def read(self, istream): super(KeyBlock, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) self.key_format_type = KeyFormatType() self.key_format_type.read(tstream) if self.is_tag_next(Tags.KEY_COMPRESSION_TYPE, tstream): self.key_compression_type = KeyBlock.KeyCompressionType() self.key_compression_type.read(tstream) self.key_value = KeyValue() self.key_value.read(tstream) if self.is_tag_next(Tags.CRYPTOGRAPHIC_ALGORITHM, tstream): self.cryptographic_algorithm = attributes.CryptographicAlgorithm() self.cryptographic_algorithm.read(tstream) if self.is_tag_next(Tags.CRYPTOGRAPHIC_LENGTH, tstream): self.cryptographic_length = attributes.CryptographicLength() self.cryptographic_length.read(tstream) if self.is_tag_next(Tags.KEY_WRAPPING_DATA, tstream): self.key_wrapping_data = KeyWrappingData() self.key_wrapping_data.read(tstream) self.is_oversized(tstream) self.validate()
def test_build_pie_asymmetric_key(self): """ Test that a core asymmetric key object can be converted into a Pie asymmetric object. """ format_type = misc.KeyFormatType(enums.KeyFormatType.PKCS_1) algorithm = attributes.CryptographicAlgorithm( enums.CryptographicAlgorithm.RSA) length = attributes.CryptographicLength(2048) key_material = cobjects.KeyMaterial(self.public_bytes) key_value = cobjects.KeyValue(key_material) key_block = cobjects.KeyBlock( key_format_type=format_type, key_compression_type=None, key_value=key_value, cryptographic_algorithm=algorithm, cryptographic_length=length, key_wrapping_data=None) core_key = secrets.PublicKey(key_block) pie_key = self.factory._build_pie_key(core_key, pobjects.PublicKey) self.assertIsInstance(pie_key, pobjects.PublicKey) self._test_pie_key( pie_key, algorithm.value, length.value, self.public_bytes, format_type.value)
def test_convert_symmetric_key_core_to_pie(self): """ Test that a core symmetric key can be converted into a Pie symmetric key. """ format_type = misc.KeyFormatType(enums.KeyFormatType.RAW) algorithm = attributes.CryptographicAlgorithm( enums.CryptographicAlgorithm.AES) length = attributes.CryptographicLength(128) key_material = cobjects.KeyMaterial(self.symmetric_bytes) key_value = cobjects.KeyValue(key_material) key_block = cobjects.KeyBlock( key_format_type=format_type, key_compression_type=None, key_value=key_value, cryptographic_algorithm=algorithm, cryptographic_length=length, key_wrapping_data=None) core_key = secrets.SymmetricKey(key_block) pie_key = self.factory.convert(core_key) self.assertIsInstance(pie_key, pobjects.SymmetricKey) self._test_pie_key( pie_key, algorithm.value, length.value, self.symmetric_bytes, format_type.value)
def _create_cryptographic_length(self, length): if length is not None and not isinstance(length, int): msg = utils.build_er_error(attributes.CryptographicLength, 'constructor argument type', int, type(length)) raise TypeError(msg) return attributes.CryptographicLength(length)
def get_sample_symmetric_key(key_b64=utils.get_symmetric_key(), key_length=128, algorithm=enums.CryptographicAlgorithm.AES): key_material = objects.KeyMaterial(base64.b64decode(key_b64)) key_value = objects.KeyValue(key_material) key_block = objects.KeyBlock( key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW), key_compression_type=None, key_value=key_value, cryptographic_algorithm=attr.CryptographicAlgorithm(algorithm), cryptographic_length=attr.CryptographicLength(key_length), key_wrapping_data=None) return secrets.SymmetricKey(key_block)
def get_sample_private_key(pkcs1=False): if pkcs1: private_key = kss.get_private_key_der_pkcs1(keys.get_private_key_pem()) key_format_type = misc.KeyFormatType(enums.KeyFormatType.PKCS_1) else: private_key = keys.get_private_key_der() key_format_type = misc.KeyFormatType(enums.KeyFormatType.PKCS_8) key_material = objects.KeyMaterial(private_key) key_value = objects.KeyValue(key_material) key_block = objects.KeyBlock( key_format_type=key_format_type, key_compression_type=None, key_value=key_value, cryptographic_algorithm=attr.CryptographicAlgorithm( enums.CryptographicAlgorithm.RSA), cryptographic_length=attr.CryptographicLength(2048), key_wrapping_data=None) return secrets.PrivateKey(key_block)
def _build_core_key(self, key, cls): algorithm = key.cryptographic_algorithm length = key.cryptographic_length value = key.value format_type = key.key_format_type key_material = cobjects.KeyMaterial(value) key_value = cobjects.KeyValue(key_material) key_block = cobjects.KeyBlock( key_format_type=misc.KeyFormatType(format_type), key_compression_type=None, key_value=key_value, cryptographic_algorithm=attributes.CryptographicAlgorithm( algorithm), cryptographic_length=attributes.CryptographicLength(length), key_wrapping_data=None) return cls(key_block)
def test_build_pie_split_key(self): """ Test that a core split key object can be converted into a Pie split key object. """ key_block = cobjects.KeyBlock( key_format_type=misc.KeyFormatType(enums.KeyFormatType.RAW), key_compression_type=None, key_value=cobjects.KeyValue( cobjects.KeyMaterial(self.symmetric_bytes) ), cryptographic_algorithm=attributes.CryptographicAlgorithm( enums.CryptographicAlgorithm.AES ), cryptographic_length=attributes.CryptographicLength(128), key_wrapping_data=None ) core_split_key = secrets.SplitKey( split_key_parts=3, key_part_identifier=1, split_key_threshold=2, split_key_method=enums.SplitKeyMethod.XOR, prime_field_size=None, key_block=key_block ) pie_split_key = self.factory._build_pie_split_key(core_split_key) self.assertIsInstance(pie_split_key, pobjects.SplitKey) self._test_pie_key( pie_split_key, enums.CryptographicAlgorithm.AES, 128, self.symmetric_bytes, enums.KeyFormatType.RAW ) self.assertEqual(3, pie_split_key.split_key_parts) self.assertEqual(1, pie_split_key.key_part_identifier) self.assertEqual(2, pie_split_key.split_key_threshold) self.assertEqual( enums.SplitKeyMethod.XOR, pie_split_key.split_key_method ) self.assertIsNone(pie_split_key.prime_field_size)
def test_build_pie_symmetric_key_on_invalid_format(self): """ Test that a TypeError exception is raised when attempting to create a Pie SymmetricKey object from a core SymmetricKey object with an incompatible format. """ format_type = misc.KeyFormatType(enums.KeyFormatType.OPAQUE) algorithm = attributes.CryptographicAlgorithm( enums.CryptographicAlgorithm.AES) length = attributes.CryptographicLength(128) key_material = cobjects.KeyMaterial(self.symmetric_bytes) key_value = cobjects.KeyValue(key_material) key_block = cobjects.KeyBlock(key_format_type=format_type, key_compression_type=None, key_value=key_value, cryptographic_algorithm=algorithm, cryptographic_length=length, key_wrapping_data=None) core_key = secrets.SymmetricKey(key_block) args = [core_key, pobjects.SymmetricKey] self.assertRaises(TypeError, self.factory._build_pie_key, *args)
def _build_core_split_key(self, secret): key_material = cobjects.KeyMaterial(secret.value) key_value = cobjects.KeyValue(key_material) key_wrapping_data = None if secret.key_wrapping_data: key_wrapping_data = cobjects.KeyWrappingData( **secret.key_wrapping_data) key_block = cobjects.KeyBlock( key_format_type=misc.KeyFormatType(secret.key_format_type), key_compression_type=None, key_value=key_value, cryptographic_algorithm=attributes.CryptographicAlgorithm( secret.cryptographic_algorithm), cryptographic_length=attributes.CryptographicLength( secret.cryptographic_length), key_wrapping_data=key_wrapping_data) return secrets.SplitKey(split_key_parts=secret.split_key_parts, key_part_identifier=secret.key_part_identifier, split_key_threshold=secret.split_key_threshold, split_key_method=secret.split_key_method, prime_field_size=secret.prime_field_size, key_block=key_block)