From 5cdfba5c8d06ed10510310de03e1df0265a89bcc Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 17 Oct 2015 16:33:04 -0400 Subject: a refactor to the API --- src/cryptography/hazmat/backends/interfaces.py | 2 +- src/cryptography/hazmat/backends/multibackend.py | 4 ++-- .../hazmat/backends/openssl/backend.py | 25 ++++++---------------- src/cryptography/hazmat/backends/openssl/ec.py | 25 ++++++++++++++++++++++ .../hazmat/primitives/asymmetric/ec.py | 22 +------------------ 5 files changed, 35 insertions(+), 43 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/interfaces.py b/src/cryptography/hazmat/backends/interfaces.py index faa0b313..dbebc883 100644 --- a/src/cryptography/hazmat/backends/interfaces.py +++ b/src/cryptography/hazmat/backends/interfaces.py @@ -216,7 +216,7 @@ class EllipticCurveBackend(object): """ @abc.abstractmethod - def elliptic_curve_exchange_algorithm_supported(self): + def elliptic_curve_exchange_algorithm_supported(self, algorithm, curve): """ Returns whether the exchange algorithm is supported by this backend. """ diff --git a/src/cryptography/hazmat/backends/multibackend.py b/src/cryptography/hazmat/backends/multibackend.py index 77a45ccd..c4d2c133 100644 --- a/src/cryptography/hazmat/backends/multibackend.py +++ b/src/cryptography/hazmat/backends/multibackend.py @@ -271,9 +271,9 @@ class MultiBackend(object): _Reasons.UNSUPPORTED_ELLIPTIC_CURVE ) - def elliptic_curve_exchange_algorithm_supported(self): + def elliptic_curve_exchange_algorithm_supported(self, algorithm, curve): return any( - b.elliptic_curve_exchange_algorithm_supported() + b.elliptic_curve_exchange_algorithm_supported(algorithm, curve) for b in self._filtered_backends(EllipticCurveBackend) ) diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index d82f3834..f86c3aa1 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1671,25 +1671,12 @@ class Backend(object): return _EllipticCurvePublicKey(self, ec_cdata, evp_pkey) - def elliptic_curve_exchange_algorithm_supported(self): - return (self._lib.Cryptography_HAS_EC == 1 and - self._lib.Cryptography_HAS_ECDH == 1) - - def ecdh_compute_key(self, private_key, peer_public_key): - pri_key = private_key._ec_key - pub_key = peer_public_key._ec_key - - group = self._lib.EC_KEY_get0_group(pri_key) - z_len = (self._lib.EC_GROUP_get_degree(group) + 7) // 8 - self.openssl_assert(z_len > 0) - z_buf = self._ffi.new("uint8_t[]", z_len) - peer_key = self._lib.EC_KEY_get0_public_key(pub_key) - - r = self._lib.ECDH_compute_key(z_buf, z_len, - peer_key, pri_key, - self._ffi.NULL) - self.openssl_assert(r > 0) - return self._ffi.buffer(z_buf)[:z_len] + def elliptic_curve_exchange_algorithm_supported(self, algorithm, curve): + return ( + self.elliptic_curve_supported(curve) and + self._lib.Cryptography_HAS_ECDH == 1 and + isinstance(algorithm, ec.ECDH) + ) def _ec_cdata_to_evp_pkey(self, ec_cdata): evp_pkey = self._lib.EVP_PKEY_new() diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index 939a3f90..cfd559ae 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -171,6 +171,31 @@ class _EllipticCurvePrivateKey(object): "Unsupported elliptic curve signature algorithm.", _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM) + def exchange(self, algorithm, peer_public_key): + if not ( + self._backend.elliptic_curve_exchange_algorithm_supported( + algorithm, self.curve + ) + ): + raise UnsupportedAlgorithm( + "This backend does not support the ECDH algorithm.", + _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM + ) + + group = self._backend._lib.EC_KEY_get0_group(self._ec_key) + z_len = (self._backend._lib.EC_GROUP_get_degree(group) + 7) // 8 + self._backend.openssl_assert(z_len > 0) + z_buf = self._backend._ffi.new("uint8_t[]", z_len) + peer_key = self._backend._lib.EC_KEY_get0_public_key( + peer_public_key._ec_key + ) + + r = self._backend._lib.ECDH_compute_key( + z_buf, z_len, peer_key, self._ec_key, self._backend._ffi.NULL + ) + self._backend.openssl_assert(r > 0) + return self._backend._ffi.buffer(z_buf)[:z_len] + def public_key(self): group = self._backend._lib.EC_KEY_get0_group(self._ec_key) self._backend.openssl_assert(group != self._backend._ffi.NULL) diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py index 978a7c41..544894a9 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/ec.py +++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py @@ -306,24 +306,4 @@ class EllipticCurvePrivateNumbers(object): class ECDH(object): - def __init__(self, private_key): - if not isinstance(private_key, EllipticCurvePrivateKey): - raise TypeError("Private Key must be a EllipticCurvePrivateKey") - self._private_key = private_key - self._backend = private_key._backend - if not self._backend.elliptic_curve_exchange_algorithm_supported(): - raise exceptions.UnsupportedAlgorithm( - "This backend does not support the ECDH algorithm.", - exceptions._Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM - ) - - private_key = utils.read_only_property("_private_key") - - def public_key(self): - return self._private_key.public_key() - - def compute_key(self, peer_public_key): - if not isinstance(peer_public_key, EllipticCurvePublicKey): - raise TypeError("Peer Public Key must be a EllipticCurvePublicKey") - return self._backend.ecdh_compute_key(self._private_key, - peer_public_key) + pass -- cgit v1.2.3