def derivePublicKey(key):
"""
Use the macOS Keychain key to derive the public key.
:param c_void_p key: The macOS Keychain private key.
:return: The public key encoding Blob.
:rtype: Blob
"""
osx = Osx.get()
exportedKey = None
try:
exportedKey = c_void_p()
res = osx._security.SecItemExport(key, osx._kSecFormatOpenSSL, 0,
None, pointer(exportedKey))
if res != None:
# TODO: check for errSecAuthFailed
raise TpmBackEndOsx.Error("Failed to export the private key")
privateKey = TpmPrivateKey()
privateKey.loadPkcs1(TpmBackEndOsx._CFDataToBlob(exportedKey))
return privateKey.derivePublicKey()
finally:
if exportedKey != None:
cf.CFRelease(exportedKey)
def derivePublicKey(key):
"""
Use the macOS Keychain key to derive the public key.
:param c_void_p key: The macOS Keychain private key.
:return: The public key encoding Blob.
:rtype: Blob
"""
osx = Osx.get()
exportedKey = None
try:
exportedKey = c_void_p()
res = osx._security.SecItemExport(
key, osx._kSecFormatOpenSSL, 0, None, pointer(exportedKey))
if res != None:
# TODO: check for errSecAuthFailed
raise TpmBackEndOsx.Error(
"Failed to export the private key")
privateKey = TpmPrivateKey()
privateKey.loadPkcs1(TpmBackEndOsx._CFDataToBlob(exportedKey))
return privateKey.derivePublicKey()
finally:
if exportedKey != None:
cf.CFRelease(exportedKey)
def test_derive_public_key(self):
for dataSet in self.keyTestData:
pkcs8 = base64.b64decode(dataSet.privateKeyPkcs8Unencrypted)
key = TpmPrivateKey()
key.loadPkcs8(pkcs8)
# Derive the public key and compare.
publicKeyBits = key.derivePublicKey()
expected = base64.b64decode(dataSet.publicKeyEncoding)
self.assertTrue(publicKeyBits.equals(Blob(expected)))
def test_derive_public_key(self):
for dataSet in self.keyTestData:
pkcs8 = base64.b64decode(dataSet.privateKeyPkcs8Unencrypted)
key = TpmPrivateKey()
key.loadPkcs8(pkcs8)
# Derive the public key and compare.
publicKeyBits = key.derivePublicKey()
expected = base64.b64decode(dataSet.publicKeyEncoding)
self.assertTrue(publicKeyBits.equals(Blob(expected)))
def deriveEncryptKey(keyBits):
"""
Derive a new encrypt key from the given decrypt key value.
:param Blob keyBits: The key value of the decrypt key (PKCS8-encoded
private key).
:return: The new encrypt key (DER-encoded public key).
:rtype: EncryptKey
"""
privateKey = TpmPrivateKey()
privateKey.loadPkcs8(keyBits.toBytes())
return EncryptKey(privateKey.derivePublicKey())
def deriveEncryptKey(keyBits):
"""
Derive a new encrypt key from the given decrypt key value.
:param Blob keyBits: The key value of the decrypt key (PKCS8-encoded
private key).
:return: The new encrypt key (DER-encoded public key).
:rtype: EncryptKey
"""
privateKey = TpmPrivateKey()
privateKey.loadPkcs8(keyBits.toBytes())
return EncryptKey(privateKey.derivePublicKey())
