Consistently use EllipticCurve instances in various places (#10189)

2026-05-14 20:37:55 +00:00 · 2024-01-17 11:03:56 -05:00 · 2024-01-17 11:03:56 -05:00 · 895cddf591
commit 895cddf591
parent 376a266cef
4 changed files with 51 additions and 56 deletions
--- a/src/cryptography/hazmat/primitives/asymmetric/ec.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py
@ -290,28 +290,28 @@ class BrainpoolP512R1(EllipticCurve):
    key_size = 512


-_CURVE_TYPES: dict[str, type[EllipticCurve]] = {
-    "prime192v1": SECP192R1,
-    "prime256v1": SECP256R1,
-    "secp192r1": SECP192R1,
-    "secp224r1": SECP224R1,
-    "secp256r1": SECP256R1,
-    "secp384r1": SECP384R1,
-    "secp521r1": SECP521R1,
-    "secp256k1": SECP256K1,
-    "sect163k1": SECT163K1,
-    "sect233k1": SECT233K1,
-    "sect283k1": SECT283K1,
-    "sect409k1": SECT409K1,
-    "sect571k1": SECT571K1,
-    "sect163r2": SECT163R2,
-    "sect233r1": SECT233R1,
-    "sect283r1": SECT283R1,
-    "sect409r1": SECT409R1,
-    "sect571r1": SECT571R1,
-    "brainpoolP256r1": BrainpoolP256R1,
-    "brainpoolP384r1": BrainpoolP384R1,
-    "brainpoolP512r1": BrainpoolP512R1,
+_CURVE_TYPES: dict[str, EllipticCurve] = {
+    "prime192v1": SECP192R1(),
+    "prime256v1": SECP256R1(),
+    "secp192r1": SECP192R1(),
+    "secp224r1": SECP224R1(),
+    "secp256r1": SECP256R1(),
+    "secp384r1": SECP384R1(),
+    "secp521r1": SECP521R1(),
+    "secp256k1": SECP256K1(),
+    "sect163k1": SECT163K1(),
+    "sect233k1": SECT233K1(),
+    "sect283k1": SECT283K1(),
+    "sect409k1": SECT409K1(),
+    "sect571k1": SECT571K1(),
+    "sect163r2": SECT163R2(),
+    "sect233r1": SECT233R1(),
+    "sect283r1": SECT283R1(),
+    "sect409r1": SECT409R1(),
+    "sect571r1": SECT571R1(),
+    "brainpoolP256r1": BrainpoolP256R1(),
+    "brainpoolP384r1": BrainpoolP384R1(),
+    "brainpoolP512r1": BrainpoolP512R1(),
 }


--- a/src/rust/src/backend/ec.rs
+++ b/src/rust/src/backend/ec.rs
@ -106,7 +106,7 @@ fn py_curve_from_curve<'p>(
        ));
    }

-    Ok(types::CURVE_TYPES
+    types::CURVE_TYPES
        .get(py)?
        .extract::<&pyo3::types::PyDict>()?
        .get_item(name)?
@ -115,8 +115,7 @@ fn py_curve_from_curve<'p>(
                format!("{name} is not a supported elliptic curve"),
                exceptions::Reasons::UNSUPPORTED_ELLIPTIC_CURVE,
            )))
-        })?
-        .call0()?)
+        })
 }

 fn check_key_infinity(
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@ -41,18 +41,18 @@ _HASH_TYPES: typing.Dict[str, typing.Type[hashes.HashAlgorithm]] = {
 }


-def _skip_ecdsa_vector(backend, curve_type, hash_type):
+def _skip_ecdsa_vector(backend, curve: ec.EllipticCurve, hash_type):
    if not backend.elliptic_curve_signature_algorithm_supported(
-        ec.ECDSA(hash_type()), curve_type()
+        ec.ECDSA(hash_type()), curve
    ):
        pytest.skip(
            "ECDSA not supported with this hash {} and curve {}.".format(
-                hash_type().name, curve_type().name
+                hash_type().name, curve.name
            )
        )


-def _skip_curve_unsupported(backend, curve):
+def _skip_curve_unsupported(backend, curve: ec.EllipticCurve):
    if not backend.elliptic_curve_supported(curve):
        pytest.skip(
            f"Curve {curve.name} is not supported by this backend {backend}"
@ -95,7 +95,7 @@ def test_skip_exchange_algorithm_unsupported(backend):

 def test_skip_ecdsa_vector(backend):
    with pytest.raises(pytest.skip.Exception):
-        _skip_ecdsa_vector(backend, DummyCurve, hashes.SHA256)
+        _skip_ecdsa_vector(backend, DummyCurve(), hashes.SHA256)


 def test_derive_private_key_success(backend):
@ -233,16 +233,14 @@ class TestECWithNumbers:
        )
        for vector, hash_type in vectors:
            with subtests.test():
-                curve_type: typing.Type[ec.EllipticCurve] = ec._CURVE_TYPES[
-                    vector["curve"]
-                ]
+                curve = ec._CURVE_TYPES[vector["curve"]]

-                _skip_ecdsa_vector(backend, curve_type, hash_type)
+                _skip_ecdsa_vector(backend, curve, hash_type)

                key = ec.EllipticCurvePrivateNumbers(
                    vector["d"],
                    ec.EllipticCurvePublicNumbers(
-                        vector["x"], vector["y"], curve_type()
+                        vector["x"], vector["y"], curve
                    ),
                ).private_key(backend)
                assert key
@ -251,7 +249,7 @@ class TestECWithNumbers:
                assert priv_num.private_value == vector["d"]
                assert priv_num.public_numbers.x == vector["x"]
                assert priv_num.public_numbers.y == vector["y"]
-                assert curve_type().name == priv_num.public_numbers.curve.name
+                assert curve.name == priv_num.public_numbers.curve.name


 class TestECDSAVectors:
@ -267,14 +265,14 @@ class TestECDSAVectors:
        )
        for vector, hash_type in vectors:
            with subtests.test():
-                curve_type = ec._CURVE_TYPES[vector["curve"]]
+                curve = ec._CURVE_TYPES[vector["curve"]]

-                _skip_ecdsa_vector(backend, curve_type, hash_type)
+                _skip_ecdsa_vector(backend, curve, hash_type)

                key = ec.EllipticCurvePrivateNumbers(
                    vector["d"],
                    ec.EllipticCurvePublicNumbers(
-                        vector["x"], vector["y"], curve_type()
+                        vector["x"], vector["y"], curve
                    ),
                ).private_key(backend)
                assert key
@ -292,16 +290,16 @@ class TestECDSAVectors:

    @pytest.mark.parametrize("curve", ec._CURVE_TYPES.values())
    def test_generate_vector_curves(self, backend, curve):
-        _skip_curve_unsupported(backend, curve())
+        _skip_curve_unsupported(backend, curve)

-        key = ec.generate_private_key(curve(), backend)
+        key = ec.generate_private_key(curve, backend)
        assert key
-        assert isinstance(key.curve, curve)
+        assert type(key.curve) is type(curve)
        assert key.curve.key_size

        pkey = key.public_key()
        assert pkey
-        assert isinstance(pkey.curve, curve)
+        assert type(pkey.curve) is type(curve)
        assert key.curve.key_size == pkey.curve.key_size

    def test_generate_unknown_curve(self, backend):
@ -469,14 +467,12 @@ class TestECDSAVectors:
        for vector in vectors:
            with subtests.test():
                hash_type = _HASH_TYPES[vector["digest_algorithm"]]
-                curve_type: typing.Type[ec.EllipticCurve] = ec._CURVE_TYPES[
-                    vector["curve"]
-                ]
+                curve = ec._CURVE_TYPES[vector["curve"]]

-                _skip_ecdsa_vector(backend, curve_type, hash_type)
+                _skip_ecdsa_vector(backend, curve, hash_type)

                key = ec.EllipticCurvePublicNumbers(
-                    vector["x"], vector["y"], curve_type()
+                    vector["x"], vector["y"], curve
                ).public_key(backend)

                signature = encode_dss_signature(vector["r"], vector["s"])
@ -491,12 +487,12 @@ class TestECDSAVectors:
        for vector in vectors:
            with subtests.test():
                hash_type = _HASH_TYPES[vector["digest_algorithm"]]
-                curve_type = ec._CURVE_TYPES[vector["curve"]]
+                curve = ec._CURVE_TYPES[vector["curve"]]

-                _skip_ecdsa_vector(backend, curve_type, hash_type)
+                _skip_ecdsa_vector(backend, curve, hash_type)

                key = ec.EllipticCurvePublicNumbers(
-                    vector["x"], vector["y"], curve_type()
+                    vector["x"], vector["y"], curve
                ).public_key(backend)

                signature = encode_dss_signature(vector["r"], vector["s"])
@ -1230,7 +1226,7 @@ class TestECDH:
        for vector in vectors:
            with subtests.test():
                _skip_exchange_algorithm_unsupported(
-                    backend, ec.ECDH(), ec._CURVE_TYPES[vector["curve"]]()
+                    backend, ec.ECDH(), ec._CURVE_TYPES[vector["curve"]]
                )

                key_numbers = vector["IUT"]
@ -1239,7 +1235,7 @@ class TestECDH:
                    ec.EllipticCurvePublicNumbers(
                        key_numbers["x"],
                        key_numbers["y"],
-                        ec._CURVE_TYPES[vector["curve"]](),
+                        ec._CURVE_TYPES[vector["curve"]],
                    ),
                )
                # Errno 5-7 indicates a bad public or private key, this
@ -1255,7 +1251,7 @@ class TestECDH:
                public_numbers = ec.EllipticCurvePublicNumbers(
                    peer_numbers["x"],
                    peer_numbers["y"],
-                    ec._CURVE_TYPES[vector["curve"]](),
+                    ec._CURVE_TYPES[vector["curve"]],
                )
                # Errno 1 and 2 indicates a bad public key, this doesn't test
                # the ECDH code at all
@ -1285,7 +1281,7 @@ class TestECDH:
        ),
    )
    def test_brainpool_kex(self, backend, vector):
-        curve = ec._CURVE_TYPES[vector["curve"].decode("ascii")]()
+        curve = ec._CURVE_TYPES[vector["curve"].decode("ascii")]
        _skip_exchange_algorithm_unsupported(backend, ec.ECDH(), curve)
        key = ec.EllipticCurvePrivateNumbers(
            int(vector["da"], 16),
--- a/tests/hazmat/primitives/test_pkcs12.py
+++ b/tests/hazmat/primitives/test_pkcs12.py
@ -308,7 +308,7 @@ class TestPKCS12Creation:
        ]
        + [
            pytest.param(
-                ec.generate_private_key, ec.EllipticCurvePrivateKey, [curve()]
+                ec.generate_private_key, ec.EllipticCurvePrivateKey, [curve]
            )
            for curve in ec._CURVE_TYPES.values()
        ],