示例#1
0
    def _decryptAndImportKdk(self, kdkData, onError):
        """
        :param Data kdkData:
        :param onError: On error, this calls onError(errorCode, message)
        :type onError: function object
        :return: True for success, false for error (where this has called onError).
        :rtype: bool
        """
        try:
            logging.getLogger(__name__).info("Decrypting and importing KDK " +
                                             kdkData.getName().toUri())
            encryptedContent = EncryptedContent()
            encryptedContent.wireDecodeV2(kdkData.getContent())

            safeBag = SafeBag(encryptedContent.getPayload())
            secret = self._keyChain.getTpm().decrypt(
                encryptedContent.getPayloadKey().toBytes(),
                self._credentialsKey.getName())
            if secret.isNull():
                onError(
                    EncryptError.ErrorCode.TpmKeyNotFound,
                    "Could not decrypt secret, " +
                    credentialsKey_.getName().toUri() + " not found in TPM")
                return False

            self._internalKeyChain.importSafeBag(safeBag, secret.toBytes())
            return True
        except Exception as ex:
            onError(
                EncryptError.ErrorCode.DecryptionFailure,
                "Failed to decrypt KDK [" + kdkData.getName().toUri() + "]: " +
                repr(ex))
            return False
示例#2
0
    def _decryptAndImportKdk(self, kdkData, onError):
        """
        :param Data kdkData:
        :param onError: On error, this calls onError(errorCode, message)
        :type onError: function object
        :return: True for success, false for error (where this has called onError).
        :rtype: bool
        """
        try:
            logging.getLogger(__name__).info("Decrypting and importing KDK " +
              kdkData.getName().toUri())
            encryptedContent = EncryptedContent()
            encryptedContent.wireDecodeV2(kdkData.getContent())

            safeBag = SafeBag(encryptedContent.getPayload())
            secret = self._keyChain.getTpm().decrypt(
              encryptedContent.getPayloadKey().toBytes(),
              self._credentialsKey.getName())
            if secret.isNull():
                onError(EncryptError.ErrorCode.TpmKeyNotFound,
                  "Could not decrypt secret, " + self._credentialsKey.getName().toUri() +
                  " not found in TPM")
                return False

            self._internalKeyChain.importSafeBag(safeBag, secret.toBytes())
            return True
        except Exception as ex:
            onError(EncryptError.ErrorCode.DecryptionFailure,
              "Failed to decrypt KDK [" + kdkData.getName().toUri() + "]: " +
              repr(ex))
            return False
示例#3
0
    def _decryptCkAndProcessPendingDecrypts(self, contentKey, ckData,
                                            kdkKeyName, onError):
        logging.getLogger(__name__).info("Decrypting CK data ",
                                         ckData.getName().toUri())

        content = EncryptedContent()
        try:
            content.wireDecodeV2(ckData.getContent())
        except Exception as ex:
            onError(EncryptError.ErrorCode.InvalidEncryptedFormat,
                    "Error decrypting EncryptedContent: " + repr(ex))
            return

        try:
            ckBits = self._internalKeyChain.getTpm().decrypt(
                content.getPayload().toBytes(), kdkKeyName)
        except Exception as ex:
            # We don't expect this from the in-memory KeyChain.
            onError(EncryptError.ErrorCode.DecryptionFailure,
                    "Error decrypting the CK EncryptedContent " + repr(ex))
            return

        if ckBits.isNull():
            onError(
                EncryptError.ErrorCode.TpmKeyNotFound,
                "Could not decrypt secret, " + kdkKeyName.toUri() +
                " not found in TPM")
            return

        contentKey.bits = ckBits
        contentKey.isRetrieved = True

        for pendingDecrypt in contentKey.pendingDecrypts:
            # TODO: If this calls onError, should we quit?
            DecryptorV2._doDecrypt(pendingDecrypt.encryptedContent,
                                   contentKey.bits, pendingDecrypt.onSuccess,
                                   pendingDecrypt.onError)

        contentKey.pendingDecrypts = []
示例#4
0
    def _decryptCkAndProcessPendingDecrypts(
      self, contentKey, ckData, kdkKeyName, onError):
        logging.getLogger(__name__).info("Decrypting CK data " +
          ckData.getName().toUri())

        content = EncryptedContent()
        try:
          content.wireDecodeV2(ckData.getContent())
        except Exception as ex:
            onError(EncryptError.ErrorCode.InvalidEncryptedFormat,
              "Error decrypting EncryptedContent: " + repr(ex))
            return

        try:
            ckBits = self._internalKeyChain.getTpm().decrypt(
              content.getPayload().toBytes(), kdkKeyName)
        except Exception as ex:
            # We don't expect this from the in-memory KeyChain.
            onError(EncryptError.ErrorCode.DecryptionFailure,
              "Error decrypting the CK EncryptedContent " + repr(ex))
            return

        if ckBits.isNull():
            onError(EncryptError.ErrorCode.TpmKeyNotFound,
              "Could not decrypt secret, " + kdkKeyName.toUri() +
              " not found in TPM")
            return

        contentKey.bits = ckBits
        contentKey.isRetrieved = True

        for pendingDecrypt in contentKey.pendingDecrypts:
            # TODO: If this calls onError, should we quit?
            DecryptorV2._doDecrypt(
              pendingDecrypt.encryptedContent, contentKey.bits,
              pendingDecrypt.onSuccess, pendingDecrypt.onError)

        contentKey.pendingDecrypts = []