Merge pull request #1346 from reaperhulk/fix-pkcs8-ec-load

Process curve name when loading EC keys. Fixes #1336
author: Alex Gaynor <alex.gaynor@gmail.com> 2014-09-26 21:25:00 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2014-09-26 21:25:00 -0400
commit: 45d4c5909bd857986b901d59fd4d77bce63bfeff (patch)
tree: 56041a8f65c8de0dfedcf8d596ad7748689fbf82 /cryptography
parent: e0b8e843a1c81850e730aa8de0a2970b8287f7bb (diff)
parent: afca2d508702e7e749db49aeee83940d547015a7 (diff)
download: cryptography-45d4c5909bd857986b901d59fd4d77bce63bfeff.tar.gz
cryptography-45d4c5909bd857986b901d59fd4d77bce63bfeff.tar.bz2
cryptography-45d4c5909bd857986b901d59fd4d77bce63bfeff.zip
2 files changed, 56 insertions, 6 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 9d767aef..389ef0be 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -474,12 +474,14 @@ class Backend(object):
             assert dsa_cdata != self._ffi.NULL
             dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
             return _DSAPrivateKey(self, dsa_cdata)
-        elif self._lib.Cryptography_HAS_EC == 1 \
-                and type == self._lib.EVP_PKEY_EC:
+        elif (self._lib.Cryptography_HAS_EC == 1 and
+              type == self._lib.EVP_PKEY_EC):
             ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
             assert ec_cdata != self._ffi.NULL
             ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
-            return _EllipticCurvePrivateKey(self, ec_cdata, None)
+            sn = self._ec_key_curve_sn(ec_cdata)
+            curve = self._sn_to_elliptic_curve(sn)
+            return _EllipticCurvePrivateKey(self, ec_cdata, curve)
         else:
             raise UnsupportedAlgorithm("Unsupported key type.")
 
@@ -501,15 +503,30 @@ class Backend(object):
             assert dsa_cdata != self._ffi.NULL
             dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
             return _DSAPublicKey(self, dsa_cdata)
-        elif self._lib.Cryptography_HAS_EC == 1 \
-                and type == self._lib.EVP_PKEY_EC:
+        elif (self._lib.Cryptography_HAS_EC == 1 and
+              type == self._lib.EVP_PKEY_EC):
             ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
             assert ec_cdata != self._ffi.NULL
             ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
-            return _EllipticCurvePublicKey(self, ec_cdata, None)
+            sn = self._ec_key_curve_sn(ec_cdata)
+            curve = self._sn_to_elliptic_curve(sn)
+            return _EllipticCurvePublicKey(self, ec_cdata, curve)
         else:
             raise UnsupportedAlgorithm("Unsupported key type.")
 
+    def _ec_key_curve_sn(self, ec_key):
+        group = self._lib.EC_KEY_get0_group(ec_key)
+        assert group != self._ffi.NULL
+
+        nid = self._lib.EC_GROUP_get_curve_name(group)
+        assert nid != self._lib.NID_undef
+
+        curve_name = self._lib.OBJ_nid2sn(nid)
+        assert curve_name != self._ffi.NULL
+
+        sn = self._ffi.string(curve_name).decode('ascii')
+        return sn
+
     def _pem_password_cb(self, password):
         """
         Generate a pem_password_cb function pointer that copied the password to
@@ -1048,6 +1065,15 @@ class Backend(object):
             )
         return curve_nid
 
+    def _sn_to_elliptic_curve(self, sn):
+        try:
+            return ec._CURVE_TYPES[sn]()
+        except KeyError:
+            raise UnsupportedAlgorithm(
+                "{0} is not a supported elliptic curve".format(sn),
+                _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
+            )
+
     @contextmanager
     def _tmp_bn_ctx(self):
         bn_ctx = self._lib.BN_CTX_new()
diff --git a/cryptography/hazmat/primitives/asymmetric/ec.py b/cryptography/hazmat/primitives/asymmetric/ec.py
index 220a419c..98eca276 100644
--- a/cryptography/hazmat/primitives/asymmetric/ec.py
+++ b/cryptography/hazmat/primitives/asymmetric/ec.py
@@ -184,6 +184,30 @@ class SECP192R1(object):
         return 192
 
 
+_CURVE_TYPES = {
+    "prime192v1": SECP192R1,
+    "prime256v1": SECP256R1,
+
+    "secp192r1": SECP192R1,
+    "secp224r1": SECP224R1,
+    "secp256r1": SECP256R1,
+    "secp384r1": SECP384R1,
+    "secp521r1": SECP521R1,
+
+    "sect163k1": SECT163K1,
+    "sect233k1": SECT233K1,
+    "sect283k1": SECT283K1,
+    "sect409k1": SECT409K1,
+    "sect571k1": SECT571K1,
+
+    "sect163r2": SECT163R2,
+    "sect233r1": SECT233R1,
+    "sect283r1": SECT283R1,
+    "sect409r1": SECT409R1,
+    "sect571r1": SECT571R1,
+}
+
+
 @utils.register_interface(interfaces.EllipticCurveSignatureAlgorithm)
 class ECDSA(object):
     def __init__(self, algorithm):
author	Alex Gaynor <alex.gaynor@gmail.com>	2014-09-26 21:25:00 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2014-09-26 21:25:00 -0400
commit	45d4c5909bd857986b901d59fd4d77bce63bfeff (patch)
tree	56041a8f65c8de0dfedcf8d596ad7748689fbf82 /cryptography
parent	e0b8e843a1c81850e730aa8de0a2970b8287f7bb (diff)
parent	afca2d508702e7e749db49aeee83940d547015a7 (diff)
download	cryptography-45d4c5909bd857986b901d59fd4d77bce63bfeff.tar.gz cryptography-45d4c5909bd857986b901d59fd4d77bce63bfeff.tar.bz2 cryptography-45d4c5909bd857986b901d59fd4d77bce63bfeff.zip