Commit c286f0ec authored by SVN-Git Migration's avatar SVN-Git Migration

Imported Upstream version 0.6

parent 53f38ecf
......@@ -17,3 +17,4 @@ PGP key fingerprints are enclosed in parentheses.
* Terry Chia <terrycwk1994@gmail.com>
* Matthew Iversen <matt@notevencode.com> (2F04 3DCC D6E6 D5AC D262 2E0B C046 E8A8 7452 2973)
* Mohammed Attia <skeuomorf@gmail.com>
* Michael Hart <michael.hart1994@gmail.com>
Changelog
=========
0.6 - 2014-09-29
~~~~~~~~~~~~~~~~
* Added
:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` to
ease loading private keys, and
:func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key` to
support loading public keys.
* Removed the, deprecated in 0.4, support for the ``salt_length`` argument to
the :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
constructor. The ``salt_length`` should be passed to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` instead.
* Fix compilation on OS X Yosemite.
* Deprecated ``elliptic_curve_private_key_from_numbers`` and
``elliptic_curve_public_key_from_numbers`` in favor of
``load_elliptic_curve_private_numbers`` and
``load_elliptic_curve_public_numbers`` on
:class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`.
* Added
:class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateKeyWithNumbers`
and
:class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKeyWithNumbers`
support.
* Work around three GCM related bugs in CommonCrypto and OpenSSL.
* On the CommonCrypto backend adding AAD but not subsequently calling update
would return null tag bytes.
* One the CommonCrypto backend a call to update without an empty add AAD call
would return null ciphertext bytes.
* On the OpenSSL backend with certain versions adding AAD only would give
invalid tag bytes.
* Support loading EC private keys from PEM.
0.5.4 - 2014-08-20
~~~~~~~~~~~~~~~~~~
......@@ -57,20 +93,25 @@ Changelog
* Added :class:`~cryptography.hazmat.primitives.ciphers.modes.ECB` support
for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on
:doc:`/hazmat/backends/commoncrypto` and :doc:`/hazmat/backends/openssl`.
* Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`
in favor of backend specific providers of the
* Deprecated
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` in
favor of backend specific providers of the
:class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` interface.
* Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`
in favor of backend specific providers of the
* Deprecated
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` in favor
of backend specific providers of the
:class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` interface.
* Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`
in favor of backend specific providers of the
* Deprecated
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` in
favor of backend specific providers of the
:class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey` interface.
* Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
in favor of backend specific providers of the
* Deprecated
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` in favor
of backend specific providers of the
:class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` interface.
* Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`
in favor of backend specific providers of the
* Deprecated
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters` in
favor of backend specific providers of the
:class:`~cryptography.hazmat.primitives.interfaces.DSAParameters` interface.
* Deprecated ``encrypt_rsa``, ``decrypt_rsa``, ``create_rsa_signature_ctx`` and
``create_rsa_verification_ctx`` on
......@@ -83,9 +124,11 @@ Changelog
* Deprecated ``salt_length`` on
:class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` and added it
to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. It will be
removed from ``MGF1`` in two releases per our :doc:`/api-stability` policy.
* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED` support.
to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. It will
be removed from ``MGF1`` in two releases per our :doc:`/api-stability`
policy.
* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`
support.
* Added :class:`~cryptography.hazmat.primitives.cmac.CMAC`.
* Added decryption support to
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`
......@@ -101,7 +144,8 @@ Changelog
* Added :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP`.
* Added :class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP`.
* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA` support.
* Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`
support.
* Added signature support to
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`
and verification support to
......@@ -111,7 +155,8 @@ Changelog
0.2.2 - 2014-03-03
~~~~~~~~~~~~~~~~~~
* Removed a constant definition that was causing compilation problems with specific versions of OpenSSL.
* Removed a constant definition that was causing compilation problems with
specific versions of OpenSSL.
0.2.1 - 2014-02-22
~~~~~~~~~~~~~~~~~~
......
......@@ -5,6 +5,7 @@ include LICENSE
include README.rst
recursive-include docs *
recursive-include cryptography/hazmat/primitives/src *.c *.h
prune docs/_build
recursive-include tests *.py
recursive-exclude vectors *
Metadata-Version: 1.1
Name: cryptography
Version: 0.5.4
Version: 0.6
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
......@@ -13,6 +13,10 @@ Description: Cryptography
:target: https://pypi.python.org/pypi/cryptography/
:alt: Latest Version
.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest
:target: https://cryptography.io
:alt: Latest Docs
.. image:: https://travis-ci.org/pyca/cryptography.svg?branch=master
:target: https://travis-ci.org/pyca/cryptography
......
......@@ -5,6 +5,10 @@ Cryptography
:target: https://pypi.python.org/pypi/cryptography/
:alt: Latest Version
.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest
:target: https://cryptography.io
:alt: Latest Docs
.. image:: https://travis-ci.org/pyca/cryptography.svg?branch=master
:target: https://travis-ci.org/pyca/cryptography
......
Metadata-Version: 1.1
Name: cryptography
Version: 0.5.4
Version: 0.6
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
......@@ -13,6 +13,10 @@ Description: Cryptography
:target: https://pypi.python.org/pypi/cryptography/
:alt: Latest Version
.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest
:target: https://cryptography.io
:alt: Latest Docs
.. image:: https://travis-ci.org/pyca/cryptography.svg?branch=master
:target: https://travis-ci.org/pyca/cryptography
......
......@@ -13,6 +13,7 @@ cryptography/utils.py
cryptography.egg-info/PKG-INFO
cryptography.egg-info/SOURCES.txt
cryptography.egg-info/dependency_links.txt
cryptography.egg-info/entry_points.txt
cryptography.egg-info/not-zip-safe
cryptography.egg-info/requires.txt
cryptography.egg-info/top_level.txt
......@@ -36,8 +37,6 @@ cryptography/hazmat/backends/openssl/hmac.py
cryptography/hazmat/backends/openssl/rsa.py
cryptography/hazmat/bindings/__init__.py
cryptography/hazmat/bindings/utils.py
cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_4ed9e37dx4000d087.c
cryptography/hazmat/bindings/__pycache__/_Cryptography_cffi_d62b3d91x972e1c0b.c
cryptography/hazmat/bindings/commoncrypto/__init__.py
cryptography/hazmat/bindings/commoncrypto/binding.py
cryptography/hazmat/bindings/commoncrypto/cf.py
......@@ -91,8 +90,6 @@ cryptography/hazmat/primitives/hmac.py
cryptography/hazmat/primitives/interfaces.py
cryptography/hazmat/primitives/padding.py
cryptography/hazmat/primitives/serialization.py
cryptography/hazmat/primitives/__pycache__/_Cryptography_cffi_684bb40axf342507b.c
cryptography/hazmat/primitives/__pycache__/_Cryptography_cffi_8f86901cxc1767c5a.c
cryptography/hazmat/primitives/asymmetric/__init__.py
cryptography/hazmat/primitives/asymmetric/dsa.py
cryptography/hazmat/primitives/asymmetric/ec.py
......@@ -105,6 +102,8 @@ cryptography/hazmat/primitives/ciphers/modes.py
cryptography/hazmat/primitives/kdf/__init__.py
cryptography/hazmat/primitives/kdf/hkdf.py
cryptography/hazmat/primitives/kdf/pbkdf2.py
cryptography/hazmat/primitives/src/constant_time.c
cryptography/hazmat/primitives/src/constant_time.h
cryptography/hazmat/primitives/twofactor/__init__.py
cryptography/hazmat/primitives/twofactor/hotp.py
cryptography/hazmat/primitives/twofactor/totp.py
......
[cryptography.backends]
commoncrypto = cryptography.hazmat.backends.commoncrypto:backend
openssl = cryptography.hazmat.backends.openssl:backend
......@@ -22,7 +22,7 @@ __summary__ = ("cryptography is a package which provides cryptographic recipes"
" and primitives to Python developers.")
__uri__ = "https://github.com/pyca/cryptography"
__version__ = "0.5.4"
__version__ = "0.6"
__author__ = "The cryptography developers"
__email__ = "cryptography-dev@python.org"
......
......@@ -13,13 +13,9 @@
from __future__ import absolute_import, division, print_function
import pkg_resources
from cryptography.hazmat.backends.multibackend import MultiBackend
from cryptography.hazmat.bindings.commoncrypto.binding import (
Binding as CommonCryptoBinding
)
from cryptography.hazmat.bindings.openssl.binding import (
Binding as OpenSSLBinding
)
_available_backends_list = None
......@@ -29,19 +25,15 @@ def _available_backends():
global _available_backends_list
if _available_backends_list is None:
_available_backends_list = []
if CommonCryptoBinding.is_available():
from cryptography.hazmat.backends import commoncrypto
_available_backends_list.append(commoncrypto.backend)
if OpenSSLBinding.is_available():
from cryptography.hazmat.backends import openssl
_available_backends_list.append(openssl.backend)
_available_backends_list = [
backend.load(require=False)
for backend in pkg_resources.iter_entry_points(
"cryptography.backends"
)
]
return _available_backends_list
_default_backend = None
......
......@@ -151,6 +151,12 @@ class _GCMCipherContext(object):
len(mode.initialization_vector)
)
self._backend._check_cipher_response(res)
# CommonCrypto has a bug where calling update without at least one
# call to authenticate_additional_data will result in null byte output
# for ciphertext. The following empty byte string call prevents the
# issue, which is present in at least 10.8 and 10.9.
# Filed as rdar://18314544
self.authenticate_additional_data(b"")
def update(self, data):
buf = self._backend._ffi.new("unsigned char[]", len(data))
......@@ -164,6 +170,12 @@ class _GCMCipherContext(object):
return self._backend._ffi.buffer(buf)[:]
def finalize(self):
# CommonCrypto has a yet another bug where you must make at least one
# call to update. If you pass just AAD and call finalize without a call
# to update you'll get null bytes for tag. The following update call
# prevents this issue, which is present in at least 10.8 and 10.9.
# Filed as rdar://18314580
self.update(b"")
tag_size = self._cipher.block_size // 8
tag_buf = self._backend._ffi.new("unsigned char[]", tag_size)
tag_len = self._backend._ffi.new("size_t *", tag_size)
......
......@@ -70,6 +70,21 @@ class HMACBackend(object):
"""
@six.add_metaclass(abc.ABCMeta)
class CMACBackend(object):
@abc.abstractmethod
def cmac_algorithm_supported(self, algorithm):
"""
Returns True if the block cipher is supported for CMAC by this backend
"""
@abc.abstractmethod
def create_cmac_ctx(self, algorithm):
"""
Create a CMACContext for calculating a message authentication code.
"""
@six.add_metaclass(abc.ABCMeta)
class PBKDF2HMACBackend(object):
@abc.abstractmethod
......@@ -222,71 +237,72 @@ class DSABackend(object):
@six.add_metaclass(abc.ABCMeta)
class TraditionalOpenSSLSerializationBackend(object):
class EllipticCurveBackend(object):
@abc.abstractmethod
def load_traditional_openssl_pem_private_key(self, data, password):
def elliptic_curve_signature_algorithm_supported(
self, signature_algorithm, curve
):
"""
Load a private key from PEM encoded data, using password if the data
is encrypted.
Returns True if the backend supports the named elliptic curve with the
specified signature algorithm.
"""
@six.add_metaclass(abc.ABCMeta)
class PKCS8SerializationBackend(object):
@abc.abstractmethod
def load_pkcs8_pem_private_key(self, data, password):
def elliptic_curve_supported(self, curve):
"""
Load a private key from PEM encoded data, using password if the data
is encrypted.
Returns True if the backend supports the named elliptic curve.
"""
@six.add_metaclass(abc.ABCMeta)
class CMACBackend(object):
@abc.abstractmethod
def cmac_algorithm_supported(self, algorithm):
def generate_elliptic_curve_private_key(self, curve):
"""
Returns True if the block cipher is supported for CMAC by this backend
Return an object conforming to the EllipticCurvePrivateKey interface.
"""
@abc.abstractmethod
def create_cmac_ctx(self, algorithm):
def load_elliptic_curve_public_numbers(self, numbers):
"""
Create a CMACContext for calculating a message authentication code.
Return an EllipticCurvePublicKey provider using the given numbers.
"""
@six.add_metaclass(abc.ABCMeta)
class EllipticCurveBackend(object):
@abc.abstractmethod
def elliptic_curve_signature_algorithm_supported(
self, signature_algorithm, curve
):
def load_elliptic_curve_private_numbers(self, numbers):
"""
Returns True if the backend supports the named elliptic curve with the
specified signature algorithm.
Return an EllipticCurvePublicKey provider using the given numbers.
"""
@six.add_metaclass(abc.ABCMeta)
class PEMSerializationBackend(object):
@abc.abstractmethod
def elliptic_curve_supported(self, curve):
def load_pem_private_key(self, data, password):
"""
Returns True if the backend supports the named elliptic curve.
Loads a private key from PEM encoded data, using the provided password
if the data is encrypted.
"""
@abc.abstractmethod
def generate_elliptic_curve_private_key(self, curve):
def load_pem_public_key(self, data):
"""
Return an object conforming to the EllipticCurvePrivateKey interface.
Loads a public key from PEM encoded data.
"""
@six.add_metaclass(abc.ABCMeta)
class TraditionalOpenSSLSerializationBackend(object):
@abc.abstractmethod
def elliptic_curve_public_key_from_numbers(self, numbers):
def load_traditional_openssl_pem_private_key(self, data, password):
"""
Return an EllipticCurvePublicKey provider using the given numbers.
Load a private key from PEM encoded data, using password if the data
is encrypted.
"""
@six.add_metaclass(abc.ABCMeta)
class PKCS8SerializationBackend(object):
@abc.abstractmethod
def elliptic_curve_private_key_from_numbers(self, numbers):
def load_pkcs8_pem_private_key(self, data, password):
"""
Return an EllipticCurvePublicKey provider using the given numbers.
Load a private key from PKCS8 encoded data, using password if the data
is encrypted.
"""
......@@ -13,12 +13,15 @@
from __future__ import absolute_import, division, print_function
import warnings
from cryptography import utils
from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
from cryptography.hazmat.backends.interfaces import (
CMACBackend, CipherBackend, DSABackend, EllipticCurveBackend, HMACBackend,
HashBackend, PBKDF2HMACBackend, PKCS8SerializationBackend,
RSABackend, TraditionalOpenSSLSerializationBackend
HashBackend, PBKDF2HMACBackend, PEMSerializationBackend,
PKCS8SerializationBackend, RSABackend,
TraditionalOpenSSLSerializationBackend
)
......@@ -32,6 +35,7 @@ from cryptography.hazmat.backends.interfaces import (
@utils.register_interface(TraditionalOpenSSLSerializationBackend)
@utils.register_interface(DSABackend)
@utils.register_interface(EllipticCurveBackend)
@utils.register_interface(PEMSerializationBackend)
class MultiBackend(object):
name = "multibackend"
......@@ -239,6 +243,18 @@ class MultiBackend(object):
raise UnsupportedAlgorithm("DSA is not supported by the backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
def load_dsa_public_numbers(self, numbers):
for b in self._filtered_backends(DSABackend):
return b.load_dsa_public_numbers(numbers)
raise UnsupportedAlgorithm("DSA is not supported by the backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
def load_dsa_private_numbers(self, numbers):
for b in self._filtered_backends(DSABackend):
return b.load_dsa_private_numbers(numbers)
raise UnsupportedAlgorithm("DSA is not supported by the backend.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
def cmac_algorithm_supported(self, algorithm):
return any(
b.cmac_algorithm_supported(algorithm)
......@@ -283,6 +299,12 @@ class MultiBackend(object):
)
def elliptic_curve_private_key_from_numbers(self, numbers):
warnings.warn(
"elliptic_curve_private_key_from_numbers is deprecated and will "
"be removed in a future version.",
utils.DeprecatedIn06,
stacklevel=2
)
for b in self._filtered_backends(EllipticCurveBackend):
try:
return b.elliptic_curve_private_key_from_numbers(numbers)
......@@ -294,7 +316,25 @@ class MultiBackend(object):
_Reasons.UNSUPPORTED_ELLIPTIC_CURVE
)
def load_elliptic_curve_private_numbers(self, numbers):
for b in self._filtered_backends(EllipticCurveBackend):
try:
return b.load_elliptic_curve_private_numbers(numbers)
except UnsupportedAlgorithm:
continue
raise UnsupportedAlgorithm(
"This backend does not support this elliptic curve.",
_Reasons.UNSUPPORTED_ELLIPTIC_CURVE
)
def elliptic_curve_public_key_from_numbers(self, numbers):
warnings.warn(
"elliptic_curve_public_key_from_numbers is deprecated and will "
"be removed in a future version.",
utils.DeprecatedIn06,
stacklevel=2
)
for b in self._filtered_backends(EllipticCurveBackend):
try:
return b.elliptic_curve_public_key_from_numbers(numbers)
......@@ -306,6 +346,36 @@ class MultiBackend(object):
_Reasons.UNSUPPORTED_ELLIPTIC_CURVE
)
def load_elliptic_curve_public_numbers(self, numbers):
for b in self._filtered_backends(EllipticCurveBackend):
try:
return b.load_elliptic_curve_public_numbers(numbers)
except UnsupportedAlgorithm:
continue
raise UnsupportedAlgorithm(
"This backend does not support this elliptic curve.",
_Reasons.UNSUPPORTED_ELLIPTIC_CURVE
)
def load_pem_private_key(self, data, password):
for b in self._filtered_backends(PEMSerializationBackend):
return b.load_pem_private_key(data, password)
raise UnsupportedAlgorithm(
"This backend does not support this key serialization.",
_Reasons.UNSUPPORTED_SERIALIZATION
)
def load_pem_public_key(self, data):
for b in self._filtered_backends(PEMSerializationBackend):
return b.load_pem_public_key(data)
raise UnsupportedAlgorithm(
"This backend does not support this key serialization.",
_Reasons.UNSUPPORTED_SERIALIZATION
)
def load_pkcs8_pem_private_key(self, data, password):
for b in self._filtered_backends(PKCS8SerializationBackend):
return b.load_pkcs8_pem_private_key(data, password)
......
......@@ -128,6 +128,14 @@ class _CipherContext(object):
return self._backend._ffi.buffer(buf)[:outlen[0]]
def finalize(self):
# OpenSSL 1.0.1 on Ubuntu 12.04 (and possibly other distributions)
# appears to have a bug where you must make at least one call to update
# even if you are only using authenticate_additional_data or the
# GCM tag will be wrong. An (empty) call to update resolves this
# and is harmless for all other versions of OpenSSL.
if isinstance(self._mode, GCM):
self.update(b"")
buf = self._backend._ffi.new("unsigned char[]", self._block_size)
outlen = self._backend._ffi.new("int *")
res = self._backend._lib.EVP_CipherFinal_ex(self._ctx, buf, outlen)
......
......@@ -24,6 +24,13 @@ from cryptography.hazmat.primitives.asymmetric import ec
def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend):
"""
This function truncates digests that are longer than a given elliptic
curve key's length so they can be signed. Since elliptic curve keys are
much shorter than RSA keys many digests (e.g. SHA-512) may require
truncation.
"""
_lib = backend._lib
_ffi = backend._ffi
......@@ -31,17 +38,14 @@ def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend):
group = _lib.EC_KEY_get0_group(ec_key_cdata)
bn_ctx = _lib.BN_CTX_new()
assert bn_ctx != _ffi.NULL
bn_ctx = _ffi.gc(bn_ctx, _lib.BN_CTX_free)
order = _lib.BN_CTX_get(bn_ctx)
assert order != _ffi.NULL
with backend._tmp_bn_ctx() as bn_ctx:
order = _lib.BN_CTX_get(bn_ctx)
assert order != _ffi.NULL
res = _lib.EC_GROUP_get_order(group, order, bn_ctx)
assert res == 1
res = _lib.EC_GROUP_get_order(group, order, bn_ctx)
assert res == 1
order_bits = _lib.BN_num_bits(order)
order_bits = _lib.BN_num_bits(order)
if 8 * digest_len > order_bits:
digest_len = (order_bits + 7) // 8
......@@ -59,6 +63,30 @@ def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend):
return digest
def _ec_key_curve_sn(backend, ec_key):
group = backend._lib.EC_KEY_get0_group(ec_key)
assert group != backend._ffi.NULL
nid = backend._lib.EC_GROUP_get_curve_name(group)
assert nid != backend._lib.NID_undef
curve_name = backend._lib.OBJ_nid2sn(nid)
assert curve_name != backend._ffi.NULL
sn = backend._ffi.string(curve_name).decode('ascii')
return sn
def _sn_to_elliptic_curve(backend, sn):
try:
return ec._CURVE_TYPES[sn]()
except KeyError:
raise UnsupportedAlgorithm(
"{0} is not a supported elliptic curve".format(sn),
_Reasons.UNSUPPORTED_ELLIPTIC_CURVE
)
@utils.register_interface(interfaces.AsymmetricSignatureContext)
class _ECDSASignatureContext(object):
def __init__(self, backend, private_key, algorithm):
......@@ -125,12 +153,14 @@ class _ECDSAVerificationContext(object):
return True
@utils.register_interface(interfaces.EllipticCurvePrivateKey)
@utils.register_interface(interfaces.EllipticCurvePrivateKeyWithNumbers)
class _EllipticCurvePrivateKey(object):
def __init__(self, backend, ec_key_cdata, curve):
def __init__(self, backend, ec_key_cdata):
self._backend = backend
self._ec_key = ec_key_cdata
self._curve = curve
sn = _ec_key_curve_sn(backend, ec_key_cdata)
self._curve = _sn_to_elliptic_curve(backend, sn)
@property
def curve(self):
......@@ -165,16 +195,26 @@ class _EllipticCurvePrivateKey(object):
assert res == 1
return _EllipticCurvePublicKey(
self._backend, public_ec_key, self._curve
self._backend, public_ec_key
)
def private_numbers(self):
bn = self._backend._lib.EC_KEY_get0_private_key(self._ec_key)
private_value = self._backend._bn_to_int(bn)
return ec.EllipticCurvePrivateNumbers(
private_value=private_value,
public_numbers=self.public_key().public_numbers()
)
@utils.register_interface(interfaces.EllipticCurvePublicKey)
@utils.register_interface(interfaces.EllipticCurvePublicKeyWithNumbers)
class _EllipticCurvePublicKey(object):
def __init__(self, backend, ec_key_cdata, curve):
def __init__(self, backend, ec_key_cdata):
self._backend = backend
self._ec_key = ec_key_cdata
self._curve = curve
sn = _ec_key_curve_sn(backend, ec_key_cdata)
self._curve = _sn_to_elliptic_curve(backend, sn)
@property
def curve(self):
......@@ -189,3 +229,26 @@ class _EllipticCurvePublicKey(object):
raise UnsupportedAlgorithm(
"Unsupported elliptic curve signature algorithm.",
_Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
def public_numbers(self):
set_func, get_func, group = (
self._backend._ec_key_determine_group_get_set_funcs(self._ec_key)
)
point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key)
assert point != self._backend._ffi.NULL
with self._backend._tmp_bn_ctx() as bn_ctx:
bn_x = self._backend._lib.BN_CTX_get(bn_ctx)
bn_y = self._backend._lib.BN_CTX_get(bn_ctx)
res = get_func(group, point, bn_x, bn_y, bn_ctx)
assert res == 1
x = self._backend._bn_to_int(bn_x)
y = self._backend._bn_to_int(bn_y)
return ec.EllipticCurvePublicNumbers(
x=x,
y=y,
curve=self._curve
)
......@@ -30,10 +30,7 @@ from cryptography.hazmat.primitives.interfaces import (
def _get_rsa_pss_salt_length(pss, key_size, digest_size):
if pss._mgf._salt_length is not None:
salt = pss._mgf._salt_length
else:
salt = pss._salt_length
salt = pss._salt_length
if salt is MGF1.MAX_LENGTH or salt is PSS.MAX_LENGTH: