From 3677e48bd3f4248128e6bb2a6c2cba3fb3835f0d Mon Sep 17 00:00:00 2001 From: David Buchanan Date: Sat, 2 Mar 2024 14:56:01 +0000 Subject: [PATCH 1/5] expose EC_GROUP_get_order --- src/_cffi_src/openssl/ec.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/_cffi_src/openssl/ec.py b/src/_cffi_src/openssl/ec.py index 9450b1262609..3db0a38d51c8 100644 --- a/src/_cffi_src/openssl/ec.py +++ b/src/_cffi_src/openssl/ec.py @@ -15,6 +15,7 @@ int nid; const char *comment; } EC_builtin_curve; +typedef ... EC_GROUP; """ FUNCTIONS = """ @@ -23,6 +24,12 @@ void EC_KEY_free(EC_KEY *); EC_KEY *EC_KEY_new_by_curve_name(int); + +EC_GROUP *EC_GROUP_new_by_curve_name(int); + +int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *, BN_CTX *); + +void EC_GROUP_free(EC_GROUP *); """ CUSTOMIZATIONS = """ From a1ef8fa2302094e43412ae74dacdc1bc4deae2be Mon Sep 17 00:00:00 2001 From: David Buchanan Date: Sat, 2 Mar 2024 15:09:27 +0000 Subject: [PATCH 2/5] add openssl Backend.elliptic_curve_group_order --- .../hazmat/backends/openssl/backend.py | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index eaaaf783f1c5..287d1071aa12 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -318,6 +318,30 @@ def elliptic_curve_exchange_algorithm_supported( algorithm, ec.ECDH ) + def elliptic_curve_group_order(self, curve: ec.EllipticCurve) -> int: + group = self._lib.EC_GROUP_new_by_curve_name(self._lib.OBJ_txt2nid(curve.name.encode())) + + if not group: + raise Exception("EC_GROUP_new_by_curve_name failed") + + bn = self._lib.BN_new() + + if not bn: + self._lib.EC_GROUP_free(group) + raise Exception("BN_new failed") + + if self._lib.EC_GROUP_get_order(group, bn, self._ffi.NULL) != 1: + self._lib.BN_free(bn) + self._lib.EC_GROUP_free(group) + raise Exception("EC_GROUP_get_order failed") + + group_order = int(backend._ffi.string(self._lib.BN_bn2hex(bn)), 16) + + self._lib.BN_free(bn) + self._lib.EC_GROUP_free(group) + return group_order + + def dh_supported(self) -> bool: return not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL From 2c1499c4aadc29eeb9c863d221abdd3dc715928e Mon Sep 17 00:00:00 2001 From: David Buchanan Date: Sat, 2 Mar 2024 15:16:33 +0000 Subject: [PATCH 3/5] hack: implement EllipticCurve.group_order property --- src/cryptography/hazmat/primitives/asymmetric/ec.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py index da1fbea13a6e..c327ddaed98c 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/ec.py +++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py @@ -52,6 +52,15 @@ def key_size(self) -> int: Bit size of a secret scalar for the curve. """ + @property + def group_order(self) -> int: + """ + The order of the curve's group + """ + from cryptography.hazmat.backends.openssl.backend import backend + return backend.elliptic_curve_group_order(self) + + class EllipticCurveSignatureAlgorithm(metaclass=abc.ABCMeta): @property From b42d62ef18267f996645dfbf3e0dce45699ccfb5 Mon Sep 17 00:00:00 2001 From: David Buchanan Date: Sat, 2 Mar 2024 15:19:19 +0000 Subject: [PATCH 4/5] formatting --- src/cryptography/hazmat/backends/openssl/backend.py | 4 +++- src/cryptography/hazmat/primitives/asymmetric/ec.py | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 287d1071aa12..9813318d1825 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -319,7 +319,9 @@ def elliptic_curve_exchange_algorithm_supported( ) def elliptic_curve_group_order(self, curve: ec.EllipticCurve) -> int: - group = self._lib.EC_GROUP_new_by_curve_name(self._lib.OBJ_txt2nid(curve.name.encode())) + group = self._lib.EC_GROUP_new_by_curve_name( + self._lib.OBJ_txt2nid(curve.name.encode()) + ) if not group: raise Exception("EC_GROUP_new_by_curve_name failed") diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py index c327ddaed98c..71c467b8a3e6 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/ec.py +++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py @@ -58,6 +58,7 @@ def group_order(self) -> int: The order of the curve's group """ from cryptography.hazmat.backends.openssl.backend import backend + return backend.elliptic_curve_group_order(self) From d600155ce3e75fc1f3519537c112df0147766931 Mon Sep 17 00:00:00 2001 From: David Buchanan Date: Mon, 18 Mar 2024 01:06:37 +0000 Subject: [PATCH 5/5] more formatting --- src/cryptography/hazmat/backends/openssl/backend.py | 1 - src/cryptography/hazmat/primitives/asymmetric/ec.py | 1 - 2 files changed, 2 deletions(-) diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 33a0fd258252..512555d1d74d 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -343,7 +343,6 @@ def elliptic_curve_group_order(self, curve: ec.EllipticCurve) -> int: self._lib.EC_GROUP_free(group) return group_order - def dh_supported(self) -> bool: return not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py index 71c467b8a3e6..84e590f9e807 100644 --- a/src/cryptography/hazmat/primitives/asymmetric/ec.py +++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py @@ -62,7 +62,6 @@ def group_order(self) -> int: return backend.elliptic_curve_group_order(self) - class EllipticCurveSignatureAlgorithm(metaclass=abc.ABCMeta): @property @abc.abstractmethod