示例#1
0
 def generate_csr(self, private_key, subject_name, extensions=None):
     common_name = subject_name.get_attributes_for_oid(
         NameOID.COMMON_NAME)[0].value
     info = CertificationRequestInfo({
         'version':
         0,
         'subject':
         Name.build({
             'country_name': 'US',
             'state_or_province_name': 'North Carolina',
             'organization_name': 'Hyperledger',
             'organizational_unit_name': 'Fabric',
             'common_name': common_name
         }),
         'subject_pk_info':
         PublicKeyInfo.load(encode_ec_public_key(private_key.public_key)),
         'attributes':
         CRIAttributes([])
     })
     hash = hashlib.sha256(info.dump()).digest()
     signature = private_key.private_key.sign(hash,
                                              mechanism=Mechanism.ECDSA)
     csr = CertificationRequest({
         'certification_request_info':
         info,
         'signature_algorithm': {
             'algorithm': 'sha256_ecdsa',
             'parameters': None
         },
         'signature':
         encode_ecdsa_signature(signature)
     })
     der = csr.dump()
     result = x509.load_der_x509_csr(der, default_backend())
     return result
示例#2
0
def decode_ec_public_key(der, encode_ec_point=True):
    """
    Decode a DER-encoded EC public key as stored by OpenSSL into a dictionary
    of attributes able to be passed to :meth:`pkcs11.Session.create_object`.

    .. note:: **encode_ec_point**

        For use as an attribute `EC_POINT` should be DER-encoded (True).

        For key derivation implementations can vary.  Since v2.30 the
        specification says implementations MUST accept a raw `EC_POINT` for
        ECDH (False), however not all implementations follow this yet.

    :param bytes der: DER-encoded key
    :param encode_ec_point: See text.
    :rtype: dict(Attribute,*)
    """
    asn1 = PublicKeyInfo.load(der)

    assert asn1.algorithm == 'ec', \
        "Wrong algorithm, not an EC key!"

    ecpoint = bytes(asn1['public_key'])

    if encode_ec_point:
        ecpoint = OctetString(ecpoint).dump()

    return {
        Attribute.KEY_TYPE: KeyType.EC,
        Attribute.CLASS: ObjectClass.PUBLIC_KEY,
        Attribute.EC_PARAMS: asn1['algorithm']['parameters'].dump(),
        Attribute.EC_POINT: ecpoint,
    }
示例#3
0
def _key_identifier_from_public_key(public_key):
    if isinstance(public_key, RSAPublicKey):
        data = public_key.public_bytes(
            serialization.Encoding.DER,
            serialization.PublicFormat.PKCS1,
        )
    elif isinstance(public_key, EllipticCurvePublicKey):
        data = public_key.public_numbers().encode_point()
    else:
        # This is a very slow way to do this.
        serialized = public_key.public_bytes(
            serialization.Encoding.DER,
            serialization.PublicFormat.SubjectPublicKeyInfo)

        data = six.binary_type(PublicKeyInfo.load(serialized)['public_key'])

    return hashlib.sha1(data).digest()
示例#4
0
def _key_identifier_from_public_key(public_key):
    if isinstance(public_key, RSAPublicKey):
        data = public_key.public_bytes(
            serialization.Encoding.DER,
            serialization.PublicFormat.PKCS1,
        )
    elif isinstance(public_key, EllipticCurvePublicKey):
        data = public_key.public_numbers().encode_point()
    else:
        # This is a very slow way to do this.
        serialized = public_key.public_bytes(
            serialization.Encoding.DER,
            serialization.PublicFormat.SubjectPublicKeyInfo
        )

        data = six.binary_type(PublicKeyInfo.load(serialized)['public_key'])

    return hashlib.sha1(data).digest()
    def exchange(self):
        key = ec.generate_private_key(
            curve=self.name_curved.curve,
            backend=default_backend(),
        )

        args = (Encoding.DER, PublicFormat.SubjectPublicKeyInfo)
        der = key.public_key().public_bytes(*args)

        info = PublicKeyInfo.load(der)
        header = der[:len(der) - len(self.public_key)]
        server_public_key = load_der_public_key(header + self.public_key,
                                                default_backend())

        shared_key = key.exchange(ec.ECDH(), server_public_key)

        return shared_key, len(info['public_key'].native).to_bytes(
            1, 'big'), info['public_key'].native
示例#6
0
def _key_identifier_from_public_key(public_key):
    if isinstance(public_key, RSAPublicKey):
        data = public_key.public_bytes(
            serialization.Encoding.DER,
            serialization.PublicFormat.PKCS1,
        )
    elif isinstance(public_key, EllipticCurvePublicKey):
        data = public_key.public_bytes(
            serialization.Encoding.X962,
            serialization.PublicFormat.UncompressedPoint)
    else:
        # This is a very slow way to do this.
        serialized = public_key.public_bytes(
            serialization.Encoding.DER,
            serialization.PublicFormat.SubjectPublicKeyInfo)

        data = bytes(PublicKeyInfo.load(serialized)['public_key'])

    return hashlib.sha1(data).digest()
示例#7
0
def _key_identifier_from_public_key(public_key):
    if isinstance(public_key, RSAPublicKey):
        data = public_key.public_bytes(
            serialization.Encoding.DER,
            serialization.PublicFormat.PKCS1,
        )
    elif isinstance(public_key, EllipticCurvePublicKey):
        data = public_key.public_bytes(
            serialization.Encoding.X962,
            serialization.PublicFormat.UncompressedPoint
        )
    else:
        # This is a very slow way to do this.
        serialized = public_key.public_bytes(
            serialization.Encoding.DER,
            serialization.PublicFormat.SubjectPublicKeyInfo
        )

        data = bytes(PublicKeyInfo.load(serialized)['public_key'])

    return hashlib.sha1(data).digest()
示例#8
0
 def public_key_bytes(self) -> bytes:
     if len(self.message.public_key) == 33:
         return self.message.public_key
     public_key_info = PublicKeyInfo.load(self.message.public_key)
     public_key = cPublicKey(public_key_info.native['public_key'])
     return public_key.format(compressed=True)