a Me @sddlmZddlmZddlmZmZddlmZm Z ddl m Z ddl m Z Gddde ZGd d d eZGd d d eZGd ddeZGdddeZGdddeZdS))default_backend)hashes)ecutils)CryptographyPrivateKeyCryptographyPublicKey) Algorithm)DNSKEYc@sveZdZUejed<ejZeed<ej ed<ej ed<e ed<e e dddd Z e d d d Zeedd ddZdS) PublicECDSAkey algorithm chosen_hashcurveoctetsN) signaturedatareturncCsT|d|j}||jd}tt|dt|d}|j||t|j dS)Nrbig) rrZencode_dss_signatureint from_bytesr verifyrECDSAr )selfrrZsig_rZsig_sZsigr8/usr/lib/python3.9/site-packages/dns/dnssecalgs/ecdsa.pyrs zPublicECDSA.verifyrcCs*|j}|j|jd|j|jdS)z,Encode a public key per RFC 6605, section 4.r)r Zpublic_numbersxto_bytesry)rZpnrrrencode_key_bytess zPublicECDSA.encode_key_bytes)r rcCs`|||jd|j}|j|j|jd}|tj|jt|dt|ddt dS)Nrr)rrrr ) Z!_ensure_algorithm_key_combinationr rrZEllipticCurvePublicNumbersrrr public_keyr)clsr Zecdsa_xZecdsa_yrrr from_dnskeys   zPublicECDSA.from_dnskey)__name__ __module__ __qualname__rZEllipticCurvePublicKey__annotations__key_clsrrZ HashAlgorithmZ EllipticCurverbytesrr classmethodr r$rrrrr s    r c@sHeZdZUejed<ejZeZd e e e dddZ e ddddZ d S) PrivateECDSAr F)rrrcCsf|j|t|jj}t|\}}tj ||jj ddtj ||jj dd}|rb| |||S)z1Sign using a private key per RFC 6605, section 4.r)length byteorder) r signrr public_clsr rZdecode_dss_signaturerrrr"r)rrrZ der_signatureZdsa_rZdsa_srrrrr/2s zPrivateECDSA.signrcCs|tj|jjtddS)N)rZbackendr!)rZgenerate_private_keyr0rr)r#rrrgenerate=s  zPrivateECDSA.generateN)F)r%r&r'rZEllipticCurvePrivateKeyr(r)r r0r*boolr/r+r1rrrrr,-s   r,c@s&eZdZejZeZe Z dZ dS)PublicECDSAP256SHA256 N) r%r&r'rZECDSAP256SHA256r rZSHA256r rZ SECP256R1rrrrrrr3Fsr3c@seZdZeZdS)PrivateECDSAP256SHA256N)r%r&r'r3r0rrrrr5Msr5c@s&eZdZejZeZe Z dZ dS)PublicECDSAP384SHA3840N) r%r&r'rZECDSAP384SHA384r rZSHA384r rZ SECP384R1rrrrrrr6Qsr6c@seZdZeZdS)PrivateECDSAP384SHA384N)r%r&r'r6r0rrrrr8Xsr8N)Zcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrrZdns.dnssecalgs.cryptographyrrZdns.dnssectypesrZdns.rdtypes.ANY.DNSKEYr r r,r3r5r6r8rrrrs    #