Qi.8ddlmZddlZddlmZmZmZddlmZm Z ddl m Z ddl m Z ejrddlmZ ddZdd Zdd Zdd Zdd Zdd Z ddZ ddZGdde j2ZGdde j6Zy)) annotationsN)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_evp_pkey_derive) serialization)ec)Backendclt|tjstdtj y)Nz/Unsupported elliptic curve signature algorithm.) isinstancer ECDSArr UNSUPPORTED_PUBLIC_KEY_ALGORITHM)signature_algorithms I/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/ec.py_check_signature_algorithmrs1 )288 4" =  5 5   5cb|jj|}|j||jjk7|jj |}||jj k(r td|jjs)|jj|dk(r td|jj|}|j||jjk7|jj|jd}|S)Nz@ECDSA keys with explicit parameters are unsupported at this timerascii) _libEC_KEY_get0_groupopenssl_assert_ffiNULLEC_GROUP_get_curve_name NID_undef ValueErrorCRYPTOGRAPHY_IS_LIBRESSLEC_GROUP_get_asn1_flag OBJ_nid2snstringdecode)backendec_keygroupnid curve_namesns r_ec_key_curve_snr)#s LL * *6 2E 5GLL$5$556 ,, . .u 5C gll$$$ N   LL 1 1 LL / / 6! ; N  ((-J :):)::;   Z ( / / 8B Ircd|jj||jjy)z Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N)rEC_KEY_set_asn1_flagOPENSSL_EC_NAMED_CURVE)r#ec_cdatas r_mark_asn1_named_ec_curver.As% LL%%',,55rc^|jj|}|j||jjk7|jj |}|j||jjk7|jj ||r tdy)Nz;Cannot load an EC public key where the point is at infinity)rEC_KEY_get0_public_keyrrrrEC_POINT_is_at_infinityr)r#r-pointr%s r_check_key_infinityr3Ms LL / / 9E 5GLL$5$556 LL * *8 4E 5GLL$5$556||++E59 I  :rc@|jj|}|j||jjk7|jj |}|j |}|dk7r*|jj|dk7r tdyy)Nz1Invalid EC key (key out of range, infinity, etc.)) rrrrrEC_GROUP_get0_cofactor _bn_to_intEC_KEY_check_keyr)r#r-r%bncofactors r_check_key_cofactorr;Ws LL * *8 4E 5GLL$5$556  , ,U 3B!!"%H1} << ( ( 2a 7C  8rc tj|S#t$rt|dtj wxYw)Nz" is not a supported elliptic curve)r _CURVE_TYPESKeyErrorrrUNSUPPORTED_ELLIPTIC_CURVE)r#r(s r_sn_to_elliptic_curver@bsI r"$$  "d4 5  / /   s 'A_EllipticCurvePrivateKeyc|jj|j}|j|dkD|jj d|}|jj dd}|jj d|t||||j}|j|dk(|jj|d|dS)Nrzunsigned char[]zunsigned int[]r5) r ECDSA_size_ec_keyrrnew ECDSA_signlenbuffer)r# private_keydatamax_sizesigbuf siglen_ptrress r_ecdsa_sig_signrOls||&&{':':;H 8a<( \\  / :F!!"2A6J ,, ! ! 4TFJ 0C0C C 3!8$ <<  v &A 77r_EllipticCurvePublicKeyc |jjd|t||t||j}|dk7r|j t y)Nrr5)r ECDSA_verifyrGrD_consume_errorsr)r# public_key signaturerJrNs r_ecdsa_sig_verifyrV{sS ,, # # 4TIs9~z7I7I C ax!rceZdZd dZed dZed dZ d dZddZddZ ddZ ddZ y )rAc||_||_||_t||}t |||_t ||t||yN)_backendrD _evp_pkeyr)r@_curver.r3selfr# ec_key_cdataevp_pkeyr(s r__init__z!_EllipticCurvePrivateKey.__init__sE # ! g| 4+GR8 !'<8G\2rc|jSrYr\r^s rcurvez_EllipticCurvePrivateKey.curve {{rc.|jjSrYrekey_sizerds rriz!_EllipticCurvePrivateKey.key_sizezz"""rc4|jj||jstdtj |jj |jj k7r tdt|j|j|S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curve) rZ+elliptic_curve_exchange_algorithm_supportedrerrUNSUPPORTED_EXCHANGE_ALGORITHMnamerrr[)r^ algorithmpeer_public_keys rexchangez!_EllipticCurvePrivateKey.exchanges MM E E4:: 'C77   % % 8D   t~~OOrc|jjj|j}|jj ||jj j k7|jjj|}|jj|}|jjj|j}|jj ||jj j k7|jjj||}|jj |dk(|jj|}t|j||SNr5) rZrrrDrrrr_ec_key_new_by_curve_nidr0EC_KEY_set_public_key_ec_cdata_to_evp_pkeyrP)r^r% curve_nid public_ec_keyr2rNr`s rrTz#_EllipticCurvePrivateKey.public_keys ""44T\\B $$Udmm.@.@.E.E%EFMM&&>>uE  >>yI  ""99$,,G $$Udmm.@.@.E.E%EFmm  66}eL $$SAX.==66}E&t}}mXNNrc|jjj|j}|jj |}t j ||jjS)N) private_valuepublic_numbers) rZrEC_KEY_get0_private_keyrDr7r EllipticCurvePrivateNumbersrTr{)r^r9rzs rprivate_numbersz(_EllipticCurvePrivateKey.private_numberss] ]]   7 7 E 004 --'??,;;=  rcj|jj|||||j|jSrY)rZ_private_key_bytesr[rD)r^encodingformatencryption_algorithms r private_bytesz&_EllipticCurvePrivateKey.private_bytess5 }}//    NN LL   rcxt|t||j\}}t|j||SrY)rrrorOrZ)r^rJr_s rsignz_EllipticCurvePrivateKey.signs< ##671   ) ) at}}dD99rNr#r returnec.EllipticCurverint)rozec.ECDHrpec.EllipticCurvePublicKeyrbytes)rr)rzec.EllipticCurvePrivateNumbers)rserialization.Encodingrzserialization.PrivateFormatrz(serialization.KeySerializationEncryptionrr)rJrr"ec.EllipticCurveSignatureAlgorithmrr) __name__ __module__ __qualname__rapropertyrerirqrTr~rrrrrArAs3##P P3LP P(O"   (  ,  G     : :@ :  :rc|eZdZd dZed dZed dZd dZddZddZ ddZ ddZ y )rPc||_||_||_t||}t |||_t ||t||t||yrY) rZrDr[r)r@r\r.r3r;r]s rraz _EllipticCurvePublicKey.__init__sO # ! g| 4+GR8 !'<8G\2G\2rc|jSrYrcrds rrez_EllipticCurvePublicKey.curverfrc.|jjSrYrhrds rriz _EllipticCurvePublicKey.key_sizerjrct|tstS|jjj |j |j dk(Srs)r rPNotImplementedrZr EVP_PKEY_cmpr[)r^others r__eq__z_EllipticCurvePublicKey.__eq__sD%!89! ! MM   + +DNNEOO L  rc|jjj|j}|jj ||jj j k7|jjj|j}|jj ||jj j k7|jj5}|jjj|}|jjj|}|jjj|||||}|jj |dk(|jj|}|jj|}dddtj|jS#1swY+xYw)Nr5)xyre)rZrrrDrrrr0 _tmp_bn_ctx BN_CTX_getEC_POINT_get_affine_coordinatesr7r EllipticCurvePublicNumbersr\) r^r%r2bn_ctxbn_xbn_yrNrrs rr{z&_EllipticCurvePublicKey.public_numberssg ""44T\\B $$Udmm.@.@.E.E%EF ""99$,,G $$Udmm.@.@.E.E%EF ]] & & ( /F==%%008D==%%008D--$$DDudD&C MM ( ( 2 ((.A ((.A /,,qAT[[II / /s 1CG##G,c |tjjur!|jjj }n>|tjj usJ|jjj}|jjj|j}|jj||jjjk7|jjj|j}|jj||jjjk7|jj5}|jjj||||jjjd|}|jj|dkD|jjj!d|}|jjj||||||}|jj||k(ddd|jjj#ddS#1swY1xYw)Nrzchar[])r PublicFormatCompressedPointrZrPOINT_CONVERSION_COMPRESSEDUncompressedPointPOINT_CONVERSION_UNCOMPRESSEDrrDrrrr0rEC_POINT_point2octrErH) r^r conversionr%r2rbuflenbufrNs r _encode_pointz%_EllipticCurvePublicKey._encode_points ]//?? ?++GGJ]77III II++IIJ ""44T\\B $$Udmm.@.@.E.E%EF ""99$,,G $$Udmm.@.@.E.E%EF ]] & & ( 8F]]''::uj$--*<*<*A*A1fF MM ( (! 4--$$((6:C--$$77uj#vvC MM ( (3 7 8}}!!((-a00 8 8s ,CI11I:c|tjjus8|tjjus|tjj urn|tjjus6|tjjtjj fvr t d|j|S|jj||||jdS)NzKX962 encoding must be used with CompressedPoint or UncompressedPoint format) r EncodingX962rrrrrrZ_public_key_bytesr[)r^rrs r public_bytesz$_EllipticCurvePublicKey.public_bytes/s  ..33 333CCC33EEE}55:::f**::**<<M?!/ %%f- -==22&$ rc|t|t||j\}}t|j|||yrY)rrrorVrZ)r^rUrJrrs rverifyz_EllipticCurvePublicKey.verifyHs; ##671   ) ) a $--y$?rNrrr)robjectrbool)rzec.EllipticCurvePublicNumbers)rserialization.PublicFormatrr)rrrrrr)rUrrJrrrrNone) rrrrarrerirr{rrrrrrrPrPs 3## J*10(+  2 @ @ @@ @  @r)rrrr)r#r rstrr)r#r rr)r#r r(rrr)r#r rIrArJrrr) r#r rTrPrUrrJrrr) __future__rtypingcryptography.exceptionsrrr*cryptography.hazmat.backends.openssl.utilsrrcryptography.hazmat.primitivesr )cryptography.hazmat.primitives.asymmetricr TYPE_CHECKING,cryptography.hazmat.backends.openssl.backendr rr)r.r3r;r@rOrVEllipticCurvePrivateKeyrAEllipticCurvePublicKeyrPrrrrs #  98 D ;   <     8  8#; 8CH 8  8   '      Y:r99Y:xn@b77n@r