diff options
-rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 82 | ||||
-rw-r--r-- | cryptography/hazmat/backends/openssl/ec.py | 30 |
2 files changed, 41 insertions, 71 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index e2ad252e..e8fc3a4d 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -37,7 +37,6 @@ from cryptography.hazmat.backends.openssl.dsa import ( _DSASignatureContext, _DSAVerificationContext ) from cryptography.hazmat.backends.openssl.ec import ( - _ECDSASignatureContext, _ECDSAVerificationContext, _EllipticCurvePrivateKey, _EllipticCurvePublicKey ) from cryptography.hazmat.backends.openssl.hashes import _HashContext @@ -913,13 +912,6 @@ class Backend(object): return self.elliptic_curve_supported(curve) - def _create_ecdsa_signature_ctx(self, private_key, ecdsa): - return _ECDSASignatureContext(self, private_key, ecdsa.algorithm) - - def _create_ecdsa_verification_ctx(self, public_key, signature, ecdsa): - return _ECDSAVerificationContext(self, public_key, signature, - ecdsa.algorithm) - def generate_elliptic_curve_private_key(self, curve): """ Generate a new private key on the named curve. @@ -946,39 +938,6 @@ class Backend(object): ) def elliptic_curve_private_key_from_numbers(self, numbers): - ec_key = self._ec_key_cdata_from_private_numbers(numbers) - return _EllipticCurvePrivateKey(self, ec_key, - numbers.public_numbers.curve) - - def elliptic_curve_public_key_from_numbers(self, numbers): - ec_key = self._ec_key_cdata_from_public_numbers(numbers) - return _EllipticCurvePublicKey(self, ec_key, numbers.curve) - - def _elliptic_curve_to_nid(self, curve): - """ - Get the NID for a curve name. - """ - - curve_aliases = { - "secp192r1": "prime192v1", - "secp256r1": "prime256v1" - } - - curve_name = curve_aliases.get(curve.name, curve.name) - - curve_nid = self._lib.OBJ_sn2nid(curve_name.encode()) - if curve_nid == self._lib.NID_undef: - raise UnsupportedAlgorithm( - "{0} is not a supported elliptic curve".format(curve.name), - _Reasons.UNSUPPORTED_ELLIPTIC_CURVE - ) - return curve_nid - - def _ec_key_cdata_from_private_numbers(self, numbers): - """ - Build an EC_KEY from a private key object. - """ - public = numbers.public_numbers curve_nid = self._elliptic_curve_to_nid(public.curve) @@ -994,13 +953,10 @@ class Backend(object): ctx, self._int_to_bn(numbers.private_value)) assert res == 1 - return ctx - - def _ec_key_cdata_from_public_numbers(self, numbers): - """ - Build an EC_KEY from a public key object. - """ + return _EllipticCurvePrivateKey(self, ctx, + numbers.public_numbers.curve) + def elliptic_curve_public_key_from_numbers(self, numbers): curve_nid = self._elliptic_curve_to_nid(numbers.curve) ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) @@ -1010,29 +966,27 @@ class Backend(object): ctx = self._ec_key_set_public_key_affine_coordinates( ctx, numbers.x, numbers.y) - return ctx + return _EllipticCurvePublicKey(self, ctx, numbers.curve) - def _public_ec_key_from_private_ec_key(self, private_key_cdata): + def _elliptic_curve_to_nid(self, curve): """ - Copy the public portions out of one EC key into a new one. + Get the NID for a curve name. """ - group = self._lib.EC_KEY_get0_group(private_key_cdata) - assert group != self._ffi.NULL - - curve_nid = self._lib.EC_GROUP_get_curve_name(group) - - ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) - assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free) - - point = self._lib.EC_KEY_get0_public_key(private_key_cdata) - assert point != self._ffi.NULL + curve_aliases = { + "secp192r1": "prime192v1", + "secp256r1": "prime256v1" + } - res = self._lib.EC_KEY_set_public_key(ctx, point) - assert res == 1 + curve_name = curve_aliases.get(curve.name, curve.name) - return ctx + curve_nid = self._lib.OBJ_sn2nid(curve_name.encode()) + if curve_nid == self._lib.NID_undef: + raise UnsupportedAlgorithm( + "{0} is not a supported elliptic curve".format(curve.name), + _Reasons.UNSUPPORTED_ELLIPTIC_CURVE + ) + return curve_nid def _ec_key_set_public_key_affine_coordinates(self, ctx, x, y): """ diff --git a/cryptography/hazmat/backends/openssl/ec.py b/cryptography/hazmat/backends/openssl/ec.py index 892d20ea..b7cd9802 100644 --- a/cryptography/hazmat/backends/openssl/ec.py +++ b/cryptography/hazmat/backends/openssl/ec.py @@ -138,20 +138,35 @@ class _EllipticCurvePrivateKey(object): def signer(self, signature_algorithm): if isinstance(signature_algorithm, ec.ECDSA): - return self._backend._create_ecdsa_signature_ctx( - self, signature_algorithm) + return _ECDSASignatureContext( + self._backend, self, signature_algorithm.algorithm + ) else: raise UnsupportedAlgorithm( "Unsupported elliptic curve signature algorithm.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) def public_key(self): - public_ec_key = self._backend._public_ec_key_from_private_ec_key( - self._ec_key + group = self._backend._lib.EC_KEY_get0_group(self._ec_key) + assert group != self._backend._ffi.NULL + + curve_nid = self._backend._lib.EC_GROUP_get_curve_name(group) + + public_ec_key = self._backend._lib.EC_KEY_new_by_curve_name(curve_nid) + assert public_ec_key != self._backend._ffi.NULL + public_ec_key = self._backend._ffi.gc( + public_ec_key, self._backend._lib.EC_KEY_free ) + point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key) + assert point != self._backend._ffi.NULL + + res = self._backend._lib.EC_KEY_set_public_key(public_ec_key, point) + assert res == 1 + return _EllipticCurvePublicKey( - self._backend, public_ec_key, self._curve) + self._backend, public_ec_key, self._curve + ) @utils.register_interface(interfaces.EllipticCurvePublicKey) @@ -167,8 +182,9 @@ class _EllipticCurvePublicKey(object): def verifier(self, signature, signature_algorithm): if isinstance(signature_algorithm, ec.ECDSA): - return self._backend._create_ecdsa_verification_ctx( - self, signature, signature_algorithm) + return _ECDSAVerificationContext( + self._backend, self, signature, signature_algorithm.algorithm + ) else: raise UnsupportedAlgorithm( "Unsupported elliptic curve signature algorithm.", |