# This file is dual licensed under the terms of the Apache License, Version # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.hazmat.backends.openssl.utils import _evp_pkey_derive from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric.x25519 import ( X25519PrivateKey, X25519PublicKey ) _X25519_KEY_SIZE = 32 @utils.register_interface(X25519PublicKey) class _X25519PublicKey(object): def __init__(self, backend, evp_pkey): self._backend = backend self._evp_pkey = evp_pkey def public_bytes(self, encoding, format): if ( encoding is serialization.Encoding.Raw or format is serialization.PublicFormat.Raw ): if ( encoding is not serialization.Encoding.Raw or format is not serialization.PublicFormat.Raw ): raise ValueError( "When using Raw both encoding and format must be Raw" ) return self._raw_public_bytes() if ( encoding in serialization._PEM_DER and format is not serialization.PublicFormat.SubjectPublicKeyInfo ): raise ValueError( "format must be SubjectPublicKeyInfo when encoding is PEM or " "DER" ) return self._backend._public_key_bytes( encoding, format, self, self._evp_pkey, None ) def _raw_public_bytes(self): ucharpp = self._backend._ffi.new("unsigned char **") res = self._backend._lib.EVP_PKEY_get1_tls_encodedpoint( self._evp_pkey, ucharpp ) self._backend.openssl_assert(res == 32) self._backend.openssl_assert(ucharpp[0] != self._backend._ffi.NULL) data = self._backend._ffi.gc( ucharpp[0], self._backend._lib.OPENSSL_free ) return self._backend._ffi.buffer(data, res)[:] @utils.register_interface(X25519PrivateKey) class _X25519PrivateKey(object): def __init__(self, backend, evp_pkey): self._backend = backend self._evp_pkey = evp_pkey def public_key(self): bio = self._backend._create_mem_bio_gc() res = self._backend._lib.i2d_PUBKEY_bio(bio, self._evp_pkey) self._backend.openssl_assert(res == 1) evp_pkey = self._backend._lib.d2i_PUBKEY_bio( bio, self._backend._ffi.NULL ) self._backend.openssl_assert(evp_pkey != self._backend._ffi.NULL) evp_pkey = self._backend._ffi.gc( evp_pkey, self._backend._lib.EVP_PKEY_free ) return _X25519PublicKey(self._backend, evp_pkey) def exchange(self, peer_public_key): if not isinstance(peer_public_key, X25519PublicKey): raise TypeError("peer_public_key must be X25519PublicKey.") return _evp_pkey_derive( self._backend, self._evp_pkey, peer_public_key ) def private_bytes(self, encoding, format, encryption_algorithm): if ( encoding is serialization.Encoding.Raw or format is serialization.PublicFormat.Raw ): if ( format is not serialization.PrivateFormat.Raw or encoding is not serialization.Encoding.Raw or not isinstance(encryption_algorithm, serialization.NoEncryption) ): raise ValueError( "When using Raw both encoding and format must be Raw " "and encryption_algorithm must be NoEncryption()" ) return self._raw_private_bytes() if ( encoding in serialization._PEM_DER and format is not serialization.PrivateFormat.PKCS8 ): raise ValueError( "format must be PKCS8 when encoding is PEM or DER" ) return self._backend._private_key_bytes( encoding, format, encryption_algorithm, self._evp_pkey, None ) def _raw_private_bytes(self): # When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 we can # switch this to EVP_PKEY_new_raw_private_key # The trick we use here is serializing to a PKCS8 key and just # using the last 32 bytes, which is the key itself. bio = self._backend._create_mem_bio_gc() res = self._backend._lib.i2d_PKCS8PrivateKey_bio( bio, self._evp_pkey, self._backend._ffi.NULL, self._backend._ffi.NULL, 0, self._backend._ffi.NULL, self._backend._ffi.NULL ) self._backend.openssl_assert(res == 1) pkcs8 = self._backend._read_mem_bio(bio) self._backend.openssl_assert(len(pkcs8) == 48) return pkcs8[-_X25519_KEY_SIZE:]