def load_rsa_private_numbers(self, numbers):
rsa._check_private_key_components(
numbers.p,
numbers.q,
numbers.d,
numbers.dmp1,
numbers.dmq1,
numbers.iqmp,
numbers.public_numbers.e,
numbers.public_numbers.n
)
rsa_cdata = self._lib.RSA_new()
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
rsa_cdata.p = self._int_to_bn(numbers.p)
rsa_cdata.q = self._int_to_bn(numbers.q)
rsa_cdata.d = self._int_to_bn(numbers.d)
rsa_cdata.dmp1 = self._int_to_bn(numbers.dmp1)
rsa_cdata.dmq1 = self._int_to_bn(numbers.dmq1)
rsa_cdata.iqmp = self._int_to_bn(numbers.iqmp)
rsa_cdata.e = self._int_to_bn(numbers.public_numbers.e)
rsa_cdata.n = self._int_to_bn(numbers.public_numbers.n)
res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL)
assert res == 1
return _RSAPrivateKey(self, rsa_cdata)
def _evp_pkey_to_private_key(self, evp_pkey):
"""
Return the appropriate type of PrivateKey given an evp_pkey cdata
pointer.
"""
type = evp_pkey.type
if type == self._lib.EVP_PKEY_RSA:
rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
return _RSAPrivateKey(self, rsa_cdata)
elif type == self._lib.EVP_PKEY_DSA:
dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
assert dsa_cdata != self._ffi.NULL
dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
return _DSAPrivateKey(self, dsa_cdata)
elif (self._lib.Cryptography_HAS_EC == 1 and
type == self._lib.EVP_PKEY_EC):
ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
assert ec_cdata != self._ffi.NULL
ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
return _EllipticCurvePrivateKey(self, ec_cdata)
else:
raise UnsupportedAlgorithm("Unsupported key type.")
def load_rsa_private_numbers(self, numbers):
rsa._check_private_key_components(
numbers.p,
numbers.q,
numbers.d,
numbers.dmp1,
numbers.dmq1,
numbers.iqmp,
numbers.public_numbers.e,
numbers.public_numbers.n
)
rsa_cdata = self._lib.RSA_new()
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
rsa_cdata.p = self._int_to_bn(numbers.p)
rsa_cdata.q = self._int_to_bn(numbers.q)
rsa_cdata.d = self._int_to_bn(numbers.d)
rsa_cdata.dmp1 = self._int_to_bn(numbers.dmp1)
rsa_cdata.dmq1 = self._int_to_bn(numbers.dmq1)
rsa_cdata.iqmp = self._int_to_bn(numbers.iqmp)
rsa_cdata.e = self._int_to_bn(numbers.public_numbers.e)
rsa_cdata.n = self._int_to_bn(numbers.public_numbers.n)
res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL)
assert res == 1
return _RSAPrivateKey(self, rsa_cdata)
def _evp_pkey_to_private_key(self, evp_pkey):
"""
Return the appropriate type of PrivateKey given an evp_pkey cdata
pointer.
"""
key_type = evp_pkey.type
if key_type == self._lib.EVP_PKEY_RSA:
rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
return _RSAPrivateKey(self, rsa_cdata)
elif key_type == self._lib.EVP_PKEY_DSA:
dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
assert dsa_cdata != self._ffi.NULL
dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
return _DSAPrivateKey(self, dsa_cdata)
elif (self._lib.Cryptography_HAS_EC == 1
and key_type == self._lib.EVP_PKEY_EC):
ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
assert ec_cdata != self._ffi.NULL
ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
return _EllipticCurvePrivateKey(self, ec_cdata)
else:
raise UnsupportedAlgorithm("Unsupported key type.")
def decrypt_rsa(self, private_key, ciphertext, padding):
warnings.warn(
"decrypt_rsa is deprecated and will be removed in a future "
"version.",
utils.DeprecatedIn05,
stacklevel=2)
rsa_cdata = self._rsa_cdata_from_private_key(private_key)
key = _RSAPrivateKey(self, rsa_cdata)
return key.decrypt(ciphertext, padding)
def create_rsa_signature_ctx(self, private_key, padding, algorithm):
warnings.warn(
"create_rsa_signature_ctx is deprecated and will be removed in a "
"future version.",
utils.DeprecatedIn05,
stacklevel=2)
rsa_cdata = self._rsa_cdata_from_private_key(private_key)
key = _RSAPrivateKey(self, rsa_cdata)
return _RSASignatureContext(self, key, padding, algorithm)
def decrypt_rsa(self, private_key, ciphertext, padding):
warnings.warn(
"decrypt_rsa is deprecated and will be removed in a future "
"version.",
utils.DeprecatedIn05,
stacklevel=2
)
rsa_cdata = self._rsa_cdata_from_private_key(private_key)
key = _RSAPrivateKey(self, rsa_cdata)
return key.decrypt(ciphertext, padding)
def create_rsa_signature_ctx(self, private_key, padding, algorithm):
warnings.warn(
"create_rsa_signature_ctx is deprecated and will be removed in a "
"future version.",
utils.DeprecatedIn05,
stacklevel=2
)
rsa_cdata = self._rsa_cdata_from_private_key(private_key)
key = _RSAPrivateKey(self, rsa_cdata)
return _RSASignatureContext(self, key, padding, algorithm)
def generate_rsa_private_key(self, public_exponent, key_size):
rsa._verify_rsa_parameters(public_exponent, key_size)
rsa_cdata = self._lib.RSA_new()
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
bn = self._int_to_bn(public_exponent)
bn = self._ffi.gc(bn, self._lib.BN_free)
res = self._lib.RSA_generate_key_ex(rsa_cdata, key_size, bn,
self._ffi.NULL)
assert res == 1
return _RSAPrivateKey(self, rsa_cdata)
def generate_rsa_private_key(self, public_exponent, key_size):
rsa._verify_rsa_parameters(public_exponent, key_size)
rsa_cdata = self._lib.RSA_new()
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
bn = self._int_to_bn(public_exponent)
bn = self._ffi.gc(bn, self._lib.BN_free)
res = self._lib.RSA_generate_key_ex(
rsa_cdata, key_size, bn, self._ffi.NULL
)
assert res == 1
return _RSAPrivateKey(self, rsa_cdata)
def _evp_pkey_to_private_key(self, evp_pkey):
"""
Return the appropriate type of PrivateKey given an evp_pkey cdata
pointer.
"""
type = evp_pkey.type
if type == self._lib.EVP_PKEY_RSA:
rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
return _RSAPrivateKey(self, rsa_cdata)
elif type == self._lib.EVP_PKEY_DSA:
dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
assert dsa_cdata != self._ffi.NULL
dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
return _DSAPrivateKey(self, dsa_cdata)
else:
raise UnsupportedAlgorithm("Unsupported key type.")
def _evp_pkey_to_private_key(self, evp_pkey):
"""
Return the appropriate type of PrivateKey given an evp_pkey cdata
pointer.
"""
type = evp_pkey.type
if type == self._lib.EVP_PKEY_RSA:
rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
return _RSAPrivateKey(self, rsa_cdata)
elif type == self._lib.EVP_PKEY_DSA:
dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
assert dsa_cdata != self._ffi.NULL
dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
return _DSAPrivateKey(self, dsa_cdata)
else:
raise UnsupportedAlgorithm("Unsupported key type.")
def __init__(self, engine, arg):
super(EngineJWK, self).__init__()
backend._lib.ENGINE_load_builtin_engines()
e = backend._lib.ENGINE_by_id(engine)
backend.openssl_assert(e != backend._ffi.NULL)
res = backend._lib.ENGINE_init(e)
backend.openssl_assert(res == 1)
evp_pkey = backend._lib.ENGINE_load_private_key(
e, arg, backend._ffi.NULL, backend._ffi.NULL)
backend._lib.ENGINE_finish(e)
backend.openssl_assert(evp_pkey != backend._ffi.NULL)
key_type = backend._lib.EVP_PKEY_id(evp_pkey)
if key_type == backend._lib.EVP_PKEY_RSA:
rsakey = backend._lib.EVP_PKEY_get1_RSA(evp_pkey)
self._engine_priv = rsa._RSAPrivateKey(backend, rsakey, evp_pkey)
self._engine_pub = rsa._RSAPublicKey(backend, rsakey, evp_pkey)
self._import_pyca_pub_rsa(self._engine_pub)
else:
raise jwk.InvalidJWKValue('Unknown Engine Key type')
return
