a p]a;4@sddlmZddlmZmZmZddlmZmZm Z ddl m Z m Z ddl mZmZmZejdddZd d Zd d Zd dZddZddZGdddeZGdddeZGdddejZGdddejZdS))utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes serialization)AsymmetricSignatureContextAsymmetricVerificationContextecsignature_algorithmcCst|tjstdtjdS)Nz/Unsupported elliptic curve signature algorithm.) isinstancer ZECDSArrZ UNSUPPORTED_PUBLIC_KEY_ALGORITHMrrFlib/python3.9/site-packages/cryptography/hazmat/backends/openssl/ec.py_check_signature_algorithms  rcCs|j|}|||jjk|j|}||jjkr>td|jjs^|j |dkr^td|j |}|||jjk|j | d}|S)Nz;ECDSA keys with unnamed curves are unsupported at this timerascii) _libEC_KEY_get0_groupopenssl_assert_ffiNULLEC_GROUP_get_curve_nameZ NID_undefNotImplementedErrorZCRYPTOGRAPHY_IS_LIBRESSLZEC_GROUP_get_asn1_flagZ OBJ_nid2snstringdecode)backendZec_keygroupZnidZ curve_namesnrrr_ec_key_curve_sn#s$    r!cCs|j||jjdS)z Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N)rZEC_KEY_set_asn1_flagZOPENSSL_EC_NAMED_CURVE)rZec_cdatarrr_mark_asn1_named_ec_curveAsr"cCs8ztj|WSty2td|tjYn0dS)Nz${} is not a supported elliptic curve)r Z _CURVE_TYPESKeyErrorrformatrZUNSUPPORTED_ELLIPTIC_CURVE)rr rrr_sn_to_elliptic_curveMs r%cCsz|j|j}||dk|jd|}|jdd}|jd|t||||j}||dk|j|d|dS)Nrzunsigned char[]zunsigned int[]) rZ ECDSA_size_ec_keyrrnewZ ECDSA_signlenbuffer)r private_keydataZmax_sizeZsigbufZ siglen_ptrresrrr_ecdsa_sig_signWsr.cCs8|jd|t||t||j}|dkr4|tdS)Nrr&)rZ ECDSA_verifyr)r'Z_consume_errorsr)r public_key signaturer,r-rrr_ecdsa_sig_verifyds r1c@s>eZdZejejdddZeddddZ edd d Z dS) _ECDSASignatureContext)r+ algorithmcCs||_||_t|||_dSN)_backend _private_keyr Hash_digest)selfrr+r3rrr__init__nsz_ECDSASignatureContext.__init__Nr,returncCs|j|dSr4r8updater9r,rrrr>xsz_ECDSASignatureContext.updater<cCs|j}t|j|j|Sr4)r8finalizer.r5r6r9ZdigestrrrrA{s z_ECDSASignatureContext.finalize) __name__ __module__ __qualname__r EllipticCurvePrivateKeyr HashAlgorithmr:bytesr>rArrrrr2ms  r2c@s@eZdZejeejdddZeddddZ ddd d Z dS) _ECDSAVerificationContext)r/r0r3cCs$||_||_||_t|||_dSr4)r5 _public_key _signaturer r7r8)r9rr/r0r3rrrr:sz"_ECDSAVerificationContext.__init__Nr;cCs|j|dSr4r=r?rrrr>sz _ECDSAVerificationContext.updater@cCs"|j}t|j|j|j|dSr4)r8rAr1r5rJrKrBrrrverifys z _ECDSAVerificationContext.verify) rCrDrEr EllipticCurvePublicKeyrHr rGr:r>rLrrrrrIs  rIc@seZdZddZedZeedddZ e j e ddd Z e je jed d d Ze jdd dZe jdddZejejejedddZee j edddZdS)_EllipticCurvePrivateKeycCs6||_||_||_t||}t|||_t||dSr4r5r' _evp_pkeyr!r%_curver"r9rZ ec_key_cdataevp_pkeyr rrrr:s   z!_EllipticCurvePrivateKey.__init__rQr@cCs|jjSr4curvekey_sizer9rrrrVsz!_EllipticCurvePrivateKey.key_size)rr<cCs:tt|t|jt|jtjs*Jt|j||jSr4) rrrr3rr rGr2r5)r9rrrrsigners  z_EllipticCurvePrivateKey.signer)r3peer_public_keyr<cCs|j||jstdtj|jj|jjkr4td|jj |j }|jj |dd}|j |dk|jj d|}|jj|j }|jj||||j |jj j}|j |dk|jj |d|S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curverz uint8_t[])r5Z+elliptic_curve_exchange_algorithm_supportedrUrrZUNSUPPORTED_EXCHANGE_ALGORITHMname ValueErrorrrr'ZEC_GROUP_get_degreerrr(EC_KEY_get0_public_keyZECDH_compute_keyrr*)r9r3rYrZz_lenZz_bufZpeer_keyrrrrexchanges0z!_EllipticCurvePrivateKey.exchangecCs|jj|j}|j||jjjk|jj|}|j|}|jj |j}|j||jjjk|jj ||}|j|dk|j |}t |j||S)Nr&) r5rrr'rrrrZ_ec_key_new_by_curve_nidr^ZEC_KEY_set_public_keyZ_ec_cdata_to_evp_pkey_EllipticCurvePublicKey)r9rZ curve_nidZ public_ec_keypointr-rSrrrr/s  z#_EllipticCurvePrivateKey.public_keycCs2|jj|j}|j|}tj||dS)N) private_valuepublic_numbers) r5rZEC_KEY_get0_private_keyr' _bn_to_intr EllipticCurvePrivateNumbersr/rd)r9Zbnrcrrrprivate_numberss   z(_EllipticCurvePrivateKey.private_numbers)encodingr$encryption_algorithmr<cCs|j|||||j|jSr4)r5Z_private_key_bytesrPr')r9rhr$rirrr private_bytessz&_EllipticCurvePrivateKey.private_bytes)r,rr<cCs*t|t|j||j\}}t|j||Sr4)rrr5 _algorithmr.)r9r,rr3rrrsignsz_EllipticCurvePrivateKey.signN)rCrDrEr:rread_only_propertyrUpropertyintrVr EllipticCurveSignatureAlgorithmr rXZECDHrMrHr`r/rfrgr EncodingZ PrivateFormatZKeySerializationEncryptionrjrlrrrrrNs*     rNc@seZdZddZedZeedddZ e e j e ddd Ze jdd d Zeje d d dZejeje dddZe e e j ddddZdS)racCs6||_||_||_t||}t|||_t||dSr4rOrRrrrr: s   z _EllipticCurvePublicKey.__init__rQr@cCs|jjSr4rTrWrrrrVsz _EllipticCurvePublicKey.key_size)r0rr<cCsHttd|t|t|jt|jtjs6Jt |j |||jS)Nr0) rr _check_bytesrrr3rr rGrIr5)r9r0rrrrverifiers   z _EllipticCurvePublicKey.verifierc Cs|j|j\}}|jj|j}|j||jjjk|jd}|jj |}|jj |}||||||}|j|dk|j |}|j |} Wdn1s0Yt j || |j dS)Nr&)xyrU)r5Z _ec_key_determine_group_get_funcr'rr^rrr _tmp_bn_ctxZ BN_CTX_getrer EllipticCurvePublicNumbersrQ) r9Zget_funcrrbbn_ctxZbn_xZbn_yr-rtrurrrrd*s  *z&_EllipticCurvePublicKey.public_numbers)r$r<c Cs&|tjjur|jjj}n|tjjus(J|jjj}|jj|j }|j ||jj j k|jj |j }|j ||jj j k|jv}|jj||||jj j d|}|j |dk|jj d|}|jj||||||}|j ||kWdn1s0Y|jj |ddS)Nrzchar[])r PublicFormatCompressedPointr5rZPOINT_CONVERSION_COMPRESSEDUncompressedPointZPOINT_CONVERSION_UNCOMPRESSEDrr'rrrr^rvZEC_POINT_point2octr(r*) r9r$ conversionrrbrxZbuflenZbufr-rrr _encode_point=s&     0z%_EllipticCurvePublicKey._encode_point)rhr$r<cCsp|tjjus$|tjjus$|tjjurV|tjjusD|tjjtjjfvrLtd||S|j ||||j dSdS)NzKX962 encoding must be used with CompressedPoint or UncompressedPoint format) r rqZX962ryrzr{r]r}r5Z_public_key_bytesrP)r9rhr$rrr public_bytesUs"     z$_EllipticCurvePublicKey.public_bytesN)r0r,rr<cCs0t|t|j||j\}}t|j|||dSr4)rrr5rkr1)r9r0r,rr3rrrrLnsz_EllipticCurvePublicKey.verify)rCrDrEr:rrmrUrnrorVrHr rpr rsrwrdr ryr}rqr~rLrrrrra s&   raN)Z cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsrrrZcryptography.hazmat.primitivesr r Z)cryptography.hazmat.primitives.asymmetricr r r rprr!r"r%r.r1r2rIrFrNrMrarrrrs      r