示例#1
0
    def _evp_pkey_to_public_key(self, evp_pkey):
        """
        Return the appropriate type of PublicKey given an evp_pkey cdata
        pointer.
        """

        type = evp_pkey.type

        if type == self._lib.EVP_PKEY_RSA:
            rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
            assert rsa_cdata != self._ffi.NULL
            rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
            return _RSAPublicKey(self, rsa_cdata)
        elif type == self._lib.EVP_PKEY_DSA:
            dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
            assert dsa_cdata != self._ffi.NULL
            dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
            return _DSAPublicKey(self, dsa_cdata)
        elif (self._lib.Cryptography_HAS_EC == 1
              and type == self._lib.EVP_PKEY_EC):
            ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
            assert ec_cdata != self._ffi.NULL
            ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
            return _EllipticCurvePublicKey(self, ec_cdata)
        else:
            raise UnsupportedAlgorithm("Unsupported key type.")
示例#2
0
    def _evp_pkey_to_public_key(self, evp_pkey):
        """
        Return the appropriate type of PublicKey given an evp_pkey cdata
        pointer.
        """

        type = evp_pkey.type

        if type == self._lib.EVP_PKEY_RSA:
            rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey)
            assert rsa_cdata != self._ffi.NULL
            rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
            return _RSAPublicKey(self, rsa_cdata)
        elif type == self._lib.EVP_PKEY_DSA:
            dsa_cdata = self._lib.EVP_PKEY_get1_DSA(evp_pkey)
            assert dsa_cdata != self._ffi.NULL
            dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
            return _DSAPublicKey(self, dsa_cdata)
        elif (self._lib.Cryptography_HAS_EC == 1 and
              type == self._lib.EVP_PKEY_EC):
            ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
            assert ec_cdata != self._ffi.NULL
            ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
            return _EllipticCurvePublicKey(self, ec_cdata)
        else:
            raise UnsupportedAlgorithm("Unsupported key type.")
示例#3
0
 def encrypt_rsa(self, public_key, plaintext, padding):
     warnings.warn(
         "encrypt_rsa is deprecated and will be removed in a future "
         "version.",
         utils.DeprecatedIn05,
         stacklevel=2)
     rsa_cdata = self._rsa_cdata_from_public_key(public_key)
     key = _RSAPublicKey(self, rsa_cdata)
     return key.encrypt(plaintext, padding)
示例#4
0
 def encrypt_rsa(self, public_key, plaintext, padding):
     warnings.warn(
         "encrypt_rsa is deprecated and will be removed in a future "
         "version.",
         utils.DeprecatedIn05,
         stacklevel=2
     )
     rsa_cdata = self._rsa_cdata_from_public_key(public_key)
     key = _RSAPublicKey(self, rsa_cdata)
     return key.encrypt(plaintext, padding)
示例#5
0
 def create_rsa_verification_ctx(self, public_key, signature, padding,
                                 algorithm):
     warnings.warn(
         "create_rsa_verification_ctx is deprecated and will be removed in "
         "a future version.",
         utils.DeprecatedIn05,
         stacklevel=2)
     rsa_cdata = self._rsa_cdata_from_public_key(public_key)
     key = _RSAPublicKey(self, rsa_cdata)
     return _RSAVerificationContext(self, key, signature, padding,
                                    algorithm)
示例#6
0
    def load_rsa_public_numbers(self, numbers):
        rsa._check_public_key_components(numbers.e, numbers.n)
        rsa_cdata = self._lib.RSA_new()
        assert rsa_cdata != self._ffi.NULL
        rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
        rsa_cdata.e = self._int_to_bn(numbers.e)
        rsa_cdata.n = self._int_to_bn(numbers.n)
        res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL)
        assert res == 1

        return _RSAPublicKey(self, rsa_cdata)
示例#7
0
    def load_rsa_public_numbers(self, numbers):
        rsa._check_public_key_components(numbers.e, numbers.n)
        rsa_cdata = self._lib.RSA_new()
        assert rsa_cdata != self._ffi.NULL
        rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
        rsa_cdata.e = self._int_to_bn(numbers.e)
        rsa_cdata.n = self._int_to_bn(numbers.n)
        res = self._lib.RSA_blinding_on(rsa_cdata, self._ffi.NULL)
        assert res == 1

        return _RSAPublicKey(self, rsa_cdata)
示例#8
0
 def create_rsa_verification_ctx(self, public_key, signature, padding,
                                 algorithm):
     warnings.warn(
         "create_rsa_verification_ctx is deprecated and will be removed in "
         "a future version.",
         utils.DeprecatedIn05,
         stacklevel=2
     )
     rsa_cdata = self._rsa_cdata_from_public_key(public_key)
     key = _RSAPublicKey(self, rsa_cdata)
     return _RSAVerificationContext(self, key, signature, padding,
                                    algorithm)
示例#9
0
 def load_der_public_key(self, data):
     mem_bio = self._bytes_to_bio(data)
     evp_pkey = self._lib.d2i_PUBKEY_bio(mem_bio.bio, self._ffi.NULL)
     if evp_pkey != self._ffi.NULL:
         evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
         return self._evp_pkey_to_public_key(evp_pkey)
     else:
         # It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still
         # need to check to see if it is a pure PKCS1 RSA public key (not
         # embedded in a subjectPublicKeyInfo)
         self._consume_errors()
         res = self._lib.BIO_reset(mem_bio.bio)
         assert res == 1
         rsa_cdata = self._lib.d2i_RSAPublicKey_bio(mem_bio.bio,
                                                    self._ffi.NULL)
         if rsa_cdata != self._ffi.NULL:
             rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
             return _RSAPublicKey(self, rsa_cdata)
         else:
             self._handle_key_loading_error()
示例#10
0
 def __init__(self, engine, arg):
     super(EngineJWK, self).__init__()
     backend._lib.ENGINE_load_builtin_engines()
     e = backend._lib.ENGINE_by_id(engine)
     backend.openssl_assert(e != backend._ffi.NULL)
     res = backend._lib.ENGINE_init(e)
     backend.openssl_assert(res == 1)
     evp_pkey = backend._lib.ENGINE_load_private_key(
         e, arg, backend._ffi.NULL, backend._ffi.NULL)
     backend._lib.ENGINE_finish(e)
     backend.openssl_assert(evp_pkey != backend._ffi.NULL)
     key_type = backend._lib.EVP_PKEY_id(evp_pkey)
     if key_type == backend._lib.EVP_PKEY_RSA:
         rsakey = backend._lib.EVP_PKEY_get1_RSA(evp_pkey)
         self._engine_priv = rsa._RSAPrivateKey(backend, rsakey, evp_pkey)
         self._engine_pub = rsa._RSAPublicKey(backend, rsakey, evp_pkey)
         self._import_pyca_pub_rsa(self._engine_pub)
     else:
         raise jwk.InvalidJWKValue('Unknown Engine Key type')
     return
示例#11
0
 def load_der_public_key(self, data):
     mem_bio = self._bytes_to_bio(data)
     evp_pkey = self._lib.d2i_PUBKEY_bio(mem_bio.bio, self._ffi.NULL)
     if evp_pkey != self._ffi.NULL:
         evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
         return self._evp_pkey_to_public_key(evp_pkey)
     else:
         # It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still
         # need to check to see if it is a pure PKCS1 RSA public key (not
         # embedded in a subjectPublicKeyInfo)
         self._consume_errors()
         res = self._lib.BIO_reset(mem_bio.bio)
         assert res == 1
         rsa_cdata = self._lib.d2i_RSAPublicKey_bio(
             mem_bio.bio, self._ffi.NULL
         )
         if rsa_cdata != self._ffi.NULL:
             rsa_cdata = self._ffi.gc(rsa_cdata, self._lib.RSA_free)
             return _RSAPublicKey(self, rsa_cdata)
         else:
             self._handle_key_loading_error()