diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2019-01-12 21:18:21 -0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2019-01-13 00:18:21 -0500 |
commit | dbcbffa06c9930a687010ca816596ca3f5cc78e9 (patch) | |
tree | 27f88222ed222e45784f4c1e6ea0b8d6b9f9d07b /src/cryptography/hazmat/backends/openssl/x448.py | |
parent | 9b198104db8b53178212b5849919b6a61ca794ab (diff) | |
download | cryptography-dbcbffa06c9930a687010ca816596ca3f5cc78e9.tar.gz cryptography-dbcbffa06c9930a687010ca816596ca3f5cc78e9.tar.bz2 cryptography-dbcbffa06c9930a687010ca816596ca3f5cc78e9.zip |
support x448 public/private serialization both raw and pkcs8 (#4653)
* support x448 public/private serialization both raw and pkcs8
* add tests for all other asym key types to prevent Raw
* more tests
* better tests
* fix a test
* funny story, I'm actually illiterate.
* pep8
* require PrivateFormat.Raw or PublicFormat.Raw with Encoding.Raw
* missing docs
* parametrize
* docs fixes
* remove dupe line
* assert something
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/x448.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/x448.py | 73 |
1 files changed, 72 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x448.py b/src/cryptography/hazmat/backends/openssl/x448.py index a10aa821..3792fd79 100644 --- a/src/cryptography/hazmat/backends/openssl/x448.py +++ b/src/cryptography/hazmat/backends/openssl/x448.py @@ -6,11 +6,15 @@ from __future__ import absolute_import, division, print_function from cryptography import utils from cryptography.hazmat.backends.openssl.utils import _evp_pkey_derive +from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric.x448 import ( X448PrivateKey, X448PublicKey ) _X448_KEY_SIZE = 56 +_PEM_DER = ( + serialization.Encoding.PEM, serialization.Encoding.DER +) @utils.register_interface(X448PublicKey) @@ -19,7 +23,35 @@ class _X448PublicKey(object): self._backend = backend self._evp_pkey = evp_pkey - def public_bytes(self): + def public_bytes(self, encoding, format): + if ( + encoding is serialization.Encoding.Raw or + format is serialization.PublicFormat.Raw + ): + if ( + encoding is not serialization.Encoding.Raw or + format is not serialization.PublicFormat.Raw + ): + raise ValueError( + "When using Raw both encoding and format must be Raw" + ) + + return self._raw_public_bytes() + + if ( + encoding in _PEM_DER and + format is not serialization.PublicFormat.SubjectPublicKeyInfo + ): + raise ValueError( + "format must be SubjectPublicKeyInfo when encoding is PEM or " + "DER" + ) + + return self._backend._public_key_bytes( + encoding, format, self, self._evp_pkey, None + ) + + def _raw_public_bytes(self): buf = self._backend._ffi.new("unsigned char []", _X448_KEY_SIZE) buflen = self._backend._ffi.new("size_t *", _X448_KEY_SIZE) res = self._backend._lib.EVP_PKEY_get_raw_public_key( @@ -53,3 +85,42 @@ class _X448PrivateKey(object): return _evp_pkey_derive( self._backend, self._evp_pkey, peer_public_key ) + + def private_bytes(self, encoding, format, encryption_algorithm): + if ( + encoding is serialization.Encoding.Raw or + format is serialization.PublicFormat.Raw + ): + if ( + format is not serialization.PrivateFormat.Raw or + encoding is not serialization.Encoding.Raw or not + isinstance(encryption_algorithm, serialization.NoEncryption) + ): + raise ValueError( + "When using Raw both encoding and format must be Raw " + "and encryption_algorithm must be NoEncryption" + ) + + return self._raw_private_bytes() + + if ( + encoding in _PEM_DER and + format is not serialization.PrivateFormat.PKCS8 + ): + raise ValueError( + "format must be PKCS8 when encoding is PEM or DER" + ) + + return self._backend._private_key_bytes( + encoding, format, encryption_algorithm, self._evp_pkey, None + ) + + def _raw_private_bytes(self): + buf = self._backend._ffi.new("unsigned char []", _X448_KEY_SIZE) + buflen = self._backend._ffi.new("size_t *", _X448_KEY_SIZE) + res = self._backend._lib.EVP_PKEY_get_raw_private_key( + self._evp_pkey, buf, buflen + ) + self._backend.openssl_assert(res == 1) + self._backend.openssl_assert(buflen[0] == _X448_KEY_SIZE) + return self._backend._ffi.buffer(buf, _X448_KEY_SIZE)[:] |