From 68c9826cad2842e026a3f3fd6096f563315b988e Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sun, 28 Sep 2014 12:35:16 +0100 Subject: Remove curve parameter from OpenSSL EC keys --- cryptography/hazmat/backends/openssl/backend.py | 41 +++++++++++-------------- cryptography/hazmat/backends/openssl/ec.py | 14 ++++++--- 2 files changed, 27 insertions(+), 28 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 582623f5..ab083d88 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -479,9 +479,7 @@ class Backend(object): ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey) assert ec_cdata != self._ffi.NULL ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - sn = self._ec_key_curve_sn(ec_cdata) - curve = self._sn_to_elliptic_curve(sn) - return _EllipticCurvePrivateKey(self, ec_cdata, curve) + return _EllipticCurvePrivateKey(self, ec_cdata) else: raise UnsupportedAlgorithm("Unsupported key type.") @@ -508,25 +506,10 @@ class Backend(object): ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey) assert ec_cdata != self._ffi.NULL ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - sn = self._ec_key_curve_sn(ec_cdata) - curve = self._sn_to_elliptic_curve(sn) - return _EllipticCurvePublicKey(self, ec_cdata, curve) + return _EllipticCurvePublicKey(self, ec_cdata) else: raise UnsupportedAlgorithm("Unsupported key type.") - def _ec_key_curve_sn(self, ec_key): - group = self._lib.EC_KEY_get0_group(ec_key) - assert group != self._ffi.NULL - - nid = self._lib.EC_GROUP_get_curve_name(group) - assert nid != self._lib.NID_undef - - curve_name = self._lib.OBJ_nid2sn(nid) - assert curve_name != self._ffi.NULL - - sn = self._ffi.string(curve_name).decode('ascii') - return sn - def _pem_password_cb(self, password): """ Generate a pem_password_cb function pointer that copied the password to @@ -1007,7 +990,7 @@ class Backend(object): res = self._lib.EC_KEY_check_key(ctx) assert res == 1 - return _EllipticCurvePrivateKey(self, ctx, curve) + return _EllipticCurvePrivateKey(self, ec_cdata) else: raise UnsupportedAlgorithm( "Backend object does not support {0}.".format(curve.name), @@ -1039,8 +1022,7 @@ class Backend(object): ctx, self._int_to_bn(numbers.private_value)) assert res == 1 - return _EllipticCurvePrivateKey(self, ctx, - numbers.public_numbers.curve) + return _EllipticCurvePrivateKey(self, ec_cdata) def elliptic_curve_public_key_from_numbers(self, numbers): warnings.warn( @@ -1061,7 +1043,7 @@ class Backend(object): ctx = self._ec_key_set_public_key_affine_coordinates( ctx, numbers.x, numbers.y) - return _EllipticCurvePublicKey(self, ctx, numbers.curve) + return _EllipticCurvePublicKey(self, ec_cdata) def _elliptic_curve_to_nid(self, curve): """ @@ -1083,6 +1065,19 @@ class Backend(object): ) return curve_nid + def _ec_key_curve_sn(self, ec_key): + group = self._lib.EC_KEY_get0_group(ec_key) + assert group != self._ffi.NULL + + nid = self._lib.EC_GROUP_get_curve_name(group) + assert nid != self._lib.NID_undef + + curve_name = self._lib.OBJ_nid2sn(nid) + assert curve_name != self._ffi.NULL + + sn = self._ffi.string(curve_name).decode('ascii') + return sn + def _sn_to_elliptic_curve(self, sn): try: return ec._CURVE_TYPES[sn]() diff --git a/cryptography/hazmat/backends/openssl/ec.py b/cryptography/hazmat/backends/openssl/ec.py index 369b185b..7b0fd9d4 100644 --- a/cryptography/hazmat/backends/openssl/ec.py +++ b/cryptography/hazmat/backends/openssl/ec.py @@ -131,10 +131,12 @@ class _ECDSAVerificationContext(object): @utils.register_interface(interfaces.EllipticCurvePrivateKeyWithNumbers) class _EllipticCurvePrivateKey(object): - def __init__(self, backend, ec_key_cdata, curve): + def __init__(self, backend, ec_key_cdata): self._backend = backend self._ec_key = ec_key_cdata - self._curve = curve + + sn = backend._ec_key_curve_sn(ec_key_cdata) + self._curve = backend._sn_to_elliptic_curve(sn) @property def curve(self): @@ -169,7 +171,7 @@ class _EllipticCurvePrivateKey(object): assert res == 1 return _EllipticCurvePublicKey( - self._backend, public_ec_key, self._curve + self._backend, public_ec_key ) def private_numbers(self): @@ -183,10 +185,12 @@ class _EllipticCurvePrivateKey(object): @utils.register_interface(interfaces.EllipticCurvePublicKeyWithNumbers) class _EllipticCurvePublicKey(object): - def __init__(self, backend, ec_key_cdata, curve): + def __init__(self, backend, ec_key_cdata): self._backend = backend self._ec_key = ec_key_cdata - self._curve = curve + + sn = backend._ec_key_curve_sn(ec_key_cdata) + self._curve = backend._sn_to_elliptic_curve(sn) @property def curve(self): -- cgit v1.2.3 From 9c2227b97ff7b3aabe0f0a957a92c7628c447da1 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sun, 28 Sep 2014 12:35:33 +0100 Subject: Rename some ctx vars to ec_cdata --- cryptography/hazmat/backends/openssl/backend.py | 32 ++++++++++++------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index ab083d88..2540a51f 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -980,14 +980,14 @@ class Backend(object): if self.elliptic_curve_supported(curve): curve_nid = self._elliptic_curve_to_nid(curve) - ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) - assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free) + ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid) + assert ec_cdata != self._ffi.NULL + ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - res = self._lib.EC_KEY_generate_key(ctx) + res = self._lib.EC_KEY_generate_key(ec_cdata) assert res == 1 - res = self._lib.EC_KEY_check_key(ctx) + res = self._lib.EC_KEY_check_key(ec_cdata) assert res == 1 return _EllipticCurvePrivateKey(self, ec_cdata) @@ -1011,15 +1011,15 @@ class Backend(object): curve_nid = self._elliptic_curve_to_nid(public.curve) - ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) - assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free) + ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid) + assert ec_cdata != self._ffi.NULL + ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - ctx = self._ec_key_set_public_key_affine_coordinates( - ctx, public.x, public.y) + ec_cdata = self._ec_key_set_public_key_affine_coordinates( + ec_cdata, public.x, public.y) res = self._lib.EC_KEY_set_private_key( - ctx, self._int_to_bn(numbers.private_value)) + ec_cdata, self._int_to_bn(numbers.private_value)) assert res == 1 return _EllipticCurvePrivateKey(self, ec_cdata) @@ -1036,12 +1036,12 @@ class Backend(object): def load_elliptic_curve_public_numbers(self, numbers): curve_nid = self._elliptic_curve_to_nid(numbers.curve) - ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) - assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free) + ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid) + assert ec_cdata != self._ffi.NULL + ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) - ctx = self._ec_key_set_public_key_affine_coordinates( - ctx, numbers.x, numbers.y) + ec_cdata = self._ec_key_set_public_key_affine_coordinates( + ec_cdata, numbers.x, numbers.y) return _EllipticCurvePublicKey(self, ec_cdata) -- cgit v1.2.3 From 2d2ee522a2bc038b996573d6c0fb6b95a0560041 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sun, 28 Sep 2014 15:38:06 +0100 Subject: Move _ec_key_curve_sn to openssl/ec.py --- cryptography/hazmat/backends/openssl/backend.py | 22 ----------------- cryptography/hazmat/backends/openssl/ec.py | 32 +++++++++++++++++++++---- tests/hazmat/backends/test_openssl.py | 3 ++- 3 files changed, 30 insertions(+), 27 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 2540a51f..9a36674a 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -1065,28 +1065,6 @@ class Backend(object): ) return curve_nid - def _ec_key_curve_sn(self, ec_key): - group = self._lib.EC_KEY_get0_group(ec_key) - assert group != self._ffi.NULL - - nid = self._lib.EC_GROUP_get_curve_name(group) - assert nid != self._lib.NID_undef - - curve_name = self._lib.OBJ_nid2sn(nid) - assert curve_name != self._ffi.NULL - - sn = self._ffi.string(curve_name).decode('ascii') - return sn - - def _sn_to_elliptic_curve(self, sn): - try: - return ec._CURVE_TYPES[sn]() - except KeyError: - raise UnsupportedAlgorithm( - "{0} is not a supported elliptic curve".format(sn), - _Reasons.UNSUPPORTED_ELLIPTIC_CURVE - ) - @contextmanager def _tmp_bn_ctx(self): bn_ctx = self._lib.BN_CTX_new() diff --git a/cryptography/hazmat/backends/openssl/ec.py b/cryptography/hazmat/backends/openssl/ec.py index 7b0fd9d4..9371a9a9 100644 --- a/cryptography/hazmat/backends/openssl/ec.py +++ b/cryptography/hazmat/backends/openssl/ec.py @@ -63,6 +63,30 @@ def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend): return digest +def _ec_key_curve_sn(backend, ec_key): + group = backend._lib.EC_KEY_get0_group(ec_key) + assert group != backend._ffi.NULL + + nid = backend._lib.EC_GROUP_get_curve_name(group) + assert nid != backend._lib.NID_undef + + curve_name = backend._lib.OBJ_nid2sn(nid) + assert curve_name != backend._ffi.NULL + + sn = backend._ffi.string(curve_name).decode('ascii') + return sn + + +def _sn_to_elliptic_curve(backend, sn): + try: + return ec._CURVE_TYPES[sn]() + except KeyError: + raise UnsupportedAlgorithm( + "{0} is not a supported elliptic curve".format(sn), + _Reasons.UNSUPPORTED_ELLIPTIC_CURVE + ) + + @utils.register_interface(interfaces.AsymmetricSignatureContext) class _ECDSASignatureContext(object): def __init__(self, backend, private_key, algorithm): @@ -135,8 +159,8 @@ class _EllipticCurvePrivateKey(object): self._backend = backend self._ec_key = ec_key_cdata - sn = backend._ec_key_curve_sn(ec_key_cdata) - self._curve = backend._sn_to_elliptic_curve(sn) + sn = _ec_key_curve_sn(backend, ec_key_cdata) + self._curve = _sn_to_elliptic_curve(backend, sn) @property def curve(self): @@ -189,8 +213,8 @@ class _EllipticCurvePublicKey(object): self._backend = backend self._ec_key = ec_key_cdata - sn = backend._ec_key_curve_sn(ec_key_cdata) - self._curve = backend._sn_to_elliptic_curve(sn) + sn = _ec_key_curve_sn(backend, ec_key_cdata) + self._curve = _sn_to_elliptic_curve(backend, sn) @property def curve(self): diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index bfe6040e..b00543fe 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -27,6 +27,7 @@ from cryptography.exceptions import InternalError, _Reasons from cryptography.hazmat.backends.openssl.backend import ( Backend, backend ) +from cryptography.hazmat.backends.openssl.ec import _sn_to_elliptic_curve from cryptography.hazmat.primitives import hashes, interfaces from cryptography.hazmat.primitives.asymmetric import dsa, ec, padding, rsa from cryptography.hazmat.primitives.ciphers import Cipher @@ -509,7 +510,7 @@ class TestOpenSSLEllipticCurve(object): def test_sn_to_elliptic_curve_not_supported(self): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE): - backend._sn_to_elliptic_curve(b"fake") + _sn_to_elliptic_curve(backend, b"fake") class TestDeprecatedRSABackendMethods(object): -- cgit v1.2.3