def compute_keyid(pubkey_packet_data): """ <Purpose> compute a keyid from an RFC4880 public-key buffer <Arguments> pubkey_packet_data: the public-key packet buffer <Exceptions> securesystemslib.exceptions.UnsupportedLibraryError if: the cryptography module is unavailable <Side Effects> None <Returns> The RFC4880-compliant hashed buffer """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) hasher = hashing.Hash(hashing.SHA1(), backend=backends.default_backend()) hasher.update(b'\x99') hasher.update(struct.pack(">H", len(pubkey_packet_data))) hasher.update(bytes(pubkey_packet_data)) return binascii.hexlify(hasher.finalize()).decode("ascii")
def get_version(): """ <Purpose> Uses `gpg2 --version` to get the version info of the installed gpg2 and extracts and returns the version number. The executed base command is defined in constants.GPG_VERSION_COMMAND. <Exceptions> securesystemslib.exceptions.UnsupportedLibraryError: If the gpg command is not available <Returns> Version number string, e.g. "2.1.22" """ if not constants.HAVE_GPG: # pragma: no cover raise exceptions.UnsupportedLibraryError(constants.NO_GPG_MSG) command = constants.GPG_VERSION_COMMAND gpg_process = process.run(command, stdout=process.PIPE, stderr=process.PIPE, universal_newlines=True) full_version_info = gpg_process.stdout version_string = re.search(r'(\d\.\d\.\d+)', full_version_info).group(1) return version_string
def create_pubkey(pubkey_info): """ <Purpose> Create and return an RSAPublicKey object from the passed pubkey_info using pyca/cryptography. <Arguments> pubkey_info: The RSA pubkey info dictionary as specified by securesystemslib.formats.GPG_RSA_PUBKEY_SCHEMA <Exceptions> securesystemslib.exceptions.FormatError if pubkey_info does not match securesystemslib.formats.GPG_RSA_PUBKEY_SCHEMA securesystemslib.exceptions.UnsupportedLibraryError if the cryptography module is unavailable <Returns> A cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey based on the passed pubkey_info. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) formats.GPG_RSA_PUBKEY_SCHEMA.check_match(pubkey_info) e = int(pubkey_info['keyval']['public']['e'], 16) n = int(pubkey_info['keyval']['public']['n'], 16) pubkey = rsa.RSAPublicNumbers(e, n).public_key(backends.default_backend()) return pubkey
def create_pubkey(pubkey_info): """ <Purpose> Create and return an Ed25519PublicKey object from the passed pubkey_info using pyca/cryptography. <Arguments> pubkey_info: The ED25519 public key dictionary as specified by securesystemslib.formats.GPG_ED25519_PUBKEY_SCHEMA <Exceptions> securesystemslib.exceptions.FormatError if pubkey_info does not match securesystemslib.formats.GPG_DSA_PUBKEY_SCHEMA securesystemslib.exceptions.UnsupportedLibraryError if the cryptography module is unavailable <Returns> A cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey based on the passed pubkey_info. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) formats.GPG_ED25519_PUBKEY_SCHEMA.check_match(pubkey_info) public_bytes = binascii.unhexlify(pubkey_info["keyval"]["public"]["q"]) public_key = pyca_ed25519.Ed25519PublicKey.from_public_bytes(public_bytes) return public_key
def generate_public_and_private(): """ <Purpose> Generate a pair of ed25519 public and private keys with PyNaCl. The public and private keys returned conform to 'securesystemslib.formats.ED25519PUBLIC_SCHEMA' and 'securesystemslib.formats.ED25519SEED_SCHEMA', respectively. An ed25519 seed key is a random 32-byte string. Public keys are also 32 bytes. >>> public, private = generate_public_and_private() >>> securesystemslib.formats.ED25519PUBLIC_SCHEMA.matches(public) True >>> securesystemslib.formats.ED25519SEED_SCHEMA.matches(private) True <Arguments> None. <Exceptions> securesystemslib.exceptions.UnsupportedLibraryError, if the PyNaCl ('nacl') module is unavailable. NotImplementedError, if a randomness source is not found by 'os.urandom'. <Side Effects> The ed25519 keys are generated by first creating a random 32-byte seed with os.urandom() and then calling PyNaCl's nacl.signing.SigningKey(). <Returns> A (public, private) tuple that conform to 'securesystemslib.formats.ED25519PUBLIC_SCHEMA' and 'securesystemslib.formats.ED25519SEED_SCHEMA', respectively. """ if not NACL: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_NACL_MSG) # Generate ed25519's seed key by calling os.urandom(). The random bytes # returned should be suitable for cryptographic use and is OS-specific. # Raise 'NotImplementedError' if a randomness source is not found. # ed25519 seed keys are fixed at 32 bytes (256-bit keys). # http://blog.mozilla.org/warner/2011/11/29/ed25519-keys/ seed = os.urandom(32) public = None # Generate the public key. PyNaCl (i.e., 'nacl' module) performs the actual # key generation. nacl_key = SigningKey(seed) public = nacl_key.verify_key.encode(encoder=RawEncoder()) return public, seed
def get_signature_params(data): """ <Purpose> Parse the signature parameters as multi-precision-integers. <Arguments> data: the RFC4880-encoded signature data buffer as described in the fourth paragraph of section 5.2.2 <Exceptions> securesystemslib.gpg.exceptions.PacketParsingError: if the public key parameters are malformed securesystemslib.exceptions.UnsupportedLibraryError: if the cryptography module is not available <Side Effects> None. <Returns> The decoded signature buffer """ if not CRYPTO: # pragma: no cover return exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) ptr = 0 r_length = gpg_util.get_mpi_length(data[ptr:ptr + 2]) ptr += 2 r = data[ptr:ptr + r_length] if len(r) != r_length: # pragma: no cover raise PacketParsingError("r-value truncated in signature") ptr += r_length s_length = gpg_util.get_mpi_length(data[ptr:ptr + 2]) ptr += 2 s = data[ptr:ptr + s_length] if len(s) != s_length: # pragma: no cover raise PacketParsingError("s-value truncated in signature") s = int(binascii.hexlify(s), 16) r = int(binascii.hexlify(r), 16) signature = dsautils.encode_dss_signature(r, s) return signature
def hash_object(headers, algorithm, content): """ <Purpose> Hash data prior to signature verification in conformance of the RFC4880 openPGP standard. <Arguments> headers: the additional OpenPGP headers as populated from gpg_generate_signature algorithm: The hash algorithm object defined by the cryptography.io hashes module content: the signed content <Exceptions> securesystemslib.exceptions.UnsupportedLibraryError if: the cryptography module is unavailable <Side Effects> None <Returns> The RFC4880-compliant hashed buffer """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # As per RFC4880 Section 5.2.4., we need to hash the content, # signature headers and add a very opinionated trailing header hasher = hashing.Hash(algorithm, backend=backends.default_backend()) hasher.update(content) hasher.update(headers) hasher.update(b'\x04\xff') hasher.update(struct.pack(">I", len(headers))) return hasher.finalize()
def create_signature(public_key, private_key, data, scheme): """ <Purpose> Return a (signature, scheme) tuple, where the signature scheme is 'ed25519' and is always generated by PyNaCl (i.e., 'nacl'). The signature returned conforms to 'securesystemslib.formats.ED25519SIGNATURE_SCHEMA', and has the form: '\xae\xd7\x9f\xaf\x95{bP\x9e\xa8YO Z\x86\x9d...' A signature is a 64-byte string. >>> public, private = generate_public_and_private() >>> data = b'The quick brown fox jumps over the lazy dog' >>> scheme = 'ed25519' >>> signature, scheme = \ create_signature(public, private, data, scheme) >>> securesystemslib.formats.ED25519SIGNATURE_SCHEMA.matches(signature) True >>> scheme == 'ed25519' True >>> signature, scheme = \ create_signature(public, private, data, scheme) >>> securesystemslib.formats.ED25519SIGNATURE_SCHEMA.matches(signature) True >>> scheme == 'ed25519' True <Arguments> public: The ed25519 public key, which is a 32-byte string. private: The ed25519 private key, which is a 32-byte string. data: Data object used by create_signature() to generate the signature. scheme: The signature scheme used to generate the signature. <Exceptions> securesystemslib.exceptions.FormatError, if the arguments are improperly formatted. securesystemslib.exceptions.CryptoError, if a signature cannot be created. securesystemslib.exceptions.UnsupportedLibraryError, if the PyNaCl ('nacl') module is unavailable. <Side Effects> nacl.signing.SigningKey.sign() called to generate the actual signature. <Returns> A signature dictionary conformat to 'securesystemslib.format.SIGNATURE_SCHEMA'. ed25519 signatures are 64 bytes, however, the hexlified signature is stored in the dictionary returned. """ if not NACL: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_NACL_MSG) # Does 'public_key' have the correct format? # This check will ensure 'public_key' conforms to # 'securesystemslib.formats.ED25519PUBLIC_SCHEMA', which must have length 32 # bytes. Raise 'securesystemslib.exceptions.FormatError' if the check fails. formats.ED25519PUBLIC_SCHEMA.check_match(public_key) # Is 'private_key' properly formatted? formats.ED25519SEED_SCHEMA.check_match(private_key) # Is 'scheme' properly formatted? formats.ED25519_SIG_SCHEMA.check_match(scheme) # Signing the 'data' object requires a seed and public key. # nacl.signing.SigningKey.sign() generates the signature. signature = None # An if-clause is not strictly needed here, since 'ed25519' is the only # currently supported scheme. Nevertheless, include the conditional # statement to accommodate schemes that might be added in the future. if scheme == 'ed25519': try: nacl_key = SigningKey(private_key) nacl_sig = nacl_key.sign(data) signature = nacl_sig.signature except (ValueError, TypeError, nacl_exceptions.CryptoError) as e: raise exceptions.CryptoError('An "ed25519" signature' ' could not be created with PyNaCl.' + str(e)) # This is a defensive check for a valid 'scheme', which should have already # been validated in the check_match() above. else: #pragma: no cover raise exceptions.UnsupportedAlgorithmError('Unsupported' ' signature scheme is specified: ' + repr(scheme)) return signature, scheme
def generate_public_and_private(scheme='ecdsa-sha2-nistp256'): """ <Purpose> Generate a pair of ECDSA public and private keys with one of the supported, external cryptography libraries. The public and private keys returned conform to 'securesystemslib.formats.PEMECDSA_SCHEMA' and 'securesystemslib.formats.PEMECDSA_SCHEMA', respectively. The public ECDSA public key has the PEM format: TODO: should we encrypt the private keys returned here? Should the create_signature() accept encrypted keys? '-----BEGIN PUBLIC KEY----- ... '-----END PUBLIC KEY-----' The private ECDSA private key has the PEM format: '-----BEGIN EC PRIVATE KEY----- ... -----END EC PRIVATE KEY-----' >>> public, private = generate_public_and_private() >>> securesystemslib.formats.PEMECDSA_SCHEMA.matches(public) True >>> securesystemslib.formats.PEMECDSA_SCHEMA.matches(private) True <Arguments> scheme: A string indicating which algorithm to use for the generation of the public and private ECDSA keys. 'ecdsa-sha2-nistp256' is the only currently supported ECDSA algorithm, which is supported by OpenSSH and specified in RFC 5656 (https://tools.ietf.org/html/rfc5656). <Exceptions> securesystemslib.exceptions.FormatError, if 'algorithm' is improperly formatted. securesystemslib.exceptions.UnsupportedAlgorithmError, if 'scheme' is an unsupported algorithm. securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography module is not available. <Side Effects> None. <Returns> A (public, private) tuple that conform to 'securesystemslib.formats.PEMECDSA_SCHEMA' and 'securesystemslib.formats.PEMECDSA_SCHEMA', respectively. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # Does 'scheme' have the correct format? # Verify that 'scheme' is of the correct type, and that it's one of the # supported ECDSA . It must conform to # 'securesystemslib.formats.ECDSA_SCHEME_SCHEMA'. Raise # 'securesystemslib.exceptions.FormatError' if the check fails. formats.ECDSA_SCHEME_SCHEMA.check_match(scheme) public_key = None private_key = None # An if-clause is strictly not needed, since 'ecdsa_sha2-nistp256' is the # only currently supported ECDSA signature scheme. Nevertheness, include the # conditional statement to accomodate any schemes that might be added. if scheme == 'ecdsa-sha2-nistp256': private_key = ec.generate_private_key(ec.SECP256R1, default_backend()) public_key = private_key.public_key() # The ECDSA_SCHEME_SCHEMA.check_match() above should have detected any # invalid 'scheme'. This is a defensive check. else: #pragma: no cover raise exceptions.UnsupportedAlgorithmError( 'An unsupported' ' scheme specified: ' + repr(scheme) + '.\n Supported' ' algorithms: ' + repr(_SUPPORTED_ECDSA_SCHEMES)) private_pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) public_pem = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo) return public_pem.decode('utf-8'), private_pem.decode('utf-8')
def create_ecdsa_encrypted_pem(private_pem, passphrase): """ <Purpose> Return a string in PEM format, where the private part of the ECDSA key is encrypted. The private part of the ECDSA key is encrypted as done by pyca/cryptography: "Encrypt using the best available encryption for a given key's backend. This is a curated encryption choice and the algorithm may change over time." >>> junk, private = generate_public_and_private() >>> passphrase = 'secret' >>> encrypted_pem = create_ecdsa_encrypted_pem(private, passphrase) >>> securesystemslib.formats.PEMECDSA_SCHEMA.matches(encrypted_pem) True <Arguments> private_pem: The private ECDSA key string in PEM format. passphrase: The passphrase, or password, to encrypt the private part of the ECDSA key. 'passphrase' is not used directly as the encryption key, a stronger encryption key is derived from it. <Exceptions> securesystemslib.exceptions.FormatError, if the arguments are improperly formatted. securesystemslib.exceptions.CryptoError, if an ECDSA key in encrypted PEM format cannot be created. securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography module is not available. <Side Effects> None. <Returns> A string in PEM format, where the private RSA portion is encrypted. Conforms to 'securesystemslib.formats.PEMECDSA_SCHEMA'. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # Does 'private_key' have the correct format? # Raise 'securesystemslib.exceptions.FormatError' if the check fails. formats.PEMRSA_SCHEMA.check_match(private_pem) # Does 'passphrase' have the correct format? formats.PASSWORD_SCHEMA.check_match(passphrase) private = load_pem_private_key(private_pem.encode('utf-8'), password=None, backend=default_backend()) encrypted_private_pem = \ private.private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.BestAvailableEncryption(passphrase.encode('utf-8'))) return encrypted_private_pem
def create_ecdsa_public_and_private_from_pem(pem, password=None): """ <Purpose> Create public and private ECDSA keys from a private 'pem'. The public and private keys are strings in PEM format: public: '-----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----', private: '-----BEGIN EC PRIVATE KEY----- ... -----END EC PRIVATE KEY-----'}} >>> junk, private = generate_public_and_private() >>> public, private = create_ecdsa_public_and_private_from_pem(private) >>> securesystemslib.formats.PEMECDSA_SCHEMA.matches(public) True >>> securesystemslib.formats.PEMECDSA_SCHEMA.matches(private) True >>> passphrase = 'secret' >>> encrypted_pem = create_ecdsa_encrypted_pem(private, passphrase) >>> public, private = create_ecdsa_public_and_private_from_pem(encrypted_pem, passphrase) >>> securesystemslib.formats.PEMECDSA_SCHEMA.matches(public) True >>> securesystemslib.formats.PEMECDSA_SCHEMA.matches(private) True <Arguments> pem: A string in PEM format. The private key is extracted and returned in an ecdsakey object. password: (optional) The password, or passphrase, to decrypt the private part of the ECDSA key if it is encrypted. 'password' is not used directly as the encryption key, a stronger encryption key is derived from it. <Exceptions> securesystemslib.exceptions.FormatError, if the arguments are improperly formatted. securesystemslib.exceptions.UnsupportedAlgorithmError, if the ECDSA key pair could not be extracted, possibly due to an unsupported algorithm. securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography module is not available. <Side Effects> None. <Returns> A dictionary containing the ECDSA keys and other identifying information. Conforms to 'securesystemslib.formats.ECDSAKEY_SCHEMA'. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # Does 'pem' have the correct format? # This check will ensure 'pem' conforms to # 'securesystemslib.formats.ECDSARSA_SCHEMA'. formats.PEMECDSA_SCHEMA.check_match(pem) if password is not None: formats.PASSWORD_SCHEMA.check_match(password) password = password.encode('utf-8') else: logger.debug('The password/passphrase is unset. The PEM is expected' ' to be unencrypted.') public = None private = None # Generate the public and private ECDSA keys. The pyca/cryptography library # performs the actual import operation. try: private = load_pem_private_key(pem.encode('utf-8'), password=password, backend=default_backend()) except (ValueError, UnsupportedAlgorithm) as e: raise exceptions.CryptoError('Could not import private' ' PEM.\n' + str(e)) public = private.public_key() # Serialize public and private keys to PEM format. private = private.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) public = public.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo) return public.decode('utf-8'), private.decode('utf-8')
def verify_signature(public_key, scheme, signature, data): """ <Purpose> Verify that 'signature' was produced by the private key associated with 'public_key'. >>> scheme = 'ecdsa-sha2-nistp256' >>> public, private = generate_public_and_private(scheme) >>> data = b'The quick brown fox jumps over the lazy dog' >>> signature, scheme = create_signature(public, private, data, scheme) >>> verify_signature(public, scheme, signature, data) True >>> verify_signature(public, scheme, signature, b'bad data') False <Arguments> public_key: The ECDSA public key in PEM format. The public key is needed to verify 'signature'. scheme: The signature scheme used to generate 'signature'. For example: 'ecdsa-sha2-nistp256'. signature: The signature to be verified, which should have been generated by the private key associated with 'public_key'. 'data'. data: Byte data that was used by create_signature() to generate 'signature'. <Exceptions> securesystemslib.exceptions.FormatError, if any of the arguments are improperly formatted. securesystemslib.exceptions.UnsupportedAlgorithmError, if 'scheme' is not one of the supported signature schemes. securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography module is not available. <Side Effects> None. <Returns> Boolean, indicating whether the 'signature' of data was generated by the private key associated with 'public_key'. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # Are the arguments properly formatted? # If not, raise 'securesystemslib.exceptions.FormatError'. formats.PEMECDSA_SCHEMA.check_match(public_key) formats.ECDSA_SCHEME_SCHEMA.check_match(scheme) formats.ECDSASIGNATURE_SCHEMA.check_match(signature) ecdsa_key = load_pem_public_key(public_key.encode('utf-8'), backend=default_backend()) if not isinstance(ecdsa_key, ec.EllipticCurvePublicKey): raise exceptions.FormatError('Invalid ECDSA public' ' key: ' + repr(public_key)) else: logger.debug('Loaded a valid ECDSA public key.') # verify() raises an 'InvalidSignature' exception if 'signature' # is invalid. try: ecdsa_key.verify(signature, data, _SCHEME_HASHER[scheme]) return True except (TypeError, InvalidSignature): return False
def create_signature(public_key, private_key, data, scheme='ecdsa-sha2-nistp256'): """ <Purpose> Return a (signature, scheme) tuple. >>> requested_scheme = 'ecdsa-sha2-nistp256' >>> public, private = generate_public_and_private(requested_scheme) >>> data = b'The quick brown fox jumps over the lazy dog' >>> signature, scheme = create_signature(public, private, data, requested_scheme) >>> securesystemslib.formats.ECDSASIGNATURE_SCHEMA.matches(signature) True >>> requested_scheme == scheme True <Arguments> public: The ECDSA public key in PEM format. private: The ECDSA private key in PEM format. data: Byte data used by create_signature() to generate the signature returned. scheme: The signature scheme used to generate the signature. For example: 'ecdsa-sha2-nistp256'. <Exceptions> securesystemslib.exceptions.FormatError, if the arguments are improperly formatted. securesystemslib.exceptions.CryptoError, if a signature cannot be created. securesystemslib.exceptions.UnsupportedAlgorithmError, if 'scheme' is not one of the supported signature schemes. securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography module is not available. <Side Effects> None. <Returns> A signature dictionary conformat to 'securesystemslib.format.SIGNATURE_SCHEMA'. ECDSA signatures are XX bytes, however, the hexlified signature is stored in the dictionary returned. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # Do 'public_key' and 'private_key' have the correct format? # This check will ensure that the arguments conform to # 'securesystemslib.formats.PEMECDSA_SCHEMA'. Raise # 'securesystemslib.exceptions.FormatError' if the check fails. formats.PEMECDSA_SCHEMA.check_match(public_key) # Is 'private_key' properly formatted? formats.PEMECDSA_SCHEMA.check_match(private_key) # Is 'scheme' properly formatted? formats.ECDSA_SCHEME_SCHEMA.check_match(scheme) # 'ecdsa-sha2-nistp256' is the only currently supported ECDSA scheme, so this # if-clause isn't strictly needed. Nevertheless, the conditional statement # is included to accommodate multiple schemes that can potentially be added # in the future. if scheme == 'ecdsa-sha2-nistp256': try: private_key = load_pem_private_key(private_key.encode('utf-8'), password=None, backend=default_backend()) signature = private_key.sign(data, ec.ECDSA(hashes.SHA256())) except TypeError as e: raise exceptions.CryptoError('Could not create' ' signature: ' + str(e)) # A defensive check for an invalid 'scheme'. The # ECDSA_SCHEME_SCHEMA.check_match() above should have already validated it. else: #pragma: no cover raise exceptions.UnsupportedAlgorithmError( 'Unsupported' ' signature scheme is specified: ' + repr(scheme)) return signature, scheme
def generate_rsa_public_and_private(bits=_DEFAULT_RSA_KEY_BITS): """ <Purpose> Generate public and private RSA keys with modulus length 'bits'. The public and private keys returned conform to 'securesystemslib.formats.PEMRSA_SCHEMA' and have the form: '-----BEGIN RSA PUBLIC KEY----- ...' or '-----BEGIN RSA PRIVATE KEY----- ...' The public and private keys are returned as strings in PEM format. 'generate_rsa_public_and_private()' enforces a minimum key size of 2048 bits. If 'bits' is unspecified, a 3072-bit RSA key is generated, which is the key size recommended by TUF. >>> public, private = generate_rsa_public_and_private(2048) >>> securesystemslib.formats.PEMRSA_SCHEMA.matches(public) True >>> securesystemslib.formats.PEMRSA_SCHEMA.matches(private) True <Arguments> bits: The key size, or key length, of the RSA key. 'bits' must be 2048, or greater. 'bits' defaults to 3072 if not specified. <Exceptions> securesystemslib.exceptions.FormatError, if 'bits' does not contain the correct format. securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography module is not available. <Side Effects> The RSA keys are generated from pyca/cryptography's rsa.generate_private_key() function. <Returns> A (public, private) tuple containing the RSA keys in PEM format. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # Does 'bits' have the correct format? # This check will ensure 'bits' conforms to # 'securesystemslib.formats.RSAKEYBITS_SCHEMA'. 'bits' must be an integer # object, with a minimum value of 2048. Raise # 'securesystemslib.exceptions.FormatError' if the check fails. formats.RSAKEYBITS_SCHEMA.check_match(bits) # Generate the public and private RSA keys. The pyca/cryptography 'rsa' # module performs the actual key generation. The 'bits' argument is used, # and a 2048-bit minimum is enforced by # securesystemslib.formats.RSAKEYBITS_SCHEMA.check_match(). private_key = rsa.generate_private_key(public_exponent=65537, key_size=bits, backend=default_backend()) # Extract the public & private halves of the RSA key and generate their # PEM-formatted representations. Return the key pair as a (public, private) # tuple, where each RSA is a string in PEM format. private_pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) # Need to generate the public pem from the private key before serialization # to PEM. public_key = private_key.public_key() public_pem = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo) return public_pem.decode('utf-8'), private_pem.decode('utf-8')
def verify_signature(signature_object, pubkey_info, content, hash_algorithm_id): """ <Purpose> Verify the passed signature against the passed content with the passed RSA public key using pyca/cryptography. <Arguments> signature_object: A signature dictionary as specified by securesystemslib.formats.GPG_SIGNATURE_SCHEMA pubkey_info: The RSA public key info dictionary as specified by securesystemslib.formats.GPG_RSA_PUBKEY_SCHEMA content: The signed bytes against which the signature is verified hash_algorithm_id: one of SHA1, SHA256, SHA512 (see securesystemslib.gpg.constants) used to verify the signature NOTE: Overrides any hash algorithm specification in "pubkey_info"'s "hashes" or "method" fields. <Exceptions> securesystemslib.exceptions.FormatError if: signature_object does not match securesystemslib.formats.GPG_SIGNATURE_SCHEMA, pubkey_info does not match securesystemslib.formats.GPG_RSA_PUBKEY_SCHEMA securesystemslib.exceptions.UnsupportedLibraryError if: the cryptography module is unavailable ValueError: if the passed hash_algorithm_id is not supported (see securesystemslib.gpg.util.get_hashing_class) <Returns> True if signature verification passes and False otherwise """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) formats.GPG_SIGNATURE_SCHEMA.check_match(signature_object) formats.GPG_RSA_PUBKEY_SCHEMA.check_match(pubkey_info) hasher = gpg_util.get_hashing_class(hash_algorithm_id) pubkey_object = create_pubkey(pubkey_info) # zero-pad the signature due to a discrepancy between the openssl backend # and the gnupg interpretation of PKCSv1.5. Read more at: # https://github.com/in-toto/in-toto/issues/171#issuecomment-440039256 # we are skipping this if on the tests because well, how would one test this # deterministically. pubkey_length = len(pubkey_info['keyval']['public']['n']) signature_length = len(signature_object['signature']) if pubkey_length != signature_length: # pragma: no cover zero_pad = "0" * (pubkey_length - signature_length) signature_object['signature'] = "{}{}".format( zero_pad, signature_object['signature']) digest = gpg_util.hash_object( binascii.unhexlify(signature_object['other_headers']), hasher(), content) try: pubkey_object.verify(binascii.unhexlify(signature_object['signature']), digest, padding.PKCS1v15(), utils.Prehashed(hasher())) return True except InvalidSignature: return False
def create_rsa_signature(private_key, data, scheme='rsassa-pss-sha256'): """ <Purpose> Generate a 'scheme' signature. The signature, and the signature scheme used, is returned as a (signature, scheme) tuple. The signing process will use 'private_key' to generate the signature of 'data'. RFC3447 - RSASSA-PSS http://www.ietf.org/rfc/rfc3447.txt >>> public, private = generate_rsa_public_and_private(2048) >>> data = 'The quick brown fox jumps over the lazy dog'.encode('utf-8') >>> scheme = 'rsassa-pss-sha256' >>> signature, scheme = create_rsa_signature(private, data, scheme) >>> securesystemslib.formats.NAME_SCHEMA.matches(scheme) True >>> scheme == 'rsassa-pss-sha256' True >>> securesystemslib.formats.PYCACRYPTOSIGNATURE_SCHEMA.matches(signature) True <Arguments> private_key: The private RSA key, a string in PEM format. data: Data (string) used by create_rsa_signature() to generate the signature. scheme: The signature scheme used to generate the signature. <Exceptions> securesystemslib.exceptions.FormatError, if 'private_key' is improperly formatted. ValueError, if 'private_key' is unset. securesystemslib.exceptions.CryptoError, if the signature cannot be generated. securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography module is not available. <Side Effects> pyca/cryptography's 'RSAPrivateKey.signer()' called to generate the signature. <Returns> A (signature, scheme) tuple, where the signature is a string and the scheme is one of the supported RSA signature schemes. For example: 'rsassa-pss-sha256'. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # Does the arguments have the correct format? # If not, raise 'securesystemslib.exceptions.FormatError' if any of the # checks fail. formats.PEMRSA_SCHEMA.check_match(private_key) formats.DATA_SCHEMA.check_match(data) formats.RSA_SCHEME_SCHEMA.check_match(scheme) # Signing 'data' requires a private key. Currently supported RSA signature # schemes are defined in `securesystemslib.keys.RSA_SIGNATURE_SCHEMES`. signature = None # Verify the signature, but only if the private key has been set. The # private key is a NULL string if unset. Although it may be clearer to # explicitly check that 'private_key' is not '', we can/should check for a # value and not compare identities with the 'is' keyword. Up to this point # 'private_key' has variable size and can be an empty string. if not len(private_key): raise ValueError('The required private key is unset.') try: # 'private_key' (in PEM format) must first be converted to a # pyca/cryptography private key object before a signature can be # generated. private_key_object = load_pem_private_key(private_key.encode('utf-8'), password=None, backend=default_backend()) digest_obj = digest_from_rsa_scheme(scheme, 'pyca_crypto') if scheme.startswith('rsassa-pss'): # Generate an RSSA-PSS signature. Raise # 'securesystemslib.exceptions.CryptoError' for any of the expected # exceptions raised by pyca/cryptography. signature = private_key_object.sign( data, padding.PSS(mgf=padding.MGF1(digest_obj.algorithm), salt_length=digest_obj.algorithm.digest_size), digest_obj.algorithm) elif scheme.startswith('rsa-pkcs1v15'): # Generate an RSA-PKCS1v15 signature. Raise # 'securesystemslib.exceptions.CryptoError' for any of the expected # exceptions raised by pyca/cryptography. signature = private_key_object.sign(data, padding.PKCS1v15(), digest_obj.algorithm) # The RSA_SCHEME_SCHEMA.check_match() above should have validated 'scheme'. # This is a defensive check check.. else: # pragma: no cover raise exceptions.UnsupportedAlgorithmError( 'Unsupported' ' signature scheme is specified: ' + repr(scheme)) # If the PEM data could not be decrypted, or if its structure could not # be decoded successfully. except ValueError: raise exceptions.CryptoError( 'The private key' ' (in PEM format) could not be deserialized.') # 'TypeError' is raised if a password was given and the private key was # not encrypted, or if the key was encrypted but no password was # supplied. Note: A passphrase or password is not used when generating # 'private_key', since it should not be encrypted. except TypeError: raise exceptions.CryptoError('The private key was' ' unexpectedly encrypted.') # 'cryptography.exceptions.UnsupportedAlgorithm' is raised if the # serialized key is of a type that is not supported by the backend, or if # the key is encrypted with a symmetric cipher that is not supported by # the backend. except UnsupportedAlgorithm: # pragma: no cover raise exceptions.CryptoError( 'The private key is' ' encrypted with an unsupported algorithm.') return signature, scheme
def verify_rsa_signature(signature, signature_scheme, public_key, data): """ <Purpose> Determine whether the corresponding private key of 'public_key' produced 'signature'. verify_signature() will use the public key, signature scheme, and 'data' to complete the verification. >>> public, private = generate_rsa_public_and_private(2048) >>> data = b'The quick brown fox jumps over the lazy dog' >>> scheme = 'rsassa-pss-sha256' >>> signature, scheme = create_rsa_signature(private, data, scheme) >>> verify_rsa_signature(signature, scheme, public, data) True >>> verify_rsa_signature(signature, scheme, public, b'bad_data') False <Arguments> signature: A signature, as a string. This is the signature returned by create_rsa_signature(). signature_scheme: A string that indicates the signature scheme used to generate 'signature'. Currently supported RSA signature schemes are defined in `securesystemslib.keys.RSA_SIGNATURE_SCHEMES`. public_key: The RSA public key, a string in PEM format. data: Data used by securesystemslib.keys.create_signature() to generate 'signature'. 'data' (a string) is needed here to verify 'signature'. <Exceptions> securesystemslib.exceptions.FormatError, if 'signature', 'signature_scheme', 'public_key', or 'data' are improperly formatted. securesystemslib.exceptions.UnsupportedAlgorithmError, if the signature scheme used by 'signature' is not one supported by securesystemslib.keys.create_signature(). securesystemslib.exceptions.CryptoError, if the private key cannot be decoded or its key type is unsupported. securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography module is not available. <Side Effects> pyca/cryptography's RSAPublicKey.verifier() called to do the actual verification. <Returns> Boolean. True if the signature is valid, False otherwise. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # Does 'public_key' have the correct format? # This check will ensure 'public_key' conforms to # 'securesystemslib.formats.PEMRSA_SCHEMA'. Raise # 'securesystemslib.exceptions.FormatError' if the check fails. formats.PEMRSA_SCHEMA.check_match(public_key) # Does 'signature_scheme' have the correct format? formats.RSA_SCHEME_SCHEMA.check_match(signature_scheme) # Does 'signature' have the correct format? formats.PYCACRYPTOSIGNATURE_SCHEMA.check_match(signature) # What about 'data'? formats.DATA_SCHEMA.check_match(data) # Verify the RSASSA-PSS signature with pyca/cryptography. try: public_key_object = serialization.load_pem_public_key( public_key.encode('utf-8'), backend=default_backend()) digest_obj = digest_from_rsa_scheme(signature_scheme, 'pyca_crypto') # verify() raises 'cryptography.exceptions.InvalidSignature' if the # signature is invalid. 'salt_length' is set to the digest size of the # hashing algorithm. try: if signature_scheme.startswith('rsassa-pss'): public_key_object.verify( signature, data, padding.PSS(mgf=padding.MGF1(digest_obj.algorithm), salt_length=digest_obj.algorithm.digest_size), digest_obj.algorithm) elif signature_scheme.startswith('rsa-pkcs1v15'): public_key_object.verify(signature, data, padding.PKCS1v15(), digest_obj.algorithm) # The RSA_SCHEME_SCHEMA.check_match() above should have validated 'scheme'. # This is a defensive check check.. else: # pragma: no cover raise exceptions.UnsupportedAlgorithmError( 'Unsupported' ' signature scheme is specified: ' + repr(signature_scheme)) return True except InvalidSignature: return False # Raised by load_pem_public_key(). except (ValueError, UnsupportedAlgorithm) as e: raise exceptions.CryptoError( 'The PEM could not be' ' decoded successfully, or contained an unsupported key type: ' + str(e))
def decrypt_key(encrypted_key, password): """ <Purpose> Return a string containing 'encrypted_key' in non-encrypted form. The decrypt_key() function can be applied to the encrypted string to restore the original key object, a securesystemslib key (e.g., RSAKEY_SCHEMA, ED25519KEY_SCHEMA). This function calls the appropriate cryptography module (i.e., rsa_keys.py) to perform the decryption. Encrypted securesystemslib keys use AES-256-CTR-Mode and passwords strengthened with PBKDF2-HMAC-SHA256 (100K iterations be default, but may be overriden in 'settings.py' by the user). http://en.wikipedia.org/wiki/Advanced_Encryption_Standard http://en.wikipedia.org/wiki/CTR_mode#Counter_.28CTR.29 https://en.wikipedia.org/wiki/PBKDF2 >>> ed25519_key = {'keytype': 'ed25519', \ 'scheme': 'ed25519', \ 'keyid': \ 'd62247f817883f593cf6c66a5a55292488d457bcf638ae03207dbbba9dbe457d', \ 'keyval': {'public': \ '74addb5ad544a4306b34741bc1175a3613a8d7dc69ff64724243efdec0e301ad', \ 'private': \ '1f26964cc8d4f7ee5f3c5da2fbb7ab35811169573ac367b860a537e47789f8c4'}} >>> passphrase = 'secret' >>> encrypted_key = encrypt_key(ed25519_key, passphrase) >>> decrypted_key = decrypt_key(encrypted_key.encode('utf-8'), passphrase) >>> securesystemslib.formats.ED25519KEY_SCHEMA.matches(decrypted_key) True >>> decrypted_key == ed25519_key True <Arguments> encrypted_key: An encrypted securesystemslib key (additional data is also included, such as salt, number of password iterations used for the derived encryption key, etc) of the form 'securesystemslib.formats.ENCRYPTEDKEY_SCHEMA'. 'encrypted_key' should have been generated with encrypted_key(). password: The password, or passphrase, to encrypt the private part of the RSA key. 'password' is not used directly as the encryption key, a stronger encryption key is derived from it. <Exceptions> securesystemslib.exceptions.FormatError, if the arguments are improperly formatted. securesystemslib.exceptions.CryptoError, if a securesystemslib key cannot be decrypted from 'encrypted_key'. securesystemslib.exceptions.Error, if a valid securesystemslib key object is not found in 'encrypted_key'. securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography module is not available. <Side Effects> The pyca/cryptography is library called to perform the actual decryption of 'encrypted_key'. The key derivation data stored in 'encrypted_key' is used to re-derive the encryption/decryption key. <Returns> The decrypted key object in 'securesystemslib.formats.ANYKEY_SCHEMA' format. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # Do the arguments have the correct format? # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if the check fails. formats.ENCRYPTEDKEY_SCHEMA.check_match(encrypted_key) # Does 'password' have the correct format? formats.PASSWORD_SCHEMA.check_match(password) # Decrypt 'encrypted_key', using 'password' (and additional key derivation # data like salts and password iterations) to re-derive the decryption key. json_data = _decrypt(encrypted_key, password) # Raise 'securesystemslib.exceptions.Error' if 'json_data' cannot be # deserialized to a valid 'securesystemslib.formats.ANYKEY_SCHEMA' key # object. key_object = util.load_json_string(json_data.decode()) return key_object
def encrypt_key(key_object, password): """ <Purpose> Return a string containing 'key_object' in encrypted form. Encrypted strings may be safely saved to a file. The corresponding decrypt_key() function can be applied to the encrypted string to restore the original key object. 'key_object' is a securesystemslib key (e.g., RSAKEY_SCHEMA, ED25519KEY_SCHEMA). This function calls the pyca/cryptography library to perform the encryption and derive a suitable encryption key. Whereas an encrypted PEM file uses the Triple Data Encryption Algorithm (3DES), the Cipher-block chaining (CBC) mode of operation, and the Password Based Key Derivation Function 1 (PBKF1) + MD5 to strengthen 'password', encrypted securesystemslib keys use AES-256-CTR-Mode and passwords strengthened with PBKDF2-HMAC-SHA256 (100K iterations by default, but may be overriden in 'settings.PBKDF2_ITERATIONS' by the user). http://en.wikipedia.org/wiki/Advanced_Encryption_Standard http://en.wikipedia.org/wiki/CTR_mode#Counter_.28CTR.29 https://en.wikipedia.org/wiki/PBKDF2 >>> ed25519_key = {'keytype': 'ed25519', \ 'scheme': 'ed25519', \ 'keyid': \ 'd62247f817883f593cf6c66a5a55292488d457bcf638ae03207dbbba9dbe457d', \ 'keyval': {'public': \ '74addb5ad544a4306b34741bc1175a3613a8d7dc69ff64724243efdec0e301ad', \ 'private': \ '1f26964cc8d4f7ee5f3c5da2fbb7ab35811169573ac367b860a537e47789f8c4'}} >>> passphrase = 'secret' >>> encrypted_key = encrypt_key(ed25519_key, passphrase) >>> securesystemslib.formats.ENCRYPTEDKEY_SCHEMA.matches(encrypted_key.encode('utf-8')) True <Arguments> key_object: The securesystemslib key object that should contain the private portion of the ED25519 key. password: The password, or passphrase, to encrypt the private part of the RSA key. 'password' is not used directly as the encryption key, a stronger encryption key is derived from it. <Exceptions> securesystemslib.exceptions.FormatError, if any of the arguments are improperly formatted or 'key_object' does not contain the private portion of the key. securesystemslib.exceptions.CryptoError, if an Ed25519 key in encrypted securesystemslib format cannot be created. securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography module is not available. <Side Effects> pyca/Cryptography cryptographic operations called to perform the actual encryption of 'key_object'. 'password' used to derive a suitable encryption key. <Returns> An encrypted string in 'securesystemslib.formats.ENCRYPTEDKEY_SCHEMA' format. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # Do the arguments have the correct format? # Ensure the arguments have the appropriate number of objects and object # types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if the check fails. formats.ANYKEY_SCHEMA.check_match(key_object) # Does 'password' have the correct format? formats.PASSWORD_SCHEMA.check_match(password) # Ensure the private portion of the key is included in 'key_object'. if 'private' not in key_object[ 'keyval'] or not key_object['keyval']['private']: raise exceptions.FormatError( 'Key object does not contain a private part.') # Derive a key (i.e., an appropriate encryption key and not the # user's password) from the given 'password'. Strengthen 'password' with # PBKDF2-HMAC-SHA256 (100K iterations by default, but may be overriden in # 'settings.PBKDF2_ITERATIONS' by the user). salt, iterations, derived_key = _generate_derived_key(password) # Store the derived key info in a dictionary, the object expected # by the non-public _encrypt() routine. derived_key_information = { 'salt': salt, 'iterations': iterations, 'derived_key': derived_key } # Convert the key object to json string format and encrypt it with the # derived key. encrypted_key = _encrypt(json.dumps(key_object), derived_key_information) return encrypted_key
def create_rsa_public_and_private_from_pem(pem, passphrase=None): """ <Purpose> Generate public and private RSA keys from an optionally encrypted PEM. The public and private keys returned conform to 'securesystemslib.formats.PEMRSA_SCHEMA' and have the form: '-----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY-----' and '-----BEGIN RSA PRIVATE KEY----- ...-----END RSA PRIVATE KEY-----' The public and private keys are returned as strings in PEM format. In case the private key part of 'pem' is encrypted pyca/cryptography's load_pem_private_key() method is passed passphrase. In the default case here, pyca/cryptography will decrypt with a PBKDF1+MD5 strengthened'passphrase', and 3DES with CBC mode for encryption/decryption. Alternatively, key data may be encrypted with AES-CTR-Mode and the passphrase strengthened with PBKDF2+SHA256, although this method is used only with securesystemslib encrypted key files. >>> public, private = generate_rsa_public_and_private(2048) >>> passphrase = 'secret' >>> encrypted_pem = create_rsa_encrypted_pem(private, passphrase) >>> returned_public, returned_private = \ create_rsa_public_and_private_from_pem(encrypted_pem, passphrase) >>> securesystemslib.formats.PEMRSA_SCHEMA.matches(returned_public) True >>> securesystemslib.formats.PEMRSA_SCHEMA.matches(returned_private) True >>> public == returned_public True >>> private == returned_private True <Arguments> pem: A byte string in PEM format, where the private key can be encrypted. It has the form: '-----BEGIN RSA PRIVATE KEY-----\n Proc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC ...' passphrase: (optional) The passphrase, or password, to decrypt the private part of the RSA key. 'passphrase' is not directly used as the encryption key, instead it is used to derive a stronger symmetric key. <Exceptions> securesystemslib.exceptions.FormatError, if the arguments are improperly formatted. securesystemslib.exceptions.CryptoError, if the public and private RSA keys cannot be generated from 'pem', or exported in PEM format. securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography module is not available. <Side Effects> pyca/cryptography's 'serialization.load_pem_private_key()' called to perform the actual conversion from an encrypted RSA private key to PEM format. <Returns> A (public, private) tuple containing the RSA keys in PEM format. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # Does 'encryped_pem' have the correct format? # This check will ensure 'pem' has the appropriate number # of objects and object types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if the check fails. formats.PEMRSA_SCHEMA.check_match(pem) # If passed, does 'passphrase' have the correct format? if passphrase is not None: formats.PASSWORD_SCHEMA.check_match(passphrase) passphrase = passphrase.encode('utf-8') # Generate a pyca/cryptography key object from 'pem'. The generated # pyca/cryptography key contains the required export methods needed to # generate the PEM-formatted representations of the public and private RSA # key. try: private_key = load_pem_private_key(pem.encode('utf-8'), passphrase, backend=default_backend()) # pyca/cryptography's expected exceptions for 'load_pem_private_key()': # ValueError: If the PEM data could not be decrypted. # (possibly because the passphrase is wrong)." # TypeError: If a password was given and the private key was not encrypted. # Or if the key was encrypted but no password was supplied. # UnsupportedAlgorithm: If the private key (or if the key is encrypted with # an unsupported symmetric cipher) is not supported by the backend. except (ValueError, TypeError, UnsupportedAlgorithm) as e: # Raise 'securesystemslib.exceptions.CryptoError' and pyca/cryptography's # exception message. Avoid propogating pyca/cryptography's exception trace # to avoid revealing sensitive error. raise exceptions.CryptoError( 'RSA (public, private) tuple' ' cannot be generated from the encrypted PEM string: ' + str(e)) # Export the public and private halves of the pyca/cryptography RSA key # object. The (public, private) tuple returned contains the public and # private RSA keys in PEM format, as strings. # Extract the public & private halves of the RSA key and generate their # PEM-formatted representations. Return the key pair as a (public, private) # tuple, where each RSA is a string in PEM format. private_pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) # Need to generate the public key from the private one before serializing # to PEM format. public_key = private_key.public_key() public_pem = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo) return public_pem.decode(), private_pem.decode()
def create_rsa_encrypted_pem(private_key, passphrase): """ <Purpose> Return a string in PEM format (TraditionalOpenSSL), where the private part of the RSA key is encrypted using the best available encryption for a given key's backend. This is a curated (by cryptography.io) encryption choice and the algorithm may change over time. c.f. cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/ #cryptography.hazmat.primitives.serialization.BestAvailableEncryption >>> public, private = generate_rsa_public_and_private(2048) >>> passphrase = 'secret' >>> encrypted_pem = create_rsa_encrypted_pem(private, passphrase) >>> securesystemslib.formats.PEMRSA_SCHEMA.matches(encrypted_pem) True <Arguments> private_key: The private key string in PEM format. passphrase: The passphrase, or password, to encrypt the private part of the RSA key. <Exceptions> securesystemslib.exceptions.FormatError, if the arguments are improperly formatted. securesystemslib.exceptions.CryptoError, if the passed RSA key cannot be deserialized by pyca cryptography. ValueError, if 'private_key' is unset. securesystemslib.exceptions.UnsupportedLibraryError, if the cryptography module is not available. <Returns> A string in PEM format (TraditionalOpenSSL), where the private RSA key is encrypted. Conforms to 'securesystemslib.formats.PEMRSA_SCHEMA'. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) # This check will ensure 'private_key' has the appropriate number # of objects and object types, and that all dict keys are properly named. # Raise 'securesystemslib.exceptions.FormatError' if the check fails. formats.PEMRSA_SCHEMA.check_match(private_key) # Does 'passphrase' have the correct format? formats.PASSWORD_SCHEMA.check_match(passphrase) # 'private_key' may still be a NULL string after the # 'securesystemslib.formats.PEMRSA_SCHEMA' so we need an additional check if len(private_key): try: private_key = load_pem_private_key(private_key.encode('utf-8'), password=None, backend=default_backend()) except ValueError: raise exceptions.CryptoError( 'The private key' ' (in PEM format) could not be deserialized.') else: raise ValueError('The required private key is unset.') encrypted_pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.BestAvailableEncryption( passphrase.encode('utf-8'))) return encrypted_pem.decode()
def digest(algorithm=DEFAULT_HASH_ALGORITHM, hash_library=DEFAULT_HASH_LIBRARY): """ <Purpose> Provide the caller with the ability to create digest objects without having to worry about crypto library availability or which library to use. The caller also has the option of specifying which hash algorithm and/or library to use. # Creation of a digest object using defaults or by specifying hash # algorithm and library. digest_object = securesystemslib.hash.digest() digest_object = securesystemslib.hash.digest('sha384') digest_object = securesystemslib.hash.digest('sha256', 'hashlib') # The expected interface for digest objects. digest_object.digest_size digest_object.hexdigest() digest_object.update('data') digest_object.digest() # Added hash routines by this module. digest_object = securesystemslib.hash.digest_fileobject(file_object) digest_object = securesystemslib.hash.digest_filename(filename) <Arguments> algorithm: The hash algorithm (e.g., 'md5', 'sha1', 'sha256'). hash_library: The crypto library to use for the given hash algorithm (e.g., 'hashlib'). <Exceptions> securesystemslib.exceptions.FormatError, if the arguments are improperly formatted. securesystemslib.exceptions.UnsupportedAlgorithmError, if an unsupported hashing algorithm is specified, or digest could not be generated with given the algorithm. securesystemslib.exceptions.UnsupportedLibraryError, if an unsupported library was requested via 'hash_library'. <Side Effects> None. <Returns> Digest object e.g. hashlib.new(algorithm) or PycaDiggestWrapper object """ # Are the arguments properly formatted? If not, raise # 'securesystemslib.exceptions.FormatError'. formats.NAME_SCHEMA.check_match(algorithm) formats.NAME_SCHEMA.check_match(hash_library) # Was a hashlib digest object requested and is it supported? # If so, return the digest object. if hash_library == 'hashlib' and hash_library in SUPPORTED_LIBRARIES: try: if algorithm == 'blake2b-256': return hashlib.new('blake2b', digest_size=32) else: return hashlib.new(algorithm) except (ValueError, TypeError): # ValueError: the algorithm value was unknown # TypeError: unexpected argument digest_size (on old python) raise exceptions.UnsupportedAlgorithmError(algorithm) # Was a pyca_crypto digest object requested and is it supported? elif hash_library == 'pyca_crypto' and hash_library in SUPPORTED_LIBRARIES: try: hash_algorithm = PYCA_DIGEST_OBJECTS_CACHE[algorithm]() return PycaDiggestWrapper( _pyca_hashes.Hash(hash_algorithm, default_backend())) except KeyError: raise exceptions.UnsupportedAlgorithmError(algorithm) # The requested hash library is not supported. else: raise exceptions.UnsupportedLibraryError( 'Unsupported' ' library requested. Supported hash' ' libraries: ' + repr(SUPPORTED_LIBRARIES))
def verify_signature(signature_object, pubkey_info, content, hash_algorithm_id): """ <Purpose> Verify the passed signature against the passed content with the passed ED25519 public key using pyca/cryptography. <Arguments> signature_object: A signature dictionary as specified by securesystemslib.formats.GPG_SIGNATURE_SCHEMA pubkey_info: The DSA public key info dictionary as specified by securesystemslib.formats.GPG_ED25519_PUBKEY_SCHEMA hash_algorithm_id: one of SHA1, SHA256, SHA512 (see securesystemslib.gpg.constants) used to verify the signature NOTE: Overrides any hash algorithm specification in "pubkey_info"'s "hashes" or "method" fields. content: The signed bytes against which the signature is verified <Exceptions> securesystemslib.exceptions.FormatError if: signature_object does not match securesystemslib.formats.GPG_SIGNATURE_SCHEMA pubkey_info does not match securesystemslib.formats.GPG_ED25519_PUBKEY_SCHEMA securesystemslib.exceptions.UnsupportedLibraryError if: the cryptography module is unavailable ValueError: if the passed hash_algorithm_id is not supported (see securesystemslib.gpg.util.get_hashing_class) <Returns> True if signature verification passes and False otherwise. """ if not CRYPTO: # pragma: no cover raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG) formats.GPG_SIGNATURE_SCHEMA.check_match(signature_object) formats.GPG_ED25519_PUBKEY_SCHEMA.check_match(pubkey_info) hasher = gpg_util.get_hashing_class(hash_algorithm_id) pubkey_object = create_pubkey(pubkey_info) # See RFC4880-bis8 14.8. EdDSA and 5.2.4 "Computing Signatures" digest = gpg_util.hash_object( binascii.unhexlify(signature_object["other_headers"]), hasher(), content) try: pubkey_object.verify( binascii.unhexlify(signature_object["signature"]), digest ) return True except InvalidSignature: return False