a b_+@sddlZddlmZmZmZddlmZmZddlm Z ddl m Z ej rVddl mZe jdddd Zd ed d d Zd dddZd dd ddZd ee jdddZd deedddZd deeddddZGddde jZGddde jZdS) N)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_evp_pkey_derive) serialization)ec)Backend)signature_algorithmreturncCst|tjstdtjdS)Nz/Unsupported elliptic curve signature algorithm.) isinstancerZECDSArrZ UNSUPPORTED_PUBLIC_KEY_ALGORITHM)r r N/tmp/pip-target-98j97qn4/lib/python/cryptography/hazmat/backends/openssl/ec.py_check_signature_algorithms  rr )backendr cCs|j|}|||jjk|j|}||jjkr>td|jjs^|j |dkr^td|j |}|||jjk|j | d}|S)Nz@ECDSA keys with explicit parameters are unsupported at this timerascii) _libEC_KEY_get0_groupopenssl_assert_ffiNULLEC_GROUP_get_curve_nameZ NID_undef ValueErrorZCRYPTOGRAPHY_IS_LIBRESSLZEC_GROUP_get_asn1_flagZ OBJ_nid2snstringdecode)rZec_keygroupnidZ curve_namesnr r r_ec_key_curve_sn!s$    rrcCs|j||jjdS)z Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N)rZEC_KEY_set_asn1_flagZOPENSSL_EC_NAMED_CURVE)rec_cdatar r r_mark_asn1_named_ec_curve?sr!cCsV|j|}|||jjk|j|}|||jjk|j||rRtddS)Nz;Cannot load an EC public key where the point is at infinity)rEC_KEY_get0_public_keyrrrrZEC_POINT_is_at_infinityr)rr pointrr r r_check_key_infinityKs  r$)rrr cCs8ztj|WSty2td|tjYn0dS)Nz${} is not a supported elliptic curve)rZ _CURVE_TYPESKeyErrorrformatrZUNSUPPORTED_ELLIPTIC_CURVE)rrr r r_sn_to_elliptic_curveVs r'_EllipticCurvePrivateKey)r private_keydatar cCsz|j|j}||dk|jd|}|jdd}|jd|t||||j}||dk|j|d|dS)Nrzunsigned char[]zunsigned int[]) rZ ECDSA_size_ec_keyrrnewZ ECDSA_signlenbuffer)rr)r*max_sizeZsigbufZ siglen_ptrresr r r_ecdsa_sig_sign`sr2_EllipticCurvePublicKey)r public_key signaturer*r cCs8|jd|t||t||j}|dkr4|tdS)Nrr+)rZ ECDSA_verifyr.r,Z_consume_errorsr)rr4r5r*r1r r r_ecdsa_sig_verifyos r6c@seZdZddddZeejdddZeeddd Z ej ej e d d d Z ej dd dZejdddZejejeje dddZe eje dddZdS)r(r rcCs@||_||_||_t||}t|||_t||t||dSN_backendr, _evp_pkeyrr'_curver!r$selfrZ ec_key_cdataevp_pkeyrr r r__init__~s   z!_EllipticCurvePrivateKey.__init__r cCs|jSr7r;r=r r rcurvesz_EllipticCurvePrivateKey.curvecCs|jjSr7rCkey_sizerBr r rrEsz!_EllipticCurvePrivateKey.key_size) algorithmpeer_public_keyr cCsD|j||jstdtj|jj|jjkr4tdt|j|j |S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curve) r9Z+elliptic_curve_exchange_algorithm_supportedrCrrZUNSUPPORTED_EXCHANGE_ALGORITHMnamerrr:)r=rFrGr r rexchangesz!_EllipticCurvePrivateKey.exchangecCs|jj|j}|j||jjjk|jj|}|j|}|jj |j}|j||jjjk|jj ||}|j|dk|j |}t |j||S)Nr+) r9rrr,rrrrZ_ec_key_new_by_curve_nidr"ZEC_KEY_set_public_keyZ_ec_cdata_to_evp_pkeyr3)r=rZ curve_nidZ public_ec_keyr#r1r>r r rr4s  z#_EllipticCurvePrivateKey.public_keycCs2|jj|j}|j|}tj||dS)N) private_valuepublic_numbers) r9rZEC_KEY_get0_private_keyr, _bn_to_intrEllipticCurvePrivateNumbersr4rK)r=ZbnrJr r rprivate_numberss   z(_EllipticCurvePrivateKey.private_numbers)encodingr&encryption_algorithmr cCs|j|||||j|jSr7)r9Z_private_key_bytesr:r,)r=rOr&rPr r r private_bytessz&_EllipticCurvePrivateKey.private_bytes)r*r r cCs&t|t||j\}}t|j||Sr7)rrrFr2r9)r=r*r _r r rsigns z_EllipticCurvePrivateKey.signN)__name__ __module__ __qualname__r?propertyr EllipticCurverCintrEZECDHEllipticCurvePublicKeybytesrIr4rMrNrEncodingZ PrivateFormatZKeySerializationEncryptionrQEllipticCurveSignatureAlgorithmrSr r r rr(}s&    c@seZdZddddZeejdddZeeddd Z ej dd d Z e j ed d dZe je j edddZeeejddddZdS)r3r rcCs@||_||_||_t||}t|||_t||t||dSr7r8r<r r rr?s   z _EllipticCurvePublicKey.__init__r@cCs|jSr7rArBr r rrCsz_EllipticCurvePublicKey.curvecCs|jjSr7rDrBr r rrEsz _EllipticCurvePublicKey.key_sizec Cs|j|j\}}|jj|j}|j||jjjk|jd}|jj |}|jj |}||||||}|j|dk|j |}|j |} Wdn1s0Yt j || |j dS)Nr+)xyrC)r9Z _ec_key_determine_group_get_funcr,rr"rrr _tmp_bn_ctxZ BN_CTX_getrLrEllipticCurvePublicNumbersr;) r=Zget_funcrr#bn_ctxZbn_xZbn_yr1r^r_r r rrKs  *z&_EllipticCurvePublicKey.public_numbers)r&r c Cs&|tjjur|jjj}n|tjjus(J|jjj}|jj|j }|j ||jj j k|jj |j }|j ||jj j k|jv}|jj||||jj j d|}|j |dk|jj d|}|jj||||||}|j ||kWdn1s0Y|jj |ddS)Nrzchar[])r PublicFormatCompressedPointr9rZPOINT_CONVERSION_COMPRESSEDUncompressedPointZPOINT_CONVERSION_UNCOMPRESSEDrr,rrrr"r`ZEC_POINT_point2octr-r/) r=r& conversionrr#rbbuflenbufr1r r r _encode_points&     0z%_EllipticCurvePublicKey._encode_point)rOr&r cCsp|tjjus$|tjjus$|tjjurV|tjjusD|tjjtjjfvrLtd||S|j ||||j dSdS)NzKX962 encoding must be used with CompressedPoint or UncompressedPoint format) rr\ZX962rcrdrerrir9Z_public_key_bytesr:)r=rOr&r r r public_bytess"     z$_EllipticCurvePublicKey.public_bytesN)r5r*r r cCs,t|t||j\}}t|j|||dSr7)rrrFr6r9)r=r5r*r rRr r rverify0s z_EllipticCurvePublicKey.verify)rTrUrVr?rWrrXrCrYrErarKrrcr[rir\rjr]rkr r r rr3s   )typingZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsrrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricr TYPE_CHECKINGZ,cryptography.hazmat.backends.openssl.backendr r]rstrrr!r$rXr'r[r2r6ZEllipticCurvePrivateKeyr(rZr3r r r rs0         \