diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-09-28 11:07:58 -0500 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-09-28 11:07:58 -0500 |
commit | b42eb9dc9214c368336c682ecc7d79a78fcfb491 (patch) | |
tree | 59a56fbb94e457f477583a4a76d6d2347b7965c5 | |
parent | 77de1fcb9d6beeb27107eb5830c8132092a9b041 (diff) | |
parent | 2d2ee522a2bc038b996573d6c0fb6b95a0560041 (diff) | |
download | cryptography-b42eb9dc9214c368336c682ecc7d79a78fcfb491.tar.gz cryptography-b42eb9dc9214c368336c682ecc7d79a78fcfb491.tar.bz2 cryptography-b42eb9dc9214c368336c682ecc7d79a78fcfb491.zip |
Merge pull request #1364 from public/remove-curve
Remove the curve parameter from OpenSSL EC keys
-rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 69 | ||||
-rw-r--r-- | cryptography/hazmat/backends/openssl/ec.py | 38 | ||||
-rw-r--r-- | tests/hazmat/backends/test_openssl.py | 3 |
3 files changed, 56 insertions, 54 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 582623f5..9a36674a 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -479,9 +479,7 @@ class Backend(object): ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey) assert ec_cdata != self._ffi.NULL ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - sn = self._ec_key_curve_sn(ec_cdata) - curve = self._sn_to_elliptic_curve(sn) - return _EllipticCurvePrivateKey(self, ec_cdata, curve) + return _EllipticCurvePrivateKey(self, ec_cdata) else: raise UnsupportedAlgorithm("Unsupported key type.") @@ -508,25 +506,10 @@ class Backend(object): ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey) assert ec_cdata != self._ffi.NULL ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - sn = self._ec_key_curve_sn(ec_cdata) - curve = self._sn_to_elliptic_curve(sn) - return _EllipticCurvePublicKey(self, ec_cdata, curve) + return _EllipticCurvePublicKey(self, ec_cdata) else: raise UnsupportedAlgorithm("Unsupported key type.") - def _ec_key_curve_sn(self, ec_key): - group = self._lib.EC_KEY_get0_group(ec_key) - assert group != self._ffi.NULL - - nid = self._lib.EC_GROUP_get_curve_name(group) - assert nid != self._lib.NID_undef - - curve_name = self._lib.OBJ_nid2sn(nid) - assert curve_name != self._ffi.NULL - - sn = self._ffi.string(curve_name).decode('ascii') - return sn - def _pem_password_cb(self, password): """ Generate a pem_password_cb function pointer that copied the password to @@ -997,17 +980,17 @@ class Backend(object): if self.elliptic_curve_supported(curve): curve_nid = self._elliptic_curve_to_nid(curve) - ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) - assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free) + ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid) + assert ec_cdata != self._ffi.NULL + ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - res = self._lib.EC_KEY_generate_key(ctx) + res = self._lib.EC_KEY_generate_key(ec_cdata) assert res == 1 - res = self._lib.EC_KEY_check_key(ctx) + res = self._lib.EC_KEY_check_key(ec_cdata) assert res == 1 - return _EllipticCurvePrivateKey(self, ctx, curve) + return _EllipticCurvePrivateKey(self, ec_cdata) else: raise UnsupportedAlgorithm( "Backend object does not support {0}.".format(curve.name), @@ -1028,19 +1011,18 @@ class Backend(object): curve_nid = self._elliptic_curve_to_nid(public.curve) - ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) - assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free) + ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid) + assert ec_cdata != self._ffi.NULL + ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - ctx = self._ec_key_set_public_key_affine_coordinates( - ctx, public.x, public.y) + ec_cdata = self._ec_key_set_public_key_affine_coordinates( + ec_cdata, public.x, public.y) res = self._lib.EC_KEY_set_private_key( - ctx, self._int_to_bn(numbers.private_value)) + ec_cdata, self._int_to_bn(numbers.private_value)) assert res == 1 - return _EllipticCurvePrivateKey(self, ctx, - numbers.public_numbers.curve) + return _EllipticCurvePrivateKey(self, ec_cdata) def elliptic_curve_public_key_from_numbers(self, numbers): warnings.warn( @@ -1054,14 +1036,14 @@ class Backend(object): def load_elliptic_curve_public_numbers(self, numbers): curve_nid = self._elliptic_curve_to_nid(numbers.curve) - ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) - assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free) + ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid) + assert ec_cdata != self._ffi.NULL + ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - ctx = self._ec_key_set_public_key_affine_coordinates( - ctx, numbers.x, numbers.y) + ec_cdata = self._ec_key_set_public_key_affine_coordinates( + ec_cdata, numbers.x, numbers.y) - return _EllipticCurvePublicKey(self, ctx, numbers.curve) + return _EllipticCurvePublicKey(self, ec_cdata) def _elliptic_curve_to_nid(self, curve): """ @@ -1083,15 +1065,6 @@ class Backend(object): ) return curve_nid - def _sn_to_elliptic_curve(self, sn): - try: - return ec._CURVE_TYPES[sn]() - except KeyError: - raise UnsupportedAlgorithm( - "{0} is not a supported elliptic curve".format(sn), - _Reasons.UNSUPPORTED_ELLIPTIC_CURVE - ) - @contextmanager def _tmp_bn_ctx(self): bn_ctx = self._lib.BN_CTX_new() diff --git a/cryptography/hazmat/backends/openssl/ec.py b/cryptography/hazmat/backends/openssl/ec.py index 369b185b..9371a9a9 100644 --- a/cryptography/hazmat/backends/openssl/ec.py +++ b/cryptography/hazmat/backends/openssl/ec.py @@ -63,6 +63,30 @@ def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend): return digest +def _ec_key_curve_sn(backend, ec_key): + group = backend._lib.EC_KEY_get0_group(ec_key) + assert group != backend._ffi.NULL + + nid = backend._lib.EC_GROUP_get_curve_name(group) + assert nid != backend._lib.NID_undef + + curve_name = backend._lib.OBJ_nid2sn(nid) + assert curve_name != backend._ffi.NULL + + sn = backend._ffi.string(curve_name).decode('ascii') + return sn + + +def _sn_to_elliptic_curve(backend, sn): + try: + return ec._CURVE_TYPES[sn]() + except KeyError: + raise UnsupportedAlgorithm( + "{0} is not a supported elliptic curve".format(sn), + _Reasons.UNSUPPORTED_ELLIPTIC_CURVE + ) + + @utils.register_interface(interfaces.AsymmetricSignatureContext) class _ECDSASignatureContext(object): def __init__(self, backend, private_key, algorithm): @@ -131,10 +155,12 @@ class _ECDSAVerificationContext(object): @utils.register_interface(interfaces.EllipticCurvePrivateKeyWithNumbers) class _EllipticCurvePrivateKey(object): - def __init__(self, backend, ec_key_cdata, curve): + def __init__(self, backend, ec_key_cdata): self._backend = backend self._ec_key = ec_key_cdata - self._curve = curve + + sn = _ec_key_curve_sn(backend, ec_key_cdata) + self._curve = _sn_to_elliptic_curve(backend, sn) @property def curve(self): @@ -169,7 +195,7 @@ class _EllipticCurvePrivateKey(object): assert res == 1 return _EllipticCurvePublicKey( - self._backend, public_ec_key, self._curve + self._backend, public_ec_key ) def private_numbers(self): @@ -183,10 +209,12 @@ class _EllipticCurvePrivateKey(object): @utils.register_interface(interfaces.EllipticCurvePublicKeyWithNumbers) class _EllipticCurvePublicKey(object): - def __init__(self, backend, ec_key_cdata, curve): + def __init__(self, backend, ec_key_cdata): self._backend = backend self._ec_key = ec_key_cdata - self._curve = curve + + sn = _ec_key_curve_sn(backend, ec_key_cdata) + self._curve = _sn_to_elliptic_curve(backend, sn) @property def curve(self): diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index bfe6040e..b00543fe 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -27,6 +27,7 @@ from cryptography.exceptions import InternalError, _Reasons from cryptography.hazmat.backends.openssl.backend import ( Backend, backend ) +from cryptography.hazmat.backends.openssl.ec import _sn_to_elliptic_curve from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import dsa, ec, padding, rsa from cryptography.hazmat.primitives.ciphers import Cipher @@ -509,7 +510,7 @@ class TestOpenSSLEllipticCurve(object): def test_sn_to_elliptic_curve_not_supported(self): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE): - backend._sn_to_elliptic_curve(b"fake") + _sn_to_elliptic_curve(backend, b"fake") class TestDeprecatedRSABackendMethods(object): |