def _loadKey(self, keyName):
"""
Load the private key with name keyName from the key file directory.
:param Name keyName: The name of the key.
:return: The key loaded into a TpmPrivateKey.
:rtype: TpmPrivateKey
"""
key = TpmPrivateKey()
base64Content = None
try:
with open(self._toFilePath(keyName)) as keyFile:
base64Content = keyFile.read()
except Exception as ex:
raise TpmBackEndFile.Error("Error reading private key file: " +
str(ex))
pkcs = base64.b64decode(base64Content)
try:
key.loadPkcs1(pkcs, None)
except Exception as ex:
raise TpmBackEndFile.Error("Error decoding private key file: " +
str(ex))
return key
def test_save_load(self):
for dataSet in self.keyTestData:
# Load the key in PKCS #1 format.
pkcs1 = base64.b64decode(dataSet.privateKeyPkcs1)
key1 = TpmPrivateKey()
key1.loadPkcs1(pkcs1)
# Save the key in PKCS #1 format.
savedPkcs1Key = key1.toPkcs1()
self.assertTrue(savedPkcs1Key.equals(Blob(pkcs1)))
# Load the key in unencrypted PKCS #8 format.
pkcs8 = base64.b64decode(dataSet.privateKeyPkcs8Unencrypted)
key8 = TpmPrivateKey()
key8.loadPkcs8(pkcs8)
# Save the key in unencrypted PKCS #8 format.
savedPkcs8Key = key8.toPkcs8()
self.assertTrue(savedPkcs8Key.equals(Blob(pkcs8)))
password = Blob("password").toBytes()
# Load the key in encrypted PKCS #8 format.
encryptedPkcs8 = base64.b64decode(dataSet.privateKeyPkcs8)
encryptedKey8 = TpmPrivateKey()
encryptedKey8.loadEncryptedPkcs8(encryptedPkcs8, password)
# Save the key in encrypted PKCS #8 format and resave as unencrypted.
savedEncryptedPkcs8Key = encryptedKey8.toEncryptedPkcs8(password)
key8 = TpmPrivateKey()
key8.loadEncryptedPkcs8(savedEncryptedPkcs8Key, password)
resavedPkcs8Key = key8.toPkcs8()
self.assertTrue(resavedPkcs8Key.equals(Blob(pkcs8)))
def derivePublicKey(key):
"""
Use the macOS Keychain key to derive the public key.
:param c_void_p key: The macOS Keychain private key.
:return: The public key encoding Blob.
:rtype: Blob
"""
osx = Osx.get()
exportedKey = None
try:
exportedKey = c_void_p()
res = osx._security.SecItemExport(key, osx._kSecFormatOpenSSL, 0,
None, pointer(exportedKey))
if res != None:
# TODO: check for errSecAuthFailed
raise TpmBackEndOsx.Error("Failed to export the private key")
privateKey = TpmPrivateKey()
privateKey.loadPkcs1(TpmBackEndOsx._CFDataToBlob(exportedKey))
return privateKey.derivePublicKey()
finally:
if exportedKey != None:
cf.CFRelease(exportedKey)
def test_save_load(self):
for dataSet in self.keyTestData:
# Load the key in PKCS #1 format.
pkcs1 = base64.b64decode(dataSet.privateKeyPkcs1)
key1 = TpmPrivateKey()
key1.loadPkcs1(pkcs1)
# Save the key in PKCS #1 format.
savedPkcs1Key = key1.toPkcs1()
self.assertTrue(savedPkcs1Key.equals(Blob(pkcs1)))
# Load the key in unencrypted PKCS #8 format.
pkcs8 = base64.b64decode(dataSet.privateKeyPkcs8Unencrypted)
key8 = TpmPrivateKey()
key8.loadPkcs8(pkcs8)
# Save the key in unencrypted PKCS #8 format.
savedPkcs8Key = key8.toPkcs8()
self.assertTrue(savedPkcs8Key.equals(Blob(pkcs8)))
password = Blob("password").toBytes()
# Load the key in encrypted PKCS #8 format.
encryptedPkcs8 = base64.b64decode(dataSet.privateKeyPkcs8)
encryptedKey8 = TpmPrivateKey()
encryptedKey8.loadEncryptedPkcs8(encryptedPkcs8, password)
# Save the key in encrypted PKCS #8 format and resave as unencrypted.
savedEncryptedPkcs8Key = encryptedKey8.toEncryptedPkcs8(password)
key8 = TpmPrivateKey()
key8.loadEncryptedPkcs8(savedEncryptedPkcs8Key, password)
resavedPkcs8Key = key8.toPkcs8()
self.assertTrue(resavedPkcs8Key.equals(Blob(pkcs8)))
def _loadKey(self, keyName):
"""
Load the private key with name keyName from the key file directory.
:param Name keyName: The name of the key.
:return: The key loaded into a TpmPrivateKey.
:rtype: TpmPrivateKey
"""
key = TpmPrivateKey()
base64Content = None
try:
with open(self._toFilePath(keyName)) as keyFile:
base64Content = keyFile.read()
except Exception as ex:
raise TpmBackEndFile.Error(
"Error reading private key file: " + str(ex))
pkcs = base64.b64decode(base64Content)
try:
key.loadPkcs1(pkcs, None)
except Exception as ex:
raise TpmBackEndFile.Error(
"Error decoding private key file: " + str(ex))
return key
def derivePublicKey(key):
"""
Use the macOS Keychain key to derive the public key.
:param c_void_p key: The macOS Keychain private key.
:return: The public key encoding Blob.
:rtype: Blob
"""
osx = Osx.get()
exportedKey = None
try:
exportedKey = c_void_p()
res = osx._security.SecItemExport(
key, osx._kSecFormatOpenSSL, 0, None, pointer(exportedKey))
if res != None:
# TODO: check for errSecAuthFailed
raise TpmBackEndOsx.Error(
"Failed to export the private key")
privateKey = TpmPrivateKey()
privateKey.loadPkcs1(TpmBackEndOsx._CFDataToBlob(exportedKey))
return privateKey.derivePublicKey()
finally:
if exportedKey != None:
cf.CFRelease(exportedKey)
def test_save_load(self):
for dataSet in self.keyTestData:
# Load the key in PKCS #1 format.
pkcs1 = base64.b64decode(dataSet.privateKeyPkcs1)
key1 = TpmPrivateKey()
key1.loadPkcs1(pkcs1)
# Save the key in PKCS #1 format.
savedPkcs1Key = key1.toPkcs1()
self.assertTrue(savedPkcs1Key.equals(Blob(pkcs1)))
pkcs8 = base64.b64decode(dataSet.privateKeyPkcs8Unencrypted)
key8 = TpmPrivateKey()
key8.loadPkcs8(pkcs8)
# Save the key in PKCS #8 format.
savedPkcs8Key = key8.toPkcs8()
self.assertTrue(savedPkcs8Key.equals(Blob(pkcs8)))
def test_import_export(self):
privateKeyPkcs1Base64 = (
"MIIEpAIBAAKCAQEAw0WM1/WhAxyLtEqsiAJgWDZWuzkYpeYVdeeZcqRZzzfRgBQT\n" +
"sNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobws3iigohnM9yTK+KKiayPhIAm/+5H\n" +
"GT6SgFJhYhqo1/upWdueojil6RP4/AgavHhopxlAVbk6G9VdVnlQcQ5Zv0OcGi73\n" +
"c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9gZwIL5PuE9BiO6I39cL9z7EK1SfZh\n" +
"OWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA9rH58ynaAix0tcR/nBMRLUX+e3rU\n" +
"RHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0ywIDAQABAoIBADQkckOIl4IZMUTn\n" +
"W8LFv6xOdkJwMKC8G6bsPRFbyY+HvC2TLt7epSvfS+f4AcYWaOPcDu2E49vt2sNr\n" +
"cASly8hgwiRRAB3dHH9vcsboiTo8bi2RFvMqvjv9w3tK2yMxVDtmZamzrrnaV3YV\n" +
"Q+5nyKo2F/PMDjQ4eUAKDOzjhBuKHsZBTFnA1MFNI+UKj5X4Yp64DFmKlxTX/U2b\n" +
"wzVywo5hzx2Uhw51jmoLls4YUvMJXD0wW5ZtYRuPogXvXb/of9ef/20/wU11WFKg\n" +
"Xb4gfR8zUXaXS1sXcnVm3+24vIs9dApUwykuoyjOqxWqcHRec2QT2FxVGkFEraze\n" +
"CPa4rMECgYEA5Y8CywomIcTgerFGFCeMHJr8nQGqY2V/owFb3k9maczPnC9p4a9R\n" +
"c5szLxA9FMYFxurQZMBWSEG2JS1HR2mnjigx8UKjYML/A+rvvjZOMe4M6Sy2ggh4\n" +
"SkLZKpWTzjTe07ByM/j5v/SjNZhWAG7sw4/LmPGRQkwJv+KZhGojuOkCgYEA2cOF\n" +
"T6cJRv6kvzTz9S0COZOVm+euJh/BXp7oAsAmbNfOpckPMzqHXy8/wpdKl6AAcB57\n" +
"OuztlNfV1D7qvbz7JuRlYwQ0cEfBgbZPcz1p18HHDXhwn57ZPb8G33Yh9Omg0HNA\n" +
"Imb4LsVuSqxA6NwSj7cpRekgTedrhLFPJ+Ydb5MCgYEAsM3Q7OjILcIg0t6uht9e\n" +
"vrlwTsz1mtCV2co2I6crzdj9HeI2vqf1KAElDt6G7PUHhglcr/yjd8uEqmWRPKNX\n" +
"ddnnfVZB10jYeP/93pac6z/Zmc3iU4yKeUe7U10ZFf0KkiiYDQd59CpLef/2XScS\n" +
"HB0oRofnxRQjfjLc4muNT+ECgYEAlcDk06MOOTly+F8lCc1bA1dgAmgwFd2usDBd\n" +
"Y07a3e0HGnGLN3Kfl7C5i0tZq64HvxLnMd2vgLVxQlXGPpdQrC1TH+XLXg+qnlZO\n" +
"ivSH7i0/gx75bHvj75eH1XK65V8pDVDEoSPottllAIs21CxLw3N1ObOZWJm2EfmR\n" +
"cuHICmsCgYAtFJ1idqMoHxES3mlRpf2JxyQudP3SCm2WpGmqVzhRYInqeatY5sUd\n" +
"lPLHm/p77RT7EyxQHTlwn8FJPuM/4ZH1rQd/vB+Y8qAtYJCexDMsbvLW+Js+VOvk\n" +
"jweEC0nrcL31j9mF0vz5E6tfRu4hhJ6L4yfWs0gSejskeVB/w8QY4g==\n")
for tpm in self.backEndList:
if tpm is self.backEndOsx:
# TODO: Implement TpmBackEndOsx import/export.
continue
keyName = Name("/Test/KeyName/KEY/1")
tpm.deleteKey(keyName)
self.assertEquals(False, tpm.hasKey(keyName))
privateKey = TpmPrivateKey()
privateKeyPkcs1Encoding = Blob(base64.b64decode(privateKeyPkcs1Base64))
privateKey.loadPkcs1(privateKeyPkcs1Encoding.buf())
password = Blob("password").toBytes()
encryptedPkcs8 = privateKey.toEncryptedPkcs8(password)
tpm.importKey(keyName, encryptedPkcs8.buf(), password)
self.assertEquals(True, tpm.hasKey(keyName))
try:
# Can't import the same keyName again.
tpm.importKey(keyName, encryptedPkcs8.buf(), password)
self.fail("Did not throw the expected exception")
except TpmBackEnd.Error:
pass
else:
self.fail("Did not throw the expected exception")
exportedKey = tpm.exportKey(keyName, password)
self.assertEquals(True, tpm.hasKey(keyName))
privateKey2 = TpmPrivateKey()
privateKey2.loadEncryptedPkcs8(exportedKey.buf(), password)
privateKey2Pkcs1Encoding = privateKey2.toPkcs1()
self.assertTrue(privateKeyPkcs1Encoding.equals(privateKey2Pkcs1Encoding))
tpm.deleteKey(keyName)
self.assertEquals(False, tpm.hasKey(keyName))
try:
tpm.exportKey(keyName, password)
self.fail("Did not throw the expected exception")
except TpmBackEnd.Error:
pass
else:
self.fail("Did not throw the expected exception")
def test_import_export(self):
privateKeyPkcs1Base64 = (
"MIIEpAIBAAKCAQEAw0WM1/WhAxyLtEqsiAJgWDZWuzkYpeYVdeeZcqRZzzfRgBQT\n" +
"sNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobws3iigohnM9yTK+KKiayPhIAm/+5H\n" +
"GT6SgFJhYhqo1/upWdueojil6RP4/AgavHhopxlAVbk6G9VdVnlQcQ5Zv0OcGi73\n" +
"c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9gZwIL5PuE9BiO6I39cL9z7EK1SfZh\n" +
"OWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA9rH58ynaAix0tcR/nBMRLUX+e3rU\n" +
"RHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0ywIDAQABAoIBADQkckOIl4IZMUTn\n" +
"W8LFv6xOdkJwMKC8G6bsPRFbyY+HvC2TLt7epSvfS+f4AcYWaOPcDu2E49vt2sNr\n" +
"cASly8hgwiRRAB3dHH9vcsboiTo8bi2RFvMqvjv9w3tK2yMxVDtmZamzrrnaV3YV\n" +
"Q+5nyKo2F/PMDjQ4eUAKDOzjhBuKHsZBTFnA1MFNI+UKj5X4Yp64DFmKlxTX/U2b\n" +
"wzVywo5hzx2Uhw51jmoLls4YUvMJXD0wW5ZtYRuPogXvXb/of9ef/20/wU11WFKg\n" +
"Xb4gfR8zUXaXS1sXcnVm3+24vIs9dApUwykuoyjOqxWqcHRec2QT2FxVGkFEraze\n" +
"CPa4rMECgYEA5Y8CywomIcTgerFGFCeMHJr8nQGqY2V/owFb3k9maczPnC9p4a9R\n" +
"c5szLxA9FMYFxurQZMBWSEG2JS1HR2mnjigx8UKjYML/A+rvvjZOMe4M6Sy2ggh4\n" +
"SkLZKpWTzjTe07ByM/j5v/SjNZhWAG7sw4/LmPGRQkwJv+KZhGojuOkCgYEA2cOF\n" +
"T6cJRv6kvzTz9S0COZOVm+euJh/BXp7oAsAmbNfOpckPMzqHXy8/wpdKl6AAcB57\n" +
"OuztlNfV1D7qvbz7JuRlYwQ0cEfBgbZPcz1p18HHDXhwn57ZPb8G33Yh9Omg0HNA\n" +
"Imb4LsVuSqxA6NwSj7cpRekgTedrhLFPJ+Ydb5MCgYEAsM3Q7OjILcIg0t6uht9e\n" +
"vrlwTsz1mtCV2co2I6crzdj9HeI2vqf1KAElDt6G7PUHhglcr/yjd8uEqmWRPKNX\n" +
"ddnnfVZB10jYeP/93pac6z/Zmc3iU4yKeUe7U10ZFf0KkiiYDQd59CpLef/2XScS\n" +
"HB0oRofnxRQjfjLc4muNT+ECgYEAlcDk06MOOTly+F8lCc1bA1dgAmgwFd2usDBd\n" +
"Y07a3e0HGnGLN3Kfl7C5i0tZq64HvxLnMd2vgLVxQlXGPpdQrC1TH+XLXg+qnlZO\n" +
"ivSH7i0/gx75bHvj75eH1XK65V8pDVDEoSPottllAIs21CxLw3N1ObOZWJm2EfmR\n" +
"cuHICmsCgYAtFJ1idqMoHxES3mlRpf2JxyQudP3SCm2WpGmqVzhRYInqeatY5sUd\n" +
"lPLHm/p77RT7EyxQHTlwn8FJPuM/4ZH1rQd/vB+Y8qAtYJCexDMsbvLW+Js+VOvk\n" +
"jweEC0nrcL31j9mF0vz5E6tfRu4hhJ6L4yfWs0gSejskeVB/w8QY4g==\n")
for tpm in self.backEndList:
if tpm is self.backEndOsx:
# TODO: Implement TpmBackEndOsx import/export.
continue
keyName = Name("/Test/KeyName/KEY/1")
tpm.deleteKey(keyName)
self.assertEqual(False, tpm.hasKey(keyName))
privateKey = TpmPrivateKey()
privateKeyPkcs1Encoding = Blob(base64.b64decode(privateKeyPkcs1Base64))
privateKey.loadPkcs1(privateKeyPkcs1Encoding.buf())
password = Blob("password").toBytes()
encryptedPkcs8 = privateKey.toEncryptedPkcs8(password)
tpm.importKey(keyName, encryptedPkcs8.buf(), password)
self.assertEqual(True, tpm.hasKey(keyName))
try:
# Can't import the same keyName again.
tpm.importKey(keyName, encryptedPkcs8.buf(), password)
self.fail("Did not throw the expected exception")
except TpmBackEnd.Error:
pass
else:
self.fail("Did not throw the expected exception")
exportedKey = tpm.exportKey(keyName, password)
self.assertEqual(True, tpm.hasKey(keyName))
privateKey2 = TpmPrivateKey()
privateKey2.loadEncryptedPkcs8(exportedKey.buf(), password)
privateKey2Pkcs1Encoding = privateKey2.toPkcs1()
self.assertTrue(privateKeyPkcs1Encoding.equals(privateKey2Pkcs1Encoding))
tpm.deleteKey(keyName)
self.assertEqual(False, tpm.hasKey(keyName))
try:
tpm.exportKey(keyName, password)
self.fail("Did not throw the expected exception")
except TpmBackEnd.Error:
pass
else:
self.fail("Did not throw the expected exception")
