3 y_5/@s ddlmZmZmZddlmZddlmZmZm Z ddl m Z m Z m Z ddlmZmZddlmZmZmZddZd d Zd d Zd dZddZddZejeGdddeZejeGdddeZejejGdddeZ ejej!GdddeZ"dS))absolute_importdivisionprint_function)utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes serialization)AsymmetricSignatureContextAsymmetricVerificationContexteccCst|tjstdtjdS)Nz/Unsupported elliptic curve signature algorithm.) isinstancerZECDSArrZ UNSUPPORTED_PUBLIC_KEY_ALGORITHM)signature_algorithmr/usr/lib64/python3.6/ec.py_check_signature_algorithms rcCs|jj|}|j||jjk|jj|}||jjkr>td|jjr^|jj |dkr^td|jj |}|j||jjk|jj |j d}|S)Nz;ECDSA keys with unnamed curves are unsupported at this timerascii) _libEC_KEY_get0_groupopenssl_assert_ffiNULLEC_GROUP_get_curve_nameZ NID_undefNotImplementedErrorZ$CRYPTOGRAPHY_OPENSSL_102U_OR_GREATERZEC_GROUP_get_asn1_flagZ OBJ_nid2snstringdecode)backendZec_keygroupZnidZ curve_namesnrrr_ec_key_curve_sn"s    r#cCs|jj||jjdS)z Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N)rZEC_KEY_set_asn1_flagZOPENSSL_EC_NAMED_CURVE)r Zec_cdatarrr_mark_asn1_named_ec_curve@sr$c Cs8y tj|Stk r2tdj|tjYnXdS)Nz${} is not a supported elliptic curve)rZ _CURVE_TYPESKeyErrorrformatrZUNSUPPORTED_ELLIPTIC_CURVE)r r"rrr_sn_to_elliptic_curveLs  r'cCsz|jj|j}|j|dk|jjd|}|jjdd}|jjd|t||||j}|j|dk|jj|d|dS)Nrzunsigned char[]zunsigned int[]) rZ ECDSA_size_ec_keyrrnewZ ECDSA_signlenbuffer)r private_keydataZmax_sizeZsigbufZ siglen_ptrresrrr_ecdsa_sig_signVsr0cCs8|jjd|t||t||j}|dkr4|jtdS)Nrr()rZ ECDSA_verifyr+r)Z_consume_errorsr)r public_key signaturer.r/rrr_ecdsa_sig_verifycs r3c@s$eZdZddZddZddZdS)_ECDSASignatureContextcCs||_||_tj|||_dS)N)_backend _private_keyr Hash_digest)selfr r- algorithmrrr__init__nsz_ECDSASignatureContext.__init__cCs|jj|dS)N)r8update)r9r.rrrr<ssz_ECDSASignatureContext.updatecCs|jj}t|j|j|S)N)r8finalizer0r5r6)r9digestrrrr=vs z_ECDSASignatureContext.finalizeN)__name__ __module__ __qualname__r;r<r=rrrrr4lsr4c@s$eZdZddZddZddZdS)_ECDSAVerificationContextcCs$||_||_||_tj|||_dS)N)r5 _public_key _signaturer r7r8)r9r r1r2r:rrrr;~sz"_ECDSAVerificationContext.__init__cCs|jj|dS)N)r8r<)r9r.rrrr<sz _ECDSAVerificationContext.updatecCs"|jj}t|j|j|j|dS)N)r8r=r3r5rCrD)r9r>rrrverifys z _ECDSAVerificationContext.verifyN)r?r@rAr;r<rErrrrrB|srBc@sZeZdZddZejdZeddZddZ dd Z d d Z d d Z ddZ ddZdS)_EllipticCurvePrivateKeycCs6||_||_||_t||}t|||_t||dS)N)r5r) _evp_pkeyr#r'_curver$)r9r ec_key_cdataevp_pkeyr"rrrr;s   z!_EllipticCurvePrivateKey.__init__rHcCs|jjS)N)curvekey_size)r9rrrrLsz!_EllipticCurvePrivateKey.key_sizecCs(tt|t|jt|j||jS)N)r rr r:r4r5)r9rrrrsigners  z_EllipticCurvePrivateKey.signercCs|jj||jstdtj|jj|jjkr4td|jjj |j }|jjj |dd}|jj |dk|jj jd|}|jjj|j }|jjj||||j |jj j}|jj |dk|jj j|d|S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curverz uint8_t[])r5Z+elliptic_curve_exchange_algorithm_supportedrKrrZUNSUPPORTED_EXCHANGE_ALGORITHMname ValueErrorrrr)ZEC_GROUP_get_degreerrr*EC_KEY_get0_public_keyZECDH_compute_keyrr,)r9r:Zpeer_public_keyr!Zz_lenZz_bufZpeer_keyrrrrexchanges$ z!_EllipticCurvePrivateKey.exchangecCs|jjj|j}|jj||jjjk|jjj|}|jj|}|jjj |j}|jj||jjjk|jjj ||}|jj|dk|jj |}t |j||S)Nr() r5rrr)rrrrZ_ec_key_new_by_curve_nidrRZEC_KEY_set_public_keyZ_ec_cdata_to_evp_pkey_EllipticCurvePublicKey)r9r!Z curve_nidZ public_ec_keypointr/rJrrrr1s  z#_EllipticCurvePrivateKey.public_keycCs2|jjj|j}|jj|}tj||jjdS)N) private_valuepublic_numbers) r5rZEC_KEY_get0_private_keyr) _bn_to_intrZEllipticCurvePrivateNumbersr1rX)r9ZbnrWrrrprivate_numberss  z(_EllipticCurvePrivateKey.private_numberscCs|jj|||||j|jS)N)r5Z_private_key_bytesrGr))r9encodingr&Zencryption_algorithmrrr private_bytessz&_EllipticCurvePrivateKey.private_bytescCs*t|t|j||j\}}t|j||S)N)rr r5 _algorithmr0)r9r.rr:rrrsignsz_EllipticCurvePrivateKey.signN)r?r@rAr;rread_only_propertyrKpropertyrLrMrTr1rZr\r^rrrrrFs   rFc@sReZdZddZejdZeddZddZ dd Z d d Z d d Z ddZ dS)rUcCs6||_||_||_t||}t|||_t||dS)N)r5r)rGr#r'rHr$)r9r rIrJr"rrrr;s   z _EllipticCurvePublicKey.__init__rHcCs|jjS)N)rKrL)r9rrrrLsz _EllipticCurvePublicKey.key_sizecCs6ttjd|t|t|jt|j|||jS)Nr2)r r _check_bytesrr r:rBr5)r9r2rrrrverifiers   z _EllipticCurvePublicKey.verifierc Cs|jj|j\}}|jjj|j}|jj||jjjk|jjZ}|jjj |}|jjj |}||||||}|jj|dk|jj |}|jj |} WdQRXt j || |j dS)Nr()xyrK)r5Z _ec_key_determine_group_get_funcr)rrRrrr _tmp_bn_ctxZ BN_CTX_getrYrZEllipticCurvePublicNumbersrH) r9Zget_funcr!rVbn_ctxZbn_xZbn_yr/rcrdrrrrX s   z&_EllipticCurvePublicKey.public_numbersc Cs|tjjkr|jjj}n|tjjks(t|jjj}|jjj |j }|jj ||jj j k|jjj|j }|jj ||jj j k|jjl}|jjj||||jj j d|}|jj |dk|jj jd|}|jjj||||||}|jj ||kWdQRX|jj j|ddS)Nrzchar[])r PublicFormatCompressedPointr5rZPOINT_CONVERSION_COMPRESSEDUncompressedPointAssertionErrorZPOINT_CONVERSION_UNCOMPRESSEDrr)rrrrRreZEC_POINT_point2octr*r,) r9r&Z conversionr!rVrfZbuflenZbufr/rrr _encode_points"    z%_EllipticCurvePublicKey._encode_pointcCsp|tjjks$|tjjks$|tjjkrV|tjjk sD|tjjtjjfkrLtd|j|S|jj ||||j dSdS)NzKX962 encoding must be used with CompressedPoint or UncompressedPoint format) r ZEncodingZX962rgrhrirQrkr5Z_public_key_bytesrG)r9r[r&rrr public_bytes6s     z$_EllipticCurvePublicKey.public_bytescCs0t|t|j||j\}}t|j|||dS)N)rr r5r]r3)r9r2r.rr:rrrrELsz_EllipticCurvePublicKey.verifyN)r?r@rAr;rr_rKr`rLrbrXrkrlrErrrrrUs   rUN)#Z __future__rrrZ cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr r r Zcryptography.hazmat.primitivesr r Z)cryptography.hazmat.primitives.asymmetricrrrrr#r$r'r0r3Zregister_interfaceobjectr4rBZ(EllipticCurvePrivateKeyWithSerializationrFZ'EllipticCurvePublicKeyWithSerializationrUrrrrs&     a