def _generateKeyPair(self):
"""
Generate an RSA key pair according to _keySize.
:return: A tuple (privateKeyBlob, publicKeyBlob) where "privateKeyBlob"
is the encoding Blob of the private key and "publicKeyBlob" is the
encoding Blob of the public key.
:rtype: (Blob, Blob)
"""
params = RsaKeyParams(self._keySize)
privateKey = RsaAlgorithm.generateKey(params)
privateKeyBlob = privateKey.getKeyBits()
publicKey = RsaAlgorithm.deriveEncryptKey(privateKeyBlob)
publicKeyBlob = publicKey.getKeyBits()
return (privateKeyBlob, publicKeyBlob)
def _generateKeyPair(self):
"""
Generate an RSA key pair according to _keySize.
:return: A tuple (privateKeyBlob, publicKeyBlob) where "privateKeyBlob"
is the encoding Blob of the private key and "publicKeyBlob" is the
encoding Blob of the public key.
:rtype: (Blob, Blob)
"""
params = RsaKeyParams(self._keySize)
privateKey = RsaAlgorithm.generateKey(params)
privateKeyBlob = privateKey.getKeyBits()
publicKey = RsaAlgorithm.deriveEncryptKey(privateKeyBlob)
publicKeyBlob = publicKey.getKeyBits()
return (privateKeyBlob, publicKeyBlob)
def _decrypt(encryptedContent, keyBits, onPlainText, onError):
"""
Decrypt encryptedContent using keyBits.
:param encryptedContent: The EncryptedContent to decrypt, or a Blob
which is first decoded as an EncryptedContent.
:type encryptedContent: Blob or EncryptedContent
:param {Blob} keyBits The key value.
:param onPlainText: When encryptedBlob is decrypted, this calls
onPlainText(decryptedBlob) with the decrypted Blob.
:type onPlainText: function object
:param onError: This calls onError(errorCode, message) for an error,
where errorCode is from EncryptError.ErrorCode and message is a str.
:type onError: function object
"""
if isinstance(encryptedContent, Blob):
# Decode as EncryptedContent.
encryptedBlob = encryptedContent
encryptedContent = EncryptedContent()
encryptedContent.wireDecode(encryptedBlob)
payload = encryptedContent.getPayload()
if encryptedContent.getAlgorithmType() == EncryptAlgorithmType.AesCbc:
# Prepare the parameters.
decryptParams = EncryptParams(EncryptAlgorithmType.AesCbc)
decryptParams.setInitialVector(encryptedContent.getInitialVector())
# Decrypt the content.
try:
content = AesAlgorithm.decrypt(keyBits, payload, decryptParams)
except Exception as ex:
try:
onError(EncryptError.ErrorCode.InvalidEncryptedFormat,
repr(ex))
except:
logging.exception("Error in onError")
return
onPlainText(content)
elif encryptedContent.getAlgorithmType(
) == EncryptAlgorithmType.RsaOaep:
# Prepare the parameters.
decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
# Decrypt the content.
try:
content = RsaAlgorithm.decrypt(keyBits, payload, decryptParams)
except Exception as ex:
Consumer._callOnError(
onError, EncryptError.ErrorCode.InvalidEncryptedFormat,
repr(ex))
return
onPlainText(content)
else:
Consumer._callOnError(
onError, EncryptError.ErrorCode.UnsupportedEncryptionScheme,
repr(encryptedContent.getAlgorithmType()))
def _decrypt(encryptedContent, keyBits, onPlainText, onError):
"""
Decrypt encryptedContent using keyBits.
:param encryptedContent: The EncryptedContent to decrypt, or a Blob
which is first decoded as an EncryptedContent.
:type encryptedContent: Blob or EncryptedContent
:param {Blob} keyBits The key value.
:param onPlainText: When encryptedBlob is decrypted, this calls
onPlainText(decryptedBlob) with the decrypted Blob.
:type onPlainText: function object
:param onError: This calls onError(errorCode, message) for an error,
where errorCode is from EncryptError.ErrorCode and message is a str.
:type onError: function object
"""
if isinstance(encryptedContent, Blob):
# Decode as EncryptedContent.
encryptedBlob = encryptedContent
encryptedContent = EncryptedContent()
encryptedContent.wireDecode(encryptedBlob)
payload = encryptedContent.getPayload()
if encryptedContent.getAlgorithmType() == EncryptAlgorithmType.AesCbc:
# Prepare the parameters.
decryptParams = EncryptParams(EncryptAlgorithmType.AesCbc)
decryptParams.setInitialVector(encryptedContent.getInitialVector())
# Decrypt the content.
try:
content = AesAlgorithm.decrypt(keyBits, payload, decryptParams)
except Exception as ex:
try:
onError(EncryptError.ErrorCode.InvalidEncryptedFormat, repr(ex))
except:
logging.exception("Error in onError")
return
onPlainText(content)
elif encryptedContent.getAlgorithmType() == EncryptAlgorithmType.RsaOaep:
# Prepare the parameters.
decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
# Decrypt the content.
try:
content = RsaAlgorithm.decrypt(keyBits, payload, decryptParams)
except Exception as ex:
Consumer._callOnError(onError,
EncryptError.ErrorCode.InvalidEncryptedFormat, repr(ex))
return
onPlainText(content)
else:
Consumer._callOnError(onError,
EncryptError.ErrorCode.UnsupportedEncryptionScheme,
repr(encryptedContent.getAlgorithmType()))
def test_rsa_decryption(self):
for tpm in self.backEndList:
# Create an rsa key.
identityName = Name("/Test/KeyName")
key = tpm.createKey(identityName, RsaKeyParams())
keyName = key.getKeyName()
content = Blob([0x01, 0x02, 0x03, 0x04])
publicKey = key.derivePublicKey()
# TODO: Move encrypt to PublicKey?
cipherText = RsaAlgorithm.encrypt(
publicKey, content, EncryptParams(EncryptAlgorithmType.RsaOaep))
plainText = key.decrypt(cipherText.toBytes())
self.assertTrue(plainText.equals(content))
tpm.deleteKey(keyName)
self.assertEquals(False, tpm.hasKey(keyName))
def test_rsa_decryption(self):
for tpm in self.backEndList:
# Create an rsa key.
identityName = Name("/Test/KeyName")
key = tpm.createKey(identityName, RsaKeyParams())
keyName = key.getKeyName()
content = Blob([0x01, 0x02, 0x03, 0x04])
publicKey = key.derivePublicKey()
# TODO: Move encrypt to PublicKey?
cipherText = RsaAlgorithm.encrypt(
publicKey, content, EncryptParams(EncryptAlgorithmType.RsaOaep))
plainText = key.decrypt(cipherText.toBytes())
self.assertTrue(plainText.equals(content))
tpm.deleteKey(keyName)
self.assertEqual(False, tpm.hasKey(keyName))
