o  `'/@s ddlmZmZmZddlmZddlmZmZm Z ddl m Z m Z m Z ddlmZmZddlmZmZmZddZd d Zd d Zd dZddZddZeeGdddeZeeGdddeZeejGdddeZ eej!GdddeZ"dS))absolute_importdivisionprint_function)utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes serialization)AsymmetricSignatureContextAsymmetricVerificationContexteccCst|tjs tdtjdS)Nz/Unsupported elliptic curve signature algorithm.) isinstancerZECDSArrZ UNSUPPORTED_PUBLIC_KEY_ALGORITHM)signature_algorithmr}home/ych/rk3568/buildroot/output/rockchip_rk3568/host/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ec.py_check_signature_algorithms rcCs|j|}|||jjk|j|}||jjkrtd|jjs/|j |dkr/td|j |}|||jjk|j | d}|S)Nz;ECDSA keys with unnamed curves are unsupported at this timerascii) _libEC_KEY_get0_groupopenssl_assert_ffiNULLEC_GROUP_get_curve_nameZ NID_undefNotImplementedErrorZCRYPTOGRAPHY_IS_LIBRESSLZEC_GROUP_get_asn1_flagZ OBJ_nid2snstringdecode)backendZec_keygroupnidZ curve_namesnrrr_ec_key_curve_sn"s$    r$cCs|j||jjdS)z Set the named curve flag on the EC_KEY. This causes OpenSSL to serialize EC keys along with their curve OID which makes deserialization easier. N)rZEC_KEY_set_asn1_flagZOPENSSL_EC_NAMED_CURVE)r Zec_cdatarrr_mark_asn1_named_ec_curve@sr%cCs0ztj|WStytd|tjw)Nz${} is not a supported elliptic curve)rZ _CURVE_TYPESKeyErrorrformatrZUNSUPPORTED_ELLIPTIC_CURVE)r r#rrr_sn_to_elliptic_curveLs r(cCsz|j|j}||dk|jd|}|jdd}|jd|t||||j}||dk|j|d|dS)Nrzunsigned char[]zunsigned int[]) rZ ECDSA_size_ec_keyrrnewZ ECDSA_signlenbuffer)r private_keydatamax_sizeZsigbufZ siglen_ptrresrrr_ecdsa_sig_signVsr2cCs8|jd|t||t||j}|dkr|tdS)Nrr))rZ ECDSA_verifyr,r*Z_consume_errorsr)r public_key signaturer/r1rrr_ecdsa_sig_verifycsr5c@$eZdZddZddZddZdS)_ECDSASignatureContextcCs||_||_t|||_dSN)_backend _private_keyr Hash_digest)selfr r. algorithmrrr__init__nsz_ECDSASignatureContext.__init__cC|j|dSr8r<updater=r/rrrrBsz_ECDSASignatureContext.updatecCs|j}t|j|j|Sr8)r<finalizer2r9r:r=digestrrrrEvs z_ECDSASignatureContext.finalizeN)__name__ __module__ __qualname__r?rBrErrrrr7ls r7c@r6)_ECDSAVerificationContextcCs$||_||_||_t|||_dSr8)r9 _public_key _signaturer r;r<)r=r r3r4r>rrrr?~sz"_ECDSAVerificationContext.__init__cCr@r8rArCrrrrBrDz _ECDSAVerificationContext.updatecCs"|j}t|j|j|j|dSr8)r<rEr5r9rLrMrFrrrverifys z _ECDSAVerificationContext.verifyN)rHrIrJr?rBrNrrrrrK|s rKc@sZeZdZddZedZeddZddZ dd Z d d Z d d Z ddZ ddZdS)_EllipticCurvePrivateKeycC6||_||_||_t||}t|||_t||dSr8r9r* _evp_pkeyr$r(_curver%r=r Z ec_key_cdataevp_pkeyr#rrrr?   z!_EllipticCurvePrivateKey.__init__rScC|jjSr8curvekey_sizer=rrrrZz!_EllipticCurvePrivateKey.key_sizecCs(tt|t|jt|j||jSr8)r rr r>r7r9)r=rrrrsigners   z_EllipticCurvePrivateKey.signercCs|j||jstdtj|jj|jjkrtd|jj |j }|jj |dd}|j |dk|jj d|}|jj|j }|jj||||j |jj j}|j |dk|jj |d|S)Nz1This backend does not support the ECDH algorithm.z2peer_public_key and self are not on the same curverz uint8_t[])r9Z+elliptic_curve_exchange_algorithm_supportedrYrrZUNSUPPORTED_EXCHANGE_ALGORITHMname ValueErrorrrr*ZEC_GROUP_get_degreerrr+EC_KEY_get0_public_keyZECDH_compute_keyrr-)r=r>Zpeer_public_keyr!Zz_lenZz_bufZpeer_keyrrrrexchanges0z!_EllipticCurvePrivateKey.exchangecCs|jj|j}|j||jjjk|jj|}|j|}|jj |j}|j||jjjk|jj ||}|j|dk|j |}t |j||S)Nr)) r9rrr*rrrrZ_ec_key_new_by_curve_nidrbZEC_KEY_set_public_keyZ_ec_cdata_to_evp_pkey_EllipticCurvePublicKey)r=r!Z curve_nidZ public_ec_keypointr1rUrrrr3s  z#_EllipticCurvePrivateKey.public_keycCs2|jj|j}|j|}tj||dS)N) private_valuepublic_numbers) r9rZEC_KEY_get0_private_keyr* _bn_to_intrZEllipticCurvePrivateNumbersr3rh)r=Zbnrgrrrprivate_numberss   z(_EllipticCurvePrivateKey.private_numberscCs|j|||||j|jSr8)r9Z_private_key_bytesrRr*)r=encodingr'Zencryption_algorithmrrr private_bytessz&_EllipticCurvePrivateKey.private_bytescCs*t|t|j||j\}}t|j||Sr8)rr r9 _algorithmr2)r=r/rr>rrrsigns  z_EllipticCurvePrivateKey.signN)rHrIrJr?rread_only_propertyrYpropertyrZr]rdr3rjrlrnrrrrrOs   rOc@sReZdZddZedZeddZddZ dd Z d d Z d d Z ddZ dS)recCrPr8rQrTrrrr?rVz _EllipticCurvePublicKey.__init__rScCrWr8rXr[rrrrZr\z _EllipticCurvePublicKey.key_sizecCs6ttd|t|t|jt|j|||jS)Nr4)r r _check_bytesrr r>rKr9)r=r4rrrrverifiers   z _EllipticCurvePublicKey.verifierc Cs|j|j\}}|jj|j}|j||jjjk|j2}|jj |}|jj |}||||||}|j|dk|j |}|j |} Wdn1sVwYt j || |j dS)Nr))xyrY)r9Z _ec_key_determine_group_get_funcr*rrbrrr _tmp_bn_ctxZ BN_CTX_getrirZEllipticCurvePublicNumbersrS) r=Zget_funcr!rfbn_ctxZbn_xZbn_yr1rsrtrrrrh s   z&_EllipticCurvePublicKey.public_numbersc Cs$|tjjur |jjj}n |tjjusJ|jjj}|jj|j }|j ||jj j k|jj |j }|j ||jj j k|j;}|jj||||jj j d|}|j |dk|jj d|}|jj||||||}|j ||kWdn1swY|jj |ddS)Nrzchar[])r PublicFormatCompressedPointr9rZPOINT_CONVERSION_COMPRESSEDUncompressedPointZPOINT_CONVERSION_UNCOMPRESSEDrr*rrrrbruZEC_POINT_point2octr+r-) r=r' conversionr!rfrvbuflenbufr1rrr _encode_points(      z%_EllipticCurvePublicKey._encode_pointcCsl|tjjus|tjjus|tjjur+|tjjus"|tjjtjjfvr&td||S|j ||||j dS)NzKX962 encoding must be used with CompressedPoint or UncompressedPoint format) r ZEncodingZX962rwrxryrar}r9Z_public_key_bytesrR)r=rkr'rrr public_bytes6s"     z$_EllipticCurvePublicKey.public_bytescCs0t|t|j||j\}}t|j|||dSr8)rr r9rmr5)r=r4r/rr>rrrrNLs  z_EllipticCurvePublicKey.verifyN)rHrIrJr?rrorYrprZrrrhr}r~rNrrrrres    reN)# __future__rrr cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr r r Zcryptography.hazmat.primitivesr r Z)cryptography.hazmat.primitives.asymmetricrrrrr$r%r(r2r5Zregister_interfaceobjectr7rKZ(EllipticCurvePrivateKeyWithSerializationrOZ'EllipticCurvePublicKeyWithSerializationrerrrrs(       a