def __init__(self, response_comms, private_key, pub_key_cache): self.private_key = private_key self.pub_key_cache = pub_key_cache # Decrypt the message private_key = self.private_key.GetPrivateKey() try: # The encrypted_cipher contains the session key, iv and hmac_key. self.encrypted_cipher = response_comms.encrypted_cipher # M2Crypto verifies the key on each private_decrypt call which is horribly # slow therefore we just call the swig wrapped method directly. self.serialized_cipher = m2.rsa_private_decrypt( private_key.rsa, response_comms.encrypted_cipher, self.e_padding) # If we get here we have the session keys. self.cipher = rdfvalue.CipherProperties(self.serialized_cipher) # Check the key lengths. if (len(self.cipher.key) != self.key_size / 8 or len(self.cipher.metadata_iv) != self.iv_size / 8): raise DecryptionError("Invalid cipher.") # Check the hmac key for sanity. self.VerifyHMAC(response_comms) # Cipher_metadata contains information about the cipher - It is encrypted # using the symmetric session key. It contains the RSA signature of the # digest of the serialized CipherProperties(). It is stored inside the # encrypted payload. self.cipher_metadata = rdfvalue.CipherMetadata( self.Decrypt(response_comms.encrypted_cipher_metadata, self.cipher.metadata_iv)) self.VerifyCipherSignature() except RSA.RSAError as e: raise DecryptionError(e)
def __init__(self, response_comms, private_key, pub_key_cache): self.private_key = private_key self.pub_key_cache = pub_key_cache # Decrypt the message private_key = self.private_key.GetPrivateKey() try: # The encrypted_cipher contains the session key, iv and hmac_key. self.encrypted_cipher = response_comms.encrypted_cipher # M2Crypto verifies the key on each private_decrypt call which is horribly # slow therefore we just call the swig wrapped method directly. self.serialized_cipher = m2.rsa_private_decrypt( private_key.rsa, response_comms.encrypted_cipher, self.e_padding ) # If we get here we have the session keys. self.cipher = rdfvalue.CipherProperties(self.serialized_cipher) # Check the key lengths. if len(self.cipher.key) != self.key_size / 8 or len(self.cipher.metadata_iv) != self.iv_size / 8: raise DecryptionError("Invalid cipher.") # Check the hmac key for sanity. self.VerifyHMAC(response_comms) # Cipher_metadata contains information about the cipher - It is encrypted # using the symmetric session key. It contains the RSA signature of the # digest of the serialized CipherProperties(). It is stored inside the # encrypted payload. self.cipher_metadata = rdfvalue.CipherMetadata( self.Decrypt(response_comms.encrypted_cipher_metadata, self.cipher.metadata_iv) ) self.VerifyCipherSignature() except RSA.RSAError as e: raise DecryptionError(e)
def __init__(self, response_comms, private_key, pub_key_cache): self.private_key = private_key self.pub_key_cache = pub_key_cache # Decrypt the message private_key = self.private_key.GetPrivateKey() try: self.encrypted_cipher = response_comms.encrypted_cipher # M2Crypto verifies the key on each private_decrypt call which is horribly # slow therefore we just call the swig wrapped method directly. self.serialized_cipher = m2.rsa_private_decrypt( private_key.rsa, response_comms.encrypted_cipher, self.e_padding) self.cipher = rdfvalue.CipherProperties(self.serialized_cipher) # Check the key lengths. if (len(self.cipher.key) != self.key_size / 8 or len(self.cipher.iv) != self.iv_size / 8): raise DecryptionError("Invalid cipher.") if response_comms.api_version >= 3: if len(self.cipher.hmac_key) != self.key_size / 8: raise DecryptionError("Invalid cipher.") # New version: cipher_metadata contains information about the cipher. # Decrypt the metadata symmetrically self.encrypted_cipher_metadata = ( response_comms.encrypted_cipher_metadata) self.cipher_metadata = rdfvalue.CipherMetadata(self.Decrypt( response_comms.encrypted_cipher_metadata, self.cipher.iv)) self.VerifyCipherSignature() else: # Old version: To be set once the message is verified. self.cipher_metadata = None except RSA.RSAError as e: raise DecryptionError(e)
def __init__(self, response_comms, private_key, pub_key_cache): self.private_key = private_key self.pub_key_cache = pub_key_cache # Decrypt the message private_key = self.private_key.GetPrivateKey() try: self.encrypted_cipher = response_comms.encrypted_cipher # M2Crypto verifies the key on each private_decrypt call which is horribly # slow therefore we just call the swig wrapped method directly. self.serialized_cipher = m2.rsa_private_decrypt( private_key.rsa, response_comms.encrypted_cipher, self.e_padding) self.cipher = rdfvalue.CipherProperties(self.serialized_cipher) # Check the key lengths. if (len(self.cipher.key) != self.key_size / 8 or len(self.cipher.iv) != self.iv_size / 8): raise DecryptionError("Invalid cipher.") if len(self.cipher.hmac_key) != self.key_size / 8: raise DecryptionError("Invalid cipher.") # Cipher_metadata contains information about the cipher - decrypt the # metadata symmetrically self.encrypted_cipher_metadata = ( response_comms.encrypted_cipher_metadata) self.cipher_metadata = rdfvalue.CipherMetadata( self.Decrypt(response_comms.encrypted_cipher_metadata, self.cipher.iv)) self.VerifyCipherSignature() except RSA.RSAError as e: raise DecryptionError(e)
def private_decrypt(self, data, padding): # type: (bytes, int) -> bytes assert self.check_key(), 'key is not initialised' return m2.rsa_private_decrypt(self.rsa, data, padding)
def private_decrypt(self, data, padding): assert self.check_key(), 'key is not initialised' return m2.rsa_private_decrypt(self.rsa, data, padding)