def _evp_pkey_to_private_key(self, evp_pkey):
"""
Return the appropriate type of PrivateKey given an evp_pkey cdata
pointer.
"""
type = evp_pkey.type
if type == self._lib.EVP_PKEY_RSA:
rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
return _RSAPrivateKey(self, rsa_cdata)
elif type == self._lib.EVP_PKEY_DSA:
dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
assert dsa_cdata != self._ffi.NULL
dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
return _DSAPrivateKey(self, dsa_cdata)
elif (self._lib.Cryptography_HAS_EC == 1
and type == self._lib.EVP_PKEY_EC):
ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
assert ec_cdata != self._ffi.NULL
ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
return _EllipticCurvePrivateKey(self, ec_cdata)
else:
raise UnsupportedAlgorithm("Unsupported key type.")
def to_cryptography_priv_key(self):
"""
Converts the BigNum object to a cryptography.io EllipticCurvePrivateKey
"""
backend.openssl_assert(self.group != backend._ffi.NULL)
backend.openssl_assert(self.bignum != backend._ffi.NULL)
ec_key = backend._lib.EC_KEY_new()
backend.openssl_assert(ec_key != backend._ffi.NULL)
ec_key = backend._ffi.gc(ec_key, backend._lib.EC_KEY_free)
res = backend._lib.EC_KEY_set_group(ec_key, self.group)
backend.openssl_assert(res == 1)
res = backend._lib.EC_KEY_set_private_key(ec_key, self.bignum)
backend.openssl_assert(res == 1)
# Get public key
point = backend._lib.EC_POINT_new(self.group)
backend.openssl_assert(point != backend._ffi.NULL)
point = backend._ffi.gc(point, backend._lib.EC_POINT_free)
with backend._tmp_bn_ctx() as bn_ctx:
res = backend._lib.EC_POINT_mul(
self.group, point, self.bignum, backend._ffi.NULL,
backend._ffi.NULL, bn_ctx
)
backend.openssl_assert(res == 1)
res = backend._lib.EC_KEY_set_public_key(ec_key, point)
backend.openssl_assert(res == 1)
evp_pkey = backend._ec_cdata_to_evp_pkey(ec_key)
return _EllipticCurvePrivateKey(backend, ec_key, evp_pkey)
def to_cryptography_privkey(self):
"""
Returns a cryptography.io EllipticCurvePrivateKey from the Umbral key.
"""
backend = default_backend()
backend.openssl_assert(self.bn_key.group != backend._ffi.NULL)
backend.openssl_assert(self.bn_key.bignum != backend._ffi.NULL)
ec_key = backend._lib.EC_KEY_new()
backend.openssl_assert(ec_key != backend._ffi.NULL)
ec_key = backend._ffi.gc(ec_key, backend._lib.EC_KEY_free)
set_group_result = backend._lib.EC_KEY_set_group(
ec_key, self.bn_key.group)
backend.openssl_assert(set_group_result == 1)
set_privkey_result = backend._lib.EC_KEY_set_private_key(
ec_key, self.bn_key.bignum)
backend.openssl_assert(set_privkey_result == 1)
# Get public key
point = openssl._get_new_EC_POINT(ec_group=self.bn_key.group)
with backend._tmp_bn_ctx() as bn_ctx:
mult_result = backend._lib.EC_POINT_mul(self.bn_key.group, point,
self.bn_key.bignum,
backend._ffi.NULL,
backend._ffi.NULL, bn_ctx)
backend.openssl_assert(mult_result == 1)
set_pubkey_result = backend._lib.EC_KEY_set_public_key(ec_key, point)
backend.openssl_assert(set_pubkey_result == 1)
evp_pkey = backend._ec_cdata_to_evp_pkey(ec_key)
return _EllipticCurvePrivateKey(backend, ec_key, evp_pkey)
def _evp_pkey_to_private_key(self, evp_pkey):
"""
Return the appropriate type of PrivateKey given an evp_pkey cdata
pointer.
"""
type = evp_pkey.type
if type == self._lib.EVP_PKEY_RSA:
rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
return _RSAPrivateKey(self, rsa_cdata)
elif type == self._lib.EVP_PKEY_DSA:
dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
assert dsa_cdata != self._ffi.NULL
dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
return _DSAPrivateKey(self, dsa_cdata)
elif (self._lib.Cryptography_HAS_EC == 1 and
type == self._lib.EVP_PKEY_EC):
ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
assert ec_cdata != self._ffi.NULL
ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
return _EllipticCurvePrivateKey(self, ec_cdata)
else:
raise UnsupportedAlgorithm("Unsupported key type.")
def _bignum_to_private_key(backend, group, bignum) -> _EllipticCurvePrivateKey:
"""
Turns an OpenSSL BIGNUM into an EllipticCurvePrivateKey and returns it.
"""
backend.openssl_assert(group != backend._ffi.NULL)
backend.openssl_assert(bignum != backend._ffi.NULL)
ec_key = backend._lib.EC_KEY_new()
backend.openssl_assert(ec_key != backend._ffi.NULL)
ec_key = backend._ffi.gc(ec_key, backend._lib.EC_KEY_free)
res = backend._lib.EC_KEY_set_group(ec_key, group)
backend.openssl_assert(res == 1)
res = backend._lib.EC_KEY_set_private_key(ec_key, bignum)
backend.openssl_assert(res == 1)
# Get public key
point = backend._lib.EC_POINT_new(group)
backend.openssl_assert(point != backend._ffi.NULL)
point = backend._ffi.gc(point, backend._lib.EC_POINT_free)
with backend._tmp_bn_ctx() as bn_ctx:
res = backend._lib.EC_POINT_mul(
group, point, bignum, backend._ffi.NULL, backend._ffi.NULL, bn_ctx
)
backend.openssl_assert(res == 1)
res = backend._lib.EC_KEY_set_public_key(ec_key, point)
backend.openssl_assert(res == 1)
evp_pkey = backend._ec_cdata_to_evp_pkey(ec_key)
return _EllipticCurvePrivateKey(backend, ec_key, evp_pkey)
def generate_elliptic_curve_private_key(self, curve):
"""
Generate a new private key on the named curve.
"""
if self.elliptic_curve_supported(curve):
curve_nid = self._elliptic_curve_to_nid(curve)
ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid)
assert ec_cdata != self._ffi.NULL
ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
res = self._lib.EC_KEY_generate_key(ec_cdata)
assert res == 1
res = self._lib.EC_KEY_check_key(ec_cdata)
assert res == 1
evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata)
return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey)
else:
raise UnsupportedAlgorithm(
"Backend object does not support {0}.".format(curve.name),
_Reasons.UNSUPPORTED_ELLIPTIC_CURVE
)
def bn_to_privkey(curve: Curve, bn):
ec_key = BACKEND_LIB.EC_KEY_new()
backend.openssl_assert(ec_key != BACKEND_FFI.NULL)
ec_key = BACKEND_FFI.gc(ec_key, BACKEND_LIB.EC_KEY_free)
set_group_result = BACKEND_LIB.EC_KEY_set_group(ec_key, curve.ec_group)
backend.openssl_assert(set_group_result == 1)
set_privkey_result = BACKEND_LIB.EC_KEY_set_private_key(ec_key, bn)
backend.openssl_assert(set_privkey_result == 1)
evp_pkey = backend._ec_cdata_to_evp_pkey(ec_key)
return _EllipticCurvePrivateKey(backend, ec_key, evp_pkey)
def load_elliptic_curve_private_numbers(self, numbers):
public = numbers.public_numbers
curve_nid = self._elliptic_curve_to_nid(public.curve)
ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid)
assert ec_cdata != self._ffi.NULL
ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
ec_cdata = self._ec_key_set_public_key_affine_coordinates(
ec_cdata, public.x, public.y)
res = self._lib.EC_KEY_set_private_key(
ec_cdata, self._int_to_bn(numbers.private_value))
assert res == 1
return _EllipticCurvePrivateKey(self, ec_cdata)
def load_elliptic_curve_private_numbers(self, numbers):
public = numbers.public_numbers
curve_nid = self._elliptic_curve_to_nid(public.curve)
ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid)
assert ec_cdata != self._ffi.NULL
ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
ec_cdata = self._ec_key_set_public_key_affine_coordinates(
ec_cdata, public.x, public.y)
res = self._lib.EC_KEY_set_private_key(
ec_cdata, self._int_to_bn(numbers.private_value))
assert res == 1
return _EllipticCurvePrivateKey(self, ec_cdata)
def elliptic_curve_private_key_from_numbers(self, numbers):
public = numbers.public_numbers
curve_nid = self._elliptic_curve_to_nid(public.curve)
ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid)
assert ctx != self._ffi.NULL
ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free)
ctx = self._ec_key_set_public_key_affine_coordinates(
ctx, public.x, public.y)
res = self._lib.EC_KEY_set_private_key(
ctx, self._int_to_bn(numbers.private_value))
assert res == 1
return _EllipticCurvePrivateKey(self, ctx,
numbers.public_numbers.curve)
def elliptic_curve_private_key_from_numbers(self, numbers):
public = numbers.public_numbers
curve_nid = self._elliptic_curve_to_nid(public.curve)
ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid)
assert ctx != self._ffi.NULL
ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free)
ctx = self._ec_key_set_public_key_affine_coordinates(
ctx, public.x, public.y)
res = self._lib.EC_KEY_set_private_key(
ctx, self._int_to_bn(numbers.private_value))
assert res == 1
return _EllipticCurvePrivateKey(self, ctx,
numbers.public_numbers.curve)
def generate_elliptic_curve_private_key(self, curve):
"""
Generate a new private key on the named curve.
"""
if self.elliptic_curve_supported(curve):
curve_nid = self._elliptic_curve_to_nid(curve)
ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid)
assert ctx != self._ffi.NULL
ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free)
res = self._lib.EC_KEY_generate_key(ctx)
assert res == 1
res = self._lib.EC_KEY_check_key(ctx)
assert res == 1
return _EllipticCurvePrivateKey(self, ctx, curve)
else:
raise UnsupportedAlgorithm(
"Backend object does not support {0}.".format(curve.name),
_Reasons.UNSUPPORTED_ELLIPTIC_CURVE)
def elliptic_curve_private_key_from_numbers(self, numbers):
ec_key = self._ec_key_cdata_from_private_numbers(numbers)
return _EllipticCurvePrivateKey(self, ec_key,
numbers.public_numbers.curve)