3 K^.1@s ddlmZmZmZddlmZddlmZmZm Z ddl m Z m Z m Z ddlmZmZddlmZmZmZddZd d Zd d Zd dZddZddZejeGdddeZejeGdddeZejejGdddeZ ejej!GdddeZ"dS))absolute_importdivisionprint_function)utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes serialization)AsymmetricSignatureContextAsymmetricVerificationContexteccCst|tjstdtjdS)Nz/Unsupported elliptic curve signature algorithm.) isinstancerZECDSArrZ UNSUPPORTED_PUBLIC_KEY_ALGORITHM)signature_algorithmrK/tmp/pip-unpacked-wheel-vvkwn1hz/cryptography/hazmat/backends/openssl/ec.py_check_signature_algorithms rcCs|jj|}|j||jjk|jj|}||jjkr>td|jjr^|jj |dkr^td|jj |}|j||jjk|jj |j d}|S)Nz;ECDSA keys with unnamed curves are unsupported at this timerascii) _libEC_KEY_get0_groupopenssl_assert_ffiNULLEC_GROUP_get_curve_nameZ NID_undefNotImplementedErrorZ#CRYPTOGRAPHY_OPENSSL_110_OR_GREATERZEC_GROUP_get_asn1_flagZ OBJ_nid2snstringdecode)backendZec_keygroupnidZ curve_namesnrrr_ec_key_curve_sns    r$cCs|jj||jjdS)z Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N)rZEC_KEY_set_asn1_flagZOPENSSL_EC_NAMED_CURVE)r Zec_cdatarrr_mark_asn1_named_ec_curve<sr%c Cs8y tj|Stk r2tdj|tjYnXdS)Nz${} is not a supported elliptic curve)rZ _CURVE_TYPESKeyErrorrformatrZUNSUPPORTED_ELLIPTIC_CURVE)r r#rrr_sn_to_elliptic_curveHs  r(cCsz|jj|j}|j|dk|jjd|}|jjdd}|jjd|t||||j}|j|dk|jj|d|dS)Nrzunsigned char[]zunsigned int[]) rZ ECDSA_size_ec_keyrrnewZ ECDSA_signlenbuffer)r private_keydatamax_sizeZsigbufZ siglen_ptrresrrr_ecdsa_sig_signRsr2cCs8|jjd|t||t||j}|dkr4|jtdS)Nrr))rZ ECDSA_verifyr,r*Z_consume_errorsr)r public_key signaturer/r1rrr_ecdsa_sig_verify_s r5c@s$eZdZddZddZddZdS)_ECDSASignatureContextcCs||_||_tj|||_dS)N)_backend _private_keyr Hash_digest)selfr r. algorithmrrr__init__jsz_ECDSASignatureContext.__init__cCs|jj|dS)N)r:update)r;r/rrrr>osz_ECDSASignatureContext.updatecCs|jj}t|j|j|S)N)r:finalizer2r7r8)r;digestrrrr?rs z_ECDSASignatureContext.finalizeN)__name__ __module__ __qualname__r=r>r?rrrrr6hsr6c@s$eZdZddZddZddZdS)_ECDSAVerificationContextcCs$||_||_||_tj|||_dS)N)r7 _public_key _signaturer r9r:)r;r r3r4r<rrrr=zsz"_ECDSAVerificationContext.__init__cCs|jj|dS)N)r:r>)r;r/rrrr>sz _ECDSAVerificationContext.updatecCs"|jj}t|j|j|j|dS)N)r:r?r5r7rErF)r;r@rrrverifys z _ECDSAVerificationContext.verifyN)rArBrCr=r>rGrrrrrDxsrDc@sZeZdZddZejdZeddZddZ dd Z d d Z d d Z ddZ ddZdS)_EllipticCurvePrivateKeycCs6||_||_||_t||}t|||_t||dS)N)r7r* _evp_pkeyr$r(_curver%)r;r ec_key_cdataevp_pkeyr#rrrr=s   z!_EllipticCurvePrivateKey.__init__rJcCs|jjS)N)curvekey_size)r;rrrrNsz!_EllipticCurvePrivateKey.key_sizecCs(tt|t|jt|j||jS)N)r rr r<r6r7)r;rrrrsigners  z_EllipticCurvePrivateKey.signercCs|jj||jstdtj|jj|jjkr4td|jjj |j }|jjj |dd}|jj |dk|jj jd|}|jjj|j }|jjj||||j |jj j}|jj |dk|jj j|d|S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curverz uint8_t[])r7Z+elliptic_curve_exchange_algorithm_supportedrMrrZUNSUPPORTED_EXCHANGE_ALGORITHMname ValueErrorrrr*ZEC_GROUP_get_degreerrr+EC_KEY_get0_public_keyZECDH_compute_keyrr-)r;r<Zpeer_public_keyr!Zz_lenZz_bufZpeer_keyrrrrexchanges$ z!_EllipticCurvePrivateKey.exchangecCs|jjj|j}|jj||jjjk|jjj|}|jjj|}|jj||jjjk|jjj ||jjj }|jjj |j}|jj||jjjk|jjj ||}|jj|dk|jj |}t|j||S)Nr))r7rrr*rrrrZEC_KEY_new_by_curve_namegcZ EC_KEY_freerTZEC_KEY_set_public_keyZ_ec_cdata_to_evp_pkey_EllipticCurvePublicKey)r;r!Z curve_nidZ public_ec_keypointr1rLrrrr3s z#_EllipticCurvePrivateKey.public_keycCs2|jjj|j}|jj|}tj||jjdS)N) private_valuepublic_numbers) r7rZEC_KEY_get0_private_keyr* _bn_to_intrZEllipticCurvePrivateNumbersr3r[)r;ZbnrZrrrprivate_numberss  z(_EllipticCurvePrivateKey.private_numberscCs|jj||||j|jS)N)r7Z_private_key_bytesrIr*)r;encodingr'Zencryption_algorithmrrr private_bytess z&_EllipticCurvePrivateKey.private_bytescCs*t|t|j||j\}}t|j||S)N)rr r7 _algorithmr2)r;r/rr<rrrsignsz_EllipticCurvePrivateKey.signN)rArBrCr=rread_only_propertyrMpropertyrNrOrVr3r]r_rarrrrrHs   rHc@sReZdZddZejdZeddZddZ dd Z d d Z d d Z ddZ dS)rXcCs6||_||_||_t||}t|||_t||dS)N)r7r*rIr$r(rJr%)r;r rKrLr#rrrr=s   z _EllipticCurvePublicKey.__init__rJcCs|jjS)N)rMrN)r;rrrrNsz _EllipticCurvePublicKey.key_sizecCs6ttjd|t|t|jt|j|||jS)Nr4)r r _check_bytesrr r<rDr7)r;r4rrrrverifiers   z _EllipticCurvePublicKey.verifierc Cs|jj|j\}}|jjj|j}|jj||jjjk|jjZ}|jjj |}|jjj |}||||||}|jj|dk|jj |}|jj |} WdQRXt j || |j dS)Nr))xyrM)r7Z _ec_key_determine_group_get_funcr*rrTrrr _tmp_bn_ctxZ BN_CTX_getr\rZEllipticCurvePublicNumbersrJ) r;Zget_funcr!rYbn_ctxZbn_xZbn_yr1rfrgrrrr[ s  z&_EllipticCurvePublicKey.public_numbersc Cs|tjjkr|jjj}n|tjjks(t|jjj}|jjj |j }|jj ||jj j k|jjj|j }|jj ||jj j k|jjl}|jjj||||jj j d|}|jj |dk|jj jd|}|jjj||||||}|jj ||kWdQRX|jj j|ddS)Nrzchar[])r PublicFormatCompressedPointr7rZPOINT_CONVERSION_COMPRESSEDUncompressedPointAssertionErrorZPOINT_CONVERSION_UNCOMPRESSEDrr*rrrrTrhZEC_POINT_point2octr+r-) r;r' conversionr!rYribuflenbufr1rrr _encode_point"s"    z%_EllipticCurvePublicKey._encode_pointcCs|tjjkrtd|tjjks8|tjjks8|tjjkrj|tjjk sX|tjjtjjfkr`td|j|S|j j ||||j dSdS)Nz1EC public keys do not support PKCS1 serializationzKX962 encoding must be used with CompressedPoint or UncompressedPoint format) r rjZPKCS1rSEncodingZX962rkrlrqr7Z_public_key_bytesrI)r;r^r'rrr public_bytes:s&       z$_EllipticCurvePublicKey.public_bytescCs0t|t|j||j\}}t|j|||dS)N)rr r7r`r5)r;r4r/rr<rrrrG[sz_EllipticCurvePublicKey.verifyN)rArBrCr=rrbrMrcrNrer[rqrsrGrrrrrXs   !rXN)# __future__rrrZ cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr r r Zcryptography.hazmat.primitivesr r Z)cryptography.hazmat.primitives.asymmetricrrrrr$r%r(r2r5Zregister_interfaceobjectr6rDZ(EllipticCurvePrivateKeyWithSerializationrHZ'EllipticCurvePublicKeyWithSerializationrXrrrrs&      e