def _loadKey(self, keyName): """ Load the private key with name keyName from the key file directory. :param Name keyName: The name of the key. :return: The key loaded into a TpmPrivateKey. :rtype: TpmPrivateKey """ key = TpmPrivateKey() base64Content = None try: with open(self._toFilePath(keyName)) as keyFile: base64Content = keyFile.read() except Exception as ex: raise TpmBackEndFile.Error("Error reading private key file: " + str(ex)) pkcs = base64.b64decode(base64Content) try: key.loadPkcs1(pkcs, None) except Exception as ex: raise TpmBackEndFile.Error("Error decoding private key file: " + str(ex)) return key
def test_save_load(self): for dataSet in self.keyTestData: # Load the key in PKCS #1 format. pkcs1 = base64.b64decode(dataSet.privateKeyPkcs1) key1 = TpmPrivateKey() key1.loadPkcs1(pkcs1) # Save the key in PKCS #1 format. savedPkcs1Key = key1.toPkcs1() self.assertTrue(savedPkcs1Key.equals(Blob(pkcs1))) # Load the key in unencrypted PKCS #8 format. pkcs8 = base64.b64decode(dataSet.privateKeyPkcs8Unencrypted) key8 = TpmPrivateKey() key8.loadPkcs8(pkcs8) # Save the key in unencrypted PKCS #8 format. savedPkcs8Key = key8.toPkcs8() self.assertTrue(savedPkcs8Key.equals(Blob(pkcs8))) password = Blob("password").toBytes() # Load the key in encrypted PKCS #8 format. encryptedPkcs8 = base64.b64decode(dataSet.privateKeyPkcs8) encryptedKey8 = TpmPrivateKey() encryptedKey8.loadEncryptedPkcs8(encryptedPkcs8, password) # Save the key in encrypted PKCS #8 format and resave as unencrypted. savedEncryptedPkcs8Key = encryptedKey8.toEncryptedPkcs8(password) key8 = TpmPrivateKey() key8.loadEncryptedPkcs8(savedEncryptedPkcs8Key, password) resavedPkcs8Key = key8.toPkcs8() self.assertTrue(resavedPkcs8Key.equals(Blob(pkcs8)))
def derivePublicKey(key): """ Use the macOS Keychain key to derive the public key. :param c_void_p key: The macOS Keychain private key. :return: The public key encoding Blob. :rtype: Blob """ osx = Osx.get() exportedKey = None try: exportedKey = c_void_p() res = osx._security.SecItemExport(key, osx._kSecFormatOpenSSL, 0, None, pointer(exportedKey)) if res != None: # TODO: check for errSecAuthFailed raise TpmBackEndOsx.Error("Failed to export the private key") privateKey = TpmPrivateKey() privateKey.loadPkcs1(TpmBackEndOsx._CFDataToBlob(exportedKey)) return privateKey.derivePublicKey() finally: if exportedKey != None: cf.CFRelease(exportedKey)
def test_save_load(self): for dataSet in self.keyTestData: # Load the key in PKCS #1 format. pkcs1 = base64.b64decode(dataSet.privateKeyPkcs1) key1 = TpmPrivateKey() key1.loadPkcs1(pkcs1) # Save the key in PKCS #1 format. savedPkcs1Key = key1.toPkcs1() self.assertTrue(savedPkcs1Key.equals(Blob(pkcs1))) # Load the key in unencrypted PKCS #8 format. pkcs8 = base64.b64decode(dataSet.privateKeyPkcs8Unencrypted) key8 = TpmPrivateKey() key8.loadPkcs8(pkcs8) # Save the key in unencrypted PKCS #8 format. savedPkcs8Key = key8.toPkcs8() self.assertTrue(savedPkcs8Key.equals(Blob(pkcs8))) password = Blob("password").toBytes() # Load the key in encrypted PKCS #8 format. encryptedPkcs8 = base64.b64decode(dataSet.privateKeyPkcs8) encryptedKey8 = TpmPrivateKey() encryptedKey8.loadEncryptedPkcs8(encryptedPkcs8, password) # Save the key in encrypted PKCS #8 format and resave as unencrypted. savedEncryptedPkcs8Key = encryptedKey8.toEncryptedPkcs8(password) key8 = TpmPrivateKey() key8.loadEncryptedPkcs8(savedEncryptedPkcs8Key, password) resavedPkcs8Key = key8.toPkcs8() self.assertTrue(resavedPkcs8Key.equals(Blob(pkcs8)))
def _loadKey(self, keyName): """ Load the private key with name keyName from the key file directory. :param Name keyName: The name of the key. :return: The key loaded into a TpmPrivateKey. :rtype: TpmPrivateKey """ key = TpmPrivateKey() base64Content = None try: with open(self._toFilePath(keyName)) as keyFile: base64Content = keyFile.read() except Exception as ex: raise TpmBackEndFile.Error( "Error reading private key file: " + str(ex)) pkcs = base64.b64decode(base64Content) try: key.loadPkcs1(pkcs, None) except Exception as ex: raise TpmBackEndFile.Error( "Error decoding private key file: " + str(ex)) return key
def derivePublicKey(key): """ Use the macOS Keychain key to derive the public key. :param c_void_p key: The macOS Keychain private key. :return: The public key encoding Blob. :rtype: Blob """ osx = Osx.get() exportedKey = None try: exportedKey = c_void_p() res = osx._security.SecItemExport( key, osx._kSecFormatOpenSSL, 0, None, pointer(exportedKey)) if res != None: # TODO: check for errSecAuthFailed raise TpmBackEndOsx.Error( "Failed to export the private key") privateKey = TpmPrivateKey() privateKey.loadPkcs1(TpmBackEndOsx._CFDataToBlob(exportedKey)) return privateKey.derivePublicKey() finally: if exportedKey != None: cf.CFRelease(exportedKey)
def test_save_load(self): for dataSet in self.keyTestData: # Load the key in PKCS #1 format. pkcs1 = base64.b64decode(dataSet.privateKeyPkcs1) key1 = TpmPrivateKey() key1.loadPkcs1(pkcs1) # Save the key in PKCS #1 format. savedPkcs1Key = key1.toPkcs1() self.assertTrue(savedPkcs1Key.equals(Blob(pkcs1))) pkcs8 = base64.b64decode(dataSet.privateKeyPkcs8Unencrypted) key8 = TpmPrivateKey() key8.loadPkcs8(pkcs8) # Save the key in PKCS #8 format. savedPkcs8Key = key8.toPkcs8() self.assertTrue(savedPkcs8Key.equals(Blob(pkcs8)))
def test_import_export(self): privateKeyPkcs1Base64 = ( "MIIEpAIBAAKCAQEAw0WM1/WhAxyLtEqsiAJgWDZWuzkYpeYVdeeZcqRZzzfRgBQT\n" + "sNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobws3iigohnM9yTK+KKiayPhIAm/+5H\n" + "GT6SgFJhYhqo1/upWdueojil6RP4/AgavHhopxlAVbk6G9VdVnlQcQ5Zv0OcGi73\n" + "c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9gZwIL5PuE9BiO6I39cL9z7EK1SfZh\n" + "OWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA9rH58ynaAix0tcR/nBMRLUX+e3rU\n" + "RHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0ywIDAQABAoIBADQkckOIl4IZMUTn\n" + "W8LFv6xOdkJwMKC8G6bsPRFbyY+HvC2TLt7epSvfS+f4AcYWaOPcDu2E49vt2sNr\n" + "cASly8hgwiRRAB3dHH9vcsboiTo8bi2RFvMqvjv9w3tK2yMxVDtmZamzrrnaV3YV\n" + "Q+5nyKo2F/PMDjQ4eUAKDOzjhBuKHsZBTFnA1MFNI+UKj5X4Yp64DFmKlxTX/U2b\n" + "wzVywo5hzx2Uhw51jmoLls4YUvMJXD0wW5ZtYRuPogXvXb/of9ef/20/wU11WFKg\n" + "Xb4gfR8zUXaXS1sXcnVm3+24vIs9dApUwykuoyjOqxWqcHRec2QT2FxVGkFEraze\n" + "CPa4rMECgYEA5Y8CywomIcTgerFGFCeMHJr8nQGqY2V/owFb3k9maczPnC9p4a9R\n" + "c5szLxA9FMYFxurQZMBWSEG2JS1HR2mnjigx8UKjYML/A+rvvjZOMe4M6Sy2ggh4\n" + "SkLZKpWTzjTe07ByM/j5v/SjNZhWAG7sw4/LmPGRQkwJv+KZhGojuOkCgYEA2cOF\n" + "T6cJRv6kvzTz9S0COZOVm+euJh/BXp7oAsAmbNfOpckPMzqHXy8/wpdKl6AAcB57\n" + "OuztlNfV1D7qvbz7JuRlYwQ0cEfBgbZPcz1p18HHDXhwn57ZPb8G33Yh9Omg0HNA\n" + "Imb4LsVuSqxA6NwSj7cpRekgTedrhLFPJ+Ydb5MCgYEAsM3Q7OjILcIg0t6uht9e\n" + "vrlwTsz1mtCV2co2I6crzdj9HeI2vqf1KAElDt6G7PUHhglcr/yjd8uEqmWRPKNX\n" + "ddnnfVZB10jYeP/93pac6z/Zmc3iU4yKeUe7U10ZFf0KkiiYDQd59CpLef/2XScS\n" + "HB0oRofnxRQjfjLc4muNT+ECgYEAlcDk06MOOTly+F8lCc1bA1dgAmgwFd2usDBd\n" + "Y07a3e0HGnGLN3Kfl7C5i0tZq64HvxLnMd2vgLVxQlXGPpdQrC1TH+XLXg+qnlZO\n" + "ivSH7i0/gx75bHvj75eH1XK65V8pDVDEoSPottllAIs21CxLw3N1ObOZWJm2EfmR\n" + "cuHICmsCgYAtFJ1idqMoHxES3mlRpf2JxyQudP3SCm2WpGmqVzhRYInqeatY5sUd\n" + "lPLHm/p77RT7EyxQHTlwn8FJPuM/4ZH1rQd/vB+Y8qAtYJCexDMsbvLW+Js+VOvk\n" + "jweEC0nrcL31j9mF0vz5E6tfRu4hhJ6L4yfWs0gSejskeVB/w8QY4g==\n") for tpm in self.backEndList: if tpm is self.backEndOsx: # TODO: Implement TpmBackEndOsx import/export. continue keyName = Name("/Test/KeyName/KEY/1") tpm.deleteKey(keyName) self.assertEquals(False, tpm.hasKey(keyName)) privateKey = TpmPrivateKey() privateKeyPkcs1Encoding = Blob(base64.b64decode(privateKeyPkcs1Base64)) privateKey.loadPkcs1(privateKeyPkcs1Encoding.buf()) password = Blob("password").toBytes() encryptedPkcs8 = privateKey.toEncryptedPkcs8(password) tpm.importKey(keyName, encryptedPkcs8.buf(), password) self.assertEquals(True, tpm.hasKey(keyName)) try: # Can't import the same keyName again. tpm.importKey(keyName, encryptedPkcs8.buf(), password) self.fail("Did not throw the expected exception") except TpmBackEnd.Error: pass else: self.fail("Did not throw the expected exception") exportedKey = tpm.exportKey(keyName, password) self.assertEquals(True, tpm.hasKey(keyName)) privateKey2 = TpmPrivateKey() privateKey2.loadEncryptedPkcs8(exportedKey.buf(), password) privateKey2Pkcs1Encoding = privateKey2.toPkcs1() self.assertTrue(privateKeyPkcs1Encoding.equals(privateKey2Pkcs1Encoding)) tpm.deleteKey(keyName) self.assertEquals(False, tpm.hasKey(keyName)) try: tpm.exportKey(keyName, password) self.fail("Did not throw the expected exception") except TpmBackEnd.Error: pass else: self.fail("Did not throw the expected exception")
def test_import_export(self): privateKeyPkcs1Base64 = ( "MIIEpAIBAAKCAQEAw0WM1/WhAxyLtEqsiAJgWDZWuzkYpeYVdeeZcqRZzzfRgBQT\n" + "sNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobws3iigohnM9yTK+KKiayPhIAm/+5H\n" + "GT6SgFJhYhqo1/upWdueojil6RP4/AgavHhopxlAVbk6G9VdVnlQcQ5Zv0OcGi73\n" + "c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9gZwIL5PuE9BiO6I39cL9z7EK1SfZh\n" + "OWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA9rH58ynaAix0tcR/nBMRLUX+e3rU\n" + "RHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0ywIDAQABAoIBADQkckOIl4IZMUTn\n" + "W8LFv6xOdkJwMKC8G6bsPRFbyY+HvC2TLt7epSvfS+f4AcYWaOPcDu2E49vt2sNr\n" + "cASly8hgwiRRAB3dHH9vcsboiTo8bi2RFvMqvjv9w3tK2yMxVDtmZamzrrnaV3YV\n" + "Q+5nyKo2F/PMDjQ4eUAKDOzjhBuKHsZBTFnA1MFNI+UKj5X4Yp64DFmKlxTX/U2b\n" + "wzVywo5hzx2Uhw51jmoLls4YUvMJXD0wW5ZtYRuPogXvXb/of9ef/20/wU11WFKg\n" + "Xb4gfR8zUXaXS1sXcnVm3+24vIs9dApUwykuoyjOqxWqcHRec2QT2FxVGkFEraze\n" + "CPa4rMECgYEA5Y8CywomIcTgerFGFCeMHJr8nQGqY2V/owFb3k9maczPnC9p4a9R\n" + "c5szLxA9FMYFxurQZMBWSEG2JS1HR2mnjigx8UKjYML/A+rvvjZOMe4M6Sy2ggh4\n" + "SkLZKpWTzjTe07ByM/j5v/SjNZhWAG7sw4/LmPGRQkwJv+KZhGojuOkCgYEA2cOF\n" + "T6cJRv6kvzTz9S0COZOVm+euJh/BXp7oAsAmbNfOpckPMzqHXy8/wpdKl6AAcB57\n" + "OuztlNfV1D7qvbz7JuRlYwQ0cEfBgbZPcz1p18HHDXhwn57ZPb8G33Yh9Omg0HNA\n" + "Imb4LsVuSqxA6NwSj7cpRekgTedrhLFPJ+Ydb5MCgYEAsM3Q7OjILcIg0t6uht9e\n" + "vrlwTsz1mtCV2co2I6crzdj9HeI2vqf1KAElDt6G7PUHhglcr/yjd8uEqmWRPKNX\n" + "ddnnfVZB10jYeP/93pac6z/Zmc3iU4yKeUe7U10ZFf0KkiiYDQd59CpLef/2XScS\n" + "HB0oRofnxRQjfjLc4muNT+ECgYEAlcDk06MOOTly+F8lCc1bA1dgAmgwFd2usDBd\n" + "Y07a3e0HGnGLN3Kfl7C5i0tZq64HvxLnMd2vgLVxQlXGPpdQrC1TH+XLXg+qnlZO\n" + "ivSH7i0/gx75bHvj75eH1XK65V8pDVDEoSPottllAIs21CxLw3N1ObOZWJm2EfmR\n" + "cuHICmsCgYAtFJ1idqMoHxES3mlRpf2JxyQudP3SCm2WpGmqVzhRYInqeatY5sUd\n" + "lPLHm/p77RT7EyxQHTlwn8FJPuM/4ZH1rQd/vB+Y8qAtYJCexDMsbvLW+Js+VOvk\n" + "jweEC0nrcL31j9mF0vz5E6tfRu4hhJ6L4yfWs0gSejskeVB/w8QY4g==\n") for tpm in self.backEndList: if tpm is self.backEndOsx: # TODO: Implement TpmBackEndOsx import/export. continue keyName = Name("/Test/KeyName/KEY/1") tpm.deleteKey(keyName) self.assertEqual(False, tpm.hasKey(keyName)) privateKey = TpmPrivateKey() privateKeyPkcs1Encoding = Blob(base64.b64decode(privateKeyPkcs1Base64)) privateKey.loadPkcs1(privateKeyPkcs1Encoding.buf()) password = Blob("password").toBytes() encryptedPkcs8 = privateKey.toEncryptedPkcs8(password) tpm.importKey(keyName, encryptedPkcs8.buf(), password) self.assertEqual(True, tpm.hasKey(keyName)) try: # Can't import the same keyName again. tpm.importKey(keyName, encryptedPkcs8.buf(), password) self.fail("Did not throw the expected exception") except TpmBackEnd.Error: pass else: self.fail("Did not throw the expected exception") exportedKey = tpm.exportKey(keyName, password) self.assertEqual(True, tpm.hasKey(keyName)) privateKey2 = TpmPrivateKey() privateKey2.loadEncryptedPkcs8(exportedKey.buf(), password) privateKey2Pkcs1Encoding = privateKey2.toPkcs1() self.assertTrue(privateKeyPkcs1Encoding.equals(privateKey2Pkcs1Encoding)) tpm.deleteKey(keyName) self.assertEqual(False, tpm.hasKey(keyName)) try: tpm.exportKey(keyName, password) self.fail("Did not throw the expected exception") except TpmBackEnd.Error: pass else: self.fail("Did not throw the expected exception")