aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/hazmat/backends/openssl/backend.py6
-rw-r--r--docs/hazmat/primitives/asymmetric/serialization.rst2
-rw-r--r--tests/hazmat/primitives/test_serialization.py44
-rw-r--r--vectors/cryptography_vectors/asymmetric/PEM_Serialization/README.txt7
-rw-r--r--vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key.pem8
-rw-r--r--vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key_encrypted.pem8
-rw-r--r--vectors/cryptography_vectors/asymmetric/PKCS8/ec_private_key.pem5
-rw-r--r--vectors/cryptography_vectors/asymmetric/PKCS8/ec_private_key_encrypted.pem6
8 files changed, 85 insertions, 1 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index d1d18a10..7e619a10 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -473,6 +473,12 @@ class Backend(object):
assert dsa_cdata != self._ffi.NULL
dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free)
return _DSAPrivateKey(self, dsa_cdata)
+ elif self._lib.Cryptography_HAS_EC == 1 \
+ and type == self._lib.EVP_PKEY_EC:
+ ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
+ assert ec_cdata != self._ffi.NULL
+ ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
+ return _EllipticCurvePrivateKey(self, ec_cdata, None)
else:
raise UnsupportedAlgorithm("Unsupported key type.")
diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst
index 84b69fdc..7a953d9b 100644
--- a/docs/hazmat/primitives/asymmetric/serialization.rst
+++ b/docs/hazmat/primitives/asymmetric/serialization.rst
@@ -76,7 +76,7 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END
be ``None`` if the private key is not encrypted.
:param backend: A
- :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend`
+ :class:`~cryptography.hazmat.backends.interfaces.PEMSerializationBackend`
provider.
:returns: A new instance of a private key.
diff --git a/tests/hazmat/primitives/test_serialization.py b/tests/hazmat/primitives/test_serialization.py
index 9333a6bd..7c912a92 100644
--- a/tests/hazmat/primitives/test_serialization.py
+++ b/tests/hazmat/primitives/test_serialization.py
@@ -21,11 +21,14 @@ import pytest
from cryptography.exceptions import _Reasons
from cryptography.hazmat.primitives import interfaces
+from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.serialization import (
load_pem_pkcs8_private_key, load_pem_private_key,
load_pem_traditional_openssl_private_key
)
+
+from .test_ec import _skip_curve_unsupported
from .utils import _check_rsa_private_numbers, load_vectors_from_file
from ...utils import raises_unsupported_algorithm
@@ -46,6 +49,27 @@ class TestPEMSerialization(object):
if isinstance(key, interfaces.RSAPrivateKeyWithNumbers):
_check_rsa_private_numbers(key.private_numbers())
+ @pytest.mark.parametrize(
+ ("key_file", "password"),
+ [
+ ("ec_private_key.pem", None),
+ ("ec_private_key_encrypted.pem", b"123456"),
+ ]
+ )
+ @pytest.mark.elliptic
+ def test_load_pem_ec_private_key(self, key_file, password, backend):
+ _skip_curve_unsupported(backend, ec.SECP256R1())
+ key = load_vectors_from_file(
+ os.path.join(
+ "asymmetric", "PEM_Serialization", key_file),
+ lambda pemfile: load_pem_private_key(
+ pemfile.read().encode(), password, backend
+ )
+ )
+
+ assert key
+ assert isinstance(key, interfaces.EllipticCurvePrivateKey)
+
@pytest.mark.traditional_openssl_serialization
class TestTraditionalOpenSSLSerialization(object):
@@ -303,6 +327,26 @@ class TestPKCS8Serialization(object):
if isinstance(key, interfaces.RSAPrivateKeyWithNumbers):
_check_rsa_private_numbers(key.private_numbers())
+ @pytest.mark.parametrize(
+ ("key_file", "password"),
+ [
+ ("ec_private_key.pem", None),
+ ("ec_private_key_encrypted.pem", b"123456"),
+ ]
+ )
+ @pytest.mark.elliptic
+ def test_load_pem_ec_private_key(self, key_file, password, backend):
+ _skip_curve_unsupported(backend, ec.SECP256R1())
+ key = load_vectors_from_file(
+ os.path.join(
+ "asymmetric", "PKCS8", key_file),
+ lambda pemfile: load_pem_pkcs8_private_key(
+ pemfile.read().encode(), password, backend
+ )
+ )
+ assert key
+ assert isinstance(key, interfaces.EllipticCurvePrivateKey)
+
def test_unused_password(self, backend):
key_file = os.path.join(
"asymmetric", "PKCS8", "unencpkcs8.pem")
diff --git a/vectors/cryptography_vectors/asymmetric/PEM_Serialization/README.txt b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/README.txt
new file mode 100644
index 00000000..97879f5c
--- /dev/null
+++ b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/README.txt
@@ -0,0 +1,7 @@
+Example test files for PEM Serialization Backend tests
+
+Contains
+
+1. ec_private_key.pem - Contains an Elliptic Curve key generated using OpenSSL, from the curve secp256r1.
+2. ec_private_key_encrypted.pem - Contains the same Elliptic Curve key as ec_private_key.pem, except that
+ it is encrypted with AES-256 with the password "123456". \ No newline at end of file
diff --git a/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key.pem b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key.pem
new file mode 100644
index 00000000..4ea43082
--- /dev/null
+++ b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIGIq02UsfuTvGOrZRnJGulum7SYqHHa3aJX3LpEqExJPoAoGCCqGSM49
+AwEHoUQDQgAEJLzzbuz2tRnLFlOL+6bTX6giVavAsc6NDFFT0IMCd2ibTTNUDDkF
+Gsgq0cH5JYPg/6xUlMBFKrWYe3yQ4has9w==
+-----END EC PRIVATE KEY-----
diff --git a/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key_encrypted.pem b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key_encrypted.pem
new file mode 100644
index 00000000..d04cd665
--- /dev/null
+++ b/vectors/cryptography_vectors/asymmetric/PEM_Serialization/ec_private_key_encrypted.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,DF9D9E8C48BDB6A878E63D99E12D4996
+
+wwTwrkAsOWBrk7LeiR3m3yWeqaBQIEmywfgLZjuOte/HKxH8QHs/Enw896zE03aw
+xb6sFXpCM8Q1L0rIlT7xoaNxXxA8WmIyiXIyX+JkY+3zm1iEzoP5xbU2q/Y3c4wb
+wNSmiY094Jf0+EO/i/G/9zLYUlJDRVQ5fkIGazDwPMc=
+-----END EC PRIVATE KEY-----
diff --git a/vectors/cryptography_vectors/asymmetric/PKCS8/ec_private_key.pem b/vectors/cryptography_vectors/asymmetric/PKCS8/ec_private_key.pem
new file mode 100644
index 00000000..3a625b6b
--- /dev/null
+++ b/vectors/cryptography_vectors/asymmetric/PKCS8/ec_private_key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgYirTZSx+5O8Y6tlG
+cka6W6btJiocdrdolfcukSoTEk+hRANCAAQkvPNu7Pa1GcsWU4v7ptNfqCJVq8Cx
+zo0MUVPQgwJ3aJtNM1QMOQUayCrRwfklg+D/rFSUwEUqtZh7fJDiFqz3
+-----END PRIVATE KEY-----
diff --git a/vectors/cryptography_vectors/asymmetric/PKCS8/ec_private_key_encrypted.pem b/vectors/cryptography_vectors/asymmetric/PKCS8/ec_private_key_encrypted.pem
new file mode 100644
index 00000000..7c35200f
--- /dev/null
+++ b/vectors/cryptography_vectors/asymmetric/PKCS8/ec_private_key_encrypted.pem
@@ -0,0 +1,6 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIGwMBsGCSqGSIb3DQEFAzAOBAh618AJwpxyvQICCAAEgZBhr8rmqfqMHmPh/Gjo
+S1VgD8sZUG3oILVzmuSb/k4uvynfctSG/ajwkacMF9UR6PvbTHjJUqX9RXHF6hug
+r08T/tXDaHhdNkj0TzW+ZZD1Ky6+saBkMZr9C0XDdsHDEEtRkYAb9xtWj+Z1iars
+C/xyREp46ZyeinO4Vy8BJXxCwMaSa/6HtogSb9eWWXKk0uA=
+-----END ENCRYPTED PRIVATE KEY-----
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 20:16:19 +0000