def _evp_pkey_to_public_key(self, evp_pkey):
"""
Return the appropriate type of PublicKey given an evp_pkey cdata
pointer.
"""
type = evp_pkey.type
if type == self._lib.EVP_PKEY_RSA:
rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
return _RSAPublicKey(self, rsa_cdata)
elif type == self._lib.EVP_PKEY_DSA:
dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
assert dsa_cdata != self._ffi.NULL
dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
return _DSAPublicKey(self, dsa_cdata)
elif (self._lib.Cryptography_HAS_EC == 1
and type == self._lib.EVP_PKEY_EC):
ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
assert ec_cdata != self._ffi.NULL
ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
return _EllipticCurvePublicKey(self, ec_cdata)
else:
raise UnsupportedAlgorithm("Unsupported key type.")
def _evp_pkey_to_public_key(self, evp_pkey):
"""
Return the appropriate type of PublicKey given an evp_pkey cdata
pointer.
"""
type = evp_pkey.type
if type == self._lib.EVP_PKEY_RSA:
rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
return _RSAPublicKey(self, rsa_cdata)
elif type == self._lib.EVP_PKEY_DSA:
dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
assert dsa_cdata != self._ffi.NULL
dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
return _DSAPublicKey(self, dsa_cdata)
elif (self._lib.Cryptography_HAS_EC == 1 and
type == self._lib.EVP_PKEY_EC):
ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
assert ec_cdata != self._ffi.NULL
ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
return _EllipticCurvePublicKey(self, ec_cdata)
else:
raise UnsupportedAlgorithm("Unsupported key type.")
def encrypt_rsa(self, public_key, plaintext, padding):
warnings.warn(
"encrypt_rsa is deprecated and will be removed in a future "
"version.",
utils.DeprecatedIn05,
stacklevel=2)
rsa_cdata = self._rsa_cdata_from_public_key(public_key)
key = _RSAPublicKey(self, rsa_cdata)
return key.encrypt(plaintext, padding)
def encrypt_rsa(self, public_key, plaintext, padding):
warnings.warn(
"encrypt_rsa is deprecated and will be removed in a future "
"version.",
utils.DeprecatedIn05,
stacklevel=2
)
rsa_cdata = self._rsa_cdata_from_public_key(public_key)
key = _RSAPublicKey(self, rsa_cdata)
return key.encrypt(plaintext, padding)
def create_rsa_verification_ctx(self, public_key, signature, padding,
algorithm):
warnings.warn(
"create_rsa_verification_ctx is deprecated and will be removed in "
"a future version.",
utils.DeprecatedIn05,
stacklevel=2)
rsa_cdata = self._rsa_cdata_from_public_key(public_key)
key = _RSAPublicKey(self, rsa_cdata)
return _RSAVerificationContext(self, key, signature, padding,
algorithm)
def load_rsa_public_numbers(self, numbers):
rsa._check_public_key_components(numbers.e, numbers.n)
rsa_cdata = self._lib.RSA_new()
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
rsa_cdata.e = self._int_to_bn(numbers.e)
rsa_cdata.n = self._int_to_bn(numbers.n)
res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL)
assert res == 1
return _RSAPublicKey(self, rsa_cdata)
def load_rsa_public_numbers(self, numbers):
rsa._check_public_key_components(numbers.e, numbers.n)
rsa_cdata = self._lib.RSA_new()
assert rsa_cdata != self._ffi.NULL
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
rsa_cdata.e = self._int_to_bn(numbers.e)
rsa_cdata.n = self._int_to_bn(numbers.n)
res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL)
assert res == 1
return _RSAPublicKey(self, rsa_cdata)
def create_rsa_verification_ctx(self, public_key, signature, padding,
algorithm):
warnings.warn(
"create_rsa_verification_ctx is deprecated and will be removed in "
"a future version.",
utils.DeprecatedIn05,
stacklevel=2
)
rsa_cdata = self._rsa_cdata_from_public_key(public_key)
key = _RSAPublicKey(self, rsa_cdata)
return _RSAVerificationContext(self, key, signature, padding,
algorithm)
def load_der_public_key(self, data):
mem_bio = self._bytes_to_bio(data)
evp_pkey = self._lib.d2i_PUBKEY_bio(mem_bio.bio, self._ffi.NULL)
if evp_pkey != self._ffi.NULL:
evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
return self._evp_pkey_to_public_key(evp_pkey)
else:
# It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still
# need to check to see if it is a pure PKCS1 RSA public key (not
# embedded in a subjectPublicKeyInfo)
self._consume_errors()
res = self._lib.BIO_reset(mem_bio.bio)
assert res == 1
rsa_cdata = self._lib.d2i_RSAPublicKey_bio(mem_bio.bio,
self._ffi.NULL)
if rsa_cdata != self._ffi.NULL:
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
return _RSAPublicKey(self, rsa_cdata)
else:
self._handle_key_loading_error()
def __init__(self, engine, arg):
super(EngineJWK, self).__init__()
backend._lib.ENGINE_load_builtin_engines()
e = backend._lib.ENGINE_by_id(engine)
backend.openssl_assert(e != backend._ffi.NULL)
res = backend._lib.ENGINE_init(e)
backend.openssl_assert(res == 1)
evp_pkey = backend._lib.ENGINE_load_private_key(
e, arg, backend._ffi.NULL, backend._ffi.NULL)
backend._lib.ENGINE_finish(e)
backend.openssl_assert(evp_pkey != backend._ffi.NULL)
key_type = backend._lib.EVP_PKEY_id(evp_pkey)
if key_type == backend._lib.EVP_PKEY_RSA:
rsakey = backend._lib.EVP_PKEY_get1_RSA(evp_pkey)
self._engine_priv = rsa._RSAPrivateKey(backend, rsakey, evp_pkey)
self._engine_pub = rsa._RSAPublicKey(backend, rsakey, evp_pkey)
self._import_pyca_pub_rsa(self._engine_pub)
else:
raise jwk.InvalidJWKValue('Unknown Engine Key type')
return
def load_der_public_key(self, data):
mem_bio = self._bytes_to_bio(data)
evp_pkey = self._lib.d2i_PUBKEY_bio(mem_bio.bio, self._ffi.NULL)
if evp_pkey != self._ffi.NULL:
evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
return self._evp_pkey_to_public_key(evp_pkey)
else:
# It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still
# need to check to see if it is a pure PKCS1 RSA public key (not
# embedded in a subjectPublicKeyInfo)
self._consume_errors()
res = self._lib.BIO_reset(mem_bio.bio)
assert res == 1
rsa_cdata = self._lib.d2i_RSAPublicKey_bio(
mem_bio.bio, self._ffi.NULL
)
if rsa_cdata != self._ffi.NULL:
rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
return _RSAPublicKey(self, rsa_cdata)
else:
self._handle_key_loading_error()
