def read(self, istream):
super(KeyBlock, self).read(istream)
tstream = BytearrayStream(istream.read(self.length))
self.key_format_type = KeyFormatType()
self.key_format_type.read(tstream)
if self.is_tag_next(Tags.KEY_COMPRESSION_TYPE, tstream):
self.key_compression_type = KeyBlock.KeyCompressionType()
self.key_compression_type.read(tstream)
self.key_value = KeyValue()
self.key_value.read(tstream)
if self.is_tag_next(Tags.CRYPTOGRAPHIC_ALGORITHM, tstream):
self.cryptographic_algorithm = attributes.CryptographicAlgorithm()
self.cryptographic_algorithm.read(tstream)
if self.is_tag_next(Tags.CRYPTOGRAPHIC_LENGTH, tstream):
self.cryptographic_length = attributes.CryptographicLength()
self.cryptographic_length.read(tstream)
if self.is_tag_next(Tags.KEY_WRAPPING_DATA, tstream):
self.key_wrapping_data = KeyWrappingData()
self.key_wrapping_data.read(tstream)
self.is_oversized(tstream)
self.validate()
def test_build_pie_asymmetric_key(self):
"""
Test that a core asymmetric key object can be converted into a Pie
asymmetric object.
"""
format_type = misc.KeyFormatType(enums.KeyFormatType.PKCS_1)
algorithm = attributes.CryptographicAlgorithm(
enums.CryptographicAlgorithm.RSA)
length = attributes.CryptographicLength(2048)
key_material = cobjects.KeyMaterial(self.public_bytes)
key_value = cobjects.KeyValue(key_material)
key_block = cobjects.KeyBlock(
key_format_type=format_type,
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=algorithm,
cryptographic_length=length,
key_wrapping_data=None)
core_key = secrets.PublicKey(key_block)
pie_key = self.factory._build_pie_key(core_key, pobjects.PublicKey)
self.assertIsInstance(pie_key, pobjects.PublicKey)
self._test_pie_key(
pie_key, algorithm.value, length.value, self.public_bytes,
format_type.value)
def test_convert_symmetric_key_core_to_pie(self):
"""
Test that a core symmetric key can be converted into a Pie symmetric
key.
"""
format_type = misc.KeyFormatType(enums.KeyFormatType.RAW)
algorithm = attributes.CryptographicAlgorithm(
enums.CryptographicAlgorithm.AES)
length = attributes.CryptographicLength(128)
key_material = cobjects.KeyMaterial(self.symmetric_bytes)
key_value = cobjects.KeyValue(key_material)
key_block = cobjects.KeyBlock(
key_format_type=format_type,
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=algorithm,
cryptographic_length=length,
key_wrapping_data=None)
core_key = secrets.SymmetricKey(key_block)
pie_key = self.factory.convert(core_key)
self.assertIsInstance(pie_key, pobjects.SymmetricKey)
self._test_pie_key(
pie_key, algorithm.value, length.value, self.symmetric_bytes,
format_type.value)
def _create_cryptographic_length(self, length):
if length is not None and not isinstance(length, int):
msg = utils.build_er_error(attributes.CryptographicLength,
'constructor argument type', int,
type(length))
raise TypeError(msg)
return attributes.CryptographicLength(length)
def get_sample_symmetric_key(key_b64=utils.get_symmetric_key(),
key_length=128,
algorithm=enums.CryptographicAlgorithm.AES):
key_material = objects.KeyMaterial(base64.b64decode(key_b64))
key_value = objects.KeyValue(key_material)
key_block = objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=attr.CryptographicAlgorithm(algorithm),
cryptographic_length=attr.CryptographicLength(key_length),
key_wrapping_data=None)
return secrets.SymmetricKey(key_block)
def get_sample_private_key(pkcs1=False):
if pkcs1:
private_key = kss.get_private_key_der_pkcs1(keys.get_private_key_pem())
key_format_type = misc.KeyFormatType(enums.KeyFormatType.PKCS_1)
else:
private_key = keys.get_private_key_der()
key_format_type = misc.KeyFormatType(enums.KeyFormatType.PKCS_8)
key_material = objects.KeyMaterial(private_key)
key_value = objects.KeyValue(key_material)
key_block = objects.KeyBlock(
key_format_type=key_format_type,
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=attr.CryptographicAlgorithm(
enums.CryptographicAlgorithm.RSA),
cryptographic_length=attr.CryptographicLength(2048),
key_wrapping_data=None)
return secrets.PrivateKey(key_block)
def _build_core_key(self, key, cls):
algorithm = key.cryptographic_algorithm
length = key.cryptographic_length
value = key.value
format_type = key.key_format_type
key_material = cobjects.KeyMaterial(value)
key_value = cobjects.KeyValue(key_material)
key_block = cobjects.KeyBlock(
key_format_type=misc.KeyFormatType(format_type),
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=attributes.CryptographicAlgorithm(
algorithm),
cryptographic_length=attributes.CryptographicLength(length),
key_wrapping_data=None)
return cls(key_block)
def test_build_pie_split_key(self):
"""
Test that a core split key object can be converted into a Pie split
key object.
"""
key_block = cobjects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW),
key_compression_type=None,
key_value=cobjects.KeyValue(
cobjects.KeyMaterial(self.symmetric_bytes)
),
cryptographic_algorithm=attributes.CryptographicAlgorithm(
enums.CryptographicAlgorithm.AES
),
cryptographic_length=attributes.CryptographicLength(128),
key_wrapping_data=None
)
core_split_key = secrets.SplitKey(
split_key_parts=3,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.XOR,
prime_field_size=None,
key_block=key_block
)
pie_split_key = self.factory._build_pie_split_key(core_split_key)
self.assertIsInstance(pie_split_key, pobjects.SplitKey)
self._test_pie_key(
pie_split_key,
enums.CryptographicAlgorithm.AES,
128,
self.symmetric_bytes,
enums.KeyFormatType.RAW
)
self.assertEqual(3, pie_split_key.split_key_parts)
self.assertEqual(1, pie_split_key.key_part_identifier)
self.assertEqual(2, pie_split_key.split_key_threshold)
self.assertEqual(
enums.SplitKeyMethod.XOR,
pie_split_key.split_key_method
)
self.assertIsNone(pie_split_key.prime_field_size)
def test_build_pie_symmetric_key_on_invalid_format(self):
"""
Test that a TypeError exception is raised when attempting to create a
Pie SymmetricKey object from a core SymmetricKey object with an
incompatible format.
"""
format_type = misc.KeyFormatType(enums.KeyFormatType.OPAQUE)
algorithm = attributes.CryptographicAlgorithm(
enums.CryptographicAlgorithm.AES)
length = attributes.CryptographicLength(128)
key_material = cobjects.KeyMaterial(self.symmetric_bytes)
key_value = cobjects.KeyValue(key_material)
key_block = cobjects.KeyBlock(key_format_type=format_type,
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=algorithm,
cryptographic_length=length,
key_wrapping_data=None)
core_key = secrets.SymmetricKey(key_block)
args = [core_key, pobjects.SymmetricKey]
self.assertRaises(TypeError, self.factory._build_pie_key, *args)
def _build_core_split_key(self, secret):
key_material = cobjects.KeyMaterial(secret.value)
key_value = cobjects.KeyValue(key_material)
key_wrapping_data = None
if secret.key_wrapping_data:
key_wrapping_data = cobjects.KeyWrappingData(
**secret.key_wrapping_data)
key_block = cobjects.KeyBlock(
key_format_type=misc.KeyFormatType(secret.key_format_type),
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=attributes.CryptographicAlgorithm(
secret.cryptographic_algorithm),
cryptographic_length=attributes.CryptographicLength(
secret.cryptographic_length),
key_wrapping_data=key_wrapping_data)
return secrets.SplitKey(split_key_parts=secret.split_key_parts,
key_part_identifier=secret.key_part_identifier,
split_key_threshold=secret.split_key_threshold,
split_key_method=secret.split_key_method,
prime_field_size=secret.prime_field_size,
key_block=key_block)
