a a.2@sddlmZddlmZmZmZddlmZmZm Z m Z ddl m Z m Z ddlmZmZmZejdddZd d Zd d Zd dZddZddZGdddeZGdddeZGdddejZGdddejZdS))utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_evp_pkey_derive_warn_sign_verify_deprecated)hashes serialization)AsymmetricSignatureContextAsymmetricVerificationContextecsignature_algorithmcCst|tjstdtjdS)Nz/Unsupported elliptic curve signature algorithm.) isinstancerZECDSArrZ UNSUPPORTED_PUBLIC_KEY_ALGORITHMrrM/usr/lib64/python3.9/site-packages/cryptography/hazmat/backends/openssl/ec.py_check_signature_algorithms  rcCs|j|}|||jjk|j|}||jjkr>td|jjs^|j |dkr^td|j |}|||jjk|j | d}|S)Nz@ECDSA keys with explicit parameters are unsupported at this timerascii) _libEC_KEY_get0_groupopenssl_assert_ffiNULLEC_GROUP_get_curve_nameZ NID_undef ValueErrorZCRYPTOGRAPHY_IS_LIBRESSLZEC_GROUP_get_asn1_flagZ OBJ_nid2snstringdecode)backendZec_keygroupZnidZ curve_namesnrrr_ec_key_curve_sn$s$    r"cCs|j||jjdS)z Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N)rZEC_KEY_set_asn1_flagZOPENSSL_EC_NAMED_CURVE)rZec_cdatarrr_mark_asn1_named_ec_curveBsr#cCs8ztj|WSty2td|tjYn0dS)Nz${} is not a supported elliptic curve)rZ _CURVE_TYPESKeyErrorrformatrZUNSUPPORTED_ELLIPTIC_CURVE)rr!rrr_sn_to_elliptic_curveNs r&cCsz|j|j}||dk|jd|}|jdd}|jd|t||||j}||dk|j|d|dS)Nrzunsigned char[]zunsigned int[]) rZ ECDSA_size_ec_keyrrnewZ ECDSA_signlenbuffer)r private_keydataZmax_sizeZsigbufZ siglen_ptrresrrr_ecdsa_sig_signXsr/cCs8|jd|t||t||j}|dkr4|tdS)Nrr')rZ ECDSA_verifyr*r(Z_consume_errorsr)r public_key signaturer-r.rrr_ecdsa_sig_verifyes r2c@s>eZdZejejdddZeddddZ edd d Z dS) _ECDSASignatureContext)r, algorithmcCs||_||_t|||_dSN)_backend _private_keyr Hash_digest)selfrr,r4rrr__init__osz_ECDSASignatureContext.__init__Nr-returncCs|j|dSr5r9updater:r-rrrr?ysz_ECDSASignatureContext.updater=cCs|j}t|j|j|Sr5)r9finalizer/r6r7r:ZdigestrrrrB|s z_ECDSASignatureContext.finalize) __name__ __module__ __qualname__rEllipticCurvePrivateKeyr HashAlgorithmr;bytesr?rBrrrrr3ns  r3c@s@eZdZejeejdddZeddddZ ddd d Z dS) _ECDSAVerificationContext)r0r1r4cCs$||_||_||_t|||_dSr5)r6 _public_key _signaturer r8r9)r:rr0r1r4rrrr;sz"_ECDSAVerificationContext.__init__Nr<cCs|j|dSr5r>r@rrrr?sz _ECDSAVerificationContext.updaterAcCs"|j}t|j|j|j|dSr5)r9rBr2r6rKrLrCrrrverifys z _ECDSAVerificationContext.verify) rDrErFrEllipticCurvePublicKeyrIr rHr;r?rMrrrrrJs  rJc@seZdZddZedZeedddZ e j e ddd Z e je jed d d Ze jdd dZe jdddZejejejedddZee j edddZdS)_EllipticCurvePrivateKeycCs6||_||_||_t||}t|||_t||dSr5r6r( _evp_pkeyr"r&_curver#r:rZ ec_key_cdataevp_pkeyr!rrrr;s   z!_EllipticCurvePrivateKey.__init__rRrAcCs|jjSr5curvekey_sizer:rrrrWsz!_EllipticCurvePrivateKey.key_size)rr=cCs(tt|t|jt|j||jSr5)r rrr4r3r6)r:rrrrsigners   z_EllipticCurvePrivateKey.signer)r4peer_public_keyr=cCsD|j||jstdtj|jj|jjkr4tdt|j|j |S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curve) r6Z+elliptic_curve_exchange_algorithm_supportedrVrrZUNSUPPORTED_EXCHANGE_ALGORITHMnamerrrQ)r:r4rZrrrexchangesz!_EllipticCurvePrivateKey.exchangecCs|jj|j}|j||jjjk|jj|}|j|}|jj |j}|j||jjjk|jj ||}|j|dk|j |}t |j||S)Nr') r6rrr(rrrrZ_ec_key_new_by_curve_nidEC_KEY_get0_public_keyZEC_KEY_set_public_keyZ_ec_cdata_to_evp_pkey_EllipticCurvePublicKey)r:r Z curve_nidZ public_ec_keypointr.rTrrrr0s  z#_EllipticCurvePrivateKey.public_keycCs2|jj|j}|j|}tj||dS)N) private_valuepublic_numbers) r6rZEC_KEY_get0_private_keyr( _bn_to_intrEllipticCurvePrivateNumbersr0ra)r:Zbnr`rrrprivate_numberss   z(_EllipticCurvePrivateKey.private_numbers)encodingr%encryption_algorithmr=cCs|j|||||j|jSr5)r6Z_private_key_bytesrQr()r:rer%rfrrr private_bytessz&_EllipticCurvePrivateKey.private_bytes)r-rr=cCs*t|t|j||j\}}t|j||Sr5)rrr6 _algorithmr/)r:r-rr4rrrsignsz_EllipticCurvePrivateKey.signN)rDrErFr;rread_only_propertyrVpropertyintrWrEllipticCurveSignatureAlgorithmr rYZECDHrNrIr\r0rcrdr EncodingZ PrivateFormatZKeySerializationEncryptionrgrirrrrrOs*     rOc@seZdZddZedZeedddZ e e j e ddd Ze jdd d Zeje d d dZejeje dddZe e e j ddddZdS)r^cCs6||_||_||_t||}t|||_t||dSr5rPrSrrrr;s   z _EllipticCurvePublicKey.__init__rRrAcCs|jjSr5rUrXrrrrW sz _EllipticCurvePublicKey.key_size)r1rr=cCs6ttd|t|t|jt|j|||jS)Nr1)r r _check_bytesrrr4rJr6)r:r1rrrrverifiers   z _EllipticCurvePublicKey.verifierc Cs|j|j\}}|jj|j}|j||jjjk|jd}|jj |}|jj |}||||||}|j|dk|j |}|j |} Wdn1s0Yt j || |j dS)Nr')xyrV)r6Z _ec_key_determine_group_get_funcr(rr]rrr _tmp_bn_ctxZ BN_CTX_getrbrEllipticCurvePublicNumbersrR) r:Zget_funcr r_bn_ctxZbn_xZbn_yr.rqrrrrrras  *z&_EllipticCurvePublicKey.public_numbers)r%r=c Cs|tjjur|jjj}n |jjj}|jj|j}|j ||jj j k|jj |j}|j ||jj j k|j v}|jj||||jj j d|}|j |dk|jj d|}|jj||||||}|j ||kWdn1s0Y|jj |ddS)Nrzchar[])r PublicFormatCompressedPointr6rZPOINT_CONVERSION_COMPRESSEDZPOINT_CONVERSION_UNCOMPRESSEDrr(rrrr]rsZEC_POINT_point2octr)r+) r:r% conversionr r_rubuflenbufr.rrr _encode_point2s$     .z%_EllipticCurvePublicKey._encode_point)rer%r=cCsp|tjjus$|tjjus$|tjjurV|tjjusD|tjjtjjfvrLtd||S|j ||||j dSdS)NzKX962 encoding must be used with CompressedPoint or UncompressedPoint format) r rnZX962rvrwZUncompressedPointrr{r6Z_public_key_bytesrQ)r:rer%rrr public_bytesJs"     z$_EllipticCurvePublicKey.public_bytesN)r1r-rr=cCs0t|t|j||j\}}t|j|||dSr5)rrr6rhr2)r:r1r-rr4rrrrMcsz_EllipticCurvePublicKey.verify)rDrErFr;rrjrVrkrlrWrIrrmr rprtrar rvr{rnr|rMrrrrr^s&   r^N)Z cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsrrrr Zcryptography.hazmat.primitivesr r Z)cryptography.hazmat.primitives.asymmetricr r rrmrr"r#r&r/r2r3rJrGrOrNr^rrrrs      f