def __init__(self, response_comms, private_key, pub_key_cache):
self.private_key = private_key
self.pub_key_cache = pub_key_cache
# Decrypt the message
private_key = self.private_key.GetPrivateKey()
try:
# The encrypted_cipher contains the session key, iv and hmac_key.
self.encrypted_cipher = response_comms.encrypted_cipher
# M2Crypto verifies the key on each private_decrypt call which is horribly
# slow therefore we just call the swig wrapped method directly.
self.serialized_cipher = m2.rsa_private_decrypt(
private_key.rsa, response_comms.encrypted_cipher,
self.e_padding)
# If we get here we have the session keys.
self.cipher = rdfvalue.CipherProperties(self.serialized_cipher)
# Check the key lengths.
if (len(self.cipher.key) != self.key_size / 8
or len(self.cipher.metadata_iv) != self.iv_size / 8):
raise DecryptionError("Invalid cipher.")
# Check the hmac key for sanity.
self.VerifyHMAC(response_comms)
# Cipher_metadata contains information about the cipher - It is encrypted
# using the symmetric session key. It contains the RSA signature of the
# digest of the serialized CipherProperties(). It is stored inside the
# encrypted payload.
self.cipher_metadata = rdfvalue.CipherMetadata(
self.Decrypt(response_comms.encrypted_cipher_metadata,
self.cipher.metadata_iv))
self.VerifyCipherSignature()
except RSA.RSAError as e:
raise DecryptionError(e)
def __init__(self, response_comms, private_key, pub_key_cache):
self.private_key = private_key
self.pub_key_cache = pub_key_cache
# Decrypt the message
private_key = self.private_key.GetPrivateKey()
try:
# The encrypted_cipher contains the session key, iv and hmac_key.
self.encrypted_cipher = response_comms.encrypted_cipher
# M2Crypto verifies the key on each private_decrypt call which is horribly
# slow therefore we just call the swig wrapped method directly.
self.serialized_cipher = m2.rsa_private_decrypt(
private_key.rsa, response_comms.encrypted_cipher, self.e_padding
)
# If we get here we have the session keys.
self.cipher = rdfvalue.CipherProperties(self.serialized_cipher)
# Check the key lengths.
if len(self.cipher.key) != self.key_size / 8 or len(self.cipher.metadata_iv) != self.iv_size / 8:
raise DecryptionError("Invalid cipher.")
# Check the hmac key for sanity.
self.VerifyHMAC(response_comms)
# Cipher_metadata contains information about the cipher - It is encrypted
# using the symmetric session key. It contains the RSA signature of the
# digest of the serialized CipherProperties(). It is stored inside the
# encrypted payload.
self.cipher_metadata = rdfvalue.CipherMetadata(
self.Decrypt(response_comms.encrypted_cipher_metadata, self.cipher.metadata_iv)
)
self.VerifyCipherSignature()
except RSA.RSAError as e:
raise DecryptionError(e)
def __init__(self, response_comms, private_key, pub_key_cache):
self.private_key = private_key
self.pub_key_cache = pub_key_cache
# Decrypt the message
private_key = self.private_key.GetPrivateKey()
try:
self.encrypted_cipher = response_comms.encrypted_cipher
# M2Crypto verifies the key on each private_decrypt call which is horribly
# slow therefore we just call the swig wrapped method directly.
self.serialized_cipher = m2.rsa_private_decrypt(
private_key.rsa, response_comms.encrypted_cipher, self.e_padding)
self.cipher = rdfvalue.CipherProperties(self.serialized_cipher)
# Check the key lengths.
if (len(self.cipher.key) != self.key_size / 8 or
len(self.cipher.iv) != self.iv_size / 8):
raise DecryptionError("Invalid cipher.")
if response_comms.api_version >= 3:
if len(self.cipher.hmac_key) != self.key_size / 8:
raise DecryptionError("Invalid cipher.")
# New version: cipher_metadata contains information about the cipher.
# Decrypt the metadata symmetrically
self.encrypted_cipher_metadata = (
response_comms.encrypted_cipher_metadata)
self.cipher_metadata = rdfvalue.CipherMetadata(self.Decrypt(
response_comms.encrypted_cipher_metadata, self.cipher.iv))
self.VerifyCipherSignature()
else:
# Old version: To be set once the message is verified.
self.cipher_metadata = None
except RSA.RSAError as e:
raise DecryptionError(e)
def __init__(self, response_comms, private_key, pub_key_cache):
self.private_key = private_key
self.pub_key_cache = pub_key_cache
# Decrypt the message
private_key = self.private_key.GetPrivateKey()
try:
self.encrypted_cipher = response_comms.encrypted_cipher
# M2Crypto verifies the key on each private_decrypt call which is horribly
# slow therefore we just call the swig wrapped method directly.
self.serialized_cipher = m2.rsa_private_decrypt(
private_key.rsa, response_comms.encrypted_cipher,
self.e_padding)
self.cipher = rdfvalue.CipherProperties(self.serialized_cipher)
# Check the key lengths.
if (len(self.cipher.key) != self.key_size / 8
or len(self.cipher.iv) != self.iv_size / 8):
raise DecryptionError("Invalid cipher.")
if len(self.cipher.hmac_key) != self.key_size / 8:
raise DecryptionError("Invalid cipher.")
# Cipher_metadata contains information about the cipher - decrypt the
# metadata symmetrically
self.encrypted_cipher_metadata = (
response_comms.encrypted_cipher_metadata)
self.cipher_metadata = rdfvalue.CipherMetadata(
self.Decrypt(response_comms.encrypted_cipher_metadata,
self.cipher.iv))
self.VerifyCipherSignature()
except RSA.RSAError as e:
raise DecryptionError(e)
def private_decrypt(self, data, padding):
# type: (bytes, int) -> bytes
assert self.check_key(), 'key is not initialised'
return m2.rsa_private_decrypt(self.rsa, data, padding)
def private_decrypt(self, data, padding):
assert self.check_key(), 'key is not initialised'
return m2.rsa_private_decrypt(self.rsa, data, padding)
def private_decrypt(self, data, padding):
assert self.check_key(), 'key is not initialised'
return m2.rsa_private_decrypt(self.rsa, data, padding)
def private_decrypt(self, data, padding):
# type: (bytes, int) -> bytes
assert self.check_key(), 'key is not initialised'
return m2.rsa_private_decrypt(self.rsa, data, padding)
