123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152 |
- # This file is dual licensed under the terms of the Apache License, Version
- # 2.0, and the BSD License. See the LICENSE file in the root of this repository
- # for complete details.
- from cryptography import exceptions
- from cryptography.hazmat.primitives import serialization
- from cryptography.hazmat.primitives.asymmetric.ed448 import (
- Ed448PrivateKey,
- Ed448PublicKey,
- )
- _ED448_KEY_SIZE = 57
- _ED448_SIG_SIZE = 114
- class _Ed448PublicKey(Ed448PublicKey):
- def __init__(self, backend, evp_pkey):
- self._backend = backend
- self._evp_pkey = evp_pkey
- def public_bytes(
- self,
- encoding: serialization.Encoding,
- format: serialization.PublicFormat,
- ) -> bytes:
- if (
- encoding is serialization.Encoding.Raw
- or format is serialization.PublicFormat.Raw
- ):
- if (
- encoding is not serialization.Encoding.Raw
- or format is not serialization.PublicFormat.Raw
- ):
- raise ValueError(
- "When using Raw both encoding and format must be Raw"
- )
- return self._raw_public_bytes()
- return self._backend._public_key_bytes(
- encoding, format, self, self._evp_pkey, None
- )
- def _raw_public_bytes(self) -> bytes:
- buf = self._backend._ffi.new("unsigned char []", _ED448_KEY_SIZE)
- buflen = self._backend._ffi.new("size_t *", _ED448_KEY_SIZE)
- res = self._backend._lib.EVP_PKEY_get_raw_public_key(
- self._evp_pkey, buf, buflen
- )
- self._backend.openssl_assert(res == 1)
- self._backend.openssl_assert(buflen[0] == _ED448_KEY_SIZE)
- return self._backend._ffi.buffer(buf, _ED448_KEY_SIZE)[:]
- def verify(self, signature: bytes, data: bytes) -> None:
- evp_md_ctx = self._backend._lib.EVP_MD_CTX_new()
- self._backend.openssl_assert(evp_md_ctx != self._backend._ffi.NULL)
- evp_md_ctx = self._backend._ffi.gc(
- evp_md_ctx, self._backend._lib.EVP_MD_CTX_free
- )
- res = self._backend._lib.EVP_DigestVerifyInit(
- evp_md_ctx,
- self._backend._ffi.NULL,
- self._backend._ffi.NULL,
- self._backend._ffi.NULL,
- self._evp_pkey,
- )
- self._backend.openssl_assert(res == 1)
- res = self._backend._lib.EVP_DigestVerify(
- evp_md_ctx, signature, len(signature), data, len(data)
- )
- if res != 1:
- self._backend._consume_errors()
- raise exceptions.InvalidSignature
- class _Ed448PrivateKey(Ed448PrivateKey):
- def __init__(self, backend, evp_pkey):
- self._backend = backend
- self._evp_pkey = evp_pkey
- def public_key(self) -> Ed448PublicKey:
- buf = self._backend._ffi.new("unsigned char []", _ED448_KEY_SIZE)
- buflen = self._backend._ffi.new("size_t *", _ED448_KEY_SIZE)
- res = self._backend._lib.EVP_PKEY_get_raw_public_key(
- self._evp_pkey, buf, buflen
- )
- self._backend.openssl_assert(res == 1)
- self._backend.openssl_assert(buflen[0] == _ED448_KEY_SIZE)
- public_bytes = self._backend._ffi.buffer(buf)[:]
- return self._backend.ed448_load_public_bytes(public_bytes)
- def sign(self, data: bytes) -> bytes:
- evp_md_ctx = self._backend._lib.EVP_MD_CTX_new()
- self._backend.openssl_assert(evp_md_ctx != self._backend._ffi.NULL)
- evp_md_ctx = self._backend._ffi.gc(
- evp_md_ctx, self._backend._lib.EVP_MD_CTX_free
- )
- res = self._backend._lib.EVP_DigestSignInit(
- evp_md_ctx,
- self._backend._ffi.NULL,
- self._backend._ffi.NULL,
- self._backend._ffi.NULL,
- self._evp_pkey,
- )
- self._backend.openssl_assert(res == 1)
- buf = self._backend._ffi.new("unsigned char[]", _ED448_SIG_SIZE)
- buflen = self._backend._ffi.new("size_t *", len(buf))
- res = self._backend._lib.EVP_DigestSign(
- evp_md_ctx, buf, buflen, data, len(data)
- )
- self._backend.openssl_assert(res == 1)
- self._backend.openssl_assert(buflen[0] == _ED448_SIG_SIZE)
- return self._backend._ffi.buffer(buf, buflen[0])[:]
- def private_bytes(
- self,
- encoding: serialization.Encoding,
- format: serialization.PrivateFormat,
- encryption_algorithm: serialization.KeySerializationEncryption,
- ) -> bytes:
- if (
- encoding is serialization.Encoding.Raw
- or format is serialization.PublicFormat.Raw
- ):
- if (
- format is not serialization.PrivateFormat.Raw
- or encoding is not serialization.Encoding.Raw
- or not isinstance(
- encryption_algorithm, serialization.NoEncryption
- )
- ):
- raise ValueError(
- "When using Raw both encoding and format must be Raw "
- "and encryption_algorithm must be NoEncryption()"
- )
- return self._raw_private_bytes()
- return self._backend._private_key_bytes(
- encoding, format, encryption_algorithm, self, self._evp_pkey, None
- )
- def _raw_private_bytes(self) -> bytes:
- buf = self._backend._ffi.new("unsigned char []", _ED448_KEY_SIZE)
- buflen = self._backend._ffi.new("size_t *", _ED448_KEY_SIZE)
- res = self._backend._lib.EVP_PKEY_get_raw_private_key(
- self._evp_pkey, buf, buflen
- )
- self._backend.openssl_assert(res == 1)
- self._backend.openssl_assert(buflen[0] == _ED448_KEY_SIZE)
- return self._backend._ffi.buffer(buf, _ED448_KEY_SIZE)[:]
|