ed448.py 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
  1. # This file is dual licensed under the terms of the Apache License, Version
  2. # 2.0, and the BSD License. See the LICENSE file in the root of this repository
  3. # for complete details.
  4. from cryptography import exceptions
  5. from cryptography.hazmat.primitives import serialization
  6. from cryptography.hazmat.primitives.asymmetric.ed448 import (
  7. Ed448PrivateKey,
  8. Ed448PublicKey,
  9. )
  10. _ED448_KEY_SIZE = 57
  11. _ED448_SIG_SIZE = 114
  12. class _Ed448PublicKey(Ed448PublicKey):
  13. def __init__(self, backend, evp_pkey):
  14. self._backend = backend
  15. self._evp_pkey = evp_pkey
  16. def public_bytes(
  17. self,
  18. encoding: serialization.Encoding,
  19. format: serialization.PublicFormat,
  20. ) -> bytes:
  21. if (
  22. encoding is serialization.Encoding.Raw
  23. or format is serialization.PublicFormat.Raw
  24. ):
  25. if (
  26. encoding is not serialization.Encoding.Raw
  27. or format is not serialization.PublicFormat.Raw
  28. ):
  29. raise ValueError(
  30. "When using Raw both encoding and format must be Raw"
  31. )
  32. return self._raw_public_bytes()
  33. return self._backend._public_key_bytes(
  34. encoding, format, self, self._evp_pkey, None
  35. )
  36. def _raw_public_bytes(self) -> bytes:
  37. buf = self._backend._ffi.new("unsigned char []", _ED448_KEY_SIZE)
  38. buflen = self._backend._ffi.new("size_t *", _ED448_KEY_SIZE)
  39. res = self._backend._lib.EVP_PKEY_get_raw_public_key(
  40. self._evp_pkey, buf, buflen
  41. )
  42. self._backend.openssl_assert(res == 1)
  43. self._backend.openssl_assert(buflen[0] == _ED448_KEY_SIZE)
  44. return self._backend._ffi.buffer(buf, _ED448_KEY_SIZE)[:]
  45. def verify(self, signature: bytes, data: bytes) -> None:
  46. evp_md_ctx = self._backend._lib.EVP_MD_CTX_new()
  47. self._backend.openssl_assert(evp_md_ctx != self._backend._ffi.NULL)
  48. evp_md_ctx = self._backend._ffi.gc(
  49. evp_md_ctx, self._backend._lib.EVP_MD_CTX_free
  50. )
  51. res = self._backend._lib.EVP_DigestVerifyInit(
  52. evp_md_ctx,
  53. self._backend._ffi.NULL,
  54. self._backend._ffi.NULL,
  55. self._backend._ffi.NULL,
  56. self._evp_pkey,
  57. )
  58. self._backend.openssl_assert(res == 1)
  59. res = self._backend._lib.EVP_DigestVerify(
  60. evp_md_ctx, signature, len(signature), data, len(data)
  61. )
  62. if res != 1:
  63. self._backend._consume_errors()
  64. raise exceptions.InvalidSignature
  65. class _Ed448PrivateKey(Ed448PrivateKey):
  66. def __init__(self, backend, evp_pkey):
  67. self._backend = backend
  68. self._evp_pkey = evp_pkey
  69. def public_key(self) -> Ed448PublicKey:
  70. buf = self._backend._ffi.new("unsigned char []", _ED448_KEY_SIZE)
  71. buflen = self._backend._ffi.new("size_t *", _ED448_KEY_SIZE)
  72. res = self._backend._lib.EVP_PKEY_get_raw_public_key(
  73. self._evp_pkey, buf, buflen
  74. )
  75. self._backend.openssl_assert(res == 1)
  76. self._backend.openssl_assert(buflen[0] == _ED448_KEY_SIZE)
  77. public_bytes = self._backend._ffi.buffer(buf)[:]
  78. return self._backend.ed448_load_public_bytes(public_bytes)
  79. def sign(self, data: bytes) -> bytes:
  80. evp_md_ctx = self._backend._lib.EVP_MD_CTX_new()
  81. self._backend.openssl_assert(evp_md_ctx != self._backend._ffi.NULL)
  82. evp_md_ctx = self._backend._ffi.gc(
  83. evp_md_ctx, self._backend._lib.EVP_MD_CTX_free
  84. )
  85. res = self._backend._lib.EVP_DigestSignInit(
  86. evp_md_ctx,
  87. self._backend._ffi.NULL,
  88. self._backend._ffi.NULL,
  89. self._backend._ffi.NULL,
  90. self._evp_pkey,
  91. )
  92. self._backend.openssl_assert(res == 1)
  93. buf = self._backend._ffi.new("unsigned char[]", _ED448_SIG_SIZE)
  94. buflen = self._backend._ffi.new("size_t *", len(buf))
  95. res = self._backend._lib.EVP_DigestSign(
  96. evp_md_ctx, buf, buflen, data, len(data)
  97. )
  98. self._backend.openssl_assert(res == 1)
  99. self._backend.openssl_assert(buflen[0] == _ED448_SIG_SIZE)
  100. return self._backend._ffi.buffer(buf, buflen[0])[:]
  101. def private_bytes(
  102. self,
  103. encoding: serialization.Encoding,
  104. format: serialization.PrivateFormat,
  105. encryption_algorithm: serialization.KeySerializationEncryption,
  106. ) -> bytes:
  107. if (
  108. encoding is serialization.Encoding.Raw
  109. or format is serialization.PublicFormat.Raw
  110. ):
  111. if (
  112. format is not serialization.PrivateFormat.Raw
  113. or encoding is not serialization.Encoding.Raw
  114. or not isinstance(
  115. encryption_algorithm, serialization.NoEncryption
  116. )
  117. ):
  118. raise ValueError(
  119. "When using Raw both encoding and format must be Raw "
  120. "and encryption_algorithm must be NoEncryption()"
  121. )
  122. return self._raw_private_bytes()
  123. return self._backend._private_key_bytes(
  124. encoding, format, encryption_algorithm, self, self._evp_pkey, None
  125. )
  126. def _raw_private_bytes(self) -> bytes:
  127. buf = self._backend._ffi.new("unsigned char []", _ED448_KEY_SIZE)
  128. buflen = self._backend._ffi.new("size_t *", _ED448_KEY_SIZE)
  129. res = self._backend._lib.EVP_PKEY_get_raw_private_key(
  130. self._evp_pkey, buf, buflen
  131. )
  132. self._backend.openssl_assert(res == 1)
  133. self._backend.openssl_assert(buflen[0] == _ED448_KEY_SIZE)
  134. return self._backend._ffi.buffer(buf, _ED448_KEY_SIZE)[:]