o c_+ @sddlZddlmZmZmZddlmZmZddlm Z ddl m Z ej r+ddl mZde jddfd d Zd d defd dZd"ddZd#ddZd d dede jfddZd d dddedefddZd d dddededdf ddZGd dde jZGd!dde jZdS)$N)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_evp_pkey_derive) serialization)ec)Backendsignature_algorithmreturncCst|tjs tdtjdS)Nz/Unsupported elliptic curve signature algorithm.) isinstancerZECDSArrZ UNSUPPORTED_PUBLIC_KEY_ALGORITHM)r r Kusr/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ec.py_check_signature_algorithms rbackendr cCs|j|}|||jjk|j|}||jjkrtd|jjs/|j |dkr/td|j |}|||jjk|j | d}|S)Nz@ECDSA keys with explicit parameters are unsupported at this timerascii) _libEC_KEY_get0_groupopenssl_assert_ffiNULLEC_GROUP_get_curve_nameZ NID_undef ValueErrorZCRYPTOGRAPHY_IS_LIBRESSLZEC_GROUP_get_asn1_flagZ OBJ_nid2snstringdecode)rZec_keygroupnidZ curve_namesnr r r_ec_key_curve_sn!s"    rcCs|j||jjdS)z Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N)rZEC_KEY_set_asn1_flagZOPENSSL_EC_NAMED_CURVE)rec_cdatar r r_mark_asn1_named_ec_curve?sr cCsV|j|}|||jjk|j|}|||jjk|j||r)tddS)Nz;Cannot load an EC public key where the point is at infinity)rEC_KEY_get0_public_keyrrrrZEC_POINT_is_at_infinityr)rrpointrr r r_check_key_infinityKs  r#rcCs0ztj|WStytd|tjw)Nz${} is not a supported elliptic curve)rZ _CURVE_TYPESKeyErrorrformatrZUNSUPPORTED_ELLIPTIC_CURVE)rrr r r_sn_to_elliptic_curveVs r& private_key_EllipticCurvePrivateKeydatacCsz|j|j}||dk|jd|}|jdd}|jd|t||||j}||dk|j|d|dS)Nrzunsigned char[]zunsigned int[]) rZ ECDSA_size_ec_keyrrnewZ ECDSA_signlenbuffer)rr'r)max_sizeZsigbufZ siglen_ptrresr r r_ecdsa_sig_sign`sr1 public_key_EllipticCurvePublicKey signaturecCs8|jd|t||t||j}|dkr|tdS)Nrr*)rZ ECDSA_verifyr-r+Z_consume_errorsr)rr2r4r)r0r r r_ecdsa_sig_verifyosr5c@seZdZdddZedejfddZedefdd Z d ej d ej de fd d Z dej fddZdejfddZdejdejdejde fddZde dejde fddZdS)r(rr cC@||_||_||_t||}t|||_t||t||dSN_backendr+ _evp_pkeyrr&_curver r#selfrZ ec_key_cdataevp_pkeyrr r r__init__~   z!_EllipticCurvePrivateKey.__init__r cC|jSr7r;r=r r rcurvez_EllipticCurvePrivateKey.curvecC|jjSr7rDkey_sizerCr r rrHz!_EllipticCurvePrivateKey.key_size algorithmpeer_public_keycCsD|j||jstdtj|jj|jjkrtdt|j|j |S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curve) r9Z+elliptic_curve_exchange_algorithm_supportedrDrrZUNSUPPORTED_EXCHANGE_ALGORITHMnamerrr:)r=rJrKr r rexchangesz!_EllipticCurvePrivateKey.exchangecCs|jj|j}|j||jjjk|jj|}|j|}|jj |j}|j||jjjk|jj ||}|j|dk|j |}t |j||S)Nr*) r9rrr+rrrrZ_ec_key_new_by_curve_nidr!ZEC_KEY_set_public_keyZ_ec_cdata_to_evp_pkeyr3)r=rZ curve_nidZ public_ec_keyr"r0r>r r rr2s  z#_EllipticCurvePrivateKey.public_keycCs2|jj|j}|j|}tj||dS)N) private_valuepublic_numbers) r9rZEC_KEY_get0_private_keyr+ _bn_to_intrEllipticCurvePrivateNumbersr2rO)r=ZbnrNr r rprivate_numberss   z(_EllipticCurvePrivateKey.private_numbersencodingr%encryption_algorithmcCs|j|||||j|jSr7)r9Z_private_key_bytesr:r+)r=rSr%rTr r r private_bytessz&_EllipticCurvePrivateKey.private_bytesr)r cCs&t|t||j\}}t|j||Sr7)rrrJr1r9)r=r)r _r r rsigns z_EllipticCurvePrivateKey.signNrr )__name__ __module__ __qualname__r?propertyr EllipticCurverDintrHZECDHEllipticCurvePublicKeybytesrMr2rQrRrEncodingZ PrivateFormatZKeySerializationEncryptionrUEllipticCurveSignatureAlgorithmrWr r r rr(}s>    c@seZdZdddZedejfddZedefdd Z dej fd d Z d e j defd dZde jd e j defddZdededejddfddZdS)r3rr cCr6r7r8r<r r rr?r@z _EllipticCurvePublicKey.__init__r cCrAr7rBrCr r rrDrEz_EllipticCurvePublicKey.curvecCrFr7rGrCr r rrHrIz _EllipticCurvePublicKey.key_sizec Cs|j|j\}}|jj|j}|j||jjjk|j2}|jj |}|jj |}||||||}|j|dk|j |}|j |} Wdn1sVwYt j || |j dS)Nr*)xyrD)r9Z _ec_key_determine_group_get_funcr+rr!rrr _tmp_bn_ctxZ BN_CTX_getrPrEllipticCurvePublicNumbersr;) r=Zget_funcrr"bn_ctxZbn_xZbn_yr0rcrdr r rrOs   z&_EllipticCurvePublicKey.public_numbersr%c Cs$|tjjur |jjj}n |tjjusJ|jjj}|jj|j }|j ||jj j k|jj |j }|j ||jj j k|j;}|jj||||jj j d|}|j |dk|jj d|}|jj||||||}|j ||kWdn1swY|jj |ddS)Nrzchar[])r PublicFormatCompressedPointr9rZPOINT_CONVERSION_COMPRESSEDUncompressedPointZPOINT_CONVERSION_UNCOMPRESSEDrr+rrrr!reZEC_POINT_point2octr,r.) r=r% conversionrr"rgbuflenbufr0r r r _encode_points(      z%_EllipticCurvePublicKey._encode_pointrScCsl|tjjus|tjjus|tjjur+|tjjus"|tjjtjjfvr&td||S|j ||||j dS)NzKX962 encoding must be used with CompressedPoint or UncompressedPoint format) rraZX962rhrirjrrnr9Z_public_key_bytesr:)r=rSr%r r r public_bytess     z$_EllipticCurvePublicKey.public_bytesr4r)r NcCs,t|t||j\}}t|j|||dSr7)rrrJr5r9)r=r4r)r rVr r rverify0s z_EllipticCurvePublicKey.verifyrX)rYrZr[r?r\rr]rDr^rHrfrOrrhr`rnrarorbrpr r r rr3s0   rX)rr r N)typingZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsrrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricr TYPE_CHECKINGZ,cryptography.hazmat.backends.openssl.backendr rbrstrrr r#r]r&r`r1r5ZEllipticCurvePrivateKeyr(r_r3r r r rsL          \