U e].1@s ddlmZmZmZddlmZddlmZmZm Z ddl m Z m Z m Z ddlmZmZddlmZmZmZddZd d Zd d Zd dZddZddZeeGdddeZeeGdddeZeejGdddeZ eej!GdddeZ"dS))absolute_importdivisionprint_function)utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes serialization)AsymmetricSignatureContextAsymmetricVerificationContexteccCst|tjstdtjdS)Nz/Unsupported elliptic curve signature algorithm.) isinstancerZECDSArrZ UNSUPPORTED_PUBLIC_KEY_ALGORITHM)signature_algorithmrI/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/ec.py_check_signature_algorithms  rcCs|j|}|||jjk|j|}||jjkr>td|jjr^|j |dkr^td|j |}|||jjk|j | d}|S)Nz;ECDSA keys with unnamed curves are unsupported at this timerascii) _libEC_KEY_get0_groupopenssl_assert_ffiNULLEC_GROUP_get_curve_nameZ NID_undefNotImplementedErrorZ#CRYPTOGRAPHY_OPENSSL_110_OR_GREATERZEC_GROUP_get_asn1_flagZ OBJ_nid2snstringdecode)backendZec_keygroupZnidZ curve_namesnrrr_ec_key_curve_sns$     r#cCs|j||jjdS)z Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N)rZEC_KEY_set_asn1_flagZOPENSSL_EC_NAMED_CURVE)r Zec_cdatarrr_mark_asn1_named_ec_curve<sr$cCs:ztj|WStk r4td|tjYnXdS)Nz${} is not a supported elliptic curve)rZ _CURVE_TYPESKeyErrorrformatrZUNSUPPORTED_ELLIPTIC_CURVE)r r"rrr_sn_to_elliptic_curveHsr'cCsz|j|j}||dk|jd|}|jdd}|jd|t||||j}||dk|j|d|dS)Nrzunsigned char[]zunsigned int[]) rZ ECDSA_size_ec_keyrrnewZ ECDSA_signlenbuffer)r private_keydataZmax_sizeZsigbufZ siglen_ptrresrrr_ecdsa_sig_signRsr0cCs8|jd|t||t||j}|dkr4|tdS)Nrr()rZ ECDSA_verifyr+r)Z_consume_errorsr)r public_key signaturer.r/rrr_ecdsa_sig_verify_sr3c@s$eZdZddZddZddZdS)_ECDSASignatureContextcCs||_||_t|||_dSN)_backend _private_keyr Hash_digest)selfr r- algorithmrrr__init__jsz_ECDSASignatureContext.__init__cCs|j|dSr5r9updater:r.rrrr>osz_ECDSASignatureContext.updatecCs|j}t|j|j|Sr5)r9finalizer0r6r7r:Zdigestrrrr@rs z_ECDSASignatureContext.finalizeN)__name__ __module__ __qualname__r<r>r@rrrrr4hsr4c@s$eZdZddZddZddZdS)_ECDSAVerificationContextcCs$||_||_||_t|||_dSr5)r6 _public_key _signaturer r8r9)r:r r1r2r;rrrr<zsz"_ECDSAVerificationContext.__init__cCs|j|dSr5r=r?rrrr>sz _ECDSAVerificationContext.updatecCs"|j}t|j|j|j|dSr5)r9r@r3r6rFrGrArrrverifys z _ECDSAVerificationContext.verifyN)rBrCrDr<r>rHrrrrrExsrEc@sZeZdZddZedZeddZddZ dd Z d d Z d d Z ddZ ddZdS)_EllipticCurvePrivateKeycCs6||_||_||_t||}t|||_t||dSr5r6r) _evp_pkeyr#r'_curver$r:r Z ec_key_cdataevp_pkeyr"rrrr<s   z!_EllipticCurvePrivateKey.__init__rLcCs|jjSr5curvekey_sizer:rrrrQsz!_EllipticCurvePrivateKey.key_sizecCs(tt|t|jt|j||jSr5)r rr r;r4r6)r:rrrrsigners z_EllipticCurvePrivateKey.signercCs|j||jstdtj|jj|jjkr4td|jj |j }|jj |dd}|j |dk|jj d|}|jj|j }|jj||||j |jj j}|j |dk|jj |d|S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curverz uint8_t[])r6Z+elliptic_curve_exchange_algorithm_supportedrPrrZUNSUPPORTED_EXCHANGE_ALGORITHMname ValueErrorrrr)ZEC_GROUP_get_degreerrr*EC_KEY_get0_public_keyZECDH_compute_keyrr,)r:r;Zpeer_public_keyr!Zz_lenZz_bufZpeer_keyrrrrexchanges:z!_EllipticCurvePrivateKey.exchangecCs|jj|j}|j||jjjk|jj|}|jj|}|j||jjjk|jj ||jjj }|jj |j}|j||jjjk|jj ||}|j|dk|j |}t|j||S)Nr()r6rrr)rrrrZEC_KEY_new_by_curve_namegcZ EC_KEY_freerXZEC_KEY_set_public_keyZ_ec_cdata_to_evp_pkey_EllipticCurvePublicKey)r:r!Z curve_nidZ public_ec_keypointr/rNrrrr1s z#_EllipticCurvePrivateKey.public_keycCs2|jj|j}|j|}tj||dS)N) private_valuepublic_numbers) r6rZEC_KEY_get0_private_keyr) _bn_to_intrZEllipticCurvePrivateNumbersr1r_)r:Zbnr^rrrprivate_numberss   z(_EllipticCurvePrivateKey.private_numberscCs|j||||j|jSr5)r6Z_private_key_bytesrKr))r:encodingr&Zencryption_algorithmrrr private_bytessz&_EllipticCurvePrivateKey.private_bytescCs*t|t|j||j\}}t|j||Sr5)rr r6 _algorithmr0)r:r.rr;rrrsignsz_EllipticCurvePrivateKey.signN)rBrCrDr<rread_only_propertyrPpropertyrQrSrZr1rarcrerrrrrIs   rIc@sReZdZddZedZeddZddZ dd Z d d Z d d Z ddZ dS)r\cCs6||_||_||_t||}t|||_t||dSr5rJrMrrrr<s   z _EllipticCurvePublicKey.__init__rLcCs|jjSr5rOrRrrrrQsz _EllipticCurvePublicKey.key_sizecCs6ttd|t|t|jt|j|||jS)Nr2)r r _check_bytesrr r;rEr6)r:r2rrrrverifiers  z _EllipticCurvePublicKey.verifierc Cs|j|j\}}|jj|j}|j||jjjk|jZ}|jj |}|jj |}||||||}|j|dk|j |}|j |} W5QRXt j || |j dS)Nr()xyrP)r6Z _ec_key_determine_group_get_funcr)rrXrrr _tmp_bn_ctxZ BN_CTX_getr`rZEllipticCurvePublicNumbersrL) r:Zget_funcr!r]bn_ctxZbn_xZbn_yr/rjrkrrrr_ s    z&_EllipticCurvePublicKey.public_numbersc Cs|tjjkr|jjj}n|tjjks(t|jjj}|jj |j }|j ||jj j k|jj|j }|j ||jj j k|jl}|jj||||jj j d|}|j |dk|jj d|}|jj||||||}|j ||kW5QRX|jj |ddS)Nrzchar[])r PublicFormatCompressedPointr6rZPOINT_CONVERSION_COMPRESSEDUncompressedPointAssertionErrorZPOINT_CONVERSION_UNCOMPRESSEDrr)rrrrXrlZEC_POINT_point2octr*r,) r:r&Z conversionr!r]rmZbuflenZbufr/rrr _encode_point"s:    z%_EllipticCurvePublicKey._encode_pointcCs|tjjkrtd|tjjks8|tjjks8|tjjkrj|tjjk sX|tjjtjjfkr`td||S|j ||||j dSdS)Nz1EC public keys do not support PKCS1 serializationzKX962 encoding must be used with CompressedPoint or UncompressedPoint format) r rnZPKCS1rWZEncodingZX962rorprrr6Z_public_key_bytesrK)r:rbr&rrr public_bytes:s8      z$_EllipticCurvePublicKey.public_bytescCs0t|t|j||j\}}t|j|||dSr5)rr r6rdr3)r:r2r.rr;rrrrH[sz_EllipticCurvePublicKey.verifyN)rBrCrDr<rrfrPrgrQrir_rrrsrHrrrrr\s   !r\N)#Z __future__rrrZ cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr r r Zcryptography.hazmat.primitivesr r Z)cryptography.hazmat.primitives.asymmetricrrrrr#r$r'r0r3Zregister_interfaceobjectr4rEZ(EllipticCurvePrivateKeyWithSerializationrIZ'EllipticCurvePublicKeyWithSerializationr\rrrrs&       e