diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-11-20 12:02:43 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-11-19 23:02:43 -0500 |
| commit | 6f32974b0635dbabb1d6e201ddb461d5fd20e0b4 (patch) | |
| tree | 0c719862cc216af5979d405afaa5a150f922298a | |
| parent | 756255103c0c6b6f0a7215682489257661a42782 (diff) | |
| download | cryptography-6f32974b0635dbabb1d6e201ddb461d5fd20e0b4.tar.gz cryptography-6f32974b0635dbabb1d6e201ddb461d5fd20e0b4.tar.bz2 cryptography-6f32974b0635dbabb1d6e201ddb461d5fd20e0b4.zip | |
refactor ecdsa sign/verify for prehash (#3263)
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ec.py | 65 |
1 files changed, 31 insertions, 34 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index aa5267b4..0c8716f5 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -82,6 +82,29 @@ def _sn_to_elliptic_curve(backend, sn): ) +def _ecdsa_sig_sign(backend, private_key, data): + max_size = backend._lib.ECDSA_size(private_key._ec_key) + backend.openssl_assert(max_size > 0) + + sigbuf = backend._ffi.new("unsigned char[]", max_size) + siglen_ptr = backend._ffi.new("unsigned int[]", 1) + res = backend._lib.ECDSA_sign( + 0, data, len(data), sigbuf, siglen_ptr, private_key._ec_key + ) + backend.openssl_assert(res == 1) + return backend._ffi.buffer(sigbuf)[:siglen_ptr[0]] + + +def _ecdsa_sig_verify(backend, public_key, signature, data): + res = backend._lib.ECDSA_verify( + 0, data, len(data), signature, len(signature), public_key._ec_key + ) + if res != 1: + backend._consume_errors() + raise InvalidSignature + return True + + @utils.register_interface(AsymmetricSignatureContext) class _ECDSASignatureContext(object): def __init__(self, backend, private_key, algorithm): @@ -93,27 +116,12 @@ class _ECDSASignatureContext(object): self._digest.update(data) def finalize(self): - ec_key = self._private_key._ec_key - digest = self._digest.finalize() - digest = _truncate_digest_for_ecdsa(ec_key, digest, self._backend) - - max_size = self._backend._lib.ECDSA_size(ec_key) - self._backend.openssl_assert(max_size > 0) - - sigbuf = self._backend._ffi.new("unsigned char[]", max_size) - siglen_ptr = self._backend._ffi.new("unsigned int[]", 1) - res = self._backend._lib.ECDSA_sign( - 0, - digest, - len(digest), - sigbuf, - siglen_ptr, - ec_key + digest = _truncate_digest_for_ecdsa( + self._private_key._ec_key, digest, self._backend ) - self._backend.openssl_assert(res == 1) - return self._backend._ffi.buffer(sigbuf)[:siglen_ptr[0]] + return _ecdsa_sig_sign(self._backend, self._private_key, digest) @utils.register_interface(AsymmetricVerificationContext) @@ -128,24 +136,13 @@ class _ECDSAVerificationContext(object): self._digest.update(data) def verify(self): - ec_key = self._public_key._ec_key - digest = self._digest.finalize() - - digest = _truncate_digest_for_ecdsa(ec_key, digest, self._backend) - - res = self._backend._lib.ECDSA_verify( - 0, - digest, - len(digest), - self._signature, - len(self._signature), - ec_key + digest = _truncate_digest_for_ecdsa( + self._public_key._ec_key, digest, self._backend + ) + return _ecdsa_sig_verify( + self._backend, self._public_key, self._signature, digest ) - if res != 1: - self._backend._consume_errors() - raise InvalidSignature - return True @utils.register_interface(ec.EllipticCurvePrivateKeyWithSerialization) |