diff options
| author | unknown <mrh2@MRH2W7D.uk.cambridgeconsultants.com> | 2014-09-11 18:27:56 +0100 |
|---|---|---|
| committer | unknown <mrh2@MRH2W7D.uk.cambridgeconsultants.com> | 2014-09-11 18:27:56 +0100 |
| commit | 04e783f5610d3983bb3cbdf82720d17a97c779a7 (patch) | |
| tree | 3e34507f87081a5e9cc06f2c1229f2f0858f822d | |
| parent | b8599c085d3e295f460f0117f7df9288a4841d7f (diff) | |
| download | cryptography-04e783f5610d3983bb3cbdf82720d17a97c779a7.tar.gz cryptography-04e783f5610d3983bb3cbdf82720d17a97c779a7.tar.bz2 cryptography-04e783f5610d3983bb3cbdf82720d17a97c779a7.zip | |
Implemented support for loading EC private keys
Loads Elliptic Curve private keys from .PEM files, whether encrypted or
unencrypted, given that the encryption method is supported. Also included
changes to the test files and documentation for said method.
6 files changed, 52 insertions, 1 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index d1d18a10..b59b2391 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -473,6 +473,11 @@ class Backend(object): assert dsa_cdata != self._ffi.NULL dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free) return _DSAPrivateKey(self, dsa_cdata) + elif type == self._lib.EVP_PKEY_EC: + ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey) + assert ec_cdata != self._ffi.NULL + ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) + return _EllipticCurvePrivateKey(self, ec_cdata, None) else: raise UnsupportedAlgorithm("Unsupported key type.") diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 84b69fdc..7a953d9b 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -76,7 +76,7 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END be ``None`` if the private key is not encrypted. :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend` + :class:`~cryptography.hazmat.backends.interfaces.PEMSerializationBackend` provider. :returns: A new instance of a private key. diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py index 9333a6bd..4d32fba2 100644 --- a/tests/hazmat/primitives/test_serialization.py +++ b/tests/hazmat/primitives/test_serialization.py @@ -46,6 +46,29 @@ class TestPEMSerialization(object): if isinstance(key, interfaces.RSAPrivateKeyWithNumbers): _check_rsa_private_numbers(key.private_numbers()) + def test_load_pem_ec_private_key_unencrypted(self, backend): + key = load_vectors_from_file( + os.path.join( + "asymmetric", "PEM_Serialization", "ec_private_key.pem"), + lambda pemfile: load_pem_private_key( + pemfile.read().encode(), None, backend + ) + ) + + assert key + assert isinstance(key, interfaces.EllipticCurvePrivateKey) + + def test_load_pem_ec_private_key_encrypted(self, backend): + key = load_vectors_from_file( + os.path.join( + "asymmetric", "PEM_Serialization", "ec_private_key_encrypted.pem"), + lambda pemfile: load_pem_private_key( + pemfile.read().encode(), b"123456", backend + ) + ) + + assert key + assert isinstance(key, interfaces.EllipticCurvePrivateKey) @pytest.mark.traditional_openssl_serialization class TestTraditionalOpenSSLSerialization(object): diff --git a/vectors/cryptography_vectors/asymmetric/PEM_Serialization/README.txt b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/README.txt new file mode 100644 index 00000000..f48833c7 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/README.txt @@ -0,0 +1,7 @@ +Example test files for PEM Serialization Backend tests + +Contains + +1. ec_private_key.pem - Contains an Elliptic Curve key generated using OpenSSL, from the curve secp256k1. +2. ec_private_key_encrypted.pem - Contains the same Elliptic Curve key as ec_private_key.pem, except that + it is encrypted with AES-256 with the password "123456".
\ No newline at end of file diff --git a/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key.pem b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key.pem new file mode 100644 index 00000000..6544ab05 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQACg== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHQCAQEEID5KKJYoOFVI+B9/BAynBUSl+lXgGOLdxd2b+JprRaL7oAcGBSuBBAAK +oUQDQgAE44pVr9HTSgw9lPJiZ+yHW2vxdT7vvhMEKuCf+e1/Rvgl/IcPHPKD7GvU +NhlwDsAVf6//ji7c4VzFpRwfXoRQGg== +-----END EC PRIVATE KEY----- diff --git a/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key_encrypted.pem b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key_encrypted.pem new file mode 100644 index 00000000..a971f47a --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key_encrypted.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,49858E10DCF0F870F0D3AC4F3B6B09A7 + +aTLUOmFF8IJyy3hABHPVapdAmJXrG8YCyXZw48Es801ie/CsX/9YsPoUKNqkT0WK +PcyA60ZrCGi9y3eCgfEyBWFZAmDtHnSqk/q8/jvf+GAIvu+u4+j9Ium8cDhMZYwK +7tBYqBCyxItmEIeAZqkZv6/4QbQ5E9xVK0dd2GGxtAo= +-----END EC PRIVATE KEY----- |