ó 9(Zc@sûdZddlZddlZddlmZddlmZmZddlm Z ddl m Z ddl m Z mZdd lmZmZmZd d lmZejeƒZd efd „ƒYZdefd„ƒYZdefd„ƒYZdS(s#Contains authentication primitives.iÿÿÿÿN(tdefault_backend(thashest serialization(tec(t Prehashed(tInterfaceNotImplementedtverify_interfacei(t_ecc_encode_compressed_pointt)_ecc_public_numbers_from_compressed_pointt_ecc_static_length_signaturei(tNotSupportedErrort_PrehashingAuthenticatorcBs)eZdZd„Zd„Zd„ZRS(sParent class for Signer/Verifier. Provides common behavior and interface. :param algorithm: Algorithm on which to base authenticator :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param key: Key with which to build authenticator cCs4||_|jƒ|_||_|jƒ|_dS(sPrepares initial values.N(t algorithmt_set_signature_typet_signature_typetkeyt _build_hashert_hasher(tselfR R((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyt__init__'s  cCsEy!ttj|jjƒtjSWntk r@tdƒ‚nXdS(sUEnsures that the algorithm signature type is a known type and sets a reference value.s"Unsupported signing algorithm infoN(RRt EllipticCurveR tsigning_algorithm_infoRR (R((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyR .s   cCstj|jjƒdtƒƒS(sxBuilds the hasher instance which will calculate the digest of all passed data. :returns: Hasher object tbackend(RtHashR tsigning_hash_typeR(R((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyR6s(t__name__t __module__t__doc__RR R(((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyR s  tSignercBsAeZdZed„ƒZd„Zd„Zd„Zd„ZRS(sAbstract signing handler. :param algorithm: Algorithm on which to base signer :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param key: Private key from which a signer can be generated :type key: currently only Elliptic Curve Private Keys are supported cCs.tjd|dddtƒƒ}|||ƒS(s2Builds a `Signer` from an algorithm suite and a raw signing key. :param algorithm: Algorithm on which to base signer :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param bytes key_bytes: Raw signing key :rtype: aws_encryption_sdk.internal.crypto.Signer tdatatpasswordRN(Rtload_der_private_keytNoneR(tclsR t key_bytesR((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pytfrom_key_bytesJs  cCs1|jjdtjjdtjjdtjƒƒS(s<Returns the raw signing key. :rtype: bytes tencodingtformattencryption_algorithm(Rt private_bytesRtEncodingtDERt PrivateFormattPKCS8t NoEncryption(R((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyR"Zs   cCstjt|jƒƒS(sÕReturns the encoded public key. .. note:: For ECC curves, this will return the encoded compressed public point. :returns: Encoded public key from signer :rtype: bytes (tbase64t b64encodeRR(R((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pytencoded_public_keyes cCs|jj|ƒdS(soUpdates the cryptographic signer with the supplied data. :param bytes data: Data to be signed N(Rtupdate(RR((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyR0pscCs.|jjƒ}td|jd|jd|ƒS(s}Finalizes the signer and returns the signature. :returns: Calculated signer signature :rtype: bytes RR tdigest(RtfinalizeR RR (Rtprehashed_digest((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyR2ws   ( RRRt classmethodR#R"R/R0R2(((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyRAs  tVerifiercBsGeZdZed„ƒZed„ƒZd„Zd„Zd„ZRS(skAbstract signature verification handler. .. note:: For ECC curves, the signature must be DER encoded as specified in RFC 3279. :param algorithm: Algorithm on which to base verifier :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param public_key: Appropriate public key object for algorithm :type public_key: may vary c Cs=|d|dtd|jƒdtj|ƒƒjtƒƒƒS(sÙCreates a Verifier object based on the supplied algorithm and encoded compressed ECC curve point. :param algorithm: Algorithm on which to base verifier :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param bytes encoded_point: ECC public point compressed and encoded with _ecc_encode_compressed_point :returns: Instance of Verifier generated from encoded point :rtype: aws_encryption_sdk.internal.crypto.Verifier R Rtcurvetcompressed_point(RRR-t b64decodet public_keyR(R!R t encoded_point((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pytfrom_encoded_point‘s  c Cs(|d|dtjd|dtƒƒƒS(s˜Creates a `Verifier` object based on the supplied algorithm and raw verification key. :param algorithm: Algorithm on which to base verifier :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param bytes encoded_point: Raw verification key :returns: Instance of Verifier generated from encoded point :rtype: aws_encryption_sdk.internal.crypto.Verifier R RRR(Rtload_der_public_keyR(R!R R"((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyR#£s  cCs%|jjdtjjdtjjƒS(sAReturns the raw verification key. :rtype: bytes R$R%(Rt public_bytesRR(R)t PublicFormattSubjectPublicKeyInfo(R((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyR"µs  cCs|jj|ƒdS(s‚Updates the cryptographic verifier with the supplied data. :param bytes data: Data to verify using the signature N(RR0(RR((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyR0¿sc CsJ|jjƒ}|jjd|d|dtjt|jjƒƒƒƒdS(sŠVerifies the signature against the current cryptographic verifier state. :param bytes signature: The signature to verify t signatureRtsignature_algorithmN( RR2RtverifyRtECDSARR R(RR@R3((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyRBÆs  ( RRRR4R;R#R"R0RB(((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyR5…s   (RR-tloggingtcryptography.hazmat.backendsRtcryptography.hazmat.primitivesRRt)cryptography.hazmat.primitives.asymmetricRt/cryptography.hazmat.primitives.asymmetric.utilsRtcryptography.utilsRRtelliptic_curveRRR t exceptionsR t getLoggerRt_LOGGERtobjectR RR5(((s]/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/authentication.pyt s  "D