def __init__(self, key_info, merkle_verifier=merkle.MerkleVerifier()):
"""Initialize from KeyInfo protocol buffer and a MerkleVerifier."""
self.__merkle_verifier = merkle_verifier
if (key_info.type == client_pb2.KeyInfo.ECDSA):
self.__sig_verifier = verify_ecdsa.EcdsaVerifier(key_info)
elif (key_info.type == client_pb2.KeyInfo.RSA):
self.__sig_verifier = verify_rsa.RsaVerifier(key_info)
else:
raise error.UnsupportedAlgorithmError("Key type %d not supported" %
key_info.type)
def __init__(self, key_info):
"""Creates a verifier that uses a PEM-encoded RSA public key.
Args:
- key_info: KeyInfo protobuf message
Raises:
- PemError: If the key has an invalid encoding
- UnsupportedAlgorithmError: If the key uses an unsupported algorithm
"""
if (key_info.type != client_pb2.KeyInfo.RSA):
raise error.UnsupportedAlgorithmError(
"Expected RSA key, but got key type %d" % key_info.type)
pem_key = str(key_info.pem_key)
try:
self.__key = crypto_backend().load_pem_public_key(pem_key)
except ValueError as e:
raise pem.PemError(e)
except cryptography.exceptions.UnsupportedAlgorithm as e:
raise error.UnsupportedAlgorithmError(e)
def __init__(self, key_info, merkle_verifier=merkle.MerkleVerifier()):
"""Initialize from KeyInfo protocol buffer and a MerkleVerifier."""
self.__merkle_verifier = merkle_verifier
if key_info.type != client_pb2.KeyInfo.ECDSA:
raise error.UnsupportedAlgorithmError("Key type %d not supported" %
key_info.type)
# Will raise a PemError on invalid encoding
self.__der, _ = pem.from_pem(key_info.pem_key,
LogVerifier.__ECDSA_READ_MARKERS)
try:
self.__pubkey = ecdsa.VerifyingKey.from_der(self.__der)
except ecdsa.der.UnexpectedDER as e:
raise error.EncodingError(e)
def __init__(self, key_info):
"""Creates a verifier that uses a PEM-encoded ECDSA public key.
Args:
- key_info: KeyInfo protobuf message
Raises:
- PemError: If the key has an invalid encoding
"""
if (key_info.type != client_pb2.KeyInfo.ECDSA):
raise error.UnsupportedAlgorithmError(
"Expected ECDSA key, but got key type %d" % key_info.type)
# Will raise a PemError on invalid encoding
self.__der, _ = pem.from_pem(key_info.pem_key, self.__READ_MARKERS)
try:
self.__key = ecdsa.VerifyingKey.from_der(self.__der)
except ecdsa.der.UnexpectedDER as e:
raise error.EncodingError(e)
def __init__(self, key_info):
"""Creates a verifier that uses a PEM-encoded RSA public key.
Args:
- key_info: KeyInfo protobuf message
Raises:
- PemError: If the key has an invalid encoding
"""
if (key_info.type != client_pb2.KeyInfo.RSA):
raise error.UnsupportedAlgorithmError(
"Expected RSA key, but got key type %d" % key_info.type)
# Will raise a PemError on invalid encoding
self.__der, _ = pem.from_pem(key_info.pem_key, self.__READ_MARKERS)
try:
self.__key = Crypto.PublicKey.RSA.importKey(self.__der)
except (ValueError, IndexError, TypeError) as e:
raise error.EncodingError(e)
def create_key_info_from_raw_key(log_key):
"""Creates a KeyInfo from the given raw (DER-encoded) key.
Detects the key type (ECDSA or RSA), returning a client_pb2.KeyInfo
instance that can be used to construct a LogVerifier.
Args:
log_key: A DER-encoded key.
Returns:
A client_pb2.KeyInfo instance with all fields correctly filled.
"""
key_info = client_pb2.KeyInfo()
decoded_key = x509_common.SubjectPublicKeyInfo.decode(log_key)
key_algorithm_oid = decoded_key['algorithm']['algorithm']
if key_algorithm_oid == oid.RSA_ENCRYPTION:
key_info.type = client_pb2.KeyInfo.RSA
elif key_algorithm_oid == oid.ID_EC_PUBLICKEY:
key_info.type = client_pb2.KeyInfo.ECDSA
else:
raise error.UnsupportedAlgorithmError('Unknown key type: %s' %
key_algorithm_oid)
key_info.pem_key = pem.to_pem(log_key, 'PUBLIC KEY')
return key_info