diff options
6 files changed, 52 insertions, 1 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index d1d18a10..b59b2391 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -473,6 +473,11 @@ class Backend(object): assert dsa_cdata != self._ffi.NULL dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free) return _DSAPrivateKey(self, dsa_cdata) + elif type == self._lib.EVP_PKEY_EC: + ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey) + assert ec_cdata != self._ffi.NULL + ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) + return _EllipticCurvePrivateKey(self, ec_cdata, None) else: raise UnsupportedAlgorithm("Unsupported key type.") diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 84b69fdc..7a953d9b 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -76,7 +76,7 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END be ``None`` if the private key is not encrypted. :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend` + :class:`~cryptography.hazmat.backends.interfaces.PEMSerializationBackend` provider. :returns: A new instance of a private key. diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 9333a6bd..4d32fba2 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -46,6 +46,29 @@ class TestPEMSerialization(object): if isinstance(key, interfaces.RSAPrivateKeyWithNumbers): _check_rsa_private_numbers(key.private_numbers()) + def test_load_pem_ec_private_key_unencrypted(self, backend): + key = load_vectors_from_file( + os.path.join( + "asymmetric", "PEM_Serialization", "ec_private_key.pem"), + lambda pemfile: load_pem_private_key( + pemfile.read().encode(), None, backend + ) + ) + + assert key + assert isinstance(key, interfaces.EllipticCurvePrivateKey) + + def test_load_pem_ec_private_key_encrypted(self, backend): + key = load_vectors_from_file( + os.path.join( + "asymmetric", "PEM_Serialization", "ec_private_key_encrypted.pem"), + lambda pemfile: load_pem_private_key( + pemfile.read().encode(), b"123456", backend + ) + ) + + assert key + assert isinstance(key, interfaces.EllipticCurvePrivateKey) @pytest.mark.traditional_openssl_serialization class TestTraditionalOpenSSLSerialization(object): diff --git a/vectors/cryptography_vectors/asymmetric/PEM_Serialization/README.txt b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/README.txt new file mode 100644 index 00000000..f48833c7 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/README.txt @@ -0,0 +1,7 @@ +Example test files for PEM Serialization Backend tests + +Contains + +1. ec_private_key.pem - Contains an Elliptic Curve key generated using OpenSSL, from the curve secp256k1. +2. ec_private_key_encrypted.pem - Contains the same Elliptic Curve key as ec_private_key.pem, except that + it is encrypted with AES-256 with the password "123456".
\ No newline at end of file diff --git a/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key.pem b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key.pem new file mode 100644 index 00000000..6544ab05 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQACg== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHQCAQEEID5KKJYoOFVI+B9/BAynBUSl+lXgGOLdxd2b+JprRaL7oAcGBSuBBAAK +oUQDQgAE44pVr9HTSgw9lPJiZ+yHW2vxdT7vvhMEKuCf+e1/Rvgl/IcPHPKD7GvU +NhlwDsAVf6//ji7c4VzFpRwfXoRQGg== +-----END EC PRIVATE KEY----- diff --git a/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key_encrypted.pem b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key_encrypted.pem new file mode 100644 index 00000000..a971f47a --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key_encrypted.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,49858E10DCF0F870F0D3AC4F3B6B09A7 + +aTLUOmFF8IJyy3hABHPVapdAmJXrG8YCyXZw48Es801ie/CsX/9YsPoUKNqkT0WK +PcyA60ZrCGi9y3eCgfEyBWFZAmDtHnSqk/q8/jvf+GAIvu+u4+j9Ium8cDhMZYwK +7tBYqBCyxItmEIeAZqkZv6/4QbQ5E9xVK0dd2GGxtAo= +-----END EC PRIVATE KEY----- |