def test_generate_and_write_ed25519_keypair(self): # Test normal case. temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory) test_keypath = os.path.join(temporary_directory, 'ed25519_key') interface.generate_and_write_ed25519_keypair(test_keypath, password='******') self.assertTrue(os.path.exists(test_keypath)) self.assertTrue(os.path.exists(test_keypath + '.pub')) # Ensure the generated key files are importable. imported_pubkey = \ interface.import_ed25519_publickey_from_file(test_keypath + '.pub') self.assertTrue(securesystemslib.formats.ED25519KEY_SCHEMA.matches(imported_pubkey)) imported_privkey = \ interface.import_ed25519_privatekey_from_file(test_keypath, 'pw') self.assertTrue(securesystemslib.formats.ED25519KEY_SCHEMA.matches(imported_privkey)) # Test improperly formatted arguments. self.assertRaises(securesystemslib.exceptions.FormatError, interface.generate_and_write_ed25519_keypair, 3, password='******') self.assertRaises(securesystemslib.exceptions.FormatError, interface.generate_and_write_rsa_keypair, test_keypath, password=3)
def test_import_ed25519_privatekey_from_file(self): # Test normal case. # Generate ed25519 keys that can be imported. scheme = 'ed25519' temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory) ed25519_keypath = os.path.join(temporary_directory, 'ed25519_key') interface.generate_and_write_ed25519_keypair(ed25519_keypath, password='******') imported_ed25519_key = \ interface.import_ed25519_privatekey_from_file(ed25519_keypath, 'pw') self.assertTrue(securesystemslib.formats.ED25519KEY_SCHEMA.matches(imported_ed25519_key)) # Test improperly formatted argument. self.assertRaises(securesystemslib.exceptions.FormatError, interface.import_ed25519_privatekey_from_file, 3, 'pw') # Test invalid argument. # Non-existent key file. nonexistent_keypath = os.path.join(temporary_directory, 'nonexistent_keypath') self.assertRaises(IOError, interface.import_ed25519_privatekey_from_file, nonexistent_keypath, 'pw') # Invalid key file argument. invalid_keyfile = os.path.join(temporary_directory, 'invalid_keyfile') with open(invalid_keyfile, 'wb') as file_object: file_object.write(b'bad keyfile') self.assertRaises(securesystemslib.exceptions.Error, interface.import_ed25519_privatekey_from_file, invalid_keyfile, 'pw') # Invalid private key imported (contains unexpected keytype.) imported_ed25519_key['keytype'] = 'invalid_keytype' # Use 'pyca_crypto_keys.py' to bypass the key format validation performed # by 'keys.py'. salt, iterations, derived_key = \ securesystemslib.pyca_crypto_keys._generate_derived_key('pw') # Store the derived key info in a dictionary, the object expected # by the non-public _encrypt() routine. derived_key_information = {'salt': salt, 'iterations': iterations, 'derived_key': derived_key} # Convert the key object to json string format and encrypt it with the # derived key. encrypted_key = \ securesystemslib.pyca_crypto_keys._encrypt(json.dumps(imported_ed25519_key), derived_key_information) with open(ed25519_keypath, 'wb') as file_object: file_object.write(encrypted_key.encode('utf-8')) self.assertRaises(securesystemslib.exceptions.FormatError, interface.import_ed25519_privatekey_from_file, ed25519_keypath, 'pw')
def write_keypair(keystore_dir: str, functionary: str, i: int = 1, n: int = 1, passphrase: Optional[str] = None) -> Keypath: private_keypath = get_new_private_keypath(keystore_dir, functionary, i) assert not os.path.isfile(private_keypath) public_keypath = get_public_keypath(private_keypath) assert not os.path.isfile(public_keypath) # Make the keystore directory, WR-only by self, if not already there. os.makedirs(keystore_dir, mode=0o700, exist_ok=True) generate_and_write_ed25519_keypair(private_keypath, password=passphrase) return Keypath(private_keypath, public_keypath)
def test_import_ed25519_publickey_from_file(self): # Test normal case. # Generate ed25519 keys that can be imported. temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory) ed25519_keypath = os.path.join(temporary_directory, 'ed25519_key') interface.generate_and_write_ed25519_keypair(ed25519_keypath, password='******') imported_ed25519_key = \ interface.import_ed25519_publickey_from_file(ed25519_keypath + '.pub') self.assertTrue( securesystemslib.formats.ED25519KEY_SCHEMA.matches( imported_ed25519_key)) # Test improperly formatted argument. self.assertRaises(securesystemslib.exceptions.FormatError, interface.import_ed25519_publickey_from_file, 3) # Test invalid argument. # Non-existent key file. nonexistent_keypath = os.path.join(temporary_directory, 'nonexistent_keypath') self.assertRaises(IOError, interface.import_ed25519_publickey_from_file, nonexistent_keypath) # Invalid key file argument. invalid_keyfile = os.path.join(temporary_directory, 'invalid_keyfile') with open(invalid_keyfile, 'wb') as file_object: file_object.write(b'bad keyfile') self.assertRaises(securesystemslib.exceptions.Error, interface.import_ed25519_publickey_from_file, invalid_keyfile) # Invalid public key imported (contains unexpected keytype.) keytype = imported_ed25519_key['keytype'] keyval = imported_ed25519_key['keyval'] scheme = imported_ed25519_key['scheme'] ed25519key_metadata_format = \ securesystemslib.keys.format_keyval_to_metadata(keytype, scheme, keyval, private=False) ed25519key_metadata_format['keytype'] = 'invalid_keytype' with open(ed25519_keypath + '.pub', 'wb') as file_object: file_object.write( json.dumps(ed25519key_metadata_format).encode('utf-8')) self.assertRaises(securesystemslib.exceptions.FormatError, interface.import_ed25519_publickey_from_file, ed25519_keypath + '.pub')
def set_up_keys(cls): # Generated unencrypted keys cls.rsa_key_path = generate_and_write_unencrypted_rsa_keypair() cls.rsa_key_id = os.path.basename(cls.rsa_key_path) cls.ed25519_key_path = generate_and_write_unencrypted_ed25519_keypair() cls.ed25519_key_id = os.path.basename(cls.ed25519_key_path) # Generate encrypted keys cls.rsa_key_enc_path = generate_and_write_rsa_keypair(password=cls.key_pw) cls.rsa_key_enc_id = os.path.basename(cls.rsa_key_enc_path) cls.ed25519_key_enc_path = generate_and_write_ed25519_keypair(password=cls.key_pw) cls.ed25519_key_enc_id = os.path.basename(cls.ed25519_key_enc_path)
def test_generate_and_write_ed25519_keypair(self): # Test normal case. temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory) test_keypath = os.path.join(temporary_directory, 'ed25519_key') test_keypath_unencrypted = os.path.join(temporary_directory, 'ed25519_key_unencrypted') returned_path = interface.generate_and_write_ed25519_keypair( test_keypath, password='******') self.assertTrue(os.path.exists(test_keypath)) self.assertTrue(os.path.exists(test_keypath + '.pub')) self.assertEqual(returned_path, test_keypath) # If an empty string is given for 'password', the private key file # is written to disk unencrypted. interface.generate_and_write_ed25519_keypair(test_keypath_unencrypted, password='') self.assertTrue(os.path.exists(test_keypath_unencrypted)) self.assertTrue(os.path.exists(test_keypath_unencrypted + '.pub')) # Ensure the generated key files are importable. imported_pubkey = \ interface.import_ed25519_publickey_from_file(test_keypath + '.pub') self.assertTrue(securesystemslib.formats.ED25519KEY_SCHEMA\ .matches(imported_pubkey)) imported_privkey = \ interface.import_ed25519_privatekey_from_file(test_keypath, 'pw') self.assertTrue(securesystemslib.formats.ED25519KEY_SCHEMA\ .matches(imported_privkey)) # Fail importing encrypted key passing password and prompt with self.assertRaises(ValueError): interface.import_ed25519_privatekey_from_file(test_keypath, password='******', prompt=True) # Fail importing encrypted key passing an empty string for passwd with self.assertRaises(ValueError): interface.import_ed25519_privatekey_from_file(test_keypath, password='') # Try to import the unencrypted key file, by not passing a password imported_privkey = \ interface.import_ed25519_privatekey_from_file(test_keypath_unencrypted) self.assertTrue(securesystemslib.formats.ED25519KEY_SCHEMA.\ matches(imported_privkey)) # Try to import the unencrypted key file, by entering an empty password with mock.patch('securesystemslib.interface.get_password', return_value=''): imported_privkey = \ interface.import_ed25519_privatekey_from_file(test_keypath_unencrypted, prompt=True) self.assertTrue( securesystemslib.formats.ED25519KEY_SCHEMA.matches(imported_privkey)) # Fail importing unencrypted key passing a password with self.assertRaises(securesystemslib.exceptions.CryptoError): interface.import_ed25519_privatekey_from_file(test_keypath_unencrypted, 'pw') # Fail importing encrypted key passing no password with self.assertRaises(securesystemslib.exceptions.CryptoError): interface.import_ed25519_privatekey_from_file(test_keypath) # Test for a default filepath. If 'filepath' is not given, the key's # KEYID is used as the filename. The key is saved to the current working # directory. default_keypath = interface.generate_and_write_ed25519_keypair(password='******') self.assertTrue(os.path.exists(default_keypath)) self.assertTrue(os.path.exists(default_keypath + '.pub')) written_key = interface.import_ed25519_publickey_from_file(default_keypath + '.pub') self.assertEqual(written_key['keyid'], os.path.basename(default_keypath)) os.remove(default_keypath) os.remove(default_keypath + '.pub') # Test improperly formatted arguments. self.assertRaises(securesystemslib.exceptions.FormatError, interface.generate_and_write_ed25519_keypair, 3, password='******') self.assertRaises(securesystemslib.exceptions.FormatError, interface.generate_and_write_rsa_keypair, test_keypath, password=3)
def init_keys(): if not os.path.isfile(KEY_NAME): generate_and_write_ed25519_keypair(KEY_NAME, password=PASSWORD)