'rfc8032'Nr6z3Context for EdDSA must not be longer than 255 bytes)r-rrrrr)r$moder%rrrr;9s r;)N)ZCryptodome.Math.NumbersrZCryptodome.HashrrZCryptodome.Util.py3compatrrZCryptodome.PublicKey.ECCrrr r rrobjectrr;rrrrs W