σ 9(Zc@`sjddlmZmZmZddlmZddlmZmZm Z ddl m Z m Z m Z ddlmZmZddlmZmZmZd„Zd„Zd „Zd „Zd „Zd „Zejeƒd efd„ƒYƒZejeƒdefd„ƒYƒZejejƒdefd„ƒYƒZ ejej!ƒdefd„ƒYƒZ"dS(i(tabsolute_importtdivisiontprint_function(tutils(tInvalidSignaturetUnsupportedAlgorithmt_Reasons(t_calculate_digest_and_algorithmt_check_not_prehashedt_warn_sign_verify_deprecated(thashest serialization(tAsymmetricSignatureContexttAsymmetricVerificationContextteccC`s+t|tjƒs'tdtjƒ‚ndS(Ns/Unsupported elliptic curve signature algorithm.(t isinstanceRtECDSARRt UNSUPPORTED_PUBLIC_KEY_ALGORITHM(tsignature_algorithm((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyt_check_signature_algorithmscC`s¨|jj|ƒ}|j||jjkƒ|jj|ƒ}||jjkr^tdƒ‚n|jj|ƒ}|j||jjkƒ|jj |ƒj dƒ}|S(NsCECDSA certificates with unnamed curves are unsupported at this timetascii( t_libtEC_KEY_get0_grouptopenssl_assertt_ffitNULLtEC_GROUP_get_curve_namet NID_undeftNotImplementedErrort OBJ_nid2sntstringtdecode(tbackendtec_keytgrouptnidt curve_nametsn((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyt_ec_key_curve_sns cC`s|jj||jjƒdS(s‘ Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N(RtEC_KEY_set_asn1_flagtOPENSSL_EC_NAMED_CURVE(R tec_cdata((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyt_mark_asn1_named_ec_curve0s cC`sEytj|ƒSWn,tk r@tdj|ƒtjƒ‚nXdS(Ns%{0} is not a supported elliptic curve(Rt _CURVE_TYPEStKeyErrorRtformatRtUNSUPPORTED_ELLIPTIC_CURVE(R R%((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyt_sn_to_elliptic_curve<s   cC`s§|jj|jƒ}|j|dkƒ|jjd|ƒ}|jjddƒ}|jjd|t|ƒ|||jƒ}|j|dkƒ|jj|ƒ|d S(Nisunsigned char[]sunsigned int[]i( Rt ECDSA_sizet_ec_keyRRtnewt ECDSA_signtlentbuffer(R t private_keytdatatmax_sizetsigbuft siglen_ptrtres((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyt_ecdsa_sig_signFs !cC`sS|jjd|t|ƒ|t|ƒ|jƒ}|dkrO|jƒt‚ndS(Nii(Rt ECDSA_verifyR4R1t_consume_errorsR(R t public_keyt signatureR7R;((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyt_ecdsa_sig_verifySs  '  t_ECDSASignatureContextcB`s#eZd„Zd„Zd„ZRS(cC`s+||_||_tj||ƒ|_dS(N(t_backendt _private_keyR tHasht_digest(tselfR R6t algorithm((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyt__init__^s  cC`s|jj|ƒdS(N(RFtupdate(RGR7((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRJcscC`s%|jjƒ}t|j|j|ƒS(N(RFtfinalizeR<RCRD(RGtdigest((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRKfs(t__name__t __module__RIRJRK(((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRB\s  t_ECDSAVerificationContextcB`s#eZd„Zd„Zd„ZRS(cC`s4||_||_||_tj||ƒ|_dS(N(RCt _public_keyt _signatureR RERF(RGR R?R@RH((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRIns   cC`s|jj|ƒdS(N(RFRJ(RGR7((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRJtscC`s/|jjƒ}t|j|j|j|ƒdS(N(RFRKRARCRPRQ(RGRL((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pytverifyws(RMRNRIRJRR(((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyROls  t_EllipticCurvePrivateKeycB`seeZd„ZejdƒZed„ƒZd„Zd„Z d„Z d„Z d„Z d„Z RS( cC`sM||_t||ƒ||_||_t||ƒ}t||ƒ|_dS(N(RCR*R1t _evp_pkeyR&R/t_curve(RGR t ec_key_cdatatevp_pkeyR%((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRI€s     RUcC`s |jjS(N(tcurvetkey_size(RG((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRY‹scC`s4tƒt|ƒt|jƒt|j||jƒS(N(R RRRHRBRC(RGR((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pytsigners   cC`s)|jj||jƒs-tdtjƒ‚n|jj|jjkrTtdƒ‚n|jjj |j ƒ}|jjj |ƒdd}|jj |dkƒ|jj jd|ƒ}|jjj|j ƒ}|jjj||||j |jj jƒ}|jj |dkƒ|jj j|ƒ| S(Ns1This backend does not support the ECDH algorithm.s2peer_public_key and self are not on the same curveiiis uint8_t[](RCt+elliptic_curve_exchange_algorithm_supportedRXRRtUNSUPPORTED_EXCHANGE_ALGORITHMtnamet ValueErrorRRR1tEC_GROUP_get_degreeRRR2tEC_KEY_get0_public_keytECDH_compute_keyRR5(RGRHtpeer_public_keyR"tz_lentz_buftpeer_keytr((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pytexchange—s$     !cC`s+|jjj|jƒ}|jj||jjjkƒ|jjj|ƒ}|jjj|ƒ}|jj||jjjkƒ|jjj ||jjj ƒ}|jjj |jƒ}|jj||jjjkƒ|jjj ||ƒ}|jj|dkƒ|jj |ƒ}t|j||ƒS(Ni(RCRRR1RRRRtEC_KEY_new_by_curve_nametgct EC_KEY_freeR`tEC_KEY_set_public_keyt_ec_cdata_to_evp_pkeyt_EllipticCurvePublicKey(RGR"t curve_nidt public_ec_keytpointR;RW((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyR?΅s cC`sL|jjj|jƒ}|jj|ƒ}tjd|d|jƒjƒƒS(Nt private_valuetpublic_numbers( RCRtEC_KEY_get0_private_keyR1t _bn_to_intRtEllipticCurvePrivateNumbersR?Rr(RGtbnRq((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pytprivate_numbersΛs  cC`s"|jj||||j|jƒS(N(RCt_private_key_bytesRTR1(RGtencodingR-tencryption_algorithm((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyt private_bytesΣs  cC`s;t|ƒt|j||jƒ\}}t|j||ƒS(N(RRRCt _algorithmR<(RGR7RRH((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pytsignάs (RMRNRIRtread_only_propertyRXtpropertyRYRZRgR?RwR{R}(((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRS~s      RmcB`sSeZd„ZejdƒZed„ƒZd„Zd„Z d„Z d„Z RS(cC`sM||_t||ƒ||_||_t||ƒ}t||ƒ|_dS(N(RCR*R1RTR&R/RU(RGR RVRWR%((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRIζs     RUcC`s |jjS(N(RXRY(RG((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRYρscC`sUtƒt|tƒs%tdƒ‚nt|ƒt|jƒt|j|||jƒS(Nssignature must be bytes.( R Rtbytest TypeErrorRRRHRORC(RGR@R((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pytverifierυs  c C`s|jj|jƒ\}}|jjj|jƒ}|jj||jjjkƒ|jjƒƒ}|jjj |ƒ}|jjj |ƒ}||||||ƒ}|jj|dkƒ|jj |ƒ}|jj |ƒ} WdQXt j d|d| d|j ƒS(NitxtyRX(RCt _ec_key_determine_group_get_funcR1RR`RRRt _tmp_bn_ctxt BN_CTX_getRtRtEllipticCurvePublicNumbersRU( RGtget_funcR"Rptbn_ctxtbn_xtbn_yR;RƒR„((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRrs cC`s@|tjjkr!tdƒ‚n|jj||||jdƒS(Ns1EC public keys do not support PKCS1 serialization(R t PublicFormattPKCS1R^RCt_public_key_bytesRTtNone(RGRyR-((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyt public_bytess  cC`sBt|ƒt|j||jƒ\}}t|j|||ƒdS(N(RRRCR|RA(RGR@R7RRH((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRR%s ( RMRNRIRR~RXRRYR‚RrR‘RR(((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyRmδs   N(#t __future__RRRt cryptographyRtcryptography.exceptionsRRRt*cryptography.hazmat.backends.openssl.utilsRRR tcryptography.hazmat.primitivesR R t)cryptography.hazmat.primitives.asymmetricR R RRR&R*R/R<RAtregister_interfacetobjectRBROt(EllipticCurvePrivateKeyWithSerializationRSt'EllipticCurvePublicKeyWithSerializationRm(((sM/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/ec.pyts&   e