o )%a;4@sddlmZddlmZmZmZddlmZmZm Z ddl m Z m Z ddl mZmZmZdejfddZd d Zd d Zd dZddZddZGdddeZGdddeZGdddejZGdddejZdS))utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes serialization)AsymmetricSignatureContextAsymmetricVerificationContextecsignature_algorithmcCst|tjs tdtjdS)Nz/Unsupported elliptic curve signature algorithm.) isinstancer ECDSArr UNSUPPORTED_PUBLIC_KEY_ALGORITHM)rrI/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/ec.py_check_signature_algorithms rcCs|j|}|||jjk|j|}||jjkrtd|jjs/|j |dkr/td|j |}|||jjk|j | d}|S)Nz;ECDSA keys with unnamed curves are unsupported at this timerascii) _libEC_KEY_get0_groupopenssl_assert_ffiNULLEC_GROUP_get_curve_name NID_undefNotImplementedErrorCRYPTOGRAPHY_IS_LIBRESSLEC_GROUP_get_asn1_flag OBJ_nid2snstringdecode)backendec_keygroupnid curve_namesnrrr_ec_key_curve_sn#s"    r)cCs|j||jjdS)z Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N)rEC_KEY_set_asn1_flagOPENSSL_EC_NAMED_CURVE)r#ec_cdatarrr_mark_asn1_named_ec_curveAsr-cCs0ztj|WStytd|tjw)Nz${} is not a supported elliptic curve)r _CURVE_TYPESKeyErrorrformatrUNSUPPORTED_ELLIPTIC_CURVE)r#r(rrr_sn_to_elliptic_curveMs r2cCsz|j|j}||dk|jd|}|jdd}|jd|t||||j}||dk|j|d|dS)Nrzunsigned char[]zunsigned int[]) r ECDSA_size_ec_keyrrnew ECDSA_signlenbuffer)r# private_keydatamax_sizesigbuf siglen_ptrresrrr_ecdsa_sig_signWsr@cCs8|jd|t||t||j}|dkr|tdS)Nrr3)r ECDSA_verifyr8r5_consume_errorsr)r# public_key signaturer;r?rrr_ecdsa_sig_verifydsrEc@sBeZdZdejdejfddZdeddfdd Z defd d Z dS) _ECDSASignatureContextr: algorithmcCs||_||_t|||_dSN)_backend _private_keyr Hash_digest)selfr#r:rGrrr__init__nsz_ECDSASignatureContext.__init__r;returnNcC|j|dSrHrLupdaterMr;rrrrRxz_ECDSASignatureContext.updatecCs|j}t|j|j|SrH)rLfinalizer@rIrJrMdigestrrrrU{s z_ECDSASignatureContext.finalize) __name__ __module__ __qualname__r EllipticCurvePrivateKeyr HashAlgorithmrNbytesrRrUrrrrrFms  rFc@sBeZdZdejdedejfddZdeddfd d Z d d d Z dS)_ECDSAVerificationContextrCrDrGcCs$||_||_||_t|||_dSrH)rI _public_key _signaturer rKrL)rMr#rCrDrGrrrrNsz"_ECDSAVerificationContext.__init__r;rONcCrPrHrQrSrrrrRrTz _ECDSAVerificationContext.updatecCs"|j}t|j|j|j|dSrH)rLrUrErIr_r`rVrrrverifys z _ECDSAVerificationContext.verify)rON) rXrYrZr EllipticCurvePublicKeyr]r r\rNrRrarrrrr^s  r^c@seZdZddZedZedefddZ de j de fdd Z d e jd e jdefd d Zde jfddZde jfddZdejdejdejdefddZdede j defddZdS)_EllipticCurvePrivateKeycC6||_||_||_t||}t|||_t||dSrHrIr5 _evp_pkeyr)r2_curver-rMr# ec_key_cdataevp_pkeyr(rrrrN   z!_EllipticCurvePrivateKey.__init__rgrOcC|jjSrHcurvekey_sizerMrrrroz!_EllipticCurvePrivateKey.key_sizercCs:tt|t|jt|jtjsJt|j||jSrH) rrrrGrr r\rFrI)rMrrrrsigners  z_EllipticCurvePrivateKey.signerrGpeer_public_keycCs|j||jstdtj|jj|jjkrtd|jj |j }|jj |dd}|j |dk|jj d|}|jj|j }|jj||||j |jj j}|j |dk|jj |d|S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curverz uint8_t[])rI+elliptic_curve_exchange_algorithm_supportedrnrrUNSUPPORTED_EXCHANGE_ALGORITHMname ValueErrorrrr5EC_GROUP_get_degreerrr6EC_KEY_get0_public_keyECDH_compute_keyrr9)rMrGrsr%z_lenz_bufpeer_keyrrrrexchanges0z!_EllipticCurvePrivateKey.exchangecCs|jj|j}|j||jjjk|jj|}|j|}|jj |j}|j||jjjk|jj ||}|j|dk|j |}t |j||S)Nr3) rIrrr5rrrr_ec_key_new_by_curve_nidr{EC_KEY_set_public_key_ec_cdata_to_evp_pkey_EllipticCurvePublicKey)rMr% curve_nid public_ec_keypointr?rjrrrrCs  z#_EllipticCurvePrivateKey.public_keycCs2|jj|j}|j|}tj||dS)N) private_valuepublic_numbers) rIrEC_KEY_get0_private_keyr5 _bn_to_intr EllipticCurvePrivateNumbersrCr)rMbnrrrrprivate_numberss   z(_EllipticCurvePrivateKey.private_numbersencodingr0encryption_algorithmcCs|j|||||j|jSrH)rI_private_key_bytesrfr5)rMrr0rrrr private_bytessz&_EllipticCurvePrivateKey.private_bytesr;cCs*t|t|j||j\}}t|j||SrH)rrrI _algorithmr@)rMr;rrGrrrsignsz_EllipticCurvePrivateKey.signN)rXrYrZrNrread_only_propertyrnpropertyintror EllipticCurveSignatureAlgorithmr rrECDHrbr]rrCrrr Encoding PrivateFormatKeySerializationEncryptionrrrrrrrcsF      rcc@seZdZddZedZedefddZ de de j de fd d Zde jfd d Zd ejde fddZdejd ejde fddZde de de j ddfddZdS)rcCrdrHrerhrrrrN rkz _EllipticCurvePublicKey.__init__rgrOcCrlrHrmrprrrrorqz _EllipticCurvePublicKey.key_sizerDrcCsHttd|t|t|jt|jtjsJt |j |||jS)NrD) rr _check_bytesrrrGrr r\r^rI)rMrDrrrrverifiers   z _EllipticCurvePublicKey.verifierc Cs|j|j\}}|jj|j}|j||jjjk|j2}|jj |}|jj |}||||||}|j|dk|j |}|j |} Wdn1sVwYt j || |j dS)Nr3)xyrn)rI _ec_key_determine_group_get_funcr5rr{rrr _tmp_bn_ctx BN_CTX_getrr EllipticCurvePublicNumbersrg) rMget_funcr%rbn_ctxbn_xbn_yr?rrrrrr*s   z&_EllipticCurvePublicKey.public_numbersr0c Cs$|tjjur |jjj}n |tjjusJ|jjj}|jj|j }|j ||jj j k|jj |j }|j ||jj j k|j;}|jj||||jj j d|}|j |dk|jj d|}|jj||||||}|j ||kWdn1swY|jj |ddS)Nrzchar[])r PublicFormatCompressedPointrIrPOINT_CONVERSION_COMPRESSEDUncompressedPointPOINT_CONVERSION_UNCOMPRESSEDrr5rrrr{rEC_POINT_point2octr6r9) rMr0 conversionr%rrbuflenbufr?rrr _encode_point=s(      z%_EllipticCurvePublicKey._encode_pointrcCsl|tjjus|tjjus|tjjur+|tjjus"|tjjtjjfvr&td||S|j ||||j dS)NzKX962 encoding must be used with CompressedPoint or UncompressedPoint format) r rX962rrrryrrI_public_key_bytesrf)rMrr0rrr public_bytesUs     z$_EllipticCurvePublicKey.public_bytesr;NcCs0t|t|j||j\}}t|j|||dSrH)rrrIrrE)rMrDr;rrGrrrransz_EllipticCurvePublicKey.verify)rXrYrZrNrrrnrrror]r rr rrrr rrrrrarrrrr s<   rN) cryptographyrcryptography.exceptionsrrr*cryptography.hazmat.backends.openssl.utilsrrrcryptography.hazmat.primitivesr r )cryptography.hazmat.primitives.asymmetricr r r rrr)r-r2r@rErFr^r[rcrbrrrrrs"       r