U q`;4@sddlmZddlmZmZmZddlmZmZm Z ddl m Z m Z ddl mZmZmZejdddZd d Zd d Zd dZddZddZGdddeZGdddeZGdddejZGdddejZdS))utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes serialization)AsymmetricSignatureContextAsymmetricVerificationContextecsignature_algorithmcCst|tjstdtjdS)Nz/Unsupported elliptic curve signature algorithm.) isinstancer ZECDSArrZ UNSUPPORTED_PUBLIC_KEY_ALGORITHMrrN/tmp/pip-target-nv4zd3e_/lib/python/cryptography/hazmat/backends/openssl/ec.py_check_signature_algorithms  rcCs|j|}|||jjk|j|}||jjkr>td|jjs^|j |dkr^td|j |}|||jjk|j | d}|S)Nz;ECDSA keys with unnamed curves are unsupported at this timerascii) _libEC_KEY_get0_groupopenssl_assert_ffiNULLEC_GROUP_get_curve_nameZ NID_undefNotImplementedErrorZCRYPTOGRAPHY_IS_LIBRESSLZEC_GROUP_get_asn1_flagZ OBJ_nid2snstringdecode)backendZec_keygroupnidZ curve_namesnrrr_ec_key_curve_sn#s$    r"cCs|j||jjdS)z Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N)rZEC_KEY_set_asn1_flagZOPENSSL_EC_NAMED_CURVE)rZec_cdatarrr_mark_asn1_named_ec_curveAsr#cCs:ztj|WStk r4td|tjYnXdS)Nz${} is not a supported elliptic curve)r Z _CURVE_TYPESKeyErrorrformatrZUNSUPPORTED_ELLIPTIC_CURVE)rr!rrr_sn_to_elliptic_curveMsr&cCsz|j|j}||dk|jd|}|jdd}|jd|t||||j}||dk|j|d|dS)Nrzunsigned char[]zunsigned int[]) rZ ECDSA_size_ec_keyrrnewZ ECDSA_signlenbuffer)r private_keydatamax_sizeZsigbufZ siglen_ptrresrrr_ecdsa_sig_signWsr0cCs8|jd|t||t||j}|dkr4|tdS)Nrr')rZ ECDSA_verifyr*r(Z_consume_errorsr)r public_key signaturer-r/rrr_ecdsa_sig_verifydsr3c@s>eZdZejejdddZeddddZ edd d Z dS) _ECDSASignatureContext)r, algorithmcCs||_||_t|||_dSN)_backend _private_keyr Hash_digest)selfrr,r5rrr__init__nsz_ECDSASignatureContext.__init__Nr-returncCs|j|dSr6r:updater;r-rrrr@xsz_ECDSASignatureContext.updater>cCs|j}t|j|j|Sr6)r:finalizer0r7r8r;digestrrrrC{s z_ECDSASignatureContext.finalize) __name__ __module__ __qualname__r EllipticCurvePrivateKeyr HashAlgorithmr<bytesr@rCrrrrr4ms  r4c@s@eZdZejeejdddZeddddZ ddd d Z dS) _ECDSAVerificationContext)r1r2r5cCs$||_||_||_t|||_dSr6)r7 _public_key _signaturer r9r:)r;rr1r2r5rrrr<sz"_ECDSAVerificationContext.__init__Nr=cCs|j|dSr6r?rArrrr@sz _ECDSAVerificationContext.updaterBcCs"|j}t|j|j|j|dSr6)r:rCr3r7rMrNrDrrrverifys z _ECDSAVerificationContext.verify) rFrGrHr EllipticCurvePublicKeyrKr rJr<r@rOrrrrrLs  rLc@seZdZddZedZeedddZ e j e ddd Z e je jed d d Ze jdd dZe jdddZejejejedddZee j edddZdS)_EllipticCurvePrivateKeycCs6||_||_||_t||}t|||_t||dSr6r7r( _evp_pkeyr"r&_curver#r;rZ ec_key_cdataevp_pkeyr!rrrr<s   z!_EllipticCurvePrivateKey.__init__rTrBcCs|jjSr6curvekey_sizer;rrrrYsz!_EllipticCurvePrivateKey.key_size)rr>cCs:tt|t|jt|jtjs*tt|j ||jSr6) rrrr5rr rJAssertionErrorr4r7)r;rrrrsigners z_EllipticCurvePrivateKey.signer)r5peer_public_keyr>cCs|j||jstdtj|jj|jjkr4td|jj |j }|jj |dd}|j |dk|jj d|}|jj|j }|jj||||j |jj j}|j |dk|jj |d|S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curverz uint8_t[])r7Z+elliptic_curve_exchange_algorithm_supportedrXrrZUNSUPPORTED_EXCHANGE_ALGORITHMname ValueErrorrrr(ZEC_GROUP_get_degreerrr)EC_KEY_get0_public_keyZECDH_compute_keyrr+)r;r5r]rZz_lenZz_bufZpeer_keyrrrrexchanges:z!_EllipticCurvePrivateKey.exchangecCs|jj|j}|j||jjjk|jj|}|j|}|jj |j}|j||jjjk|jj ||}|j|dk|j |}t |j||S)Nr') r7rrr(rrrrZ_ec_key_new_by_curve_nidrbZEC_KEY_set_public_keyZ_ec_cdata_to_evp_pkey_EllipticCurvePublicKey)r;rZ curve_nidZ public_ec_keypointr/rVrrrr1s  z#_EllipticCurvePrivateKey.public_keycCs2|jj|j}|j|}tj||dS)N) private_valuepublic_numbers) r7rZEC_KEY_get0_private_keyr( _bn_to_intr EllipticCurvePrivateNumbersr1rh)r;Zbnrgrrrprivate_numberss   z(_EllipticCurvePrivateKey.private_numbers)encodingr%encryption_algorithmr>cCs|j|||||j|jSr6)r7Z_private_key_bytesrSr()r;rlr%rmrrr private_bytessz&_EllipticCurvePrivateKey.private_bytes)r-rr>cCs*t|t|j||j\}}t|j||Sr6)rrr7 _algorithmr0)r;r-rr5rrrsignsz_EllipticCurvePrivateKey.signN)rFrGrHr<rread_only_propertyrXpropertyintrYr EllipticCurveSignatureAlgorithmr r\ZECDHrPrKrdr1rjrkr EncodingZ PrivateFormatZKeySerializationEncryptionrnrprrrrrQs,     rQc@seZdZddZedZeedddZ e e j e ddd Ze jdd d Zeje d d dZejeje dddZe e e j ddddZdS)recCs6||_||_||_t||}t|||_t||dSr6rRrUrrrr< s   z _EllipticCurvePublicKey.__init__rTrBcCs|jjSr6rWrZrrrrYsz _EllipticCurvePublicKey.key_size)r2rr>cCsHttd|t|t|jt|jtjs6t t |j |||jS)Nr2) rr _check_bytesrrr5rr rJr[rLr7)r;r2rrrrverifiers  z _EllipticCurvePublicKey.verifierc Cs|j|j\}}|jj|j}|j||jjjk|jZ}|jj |}|jj |}||||||}|j|dk|j |}|j |} W5QRXt j || |j dS)Nr')xyrX)r7Z _ec_key_determine_group_get_funcr(rrbrrr _tmp_bn_ctxZ BN_CTX_getrir EllipticCurvePublicNumbersrT) r;Zget_funcrrfbn_ctxZbn_xZbn_yr/rxryrrrrh*s  z&_EllipticCurvePublicKey.public_numbers)r%r>c Cs|tjjkr|jjj}n|tjjks(t|jjj}|jj |j }|j ||jj j k|jj|j }|j ||jj j k|jl}|jj||||jj j d|}|j |dk|jj d|}|jj||||||}|j ||kW5QRX|jj |ddS)Nrzchar[])r PublicFormatCompressedPointr7rZPOINT_CONVERSION_COMPRESSEDUncompressedPointr[ZPOINT_CONVERSION_UNCOMPRESSEDrr(rrrrbrzZEC_POINT_point2octr)r+) r;r% conversionrrfr|buflenbufr/rrr _encode_point=s:    z%_EllipticCurvePublicKey._encode_point)rlr%r>cCsp|tjjks$|tjjks$|tjjkrV|tjjk sD|tjjtjjfkrLtd||S|j ||||j dSdS)NzKX962 encoding must be used with CompressedPoint or UncompressedPoint format) r ruZX962r}r~rrarr7Z_public_key_bytesrS)r;rlr%rrr public_bytesUs*    z$_EllipticCurvePublicKey.public_bytesN)r2r-rr>cCs0t|t|j||j\}}t|j|||dSr6)rrr7ror3)r;r2r-rr5rrrrOnsz_EllipticCurvePublicKey.verify)rFrGrHr<rrqrXrrrsrYrKr rtr rwr{rhr r}rrurrOrrrrre s&   reN)Z cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsrrrZcryptography.hazmat.primitivesr r Z)cryptography.hazmat.primitives.asymmetricr r r rtrr"r#r&r0r3r4rLrIrQrPrerrrrs      r