def _doImportKey(self, keyName, pkcs8, password):
"""
A protected method to import an encoded private key with name keyName in
PKCS #8 format, possibly password-encrypted.
:param Name keyName: The name of the key to use in the TPM.
:param pkcs8: The input byte buffer. If the password is supplied, this
is a PKCS #8 EncryptedPrivateKeyInfo. If the password is none, this is
an unencrypted PKCS #8 PrivateKeyInfo.
:type pkcs8: an array which implements the buffer protocol
:param password: The password for decrypting the private key, which
should have characters in the range of 1 to 127. If the password is
supplied, use it to decrypt the PKCS #8 EncryptedPrivateKeyInfo. If
the password is None, import an unencrypted PKCS #8 PrivateKeyInfo.
:type password: an array which implements the buffer protocol
:raises TpmBackEnd.Error: For an error importing the key.
"""
try:
key = TpmPrivateKey()
if password != None:
key.loadEncryptedPkcs8(pkcs8, password)
else:
key.loadPkcs8(pkcs8)
# Copy the Name.
self._keys[Name(keyName)] = key
except TpmPrivateKey.Error as ex:
raise TpmBackEnd.Error("Cannot import private key: " + str(ex))
def test_save_load(self):
for dataSet in self.keyTestData:
# Load the key in PKCS #1 format.
pkcs1 = base64.b64decode(dataSet.privateKeyPkcs1)
key1 = TpmPrivateKey()
key1.loadPkcs1(pkcs1)
# Save the key in PKCS #1 format.
savedPkcs1Key = key1.toPkcs1()
self.assertTrue(savedPkcs1Key.equals(Blob(pkcs1)))
# Load the key in unencrypted PKCS #8 format.
pkcs8 = base64.b64decode(dataSet.privateKeyPkcs8Unencrypted)
key8 = TpmPrivateKey()
key8.loadPkcs8(pkcs8)
# Save the key in unencrypted PKCS #8 format.
savedPkcs8Key = key8.toPkcs8()
self.assertTrue(savedPkcs8Key.equals(Blob(pkcs8)))
password = Blob("password").toBytes()
# Load the key in encrypted PKCS #8 format.
encryptedPkcs8 = base64.b64decode(dataSet.privateKeyPkcs8)
encryptedKey8 = TpmPrivateKey()
encryptedKey8.loadEncryptedPkcs8(encryptedPkcs8, password)
# Save the key in encrypted PKCS #8 format and resave as unencrypted.
savedEncryptedPkcs8Key = encryptedKey8.toEncryptedPkcs8(password)
key8 = TpmPrivateKey()
key8.loadEncryptedPkcs8(savedEncryptedPkcs8Key, password)
resavedPkcs8Key = key8.toPkcs8()
self.assertTrue(resavedPkcs8Key.equals(Blob(pkcs8)))
def test_save_load(self):
for dataSet in self.keyTestData:
# Load the key in PKCS #1 format.
pkcs1 = base64.b64decode(dataSet.privateKeyPkcs1)
key1 = TpmPrivateKey()
key1.loadPkcs1(pkcs1)
# Save the key in PKCS #1 format.
savedPkcs1Key = key1.toPkcs1()
self.assertTrue(savedPkcs1Key.equals(Blob(pkcs1)))
# Load the key in unencrypted PKCS #8 format.
pkcs8 = base64.b64decode(dataSet.privateKeyPkcs8Unencrypted)
key8 = TpmPrivateKey()
key8.loadPkcs8(pkcs8)
# Save the key in unencrypted PKCS #8 format.
savedPkcs8Key = key8.toPkcs8()
self.assertTrue(savedPkcs8Key.equals(Blob(pkcs8)))
password = Blob("password").toBytes()
# Load the key in encrypted PKCS #8 format.
encryptedPkcs8 = base64.b64decode(dataSet.privateKeyPkcs8)
encryptedKey8 = TpmPrivateKey()
encryptedKey8.loadEncryptedPkcs8(encryptedPkcs8, password)
# Save the key in encrypted PKCS #8 format and resave as unencrypted.
savedEncryptedPkcs8Key = encryptedKey8.toEncryptedPkcs8(password)
key8 = TpmPrivateKey()
key8.loadEncryptedPkcs8(savedEncryptedPkcs8Key, password)
resavedPkcs8Key = key8.toPkcs8()
self.assertTrue(resavedPkcs8Key.equals(Blob(pkcs8)))
def _doImportKey(self, keyName, pkcs8, password):
"""
A protected method to import an encoded private key with name keyName in
PKCS #8 format, possibly password-encrypted.
:param Name keyName: The name of the key to use in the TPM.
:param pkcs8: The input byte buffer. If the password is supplied, this
is a PKCS #8 EncryptedPrivateKeyInfo. If the password is none, this is
an unencrypted PKCS #8 PrivateKeyInfo.
:type pkcs8: an array which implements the buffer protocol
:param password: The password for decrypting the private key, which
should have characters in the range of 1 to 127. If the password is
supplied, use it to decrypt the PKCS #8 EncryptedPrivateKeyInfo. If
the password is None, import an unencrypted PKCS #8 PrivateKeyInfo.
:type password: an array which implements the buffer protocol
:raises TpmBackEnd.Error: For an error importing the key.
"""
try:
key = TpmPrivateKey()
if password != None:
key.loadEncryptedPkcs8(pkcs8, password)
else:
key.loadPkcs8(pkcs8)
except TpmPrivateKey.Error as ex:
raise TpmBackEnd.Error("Cannot import private key: " + str(ex))
self._saveKey(keyName, key)
def test_import_export(self):
privateKeyPkcs1Base64 = (
"MIIEpAIBAAKCAQEAw0WM1/WhAxyLtEqsiAJgWDZWuzkYpeYVdeeZcqRZzzfRgBQT\n" +
"sNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobws3iigohnM9yTK+KKiayPhIAm/+5H\n" +
"GT6SgFJhYhqo1/upWdueojil6RP4/AgavHhopxlAVbk6G9VdVnlQcQ5Zv0OcGi73\n" +
"c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9gZwIL5PuE9BiO6I39cL9z7EK1SfZh\n" +
"OWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA9rH58ynaAix0tcR/nBMRLUX+e3rU\n" +
"RHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0ywIDAQABAoIBADQkckOIl4IZMUTn\n" +
"W8LFv6xOdkJwMKC8G6bsPRFbyY+HvC2TLt7epSvfS+f4AcYWaOPcDu2E49vt2sNr\n" +
"cASly8hgwiRRAB3dHH9vcsboiTo8bi2RFvMqvjv9w3tK2yMxVDtmZamzrrnaV3YV\n" +
"Q+5nyKo2F/PMDjQ4eUAKDOzjhBuKHsZBTFnA1MFNI+UKj5X4Yp64DFmKlxTX/U2b\n" +
"wzVywo5hzx2Uhw51jmoLls4YUvMJXD0wW5ZtYRuPogXvXb/of9ef/20/wU11WFKg\n" +
"Xb4gfR8zUXaXS1sXcnVm3+24vIs9dApUwykuoyjOqxWqcHRec2QT2FxVGkFEraze\n" +
"CPa4rMECgYEA5Y8CywomIcTgerFGFCeMHJr8nQGqY2V/owFb3k9maczPnC9p4a9R\n" +
"c5szLxA9FMYFxurQZMBWSEG2JS1HR2mnjigx8UKjYML/A+rvvjZOMe4M6Sy2ggh4\n" +
"SkLZKpWTzjTe07ByM/j5v/SjNZhWAG7sw4/LmPGRQkwJv+KZhGojuOkCgYEA2cOF\n" +
"T6cJRv6kvzTz9S0COZOVm+euJh/BXp7oAsAmbNfOpckPMzqHXy8/wpdKl6AAcB57\n" +
"OuztlNfV1D7qvbz7JuRlYwQ0cEfBgbZPcz1p18HHDXhwn57ZPb8G33Yh9Omg0HNA\n" +
"Imb4LsVuSqxA6NwSj7cpRekgTedrhLFPJ+Ydb5MCgYEAsM3Q7OjILcIg0t6uht9e\n" +
"vrlwTsz1mtCV2co2I6crzdj9HeI2vqf1KAElDt6G7PUHhglcr/yjd8uEqmWRPKNX\n" +
"ddnnfVZB10jYeP/93pac6z/Zmc3iU4yKeUe7U10ZFf0KkiiYDQd59CpLef/2XScS\n" +
"HB0oRofnxRQjfjLc4muNT+ECgYEAlcDk06MOOTly+F8lCc1bA1dgAmgwFd2usDBd\n" +
"Y07a3e0HGnGLN3Kfl7C5i0tZq64HvxLnMd2vgLVxQlXGPpdQrC1TH+XLXg+qnlZO\n" +
"ivSH7i0/gx75bHvj75eH1XK65V8pDVDEoSPottllAIs21CxLw3N1ObOZWJm2EfmR\n" +
"cuHICmsCgYAtFJ1idqMoHxES3mlRpf2JxyQudP3SCm2WpGmqVzhRYInqeatY5sUd\n" +
"lPLHm/p77RT7EyxQHTlwn8FJPuM/4ZH1rQd/vB+Y8qAtYJCexDMsbvLW+Js+VOvk\n" +
"jweEC0nrcL31j9mF0vz5E6tfRu4hhJ6L4yfWs0gSejskeVB/w8QY4g==\n")
for tpm in self.backEndList:
if tpm is self.backEndOsx:
# TODO: Implement TpmBackEndOsx import/export.
continue
keyName = Name("/Test/KeyName/KEY/1")
tpm.deleteKey(keyName)
self.assertEquals(False, tpm.hasKey(keyName))
privateKey = TpmPrivateKey()
privateKeyPkcs1Encoding = Blob(base64.b64decode(privateKeyPkcs1Base64))
privateKey.loadPkcs1(privateKeyPkcs1Encoding.buf())
password = Blob("password").toBytes()
encryptedPkcs8 = privateKey.toEncryptedPkcs8(password)
tpm.importKey(keyName, encryptedPkcs8.buf(), password)
self.assertEquals(True, tpm.hasKey(keyName))
try:
# Can't import the same keyName again.
tpm.importKey(keyName, encryptedPkcs8.buf(), password)
self.fail("Did not throw the expected exception")
except TpmBackEnd.Error:
pass
else:
self.fail("Did not throw the expected exception")
exportedKey = tpm.exportKey(keyName, password)
self.assertEquals(True, tpm.hasKey(keyName))
privateKey2 = TpmPrivateKey()
privateKey2.loadEncryptedPkcs8(exportedKey.buf(), password)
privateKey2Pkcs1Encoding = privateKey2.toPkcs1()
self.assertTrue(privateKeyPkcs1Encoding.equals(privateKey2Pkcs1Encoding))
tpm.deleteKey(keyName)
self.assertEquals(False, tpm.hasKey(keyName))
try:
tpm.exportKey(keyName, password)
self.fail("Did not throw the expected exception")
except TpmBackEnd.Error:
pass
else:
self.fail("Did not throw the expected exception")
def test_import_export(self):
privateKeyPkcs1Base64 = (
"MIIEpAIBAAKCAQEAw0WM1/WhAxyLtEqsiAJgWDZWuzkYpeYVdeeZcqRZzzfRgBQT\n" +
"sNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobws3iigohnM9yTK+KKiayPhIAm/+5H\n" +
"GT6SgFJhYhqo1/upWdueojil6RP4/AgavHhopxlAVbk6G9VdVnlQcQ5Zv0OcGi73\n" +
"c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9gZwIL5PuE9BiO6I39cL9z7EK1SfZh\n" +
"OWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA9rH58ynaAix0tcR/nBMRLUX+e3rU\n" +
"RHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0ywIDAQABAoIBADQkckOIl4IZMUTn\n" +
"W8LFv6xOdkJwMKC8G6bsPRFbyY+HvC2TLt7epSvfS+f4AcYWaOPcDu2E49vt2sNr\n" +
"cASly8hgwiRRAB3dHH9vcsboiTo8bi2RFvMqvjv9w3tK2yMxVDtmZamzrrnaV3YV\n" +
"Q+5nyKo2F/PMDjQ4eUAKDOzjhBuKHsZBTFnA1MFNI+UKj5X4Yp64DFmKlxTX/U2b\n" +
"wzVywo5hzx2Uhw51jmoLls4YUvMJXD0wW5ZtYRuPogXvXb/of9ef/20/wU11WFKg\n" +
"Xb4gfR8zUXaXS1sXcnVm3+24vIs9dApUwykuoyjOqxWqcHRec2QT2FxVGkFEraze\n" +
"CPa4rMECgYEA5Y8CywomIcTgerFGFCeMHJr8nQGqY2V/owFb3k9maczPnC9p4a9R\n" +
"c5szLxA9FMYFxurQZMBWSEG2JS1HR2mnjigx8UKjYML/A+rvvjZOMe4M6Sy2ggh4\n" +
"SkLZKpWTzjTe07ByM/j5v/SjNZhWAG7sw4/LmPGRQkwJv+KZhGojuOkCgYEA2cOF\n" +
"T6cJRv6kvzTz9S0COZOVm+euJh/BXp7oAsAmbNfOpckPMzqHXy8/wpdKl6AAcB57\n" +
"OuztlNfV1D7qvbz7JuRlYwQ0cEfBgbZPcz1p18HHDXhwn57ZPb8G33Yh9Omg0HNA\n" +
"Imb4LsVuSqxA6NwSj7cpRekgTedrhLFPJ+Ydb5MCgYEAsM3Q7OjILcIg0t6uht9e\n" +
"vrlwTsz1mtCV2co2I6crzdj9HeI2vqf1KAElDt6G7PUHhglcr/yjd8uEqmWRPKNX\n" +
"ddnnfVZB10jYeP/93pac6z/Zmc3iU4yKeUe7U10ZFf0KkiiYDQd59CpLef/2XScS\n" +
"HB0oRofnxRQjfjLc4muNT+ECgYEAlcDk06MOOTly+F8lCc1bA1dgAmgwFd2usDBd\n" +
"Y07a3e0HGnGLN3Kfl7C5i0tZq64HvxLnMd2vgLVxQlXGPpdQrC1TH+XLXg+qnlZO\n" +
"ivSH7i0/gx75bHvj75eH1XK65V8pDVDEoSPottllAIs21CxLw3N1ObOZWJm2EfmR\n" +
"cuHICmsCgYAtFJ1idqMoHxES3mlRpf2JxyQudP3SCm2WpGmqVzhRYInqeatY5sUd\n" +
"lPLHm/p77RT7EyxQHTlwn8FJPuM/4ZH1rQd/vB+Y8qAtYJCexDMsbvLW+Js+VOvk\n" +
"jweEC0nrcL31j9mF0vz5E6tfRu4hhJ6L4yfWs0gSejskeVB/w8QY4g==\n")
for tpm in self.backEndList:
if tpm is self.backEndOsx:
# TODO: Implement TpmBackEndOsx import/export.
continue
keyName = Name("/Test/KeyName/KEY/1")
tpm.deleteKey(keyName)
self.assertEqual(False, tpm.hasKey(keyName))
privateKey = TpmPrivateKey()
privateKeyPkcs1Encoding = Blob(base64.b64decode(privateKeyPkcs1Base64))
privateKey.loadPkcs1(privateKeyPkcs1Encoding.buf())
password = Blob("password").toBytes()
encryptedPkcs8 = privateKey.toEncryptedPkcs8(password)
tpm.importKey(keyName, encryptedPkcs8.buf(), password)
self.assertEqual(True, tpm.hasKey(keyName))
try:
# Can't import the same keyName again.
tpm.importKey(keyName, encryptedPkcs8.buf(), password)
self.fail("Did not throw the expected exception")
except TpmBackEnd.Error:
pass
else:
self.fail("Did not throw the expected exception")
exportedKey = tpm.exportKey(keyName, password)
self.assertEqual(True, tpm.hasKey(keyName))
privateKey2 = TpmPrivateKey()
privateKey2.loadEncryptedPkcs8(exportedKey.buf(), password)
privateKey2Pkcs1Encoding = privateKey2.toPkcs1()
self.assertTrue(privateKeyPkcs1Encoding.equals(privateKey2Pkcs1Encoding))
tpm.deleteKey(keyName)
self.assertEqual(False, tpm.hasKey(keyName))
try:
tpm.exportKey(keyName, password)
self.fail("Did not throw the expected exception")
except TpmBackEnd.Error:
pass
else:
self.fail("Did not throw the expected exception")