diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-03-01 15:52:56 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-03-01 15:52:56 -0600 |
| commit | 94770319e08bd7412a7e0b62abf206e0d78b997b (patch) | |
| tree | f90ae0bc1436fceaaeed2d010369838556d8f7da /src/cryptography/hazmat/backends/openssl/rsa.py | |
| parent | d208417c771be91d73dea853a3c01f70151d5639 (diff) | |
| download | cryptography-94770319e08bd7412a7e0b62abf206e0d78b997b.tar.gz cryptography-94770319e08bd7412a7e0b62abf206e0d78b997b.tar.bz2 cryptography-94770319e08bd7412a7e0b62abf206e0d78b997b.zip | |
move private_bytes to a shared method so we can reuse it
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/rsa.py')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/rsa.py | 64 |
1 files changed, 7 insertions, 57 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py index e7365c11..05648d85 100644 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ b/src/cryptography/hazmat/backends/openssl/rsa.py @@ -21,10 +21,6 @@ from cryptography.hazmat.primitives.asymmetric.rsa import ( RSAPrivateKeyWithNumbers, RSAPrivateKeyWithSerialization, RSAPublicKeyWithNumbers ) -from cryptography.hazmat.primitives.serialization import ( - BestAvailableEncryption, Encoding, Format, KeySerializationEncryption, - NoEncryption -) def _get_rsa_pss_salt_length(pss, key_size, digest_size): @@ -566,60 +562,14 @@ class _RSAPrivateKey(object): ) def private_bytes(self, encoding, format, encryption_algorithm): - if not isinstance(encoding, Encoding): - raise TypeError("encoding must be an item from the Encoding enum") - - if not isinstance(format, Format): - raise TypeError("format must be an item from the Format enum") - - # This is a temporary check until we land DER serialization. - if encoding is not Encoding.PEM: - raise ValueError("Only PEM encoding is supported by this backend") - - if format is Format.PKCS8: - write_bio = self._backend._lib.PEM_write_bio_PKCS8PrivateKey - key = self._evp_pkey - elif format is Format.TraditionalOpenSSL: - write_bio = self._backend._lib.PEM_write_bio_RSAPrivateKey - key = self._rsa_cdata - - if not isinstance(encryption_algorithm, KeySerializationEncryption): - raise TypeError( - "Encryption algorithm must be a KeySerializationEncryption " - "instance" - ) - - if isinstance(encryption_algorithm, NoEncryption): - password = b"" - passlen = 0 - evp_cipher = self._backend._ffi.NULL - elif isinstance(encryption_algorithm, BestAvailableEncryption): - # This is a curated value that we will update over time. - evp_cipher = self._backend._lib.EVP_get_cipherbyname( - b"aes-256-cbc" - ) - password = encryption_algorithm.password - passlen = len(password) - if passlen > 1023: - raise ValueError( - "Passwords longer than 1023 bytes are not supported by " - "this backend" - ) - else: - raise ValueError("Unsupported encryption type") - - bio = self._backend._create_mem_bio() - res = write_bio( - bio, - key, - evp_cipher, - password, - passlen, - self._backend._ffi.NULL, - self._backend._ffi.NULL + return self._backend._private_bytes( + encoding, + format, + encryption_algorithm, + self._backend._lib.PEM_write_bio_RSAPrivateKey, + self._evp_pkey, + self._rsa_cdata ) - assert res == 1 - return self._backend._read_mem_bio(bio) @utils.register_interface(RSAPublicKeyWithNumbers) |