� 1�Dgn# � �l � d dl T d dlmZmZmZmZ d dlmZmZm Z ddgZ ddd e� � dfd�Zd d�ZdS ) � )�*)�DerNull�DerSequence�DerObjectId�DerOctetString)�PBES1�PBES2� PbesError�wrap�unwrapNc �d � |�t t |� � g� � }nt t |� � |g� � }t d|t | � � g� � }|� � � } |�| S |st d� � �t |� � }|�d}t j | ||||� � S )a/ Wrap a private key into a PKCS#8 blob (clear or encrypted). Args: private_key (byte string): The private key encoded in binary form. The actual encoding is algorithm specific. In most cases, it is DER. key_oid (string): The object identifier (OID) of the private key to wrap. It is a dotted string, like ``1.2.840.113549.1.1.1`` (for RSA keys). passphrase (bytes string or string): The secret passphrase from which the wrapping key is derived. Set it only if encryption is required. protection (string): The identifier of the algorithm to use for securely wrapping the key. The default value is ``PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC``. prot_params (dictionary): Parameters for the protection algorithm. +------------------+-----------------------------------------------+ | Key | Description | +==================+===============================================+ | iteration_count | The KDF algorithm is repeated several times to| | | slow down brute force attacks on passwords | | | (called *N* or CPU/memory cost in scrypt). | | | The default value for PBKDF2 is 1000. | | | The default value for scrypt is 16384. | +------------------+-----------------------------------------------+ | salt_size | Salt is used to thwart dictionary and rainbow | | | attacks on passwords. The default value is 8 | | | bytes. | +------------------+-----------------------------------------------+ | block_size | *(scrypt only)* Memory-cost (r). The default | | | value is 8. | +------------------+-----------------------------------------------+ | parallelization | *(scrypt only)* CPU-cost (p). The default | | | value is 1. | +------------------+-----------------------------------------------+ key_params (DER object or None): The ``parameters`` field to use in the ``AlgorithmIdentifier`` SEQUENCE. If ``None``, no ``parameters`` field will be added. By default, the ASN.1 type ``NULL`` is used. randfunc (callable): Random number generation function; it should accept a single integer N and return a string of random data, N bytes long. If not specified, a new RNG will be instantiated from :mod:`Crypto.Random`. Return: The PKCS#8-wrapped private key (possibly encrypted), as a byte string. Nr zEmpty passphrasez"PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC)r r r �encode� ValueError�tobytesr �encrypt) �private_key�key_oid� passphrase� protection�prot_params� key_params�randfunc� algorithm�pk_info�pk_info_ders �q/builddir/build/BUILD/imunify360-venv-2.4.0/opt/imunify360/venv/lib64/python3.11/site-packages/Crypto/IO/PKCS8.pyr r 2 s� � �H ����W�!5�!5� 6�7�7� � ���W�!5�!5�z� B�C�C� �����{�+�+�� � �G� �.�.�"�"�K������ -��+�,�,�,� ��$�$�J���9� ��=��j�#�[�(�<� <� <� c � � |r�t |� � }d} t j | |� � } d}n6# t $ r}dt |� � z }Y d}~nd}~wt $ r d}Y nw xY w|sU t j | |� � } d}n<# t $ r}|dt |� � z z }Y d}~nd}~wt $ r |dz }Y nw xY w|st d|z � � �t � � � | d � � � }t |� � dk r|st d� � �|d d k r!t |� � dvrt d� � �n<|d dk r!t |� � dvrt d� � �nt d� � �t � � � |d d� � � }t � � � |d � � j }t |� � dk rd}n: t � � � |d � � d}n# |d }Y nxY wt � � � |d � � j } || |fS )aH Unwrap a private key from a PKCS#8 blob (clear or encrypted). Args: p8_private_key (byte string): The private key wrapped into a PKCS#8 blob, DER encoded. passphrase (byte string or string): The passphrase to use to decrypt the blob (if it is encrypted). Return: A tuple containing #. the algorithm identifier of the wrapped key (OID, dotted string) #. the private key (byte string, DER encoded) #. the associated parameters (byte string, DER encoded) or ``None`` Raises: ValueError : if decoding fails FTz PBES1[%s]NzPBES1[Invalid]z ,PBES2[%s]z,PBES2[Invalid]zError decoding PKCS#8 (%s))� � � � )�nr_elementsr z;Not a valid clear PKCS#8 structure (maybe it is encrypted?)r )r r! z#Not a valid PrivateKeyInfo SEQUENCE� )r r! r"