|
- from cryptography.exceptions import InvalidSignature
-
- from Crypto.PublicKey import ECC
- from Crypto.Protocol.DH import _compute_ecdh
- from Crypto.Signature import DSS
-
- # https://www.pycryptodome.org/src/public_key/ecc#
-
- SECP256R1 = lambda: 'secp256r1'
-
- class ECDSA:
- def __init__(self, algorithm):
- self._algo = algorithm
-
- class ECDH:
- pass
-
- class EllipticCurvePrivateNumbers:
- def __init__(self, key):
- self._key = key
-
- @property
- def public_numbers(self):
- return self._key._ecc.pointQ
-
- @property
- def private_value(self):
- return self._key._ecc.d
-
- class ECCWrapper:
- def __init__(self, ecckey):
- self._ecc = ecckey
-
- def private_numbers(self):
- return EllipticCurvePrivateNumbers(self)
-
- def public_key(self):
- return EllipticCurvePublicKey(self._ecc.public_key())
-
- _format_to_compress = dict(nocompress=False, compress=True)
- def public_bytes(self, encoding, format):
- return self.public_key()._ecc.export_key(format=encoding, compress=self._format_to_compress[format])
-
- def private_bytes(self, encoding, format, encryption_algorithm):
- return self._ecc.export_key(format=encoding, compress=format)
-
- # https://www.pycryptodome.org/src/protocol/dh
- def exchange(self, typ, pubkey):
- assert isinstance(typ, ECDH)
-
- return _compute_ecdh(self._ecc, pubkey._ecc)
-
- @classmethod
- def generate_private_key(cls, keytype, backend=None):
- if callable(keytype):
- keytype = keytype()
-
- return cls(ECC.generate(curve=keytype))
-
- def sign(self, data, signature_algorithm):
- h = signature_algorithm._algo.new(data)
-
- signer = DSS.new(self._ecc, 'fips-186-3', 'der')
-
- return signer.sign(h)
-
- def verify(self, signature, data, signature_algorithm):
- h = signature_algorithm._algo.new(data)
-
- verifier = DSS.new(self._ecc, 'fips-186-3', 'der')
-
- try:
- verifier.verify(h, signature)
- except ValueError:
- raise InvalidSignature
-
- class EllipticCurvePublicKey(ECCWrapper):
- @classmethod
- def from_encoded_point(cls, curve, key):
- return cls(ECC.import_key(key, curve_name=curve))
-
- generate_private_key = ECCWrapper.generate_private_key
-
- def load_der_private_key(key, password, backend=None):
- if password is not None:
- raise ValueError('unsupported')
- return ECCWrapper(ECC.import_key(key))
|
