B \`.(@s ddlmZmZmZddlmZddlmZmZm Z ddl m Z m Z m Z ddlmZmZddlmZmZmZddZd d Zd d Zd dZddZddZeeGdddeZeeGdddeZeejGdddeZ eej!GdddeZ"dS))absolute_importdivisionprint_function)utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes serialization)AsymmetricSignatureContextAsymmetricVerificationContexteccCst|tjstdtjdS)Nz/Unsupported elliptic curve signature algorithm.) isinstancerZECDSArrZ UNSUPPORTED_PUBLIC_KEY_ALGORITHM)signature_algorithmrZ/opt/alt/python37/lib64/python3.7/site-packages/cryptography/hazmat/backends/openssl/ec.py_check_signature_algorithms rcCsr|j|}|||jjk|j|}||jjkr>td|j|}|||jjk|j | d}|S)NzCECDSA certificates with unnamed curves are unsupported at this timeascii) _libEC_KEY_get0_groupopenssl_assert_ffiNULLEC_GROUP_get_curve_nameZ NID_undefNotImplementedErrorZ OBJ_nid2snstringdecode)backendZec_keygroupZnidZ curve_namesnrrr_ec_key_curve_sns    r#cCs|j||jjdS)z Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N)rZEC_KEY_set_asn1_flagZOPENSSL_EC_NAMED_CURVE)r Zec_cdatarrr_mark_asn1_named_ec_curve0sr$cCs8y tj|Stk r2td|tjYnXdS)Nz%{0} is not a supported elliptic curve)rZ _CURVE_TYPESKeyErrorrformatrZUNSUPPORTED_ELLIPTIC_CURVE)r r"rrr_sn_to_elliptic_curve<s  r'cCsz|j|j}||dk|jd|}|jdd}|jd|t||||j}||dk|j|d|dS)Nrzunsigned char[]zunsigned int[]) rZ ECDSA_size_ec_keyrrnewZ ECDSA_signlenbuffer)r private_keydataZmax_sizeZsigbufZ siglen_ptrresrrr_ecdsa_sig_signFsr0cCs8|jd|t||t||j}|dkr4|tdS)Nrr()rZ ECDSA_verifyr+r)Z_consume_errorsr)r public_key signaturer.r/rrr_ecdsa_sig_verifySs r3c@s$eZdZddZddZddZdS)_ECDSASignatureContextcCs||_||_t|||_dS)N)_backend _private_keyr Hash_digest)selfr r- algorithmrrr__init__^sz_ECDSASignatureContext.__init__cCs|j|dS)N)r8update)r9r.rrrr<csz_ECDSASignatureContext.updatecCs|j}t|j|j|S)N)r8finalizer0r5r6)r9digestrrrr=fs z_ECDSASignatureContext.finalizeN)__name__ __module__ __qualname__r;r<r=rrrrr4\sr4c@s$eZdZddZddZddZdS)_ECDSAVerificationContextcCs$||_||_||_t|||_dS)N)r5 _public_key _signaturer r7r8)r9r r1r2r:rrrr;nsz"_ECDSAVerificationContext.__init__cCs|j|dS)N)r8r<)r9r.rrrr<tsz _ECDSAVerificationContext.updatecCs"|j}t|j|j|j|dS)N)r8r=r3r5rCrD)r9r>rrrverifyws z _ECDSAVerificationContext.verifyN)r?r@rAr;r<rErrrrrBlsrBc@sZeZdZddZedZeddZddZ dd Z d d Z d d Z ddZ ddZdS)_EllipticCurvePrivateKeycCs6||_t||||_||_t||}t|||_dS)N)r5r$r) _evp_pkeyr#r'_curve)r9r ec_key_cdataevp_pkeyr"rrrr;s   z!_EllipticCurvePrivateKey.__init__rHcCs|jjS)N)curvekey_size)r9rrrrLsz!_EllipticCurvePrivateKey.key_sizecCs(tt|t|jt|j||jS)N)r rr r:r4r5)r9rrrrsigners  z_EllipticCurvePrivateKey.signercCs|j||jstdtj|jj|jjkr4td|jj |j }|jj |dd}|j |dk|jj d|}|jj|j }|jj||||j |jj j}|j |dk|jj |d|S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curverz uint8_t[])r5Z+elliptic_curve_exchange_algorithm_supportedrKrrZUNSUPPORTED_EXCHANGE_ALGORITHMname ValueErrorrrr)ZEC_GROUP_get_degreerrr*EC_KEY_get0_public_keyZECDH_compute_keyrr,)r9r:Zpeer_public_keyr!Zz_lenZz_bufZpeer_keyrrrrexchanges$ z!_EllipticCurvePrivateKey.exchangecCs|jj|j}|j||jjjk|jj|}|jj|}|j||jjjk|jj ||jjj }|jj |j}|j||jjjk|jj ||}|j|dk|j |}t|j||S)Nr()r5rrr)rrrrZEC_KEY_new_by_curve_nameZgcZ EC_KEY_freerRZEC_KEY_set_public_keyZ_ec_cdata_to_evp_pkey_EllipticCurvePublicKey)r9r!Z curve_nidZ public_ec_keypointr/rJrrrr1s z#_EllipticCurvePrivateKey.public_keycCs2|jj|j}|j|}tj||dS)N) private_valuepublic_numbers) r5rZEC_KEY_get0_private_keyr) _bn_to_intrZEllipticCurvePrivateNumbersr1rX)r9ZbnrWrrrprivate_numberss  z(_EllipticCurvePrivateKey.private_numberscCs|j||||j|jS)N)r5Z_private_key_bytesrGr))r9encodingr&Zencryption_algorithmrrr private_bytess z&_EllipticCurvePrivateKey.private_bytescCs*t|t|j||j\}}t|j||S)N)rr r5 _algorithmr0)r9r.rr:rrrsignsz_EllipticCurvePrivateKey.signN)r?r@rAr;rread_only_propertyrKpropertyrLrMrTr1rZr\r^rrrrrF~s   rFc@sJeZdZddZedZeddZddZ dd Z d d Z d d Z dS)rUcCs6||_t||||_||_t||}t|||_dS)N)r5r$r)rGr#r'rH)r9r rIrJr"rrrr;s   z _EllipticCurvePublicKey.__init__rHcCs|jjS)N)rKrL)r9rrrrLsz _EllipticCurvePublicKey.key_sizecCs<tt|tstdt|t|jt|j|||jS)Nzsignature must be bytes.) r rbytes TypeErrorrr r:rBr5)r9r2rrrrverifiers  z _EllipticCurvePublicKey.verifierc Cs|j|j\}}|jj|j}|j||jjjk|jZ}|jj |}|jj |}||||||}|j|dk|j |}|j |} WdQRXt j || |j dS)Nr()xyrK)r5Z _ec_key_determine_group_get_funcr)rrRrrrZ _tmp_bn_ctxZ BN_CTX_getrYrZEllipticCurvePublicNumbersrH) r9Zget_funcr!rVZbn_ctxZbn_xZbn_yr/rdrerrrrXs  z&_EllipticCurvePublicKey.public_numberscCs*|tjjkrtd|j||||jdS)Nz1EC public keys do not support PKCS1 serialization)r Z PublicFormatZPKCS1rQr5Z_public_key_bytesrG)r9r[r&rrr public_bytess z$_EllipticCurvePublicKey.public_bytescCs0t|t|j||j\}}t|j|||dS)N)rr r5r]r3)r9r2r.rr:rrrrE%sz_EllipticCurvePublicKey.verifyN) r?r@rAr;rr_rKr`rLrcrXrfrErrrrrUs   rUN)#Z __future__rrrZ cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr r r Zcryptography.hazmat.primitivesr r Z)cryptography.hazmat.primitives.asymmetricrrrrr#r$r'r0r3Zregister_interfaceobjectr4rBZ(EllipticCurvePrivateKeyWithSerializationrFZ'EllipticCurvePublicKeyWithSerializationrUrrrrs&     e