From 654871df2517a85fb8d0388226990ae6c1843ec1 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 28 Jun 2014 10:44:37 -0600
Subject: reorganize OpenSSL EC backend to remove some unneeded indirection

---
 cryptography/hazmat/backends/openssl/backend.py | 82 ++++++-------------------
 cryptography/hazmat/backends/openssl/ec.py      | 30 ++++++---
 2 files changed, 41 insertions(+), 71 deletions(-)

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index b3396ea9..9f002f14 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -37,7 +37,6 @@ from cryptography.hazmat.backends.openssl.dsa import (
     _DSASignatureContext, _DSAVerificationContext
 )
 from cryptography.hazmat.backends.openssl.ec import (
-    _ECDSASignatureContext, _ECDSAVerificationContext,
     _EllipticCurvePrivateKey, _EllipticCurvePublicKey
 )
 from cryptography.hazmat.backends.openssl.hashes import _HashContext
@@ -1017,13 +1016,6 @@ class Backend(object):
 
         return self.elliptic_curve_supported(curve)
 
-    def _create_ecdsa_signature_ctx(self, private_key, ecdsa):
-        return _ECDSASignatureContext(self, private_key, ecdsa.algorithm)
-
-    def _create_ecdsa_verification_ctx(self, public_key, signature, ecdsa):
-        return _ECDSAVerificationContext(self, public_key, signature,
-                                         ecdsa.algorithm)
-
     def generate_elliptic_curve_private_key(self, curve):
         """
         Generate a new private key on the named curve.
@@ -1050,39 +1042,6 @@ class Backend(object):
             )
 
     def elliptic_curve_private_key_from_numbers(self, numbers):
-        ec_key = self._ec_key_cdata_from_private_numbers(numbers)
-        return _EllipticCurvePrivateKey(self, ec_key,
-                                        numbers.public_numbers.curve)
-
-    def elliptic_curve_public_key_from_numbers(self, numbers):
-        ec_key = self._ec_key_cdata_from_public_numbers(numbers)
-        return _EllipticCurvePublicKey(self, ec_key, numbers.curve)
-
-    def _elliptic_curve_to_nid(self, curve):
-        """
-        Get the NID for a curve name.
-        """
-
-        curve_aliases = {
-            "secp192r1": "prime192v1",
-            "secp256r1": "prime256v1"
-        }
-
-        curve_name = curve_aliases.get(curve.name, curve.name)
-
-        curve_nid = self._lib.OBJ_sn2nid(curve_name.encode())
-        if curve_nid == self._lib.NID_undef:
-            raise UnsupportedAlgorithm(
-                "{0} is not a supported elliptic curve".format(curve.name),
-                _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
-            )
-        return curve_nid
-
-    def _ec_key_cdata_from_private_numbers(self, numbers):
-        """
-        Build an EC_KEY from a private key object.
-        """
-
         public = numbers.public_numbers
 
         curve_nid = self._elliptic_curve_to_nid(public.curve)
@@ -1098,13 +1057,10 @@ class Backend(object):
             ctx, self._int_to_bn(numbers.private_value))
         assert res == 1
 
-        return ctx
-
-    def _ec_key_cdata_from_public_numbers(self, numbers):
-        """
-        Build an EC_KEY from a public key object.
-        """
+        return _EllipticCurvePrivateKey(self, ctx,
+                                        numbers.public_numbers.curve)
 
+    def elliptic_curve_public_key_from_numbers(self, numbers):
         curve_nid = self._elliptic_curve_to_nid(numbers.curve)
 
         ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid)
@@ -1114,29 +1070,27 @@ class Backend(object):
         ctx = self._ec_key_set_public_key_affine_coordinates(
             ctx, numbers.x, numbers.y)
 
-        return ctx
+        return _EllipticCurvePublicKey(self, ctx, numbers.curve)
 
-    def _public_ec_key_from_private_ec_key(self, private_key_cdata):
+    def _elliptic_curve_to_nid(self, curve):
         """
-        Copy the public portions out of one EC key into a new one.
+        Get the NID for a curve name.
         """
 
-        group = self._lib.EC_KEY_get0_group(private_key_cdata)
-        assert group != self._ffi.NULL
-
-        curve_nid = self._lib.EC_GROUP_get_curve_name(group)
-
-        ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid)
-        assert ctx != self._ffi.NULL
-        ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free)
-
-        point = self._lib.EC_KEY_get0_public_key(private_key_cdata)
-        assert point != self._ffi.NULL
+        curve_aliases = {
+            "secp192r1": "prime192v1",
+            "secp256r1": "prime256v1"
+        }
 
-        res = self._lib.EC_KEY_set_public_key(ctx, point)
-        assert res == 1
+        curve_name = curve_aliases.get(curve.name, curve.name)
 
-        return ctx
+        curve_nid = self._lib.OBJ_sn2nid(curve_name.encode())
+        if curve_nid == self._lib.NID_undef:
+            raise UnsupportedAlgorithm(
+                "{0} is not a supported elliptic curve".format(curve.name),
+                _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
+            )
+        return curve_nid
 
     def _ec_key_set_public_key_affine_coordinates(self, ctx, x, y):
         """
diff --git a/cryptography/hazmat/backends/openssl/ec.py b/cryptography/hazmat/backends/openssl/ec.py
index 892d20ea..b7cd9802 100644
--- a/cryptography/hazmat/backends/openssl/ec.py
+++ b/cryptography/hazmat/backends/openssl/ec.py
@@ -138,20 +138,35 @@ class _EllipticCurvePrivateKey(object):
 
     def signer(self, signature_algorithm):
         if isinstance(signature_algorithm, ec.ECDSA):
-            return self._backend._create_ecdsa_signature_ctx(
-                self, signature_algorithm)
+            return _ECDSASignatureContext(
+                self._backend, self, signature_algorithm.algorithm
+            )
         else:
             raise UnsupportedAlgorithm(
                 "Unsupported elliptic curve signature algorithm.",
                 _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM)
 
     def public_key(self):
-        public_ec_key = self._backend._public_ec_key_from_private_ec_key(
-            self._ec_key
+        group = self._backend._lib.EC_KEY_get0_group(self._ec_key)
+        assert group != self._backend._ffi.NULL
+
+        curve_nid = self._backend._lib.EC_GROUP_get_curve_name(group)
+
+        public_ec_key = self._backend._lib.EC_KEY_new_by_curve_name(curve_nid)
+        assert public_ec_key != self._backend._ffi.NULL
+        public_ec_key = self._backend._ffi.gc(
+            public_ec_key, self._backend._lib.EC_KEY_free
         )
 
+        point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key)
+        assert point != self._backend._ffi.NULL
+
+        res = self._backend._lib.EC_KEY_set_public_key(public_ec_key, point)
+        assert res == 1
+
         return _EllipticCurvePublicKey(
-            self._backend, public_ec_key, self._curve)
+            self._backend, public_ec_key, self._curve
+        )
 
 
 @utils.register_interface(interfaces.EllipticCurvePublicKey)
@@ -167,8 +182,9 @@ class _EllipticCurvePublicKey(object):
 
     def verifier(self, signature, signature_algorithm):
         if isinstance(signature_algorithm, ec.ECDSA):
-            return self._backend._create_ecdsa_verification_ctx(
-                self, signature, signature_algorithm)
+            return _ECDSAVerificationContext(
+                self._backend, self, signature, signature_algorithm.algorithm
+            )
         else:
             raise UnsupportedAlgorithm(
                 "Unsupported elliptic curve signature algorithm.",
-- 
cgit v1.2.3