U

�e�].1�@s
dd
lm
Z
mZmZ
ddlmZ
ddlmZmZm	Z	
ddl
mZmZm
Z

ddlmZmZ
ddlmZmZmZ
dd�Zd	d
�Zdd�Zd
d�Zdd�Zdd�Ze�e�
Gdd�de��
Ze�e�
Gdd�de��
Ze�ej�
Gdd�de��
Z e�ej!�
Gdd�de��
Z"dS)�)�absolute_import�division�print_function)
�utils)�InvalidSignature�UnsupportedAlgorithm�_Reasons)�_calculate_digest_and_algorithm�_check_not_prehashed�_warn_sign_verify_deprecated)�hashes�
serialization)�AsymmetricSignatureContext�AsymmetricVerificationContext�ecc

Cst|t
j�std
tj��
dS)Nz/Unsupported elliptic curve signature algorithm.)�
isinstancerZECDSArrZ UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
�signature_algorithm�r�I/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/ec.py�_check_signature_algorithms




�rcCs�|j�
|
�
}|�||jjk�

|j�|�
}||jjkr>td
�
�
|jjr^|j�	|�
dkr^td
�
�
|j�
|�
}|�||jjk�

|j�|�
�d�
}|S)Nz;ECDSA keys with unnamed curves are unsupported at this timer
�ascii)
�_lib�EC_KEY_get0_group�openssl_assert�_ffi�NULL�EC_GROUP_get_curve_nameZ	NID_undef�NotImplementedErrorZ#CRYPTOGRAPHY_OPENSSL_110_OR_GREATERZEC_GROUP_get_asn1_flagZ
OBJ_nid2sn�string�decode)�backendZec_key�groupZnidZ
curve_name�snrrr�_ec_key_curve_sns$



�	��
�

r#cCs|j�
|
|jj�
d
S)z�
    Set the named curve flag on the EC_KEY. This causes OpenSSL to
    serialize EC keys along with their curve OID which makes
    deserialization easier.
    N)rZEC_KEY_set_asn1_flagZOPENSSL_EC_NAMED_CURVE)r Zec_cdatarrr�_mark_asn1_named_ec_curve<s
�r$cCs:ztj
|
�WStk
r4


td
�|
�
tj��
YnXdS)Nz${} is not a supported elliptic curve)rZ_CURVE_TYPES�KeyErrorr�formatrZUNSUPPORTED_ELLIPTIC_CURVE)r r"rrr�_sn_to_elliptic_curveHs





�r'cCsz|j�
|
j�
}|�|d
k�

|j�d|�}|j�dd�}|j�d
|t|�
|||
j�}|�|dk�

|j�|�
d|d
�S)Nr
zunsigned char[]zunsigned int[]�
)	rZ
ECDSA_size�_ec_keyrr�newZ
ECDSA_sign�len�buffer)r �private_key�dataZmax_sizeZsigbufZ
siglen_ptr�resrrr�_ecdsa_sig_signRs




�
r0cCs8|j�
d
|t|�
|t|�
|
j�}|dkr4|��
t�
dS)Nr
r()rZECDSA_verifyr+r)Z_consume_errorsr)r �
public_key�	signaturer.r/rrr�_ecdsa_sig_verify_s

�

r3c@s$eZ
dZd
d�Zdd�Zdd�ZdS)�_ECDSASignatureContextcCs|
|_||_
t�||
�|_dS�
N)�_backend�_private_keyr�Hash�_digest)�selfr r-�	algorithmrrr�__init__js


z_ECDSASignatureContext.__init__cCs|j�
|
�

dSr5�r9�update�r:r.rrrr>os
z_ECDSASignatureContext.updatec
Cs|j�
�}
t|j|j|
�Sr5)r9�finalizer0r6r7�r:Zdigestrrrr@rs

z_ECDSASignatureContext.finalizeN)�__name__�
__module__�__qualname__r<r>r@rrrrr4hsr4c@s$eZ
dZd
d�Zdd�Zdd�ZdS)�_ECDSAVerificationContextcCs$|
|_||_
||_t�||
�|_dSr5)r6�_public_key�
_signaturerr8r9)r:r r1r2r;rrrr<zs



z"_ECDSAVerificationContext.__init__cCs|j�
|
�

dSr5r=r?rrrr>�s
z _ECDSAVerificationContext.updatec
Cs"|j�
�}
t|j|j|j|
�
dSr5)r9r@r3r6rFrGrArrr�verify�s



�z _ECDSAVerificationContext.verifyN)rBrCrDr<r>rHrrrrrExsrEc@sZeZ
dZd
d�Ze�d�
Zedd��
Zdd�Z	dd	�Z
d
d�Zdd
�Zdd�Z
dd�ZdS)�_EllipticCurvePrivateKeycCs6|
|_||_
||_t|
|�}t|
|�|_t|
|�
dSr5�r6r)�	_evp_pkeyr#r'�_curver$�r:r Zec_key_cdata�evp_pkeyr"rrrr<�s





z!_EllipticCurvePrivateKey.__init__rLc


Cs|jj
Sr5��curve�key_size�
r:rrrrQ�sz!_EllipticCurvePrivateKey.key_sizecCs(t�
t
|
�

t|
j�

t|j||
j�Sr5)rrr
r;r4r6)r:rrrr�signer�s





�z_EllipticCurvePrivateKey.signercCs�|j�
|
|j�std
tj��
|jj|jjkr4td�
�
|jj�	|j
�
}|jj�|�
dd}|j�|dk�

|jj
�d|�}|jj�|j
�
}|jj�||||j
|jj
j�}|j�|dk�

|jj
�|�
d|�S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curve��r
z	uint8_t[])r6Z+elliptic_curve_exchange_algorithm_supportedrPrrZUNSUPPORTED_EXCHANGE_ALGORITHM�name�
ValueErrorrrr)ZEC_GROUP_get_degreerrr*�EC_KEY_get0_public_keyZECDH_compute_keyrr,)r:r;Zpeer_public_keyr!Zz_lenZz_bufZpeer_key�
rrrr�exchange�s:
��

�

�




�
�
z!_EllipticCurvePrivateKey.exchangec
Cs�|jj
�|j�
}
|j�|
|jjjk�

|jj
�|
�
}|jj
�|�
}|j�||jjjk�

|jj�	||jj
j
�}|jj
�|j�
}|j�||jjjk�

|jj
�||�}|j�|d
k�

|j�
|�
}t|j||�S)Nr()r6rrr)rrrrZEC_KEY_new_by_curve_name�gcZEC_KEY_freerXZEC_KEY_set_public_keyZ_ec_cdata_to_evp_pkey�_EllipticCurvePublicKey)r:r!Z	curve_nidZ
public_ec_key�pointr/rNrrrr1�s




�

z#_EllipticCurvePrivateKey.public_keyc
Cs2|jj
�|j�
}
|j�|
�
}tj||����d
�S)N)�
private_value�public_numbers)	r6rZEC_KEY_get0_private_keyr)�
_bn_to_intrZEllipticCurvePrivateNumbersr1r_)r:Zbnr^rrr�private_numbers�s





�z(_EllipticCurvePrivateKey.private_numberscCs|j�
|
|||j|j�Sr5)r6Z_private_key_bytesrKr))r:�encodingr&Zencryption_algorithmrrr�
private_bytes�s





�z&_EllipticCurvePrivateKey.private_bytescCs*t|�

t
|j|
|j�\}
}t|j||
�Sr5)rr	r6�
_algorithmr0)r:r.rr;rrr�sign�s


�z_EllipticCurvePrivateKey.signN)rBrCrDr<r�read_only_propertyrP�propertyrQrSrZr1rarcrerrrrrI�s	


	rIc@sReZ
dZd
d�Ze�d�
Zedd��
Zdd�Z	dd	�Z
d
d�Zdd
�Zdd�Z
dS)r\cCs6|
|_||_
||_t|
|�}t|
|�|_t|
|�
dSr5rJrMrrrr<�s





z _EllipticCurvePublicKey.__init__rLc


Cs|jj
Sr5rOrRrrrrQ�sz _EllipticCurvePublicKey.key_sizecCs6t�
t
�d
|
�
t|�

t|j�

t|j||
|j�S)Nr2)rr�_check_bytesrr
r;rEr6)r:r2rrrr�verifier

s





�z _EllipticCurvePublicKey.verifierc

	Cs�|j�
|j�
\}
}|jj�|j�
}|j�||jjjk�

|j���Z}|jj�	|�
}|jj�	|�
}|
|||||�}|j�|d
k�

|j�
|�
}|j�
|�
}	W5QRXtj||	|j
d�S)Nr()�
x�
yrP)r6Z _ec_key_determine_group_get_funcr)rrXrrr�_tmp_bn_ctxZ
BN_CTX_getr`rZEllipticCurvePublicNumbersrL)
r:Zget_funcr!r]�bn_ctxZbn_xZbn_yr/rjrkrrrr_
s �







�z&_EllipticCurvePublicKey.public_numbersc		Cs
|
tj
jkr|jjj}n|
tj
jks(t�
|jjj}|jj�	|j
�
}|j�||jjj
k�

|jj�|j
�
}|j�||jjj
k�

|j���l}|jj�||||jjj
d
|�}|j�|d
k�

|jj�d|�}|jj�||||||�}|j�||k�

W5QRX|jj�|�
dd�S)Nr
zchar[])r
�PublicFormat�CompressedPointr6rZPOINT_CONVERSION_COMPRESSED�UncompressedPoint�AssertionErrorZPOINT_CONVERSION_UNCOMPRESSEDrr)rrrrXrlZEC_POINT_point2octr*r,)	r:r&Z
conversionr!r]rmZbuflenZbufr/rrr�
_encode_point"
s:









�


�z%_EllipticCurvePublicKey._encode_pointcCs�|tj
jkrtd
�
�
|
tjjks8|tj
jks8|tj
jkrj|
tjjk	sX|tj
jtj
jfkr`td�
�
|�|�
S|j	�
|
|||jd�SdS)Nz1EC public keys do not support PKCS1 serializationzKX962 encoding must be used with CompressedPoint or UncompressedPoint format)r
rnZPKCS1rWZEncodingZX962rorprrr6Z_public_key_bytesrK)r:rbr&rrr�public_bytes:
s8


�
�
�
�
�

��
�





�z$_EllipticCurvePublicKey.public_bytescCs0t|�

t
|j||j�\}}t|j||
|�
dSr5)rr	r6rdr3)r:r2r.rr;rrrrH[
s


�z_EllipticCurvePublicKey.verifyN)rBrCrDr<rrfrPrgrQrir_rrrsrHrrrrr\�s	



!r\N)#Z
__future__rrrZcryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr	r
rZcryptography.hazmat.primitivesrr
Z)cryptography.hazmat.primitives.asymmetricrrrrr#r$r'r0r3Zregister_interface�objectr4rEZ(EllipticCurvePrivateKeyWithSerializationrIZ'EllipticCurvePublicKeyWithSerializationr\rrrr�<module>s&

 

	



e