o 6 h+@sdZddlmZddlmZddlmZmZgdZGddde Z Gdd d e Z Gd d d e Z Gd d d e Z GdddeZdS)zG Class for performing Elliptic-curve Diffie-Hellman (ECDH) operations. )number_to_string)INFINITY) SigningKey VerifyingKey)ECDH NoKeyError NoCurveErrorInvalidCurveErrorInvalidSharedSecretErrorc@eZdZdZdS)rz3ECDH. Key not found but it is needed for operation.N__name__ __module__ __qualname____doc__rr^/var/www/html/construction_image-detection-poc/venv/lib/python3.10/site-packages/ecdsa/ecdh.pyrrc@r )rz3ECDH. Curve not set but it is needed for operation.Nr rrrrrrrc@r )r zP ECDH. Raised in case the public and private keys use different curves. Nr rrrrr sr c@r )r zBECDH. Raised in case the shared secret we obtained is an INFINITY.Nr rrrrr 'rr c@seZdZdZd!ddZddZddZd d Zd d Zd dZ ddZ ddZ ddZ ddZ d"ddZddZddZddZdd ZdS)#rz Elliptic-curve Diffie-Hellman (ECDH). A key agreement protocol. Allows two parties, each having an elliptic-curve public-private key pair, to establish a shared secret over an insecure channel NcCs6||_d|_d|_|r|||r||dSdS)a  ECDH init. Call can be initialised without parameters, then the first operation (loading either key) will set the used curve. All parameters must be ultimately set before shared secret calculation will be allowed. :param curve: curve for operations :type curve: Curve :param private_key: `my` private key for ECDH :type private_key: SigningKey :param public_key: `their` public key for ECDH :type public_key: VerifyingKey N)curve private_key public_keyload_private_keyload_received_public_key)selfrrrrrr__init__5s z ECDH.__init__cCsr|jstd|jstd|jj|jkr|jks$tdtd|jj|jjj}|t kr5t d| S)Nz3Private key needs to be set to create shared secretz2Public key needs to be set to create shared secretz3Curves for public key and private key is not equal.z!Invalid shared secret (INFINITY).) rrrrr pubkeypointprivkeysecret_multiplierrr x)rremote_public_keyresultrrr_get_shared_secretMs.zECDH._get_shared_secretcCs ||_dS)z Set the working curve for ecdh operations. :param key_curve: curve from `curves` module :type key_curve: Curve Nr)r key_curverrr set_curvegs zECDH.set_curvecCs"|jstd|tj|jdS)z Generate local private key for ecdh operation with curve that was set. :raises NoCurveError: Curve must be set before key generation. :return: public (verifying) key from this private key. :rtype: VerifyingKey z*Curve must be set prior to key generation.r#)rrrrgeneraterrrrgenerate_private_keyps zECDH.generate_private_keycCs2|js|j|_|j|jkrtd||_|jS)a Load private key from SigningKey (keys.py) object. Needs to have the same curve as was set with set_curve method. If curve is not set - it sets from this SigningKey :param private_key: Initialised SigningKey class :type private_key: SigningKey :raises InvalidCurveError: private_key curve not the same as self.curve :return: public (verifying) key from this private key. :rtype: VerifyingKey Curve mismatch.)rr rget_verifying_keyrrrrrr}s   zECDH.load_private_keycCs$|jstd|tj||jdS)a Load private key from byte string. Uses current curve and checks if the provided key matches the curve of ECDH key agreement. Key loads via from_string method of SigningKey class :param private_key: private key in bytes string format :type private_key: :term:`bytes-like object` :raises NoCurveError: Curve must be set before loading. :return: public (verifying) key from this private key. :rtype: VerifyingKey z$Curve must be set prior to key load.r#)rrrr from_stringr+rrrload_private_key_bytess zECDH.load_private_key_bytescC|t|S)aC Load private key from DER byte string. Compares the curve of the DER-encoded key with the ECDH set curve, uses the former if unset. Note, the only DER format supported is the RFC5915 Look at keys.py:SigningKey.from_der() :param private_key_der: string with the DER encoding of private ECDSA key :type private_key_der: string :raises InvalidCurveError: private_key curve not the same as self.curve :return: public (verifying) key from this private key. :rtype: VerifyingKey )rrfrom_der)rprivate_key_derrrrload_private_key_derzECDH.load_private_key_dercCr.)a\ Load private key from PEM string. Compares the curve of the DER-encoded key with the ECDH set curve, uses the former if unset. Note, the only PEM format supported is the RFC5915 Look at keys.py:SigningKey.from_pem() it needs to have `EC PRIVATE KEY` section :param private_key_pem: string with PEM-encoded private ECDSA key :type private_key_pem: string :raises InvalidCurveError: private_key curve not the same as self.curve :return: public (verifying) key from this private key. :rtype: VerifyingKey )rrfrom_pem)rprivate_key_pemrrrload_private_key_pemr2zECDH.load_private_key_pemcCs |jS)z Provides a public key that matches the local private key. Needs to be sent to the remote party. :return: public (verifying) key from local private key. :rtype: VerifyingKey )rr*r'rrrget_public_keys zECDH.get_public_keycCs,|js|j|_|j|jkrtd||_dS)a Load public key from VerifyingKey (keys.py) object. Needs to have the same curve as set as current for ecdh operation. If curve is not set - it sets it from VerifyingKey. :param public_key: Initialised VerifyingKey class :type public_key: VerifyingKey :raises InvalidCurveError: public_key curve not the same as self.curve r)N)rr r)rrrrrrs    zECDH.load_received_public_keycCs|t||j|S)a Load public key from byte string. Uses current curve and checks if key length corresponds to the current curve. Key loads via from_string method of VerifyingKey class :param public_key_str: public key in bytes string format :type public_key_str: :term:`bytes-like object` :param valid_encodings: list of acceptable point encoding formats, supported ones are: :term:`uncompressed`, :term:`compressed`, :term:`hybrid`, and :term:`raw encoding` (specified with ``raw`` name). All formats by default (specified with ``None``). :type valid_encodings: :term:`set-like object` )rrr,r)rpublic_key_strvalid_encodingsrrrload_received_public_key_bytess z#ECDH.load_received_public_key_bytescCr.)a Load public key from DER byte string. Compares the curve of the DER-encoded key with the ECDH set curve, uses the former if unset. Note, the only DER format supported is the RFC5912 Look at keys.py:VerifyingKey.from_der() :param public_key_der: string with the DER encoding of public ECDSA key :type public_key_der: string :raises InvalidCurveError: public_key curve not the same as self.curve )rrr/)rpublic_key_derrrrload_received_public_key_derz!ECDH.load_received_public_key_dercCr.)a Load public key from PEM string. Compares the curve of the PEM-encoded key with the ECDH set curve, uses the former if unset. Note, the only PEM format supported is the RFC5912 Look at keys.py:VerifyingKey.from_pem() :param public_key_pem: string with PEM-encoded public ECDSA key :type public_key_pem: string :raises InvalidCurveError: public_key curve not the same as self.curve )rrr3)rpublic_key_pemrrrload_received_public_key_pemr<z!ECDH.load_received_public_key_pemcCst||jjjS)a Generate shared secret from local private key and remote public key. The objects needs to have both private key and received public key before generation is allowed. :raises InvalidCurveError: public_key curve not the same as self.curve :raises NoKeyError: public_key or private_key is not set :return: shared secret :rtype: bytes )rgenerate_sharedsecretrrpr'rrrgenerate_sharedsecret_bytes.s z ECDH.generate_sharedsecret_bytescCs ||jS)a; Generate shared secret from local private key and remote public key. The objects needs to have both private key and received public key before generation is allowed. It's the same for local and remote party, shared secret(local private key, remote public key) == shared secret(local public key, remote private key) :raises InvalidCurveError: public_key curve not the same as self.curve :raises NoKeyError: public_key or private_key is not set :return: shared secret :rtype: int )r"rr'rrrr??s zECDH.generate_sharedsecret)NNN)N)r rrrrr"r%r(rr-r1r5r6rr9r;r>rAr?rrrrr-s$      rN)rutilr ellipticcurverkeysrr__all__ Exceptionrrr r objectrrrrrs