def _doImportKey(self, keyName, pkcs8, password): """ A protected method to import an encoded private key with name keyName in PKCS #8 format, possibly password-encrypted. :param Name keyName: The name of the key to use in the TPM. :param pkcs8: The input byte buffer. If the password is supplied, this is a PKCS #8 EncryptedPrivateKeyInfo. If the password is none, this is an unencrypted PKCS #8 PrivateKeyInfo. :type pkcs8: an array which implements the buffer protocol :param password: The password for decrypting the private key, which should have characters in the range of 1 to 127. If the password is supplied, use it to decrypt the PKCS #8 EncryptedPrivateKeyInfo. If the password is None, import an unencrypted PKCS #8 PrivateKeyInfo. :type password: an array which implements the buffer protocol :raises TpmBackEnd.Error: For an error importing the key. """ try: key = TpmPrivateKey() if password != None: key.loadEncryptedPkcs8(pkcs8, password) else: key.loadPkcs8(pkcs8) # Copy the Name. self._keys[Name(keyName)] = key except TpmPrivateKey.Error as ex: raise TpmBackEnd.Error("Cannot import private key: " + str(ex))
def test_save_load(self): for dataSet in self.keyTestData: # Load the key in PKCS #1 format. pkcs1 = base64.b64decode(dataSet.privateKeyPkcs1) key1 = TpmPrivateKey() key1.loadPkcs1(pkcs1) # Save the key in PKCS #1 format. savedPkcs1Key = key1.toPkcs1() self.assertTrue(savedPkcs1Key.equals(Blob(pkcs1))) # Load the key in unencrypted PKCS #8 format. pkcs8 = base64.b64decode(dataSet.privateKeyPkcs8Unencrypted) key8 = TpmPrivateKey() key8.loadPkcs8(pkcs8) # Save the key in unencrypted PKCS #8 format. savedPkcs8Key = key8.toPkcs8() self.assertTrue(savedPkcs8Key.equals(Blob(pkcs8))) password = Blob("password").toBytes() # Load the key in encrypted PKCS #8 format. encryptedPkcs8 = base64.b64decode(dataSet.privateKeyPkcs8) encryptedKey8 = TpmPrivateKey() encryptedKey8.loadEncryptedPkcs8(encryptedPkcs8, password) # Save the key in encrypted PKCS #8 format and resave as unencrypted. savedEncryptedPkcs8Key = encryptedKey8.toEncryptedPkcs8(password) key8 = TpmPrivateKey() key8.loadEncryptedPkcs8(savedEncryptedPkcs8Key, password) resavedPkcs8Key = key8.toPkcs8() self.assertTrue(resavedPkcs8Key.equals(Blob(pkcs8)))
def test_save_load(self): for dataSet in self.keyTestData: # Load the key in PKCS #1 format. pkcs1 = base64.b64decode(dataSet.privateKeyPkcs1) key1 = TpmPrivateKey() key1.loadPkcs1(pkcs1) # Save the key in PKCS #1 format. savedPkcs1Key = key1.toPkcs1() self.assertTrue(savedPkcs1Key.equals(Blob(pkcs1))) # Load the key in unencrypted PKCS #8 format. pkcs8 = base64.b64decode(dataSet.privateKeyPkcs8Unencrypted) key8 = TpmPrivateKey() key8.loadPkcs8(pkcs8) # Save the key in unencrypted PKCS #8 format. savedPkcs8Key = key8.toPkcs8() self.assertTrue(savedPkcs8Key.equals(Blob(pkcs8))) password = Blob("password").toBytes() # Load the key in encrypted PKCS #8 format. encryptedPkcs8 = base64.b64decode(dataSet.privateKeyPkcs8) encryptedKey8 = TpmPrivateKey() encryptedKey8.loadEncryptedPkcs8(encryptedPkcs8, password) # Save the key in encrypted PKCS #8 format and resave as unencrypted. savedEncryptedPkcs8Key = encryptedKey8.toEncryptedPkcs8(password) key8 = TpmPrivateKey() key8.loadEncryptedPkcs8(savedEncryptedPkcs8Key, password) resavedPkcs8Key = key8.toPkcs8() self.assertTrue(resavedPkcs8Key.equals(Blob(pkcs8)))
def _doImportKey(self, keyName, pkcs8, password): """ A protected method to import an encoded private key with name keyName in PKCS #8 format, possibly password-encrypted. :param Name keyName: The name of the key to use in the TPM. :param pkcs8: The input byte buffer. If the password is supplied, this is a PKCS #8 EncryptedPrivateKeyInfo. If the password is none, this is an unencrypted PKCS #8 PrivateKeyInfo. :type pkcs8: an array which implements the buffer protocol :param password: The password for decrypting the private key, which should have characters in the range of 1 to 127. If the password is supplied, use it to decrypt the PKCS #8 EncryptedPrivateKeyInfo. If the password is None, import an unencrypted PKCS #8 PrivateKeyInfo. :type password: an array which implements the buffer protocol :raises TpmBackEnd.Error: For an error importing the key. """ try: key = TpmPrivateKey() if password != None: key.loadEncryptedPkcs8(pkcs8, password) else: key.loadPkcs8(pkcs8) except TpmPrivateKey.Error as ex: raise TpmBackEnd.Error("Cannot import private key: " + str(ex)) self._saveKey(keyName, key)
def test_import_export(self): privateKeyPkcs1Base64 = ( "MIIEpAIBAAKCAQEAw0WM1/WhAxyLtEqsiAJgWDZWuzkYpeYVdeeZcqRZzzfRgBQT\n" + "sNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobws3iigohnM9yTK+KKiayPhIAm/+5H\n" + "GT6SgFJhYhqo1/upWdueojil6RP4/AgavHhopxlAVbk6G9VdVnlQcQ5Zv0OcGi73\n" + "c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9gZwIL5PuE9BiO6I39cL9z7EK1SfZh\n" + "OWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA9rH58ynaAix0tcR/nBMRLUX+e3rU\n" + "RHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0ywIDAQABAoIBADQkckOIl4IZMUTn\n" + "W8LFv6xOdkJwMKC8G6bsPRFbyY+HvC2TLt7epSvfS+f4AcYWaOPcDu2E49vt2sNr\n" + "cASly8hgwiRRAB3dHH9vcsboiTo8bi2RFvMqvjv9w3tK2yMxVDtmZamzrrnaV3YV\n" + "Q+5nyKo2F/PMDjQ4eUAKDOzjhBuKHsZBTFnA1MFNI+UKj5X4Yp64DFmKlxTX/U2b\n" + "wzVywo5hzx2Uhw51jmoLls4YUvMJXD0wW5ZtYRuPogXvXb/of9ef/20/wU11WFKg\n" + "Xb4gfR8zUXaXS1sXcnVm3+24vIs9dApUwykuoyjOqxWqcHRec2QT2FxVGkFEraze\n" + "CPa4rMECgYEA5Y8CywomIcTgerFGFCeMHJr8nQGqY2V/owFb3k9maczPnC9p4a9R\n" + "c5szLxA9FMYFxurQZMBWSEG2JS1HR2mnjigx8UKjYML/A+rvvjZOMe4M6Sy2ggh4\n" + "SkLZKpWTzjTe07ByM/j5v/SjNZhWAG7sw4/LmPGRQkwJv+KZhGojuOkCgYEA2cOF\n" + "T6cJRv6kvzTz9S0COZOVm+euJh/BXp7oAsAmbNfOpckPMzqHXy8/wpdKl6AAcB57\n" + "OuztlNfV1D7qvbz7JuRlYwQ0cEfBgbZPcz1p18HHDXhwn57ZPb8G33Yh9Omg0HNA\n" + "Imb4LsVuSqxA6NwSj7cpRekgTedrhLFPJ+Ydb5MCgYEAsM3Q7OjILcIg0t6uht9e\n" + "vrlwTsz1mtCV2co2I6crzdj9HeI2vqf1KAElDt6G7PUHhglcr/yjd8uEqmWRPKNX\n" + "ddnnfVZB10jYeP/93pac6z/Zmc3iU4yKeUe7U10ZFf0KkiiYDQd59CpLef/2XScS\n" + "HB0oRofnxRQjfjLc4muNT+ECgYEAlcDk06MOOTly+F8lCc1bA1dgAmgwFd2usDBd\n" + "Y07a3e0HGnGLN3Kfl7C5i0tZq64HvxLnMd2vgLVxQlXGPpdQrC1TH+XLXg+qnlZO\n" + "ivSH7i0/gx75bHvj75eH1XK65V8pDVDEoSPottllAIs21CxLw3N1ObOZWJm2EfmR\n" + "cuHICmsCgYAtFJ1idqMoHxES3mlRpf2JxyQudP3SCm2WpGmqVzhRYInqeatY5sUd\n" + "lPLHm/p77RT7EyxQHTlwn8FJPuM/4ZH1rQd/vB+Y8qAtYJCexDMsbvLW+Js+VOvk\n" + "jweEC0nrcL31j9mF0vz5E6tfRu4hhJ6L4yfWs0gSejskeVB/w8QY4g==\n") for tpm in self.backEndList: if tpm is self.backEndOsx: # TODO: Implement TpmBackEndOsx import/export. continue keyName = Name("/Test/KeyName/KEY/1") tpm.deleteKey(keyName) self.assertEquals(False, tpm.hasKey(keyName)) privateKey = TpmPrivateKey() privateKeyPkcs1Encoding = Blob(base64.b64decode(privateKeyPkcs1Base64)) privateKey.loadPkcs1(privateKeyPkcs1Encoding.buf()) password = Blob("password").toBytes() encryptedPkcs8 = privateKey.toEncryptedPkcs8(password) tpm.importKey(keyName, encryptedPkcs8.buf(), password) self.assertEquals(True, tpm.hasKey(keyName)) try: # Can't import the same keyName again. tpm.importKey(keyName, encryptedPkcs8.buf(), password) self.fail("Did not throw the expected exception") except TpmBackEnd.Error: pass else: self.fail("Did not throw the expected exception") exportedKey = tpm.exportKey(keyName, password) self.assertEquals(True, tpm.hasKey(keyName)) privateKey2 = TpmPrivateKey() privateKey2.loadEncryptedPkcs8(exportedKey.buf(), password) privateKey2Pkcs1Encoding = privateKey2.toPkcs1() self.assertTrue(privateKeyPkcs1Encoding.equals(privateKey2Pkcs1Encoding)) tpm.deleteKey(keyName) self.assertEquals(False, tpm.hasKey(keyName)) try: tpm.exportKey(keyName, password) self.fail("Did not throw the expected exception") except TpmBackEnd.Error: pass else: self.fail("Did not throw the expected exception")
def test_import_export(self): privateKeyPkcs1Base64 = ( "MIIEpAIBAAKCAQEAw0WM1/WhAxyLtEqsiAJgWDZWuzkYpeYVdeeZcqRZzzfRgBQT\n" + "sNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobws3iigohnM9yTK+KKiayPhIAm/+5H\n" + "GT6SgFJhYhqo1/upWdueojil6RP4/AgavHhopxlAVbk6G9VdVnlQcQ5Zv0OcGi73\n" + "c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9gZwIL5PuE9BiO6I39cL9z7EK1SfZh\n" + "OWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA9rH58ynaAix0tcR/nBMRLUX+e3rU\n" + "RHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0ywIDAQABAoIBADQkckOIl4IZMUTn\n" + "W8LFv6xOdkJwMKC8G6bsPRFbyY+HvC2TLt7epSvfS+f4AcYWaOPcDu2E49vt2sNr\n" + "cASly8hgwiRRAB3dHH9vcsboiTo8bi2RFvMqvjv9w3tK2yMxVDtmZamzrrnaV3YV\n" + "Q+5nyKo2F/PMDjQ4eUAKDOzjhBuKHsZBTFnA1MFNI+UKj5X4Yp64DFmKlxTX/U2b\n" + "wzVywo5hzx2Uhw51jmoLls4YUvMJXD0wW5ZtYRuPogXvXb/of9ef/20/wU11WFKg\n" + "Xb4gfR8zUXaXS1sXcnVm3+24vIs9dApUwykuoyjOqxWqcHRec2QT2FxVGkFEraze\n" + "CPa4rMECgYEA5Y8CywomIcTgerFGFCeMHJr8nQGqY2V/owFb3k9maczPnC9p4a9R\n" + "c5szLxA9FMYFxurQZMBWSEG2JS1HR2mnjigx8UKjYML/A+rvvjZOMe4M6Sy2ggh4\n" + "SkLZKpWTzjTe07ByM/j5v/SjNZhWAG7sw4/LmPGRQkwJv+KZhGojuOkCgYEA2cOF\n" + "T6cJRv6kvzTz9S0COZOVm+euJh/BXp7oAsAmbNfOpckPMzqHXy8/wpdKl6AAcB57\n" + "OuztlNfV1D7qvbz7JuRlYwQ0cEfBgbZPcz1p18HHDXhwn57ZPb8G33Yh9Omg0HNA\n" + "Imb4LsVuSqxA6NwSj7cpRekgTedrhLFPJ+Ydb5MCgYEAsM3Q7OjILcIg0t6uht9e\n" + "vrlwTsz1mtCV2co2I6crzdj9HeI2vqf1KAElDt6G7PUHhglcr/yjd8uEqmWRPKNX\n" + "ddnnfVZB10jYeP/93pac6z/Zmc3iU4yKeUe7U10ZFf0KkiiYDQd59CpLef/2XScS\n" + "HB0oRofnxRQjfjLc4muNT+ECgYEAlcDk06MOOTly+F8lCc1bA1dgAmgwFd2usDBd\n" + "Y07a3e0HGnGLN3Kfl7C5i0tZq64HvxLnMd2vgLVxQlXGPpdQrC1TH+XLXg+qnlZO\n" + "ivSH7i0/gx75bHvj75eH1XK65V8pDVDEoSPottllAIs21CxLw3N1ObOZWJm2EfmR\n" + "cuHICmsCgYAtFJ1idqMoHxES3mlRpf2JxyQudP3SCm2WpGmqVzhRYInqeatY5sUd\n" + "lPLHm/p77RT7EyxQHTlwn8FJPuM/4ZH1rQd/vB+Y8qAtYJCexDMsbvLW+Js+VOvk\n" + "jweEC0nrcL31j9mF0vz5E6tfRu4hhJ6L4yfWs0gSejskeVB/w8QY4g==\n") for tpm in self.backEndList: if tpm is self.backEndOsx: # TODO: Implement TpmBackEndOsx import/export. continue keyName = Name("/Test/KeyName/KEY/1") tpm.deleteKey(keyName) self.assertEqual(False, tpm.hasKey(keyName)) privateKey = TpmPrivateKey() privateKeyPkcs1Encoding = Blob(base64.b64decode(privateKeyPkcs1Base64)) privateKey.loadPkcs1(privateKeyPkcs1Encoding.buf()) password = Blob("password").toBytes() encryptedPkcs8 = privateKey.toEncryptedPkcs8(password) tpm.importKey(keyName, encryptedPkcs8.buf(), password) self.assertEqual(True, tpm.hasKey(keyName)) try: # Can't import the same keyName again. tpm.importKey(keyName, encryptedPkcs8.buf(), password) self.fail("Did not throw the expected exception") except TpmBackEnd.Error: pass else: self.fail("Did not throw the expected exception") exportedKey = tpm.exportKey(keyName, password) self.assertEqual(True, tpm.hasKey(keyName)) privateKey2 = TpmPrivateKey() privateKey2.loadEncryptedPkcs8(exportedKey.buf(), password) privateKey2Pkcs1Encoding = privateKey2.toPkcs1() self.assertTrue(privateKeyPkcs1Encoding.equals(privateKey2Pkcs1Encoding)) tpm.deleteKey(keyName) self.assertEqual(False, tpm.hasKey(keyName)) try: tpm.exportKey(keyName, password) self.fail("Did not throw the expected exception") except TpmBackEnd.Error: pass else: self.fail("Did not throw the expected exception")