coord function

DmitriyMusatkin · DmitriyMusatkin · commit c21d650126d6 · 2025-10-28T10:40:59.000-07:00
diff --git a/awscrt/crypto.py b/awscrt/crypto.py
@@ -249,6 +249,9 @@ class ECRawSignature(NamedTuple):
     r: bytes
     s: bytes
 
+class ECPublicCoords(NamedTuple):
+    x: bytes
+    y: bytes
 
 class EC(NativeResource):
     def __init__(self, binding):
@@ -293,6 +296,13 @@ def export_key(self, export_format: ECExportFormat) -> bytes:
         Exports the key in specified format.
         """
         return _awscrt.ec_export_key(self._binding, export_format)
+    
+    def get_public_coords(self, export_format: ECExportFormat) -> ECPublicCoords:
+        """
+        Get public coords of the key
+        """
+        (x, y) = _awscrt.ec_get_public_coords(self._binding, export_format)
+        return ECPublicCoords(x=x, y=y)
 
     def sign(self, digest: Union[bytes, bytearray, memoryview]) -> bytes:
         """
diff --git a/setup.py b/setup.py
@@ -375,6 +375,33 @@ def _build_dependencies(self):
 
         self.library_dirs.insert(0, os.path.join(install_path, lib_dir))
 
+    def build_extension(self, ext):
+
+        # Warning: very hacky. feel free to replace with something cleaner
+        # Problem: if you install python through homebrew, python config ldflags
+        # will point to homebrew lib folder.
+        # setuptools puts python ldflags before any of our lib paths, so if there is openssl or
+        # another libcrypto in homebrew libs, it will get picked up before aws-lc we are building against.
+        # And then we have fun failures due to lib mismatch.
+        # I could not find a cleaner way, so lets just hook into linker command and make sure
+        # our libs appear before other libs.
+        if sys.platform == 'darwin' and using_libcrypto() and not using_system_libs() and not using_system_libcrypto():
+
+            orig_linker_so = self.compiler.linker_so[:]
+
+            for i, item in enumerate(self.compiler.linker_so):
+                if item.startswith('-L'):
+                    self.compiler.linker_so[i:i] = [
+                        f"-L{item}" for item in self.library_dirs] + ['-Wl,-search_paths_first']
+                    break
+
+            try:
+                super().build_extension(ext)
+            finally:
+                self.compiler.linker_so = orig_linker_so
+        else:
+            super().build_extension(ext)
+
     def run(self):
         if using_system_libs():
             print("Skip building dependencies")
diff --git a/source/crypto.c b/source/crypto.c
@@ -110,7 +110,7 @@ PyObject *aws_py_hash_update(PyObject *self, PyObject *args) {
     const char *to_hash_c_str;
     Py_ssize_t to_hash_len;
 
-    if (!PyArg_ParseTuple(args, "Os#", &hash_capsule, &to_hash_c_str, &to_hash_len)) {
+    if (!PyArg_ParseTuple(args, "Oy#", &hash_capsule, &to_hash_c_str, &to_hash_len)) {
         return PyErr_AwsLastError();
     }
 
@@ -179,7 +179,7 @@ PyObject *aws_py_sha256_hmac_new(PyObject *self, PyObject *args) {
     const char *secret_ptr;
     Py_ssize_t secret_len;
 
-    if (!PyArg_ParseTuple(args, "s#", &secret_ptr, &secret_len)) {
+    if (!PyArg_ParseTuple(args, "y#", &secret_ptr, &secret_len)) {
         return PyErr_AwsLastError();
     }
 
@@ -202,7 +202,7 @@ PyObject *aws_py_hmac_update(PyObject *self, PyObject *args) {
     const char *to_hmac_ptr;
     Py_ssize_t to_hmac_len;
 
-    if (!PyArg_ParseTuple(args, "Os#", &hmac_capsule, &to_hmac_ptr, &to_hmac_len)) {
+    if (!PyArg_ParseTuple(args, "Oy#", &hmac_capsule, &to_hmac_ptr, &to_hmac_len)) {
         return PyErr_AwsLastError();
     }
 
@@ -273,7 +273,7 @@ PyObject *aws_py_rsa_private_key_from_pem_data(PyObject *self, PyObject *args) {
     (void)self;
 
     struct aws_byte_cursor pem_data_cur;
-    if (!PyArg_ParseTuple(args, "s#", &pem_data_cur.ptr, &pem_data_cur.len)) {
+    if (!PyArg_ParseTuple(args, "y#", &pem_data_cur.ptr, &pem_data_cur.len)) {
         return NULL;
     }
 
@@ -323,7 +323,7 @@ PyObject *aws_py_rsa_public_key_from_pem_data(PyObject *self, PyObject *args) {
     (void)self;
 
     struct aws_byte_cursor pem_data_cur;
-    if (!PyArg_ParseTuple(args, "s#", &pem_data_cur.ptr, &pem_data_cur.len)) {
+    if (!PyArg_ParseTuple(args, "y#", &pem_data_cur.ptr, &pem_data_cur.len)) {
         return NULL;
     }
 
@@ -425,7 +425,7 @@ PyObject *aws_py_rsa_encrypt(PyObject *self, PyObject *args) {
     PyObject *rsa_capsule = NULL;
     int encrypt_algo = 0;
     struct aws_byte_cursor plaintext_cur;
-    if (!PyArg_ParseTuple(args, "Ois#", &rsa_capsule, &encrypt_algo, &plaintext_cur.ptr, &plaintext_cur.len)) {
+    if (!PyArg_ParseTuple(args, "Oiy#", &rsa_capsule, &encrypt_algo, &plaintext_cur.ptr, &plaintext_cur.len)) {
         return NULL;
     }
 
@@ -793,6 +793,7 @@ PyObject *aws_py_ec_encode_signature(PyObject *self, PyObject *args) {
         return NULL;
     }
 
+    /* Note: PyBytes_Check does not null check, hence explicit null check before. */
     if (!PyBytes_Check(r_bytes) || !PyBytes_Check(s_bytes)) {
         PyErr_SetString(PyExc_TypeError, "r and s must be bytes");
         Py_DECREF(r_bytes);
@@ -836,7 +837,7 @@ PyObject *aws_py_ec_decode_signature(PyObject *self, PyObject *args) {
     (void)self;
 
     struct aws_byte_cursor signature_cur;
-    if (!PyArg_ParseTuple(args, "s#", &signature_cur.ptr, &signature_cur.len)) {
+    if (!PyArg_ParseTuple(args, "y#", &signature_cur.ptr, &signature_cur.len)) {
         return NULL;
     }
 
@@ -857,3 +858,35 @@ PyObject *aws_py_ec_decode_signature(PyObject *self, PyObject *args) {
 
     return result;
 }
+
+PyObject *aws_py_ec_get_public_coords(PyObject *self, PyObject *args) {
+    (void)self;
+
+    struct aws_allocator *allocator = aws_py_get_allocator();
+    PyObject *ec_capsule = NULL;
+    struct aws_byte_cursor digest_cur;
+    if (!PyArg_ParseTuple(args, "O", &ec_capsule)) {
+        return NULL;
+    }
+
+    struct aws_ecc_key_pair *ec = PyCapsule_GetPointer(ec_capsule, s_capsule_name_ec);
+    if (ec == NULL) {
+        return NULL;
+    }
+
+    struct aws_byte_cursor x_cur = {0};
+    struct aws_byte_cursor y_cur = {0};
+    if (aws_ecc_key_pair_get_public_key(ec, &x_cur, &y_cur)) {
+        return PyErr_AwsLastError();
+    }
+
+    PyObject *result = PyTuple_New(2);
+    if (!result) {
+        return NULL;
+    }
+
+    PyTuple_SetItem(result, 0, PyBytes_FromStringAndSize((char *)x_cur.ptr, x_cur.len));
+    PyTuple_SetItem(result, 1, PyBytes_FromStringAndSize((char *)y_cur.ptr, y_cur.len));
+
+    return result;
+}
diff --git a/source/module.c b/source/module.c
@@ -830,6 +830,7 @@ static PyMethodDef s_module_methods[] = {
     AWS_PY_METHOD_DEF(ec_verify, METH_VARARGS),
     AWS_PY_METHOD_DEF(ec_encode_signature, METH_VARARGS),
     AWS_PY_METHOD_DEF(ec_decode_signature, METH_VARARGS),
+    AWS_PY_METHOD_DEF(ec_get_public_coords, METH_VARARGS),
 
     /* Checksum primitives */
     AWS_PY_METHOD_DEF(checksums_crc32, METH_VARARGS),
diff --git a/test/test_crypto.py b/test/test_crypto.py
@@ -367,6 +367,21 @@ def test_ec_asn1_signing_roundtrip(self):
         ec = EC.new_key_from_der_data(base64.b64decode(EC_PRIVATE_KEY_SEC1_BASE64))
         signature = ec.sign(digest)
 
+        (x, y) = ec.get_public_coords();
+
+        expected_x = bytes([0xbf, 0x61, 0x63, 0x46, 0x93, 0x2d, 0x00, 0x33,
+                            0x19, 0xe3, 0x3a, 0x19, 0xc6, 0xc8, 0x55, 0xf5,
+                            0xc8, 0x44, 0x91, 0xe9, 0x9b, 0x83, 0x36, 0x67,
+                            0x5d, 0x25, 0x0d, 0x7b, 0xe0, 0xc0, 0xf1, 0xd2])
+        
+        expected_y = bytes([0xaa, 0x5c, 0xdf, 0xfb, 0xa9, 0x37, 0x19, 0x8d,
+                            0x82, 0x47, 0x28, 0x88, 0xbe, 0x46, 0x7f, 0x3c,
+                            0xcd, 0x41, 0xaa, 0x08, 0x9a, 0x37, 0x0d, 0x61,
+                            0x7f, 0x5f, 0xeb, 0x9f, 0x55, 0xf7, 0x54, 0xda])
+        
+        self.assertEqual(x, expected_x)
+        self.assertEqual(y, expected_y)
+
         (r, s) = EC.decode_der_signature(signature)
         self.assertEqual(signature, EC.encode_raw_signature(ECRawSignature(r=r, s=s)))
         print(base64.b64encode(signature))
