def load_rsa_private_numbers(self, numbers): rsa._check_private_key_components( numbers.p, numbers.q, numbers.d, numbers.dmp1, numbers.dmq1, numbers.iqmp, numbers.public_numbers.e, numbers.public_numbers.n ) rsa_cdata = self._lib.RSA_new() assert rsa_cdata != self._ffi.NULL rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) rsa_cdata.p = self._int_to_bn(numbers.p) rsa_cdata.q = self._int_to_bn(numbers.q) rsa_cdata.d = self._int_to_bn(numbers.d) rsa_cdata.dmp1 = self._int_to_bn(numbers.dmp1) rsa_cdata.dmq1 = self._int_to_bn(numbers.dmq1) rsa_cdata.iqmp = self._int_to_bn(numbers.iqmp) rsa_cdata.e = self._int_to_bn(numbers.public_numbers.e) rsa_cdata.n = self._int_to_bn(numbers.public_numbers.n) res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL) assert res == 1 return _RSAPrivateKey(self, rsa_cdata)
def _evp_pkey_to_private_key(self, evp_pkey): """ Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. """ type = evp_pkey.type if type == self._lib.EVP_PKEY_RSA: rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey) assert rsa_cdata != self._ffi.NULL rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) return _RSAPrivateKey(self, rsa_cdata) elif type == self._lib.EVP_PKEY_DSA: dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey) assert dsa_cdata != self._ffi.NULL dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free) return _DSAPrivateKey(self, dsa_cdata) elif (self._lib.Cryptography_HAS_EC == 1 and type == self._lib.EVP_PKEY_EC): ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey) assert ec_cdata != self._ffi.NULL ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) return _EllipticCurvePrivateKey(self, ec_cdata) else: raise UnsupportedAlgorithm("Unsupported key type.")
def _evp_pkey_to_private_key(self, evp_pkey): """ Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. """ key_type = evp_pkey.type if key_type == self._lib.EVP_PKEY_RSA: rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey) assert rsa_cdata != self._ffi.NULL rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) return _RSAPrivateKey(self, rsa_cdata) elif key_type == self._lib.EVP_PKEY_DSA: dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey) assert dsa_cdata != self._ffi.NULL dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free) return _DSAPrivateKey(self, dsa_cdata) elif (self._lib.Cryptography_HAS_EC == 1 and key_type == self._lib.EVP_PKEY_EC): ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey) assert ec_cdata != self._ffi.NULL ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) return _EllipticCurvePrivateKey(self, ec_cdata) else: raise UnsupportedAlgorithm("Unsupported key type.")
def decrypt_rsa(self, private_key, ciphertext, padding): warnings.warn( "decrypt_rsa is deprecated and will be removed in a future " "version.", utils.DeprecatedIn05, stacklevel=2) rsa_cdata = self._rsa_cdata_from_private_key(private_key) key = _RSAPrivateKey(self, rsa_cdata) return key.decrypt(ciphertext, padding)
def create_rsa_signature_ctx(self, private_key, padding, algorithm): warnings.warn( "create_rsa_signature_ctx is deprecated and will be removed in a " "future version.", utils.DeprecatedIn05, stacklevel=2) rsa_cdata = self._rsa_cdata_from_private_key(private_key) key = _RSAPrivateKey(self, rsa_cdata) return _RSASignatureContext(self, key, padding, algorithm)
def decrypt_rsa(self, private_key, ciphertext, padding): warnings.warn( "decrypt_rsa is deprecated and will be removed in a future " "version.", utils.DeprecatedIn05, stacklevel=2 ) rsa_cdata = self._rsa_cdata_from_private_key(private_key) key = _RSAPrivateKey(self, rsa_cdata) return key.decrypt(ciphertext, padding)
def create_rsa_signature_ctx(self, private_key, padding, algorithm): warnings.warn( "create_rsa_signature_ctx is deprecated and will be removed in a " "future version.", utils.DeprecatedIn05, stacklevel=2 ) rsa_cdata = self._rsa_cdata_from_private_key(private_key) key = _RSAPrivateKey(self, rsa_cdata) return _RSASignatureContext(self, key, padding, algorithm)
def generate_rsa_private_key(self, public_exponent, key_size): rsa._verify_rsa_parameters(public_exponent, key_size) rsa_cdata = self._lib.RSA_new() assert rsa_cdata != self._ffi.NULL rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) bn = self._int_to_bn(public_exponent) bn = self._ffi.gc(bn, self._lib.BN_free) res = self._lib.RSA_generate_key_ex(rsa_cdata, key_size, bn, self._ffi.NULL) assert res == 1 return _RSAPrivateKey(self, rsa_cdata)
def generate_rsa_private_key(self, public_exponent, key_size): rsa._verify_rsa_parameters(public_exponent, key_size) rsa_cdata = self._lib.RSA_new() assert rsa_cdata != self._ffi.NULL rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) bn = self._int_to_bn(public_exponent) bn = self._ffi.gc(bn, self._lib.BN_free) res = self._lib.RSA_generate_key_ex( rsa_cdata, key_size, bn, self._ffi.NULL ) assert res == 1 return _RSAPrivateKey(self, rsa_cdata)
def _evp_pkey_to_private_key(self, evp_pkey): """ Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. """ type = evp_pkey.type if type == self._lib.EVP_PKEY_RSA: rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey) assert rsa_cdata != self._ffi.NULL rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free) return _RSAPrivateKey(self, rsa_cdata) elif type == self._lib.EVP_PKEY_DSA: dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey) assert dsa_cdata != self._ffi.NULL dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free) return _DSAPrivateKey(self, dsa_cdata) else: raise UnsupportedAlgorithm("Unsupported key type.")
def __init__(self, engine, arg): super(EngineJWK, self).__init__() backend._lib.ENGINE_load_builtin_engines() e = backend._lib.ENGINE_by_id(engine) backend.openssl_assert(e != backend._ffi.NULL) res = backend._lib.ENGINE_init(e) backend.openssl_assert(res == 1) evp_pkey = backend._lib.ENGINE_load_private_key( e, arg, backend._ffi.NULL, backend._ffi.NULL) backend._lib.ENGINE_finish(e) backend.openssl_assert(evp_pkey != backend._ffi.NULL) key_type = backend._lib.EVP_PKEY_id(evp_pkey) if key_type == backend._lib.EVP_PKEY_RSA: rsakey = backend._lib.EVP_PKEY_get1_RSA(evp_pkey) self._engine_priv = rsa._RSAPrivateKey(backend, rsakey, evp_pkey) self._engine_pub = rsa._RSAPublicKey(backend, rsakey, evp_pkey) self._import_pyca_pub_rsa(self._engine_pub) else: raise jwk.InvalidJWKValue('Unknown Engine Key type') return