def test3(self):
"""Verify unwrapping with encryption"""
for t in self.wrapped_enc_keys:
res1, res2, res3 = PKCS8.unwrap(t[4], b("TestTest"))
self.assertEqual(res1, self.oid_key)
self.assertEqual(res2, self.clear_key)
def _import_pkcs8(encoded, passphrase):
from Cryptodome.IO import PKCS8
k = PKCS8.unwrap(encoded, passphrase)
if k[0] != oid:
raise ValueError("No PKCS#8 encoded RSA key")
return _import_keyDER(k[1], passphrase)
def test3(self):
"""Verify unwrapping with encryption"""
for t in self.wrapped_enc_keys:
res1, res2, res3 = PKCS8.unwrap(t[4], b("TestTest"))
self.assertEqual(res1, self.oid_key)
self.assertEqual(res2, self.clear_key)
def _import_pkcs8(encoded, passphrase):
from Cryptodome.IO import PKCS8
# From RFC5915, Section 1:
#
# Distributing an EC private key with PKCS#8 [RFC5208] involves including:
# a) id-ecPublicKey, id-ecDH, or id-ecMQV (from [RFC5480]) with the
# namedCurve as the parameters in the privateKeyAlgorithm field; and
# b) ECPrivateKey in the PrivateKey field, which is an OCTET STRING.
algo_oid, private_key, params = PKCS8.unwrap(encoded, passphrase)
# We accept id-ecPublicKey, id-ecDH, id-ecMQV without making any
# distiction for now.
unrestricted_oid = "1.2.840.10045.2.1"
ecdh_oid = "1.3.132.1.12"
ecmqv_oid = "1.3.132.1.13"
if algo_oid not in (unrestricted_oid, ecdh_oid, ecmqv_oid):
raise UnsupportedEccFeature("Unsupported ECC purpose (OID: %s)" %
algo_oid)
curve_oid = DerObjectId().decode(params).value
return _import_private_der(private_key, passphrase, curve_oid)
def _import_pkcs8(encoded, passphrase, params):
if params:
raise ValueError("PKCS#8 already includes parameters")
k = PKCS8.unwrap(encoded, passphrase)
if k[0] != oid:
raise ValueError("No PKCS#8 encoded DSA key")
x = DerInteger().decode(k[1]).value
p, q, g = list(DerSequence().decode(k[2]))
tup = (pow(g, x, p), g, p, q, x)
return construct(tup)
def _import_pkcs8(encoded, passphrase, params):
if params:
raise ValueError("PKCS#8 already includes parameters")
k = PKCS8.unwrap(encoded, passphrase)
if k[0] != oid:
raise ValueError("No PKCS#8 encoded DSA key")
x = DerInteger().decode(k[1]).value
p, q, g = list(DerSequence().decode(k[2]))
tup = (pow(g, x, p), g, p, q, x)
return construct(tup)
def __init__(self, public_key=None, private_key=None, passphrase=None):
"""RSA cipher class.
Handles encryption/decryption with a RSA keypair with an optional
passphrase protecting the private key.
"""
self._public_key = self._private_key = None
if public_key:
self._public_key = PKCS1_OAEP.new(RSA.importKey(public_key))
if private_key:
s1, raw, s2 = PKCS8.unwrap(private_key, passphrase=passphrase)
self._private_key = PKCS1_OAEP.new(RSA.importKey(raw))
def _import_pkcs8(encoded, passphrase):
# From RFC5915, Section 1:
#
# Distributing an EC private key with PKCS#8 [RFC5208] involves including:
# a) id-ecPublicKey, id-ecDH, or id-ecMQV (from [RFC5480]) with the
# namedCurve as the parameters in the privateKeyAlgorithm field; and
# b) ECPrivateKey in the PrivateKey field, which is an OCTET STRING.
algo_oid, private_key, params = PKCS8.unwrap(encoded, passphrase)
# We accept id-ecPublicKey, id-ecDH, id-ecMQV without making any
# distiction for now.
unrestricted_oid = "1.2.840.10045.2.1"
ecdh_oid = "1.3.132.1.12"
ecmqv_oid = "1.3.132.1.13"
if algo_oid not in (unrestricted_oid, ecdh_oid, ecmqv_oid):
raise UnsupportedEccFeature("Unsupported ECC purpose (OID: %s)" % oid)
curve_name = DerObjectId().decode(params).value
return _import_private_der(private_key, passphrase, curve_name)
def test2(self):
"""Verify wrapping w/o encryption"""
wrapped = PKCS8.wrap(self.clear_key, self.oid_key)
res1, res2, res3 = PKCS8.unwrap(wrapped)
self.assertEqual(res1, self.oid_key)
self.assertEqual(res2, self.clear_key)
def test1(self):
"""Verify unwrapping w/o encryption"""
res1, res2, res3 = PKCS8.unwrap(self.wrapped_clear_key)
self.assertEqual(res1, self.oid_key)
self.assertEqual(res2, self.clear_key)
def _import_pkcs8(encoded, passphrase):
k = PKCS8.unwrap(encoded, passphrase)
if k[0] != oid:
raise ValueError("No PKCS#8 encoded RSA key")
return _import_keyDER(k[1], passphrase)
def test2(self):
"""Verify wrapping w/o encryption"""
wrapped = PKCS8.wrap(self.clear_key, self.oid_key)
res1, res2, res3 = PKCS8.unwrap(wrapped)
self.assertEqual(res1, self.oid_key)
self.assertEqual(res2, self.clear_key)
def test1(self):
"""Verify unwrapping w/o encryption"""
res1, res2, res3 = PKCS8.unwrap(self.wrapped_clear_key)
self.assertEqual(res1, self.oid_key)
self.assertEqual(res2, self.clear_key)
