def _generateKeyPair(self): """ Generate an RSA key pair according to _keySize. :return: A tuple (privateKeyBlob, publicKeyBlob) where "privateKeyBlob" is the encoding Blob of the private key and "publicKeyBlob" is the encoding Blob of the public key. :rtype: (Blob, Blob) """ params = RsaKeyParams(self._keySize) privateKey = RsaAlgorithm.generateKey(params) privateKeyBlob = privateKey.getKeyBits() publicKey = RsaAlgorithm.deriveEncryptKey(privateKeyBlob) publicKeyBlob = publicKey.getKeyBits() return (privateKeyBlob, publicKeyBlob)
def _decrypt(encryptedContent, keyBits, onPlainText, onError): """ Decrypt encryptedContent using keyBits. :param encryptedContent: The EncryptedContent to decrypt, or a Blob which is first decoded as an EncryptedContent. :type encryptedContent: Blob or EncryptedContent :param {Blob} keyBits The key value. :param onPlainText: When encryptedBlob is decrypted, this calls onPlainText(decryptedBlob) with the decrypted Blob. :type onPlainText: function object :param onError: This calls onError(errorCode, message) for an error, where errorCode is from EncryptError.ErrorCode and message is a str. :type onError: function object """ if isinstance(encryptedContent, Blob): # Decode as EncryptedContent. encryptedBlob = encryptedContent encryptedContent = EncryptedContent() encryptedContent.wireDecode(encryptedBlob) payload = encryptedContent.getPayload() if encryptedContent.getAlgorithmType() == EncryptAlgorithmType.AesCbc: # Prepare the parameters. decryptParams = EncryptParams(EncryptAlgorithmType.AesCbc) decryptParams.setInitialVector(encryptedContent.getInitialVector()) # Decrypt the content. try: content = AesAlgorithm.decrypt(keyBits, payload, decryptParams) except Exception as ex: try: onError(EncryptError.ErrorCode.InvalidEncryptedFormat, repr(ex)) except: logging.exception("Error in onError") return onPlainText(content) elif encryptedContent.getAlgorithmType( ) == EncryptAlgorithmType.RsaOaep: # Prepare the parameters. decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep) # Decrypt the content. try: content = RsaAlgorithm.decrypt(keyBits, payload, decryptParams) except Exception as ex: Consumer._callOnError( onError, EncryptError.ErrorCode.InvalidEncryptedFormat, repr(ex)) return onPlainText(content) else: Consumer._callOnError( onError, EncryptError.ErrorCode.UnsupportedEncryptionScheme, repr(encryptedContent.getAlgorithmType()))
def _decrypt(encryptedContent, keyBits, onPlainText, onError): """ Decrypt encryptedContent using keyBits. :param encryptedContent: The EncryptedContent to decrypt, or a Blob which is first decoded as an EncryptedContent. :type encryptedContent: Blob or EncryptedContent :param {Blob} keyBits The key value. :param onPlainText: When encryptedBlob is decrypted, this calls onPlainText(decryptedBlob) with the decrypted Blob. :type onPlainText: function object :param onError: This calls onError(errorCode, message) for an error, where errorCode is from EncryptError.ErrorCode and message is a str. :type onError: function object """ if isinstance(encryptedContent, Blob): # Decode as EncryptedContent. encryptedBlob = encryptedContent encryptedContent = EncryptedContent() encryptedContent.wireDecode(encryptedBlob) payload = encryptedContent.getPayload() if encryptedContent.getAlgorithmType() == EncryptAlgorithmType.AesCbc: # Prepare the parameters. decryptParams = EncryptParams(EncryptAlgorithmType.AesCbc) decryptParams.setInitialVector(encryptedContent.getInitialVector()) # Decrypt the content. try: content = AesAlgorithm.decrypt(keyBits, payload, decryptParams) except Exception as ex: try: onError(EncryptError.ErrorCode.InvalidEncryptedFormat, repr(ex)) except: logging.exception("Error in onError") return onPlainText(content) elif encryptedContent.getAlgorithmType() == EncryptAlgorithmType.RsaOaep: # Prepare the parameters. decryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep) # Decrypt the content. try: content = RsaAlgorithm.decrypt(keyBits, payload, decryptParams) except Exception as ex: Consumer._callOnError(onError, EncryptError.ErrorCode.InvalidEncryptedFormat, repr(ex)) return onPlainText(content) else: Consumer._callOnError(onError, EncryptError.ErrorCode.UnsupportedEncryptionScheme, repr(encryptedContent.getAlgorithmType()))
def test_rsa_decryption(self): for tpm in self.backEndList: # Create an rsa key. identityName = Name("/Test/KeyName") key = tpm.createKey(identityName, RsaKeyParams()) keyName = key.getKeyName() content = Blob([0x01, 0x02, 0x03, 0x04]) publicKey = key.derivePublicKey() # TODO: Move encrypt to PublicKey? cipherText = RsaAlgorithm.encrypt( publicKey, content, EncryptParams(EncryptAlgorithmType.RsaOaep)) plainText = key.decrypt(cipherText.toBytes()) self.assertTrue(plainText.equals(content)) tpm.deleteKey(keyName) self.assertEquals(False, tpm.hasKey(keyName))
def test_rsa_decryption(self): for tpm in self.backEndList: # Create an rsa key. identityName = Name("/Test/KeyName") key = tpm.createKey(identityName, RsaKeyParams()) keyName = key.getKeyName() content = Blob([0x01, 0x02, 0x03, 0x04]) publicKey = key.derivePublicKey() # TODO: Move encrypt to PublicKey? cipherText = RsaAlgorithm.encrypt( publicKey, content, EncryptParams(EncryptAlgorithmType.RsaOaep)) plainText = key.decrypt(cipherText.toBytes()) self.assertTrue(plainText.equals(content)) tpm.deleteKey(keyName) self.assertEqual(False, tpm.hasKey(keyName))