Exemple #1
0
    def _evp_pkey_to_private_key(self, evp_pkey):
        """
        Return the appropriate type of PrivateKey given an evp_pkey cdata
        pointer.
        """

        type = evp_pkey.type

        if type == self._lib.EVP_PKEY_RSA:
            rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
            assert rsa_cdata != self._ffi.NULL
            rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
            return _RSAPrivateKey(self, rsa_cdata)
        elif type == self._lib.EVP_PKEY_DSA:
            dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
            assert dsa_cdata != self._ffi.NULL
            dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
            return _DSAPrivateKey(self, dsa_cdata)
        elif (self._lib.Cryptography_HAS_EC == 1
              and type == self._lib.EVP_PKEY_EC):
            ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
            assert ec_cdata != self._ffi.NULL
            ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
            return _EllipticCurvePrivateKey(self, ec_cdata)
        else:
            raise UnsupportedAlgorithm("Unsupported key type.")
Exemple #2
0
    def to_cryptography_priv_key(self):
        """
        Converts the BigNum object to a cryptography.io EllipticCurvePrivateKey
        """
        backend.openssl_assert(self.group != backend._ffi.NULL)
        backend.openssl_assert(self.bignum != backend._ffi.NULL)

        ec_key = backend._lib.EC_KEY_new()
        backend.openssl_assert(ec_key != backend._ffi.NULL)
        ec_key = backend._ffi.gc(ec_key, backend._lib.EC_KEY_free)

        res = backend._lib.EC_KEY_set_group(ec_key, self.group)
        backend.openssl_assert(res == 1)

        res = backend._lib.EC_KEY_set_private_key(ec_key, self.bignum)
        backend.openssl_assert(res == 1)

        # Get public key
        point = backend._lib.EC_POINT_new(self.group)
        backend.openssl_assert(point != backend._ffi.NULL)
        point = backend._ffi.gc(point, backend._lib.EC_POINT_free)

        with backend._tmp_bn_ctx() as bn_ctx:
            res = backend._lib.EC_POINT_mul(
                self.group, point, self.bignum, backend._ffi.NULL,
                backend._ffi.NULL, bn_ctx
            )
            backend.openssl_assert(res == 1)

            res = backend._lib.EC_KEY_set_public_key(ec_key, point)
            backend.openssl_assert(res == 1)

        evp_pkey = backend._ec_cdata_to_evp_pkey(ec_key)
        return _EllipticCurvePrivateKey(backend, ec_key, evp_pkey)
Exemple #3
0
    def to_cryptography_privkey(self):
        """
        Returns a cryptography.io EllipticCurvePrivateKey from the Umbral key.
        """
        backend = default_backend()

        backend.openssl_assert(self.bn_key.group != backend._ffi.NULL)
        backend.openssl_assert(self.bn_key.bignum != backend._ffi.NULL)

        ec_key = backend._lib.EC_KEY_new()
        backend.openssl_assert(ec_key != backend._ffi.NULL)
        ec_key = backend._ffi.gc(ec_key, backend._lib.EC_KEY_free)

        set_group_result = backend._lib.EC_KEY_set_group(
            ec_key, self.bn_key.group)
        backend.openssl_assert(set_group_result == 1)

        set_privkey_result = backend._lib.EC_KEY_set_private_key(
            ec_key, self.bn_key.bignum)
        backend.openssl_assert(set_privkey_result == 1)

        # Get public key
        point = openssl._get_new_EC_POINT(ec_group=self.bn_key.group)
        with backend._tmp_bn_ctx() as bn_ctx:
            mult_result = backend._lib.EC_POINT_mul(self.bn_key.group, point,
                                                    self.bn_key.bignum,
                                                    backend._ffi.NULL,
                                                    backend._ffi.NULL, bn_ctx)
            backend.openssl_assert(mult_result == 1)

        set_pubkey_result = backend._lib.EC_KEY_set_public_key(ec_key, point)
        backend.openssl_assert(set_pubkey_result == 1)

        evp_pkey = backend._ec_cdata_to_evp_pkey(ec_key)
        return _EllipticCurvePrivateKey(backend, ec_key, evp_pkey)
Exemple #4
0
    def _evp_pkey_to_private_key(self, evp_pkey):
        """
        Return the appropriate type of PrivateKey given an evp_pkey cdata
        pointer.
        """

        type = evp_pkey.type

        if type == self._lib.EVP_PKEY_RSA:
            rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
            assert rsa_cdata != self._ffi.NULL
            rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
            return _RSAPrivateKey(self, rsa_cdata)
        elif type == self._lib.EVP_PKEY_DSA:
            dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
            assert dsa_cdata != self._ffi.NULL
            dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
            return _DSAPrivateKey(self, dsa_cdata)
        elif (self._lib.Cryptography_HAS_EC == 1 and
              type == self._lib.EVP_PKEY_EC):
            ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
            assert ec_cdata != self._ffi.NULL
            ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
            return _EllipticCurvePrivateKey(self, ec_cdata)
        else:
            raise UnsupportedAlgorithm("Unsupported key type.")
Exemple #5
0
def _bignum_to_private_key(backend, group, bignum) -> _EllipticCurvePrivateKey:
    """
    Turns an OpenSSL BIGNUM into an EllipticCurvePrivateKey and returns it.
    """
    backend.openssl_assert(group != backend._ffi.NULL)
    backend.openssl_assert(bignum != backend._ffi.NULL)

    ec_key = backend._lib.EC_KEY_new()
    backend.openssl_assert(ec_key != backend._ffi.NULL)
    ec_key = backend._ffi.gc(ec_key, backend._lib.EC_KEY_free)

    res = backend._lib.EC_KEY_set_group(ec_key, group)
    backend.openssl_assert(res == 1)

    res = backend._lib.EC_KEY_set_private_key(ec_key, bignum)
    backend.openssl_assert(res == 1)

    # Get public key
    point = backend._lib.EC_POINT_new(group)
    backend.openssl_assert(point != backend._ffi.NULL)
    point = backend._ffi.gc(point, backend._lib.EC_POINT_free)

    with backend._tmp_bn_ctx() as bn_ctx:
        res = backend._lib.EC_POINT_mul(
            group, point, bignum, backend._ffi.NULL, backend._ffi.NULL, bn_ctx
        )
        backend.openssl_assert(res == 1)

        res = backend._lib.EC_KEY_set_public_key(ec_key, point)
        backend.openssl_assert(res == 1)

    evp_pkey = backend._ec_cdata_to_evp_pkey(ec_key)
    return _EllipticCurvePrivateKey(backend, ec_key, evp_pkey)
Exemple #6
0
    def generate_elliptic_curve_private_key(self, curve):
        """
        Generate a new private key on the named curve.
        """

        if self.elliptic_curve_supported(curve):
            curve_nid = self._elliptic_curve_to_nid(curve)

            ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid)
            assert ec_cdata != self._ffi.NULL
            ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)

            res = self._lib.EC_KEY_generate_key(ec_cdata)
            assert res == 1

            res = self._lib.EC_KEY_check_key(ec_cdata)
            assert res == 1

            evp_pkey = self._ec_cdata_to_evp_pkey(ec_cdata)

            return _EllipticCurvePrivateKey(self, ec_cdata, evp_pkey)
        else:
            raise UnsupportedAlgorithm(
                "Backend object does not support {0}.".format(curve.name),
                _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
            )
Exemple #7
0
def bn_to_privkey(curve: Curve, bn):

    ec_key = BACKEND_LIB.EC_KEY_new()
    backend.openssl_assert(ec_key != BACKEND_FFI.NULL)
    ec_key = BACKEND_FFI.gc(ec_key, BACKEND_LIB.EC_KEY_free)

    set_group_result = BACKEND_LIB.EC_KEY_set_group(ec_key, curve.ec_group)
    backend.openssl_assert(set_group_result == 1)

    set_privkey_result = BACKEND_LIB.EC_KEY_set_private_key(ec_key, bn)
    backend.openssl_assert(set_privkey_result == 1)

    evp_pkey = backend._ec_cdata_to_evp_pkey(ec_key)
    return _EllipticCurvePrivateKey(backend, ec_key, evp_pkey)
Exemple #8
0
    def load_elliptic_curve_private_numbers(self, numbers):
        public = numbers.public_numbers

        curve_nid = self._elliptic_curve_to_nid(public.curve)

        ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid)
        assert ec_cdata != self._ffi.NULL
        ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)

        ec_cdata = self._ec_key_set_public_key_affine_coordinates(
            ec_cdata, public.x, public.y)

        res = self._lib.EC_KEY_set_private_key(
            ec_cdata, self._int_to_bn(numbers.private_value))
        assert res == 1

        return _EllipticCurvePrivateKey(self, ec_cdata)
Exemple #9
0
    def load_elliptic_curve_private_numbers(self, numbers):
        public = numbers.public_numbers

        curve_nid = self._elliptic_curve_to_nid(public.curve)

        ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid)
        assert ec_cdata != self._ffi.NULL
        ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)

        ec_cdata = self._ec_key_set_public_key_affine_coordinates(
            ec_cdata, public.x, public.y)

        res = self._lib.EC_KEY_set_private_key(
            ec_cdata, self._int_to_bn(numbers.private_value))
        assert res == 1

        return _EllipticCurvePrivateKey(self, ec_cdata)
Exemple #10
0
    def elliptic_curve_private_key_from_numbers(self, numbers):
        public = numbers.public_numbers

        curve_nid = self._elliptic_curve_to_nid(public.curve)

        ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid)
        assert ctx != self._ffi.NULL
        ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free)

        ctx = self._ec_key_set_public_key_affine_coordinates(
            ctx, public.x, public.y)

        res = self._lib.EC_KEY_set_private_key(
            ctx, self._int_to_bn(numbers.private_value))
        assert res == 1

        return _EllipticCurvePrivateKey(self, ctx,
                                        numbers.public_numbers.curve)
Exemple #11
0
    def elliptic_curve_private_key_from_numbers(self, numbers):
        public = numbers.public_numbers

        curve_nid = self._elliptic_curve_to_nid(public.curve)

        ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid)
        assert ctx != self._ffi.NULL
        ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free)

        ctx = self._ec_key_set_public_key_affine_coordinates(
            ctx, public.x, public.y)

        res = self._lib.EC_KEY_set_private_key(
            ctx, self._int_to_bn(numbers.private_value))
        assert res == 1

        return _EllipticCurvePrivateKey(self, ctx,
                                        numbers.public_numbers.curve)
Exemple #12
0
    def generate_elliptic_curve_private_key(self, curve):
        """
        Generate a new private key on the named curve.
        """

        if self.elliptic_curve_supported(curve):
            curve_nid = self._elliptic_curve_to_nid(curve)

            ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid)
            assert ctx != self._ffi.NULL
            ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free)

            res = self._lib.EC_KEY_generate_key(ctx)
            assert res == 1

            res = self._lib.EC_KEY_check_key(ctx)
            assert res == 1

            return _EllipticCurvePrivateKey(self, ctx, curve)
        else:
            raise UnsupportedAlgorithm(
                "Backend object does not support {0}.".format(curve.name),
                _Reasons.UNSUPPORTED_ELLIPTIC_CURVE)
Exemple #13
0
 def elliptic_curve_private_key_from_numbers(self, numbers):
     ec_key = self._ec_key_cdata_from_private_numbers(numbers)
     return _EllipticCurvePrivateKey(self, ec_key,
                                     numbers.public_numbers.curve)