Home Explore Help
Register Sign In
sanoh
/
G01_0350
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 92685d12e3
Branches Tags
G01_0350
/
venv_win32
/
Lib
/
site-packages
/
cryptography
/
hazmat
/
backends
/
openssl
/
x25519.py

x25519.py 4.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 
  1. # This file is dual licensed under the terms of the Apache License, Version
    2. 

  2. # 2.0, and the BSD License. See the LICENSE file in the root of this repository
    3. 

  3. # for complete details.
    4. 

  4. 

  5. 

  6. from cryptography.hazmat.backends.openssl.utils import _evp_pkey_derive
    7. 

  7. from cryptography.hazmat.primitives import serialization
    8. 

  8. from cryptography.hazmat.primitives.asymmetric.x25519 import (
    9. 

  9.     X25519PrivateKey,
    10. 

  10.     X25519PublicKey,
    11. 

  11. )
    12. 

  12. 

  13. 

  14. _X25519_KEY_SIZE = 32
    15. 

  15. 

  16. 

  17. class _X25519PublicKey(X25519PublicKey):
    18. 

  18.     def __init__(self, backend, evp_pkey):
    19. 

  19.         self._backend = backend
    20. 

  20.         self._evp_pkey = evp_pkey
    21. 

  21. 

  22.     def public_bytes(
    23. 

  23.         self,
    24. 

  24.         encoding: serialization.Encoding,
    25. 

  25.         format: serialization.PublicFormat,
    26. 

  26.     ) -> bytes:
    27. 

  27.         if (
    28. 

  28.             encoding is serialization.Encoding.Raw
    29. 

  29.             or format is serialization.PublicFormat.Raw
    30. 

  30.         ):
    31. 

  31.             if (
    32. 

  32.                 encoding is not serialization.Encoding.Raw
    33. 

  33.                 or format is not serialization.PublicFormat.Raw
    34. 

  34.             ):
    35. 

  35.                 raise ValueError(
    36. 

  36.                     "When using Raw both encoding and format must be Raw"
    37. 

  37.                 )
    38. 

  38. 

  39.             return self._raw_public_bytes()
    40. 

  40. 

  41.         return self._backend._public_key_bytes(
    42. 

  42.             encoding, format, self, self._evp_pkey, None
    43. 

  43.         )
    44. 

  44. 

  45.     def _raw_public_bytes(self) -> bytes:
    46. 

  46.         ucharpp = self._backend._ffi.new("unsigned char **")
    47. 

  47.         res = self._backend._lib.EVP_PKEY_get1_tls_encodedpoint(
    48. 

  48.             self._evp_pkey, ucharpp
    49. 

  49.         )
    50. 

  50.         self._backend.openssl_assert(res == 32)
    51. 

  51.         self._backend.openssl_assert(ucharpp[0] != self._backend._ffi.NULL)
    52. 

  52.         data = self._backend._ffi.gc(
    53. 

  53.             ucharpp[0], self._backend._lib.OPENSSL_free
    54. 

  54.         )
    55. 

  55.         return self._backend._ffi.buffer(data, res)[:]
    56. 

  56. 

  57. 

  58. class _X25519PrivateKey(X25519PrivateKey):
    59. 

  59.     def __init__(self, backend, evp_pkey):
    60. 

  60.         self._backend = backend
    61. 

  61.         self._evp_pkey = evp_pkey
    62. 

  62. 

  63.     def public_key(self) -> X25519PublicKey:
    64. 

  64.         bio = self._backend._create_mem_bio_gc()
    65. 

  65.         res = self._backend._lib.i2d_PUBKEY_bio(bio, self._evp_pkey)
    66. 

  66.         self._backend.openssl_assert(res == 1)
    67. 

  67.         evp_pkey = self._backend._lib.d2i_PUBKEY_bio(
    68. 

  68.             bio, self._backend._ffi.NULL
    69. 

  69.         )
    70. 

  70.         self._backend.openssl_assert(evp_pkey != self._backend._ffi.NULL)
    71. 

  71.         evp_pkey = self._backend._ffi.gc(
    72. 

  72.             evp_pkey, self._backend._lib.EVP_PKEY_free
    73. 

  73.         )
    74. 

  74.         return _X25519PublicKey(self._backend, evp_pkey)
    75. 

  75. 

  76.     def exchange(self, peer_public_key: X25519PublicKey) -> bytes:
    77. 

  77.         if not isinstance(peer_public_key, X25519PublicKey):
    78. 

  78.             raise TypeError("peer_public_key must be X25519PublicKey.")
    79. 

  79. 

  80.         return _evp_pkey_derive(self._backend, self._evp_pkey, peer_public_key)
    81. 

  81. 

  82.     def private_bytes(
    83. 

  83.         self,
    84. 

  84.         encoding: serialization.Encoding,
    85. 

  85.         format: serialization.PrivateFormat,
    86. 

  86.         encryption_algorithm: serialization.KeySerializationEncryption,
    87. 

  87.     ) -> bytes:
    88. 

  88.         if (
    89. 

  89.             encoding is serialization.Encoding.Raw
    90. 

  90.             or format is serialization.PublicFormat.Raw
    91. 

  91.         ):
    92. 

  92.             if (
    93. 

  93.                 format is not serialization.PrivateFormat.Raw
    94. 

  94.                 or encoding is not serialization.Encoding.Raw
    95. 

  95.                 or not isinstance(
    96. 

  96.                     encryption_algorithm, serialization.NoEncryption
    97. 

  97.                 )
    98. 

  98.             ):
    99. 

  99.                 raise ValueError(
    100. 

  100.                     "When using Raw both encoding and format must be Raw "
    101. 

  101.                     "and encryption_algorithm must be NoEncryption()"
    102. 

  102.                 )
    103. 

  103. 

  104.             return self._raw_private_bytes()
    105. 

  105. 

  106.         return self._backend._private_key_bytes(
    107. 

  107.             encoding, format, encryption_algorithm, self, self._evp_pkey, None
    108. 

  108.         )
    109. 

  109. 

  110.     def _raw_private_bytes(self) -> bytes:
    111. 

  111.         # When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 we can
    112. 

  112.         # switch this to EVP_PKEY_new_raw_private_key
    113. 

  113.         # The trick we use here is serializing to a PKCS8 key and just
    114. 

  114.         # using the last 32 bytes, which is the key itself.
    115. 

  115.         bio = self._backend._create_mem_bio_gc()
    116. 

  116.         res = self._backend._lib.i2d_PKCS8PrivateKey_bio(
    117. 

  117.             bio,
    118. 

  118.             self._evp_pkey,
    119. 

  119.             self._backend._ffi.NULL,
    120. 

  120.             self._backend._ffi.NULL,
    121. 

  121.             0,
    122. 

  122.             self._backend._ffi.NULL,
    123. 

  123.             self._backend._ffi.NULL,
    124. 

  124.         )
    125. 

  125.         self._backend.openssl_assert(res == 1)
    126. 

  126.         pkcs8 = self._backend._read_mem_bio(bio)
    127. 

  127.         self._backend.openssl_assert(len(pkcs8) == 48)
    128. 

  128.         return pkcs8[-_X25519_KEY_SIZE:]
    129.