σ Υ{PXc@`smddlmZmZmZddlmZddlmZmZm Z ddl m Z m Z ddl mZmZddlmZmZmZd„Zd„Zd „Zd „Zd „Zd „Zd „Zejeƒdefd„ƒYƒZejeƒdefd„ƒYƒZejejƒdefd„ƒYƒZ ejej!ƒdefd„ƒYƒZ"dS(i(tabsolute_importtdivisiontprint_function(tutils(tInvalidSignaturetUnsupportedAlgorithmt_Reasons(t_calculate_digest_and_algorithmt_truncate_digest(thashest serialization(tAsymmetricSignatureContexttAsymmetricVerificationContexttecc C`sŸ|j}|j}|j|ƒ}|jƒc}|j|ƒ}|j||jkƒ|j|||ƒ}|j|dkƒ|j|ƒ} WdQXt || ƒS(sς This function truncates digests that are longer than a given elliptic curve key's length so they can be signed. Since elliptic curve keys are much shorter than RSA keys many digests (e.g. SHA-512) may require truncation. iN( t_libt_ffitEC_KEY_get0_groupt _tmp_bn_ctxt BN_CTX_gettopenssl_asserttNULLtEC_GROUP_get_ordert BN_num_bitsR( t ec_key_cdatatdigesttbackendRRtgrouptbn_ctxtordertrest order_bits((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyt_truncate_digest_for_ecdsas  cC`s+t|tjƒs'tdtjƒ‚ndS(Ns/Unsupported elliptic curve signature algorithm.(t isinstanceR tECDSARRt UNSUPPORTED_PUBLIC_KEY_ALGORITHM(tsignature_algorithm((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyt_check_signature_algorithm-scC`s¨|jj|ƒ}|j||jjkƒ|jj|ƒ}||jjkr^tdƒ‚n|jj|ƒ}|j||jjkƒ|jj |ƒj dƒ}|S(NsCECDSA certificates with unnamed curves are unsupported at this timetascii( RRRRRtEC_GROUP_get_curve_namet NID_undeftNotImplementedErrort OBJ_nid2sntstringtdecode(Rtec_keyRtnidt curve_nametsn((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyt_ec_key_curve_sn4s cC`s|jj||jjƒdS(s‘ Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N(RtEC_KEY_set_asn1_flagtOPENSSL_EC_NAMED_CURVE(Rtec_cdata((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyt_mark_asn1_named_ec_curveHs cC`sEytj|ƒSWn,tk r@tdj|ƒtjƒ‚nXdS(Ns%{0} is not a supported elliptic curve(R t _CURVE_TYPEStKeyErrorRtformatRtUNSUPPORTED_ELLIPTIC_CURVE(RR/((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyt_sn_to_elliptic_curveTs   cC`s§|jj|jƒ}|j|dkƒ|jjd|ƒ}|jjddƒ}|jjd|t|ƒ|||jƒ}|j|dkƒ|jj|ƒ|d S(Nisunsigned char[]sunsigned int[]i( Rt ECDSA_sizet_ec_keyRRtnewt ECDSA_signtlentbuffer(Rt private_keytdatatmax_sizetsigbuft siglen_ptrR((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyt_ecdsa_sig_sign^s !cC`sS|jjd|t|ƒ|t|ƒ|jƒ}|dkrO|jƒt‚ntS(Nii(Rt ECDSA_verifyR>R;t_consume_errorsRtTrue(Rt public_keyt signatureRAR((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyt_ecdsa_sig_verifyks  '   t_ECDSASignatureContextcB`s#eZd„Zd„Zd„ZRS(cC`s+||_||_tj||ƒ|_dS(N(t_backendt _private_keyR tHasht_digest(tselfRR@t algorithm((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyt__init__ws  cC`s|jj|ƒdS(N(RPtupdate(RQRA((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyRT|scC`s@|jjƒ}t|jj||jƒ}t|j|j|ƒS(N(RPtfinalizeRRNR;RMRE(RQR((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyRUs(t__name__t __module__RSRTRU(((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyRLus  t_ECDSAVerificationContextcB`s#eZd„Zd„Zd„ZRS(cC`s4||_||_||_tj||ƒ|_dS(N(RMt _public_keyt _signatureR RORP(RQRRIRJRR((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyRSŠs   cC`s|jj|ƒdS(N(RPRT(RQRA((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyRTscC`sF|jjƒ}t|jj||jƒ}t|j|j|j|ƒS(N(RPRURRYR;RMRKRZ(RQR((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pytverify“s (RVRWRSRTR[(((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyRXˆs  t_EllipticCurvePrivateKeycB`sVeZd„ZejdƒZd„Zd„Zd„Zd„Z d„Z d„Z RS(cC`sM||_t||ƒ||_||_t||ƒ}t||ƒ|_dS(N(RMR4R;t _evp_pkeyR0R9t_curve(RQRRtevp_pkeyR/((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyRSŸs     R^cC`s t|ƒt|j||jƒS(N(R$RLRMRR(RQR#((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pytsignerͺs cC`s)|jj||jƒs-tdtjƒ‚n|jj|jjkrTtdƒ‚n|jjj |j ƒ}|jjj |ƒdd}|jj |dkƒ|jj jd|ƒ}|jjj|j ƒ}|jjj||||j |jj jƒ}|jj |dkƒ|jj j|ƒ| S(Ns1This backend does not support the ECDH algorithm.s2peer_public_key and self are not on the same curveiiis uint8_t[](RMt+elliptic_curve_exchange_algorithm_supportedtcurveRRtUNSUPPORTED_EXCHANGE_ALGORITHMtnamet ValueErrorRRR;tEC_GROUP_get_degreeRRR<tEC_KEY_get0_public_keytECDH_compute_keyRR?(RQRRtpeer_public_keyRtz_lentz_buftpeer_keytr((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pytexchange°s$     !cC`s+|jjj|jƒ}|jj||jjjkƒ|jjj|ƒ}|jjj|ƒ}|jj||jjjkƒ|jjj ||jjj ƒ}|jjj |jƒ}|jj||jjjkƒ|jjj ||ƒ}|jj|dkƒ|jj |ƒ}t|j||ƒS(Ni(RMRRR;RRRR&tEC_KEY_new_by_curve_nametgct EC_KEY_freeRgtEC_KEY_set_public_keyt_ec_cdata_to_evp_pkeyt_EllipticCurvePublicKey(RQRt curve_nidt public_ec_keytpointRR_((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyRIΞs cC`sL|jjj|jƒ}|jj|ƒ}tjd|d|jƒjƒƒS(Nt private_valuetpublic_numbers( RMRtEC_KEY_get0_private_keyR;t _bn_to_intR tEllipticCurvePrivateNumbersRIRy(RQtbnRx((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pytprivate_numbersδs  cC`s"|jj||||j|jƒS(N(RMt_private_key_bytesR]R;(RQtencodingR7tencryption_algorithm((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyt private_bytesμs  cC`sSt|ƒt|j||jƒ\}}t|j||jƒ}t|j||ƒS(N(R$RRMt _algorithmRR;RE(RQRAR#RR((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pytsignυs  ( RVRWRSRtread_only_propertyRbR`RnRIR~R‚R„(((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyR\s      RtcB`sDeZd„ZejdƒZd„Zd„Zd„Zd„Z RS(cC`sM||_t||ƒ||_||_t||ƒ}t||ƒ|_dS(N(RMR4R;R]R0R9R^(RQRRR_R/((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyRSs     R^cC`sAt|tƒstdƒ‚nt|ƒt|j|||jƒS(Nssignature must be bytes.(R tbytest TypeErrorR$RXRMRR(RQRJR#((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pytverifier s  c C`s|jj|jƒ\}}}|jjj|jƒ}|jj||jjjkƒ|jjƒƒ}|jjj |ƒ}|jjj |ƒ}||||||ƒ}|jj|dkƒ|jj |ƒ} |jj |ƒ} WdQXt j d| d| d|j ƒS(NitxtyRb(RMt%_ec_key_determine_group_get_set_funcsR;RRgRRRRRR{R tEllipticCurvePublicNumbersR^( RQtset_functget_funcRRwRtbn_xtbn_yRR‰RŠ((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyRys cC`s@|tjjkr!tdƒ‚n|jj||||jdƒS(Ns1EC public keys do not support PKCS1 serialization(R t PublicFormattPKCS1ReRMt_public_key_bytesR]tNone(RQR€R7((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyt public_bytes-s  cC`sVt|ƒt|j||jƒ\}}t|j||jƒ}t|j|||ƒS(N(R$RRMRƒRR;RK(RQRJRAR#RR((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyR[;s  ( RVRWRSRR…RbRˆRyR•R[(((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyRts    N(#t __future__RRRt cryptographyRtcryptography.exceptionsRRRt*cryptography.hazmat.backends.openssl.utilsRRtcryptography.hazmat.primitivesR R t)cryptography.hazmat.primitives.asymmetricR R R RR$R0R4R9RERKtregister_interfacetobjectRLRXt(EllipticCurvePrivateKeyWithSerializationR\t'EllipticCurvePublicKeyWithSerializationRt(((sK/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/ec.pyts(    b