diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 20 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/asymmetric/ec.py | 12 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/serialization/ssh.py | 3 | 
3 files changed, 33 insertions, 2 deletions
| diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 99f6ccf6..cfe146f2 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1383,6 +1383,26 @@ class Backend(object):          return _EllipticCurvePublicKey(self, ec_cdata, evp_pkey) +    def load_elliptic_curve_public_bytes(self, curve, point_bytes): +        ec_cdata = self._ec_key_new_by_curve(curve) +        group = self._lib.EC_KEY_get0_group(ec_cdata) +        self.openssl_assert(group != self._ffi.NULL) +        point = self._lib.EC_POINT_new(group) +        self.openssl_assert(point != self._ffi.NULL) +        point = self._ffi.gc(point, self._lib.EC_POINT_free) +        with self._tmp_bn_ctx() as bn_ctx: +            res = self._lib.EC_POINT_oct2point( +                group, point, point_bytes, len(point_bytes), bn_ctx +            ) +            if res != 1: +                self._consume_errors() +                raise ValueError("Invalid public bytes for the given curve") + +        res = self._lib.EC_KEY_set_public_key(ec_cdata, point) +        self.openssl_assert(res == 1) +        evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata) +        return _EllipticCurvePublicKey(self, ec_cdata, evp_pkey) +      def derive_elliptic_curve_private_key(self, private_value, curve):          ec_cdata = self._ec_key_new_by_curve(curve) diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py index 1d709d33..6b1de7c5 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/ec.py +++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py @@ -151,6 +151,18 @@ class EllipticCurvePublicKey(object):          Verifies the signature of the data.          """ +    @classmethod +    def from_encoded_point(cls, curve, data): +        utils._check_bytes("data", data) +        if not isinstance(curve, EllipticCurve): +            raise TypeError("curve must be an EllipticCurve instance") + +        if six.indexbytes(data, 0) not in [0x02, 0x03, 0x04]: +            raise ValueError("Unsupported elliptic curve point type") + +        from cryptography.hazmat.backends.openssl.backend import backend +        return backend.load_elliptic_curve_public_bytes(curve, data) +  EllipticCurvePublicKeyWithSerialization = EllipticCurvePublicKey diff --git a/src/cryptography/hazmat/primitives/serialization/ssh.py b/src/cryptography/hazmat/primitives/serialization/ssh.py index f58ff074..cb838927 100644 --- a/src/cryptography/hazmat/primitives/serialization/ssh.py +++ b/src/cryptography/hazmat/primitives/serialization/ssh.py @@ -99,8 +99,7 @@ def _load_ssh_ecdsa_public_key(expected_key_type, decoded_data, backend):              "Compressed elliptic curve points are not supported"          ) -    numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(curve, data) -    return numbers.public_key(backend) +    return ec.EllipticCurvePublicKey.from_encoded_point(curve, data)  def _ssh_read_next_string(data): | 
