I am trying to use the EC arithmetic operations in OpenSSL by using the cryptography python package's default_backend.
I need to perform point multiplication, addition, etc. on the public keys that cryptography uses. I am not familiar with the OpenSSL API at all, so I found this old repository which tries to do exactly what I need to do: https://github.com/tuxxy/hazmat-math
Unfortunately, the repo above is dead and the author inactive so I don't expect an answer from them, hence my question.
Unfortunately, when I try to execute the following code
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec, utils
from hazmat_math import operations as ops
nist256 = ec.SECP256R1()
priv = ec.generate_private_key(nist256, default_backend())
pub = priv.public_key()
pub2 = ops.EC_POINT_MUL(pub, priv)
I get the following error:
Traceback (most recent call last):
File "/home/gidavid/Documents/eVoting/test_bench/test_arithmetic.py", line 11, in <module>
pub2 = ops.EC_POINT_MUL(pub, priv)
File "/home/gidavid/Documents/eVoting/test_bench/venv/lib/python3.8/site-packages/hazmat_math/operations.py", line 190, in EC_POINT_MUL
return _point_to_public_key(backend, group, prod)
File "/home/gidavid/Documents/eVoting/test_bench/venv/lib/python3.8/site-packages/hazmat_math/utils.py", line 53, in _point_to_public_key
res = backend._lib.EC_KEY_set_group(ec_key, group)
AttributeError: module 'lib' has no attribute 'EC_KEY_set_group'
I suspected this might be to do with OpenSSL version as the EC_KEY_set_group function was deprecated in v3.0.0 as per the documentation https://www.openssl.org/docs/man3.0/man3/EC_KEY_set_public_key.html However, opening a Python shell and getting the OpenSSL version number returns:
>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 1.1.1f 31 Mar 2020'
Attempting to discern if the cryptography library is somehow using a different version of OpenSSL than my Python installation:
>>> from cryptography.hazmat.backends import default_backend
>>> d = default_backend()
>>> d._binding.lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
1
which implies it is in fact 3.0.0 or greater, and therefore the function is deprecated.
This leaves me with two options by my reckoning:
- Try and track down the OpenSSL installation used by the cryptography package and mess with it so that I can use deprecated functions
- Try and revert it to an earlier openssl version
- Take a completely different approach to getting constant time point multiplication on EC curves
Any input is greatly appreciated
