def deserialize(self):
try:
self.x = base64_to_long(self.x)
self.y = base64_to_long(self.y)
except TypeError:
raise DeSerializationNotPossible()
self.curve = NISTEllipticCurve.by_name(self.crv)
if self.d:
self.d = base64_to_long(self.d)
self.deser = True
self.ser = False
def enc_setup(self, msg, auth_data, key=None, **kwargs):
encrypted_key = ""
# Generate the input parameters
try:
apu = b64d(kwargs["apu"])
except KeyError:
apu = b64d(Random.get_random_bytes(16))
try:
apv = b64d(kwargs["apv"])
except KeyError:
apv = b64d(Random.get_random_bytes(16))
# Generate an ephemeral key pair
curve = NISTEllipticCurve.by_name(key.crv)
if "epk" in kwargs:
epk = ECKey(key=kwargs["epk"], private=False)
eprivk = ECKey(kwargs["epk"], private=True)
else:
(eprivk, epk) = curve.key_pair()
# Derive the KEK and encrypt
params = {
"apu": b64e(apu),
"apv": b64e(apv),
#"epk": exportKey(epk, "EC", curve)
}
cek, iv = self._generate_key_and_iv(self.enc)
if self.alg == "ECDH-ES":
try:
dk_len = KEYLEN[self.enc]
except KeyError:
raise Exception("Unknown key length for algorithm %s" %
self.enc)
cek = ecdh_derive_key(curve, eprivk, key, apu, apv, self.enc,
dk_len)
elif self.alg in [
"ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"
]:
_pre, _post = self.alg.split("+")
klen = int(_post[1:4])
kek = ecdh_derive_key(curve, eprivk, key, apu, apv, _post, klen)
encrypted_key = aes_wrap_key(kek, cek)
else:
raise Exception("Unsupported algorithm %s" % self.alg)
return cek, encrypted_key, iv, params
def ec_init(spec):
"""
:param spec: Key specifics of the form
{"type": "EC", "crv": "P-256", "use": ["sig"]},
:return: A KeyBundle instance
"""
typ = spec["type"].upper()
_key = NISTEllipticCurve.by_name(spec["crv"])
kb = KeyBundle(keytype=typ, keyusage=spec["use"])
for use in spec["use"]:
priv, pub = _key.key_pair()
ec = ECKey(x=pub[0], y=pub[1], d=priv, crv=spec["crv"])
ec.serialize()
ec.use = use
kb.append(ec)
return kb
def ec_init(spec):
"""
:param spec: Key specifics of the form
{"type": "EC", "crv": "P-256", "use": ["sig"]},
:return: A KeyBundle instance
"""
typ = spec["type"].upper()
_key = NISTEllipticCurve.by_name(spec["crv"])
kb = KeyBundle(keytype=typ, keyusage=spec["use"])
for use in spec["use"]:
priv, pub = _key.key_pair()
ec = ECKey(x=pub[0], y=pub[1], d=priv, crv=spec["crv"])
ec.serialize()
ec.use = use
kb.append(ec)
return kb
def enc_setup(self, msg, auth_data, key=None, **kwargs):
encrypted_key = ""
# Generate the input parameters
try:
apu = b64d(kwargs["apu"])
except KeyError:
apu = b64d(Random.get_random_bytes(16))
try:
apv = b64d(kwargs["apv"])
except KeyError:
apv = b64d(Random.get_random_bytes(16))
# Generate an ephemeral key pair
curve = NISTEllipticCurve.by_name(key.crv)
if "epk" in kwargs:
epk = ECKey(key=kwargs["epk"], private=False)
eprivk = ECKey(kwargs["epk"], private=True)
else:
(eprivk, epk) = curve.key_pair()
# Derive the KEK and encrypt
params = {
"apu": b64e(apu),
"apv": b64e(apv),
#"epk": exportKey(epk, "EC", curve)
}
cek, iv = self._generate_key_and_iv(self.enc)
if self.alg == "ECDH-ES":
try:
dk_len = KEYLEN[self.enc]
except KeyError:
raise Exception(
"Unknown key length for algorithm %s" % self.enc)
cek = ecdh_derive_key(curve, eprivk, key, apu, apv, self.enc,
dk_len)
elif self.alg in ["ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"]:
_pre, _post = self.alg.split("+")
klen = int(_post[1:4])
kek = ecdh_derive_key(curve, eprivk, key, apu, apv, _post, klen)
encrypted_key = aes_wrap_key(kek, cek)
else:
raise Exception("Unsupported algorithm %s" % self.alg)
return cek, encrypted_key, iv, params
def deserialize(self):
try:
if isinstance(self.x, basestring):
self.x = base64_to_long(self.x)
if isinstance(self.y, basestring):
self.y = base64_to_long(self.y)
except TypeError:
raise DeSerializationNotPossible()
except ValueError as err:
raise DeSerializationNotPossible("%s" % err)
self.curve = NISTEllipticCurve.by_name(self.crv)
if self.d:
try:
if isinstance(self.d, basestring):
self.d = base64_to_long(self.d)
except ValueError as err:
raise DeSerializationNotPossible(str(err))
def deserialize(self):
"""
Starting with information gathered from the on-the-wire representation
of an elliptic curve key initiate an Elliptic Curve.
"""
try:
if isinstance(self.x, basestring):
self.x = base64_to_long(self.x)
if isinstance(self.y, basestring):
self.y = base64_to_long(self.y)
except TypeError:
raise DeSerializationNotPossible()
except ValueError as err:
raise DeSerializationNotPossible("%s" % err)
self.curve = NISTEllipticCurve.by_name(self.crv)
if self.d:
try:
if isinstance(self.d, basestring):
self.d = base64_to_long(self.d)
except ValueError as err:
raise DeSerializationNotPossible(str(err))
def deserialize(self):
self.x = base64_to_long(self.x)
self.y = base64_to_long(self.y)
self.curve = NISTEllipticCurve.by_name(self.crv)
if self.d:
self.d = base64_to_long(self.d)