def openssl_private_encrypt(key, data, backend): """Encrypt data with RSA private key. This is a rewrite of the function from PHP, using cryptography FFI bindings to the OpenSSL library. Private key encryption is non-standard operation and Python packages either don't offer it at all, or it's incompatible with the PHP version. The backend argument MUST be the OpenSSL cryptography backend. """ length = backend._lib.EVP_PKEY_size(key._evp_pkey) buffer = backend._ffi.new('unsigned char[]', length) result = backend._lib.RSA_private_encrypt( len(data), data, buffer, backend._lib.EVP_PKEY_get1_RSA(key._evp_pkey), backend._lib.RSA_PKCS1_PADDING) backend.openssl_assert(result == length) return backend._ffi.buffer(buffer)[:]
def test_openssl_assert(self): backend.openssl_assert(True) with pytest.raises(InternalError): backend.openssl_assert(False)
def test_openssl_assert(self): backend.openssl_assert(True) with pytest.raises(InternalError): backend.openssl_assert(False)
def test_segfault_from_wrong_curve(self): """ In pyUmbral, we're getting a strange segfault. We have a test in which when we show that using a curve to generate a point, and then a different curve for EC_GROUP_new_by_curve_name properly borks. However, instead of our higher-level error message, we get a segfault. Here's what we're doing: """ from cryptography.hazmat.backends.openssl import backend # We make new params... group = backend._lib.EC_GROUP_new_by_curve_name(715) backend.openssl_assert(group != backend._ffi.NULL) generator = backend._lib.EC_GROUP_get0_generator(group) backend.openssl_assert(generator != backend._ffi.NULL) order = backend._lib.BN_new() with backend._tmp_bn_ctx() as bn_ctx: res = backend._lib.EC_GROUP_get_order(group, order, bn_ctx) backend.openssl_assert(res == 1) # Then make a BigNum, as if for a private key. random_bn = backend._lib.BN_new() backend.openssl_assert(random_bn != backend._ffi.NULL) res = backend._lib.BN_rand_range(random_bn, order) backend.openssl_assert(res == 1) # Then a point. new_point = backend._lib.EC_POINT_new(group) backend.openssl_assert(new_point != backend._ffi.NULL) new_point = backend._ffi.gc(new_point, backend._lib.EC_POINT_clear_free) # We multiple the private key by the curve generator, as if to # get the public key. with backend._tmp_bn_ctx() as bn_ctx: res = backend._lib.EC_POINT_mul(group, new_point, backend._ffi.NULL, generator, random_bn, bn_ctx) backend.openssl_assert(res == 1) # Wrong group. wrong_group = backend._lib.EC_GROUP_new_by_curve_name(714) # Now we check if the new point (ie, the public key) is on the wrong curve. with backend._tmp_bn_ctx() as bn_ctx: final_result = backend._lib.EC_POINT_is_on_curve( wrong_group, new_point, bn_ctx)