bXc@`smddlmZmZmZddlmZddlmZmZm Z ddl m Z m Z ddl mZmZddlmZmZmZdZdZd Zd Zd Zd Zd ZejedefdYZejedefdYZejejdefdYZ ejej!defdYZ"dS(i(tabsolute_importtdivisiontprint_function(tutils(tInvalidSignaturetUnsupportedAlgorithmt_Reasons(t_calculate_digest_and_algorithmt_truncate_digest(thashest serialization(tAsymmetricSignatureContexttAsymmetricVerificationContexttecc C`s|j}|j}|j|}|jc}|j|}|j||jk|j|||}|j|dk|j|} WdQXt || S(s This function truncates digests that are longer than a given elliptic curve key's length so they can be signed. Since elliptic curve keys are much shorter than RSA keys many digests (e.g. SHA-512) may require truncation. iN( t_libt_ffitEC_KEY_get0_groupt _tmp_bn_ctxt BN_CTX_gettopenssl_asserttNULLtEC_GROUP_get_ordert BN_num_bitsR( t ec_key_cdatatdigesttbackendRRtgrouptbn_ctxtordertrest order_bits((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyt_truncate_digest_for_ecdsas  cC`s+t|tjs'tdtjndS(Ns/Unsupported elliptic curve signature algorithm.(t isinstanceR tECDSARRt UNSUPPORTED_PUBLIC_KEY_ALGORITHM(tsignature_algorithm((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyt_check_signature_algorithm-scC`s|jj|}|j||jjk|jj|}||jjkr^tdn|jj|}|j||jjk|jj |j d}|S(NsCECDSA certificates with unnamed curves are unsupported at this timetascii( RRRRRtEC_GROUP_get_curve_namet NID_undeftNotImplementedErrort OBJ_nid2sntstringtdecode(Rtec_keyRtnidt curve_nametsn((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyt_ec_key_curve_sn4s cC`s|jj||jjdS(s Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N(RtEC_KEY_set_asn1_flagtOPENSSL_EC_NAMED_CURVE(Rtec_cdata((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyt_mark_asn1_named_ec_curveHs cC`sEytj|SWn,tk r@tdj|tjnXdS(Ns%{0} is not a supported elliptic curve(R t _CURVE_TYPEStKeyErrorRtformatRtUNSUPPORTED_ELLIPTIC_CURVE(RR/((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyt_sn_to_elliptic_curveTs   cC`s|jj|j}|j|dk|jjd|}|jjdd}|jjd|t||||j}|j|dk|jj||d S(Nisunsigned char[]sunsigned int[]i( Rt ECDSA_sizet_ec_keyRRtnewt ECDSA_signtlentbuffer(Rt private_keytdatatmax_sizetsigbuft siglen_ptrR((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyt_ecdsa_sig_sign^s !cC`sS|jjd|t||t||j}|dkrO|jtntS(Nii(Rt ECDSA_verifyR>R;t_consume_errorsRtTrue(Rt public_keyt signatureRAR((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyt_ecdsa_sig_verifyks  '   t_ECDSASignatureContextcB`s#eZdZdZdZRS(cC`s+||_||_tj|||_dS(N(t_backendt _private_keyR tHasht_digest(tselfRR@t algorithm((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyt__init__ws  cC`s|jj|dS(N(RPtupdate(RQRA((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyRT|scC`s@|jj}t|jj||j}t|j|j|S(N(RPtfinalizeRRNR;RMRE(RQR((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyRUs(t__name__t __module__RSRTRU(((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyRLus  t_ECDSAVerificationContextcB`s#eZdZdZdZRS(cC`s4||_||_||_tj|||_dS(N(RMt _public_keyt _signatureR RORP(RQRRIRJRR((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyRSs   cC`s|jj|dS(N(RPRT(RQRA((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyRTscC`sF|jj}t|jj||j}t|j|j|j|S(N(RPRURRYR;RMRKRZ(RQR((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pytverifys (RVRWRSRTR[(((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyRXs  t_EllipticCurvePrivateKeycB`sVeZdZejdZdZdZdZdZ dZ dZ RS(cC`sM||_t||||_||_t||}t|||_dS(N(RMR4R;t _evp_pkeyR0R9t_curve(RQRRtevp_pkeyR/((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyRSs     R^cC`s t|t|j||jS(N(R$RLRMRR(RQR#((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pytsigners cC`s)|jj||js-tdtjn|jj|jjkrTtdn|jjj |j }|jjj |dd}|jj |dk|jj jd|}|jjj|j }|jjj||||j |jj j}|jj |dk|jj j|| S(Ns1This backend does not support the ECDH algorithm.s2peer_public_key and self are not on the same curveiiis uint8_t[](RMt+elliptic_curve_exchange_algorithm_supportedtcurveRRtUNSUPPORTED_EXCHANGE_ALGORITHMtnamet ValueErrorRRR;tEC_GROUP_get_degreeRRR<tEC_KEY_get0_public_keytECDH_compute_keyRR?(RQRRtpeer_public_keyRtz_lentz_buftpeer_keytr((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pytexchanges$     !cC`s+|jjj|j}|jj||jjjk|jjj|}|jjj|}|jj||jjjk|jjj ||jjj }|jjj |j}|jj||jjjk|jjj ||}|jj|dk|jj |}t|j||S(Ni(RMRRR;RRRR&tEC_KEY_new_by_curve_nametgct EC_KEY_freeRgtEC_KEY_set_public_keyt_ec_cdata_to_evp_pkeyt_EllipticCurvePublicKey(RQRt curve_nidt public_ec_keytpointRR_((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyRIs cC`sL|jjj|j}|jj|}tjd|d|jjS(Nt private_valuetpublic_numbers( RMRtEC_KEY_get0_private_keyR;t _bn_to_intR tEllipticCurvePrivateNumbersRIRy(RQtbnRx((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pytprivate_numberss  cC`s"|jj||||j|jS(N(RMt_private_key_bytesR]R;(RQtencodingR7tencryption_algorithm((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyt private_bytess  cC`sSt|t|j||j\}}t|j||j}t|j||S(N(R$RRMt _algorithmRR;RE(RQRAR#RR((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pytsigns  ( RVRWRSRtread_only_propertyRbR`RnRIR~RR(((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyR\s      RtcB`sDeZdZejdZdZdZdZdZ RS(cC`sM||_t||||_||_t||}t|||_dS(N(RMR4R;R]R0R9R^(RQRRR_R/((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyRSs     R^cC`sAt|tstdnt|t|j|||jS(Nssignature must be bytes.(R tbytest TypeErrorR$RXRMRR(RQRJR#((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pytverifier s  c C`s|jj|j\}}}|jjj|j}|jj||jjjk|jj}|jjj |}|jjj |}||||||}|jj|dk|jj |} |jj |} WdQXt j d| d| d|j S(NitxtyRb(RMt%_ec_key_determine_group_get_set_funcsR;RRgRRRRRR{R tEllipticCurvePublicNumbersR^( RQtset_functget_funcRRwRtbn_xtbn_yRRR((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyRys cC`s@|tjjkr!tdn|jj||||jdS(Ns1EC public keys do not support PKCS1 serialization(R t PublicFormattPKCS1ReRMt_public_key_bytesR]tNone(RQRR7((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyt public_bytes-s  cC`sVt|t|j||j\}}t|j||j}t|j|||S(N(R$RRMRRR;RK(RQRJRAR#RR((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyR[;s  ( RVRWRSRRRbRRyRR[(((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyRts    N(#t __future__RRRt cryptographyRtcryptography.exceptionsRRRt*cryptography.hazmat.backends.openssl.utilsRRtcryptography.hazmat.primitivesR R t)cryptography.hazmat.primitives.asymmetricR R R RR$R0R4R9RERKtregister_interfacetobjectRLRXt(EllipticCurvePrivateKeyWithSerializationR\t'EllipticCurvePublicKeyWithSerializationRt(((sM/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/ec.pyts(    b